Internet enhanced service

This chapter provides information about Internet enhanced service (IES), used to provide IP routing services; that is, direct forwarding of IP traffic between CE devices, and also to facilitate the transport of in-band management datagrams of the 7705 SAR over ATM links.

Internet enhanced services can coexist with IES management SAP services on the same 7705 SAR node. IP over ATM is used exclusively for in-band management of the 7705 SAR. Up to two IPoATM SAPs can be bound to IES along with many other SAPs with other (non-ATM) supported SAP encapsulation types. Traffic from IPoATM SAPs is extracted to the CSM for further processing. Traffic received from other IES SAPs is forwarded as per the forwarding table (FIB).

Topics in this chapter include:

IES for in-band management

Topics in this section include:

In the HSDPA offload application (see HSDPA offload), the main uplink out of a typical cell site is over the ATM network using leased lines. Mission-critical traffic such as voice, signaling, and synchronization traffic is carried over the ATM network.

Internet enhanced service (IES) provides a reliable means of diverting the node management IP packets from the DSL IP network to the more reliable Layer 2 ATM network. To do this, IES provides an IP address and interworking function between the Layer 3 IP network and the Layer 2 ATM network. Without this capability, the in-band IP management traffic for the 7705 SAR could only be connected to an IP network.

IES can be used for in-band management of the 7705 SAR over the ATM network. IP over an ATM SAP bound to IES is for in-band management purposes only, and IP traffic from the ATM SAP is only extracted to the CSM; it is not forwarded.

IES management service is supported on the following cards for the 7705 SAR-8 Shelf V2 and 7705 SAR-18:

  • 16-port T1/E1 ASAP Adapter card

  • 32-port T1/E1 ASAP Adapter card

IES management service is also supported on the T1/E1 ports on the following:

  • 7705 SAR-M

  • 7705 SAR-A

  • 7705 SAR-X

  • 4-port T1/E1 and RS-232 Combination module

The service can be created on an ATM port or on an IMA group.

In the 7705 SAR, all traffic received over IES management SAPs is extracted directly to the control plane (CSM) in the same way as management traffic received over the CSM console port or Ethernet management port, or management traffic destined for the 7705 SAR over an Ethernet or MLPPP encapsulated network port. With IES management, the traffic transported is always IP packets. At the termination point of the ATM link, the IP packets are extracted to the CSM for further processing.

Setting up connections between the NSP NFM-P and the 7705 SAR

IP over ATM is used for in-band management of the 7705 SAR. This requires the use of IP addresses so that the packets can be routed through the network using a routing table to indicate the next hop. Because Apipe interfaces (SAPs) do not have IP addresses, Apipes cannot be used to carry the management traffic.

With IES, the ATM SAP can be used for the forwarding of management IP packets. To set up a connection, IES is enabled on an interface on the 7705 SAR and the IP address for the interface is defined. A PVCC connection is then set up between the 7705 SAR and the remote router (SR) attached to the network manager (NSP NFM-P).

The IP datagrams are encapsulated into AAL5 for transport over the ATM network.

At the remote SR end, the SAP is bound to a VPRN instance to ensure that LDP signaling to the system IP address of the 7705 SAR flows through the IP/GRE link and not over the ATM link. Within the VPRN, an IP address is assigned at the termination SAP. The IP datagram is extracted from the ATM cell at this termination point and is routed to the NSP NFM-P.

Alternatively, manually configured connections can be used instead of signaled pseudowires.

Note: The remote IP address must be manually configured and a static route must be set up between the two connections. This configuration is beyond the scope of this document; see the 7705 SAR Router Configuration Guide for information.

For redundancy, it is recommended that two VCs be configured per ATM port or IMA group. This requires the configuration of two static routes. ECMP must be enabled to allow duplicate routes in the routing table, and BFD can be enabled to trigger a faster handoff to the other route in case of route failure.

Encapsulation

To run IP traffic over ATM links, the system uses routed VC-mux encapsulation as specified in RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. Because the only supported Layer 3 protocol over the management VC is IP, the VC mux encapsulation method is implemented to reduce complexity and overhead; likewise, routing mode is preferred over bridged mode.

The maximum MTU size supported is 2048 bytes.

Layer 2 and Layer 3 traffic management

ATM traffic descriptors can be applied at the ingress (policing) and egress (shaping and service category scheduling and prioritization) of the IES SAP in order to provide traffic management functions at Layer 2.

Management IP traffic that is destined for the CSM is classified at Layer 3 and is forwarded into the fabric from one of three of the adapter card control queues:

  • high priority

  • low priority

  • FTP priority

The high-priority and low-priority queues are limited to 1 Mb/s and the FTP queue is rate-limited to 3 Mb/s ingress to the fabric toward the control plane.

Note: Correct configuration of the traffic descriptor profiles is essential for correct operation of the IES SAP. If no profile is assigned, the default UBR service category is assumed. All IES 7705 SAR traffic is scheduled; no shaping is supported in this mode. To ensure that IP traffic transported over the IES SAP is prioritized fairly, ATM layer traffic descriptors should be assigned. See IES management SAP commands in the IES command reference section for information.

Troubleshooting and fault detection services

The IES in-band management service supports ATM OAM F4 (VP level) and F5 (VC level) cell generation and termination. For more information about OAM, see the 7705 SAR OAM and Diagnostics Guide, ‟OAM and SAA”.

Bidirectional forwarding detection (BFD) can also be configured on the IES interface. BFD is a simple protocol for detecting failures in a network. BFD uses a ‟hello” mechanism that sends control messages periodically to the far end and receives periodic control messages from the far end. BFD is implemented for IGP and BGP protocols, including static routes, in asynchronous mode only, meaning that neither end responds to control messages; rather, the messages are sent in the time period configured at each end.

To support redundancy, ECMP must be enabled to allow duplicate routes in the routing table, and BFD must be enabled to trigger the handoff to the other route in case of failure.

Because of the lightweight nature of BFD, it can detect failures faster than other detection protocols, making it ideal for use in applications such as mobile transport.

If the configured number of consecutive missed BFD messages is reached, the route to the peer is declared not active.

Note: Layer 2 AIS/RDI cells that are received on the IES SAP disable the IP interface. Link failures detected by BFD also disable the IP interface.

IP ECMP load balancing

IP ECMP allows the configuration of load balancing across all IP interfaces at the system level or interface level on the network side. Layer 4 port attributes and the TEID attribute in the hashing algorithm can be configured with the l4-load-balancing and teid-load-balancing commands in the config>service>ies> interface context. Configuration of the l4-load-balancing command at the interface level overrides the system-level settings for the specific interface. The teid-load-balancing command can only be configured at the interface level.

The system IP address can be included in or excluded from the hashing algorithm with the system-level system-ip-load-balancing command.

For more information about IP ECMP, see the 7705 SAR Router Configuration Guide, ‟Static routes, dynamic routes, and ECMP”.

IES for customer traffic

Topics in this section include:

IES provides IP connectivity between customer access points. From the customer’s perspective, IES provides a direct IP connection and can be used for Internet connectivity, as shown in the following figure. The customer is assigned an IP interface and a SAP is associated with the IP interface to designate a customer access point to the service—one SAP per interface. SAPs can be MC-MLPPP, PPP/MLPPP, LAG, or null/dot1q/qinq Ethernet. SDPs are not required, because traffic is routed instead of being encapsulated in a tunnel.

Figure 1. IES for customer access to the Internet

IES is supported on the following:

  • the 16-port T1/E1 ASAP Adapter card

  • the 32-port T1/E1 ASAP Adapter card

  • the Packet Microwave Adapter card

  • any V.35 port on the 12-port Serial Data Interface card, version 3 with speed set to 64 kb/s, 2048 kb/s, or any value from 128 kb/s to 1920 kb/s (every 128 kb/s)

  • any T1/E1 port on the 7705 SAR-M

  • any T1/E1 port on the 7705 SAR-A

  • any T1/E1 port on the 4-port T1/E1 and RS-232 Combination module

  • any port on the 6-port Ethernet 10Gbps Adapter card

  • any port on the 8-port Gigabit Ethernet Adapter card

  • any port on the 10-port 1GigE/1-port 10GigE X-Adapter card (10-port 1GigE mode)

  • any port on the 4-port SAR-H Fast Ethernet module

  • any port on the 6-port SAR-M Ethernet module

  • any Ethernet port on the 7705 SAR-M

  • any Ethernet port on the 7705 SAR-A

  • any Ethernet port on the 7705 SAR-Ax

  • any Ethernet port on the 7705 SAR-Wx

  • any Ethernet port on the 7705 SAR-H

  • any Ethernet port on the 7705 SAR-Hc

  • any Ethernet port on the 7705 SAR-X

Ports must be in access mode.

The encapsulation type for Ethernet ports must be null, dot1q, or qinq.

IES IPv6 SAPs are supported on the following cards, modules, and ports:

  • the 6-port Ethernet 10Gbps Adapter card

  • the 8-port Gigabit Ethernet Adapter card

  • the 10-port 1GigE/1-port 10GigE X-Adapter card (10-port 1GigE mode)

  • the Packet Microwave Adapter card

  • the 4-port SAR-H Fast Ethernet module

  • the 6-port SAR-M Ethernet module

  • any Ethernet port on the 7705 SAR-M

  • any Ethernet port on the 7705 SAR-A

  • any Ethernet port of the 7705 SAR-Ax

  • any Ethernet port on the 7705 SAR-Wx

  • the 7705 SAR-H

  • any Ethernet port on the 7705 SAR-Hc

  • any Ethernet port of the 7705 SAR-X

For more information about IPv6 addressing, see the 7705 SAR Router Configuration Guide, ‟Internet protocol versions”.

More than one Internet enhanced service can be created for a single customer ID, and more than one IP interface can be created within a single IES. All IP interfaces created within an IES belong to the same customer.

The service provider applies billing, ingress/egress shaping and policing to the customer.

Note:
  • Internet enhanced services require that the fabric mode be set to aggregate mode instead of per-destination mode. IES is only supported with aggregate-mode fabric profiles. If the fabric mode is set to per-destination mode, creation of the Internet enhanced service is blocked through the CLI. The fabric mode must be changed to aggregate mode before IES can be configured. As well, if IES is configured, alteration of the fabric mode is blocked.

  • For information about configuring fabric mode, see the 7705 SAR Quality of Service Guide, ‟Configurable ingress shaping to fabric (access and network)”.

DHCP relay and DHCPv6 relay

The 7705 SAR provides DHCP/BOOTP relay agent services and DHCPv6 relay agent services for DHCP clients. DHCP is used for IPv4 network addresses and DHCPv6 is used for IPv6 network addresses. Both DHCP and DHCPv6 are known as stateful protocols because they use dedicated servers to maintain parameter information.

Unless stated otherwise, DHCP is equivalent to ‟DHCP for IPv4” or DHCPv4.

In the stateful autoconfiguration model, hosts obtain interface addresses or configuration information and parameters from a server. The server maintains a database that keeps track of which addresses have been assigned to which hosts.

The 7705 SAR supports DHCP relay on access IP interfaces associated with IES and VPRN and on network interfaces. Each DHCP instance supports up to eight DHCP servers.

The 7705 SAR supports DHCPv6 relay on access IP interfaces associated with IES and VPRN. Each DHCPv6 instance supports up to eight DHCPv6 servers.

Note:
  • The 7705 SAR acts as a relay agent for DHCP and DHCPv6 requests and responses, and can also be configured to function as a DHCP or DHCPv6 server. DHCPv6 functionality is only supported on network interfaces and on access IP interfaces associated with VPRN.

  • When used as a CPE, the 7705 SAR can act as a DHCP client to learn the IP address of the network interface. Dynamic IP address allocation is supported on both network and system interfaces.

  • For more information about DHCP and DHCPv6, see the 7705 SAR Router Configuration Guide, ‟DHCP and DHCPv6”.

DHCP relay

The 7705 SAR provides DHCP/BOOTP relay agent services for DHCP clients. DHCP is a configuration protocol used to communicate network information and configuration parameters from a DHCP server to a DHCP-aware client. DHCP is based on the BOOTP protocol, with additional configuration options and the added capability of allocating dynamic network addresses. DHCP-capable devices are also capable of handling BOOTP messages.

A DHCP client is an IP-capable device (typically a computer or base station) that uses DHCP to obtain configuration parameters such as a network address. A DHCP server is an Internet host or router that returns configuration parameters to DHCP clients. A DHCP/BOOTP relay agent is a host or router that passes DHCP messages between clients and servers.

Home computers in a residential high-speed Internet application typically use the DHCP protocol to have their IP address assigned by their Internet service provider.

The DHCP protocol requires the client to transmit a request packet with a destination broadcast address of 255.255.255.255 that is processed by the DHCP server. Because IP routers do not forward broadcast packets, this would suggest that the DHCP client and server must reside on the same network segment. However, for various reasons, it is sometimes impractical to have the server and client reside in the same IP network. When the 7705 SAR is acting as a DHCP relay agent, it processes these DHCP broadcast packets and relays them to a preconfigured DHCP server. Therefore, DHCP clients and servers do not need to reside on the same network segment.

DHCP OFFER messages are not dropped if they contain a yiaddr that does not match the local configured subnets on the DHCP relay interface. This applies only to regular IES and VPRN interfaces with no lease-populate configured on the DHCP relay interface.

DHCP options

DHCP options are codes that the 7705 SAR inserts in packets being forwarded from a DHCP client to a DHCP server. Some options have more information stored in suboptions.

The 7705 SAR supports the Relay Agent Information Option 82 as specified in RFC 3046. The following suboptions are supported:

  • circuit ID

  • remote ID

  • vendor-specific options

DHCPv6 relay

DHCPv6 relay operation is similar to DHCP in that servers send configuration parameters such as IPv6 network addresses to IPv6 nodes, but DHCPv6 relay is not based on the DHCP or BOOTP protocol. DHCPv6 can be used instead of stateless autoconfiguration (see the 7705 SAR Router Configuration Guide, ‟Neighbor discovery”) or in conjunction with it.

DHCPv6 is also oriented around IPv6 methods of addressing, especially the use of reserved, link-local scoped multicast addresses. DHCPv6 clients transmit messages to these reserved addresses, allowing messages to be sent without the client knowing the address of any DHCP server. This transmission allows efficient communication even before a client has been assigned an IP address. When a client has an address and knows the identity of a server, it can communicate with the server directly using unicast addressing.

The DHCPv6 protocol requires the client to transmit a request packet with a destination multicast address of ff02::1:2 (all DHCP servers and relay agents on the local network segment) that is processed by the DHCP server.

Similar to DHCP address allocation, if a client needs to obtain an IPv6 address and other configuration parameters, it sends a Solicit message to locate a DHCPv6 server, then requests an address assignment and other configuration information from the server. Any server that can meet the client’s requirements responds with an Advertise message. The client chooses one of the servers and sends a Request message, and the server sends back a Reply message with the confirmed IPv6 address and configuration information.

If the client already has an IPv6 address, either assigned manually or obtained in some other way, it only needs to obtain configuration information. In this case, exchanges are done using a two-message process. The client sends an Information Request message, requesting only configuration information. A DHCPv6 server that has configuration information for the client sends back a Reply message with the information.

The 7705 SAR supports the DHCPv6 relay agent option in the same way that it supports the DHCP relay agent option. This means that when the 7705 SAR is acting as a DHCPv6 relay agent, it relays messages between clients and servers that are not connected to the same link.

DHCPv6 options

DHCPv6 options are codes that the 7705 SAR inserts in packets being forwarded from a DHCPv6 client to a DHCPv6 server. DHCPv6 supports interface ID and remote ID options as defined in RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPV6) and RFC 4649, DHCPv6 Relay Agent Remote-ID Option.

IPCP

Similar to DHCP over Ethernet interfaces, Internet protocol control protocol (IPCP) extensions to push IP information over PPP/MLPPP IES SAPs are supported. Within this protocol, extensions can be configured to define the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface. The IPCP-based IP and DNS assignment process is similar to DHCP behavior; IPCP-based IP/DNS assignment uses PPP/MLPPP IP layer protocol handshake procedures. PPP/MLPPP connected devices hooked up to IES can benefit from this feature for the assignment of IP and DNS to the associated interface.

IPSec support

The 7705 SAR supports IPSec and IPSec tunnels, where IES or VPRN is used as a public (untrusted) network-facing service and VPRN is used as a private (trusted) network-facing service. IES interfaces support the provisioning of tunnel SAPs as part of IPSec provisioning. The sap-id for a public-side IPSec tunnel SAP is tunnel-1.public:tag.

For more information, see the IPSec chapter in this guide.

Security zones and IES

The 7705 SAR supports a number of mechanisms for node security, including access control lists (ACLs), network address translation (NAT), and stateful, zone-based firewalls. For information about ACLs, NAT, and firewalls, see the 7705 SAR Router Configuration Guide, ‟Configuring security parameters”.

To enable NAT or firewall functionality for IES, security policy and profile parameters must be configured under the config>security context in the CLI, and a security zone must be configured under the config>service>ies>zone context.

A zone is created by adding at least one Layer 2 endpoint or Layer 3 interface to the zone configuration. The following table lists the supported interfaces and endpoints that can be added to zones under IES NAT or firewall.

Table 1. Security zone interfaces and endpoints for IES

CLI context

Interface/endpoint type

NAT

Firewall

IES

SAP

Spoke-SDP termination

IPSec public

Routed VPLS

Proxy ARP

Proxy ARP is supported on IES interfaces.

Proxy ARP is a technique by which a router on one network responds to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.

For more information about proxy ARP, see the 7705 SAR Router Configuration Guide, ‟Proxy ARP”.

Configurable ARP retry timer

A timer is available to configure a shorter retry interval when an ARP request fails. An ARP request may fail for a number of reasons, such as network connectivity issues. By default, the 7705 SAR waits 5000 ms before retrying an ARP request. The configurable retry timer makes it possible to shorten the retry interval to between 100 and 30 000 ms.

Note: The ARP retry default value of 5000 ms is intended to protect CPU cycles on the 7705 SAR, especially when it has a large number of interfaces. Configuring the ARP retry timer to a value shorter than the default should be done only on mission-critical links, such as uplinks or aggregate spoke SDPs transporting mobile traffic; otherwise, the retry interval should be left at the default value.

The configurable ARP retry timer is supported on VPRN and IES service interfaces, as well on the router interface.

Unnumbered interfaces

Unnumbered interfaces are supported on IES and VPRN services for IPv4. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.

This feature is supported via both dynamic and static ARP for unnumbered interfaces to allow interworking with unnumbered interfaces that may not support dynamic ARP.

The use of unnumbered interfaces has no effect on IPv6 routes; however, the unnumbered command must only be used in cases where IPv4 is active (IPv4 only and mixed IPv4/IPv6 environments). When using an unnumbered interface for IPv4, the loopback address used for the unnumbered interface must have an IPv4 address. The interface type for the unnumbered interface is automatically point-to-point.

Troubleshooting and fault detection services

Bidirectional forwarding detection (BFD) can be configured on the IES interface. BFD is a simple protocol for detecting failures in a network. BFD uses a ‟hello” mechanism that sends control messages periodically to the far end and expects to receive periodic control messages from the far end. On the 7705 SAR, BFD is implemented for IGP and BGP protocols, including static routes, in asynchronous mode only, meaning that neither end responds to control messages; rather, the messages are sent periodically from each end.

To support redundancy with fast switchover, BFD must be enabled to trigger the handoff to the other route in case of failure.

Because of the lightweight nature of BFD, it can detect failures faster than other detection protocols, making it ideal for use in applications such as mobile transport.

If BFD packets are not received in the configured amount of time, the associated route is declared ‟not active”, causing a reroute to an alternative path, if any.

Note: Link failures detected by BFD disable the IP interface.

The 7705 SAR also supports Internet Control Message Protocol (ICMP and ICMPv6). ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing. For more information about ICMP and ICMPv6, see the 7705 SAR Router Configuration Guide, ‟ICMP and ICMPv6”.

VRRP on IES interfaces

VRRP can be implemented on IES service interfaces to participate as part of a virtual router instance. This implementation prevents a single point of failure by ensuring access to the gateway address, which is configured on all IES service interfaces in the VRRP. VRRPv3 can also be implemented on IES service interfaces, including r-VPLS interfaces for IES.

The 7705 SAR supports VRRPv3 for IPv4 and IPv6 as described in RFC 5798. Within a VRRP router, the virtual routers in each of the IPv4 and IPv6 address families are in separate domains and do not overlap.

Note:
  • VRRPv3 for IPv6 is not supported on a Layer 3 spoke-SDP termination.

  • VRRP is not supported on an IPSec public interface.

For information about VRRP and VRRP IES service interface parameters, as well as the configuration parameters of VRRP policies, see the ‟VRRP” section in the 7705 SAR Router Configuration Guide. CLI command descriptions for VRRP policies are also specified in the 7705 SAR Router Configuration Guide.

For CLI command descriptions related to IES service interfaces, see IES command reference.

SAPs

Encapsulations

The following SAP encapsulations are supported on the 7705 SAR Internet enhanced service:

  • Ethernet null

  • Ethernet dot1q

  • Ethernet qinq

  • PPP/MLPPP/MC-MLPPP

Routing protocols

IES supports static routes on customer IP interfaces (that is, SAPs). These routes are redistributed into the global routing table of the 7705 SAR.

OSPFv2, RIP, and PIM routing protocols are supported on IES SAPs (that is, access IP interfaces). IES SAPs on V.35 ports on the 12-port Serial Data Interface card, version 3, support only OSPFv2 and static routing protocols.

The SAP for the IES IP interface is created at the IES service level, but the routing protocol for the IES IP interface is configured at the routing protocol level for the main router instance in the global context.

See the chapters on ‟OSPF” and ‟RIP” in the 7705 SAR Routing Protocols Guide for information about configuring these routing protocols.

IPv4 in IES supports PIM-SM and PIM-SSM. IPv6 in IES supports PIM-SSM. See the ‟IP multicast” chapter in the 7705 SAR Routing Protocols Guide for information about configuring these routing protocols.

QoS policies

When applied to an Internet enhanced service SAP, service ingress QoS policies only create the unicast queues defined in the policy.

Service egress QoS policies function in the same way as Ethernet and IP pseudowire services, where class-based queues are created based on the QoS policy. Multiple queues are supported. See the 7705 SAR Quality of Service Guide, ‟Creating a service egress QoS policy”.

Both Layer 2 and Layer 3 match criteria can be used in the QoS policies for traffic classification in an IES.

QinQ (IES)

IES supports QinQ functionality. For details, see QinQ support.

IP filter policies on an IES SAP

IPv4 filter policies can be applied to ingress IES management SAPs.

IPv4 and IPv6 filter policies can be applied to both ingress and egress IES SAPs (null, dot1q, or qinq interfaces).

Configuration and assignment of IP filter policies is similar for all services. See the 7705 SAR Router Configuration Guide, ‟Filter policies”, for information about configuring IP filters.

Spoke-SDP termination to IES

This feature enables a customer to exchange traffic between a VLL or VPLS (Layer 2) service and an IES or VPRN (Layer 3) service. Customer premises traffic coming in from a VLL or VPLS service (SAP to spoke SDP) is forwarded over the IP/MPLS network to the IES or VPRN service, and vice versa. Network QoS policies can be applied to the spoke SDP to control traffic forwarding to the Layer 3 service.

In a Layer 3 spoke-SDP termination to an IES or VPRN service, where the destination IP address resides within the IES or VPRN network, CE device-generated ARP frames must be processed by the Layer 3 interface. When an ARP frame is received over the spoke SDP at the Layer 3 interface endpoint, the 7705 SAR responds to the ARP frame with its own MAC address. When an ARP request is received from the routed network and the ARP entry for the CE device that is connected to the spoke SDP is not known, the 7705 SAR initiates an ARP frame to resolve the MAC address of the next hop or CE device.

The following figure shows traffic terminating on a specific IES or VPRN service that is identified by the SDP ID and VC label present in the service packet.

Figure 2. SDP ID and VC label service identifiers (conceptual view of the service)

The following figure shows a spoke SDP terminating directly into an IES. In this case, a spoke SDP could be tied to an Epipe or a hierarchical VPLS service. There is no configuration required on the PE connected to the CE.

Figure 3. IES spoke-SDP termination

Ethernet spoke-SDP termination for IES is supported over the following network uplinks:

  • Ethernet network ports (null or dot1q encapsulation)

  • PPP/MLPPP network ports. For information about PPP/MLPPP ports, see the 7705 SAR Interface Configuration Guide, ‟Access, network, and hybrid ports”

  • POS ports

Spoke-SDP termination for IES supports the following:

  • Ethernet PW to VRF

  • interface shutdown based on PW standby signaling

  • spoke SDP ingress IP filtering with filter logging

  • label withdrawal for spoke SDPs terminated on IES

  • statistics collection

  • VCCV ping (type 2)

A spoke SDP on an IES interface can be connected to the following entities:

  • Epipe spoke SDP

  • Epipe spoke SDP redundancy with standby-signal-master enabled

  • IES interface

  • VPRN interface

  • VPLS spoke SDP

  • VPLS spoke SDP redundancy with suppress-standby-signaling disabled

The following figure shows an example of backhauling from a specific site that uses PW and IES on the 7705 SAR. An individual PW is configured on a per-CE device or a per-service basis. For routing services, this PW can be terminated to an IES at the 7750 SR end. This scenario offers per-service OAM and redundancy capabilities. Because there is no local communication on the remote 7705 SAR, traffic between any two devices connected to the 7705 SAR must traverse through the 7750 SR at the MTSO/CO.

Figure 4. Pseudowire-based backhaul (spoke-SDP termination at 7750 SR)

Hold up and hold down timers for IP interfaces

The 7705 SAR allows timers to be configured on an IES or VPRN IPv4 or IPv6 interface or on the base router to keep the IP interface in an operationally up or down state for a specified time beyond when it should be declared operationally up or down. The timers are configured at the IES service level using the config>service>ies>interface>hold-time>up/down commands. An init-only option enables the down delay to be applied only when the IP interface is first configured or after a system reboot. See VPRN services for information about how to configure the hold-time command on IES interfaces. See the 7705 SAR Router Configuration Guide for information about how to configure the hold-time command at the router level.

The configuration causes the system to delay sending notifications of any state change associated with the IP interface until the timer has expired.

Note: The up and down delay timers in the CLI are dynamic text fields; the fields are only displayed in the show router interface detail command output if they are configured. The field showing the time remaining is displayed only if the timer is actively counting down. If both up and down timers are configured, the field displayed depends on the current operational state of the interface. For example, if the interface is operationally down, the configured hold down time is displayed.

Common configuration tasks

The following list provides a brief overview of the tasks that must be performed to configure IES:

  • Associate the IES service with a customer ID.

  • Create an IP interface on the 7705 SAR.

  • Specify the IP address of the interface.

  • Define interface parameters.

  • Define SAP parameters.

  • For IES spoke SDP applications only – define spoke SDP parameters.

  • For IES applications only – configure VRRP (optional).

  • For IES management service only – manually configure the remote address of the far-end router to which the NSP NFM-P is connected (far-end router must be enabled for IES service).*

  • For IES management service only – create a static route to the remote router and to the NSP NFM-P.*

  • Enable the service.

Note: *Remote address and static route configuration is beyond the scope of this document. For information, see the 7705 SAR Router Configuration Guide.

Configuring IES components

This section provides configuration examples for components of the IES service. Each component includes some or all of the following: introductory information, CLI syntax, a specific CLI example, and an example of the CLI display output.

Topics in this section include:

Creating an IES service

Use the following CLI syntax to create an IES service.

CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
    description description-string
    interface ip-int-name [create]
    no shutdown
Example:
A:ALU-41>config>service# ies 5 customer 1 create
A:ALU-41>config>service>ies# description ‟IES for in-band management”
A:ALU-41>config>service>ies# interface ‟ATMoIP Management” create
A:ALU-41>config>service>ies# no shutdown
A:ALU-41>config>service>ies# 

The following example displays the IES service creation output.

A:ALU-41>config>service# info
-------------------------------------
...
        ies 5 customer 1 create
            description "IES for in-band management"
            interface ‟ATMoIP Management”
            no shutdown
        exit
...

Configuring IES interface parameters

Configure interface parameters for:

IES management service

Use the following CLI syntax to configure interface parameters for the IES management service.

CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id] 
    interface ip-int-name
        address if-ip-address
        bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
        description description-string
        ip-mtu octets
        no shutdown
Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# interface ‟ATMoIP Management” 
A:ALU-41>config>service>ies>if# address 10.1.1.1/8
A:ALU-41>config>service>ies>if# ip-mtu 1524
A:ALU-41>config>service>ies>if# no shutdown
A:ALU-41>config>service>ies>if#

The following example displays the IES interface creation output for the IES management service.

A:ALU-41>config>service>ies>if# info detail
-------------------------------------------
...
             no description
             address 10.1.1.1/8
             ip-mtu 1524
             no bfd
             exit
             no shutdown
...
-------------------------------------

IES service

Use the following CLI syntax to configure interface parameters for the IES service.

Note: The IES interface can be configured as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined, and a SAP cannot be defined on a loopback interface.
CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id] 
    interface ip-int-name
        address if-ip-address
        allow-directed-broadcasts
        arp-timeout
        bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
        description description-string
        dhcp
            description description-string
            option
                action {replace | drop | keep}
                circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
                remote-id [mac | string string]
                vendor-specific option
                    client-mac-address
                    sap-id
                    service-id
                    string text
                    system-id
                server server1 [server2...(up to 8 max)]
            no shutdown
            trusted
        icmp
            mask-reply
            ttl-expired [number seconds]
            unreachables
        ip-mtu octets
        ipcp
            dns ip-address [secondary ip-address]
            dns secondary ip-address
            peer-ip-address ip-address
        l4-load-balancing hashing-algorithm
        local proxy-arp
        loopback
        mac ieee-address
        proxy-arp-policy policy-name [policy-name...(up to 5 max)]
        remote-proxy-arp
        secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
        no shutdown
        static-arp ip-address ieee-mac-address
        static-arp ieee-mac-address unnumbered
        teid-load-balancing 
        unnumbered {ip-int-name | ip-address}
    no shutdown
Example:
A:ALU-41>config>service# ies 4
A:ALU-41>config>service>ies$ interface ‟to Internet” 
A:ALU-41>config>service>ies>if$ address 192.168.0.0/16
A:ALU-41>config>service>ies>if$ dhcp option
A:ALU-41>config>service>ies>if>dhcp>option$ circuit-id ifindex 
A:ALU-41>config>service>ies>if>dhcp>option$ exit
A:ALU-41>config>service>ies>if$ ip-mtu 1524

The following example displays the IES interface creation output for the IES service.

A:ALU-41>config>service>ies>if# info detail
-------------------------------------------
...
              no description
              address 192.168.0.0/16 broadcast host-ones
              no mac
              arp-timeout 14400
              no allow-directed-broadcasts
              icmp
                 mask-reply
                 unreachables 100 10
                 ttl-expired 100 10
              exit
              dhcp
                 shutdown
                 no description
                 option
                     action keep
                     circuit-id ifindex
                     no remote-id
                     no vendor-specific-option
                 exit
                 no server
                 no trusted
              exit
              ip-mtu 1524
              no bfd
              ipcp
                 no peer-ip-address
                 no dns
              exit
              proxy-arp policy ‟proxyARPpolicy”
              local proxy-arp
              remote proxy-arp
              no shutdown...
-------------------------------------

IES IPv6 service

Use the following CLI syntax to configure interface parameters for the IES IPv6 service.

CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id] 
    interface ip-int-name
        ipv6
            address ipv6-address/prefix-length [eui-64]
            dhcp6-relay
                description description-string
                option
                    interface-id
                    interface-id ascii-tuple
                    interface-id ifindex
                    interface-id sap-id
                    interface-id string
                    remote-id
                server ipv6-address [ipv6-address...(up to 8 max)]
                no shutdown
            icmp6
                packet-too-big [number seconds]
                param-problem [number seconds]
                time-exceeded [number seconds]
                unreachables [number seconds]
            neighbor ipv6-address mac-address
            reachable-time seconds
            stale-time seconds
Example:
config>service# ies 9
config>service>ies$ interface ‟ies_interface” 
config>service>ies>if$ ipv6
config>service>ies>if>ipv6$ address 2001:db8:0:1:1:1:1:1/24
config>service>ies>if>ipv6$ dhcp6-relay
config>service>ies>if>ipv6>dhcp6-relay$ server 2001:db8::1
config>service>ies>if>ipv6>dhcp6-relay$ option
config>service>ies>if>ipv6>dhcp6-relay>option$ interface-id ascii-tuple 
config>service>ies>if>ipv6>dhcp6-relay>option$ exit
config>service>ies>if>ipv6$ icmp
config>service>ies>if>ipv6>icmp6$ packet-too-big 80 10
config>service>ies>if>ipv6>icmp6$ exit
config>service>ies>>if>ipv6# neighbor 2001:db8::2
config>service>ies>>if>ipv6>neighbor# exit
config>service>ies>>if>ipv6# reachable-time 30
config>service>ies>>if>ipv6# stale-time 14400
config>service>ies>>if>ipv6# exit

The following example displays the IES interface IPv6 output.

A:ALU-41>config>service>ies>if># info detail
-------------------------------------------
...
              no description
              address 2001:db8:0:1:1:1:1:1/24
              dhcp6-relay
                  no description
                  option
                      interface-id ascii-tuple
                      no remote-id
                  server 2001:db8:0:1:1:1:1:1
              exit
              icmp6
                  packet-too-big 80 10
                  param-problem 100 10
                  time-exceeded 100 10
                  unreachables 100 10
                  exit
              exit
              ...
            reachable-time 30
            stale-time 14400
        exit
...

Configuring IES SAP parameters

Configure IES SAP parameters for:

IES management SAP

Use the following CLI syntax to configure IES management SAP parameters.

Note: The encapsulation type is always aal5mux-ip.
CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
    interface ip-int-name
        sap sap-id [create]
            atm
                encapsulation encap-type
                egress
                    traffic-desc traffic-desc-profile-id
                ingress
                    traffic-desc traffic-desc-profile-id
                oam
                    alarm-cells
            description description-string
            ingress
                filter ip ip-filter-id
            no shutdown
Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# interface ‟ATMoIP Management”
A:ALU-41>config>service>ies>if# sap 1/1/1.1:0/32 create
A:ALU-41>config>service>ies>if>sap# ingress
A:ALU-41>config>service>ies>if>sap>ingress# filter ip 3
A:ALU-41>config>service>ies>if>sap>ingress# exit
A:ALU-41>config>service>ies>if>sap# atm
A:ALU-41>config>service>ies>if>sap>atm# encapsulation aal5mux-ip
A:ALU-41>config>service>ies>if>sap>atm# egress
A:ALU-41>config>service>ies>if>sap>atm>egress# traffic-desc 3
A:ALU-41>config>service>ies>if>sap>atm>egress# exit
A:ALU-41>config>service>ies>if>sap>atm# ingress
A:ALU-41>config>service>ies>if>sap>atm>ingress# traffic-desc 2
A:ALU-41>config>service>ies>if>sap>atm>ingress# exit
A:ALU-41>config>service>ies>if>sap>atm# oam
A:ALU-41>config>service>ies>if>sap>atm>oam# alarm-cells
A:ALU-41>config>service>ies>if>sap>atm>oam# exit
A:ALU-41>config>service>ies>if>sap>atm# exit
A:ALU-41>config>service>ies>if>sap# exit
A:ALU-41>config>service>ies>if# exit
A:ALU-41>config>service>ies#

The following example displays the IES SAP creation output.

A:ALU-41>config>service>ies>if>sap# info detail
-------------------------------------------
...
           no description
           ingress
               filter ip 3
           exit
           atm
               encapsulation aal5mux-ip
               ingress
                   traffic-desc 2
               exit
               egress
                  traffic-desc 3
               exit
               oam
                   alarm-cells
               exit
           exit
           no shutdown
-------------------------------------

IES service SAP

Use the following CLI syntax to configure SAP parameters for the IES service.

Note: A SAP cannot be defined if the loopback command is enabled on the interface.
CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
    interface ip-int-name
        sap sap-id [create]
            accounting policy acct-policy-id
            collect stats
            description description-string
            egress
                filter ip ip-filter-id
                filter ipv6 ipv6-filter-id
                qos policy-id
            ingress
                filter ip ip-filter-id
                filter ipv6 ipv6-filter-id
                qos policy-id
            no shutdown
Example:
A:ALU-41>config>service# ies 4
A:ALU-41>config>service>ies$ interface ‟to Internet”
A:ALU-41>config>service>ies>if$ sap 1/4/1 create
A:ALU-41>config>service>ies>if>sap$ egress
A:ALU-41>config>service>ies>if>sap>egress$ qos 3
A:ALU-41>config>service>ies>if>sap$ ingress
A:ALU-41>config>service>ies>if>sap>ingress$ filter ip 3

The following example displays the IES SAP creation output.

A:ALU-41>config>service>ies>if>sap# info detail
-------------------------------------------
...
           no description
           egress
               qos 3
           ingress
               filter ip 3
           exit
           no shutdown
-------------------------------------

Configuring IES spoke SDP parameters

Use the following CLI syntax to configure spoke SDP parameters for the IES service.

CLI syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
    interface ip-int-name
        spoke-sdp sdp-id:vc-id [create]
            egress
                vc-label egress-vc-label 
            ingress
                filter ip ip-filter-id 
                vc-label ingress-vc-label 
            [no] shutdown
Example:
A:ALU-41>config>service# ies 6
A:ALU-41>config>service>ies$ interface ‟ies6_interface”
A:ALU-41>config>service>ies>if$ spoke-sdp 5:6 create
A:ALU-41>config>service>ies>if>spoke-sdp$ ingress
A:ALU-41>config>service>ies>if>spoke-sdp>ingress$ filter ip 56
A:ALU-41>config>service>ies>if>spoke-sdp>ingress$ vc-label 5566

The following example displays the IES spoke SDP creation output.

A:ALU-41>config>service>ies>if>spoke SDP# info detail
-------------------------------------------
...
           no description
           egress
               no vc-label
           ingress
               filter ip 56
               vc-label 5566
           exit
           no shutdown
-------------------------------------

Configuring VRRP

Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on an IES interface must specify the backup ip-address parameter.

VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP addresses shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.

The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.

For more information about VRRP CLI syntax and command descriptions for an IES service interface, see IES command reference. For overview information about VRRP and VRRP IES interface parameters, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.

The following displays an IES interface VRRP owner configuration:

config>service>ies> info 
#----------------------------------------------
...
    interface ‟vrrpowner”
        address 10.10.10.23/16
        vrrp 1 owner
            backup 10.10.10.24
            authentication-key "testabc”
        exit
    exit
...
#----------------------------------------------
config>service>ies#
config>service>ies>if># info 
-------------------------------------------
...
    ipv6
        address 2001:db8:0:1:1:1:1:1/16
        vrrp 1 owner
            backup 2001:db8:0:1:1:1:1:2
        exit
    exit
        exit
...
-------------------------------------------

Configuring a security zone within IES

To configure NAT or firewall security, you must:

  • configure a NAT or firewall security profile and policy in the config>security context

    • in the config>security>profile context, specify the timeouts for the TCP/UDP/ICMP protocols and configure logging and application assurance parameters. This step is optional. If you do not configure the profile, a default profile is assigned.

    • in the config>security>policy context, configure a security policy, specify the match criteria and the action to be applied to a packet if a match is found.

  • configure a security zone and apply the policy ID to the zone, as shown in the CLI syntax below

CLI syntax:
config>service
    ies service-id [customer customer-id] [create]
    abort
    begin
    commit
    zone zone-id [create]
        description description-string
        interface ip-int-name [create]
        name zone-name
        nat
            pool pool-id [create]
                description description-string
                direction {zone-outbound | zone-inbound | both}
                entry entry-id [create]
                    ip-address ip-address [to ip-address] interface ip-int-name
                    port port [to port] interface ip-int-name
                name pool-name
        policy policy-id | policy-name
        shutdown

The following example displays a NAT zone configuration output.

A:ALU-B>config>service>ies# info
----------------------------------------------
        configure
            service ies 10 create
                zone 1 create
                begin
                    name ‟IES zone”
                    description ‟uplink zone from private” 
                    interface ies-100-10.30.10.1 
                    exit 
                    nat 
                        pool 1 create 
                            description "pool 1" 
                            direction zone-inbound 
                            exit 
                            entry 1 create 
                                ip-addr interface ies-100-198.51.100.0/24 
                            exit 
                        exit 
                    exit 
                    policy 1 nat pool 1 
                    commit 
                exit
                no-shutdown
----------------------------------------------
A:ALU-B>config>service>ies#

Configuring serial raw socket transport within IES

Configure an IP transport subservice within an IES service to enable the transport of serial data using raw sockets.

CLI syntax:
config>service
    ies service-id [customer customer-id] [create]
        ip-transport ipt-id [create]
            description description-string
            filter-unknown-host
            local-host ip-addr ip-addr port-num port-num] protocol {tcp|udp}
            remote-host host-id [ip-addr ip-addr] [port-num port-num] [create]
                description description-string
                name host-name
                exit
            fc fc-name profile {in |out}
            shutdown
            tcp
                inactivity-timeout number
                max-retries seconds
                retry-interval seconds
            exit
        exit
    exit
exit

The following example displays an IP transport subservice configuration output.

A:ALU-B>config>service>ies# info
----------------------------------------------
        configure
            service ies 20 create
                ip-transport 1/2/4.1 create
                description ‟ip-transport one”
                filter-unknown-host
                local-host ip-address 192.168.1.1 port-number 4000 protocol udp
                    exit 
                remote-host 1 ip-address 192.168.1.7 port-number 4001 create
                    exit 
                exit
                no-shutdown
----------------------------------------------
A:ALU-B>config>service>ies#

Service management tasks

Modifying IES service parameters

Existing IES service parameters can be modified, added, removed, enabled, or disabled.

To display a list of customer IDs, use the show>service>customer command.

Enter the parameters (such as description, interface information, or SAP information), and then enter the new information.

The following is an example of changing the IP MTU size.

Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# interface ‟testname”
A:ALU-41>config>service>ies>if# ip-mtu 1517
A:ALU-41>config>service>ies>if# exit

Disabling an IES service

An IES service can be shut down without deleting the service parameters.

Use the shutdown command to shut down an IES service.

CLI syntax:
config>service# ies service-id
    shutdown
Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# shutdown
A:ALU-41>config>service>ies# exit

Re-enabling an IES service

Use the no shutdown command to re-enable a previously disabled IES service.

CLI syntax:
config>service# ies service-id
    no shutdown
Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# no shutdown
A:ALU-41>config>service>ies# exit

Deleting an IES service

An IES service cannot be deleted until SAPs, spoke SDPs, and interfaces are shut down and deleted and the service is shut down at the service level.

Use the following CLI syntax to delete an IES service:

CLI syntax:
config>service#
    ies service-id
        interface ip-int-name
            sap sap-id
                shutdown
                exit
            no sap sap-id
            spoke-sdp sdp-id:vc-id 
                shutdown
                exit
            no spoke-sdp sdp-id:vc-id 
        interface ip-int-name
            shutdown
            exit
        no interface ip-int-name
        shutdown
        exit
    no ies service-id

IES command reference

Command hierarchies

Configuration commands

IES management configuration commands
config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id]
        - no ies service-id
            - description description-string
            - no description
            - interface ip-int-name [create]
            - no interface ip-int-name
                - address {ip-address/mask | ip-address netmask}
                - no address
                - bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
                - no bfd
                - description description-string
                - no description
                - ip-mtu octets
                - no ip-mtu
                - sap sap-id [create] 
                - no sap sap-id
                    - atm
                        - encapsulation atm-encap-type
                        - egress
                            - traffic-desc traffic-desc-profile-id
                            - no traffic-desc
                        - ingress
                            - traffic-desc traffic-desc-profile-id
                            - no traffic-desc
                        - oam
                            - [no] alarm-cells
                    - description description-string
                    - no description
                    - ingress
                        - filter ip ip-filter-id
                        - no filter ip
                        - no filter ip [ip ip-filter-id]
                    - [no] shutdown
                - [no] shutdown
            - service-name service-name 
            - no service-name
            - [no] shutdown
IES service configuration commands
config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id] 
            - description description-string
            - no description
            - [no] interface ip-int-name [create]
                - address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
                - no address {ip-address/mask | ip-address netmask}
                - [no] allow-directed broadcasts
                - arp-retry-timer ms-timer
                - no arp-retry-timer
                - arp-timeout seconds
                - no arp-timeout
                - bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
                - no bfd
                - cflowd-parameters
                    - sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]
                    - no sampling {unicast | multicast} 
                - description description-string
                - no description
                - dhcp
                    - description description-string
                    - no description
                    - gi-address ip-address [src-ip-addr]
                    - no gi-address
                    - [no] option
                        - action {replace | drop | keep}
                        - no action
                        - circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
                        - no circuit-id
                        - remote-id [mac | string string]
                        - no remote-id
                        - [no] vendor-specific option
                            - [no] client-mac-address
                            - [no] sap-id
                            - [no] service-id
                            - string text
                            - no string
                            - [no] system-id
                    - server server1 [server2...(up to 8 max)]
                    - no server
                    - [no] shutdown
                    - [no] trusted
                - hold-time
                    - down ip seconds [init-only]
                    - no down ip
                    - down ipv6 seconds [init-only]
                    - no down ipv6
                    - up ip seconds
                    - no up ip
                    - up ipv6 seconds
                    - no up ipv6
                - icmp
                    - [no] mask-reply
                    - ttl-expired [number seconds]
                    - no ttl-expired
                    - unreachables [number seconds]
                    - no unreachables
                - ip-mtu octets
                - no ip-mtu
                - [no] ipcp
                    - dns ip-address [secondary ip-address]
                    - dns secondary ip-address
                    - no dns [ip-address] [secondary ip-address]
                    - peer-ip-address ip-address
                    - no peer-ip-address
                - [no] ipv6
                    - address ipv6-address/prefix-length [eui-64] [preferred]
                    - no address ipv6-address/prefix-length
                    - bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
                    - no bfd
                    - [no] dhcp6-relay
                        - description description-string
                        - [no] description
                        - [no] option
                            - interface-id
                            - interface-id ascii-tuple
                            - interface-id ifindex
                            - interface-id sap-id
                            - interface-id string
                            - no interface-id
                            - [no] remote-id
                        - server ipv6-address [ipv6-address...(up to 8 max)]
                        - no server ipv6-address [ipv6-address...(up to 8 max)]
                        - [no] shutdown
                    - icmp6
                        - packet-too-big [number seconds]
                        - no packet-too-big
                        - param-problem [number seconds]
                        - no param-problem
                        - time-exceeded [number seconds]
                        - no time-exceeded [number seconds]
                        - unreachables [number seconds]
                        - no unreachables
                    - link-local-address ipv6-address [preferred]
                    - no link-local-address
                    - [no] local-dhcp-server local-server-name
                    - neighbor ipv6-address mac-address
                    - no neighbor ipv6-address
                    - reachable-time seconds
                    - stale-time seconds
                    - tcp-mss value
                    - no tcp-mss 
                -  l4-load-balancing hashing-algorithm 
                - no l4-load-balancing 
                - [no] local-dhcp-server local-server-name
                - [no] local-proxy-arp 
                - [no] loopback
                - mac ieee-address
                - no mac [ieee-address]
                - proxy-arp-policy policy-name [policy-name...(up to 5 max)]
                - no proxy-arp-policy
                - [no] remote-proxy-arp 
                - [no] sap sap-id [create]
                    - accounting-policy acct-policy-id
                    - no accounting-policy [acct-policy-id]
                    - [no] collect-stats
                    - description description-string
                    - no description
                    - egress
                        - agg-rate-limit agg-rate [cir cir-rate]
                        - no agg-rate-limit
                        - filter ip ip-filter-id
                        - filter ipv6 ipv6-filter-id
                        - no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
                        - [no] qinq-mark-top-only
                        - qos policy-id
                        - no qos
                        - scheduler-mode {4-priority | 16-priority} 
                        - [no] shaper-group shaper-group-name  [create] 
                    - ingress
                        - agg-rate-limit agg-rate [cir cir-rate]
                        - no agg-rate-limit
                        - filter ip ip-filter-id
                        - filter ipv6 ipv6-filter-id
                        - no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
                        - match-qinq-dot1p {top | bottom} 
                        - no match-qinq-dot1p
                        - qos policy-id
                        - no qos
                        - scheduler-mode {4-priority | 16-priority} 
                        - [no] shaper-group shaper-group-name  [create] 
                    - [no] shutdown
                - secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
                - no secondary {ip-address/mask | ip-address netmask}
                - [no] shutdown
                - spoke-sdp sdp-id:vc-id [create]
                - no spoke-sdp sdp-id:vc-id
                    - egress
                        - vc-label egress-vc-label 
                        - no [egress-vc-label] 
                    - ingress
                        - filter ip ip-filter-id 
                        - no filter 
                        - vc-label ingress-vc-label 
                        - no vc-label [ingress-vc-label] 
                    - [no] shutdown
                - static-arp ip-address ieee-address
                - no static-arp ip-address [ieee-address]
                - static-arp ieee-address unnumbered
                - no static-arp [ieee-address] unnumbered
                - [no] static-nat-inside 
                - tcp-mss value
                - no tcp-mss 
                - [no] teid-load-balancing
                - unnumbered {ip-int-name | ip-address}
                - no unnumbered
            - service-name service-name 
            - no service-name
            - [no] shutdown
VRRP commands
config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id] 
            - [no] interface ip-int-name 
                - [no] ipv6
                    - vrrp virtual-router-id [owner] [passive]
                    - no vrrp virtual-router-id
                        - [no] backup ipv6-address
                        - [no] bfd-enable service-id interface interface-name dst-ip ip-address
                        - [no] bfd-enable interface interface-name dst-ip ip-address
                        - init-delay seconds
                        - no init-delay
                        - mac mac-address
                        - no mac
                        - [no] master-int-inherit
                        - message-interval {[seconds] [milliseconds milliseconds]}
                        - no message-interval
                        - [no] ntp-reply
                        - [no] ping-reply
                        - policy vrrp-policy-id
                        - no policy
                        - [no] preempt
                        - priority base-priority
                        - no priority
                        - [no] shutdown
                        - [no] standby-forwarding
                        - [no] telnet-reply
                        - [no] traceroute-reply
                - vrrp virtual-router-id [owner] [passive]
                - no vrrp virtual-router-id
                    - authentication-key [authentication-key | hash-key] [hash | hash2]
                    - no authentication-key
                    - [no] backup ip-address
                    - [no] bfd-enable service-id interface interface-name dst-ip ip-address
                    - [no] bfd-enable interface interface-name dst-ip ip-address
                    - init-delay seconds
                    - no init-delay
                    - mac mac-address
                    - no mac
                    - [no] master-int-inherit
                    - message-interval {[seconds] [milliseconds milliseconds]}
                    - no message-interval
                    - [no] ntp-reply
                    - [no] ping-reply
                    - policy vrrp-policy-id
                    - no policy
                    - [no] preempt
                    - priority priority
                    - no priority
                    - [no] shutdown
                    - [no] ssh-reply
                    - [no] standby-forwarding
                    - [no] telnet-reply
                    - [no] traceroute-reply
IES security zone configuration commands
config
    - service
        - ies service-id [customer customer-id] [create]
        - no ies service-id
            - zone {zone-id | zone-name} [create]
            - no zone {zone-id | zone-name}
                - abort
                - begin
                - commit
                - description description-string
                - no description
                - inbound
                    - limit
                        - concurrent-sessions {tcp | udp | icmp | other} sessions
                        - no concurrent-sessions {tcp | udp | icmp | other} 
                - [no] interface interface-name 
                    - [no] shutdown
                - log {log-id | name}
                - no log 
                - name zone-name
                - no name 
                - nat 
                    - pool pool-id [create]
                    - no pool pool-id
                        - description description-string
                        - no description
                        - direction {zone-outbound | zone-inbound | both} 
                        - no direction
                        - entry entry-id [create]
                        - no entry entry-id
                            - ip-address ip-address [to ip-address] interface ip-int-name
                            - no ip-address
                            - port port [to port] 
                            - no port
                        - name pool-name
                        - no name 
                - outbound 
                    - limit
                        - concurrent-sessions {tcp | udp | icmp | other} sessions
                        - no concurrent-sessions {tcp | udp | icmp | other} 
                - policy {policy-id | policy-name}
                - no policy 
                - [no] shutdown
IES raw socket IP transport configuration commands
config
    - service
        - ies service-id [customer customer-id] [create]
        - no ies service-id 
            - ip-transport ipt-id [create]
            - no ip-transport ipt-id 
                - description description-string
                - no description 
                - dscp dscp-name
                - fc fc-name profile {in | out}]
                - [no] filter-unknown-host
                - local-host ip-addr ip-addr port-num port-num  protocol {tcp | udp}
                - no local-host
                - remote-host host-id  [ip-addr ip-addr] [port-num port-num] [ceate]
                - no remote-host host-id 
                    - description description-string
                    - no description 
                    - name host-name
                    - no name 
                - [no] shutdown
                - tcp
                    - inactivity-timeout seconds
                    - max-retries number
                    - retry-interval seconds

Show commands

show
    - service
        - customer [customer-id]
        - egress-label start-label [end-label] 
        - id service-id
            - all
            - arp [ip-address] | [mac ieee-address] | [sap sap-id] | [interface ip-int-name]
            - base
            - dhcp
                - statistics [interface interface-name | ip-address]
                - summary [interface interface-name | saps]
            - interface [{[ip-address | ip-int-name] [interface-type] [detail] [family]} | summary]
            - ip-transport ipt-id [detail | statistics]
                - remote-host host-id  [detail | statistics]
            - macsec 
            - sap [sap-id] [detail]
        - ingress-label start-label [end-label] 
        - ip-transport-using [ip-transport ipt-id]
        - sap-using [sap sap-id]
        - sap-using interface [ip-address | ip-int-name]
        - sap-using description
        - sap-using [ingress | egress] atm-td-profile td-profile-id
        - sap-using [ingress | egress] scheduler-mode {4-priority | 16-priority} 
        - sap-using [ingress] filter filter-id
        - sap-using [ingress | egress] qos-policy qos-policy-id
        - service-using [ies] [customer customer-id]

Debug commands

debug
    - service
        - id service-id

Command descriptions

IES generic configuration commands

description
Syntax

description description-string

no description

Context

config>service>ies

config>service>ies>interface

config>service>ies>if>dhcp

config>service>ies>if>ipv6>dhcp6-relay

config>service>ies>if>sap

config>service>ies>if>sap

config>service>ies>ip-transport

config>service>ies>ip-transport>remote-host

config>service>ies>zone>nat>pool

Description

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the string from the context.

The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.

Parameters
description-string

the description character string. Allowed values are any string up to 80 printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

shutdown
Syntax

[no] shutdown

Context

config>service>ies

config>service>ies>interface

config>service>ies>if>dhcp

config>service>ies>if>ipv6>dhcp6-relay

config>service>ies>if>sap

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

config>service>ies>ip-transport

Description

This command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.

The no form of this command places the entity into an administratively enabled state.

The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and tries to enter the operationally up state. Default administrative states for services and service entities are described in the following Special cases.

Special cases
IES

the default administrative status of an IES service is down. While the service is down, its associated interface is operationally down.

For example, if:

1) An IES service is operational and its associated interface is shut down

2) The IES service is administratively shut down and brought back up

3) The interface that is shut down remains in the administrative shutdown state

A service is regarded as operational provided that one IP interface is operational.

IES IP interfaces

when the IP interface is shut down, it enters the administratively and operationally down states. For a SAP bound to the IP interface, no packets are transmitted out of the SAP and all packets received on the SAP are dropped and the packet discard counter is incremented.

IES IP transport subservice

when an IP transport subservice within an IES service is shut down, all TCP/UDP packets received from remote hosts are dropped and any serial data received from the serial port is dropped. Any TCP connections that were up are closed and no new TCP connection requests are accepted.

It is not possible to make configuration changes to an IP transport subservice without performing a shutdown first.

The operational state of an IP transport subservice is relative to the operational state of the serial port for which the IP transport subservice is defined. When a serial port is shut down, the IP transport subservice associated with the serial port becomes operationally down.

When the no shutdown command is executed for an IP transport subservice, it becomes operationally up, serial data from the serial port is encapsulated in TCP/UDP packets destined for remote hosts, and TCP/UDP packets can be received by the local host, where raw serial data is then sent out the serial port.

IES global configuration commands

ies
Syntax

ies service-id [customer customer-id] [create] [vpn vpn-id]

no ies service-id

Context

config>service

Description

This command enables Internet enhanced service (IES). On the 7705 SAR, IES is used for direct IP connectivity between customer access points as well as in-band management of the 7705 SAR over ATM links.

The no form of this command deletes the IES service instance with the specified service-id.

The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters
service-id

uniquely identifies a service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number or name used for every 7705 SAR on which this service is defined.

Values

1 to 2147483647 or service-name

customer-id

specifies the customer ID number to be associated with the service. This parameter is required on service creation and is optional for service editing or deleting.

Values

1 to 2147483647

vpn-id

specifies the VPN ID number, which allows you to identify virtual private networks (VPNs) by a VPN identification number. If this parameter is not specified, the VPN ID uses the service ID number. This parameter is not the same as the VRF ID used with VPRN services.

Values

1 to 2147483647

service-name
Syntax

service-name service-name

no service-name

Context

config>service>ies

Description

This command configures a service name that can be used in other configuration commands and show commands that reference the service.

Parameters
service-name

up to 64 characters

IES management configuration commands

IES management interface commands
interface
Syntax

interface ip-int-name [create]

no interface ip-int-name

Context

config>service>ies

Description

This command creates a logical IP routing interface for an Internet enhanced service (IES). When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. Two SAPs can be assigned to a single group interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal notation of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.

Default

no interface

Parameters
ip-int-name

the name of the IP interface. Interface names must be unique within the group of IP interfaces defined for the network core router instance. An interface name cannot be in the form of an IP address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

Values

1 to 32 characters (must start with a letter)

If the ip-int-name already exists, the context is changed to maintain that IP interface. If the ip-int-name already exists as an IP interface defined within the config router command, an error will occur and the context will not be changed to that IP interface. If the ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

address
Syntax

address {ip-address/mask | ip-address netmask}

no address

Context

config>service>ies>interface

Description

This command assigns an IP address and IP subnet to an IES IP interface. Only one IP address can be associated with an IP interface.

An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.

The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Default

no address

Parameters
ip-address

the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

1.0.0.0 to 223.255.255.255

/

the forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.

mask

the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address determines the host portion of the IP address.

Values

1 to 32 (mask length of 32 is reserved for system IP addresses)

netmask

the subnet mask in dotted-decimal notation

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

bfd
Syntax

bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]

no bfd

Context

config>service>ies>interface

config>service>ies>if>ipv6

Description

This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.

Default

no bfd

Parameters
transmit-interval

the number of milliseconds between consecutive BFD sent messages

Values

10 to 100000

Default

100

receive-interval

the number of milliseconds between consecutive BFD received messages

Values

10 to 100000

Default

100

multiplier

the number of consecutive BFD messages that must be missed before the interface is brought down

Values

3 to 20

Default

3

type np

controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.

Note: The BFD session must be disabled before the type np parameter can be changed.
cflowd-parameters
Syntax

cflowd-parameters

Context

config>service>ies>interface

Description

This command enables the context to configure cflowd parameters for the specified IP interface.

Cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

Default

n/a

sampling
Syntax

sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]

no sampling {unicast | multicast}

Context

config>service>ies>if>cflowd-parameters

Description

This command configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately.

If cflowd sampling is enabled with no direction parameter specified, ingress-only sampling is enabled by default.

The no form of the command disables the configured type of traffic sampling on the interface.

Default

no sampling unicast no sampling multicast

Parameters
unicast

cflowd samples unicast traffic on the interface

multicast

cflowd samples multicast traffic on the interface

interface

specifies that all traffic entering or exiting the interface is subject to sampling. Interface is the only sampling type supported on the 7705 SAR and must be specified with this command.

direction

specifies the direction in which to collect traffic flow samples: ingress-only, egress-only, or both

ip-mtu
Syntax

ip-mtu octets

no ip-mtu

Context

config>service>ies>interface

Description

This command configures the IP maximum transmit unit (packet size) for this interface.

The no form of the command returns the default value.

Parameters
octets

the MTU for the interface

Values

128 to 9732

IES management SAP commands
sap
Syntax

sap sap-id [create]

no sap sap-id

Context

config>service>ies>interface

Description

This command creates a SAP within an IES service. Each SAP must be unique.

All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters.

A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. An IES SAP can only be defined on an ATM port or IMA group that has been configured as an access port in the config>port port-id context using the mode access command. Fractional TDM ports are always access ports. See the 7705 SAR Interface Configuration Guide for information about access ports.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.

Default

no sap

Parameters
sap-id

specifies the physical port identifier portion of the SAP definition. See SAP ID configurations for a full list of SAP IDs.

create

keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

ingress
Syntax

ingress

Context

config>service>ies>if>sap

Description

This command enables access to the context to associate ingress filter policies with the SAP.

If an ingress filter is not defined, no filtering is performed.

filter ip
Syntax

filter ip ip-filter-id

no filter

no filter [ip ip-filter-id]

Context

config>service>ies>if>sap>ingress

Description

This command associates an IP filter policy with an ingress SAP. Filter policies control the forwarding and dropping of packets based on the IP match criteria. Only one filter ID can be specified.

The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned. Filters applied to the ingress SAP apply to all IP packets on the SAP.

The no form of this command removes any configured filter ID association with the SAP.

Default

no filter

Parameters
ip-filter-id

specifies the IP filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

Note: For information about configuring IP filter IDs, see the 7705 SAR Router Configuration Guide, ‟Filter Policies”.
atm
Syntax

atm

Context

config>service>ies>if>sap

Description

This command enables access to the context to configure ATM-related attributes. This command can only be used when a specific context (for example, a channel or SAP) supports ATM functionality such as:

  • configuring ATM port or ATM port-related functionality on T1/E1 ASAP adapter cards on a 7705 SAR-8 Shelf V2 or 7705 SAR-18 or on T1/E1 ports on a 7705 SAR-M

  • configuring ATM-related configuration for ATM-based SAPs that exist on T1/E1 ASAP adapter cards on a 7705 SAR-8 Shelf V2 or 7705 SAR-18 or on T1/E1 ports on a 7705 SAR-M

If ATM functionality is not supported for a specific context, the command returns an error.

encapsulation
Syntax

encapsulation atm-encap-type

Context

config>service>ies>if>sap>atm

Description

This command configures an ATM VC SAP for encapsulation in accordance with RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. This command is only supported in the IP over ATM management context.

The only supported encapsulation type is aal5mux-ip.

Ingress traffic that does not match the configured encapsulation is dropped.

Default

aal5mux-ip

Parameters
atm-encap-type

aal5mux-ip (routed IP encapsulation for a VC multiplexed circuit as defined in RFC 2684)

egress
Syntax

egress

Context

config>service>ies>if>sap>atm

Description

This command provides access to the context to configure egress ATM traffic policies for the SAP.

ingress
Syntax

ingress

Context

config>service>ies>if>sap>atm

Description

This command provides access to the context to configure ingress ATM traffic policies for the SAP.

traffic-desc
Syntax

traffic-desc traffic-desc-profile-id

no traffic-desc

Context

config>service>ies>if>sap>atm>egress

config>service>ies>if>sap>atm>ingress

Description

This command assigns an ATM traffic descriptor profile to an egress or ingress SAP.

When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction.

When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.

Note: Proper configuration of the traffic descriptor profiles is essential for proper operation of the IES SAP. If no profile is assigned, the default UBR service category is assumed. All IES 7705 SAR traffic is scheduled; no shaping is supported in this mode. To ensure that IP traffic transported over the IES SAP is prioritized fairly, ATM layer traffic descriptors should be assigned.

The no form of the command reverts to the default traffic descriptor profile.

Default

The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created ATM VC SAPs.

Parameters
traffic-desc-profile-id

specifies a defined traffic descriptor profile (for information about defining traffic descriptor profiles, see the 7705 SAR Quality of Service Guide)

Values

1 to 1000

oam
Syntax

oam

Context

config>service>ies>if>sap>atm

Description

This command enables the context to configure OAM functionality for an IES SAP.

The T1/E1 ASAP Adapter cards support F4 and F5 end-to-end OAM functionality (AIS, RDI, Loopback).

alarm-cells
Syntax

[no] alarm-cells

Context

config>service>ies>if>sap>atm>oam

Description

This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC terminations to monitor and report the status of their connection by propagating fault information through the network and by driving the PVCC operational status.

Layer 2 OAM AIS/RDI cells that are received on the IES SAP cause the IP interface to be disabled.

The no command disables alarm-cells functionality for the SAP. When alarm-cells functionality is disabled, OAM cells are not generated as result of the SAP going into the operationally down state.

Default

enabled

IES service configuration commands

IES service interface commands
interface
Syntax

[no] interface ip-int-name [create]

Context

config>service>ies

Description

This command creates a logical IP routing interface for Internet enhanced service (IES). When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and the default routing table. Two SAPs can be assigned to a single group interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal format of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.

Default

no interface

Parameters
ip-int-name

the name of the IP interface. Interface names must be unique within the group of IP interfaces defined for the network core router instance. An interface name cannot be in the form of an IP address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

Values

1 to 32 characters (must start with a letter)

If the ip-int-name already exists, the context is changed to maintain that IP interface. If the ip-int-name already exists as an IP interface defined within the config router command, an error will occur and the context will not be changed to that IP interface. If the ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

address
Syntax

address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]

no address {ip-address/mask | ip-address netmask}

Context

config>service>ies>interface

Description

This command assigns an IP address, IP subnet, and broadcast address format to an IES IP interface.

An IP address must be assigned to each IES IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.

The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Default

no address

Parameters
ip-address

the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

1.0.0.0 to 223.255.255.255

/

the forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.

mask

the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address determines the host portion of the IP address.

Values

1 to 32 (mask length of 32 is reserved for system IP addresses)

netmask

the subnet mask in dotted-decimal notation

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

broadcast

overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to the default broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

all-ones

specifies that the broadcast address used by the IP interface for this IP address is 255.255.255.255 (also known as the local broadcast)

host-ones

specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the IP address and mask with all host bits set to 1. This IP address is the default broadcast address used by an IP interface.

allow-directed broadcasts
Syntax

[no] allow-directed broadcasts

Context

config>service>ies>interface

Description

This command enables the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.

When enabled, a frame destined for the local subnet on this IP interface is sent as a subnet broadcast out this interface.

Note: Allowing directed broadcasts is a well-known mechanism used for denial-of-service attacks.

By default, directed broadcasts are not allowed and are discarded at this egress IP interface.

The no form of the command disables directed broadcasts forwarding out of the IP interface.

Default

no allow-directed broadcasts

arp-retry-timer
Syntax

arp-retry-timer ms-timer

no arp-retry-timer

Context

config>service>ies>interface

Description

This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.

The no form of the command resets the interval to the default value.

Note: The ARP retry default value of 5000 ms is intended to protect CPU cycles on the 7705 SAR, especially when it has a large number of interfaces. Configuring the ARP retry timer to a value shorter than the default should be done only on mission-critical links, such as uplinks or aggregate spoke SDPs transporting mobile traffic; otherwise, the retry interval should be left at the default value.
Default

50 (in 100s of ms)

Parameters
ms-timer

the time interval, in 100s of milliseconds, the system waits before retrying a failed ARP request

Values

1 to 300

arp-timeout
Syntax

arp-timeout seconds

no arp-timeout

Context

config>service>ies>interface

Description

This command configures the minimum interval, in seconds, that an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host. Otherwise, the ARP entry is aged from the ARP table.

If the arp-timeout value is set to 0 s, ARP aging is disabled.

The no form of the command reverts to the default value.

Note: The 7705 SAR will attempt to refresh an ARP entry 30 s prior to its expiry. This refresh attempt occurs only if the ARP timeout is set to 45 s or more.
Default

no arp-timeout

Parameters
seconds

the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of 0 specifies that the timer is inoperative and learned ARP entries will not be aged.

Values

0 to 65535

Default

14400 s (4 h)

bfd
Syntax

bfd {transmit-interval} [receive receive-interval] [multiplier multiplier] [type np]

no bfd

Context

config>service>ies>interface

config>service>ies>if>ipv6

Description

This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.

Default

no bfd

Parameters
transmit-interval

the number of milliseconds between consecutive BFD sent messages

Values

10 to 100000

Default

100

receive-interval

the number of milliseconds between consecutive BFD received messages

Values

10 to 100000

Default

100

multiplier

the number of consecutive BFD messages that must be missed before the interface is brought down

Values

3 to 20

Default

3

type np

controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.

Note: The BFD session must be disabled before the type np parameter can be changed.
dhcp
Syntax

dhcp

Context

config>service>ies>interface

Description

This command enables the context to configure DHCP parameters.

gi-address
Syntax

gi-address ip-address [src-ip-addr]

no gi-address

Context

config>service>ies>if>dhcp

Description

This command configures the gateway interface address for the DHCP relay agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface. Specifying the GIADDR allows the user to choose a secondary address.

Default

no gi-address

Parameters
ip-address

the IP address of the gateway interface in dotted-decimal notation

Values

a.b.c.d (host bits must be 0)

src-ip-addr

specifies that the GIADDR is to be used as the source IP address for DHCP relay packets

option
Syntax

[no] option

Context

config>service>ies>if>dhcp

Description

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.

The no form of this command returns the system to the default.

Default

no option

action
Syntax

action {replace | drop | keep}

no action

Context

config>service>ies>if>dhcp>option

Description

This command configures the Relay Agent Information Option (Option 82) processing.

The no form of this command returns the system to the default value.

Default

keep

Parameters
replace

in the upstream direction (from the user), the Option 82 field from the router is inserted in the packet (overwriting any existing Option 82 field). In the downstream direction (toward the user), the Option 82 field is stripped (in accordance with RFC 3046).

drop

the DHCP packet is dropped if an Option 82 field is present, and a counter is incremented

keep

the existing information is kept in the packet and the router does not add any additional information. In the downstream direction, the Option 82 field is not stripped and is forwarded toward the client.

The behavior is slightly different in the case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert its own VSO into the Option 82 field. This will only be done if the incoming message already has an Option 82 field.

If no Option 82 field is present, the router will not create the Option 82 field. In this case, no VSO will be added to the message.

circuit-id
Syntax

circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]

no circuit-id

Context

config>service>ies>if>dhcp>option

Description

This command sends either an ASCII tuple or the interface index (If Index) on the specified SAP ID in the circuit-id suboption of the DHCP packet.

If disabled, the circuit-id suboption of the DHCP packet is left empty.

The no form of the command returns the system to the default.

Default

ascii-tuple

Parameters
ascii-tuple

specifies that the ASCII-encoded concatenated tuple, which consists of the access node identifier, service ID, and interface name, separated by ‟/”, will be used

ifindex

specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.

sap-id

specifies that the SAP ID will be used

vlan-ascii-tuple

specifies that the format will include VLAN ID and dot1p bits in addition to what is already included in ascii-tuple. The format is supported on dot1q and qinq ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

remote-id
Syntax

remote-id [mac | string string]

no remote-id

Context

config>service>ies>if>dhcp>option

Description

This command sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit.

If disabled, the remote-id suboption of the DHCP packet is left empty.

The no form of this command returns the system to the default.

Default

remote-id

Parameters
mac

specifies that the MAC address of the remote end is encoded in the suboption

string

the remote ID

vendor-specific option
Syntax

[no] vendor-specific-option

Context

config>service>ies>if>dhcp>option

Description

This command configures the vendor-specific suboption of the DHCP relay packet.

client-mac-address
Syntax

[no] client-mac-address

Context

config>service>ies>if>dhcp>option>vendor-specific-option

Description

This command enables the sending of the MAC address in the vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the MAC address.

sap-id
Syntax

[no] sap-id

Context

config>service>ies>if>dhcp>option>vendor-specific-option

Description

This command enables the sending of the SAP ID in the vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the SAP ID.

service-id
Syntax

[no] service-id

Context

config>service>ies>if>dhcp>option>vendor-specific-option

Description

This command enables the sending of the service ID in the vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the service ID.

string
Syntax

string text

no string

Context

config>service>ies>if>dhcp>option>vendor-specific-option

Description

This command specifies the string in the vendor-specific suboption of the DHCP relay packet.

The no form of the command reverts to the default value.

Default

no string

Parameters
text

any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, the entire string must be enclosed within double quotes.

system-id
Syntax

[no] system-id

Context

config>service>ies>if>dhcp>option>vendor-specific-option

Description

This command specifies whether the system ID is encoded in the vendor-specific suboption of the DHCP relay packet.

server
Syntax

server server1 [server2...(up to 8 max)]

no server

Context

config>service>ies>if>dhcp>option

Description

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers, the request is forwarded to all of the servers in the list.

There can be a maximum of 8 DHCP servers configured.

Default

no server

Parameters
server

the DHCP server IP address

trusted
Syntax

[no] trusted

Context

config>service>ies>if>dhcp>option

Description

As specified in RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the giaddr is 0.0.0.0 and that contains a Option 82 field in the packet, should be discarded unless it arrives on a ‟trusted” circuit. If trusted mode is enabled on an IP interface, the relay agent (the router) will modify the request giaddr to be equal to the ingress interface and forward the request.

This behavior only applies when the action in the relay agent Information Option is ‟keep”. In the case where the Option 82 field is being replaced by the relay agent (action = ‟replace”), the original Option 82 information is lost, and therefore there is no reason to enable the trusted option.

The no form of this command returns the system to the default.

Default

not enabled

hold-time
Syntax

hold-time

Context

config>service>ies>interface

Description

This command enables the CLI context to configure interface hold-up or hold-down timers.

Default

n/a

down
Syntax

down ip seconds [init-only]

no down ip

down ipv6 seconds [init-only]

no down ipv6

Context

config>service>ies>if>hold-time

Description

This command enables a delay in the activation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is first configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of this command disables the delay in the activation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.

Default

n/a

Parameters
ip

specifies that the configured down delay is applied to an IPv4 interface

ipv6

specifies that the configured down delay is applied to an IPv6 interface

seconds

specifies the time delay, in seconds, before the interface is activated

Values

1 to 1200

init-only

specifies that the configured down delay is applied only when the interface is configured or after a reboot

up
Syntax

up ip seconds

no up ip

up ipv6 seconds

no up ipv6

Context

config>service>ies>if>hold-time

Description

This command enables a delay in the deactivation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of this command disables the delay in the deactivation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.

Default

n/a

Parameters
ip

specifies that the configured up delay applies to an IPv4 interface

ipv6

specifies that the configured up delay applies to an IPv6 interface

seconds

specifies the time delay, in seconds, before the interface is deactivated

Values

1 to 1200

icmp
Syntax

icmp

Context

config>service>ies>interface

Description

This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

mask-reply
Syntax

[no] mask-reply

Context

config>service>ies>if>icmp

Description

This command enables or disables responses to ICMP mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

The no form of the command disables replies to ICMP mask requests on the router interface.

Default

mask-reply

ttl-expired
Syntax

ttl-expired [number seconds]

no ttl-expired

Context

config>service>ies>if>icmp

Description

This command configures the rate that ICMP Time To Live (TTL) expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of the command disables the generation of TTL expired messages.

Default

ttl-expired 100 10 – maximum of 100 TTL expired message in 10 s

Parameters
number

the maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. The seconds parameter must also be specified.

Values

10 to 100

seconds

the time frame, in seconds, used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer

Values

1 to 60

unreachables
Syntax

unreachables [number seconds]

no unreachables

Context

config>service>ies>if>icmp

Description

This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachable messages on the router interface. The rate at which ICMP unreachable messages are issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a specified time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of the command disables the generation of ICMP destination unreachable messages on the router interface.

Default

unreachables 100 10 – maximum of 100 unreachable messages in 10 s

Parameters
number

the maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified.

Values

10 to 100

seconds

the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer

Values

1 to 60

ip-mtu
Syntax

ip-mtu octets

no ip-mtu

Context

config>service>ies>interface

Description

This command configures the IP maximum transmit unit (packet size) for this interface.

The default value is derived from the port MTU. The no form of the command returns the default value.

Default

no ip-mtu – uses the value derived from the port MTU

Parameters
octets

the MTU for the interface

Values

128 to 9732

ipcp
Syntax

[no] ipcp

Context

config>service>ies>interface

Description

This command enables the context to configure IPCP. Within this context, IPCP extensions can be used to signal the remote IP address and DNS IP address to the PPP peer over the PPP/MLPPP interface. This command is only applicable if the associated SAP is a PPP/MLPPP interface.

dns
Syntax

dns ip-address [secondary ip-address]

dns secondary ip-address

no dns [ip-address] [secondary ip-address]

Context

config>service>ies>if>ipcp

Description

This command defines the DNS addresses to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/ MLPPP interface with an IPCP encapsulation.

The no form of the command deletes the specified primary DNS address, secondary DNS address, or both addresses from the IPCP extension peer-ip-address configuration.

Default

no dns

Parameters
ip-address

specifies a unicast IPv4 address for the primary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions

secondary ip-address

specifies a unicast IPv4 address for the secondary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions

peer-ip-address
Syntax

peer-ip-address ip-address

no peer-ip-address

Context

config>service>ies>if>ipcp

Description

This command defines the remote IP address to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of the command deletes the IPCP extension peer-ip-address configuration.

Default

no peer-ip-address (0.0.0.0)

Parameters
ip-address

a unicast IPv4 address to be signaled to the far end of the associated PPP/MLPPP link by IPCP extensions

load-balancing
Syntax

load-balancing

Context

config>service>ies>interface

Description

This command enables the context to configure load balancing hashing options on the interface. The options enabled at the interface level overwrite parallel system-level configurations.

Default

n/a

l4-load-balancing
Syntax

l4-load-balancing hashing-algorithm

no l4-load-balancing

Context

config>service>ies>interface>load-balancing

Description

This command configures Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to determine the distribution of packets.

You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.

The default configuration on the interface is to match the Layer 4 load-balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.

Parameters
hashing-algorithm

specifies that Layer 4 source and destination port fields are included in or excluded from the hashing calculation

Values

includeL4: include Layer 4 source and destination port fields in the hashing calculation for TCP/UDP packets

excludeL4: exclude Layer 4 source and destination port fields in the hashing calculation for TCP/UDP packets

Default

the system configuration setting (under the config>system context)

spi-load-balancing
Syntax

[no] spi-load-balancing

Context

config>service>ies>interface>load-balancing

Description

This command enables SPI hashing for ESP/AH encrypted IPv4 or IPv6 traffic at the interface level.

The no form of this command disables SPI hashing.

Default

no spi-load-balancing

teid-load-balancing
Syntax

[no] teid-load-balancing

Context

config>service>ies>interface>load-balancing

Description

This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine the distribution of packets.

You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.

Default

no teid-load-balancing

local-dhcp-server
Syntax

[no] local-dhcp-server local-server-name

Context

config>service>ies>interface

config>service>ies>if>ipv6

Description

This command associates the interface with a local DHCP server configured on the system. A routed VPLS interface may not be associated with a local DHCP server.

The no form of the command removes the association of the interface with the local DHCP server.

Default

n/a

Parameters
local-server-name

the name of the local DHCP server

Values

up to 32 alphanumeric characters

local-proxy-arp
Syntax

[no] local-proxy-arp

Context

config>service>ies>interface

Description

This command enables local proxy ARP on the interface.

Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.

Local proxy ARP is used on subnets where hosts are prevented from communicating directly.

When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default

no local-proxy-arp

loopback
Syntax

[no] loopback

Context

config>service>ies>interface

Description

This command specifies that the interface is a loopback interface that has no associated physical interface. If this command is enabled, a SAP cannot be defined on the interface.

Default

no loopback

mac
Syntax

mac ieee-address

no mac [ieee-address]

Context

config>service>ies>interface

Description

This command assigns a specific MAC address to an IES IP interface.

The no form of the command returns the MAC address to the default value.

Default

the physical MAC address associated with the Ethernet interface on which the SAP is configured (default MAC address assigned to the interface by the system)

Parameters
ieee-address

a 48-bit MAC address in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers and cannot be all zeros. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.

proxy-arp-policy
Syntax

proxy-arp-policy policy-name [policy-name...(up to 5 max)]

no proxy-arp-policy

Context

config>service>ies>interface

Description

This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (see the 7705 SAR Router Configuration Guide, ‟Route Policy Command Reference, Route Policy Options”). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.

Default

no proxy-arp-policy

Parameters
policy-name

the route policy statement name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes. The policy statement must already be defined.

remote-proxy-arp
Syntax

[no] remote-proxy-arp

Context

config>service>ies>interface

Description

This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.

Default

no remote-proxy-arp

secondary
Syntax

secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]

no secondary {ip-address/mask | ip-address netmask}

Context

config>service>ies>interface

Description

This command assigns an secondary IP address, IP subnet, and broadcast address format to the interface.

Default

no secondary

Parameters
ip-address

the IP address of the IP interface. The ip-address portion of the secondary command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

a.b.c.d

(1.0.0.0 to 223.255.255.255 (with support of /31 subnets))

The ‟/” (forward slash) is a parameter delimiter that separates the ip-address portion of the IP address from the mask, which defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.

mask

the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.

Values

0 to 32 (a mask length of 32 is reserved for loopback addresses, including system IP addresses)

netmask

the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address.

Values

128.0.0.0 to 255.255.255.254

(network bits all 1 and host bits all 0)

(255.255.255.255 is reserved for system IP addresses)

broadcast

the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

Default

host-ones

all-ones

specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast

host-ones

specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the secondary command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the secondary command must be executed with the broadcast parameter defined.

igp-inhibit

specifies that this secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the secondary IP interface will not be injected and used as a passive interface and will not be advertised as an internal IP interface into the IGP link state database. For RIP, this means that the secondary IP interface will not source RIP updates.

static-arp
Syntax

static-arp ip-address ieee-address

no static-arp ip-address [ieee-address]

static-arp ieee-address unnumbered

no static-arp [ieee-address] unnumbered

Context

config>service>ies>interface

Description

This command configures a static ARP entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.

A router interface can only have one static ARP entry configured for it.

Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR configuration can specify to send a packet with a particular IP address to the corresponding ARP address.

The no form of the command removes a static ARP entry.

Default

no static-arp

Parameters
ip-address

the IP address for the static ARP in dotted-decimal notation

ieee-mac-address

the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.

unnumbered

specifies the static ARP MAC addresses for an unnumbered interface. Unnumbered interfaces also support dynamic ARP. If this parameter is configured, it overrides any dynamic ARP.

static-nat-inside
Syntax

[no] static-nat-inside

Context

config>service>ies>interface

Description

This command configures an interface as an inside (private) interface.

By default, all interfaces are outside (public) interfaces. The no form of this command returns the interface to the default setting.

Default

no static-nat-inside

tcp-mss
Syntax

tcp-mss value

no tcp-mss

Context

config>service>ies>interface

config>service>ies>if>ipv6

Description

This command configures the maximum segment size (MSS) in a TCP SYN or SYN-ACK packet during the establishment of a TCP connection. A tcp-mss value can be specified on an ingress interface, egress interface, or both. When configured on two interfaces, the smaller of the two values is used. If the TCP SYN packet has no TCP MSS field, the 7705 SAR assigns it the MSS value configured on the interface and recalculates the IP checksum. If the TCP SYN or SYN-ACK packet has an MSS field and the value is greater than the value configured on the interface, the 7705 SAR overwrites the packet MSS value with the lower value. If the MSS value is less than the value configured on the interface, the packet MSS value does not change. See the 7705 SAR Router Configuration Guide, ‟TCP MSS Configuration and Adjustment”, for more information.

This command is supported on interfaces with IPv4 and IPv6 traffic, and a different MSS value can be configured for the IPv4 and IPv6 interfaces. This command is not supported on IPSec public interfaces in IES.

Default

no tcp-mss

Parameters
value

the MSS, in bytes, to be used in a TCP SYN or SYN-ACK packet

Values

384 to 9732

unnumbered
Syntax

unnumbered {ip-int-name | ip-address}

no unnumbered

Context

config>service>ies>interface

Description

This command configures an IP interface as an unnumbered interface and specifies an IP address or interface name to be used for the interface. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.

By default, no IP address exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface.

Default

no unnumbered

Parameters
ip-int-name | ip-address

the IP interface name or address to associate with the unnumbered IP interface

Values

ip-int-name: 1 to 32 characters (must start with a letter)

ip-address: a.b.c.d

IES service IPv6 commands
ipv6
Syntax

[no] ipv6

Context

config>service>ies>interface

Description

This command enables the context to configure IPv6 for an IES interface.

address
Syntax

address ipv6-address/prefix-length [eui-64] [preferred]

no address ipv6-address/prefix-length

Context

config>service>ies>if>ipv6

Description

This command assigns an IPv6 address to the IES interface.

Default

n/a

Parameters
ipv6-address/prefix-length

the IPv6 address on the interface

Values

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

(no multicast address)

prefix-length: 1 to 128

eui-64

when the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces.

preferred

specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.

dhcp6-relay
Syntax

[no] dhcp6-relay

Context

config>service>ies>if>ipv6

Description

This command enables the context to configure DHCPv6 relay parameters for the IES interface.

option
Syntax

[no] option

Context

config>service>ies>if>ipv6>dhcp6-relay

Description

This command enables the context to configure DHCPv6 relay information options.

interface-id
Syntax

interface-id

interface-id ascii-tuple

interface-id ifindex

interface-id sap-id

interface-id string

no interface-id

Context

config>service>ies>if>ipv6>dhcp6-relay>option

Description

This command enables the sending of interface ID options in the DHCPv6 relay packet.

Default

ascii-tuple

Parameters
ascii-tuple

specifies that the ASCII-encoded concatenated tuple, which consists of the access node identifier, service ID, and interface name, separated by ‟/”, will be used

ifindex

specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.

sap-id

specifies that the SAP ID will be used

string

specifies that a string of up to 32 printable, 7-bit ASCII characters, will be used. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

remote-id
Syntax

[no] remote-id

Context

config>service>ies>if>ipv6>dhcp6-relay>option

Description

This command enables the sending of the remote ID option in the DHCPv6 relay packet. The client DHCP unique identifier (DUID) is used as the remote ID.

server
Syntax

server ipv6-address [ipv6-address...(up to 8 max)]

no server ipv6-address [ipv6-address...(up to 8 max)]

Context

config>service>ies>if>ipv6>dhcp6-relay

Description

This command specifies a list of servers where DHCPv6 requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. At least one server must be specified in order for DHCPv6 relay to work. If there are multiple servers, the request is forwarded to all of them. A maximum of eight servers can be configured.

Default

n/a

Parameters
ipv6-address

the IPv6 addresses of the DHCP servers

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

icmp6
Syntax

icmp6

Context

config>service>ies>if>ipv6

Description

This command enables the context to configure ICMPv6 parameters on the IES interface.

packet-too-big
Syntax

packet-too-big [number seconds]

no packet-too-big

Context

config>service>ies>if>ipv6>icmp6

Description

This command configures the rate for ICMPv6 packet-too-big messages.

The no form of the command disables the sending of ICMPv6 packet-too-big messages.

Default

100 10

Parameters
number

the maximum number of packet-too-big messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter

Values

10 to 1000

seconds

the time frame, in seconds, used to limit the number of packet-too-big messages that can be issued, expressed as a decimal integer

Values

1 to 60

param-problem
Syntax

param-problem [number seconds]

no param-problem

Context

config>service>ies>if>ipv6>icmp6

Description

This command configures the rate for ICMPv6 param-problem messages.

The no form of the command disables the sending of ICMPv6 param-problem messages.

Default

100 10

Parameters
number

the maximum number of param-problem messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter

Values

10 to 1000

seconds

the time frame, in seconds, used to limit the number of param-problem messages that can be issued, expressed as a decimal integer

Values

1 to 60

time-exceeded
Syntax

time-exceeded [number seconds]

no time-exceeded

Context

config>service>ies>if>ipv6>icmp6

Description

This command configures the rate for ICMPv6 time-exceeded messages.

The no form of the command disables the sending of ICMPv6 time-exceeded messages.

Default

100 10

Parameters
number

the maximum number of time-exceeded messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter

Values

10 to 1000

seconds

the time frame, in seconds, used to limit the number of time-exceeded messages that can be issued, expressed as a decimal integer

Values

1 to 60

unreachables
Syntax

unreachables [number seconds]

no unreachables

Context

config>service>ies>if>ipv6>icmp6

Description

This command enables and configures the rate for ICMPv6 host and network destination unreachable messages issued on the router interface.

The no form of the command disables the generation of ICMPv6 destination unreachables on the router interface.

Default

100 10

Parameters
number

the maximum number of destination unreachable messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter

Values

10 to 1000

seconds

the time frame, in seconds, used to limit the number of destination unreachable messages that can be issued, expressed as a decimal integer

Values

1 to 60

link-local-address
Syntax

link-local-address ipv6-address [preferred]

no link-local-address

Context

config>service>ies>if>ipv6

Description

This command configures the IPv6 link-local address.

The no form of the command removes the configured link-local address, and the router automatically generates a default link-local address.

Removing a manually configured link-local address may impact routing protocols that have a dependency on that address.

Default

n/a

Parameters
ipv6-address

the IPv6 address

Values

ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

preferred

specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.

neighbor
Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

config>service>ies>if>ipv6

Description

This command configures an IPv6-to-MAC address mapping on the IES interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery or a static address must be used. This command can only be used on Ethernet interfaces. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.

Parameters
ipv6-address

the IPv6 address on the interface

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

mac-address

the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

reachable-time
Syntax

[no] reachable-time seconds

Context

config>service>ies>if>ipv6

Description

This command specifies the time an IPv6 neighbor remains in reachable state.

Default

no reachable-time

Parameters
seconds

specifies the number of seconds that an IPv6 neighbor remains in reachable state

Values

30 to 3600

Default

30

stale-time
Syntax

[no] stale-time seconds

Context

config>service>ies>if>ipv6

Description

This command specifies the time that an IPv6 neighbor cache entry remains in stale state. When the specified time elapses, the system removes the neighbor cache entry.

Default

no stale-time

Parameters
seconds

specifies the number of seconds that an IPv6 neighbor remains in stale state

Values

60 to 65535

Default

14400

IES service VRRP commands
vrrp
Syntax

vrrp virtual-router-id [owner] [passive]

no vrrp virtual-router-id

Context

config>service>ies>interface

config>service>ies>if>ipv6

Description

This command creates or edits a virtual router ID (VRID) on the service IP interface. A virtual router ID is internally represented in conjunction with the IP interface name. This allows the virtual router ID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRIDs can be defined on an IP interface. One, both, or none may be defined as owner.

The no form of this command removes the specified virtual router ID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the virtual router ID. The virtual router ID does not need to be shut down in order to remove the virtual router instance.

Default

n/a

Parameters
virtual-router-id

specifies a new virtual router ID or one that can be modified on the IP interface

Values

1 to 255

owner

keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of VRID creation, the vrrp backup command must be used to define the virtual router IP addresses. The owner keyword is not required when entering the VRID for editing purposes. When created as owner, a VRID on an IP interface cannot have the owner parameter removed. The VRID must be deleted, and then recreated without the owner keyword, to remove ownership.

passive

keyword used to identify this virtual router instance as passive, owning the virtual router IP addresses. A passive VRID does not send or receive VRRP advertisement messages and is always in either the master state (if the interface is operationally up), or the initialize state (if the interface is operationally down). The passive keyword is not required when entering the VRID for editing purposes. When a VRID on an IP interface is created as passive, the parameter cannot be removed from the VRID. The VRID must be deleted, and then recreated without the passive keyword, to remove the parameter.

authentication-key
Syntax

authentication-key [authentication-key | hash-key] [hash | hash2]

no authentication-key

Context

config>service>ies>if>vrrp

Description

This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

If the command is re-executed with a different password key defined, the new key is used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.

To change the current in-use password key on multiple virtual router instances:

  • identify the current master

  • shut down the virtual router instance on all backups

  • execute the authentication-key command on the master to change the password key

  • execute the authentication-key command and no shutdown command on each backup

The no form of this command restores the default value of the key.

Default

The authentication data field contains the value 0 in all octets.

Parameters
authentication-key

identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string 8 octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The authentication-key parameter is expressed as a string consisting up to eight alphanumeric characters. Spaces must be contained in quotation marks (‟ ”). The quotation marks are not considered part of the string.

The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values

any 7-bit printable ASCII character

exceptions: double quote ASCII 34

carriage return ASCII 13

line feed ASCII 10

tab ASCII 9

backspace ASCII 8

hash-key

can be any combination of ASCII characters up to 11 characters in length (encrypted) for a hash key or up to 110 characters for a hash2 key. If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).

This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash

specifies that the key is entered in an encrypted form. If the hash keyword is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash keyword specified.

hash2

specifies that the key is entered in a more complex encrypted form. If the hash2 keyword is not used, the less-encrypted hash form is assumed.

backup
Syntax

[no] backup ip-address

[no] backup ipv6-address

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command configures virtual router IP addresses for backup.

Default

n/a

Parameters
ip-address

specifies the destination IPv4 address for backup

Values

a.b.c.d

ipv6-address

specifies the destination IPv6 address for backup

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

bfd-enable
Syntax

[no] bfd-enable service-id interface interface-name dst-ip ip-address

[no] bfd-enable interface interface-name dst-ip ip-address

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command assigns a BFD session that provides a heartbeat mechanism for a VRRP instance. Only one BFD session can be assigned to a VRRP instance, but multiple VRRP instances can use the same BFD session.

BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set with the bfd-enable command under the IP interface specified in this command.

The no form of this command removes BFD from the configuration.

Default

n/a

Parameters
service-id

specifies the service ID of the interface running BFD

Values

1 to 2147483690 or service-name

interface-name

specifies the name of the interface running BFD

ip-address

specifies the destination address to be used for the BFD session

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

init-delay
Syntax

init-delay seconds

no init-delay

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters
seconds

specifies the number of seconds for the initialization delay timer for VRRP

Values

1 to 65535

mac
Syntax

mac mac-address

no mac

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command assigns a specific MAC address to an IES IP interface.

The no form of the command returns the MAC address of the IP interface to the default value.

Default

the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)

Parameters
mac-address

specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit
Syntax

[no] master-int-inherit

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command allows the master instance to dictate the master down timer (non-owner context only).

The master down interval is the time that the master router can be down before the backup router takes over. The master down interval is used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state. See the "Master Down Interval" in the "VRRP" chapter of the 7705 SAR Router Configuration Guide for details.

Default

no master-int-inherit

message-interval
Syntax

message-interval {[seconds] [milliseconds milliseconds]}

no message-interval

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an advertisement interval field different from the virtual router instance configured message-interval value is silently discarded.

Configuring the message interval value can be done in three ways: using only the milliseconds value, using only the seconds value, or using a combination of the two values. The following table shows the ranges for each way of configuring the message interval.

Table 4. Message interval configuration ranges

Configuration

IPv4

IPv6

Using milliseconds value only

100 to 900 ms

10 to 990 ms

Using seconds value only

1 to 255 s

1 to 40 s

Using combination milliseconds and seconds values

1 s 100 ms to 255 s 900 ms

(1.1 s to 255.9 s)

1 s 10 ms to 40s 990 ms

(1.01 s to 40.99 s)

Default setting

1 s

1 s

The message-interval command is available for both non-owner and owner virtual routers. If the message-interval command is not executed, the default message interval is 1 s.

The no form of this command restores the default message-interval value of 1 s to the virtual router instance.

Default

1 s

Parameters
seconds

the time interval, in seconds, between sending advertisement messages.

Values

IPv4: 1 to 255

IPv6: 1 to 40

milliseconds

the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on non-redundant chassis.

Values

IPv4: 100 to 900

IPv6: 10 to 990

ntp-reply
Syntax

[no] ntp-reply

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command enables the reception of and response to Network Time Protocol (NTP) requests directed at the VRRP virtual IP address. This behaviour only applies to the router currently acting as the master VRRP.

The no form of this command disables NTP requests from being processed.

Default

no ntp-reply

ping-reply
Syntax

[no] ping-reply

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parent IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of the ping reply configuration.

The ping-reply command is only available for non-owner virtual routers.

The no form of this command restores the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP addresses.

Default

no ping-reply

policy
Syntax

policy vrrp-policy-id

no policy

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only). VRRP policies are defined under the config>vrrp>policy context. For details, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.

Default

n/a

Parameters
vrrp-policy-id

specifies a VRRP priority control policy. The VRRP policy ID must already exist in the system for the policy command to be successful.

Values

1 to 9999

preempt
Syntax

[no] preempt

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command provides the ability to override an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode enhances the operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.

The preempt command is only available for non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner always preempts all other virtual routers when it is available.

Non-owner backup virtual router instances only preempt when preempt is set and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.

A master non-owner virtual router only allows itself to be preempted when the incoming VRRP advertisement message priority field value is one of the following:

  • greater than its in-use priority value

  • equal to the in-use priority value, and the source IP address (primary IP address) is greater than its primary IP address

The no form of this command prevents a non-owner virtual router instance from preempting another, less-desirable, virtual router.

Default

preempt

priority
Syntax

priority priority

no priority

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority derives the in-use priority of the virtual router instance.

The priority command is only available for non-owner VRRP virtual routers. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.

The no form of this command restores the default value of 100.

Parameters
priority

specifies the priority used by the virtual router instance. If a VRRP priority control policy is not defined, the base priority is in-use priority for the virtual router instance.

Values

1 to 254

Default

100

ssh-reply
Syntax

[no] ssh-reply

Context

config>service>ies>if>vrrp

Description

This command enables the non-owner master to reply to SSH requests directed at the IP addresses of the virtual router instances. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parent IP interface or based on the SSH source host address). Proper login and CLI command authentication are enforced.

When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to SSH requests regardless of the SSH reply configuration.

The ssh-reply command is only available for non-owner VRRP virtual routers.

The no form of this command restores the default operation of discarding all SSH packets destined for the non-owner virtual router instance IP addresses.

Default

no ssh-reply

standby-forwarding
Syntax

[no] standby-forwarding

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command allows the forwarding of packets by a standby router when sent to the virtual router MAC address.

The no form of the command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.

Default

no standby-forwarding

telnet-reply
Syntax

[no] telnet-reply

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP addresses of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parent IP interface or based on the Telnet source host address). Proper login and CLI command authentication are enforced.

If the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the Telnet reply configuration.

The telnet-reply command is only available for non-owner VRRP virtual routers.

The no form of this command restores the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP addresses.

Default

no telnet-reply

traceroute-reply
Syntax

[no] traceroute-reply

Context

config>service>ies>if>vrrp

config>service>ies>if>ipv6>vrrp

Description

This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses. The command is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute reply status.

Default

no traceroute-reply

IES service SAP commands
sap
Syntax

[no] sap sap-id [create]

Context

config>service>ies>interface

Description

This command creates a SAP within an IES service. Each SAP must be unique.

All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or an IP interface, a SAP does not exist on that object.

To edit SAP parameters, enter an existing SAP without the create keyword.

A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. A SAP can only be defined on a port that has been configured as an access port in the config>port port-id context using the mode access command. See the 7705 SAR Interface Configuration Guide, ‟Access Ports”.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service are discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The following SAP types are supported:

  • PPP IPCP encapsulation of an IPv4 packet for IES (RFC 1332)

  • MLPPP bundle

  • LAG

  • Ethernet SAPs supporting null, dot1q, and qinq

To configure an IES interface SAP that is used for a public IPSec tunnel interface, see sap in Service interface tunnel commands.

If the IES interface has been configured as a loopback interface with the loopback command, a SAP cannot be defined on the interface.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted.

Default

no sap

Parameters
sap-id

specifies the physical port identifier portion of the SAP definition. See SAP ID configurations for a full list of SAP IDs.

create

keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

accounting-policy
Syntax

accounting-policy acct-policy-id

no accounting-policy [acct-policy-id]

Context

config>service>ies>if>sap

Description

This command creates the accounting policy context that can be applied to a SAP. An accounting policy must be defined before it can be associated with a SAP. If the policy ID does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default

no accounting-policy

Parameters
acct-policy-id

the accounting policy ID as configured in the config>log>accounting-policy context

Values

1 to 99

collect-stats
Syntax

[no] collect-stats

Context

config>service>ies>if>sap

Description

This command enables accounting and statistical data collection for the SAP. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued, the statistics are still accumulated by the CSM. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

collect-stats

egress
Syntax

egress

Context

config>service>ies>if>sap

Description

This command enables the context to configure egress SAP QoS policies and IP filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress IP filter policy is defined, no filtering is performed.

ingress
Syntax

ingress

Context

config>service>ies>if>sap

Description

This command enables the context to configure ingress SAP QoS policies and IP filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress IP filter policy is defined, no filtering is performed.

agg-rate-limit
Syntax

agg-rate-limit agg-rate [cir cir-rate]

no agg-rate-limit

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Description

This command sets the aggregate rate limits (PIR and CIR) for the SAP. The agg-rate sets the PIR value. The cir-rate sets the CIR value. When aggregate rate limits are configured on a second-generation (Gen-2) Ethernet adapter card, the scheduler mode must be set to 16-priority. On a third-generation (Gen-3) Ethernet adapter card, the scheduler mode is always 4-priority. For information on adapter card generations, see the ‟Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR Interface Configuration Guide.

Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.

If the specified SAP is a LAG SAP, agg-rate and cir-rate is configured regardless of the scheduler mode setting on Gen-2 or Gen-3 hardware. If the active port is on a Gen-3 card or platform, agg-rate and cir-rate are applicable. If the active port is on a Gen-2 card or platform, agg-rate and cir-rate apply when the scheduler mode is set to 16-priority. For details on the behavior of a mix-and-match LAG SAP, see the ‟LAG Support on Third-Generation Ethernet Adapter Cards, Ports, and Platforms” and ‟Network LAG Traffic Management” sections in the 7705 SAR Interface Configuration Guide.

The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.

Default

no agg-rate-limit

Parameters
agg-rate

sets the PIR for the aggregate of all the queues on the SAP. The max keyword applies the maximum physical port rate possible.

Values

1 to 10000000 kb/s, or max

Default

max

cir-rate

sets the CIR for the aggregate of all the queues on the SAP

Values

0 to 10000000 kb/s, or max

Default

0 kb/s

filter
Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter [ip ip-filter-id | ipv6 ipv6-filter-id]

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Description

This command associates an IPv4 or IPv6 filter policy with an egress or ingress IES SAP.

Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.

The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is displayed.

The no form of the command removes any configured filter ID association with the SAP. The filter policy cannot be deleted until it is removed from all SAPs where it is applied.

Default

no filter

Parameters
ip-filter-id

specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

ipv6-filter-id

specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

Note: For information about configuring IP filter IDs, see the 7705 SAR Router Configuration Guide, ‟Filter Policies”.
match-qinq-dot1p
Syntax

match-qinq-dot1p {top | bottom}

no match-qinq-dot1p

Context

config>service>ies>if>sap>ingress

Description

This command specifies which dot1q tag position (top or bottom) in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification.

The no form of the command restores the default dot1p evaluation behavior for the SAP, which means that the inner (bottom) tag (second tag) dot1p bits are used for classification.

By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.

The following table shows which set of dot1p bits are used for QoS purposes when match-qinq-dot1p is configured. To use the table, find the row that represents the settings for Port/SAP type and Match-qin1-dot1q setting. Use the Existing packet tags column to identify which dot1q tags are available in the packet. Then use the P-bits used for match column to identify which dot1q tag contains the dot1p bits that are used for QoS dot1p classification.

Table 5. Match-qinq-dot1p matching behavior

Port/SAP type

Match-qinq-dot1p setting 1

Existing packet tags

P-bits used for match

Null

n/a

None

None

Null

n/a

Dot1p (VLAN ID 0)

None 2

Null

n/a

Dot1q

None 2

Null

n/a

TopQ BottomQ

None 2

Dot1q

n/a

None

None

Dot1q

n/a

Dot1p (default SAP VLAN ID 0)

Dot1p P-bits

Dot1q

n/a

Dot1q

Dot1q P-bits

QinQ/ X.Y

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.Y

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ X.0

Top

TopQ

TopQ P-bits

QinQ/ X.0

Default or Bottom

TopQ

TopQ P-bits

QinQ/ X.0

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.0

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ X.*

Top

TopQ

TopQ P-bits

QinQ/ X.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ X.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ 0.*

Top

None

None

QinQ/ 0.*

Default or Bottom

None

None

QinQ/ 0.*

Top

TopQ

TopQ P-bits

QinQ/ 0.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ 0.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ 0.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ *.*

Top

None

None

QinQ/ *.*

Default or Bottom

None

None

QinQ/ *.*

Top

TopQ

TopQ P-bits

QinQ/ *.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ *.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ *.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

Notes:

  1. ‟Default” in this column refers to the no form of match-qinq-dot1p command.

  2. For null encapsulation, the 7705 SAR does not process dot1p bits.

Default

no match-qinq-dot1p

Parameters
top

the top parameter and bottom parameter are mutually exclusive. When the top parameter is specified, the outer tag's dot1p bits (topmost P-bits) are used (if existing) to match any dot1p dot1p-value entries.

bottom

the bottom parameter and top parameter are mutually exclusive. When the bottom parameter is specified, the bottommost P-bits (second tag’s P-bits) are used (if existing) to match any dot1p dot1p-value entries.

qinq-mark-top-only
Syntax

[no] qinq-mark-top-only

Context

config>service>ies>if>sap>egress

Description

When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. When disabled, both sets of P-bits are marked. When enabled, only the P-bits in the top Q-tag are marked. The no form of the command is the default state (disabled).

The following table shows the dot1p re-marking behavior for different egress port type/SAP type combinations and qinq-mark-top-only state, where ‟False” represents the default (disabled) state.

If a new tag is pushed, the dot1p bits of the new tag are zero (unless the new tag is re-marked by the egress policy. The dot1p bits are configured using the dot1p parameter under the config>qos context.

Table 6. Dot1p re-marking behavior for the qinq-mark-top-only command

Egress port type/SAP type

Qinq-mark-top-only state

Egress P-bits marked or re-marked

Null 1

n/a

None

Dot1q/ X 1

n/a

Outer tag

Dot1q/ * 2

n/a

None

Dot1q/ 0 2

n/a

Outer tag

QinQ/ X.Y 1

False

Two outer tags 3

True

Outer tag 3

QinQ/ X.* 1

True or False

Outer tag

QinQ/ X.0 1

True or False

Outer tag

QinQ/ 0.* 1

True or False

None

QinQ/ *.* 2

True or False

None

Notes:

  1. This port type/SAP type is supported by the following services: Epipe, Ipipe, VPLS, IES, and VPRN.

  2. This port type/SAP type is supported by the following services: Epipe and VPLS.

  3. Normally, when a new tag is pushed, the dot1p bits of the new tag is zero, unless the P-bits are remarked by the egress policy. However, an exception to this occurs when the egress SAP type is X.Y and only one new outer tag must be pushed. In this case, the new outer tag has its dot1p bits set to the inner tag's dot1p bits.

Default

no qinq-mark-top-only

qos
Syntax

qos policy-id

no qos

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Description

This command associates a QoS policy with an ingress or egress IES SAP.

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined before associating the policy with a SAP. If the policy-id does not exist, an error is returned.

The qos command associates both ingress and egress QoS policies. The qos command allows only ingress policies to be associated on the SAP ingress and only egress policies to be associated on the SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy is associated with an IES SAP at one time. Attempts to associate a second QoS policy of a specified type returns an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress; therefore, the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Parameters
policy-id

associates the ingress or egress policy ID with the SAP. The policy ID or name must already exist.

Values

1 to 65535, or policy-name (up to 64 characters)

scheduler-mode
Syntax

scheduler-mode {4-priority | 16-priority}

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Description

This command sets the scheduler mode for the SAP and is part of the hierarchical QoS (H-QoS) feature on the 7705 SAR.

If the mode is 4-priority, then the SAP is considered an unshaped 4-priority SAP and the agg-rate-limit cannot be changed from its default values.

If the mode is 16-priority and the agg-rate limit parameters are configured to be non-default values, then the SAP is considered a shaped SAP. If the agg-rate limit parameters are left in their default settings, the SAP is considered an unshaped, 16-priority SAP.

This command is blocked on third-generation (Gen-3) Ethernet adapter cards and platforms, such as the 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X, which only support 4-priority scheduling mode.

If the specified SAP is a LAG SAP, scheduler-mode can be configured but is not applied to Gen-3 adapter cards and platforms.

Default

4-priority

Parameters
4-priority

sets the scheduler mode for the SAP to be 4-priority mode

16-priority

sets the scheduler mode for the SAP to be 16-priority mode

shaper-group
Syntax

[no] shaper-group shaper-group-name [create]

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Description

This command applies a shaper group to a SAP. The shaper group must already be created and must be within the shaper policy assigned to the Ethernet MDA (for ingress) or port (for egress). A shaper group is a dual-rate aggregate shaper used to shape aggregate access ingress or egress SAPs at a shaper group rate. Multiple aggregate shaper groups ensure fair sharing of available bandwidth among different aggregate shapers.

The default shaper group cannot be deleted.

The no form of this command removes the configured shaper-group.

Default

shaper-group ‟default”

Parameters
shaper-group-name

the name of the shaper group. To access the default shaper group, enter ‟default”.

create

keyword used to create a shaper group

IES service spoke SDP commands
spoke-sdp
Syntax

spoke-sdp sdp-id:vc-id [create]

no spoke-sdp sdp-id:vc-id

Context

config>service>ies>interface

Description

This command binds a service to an existing service destination point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge ‟port”, where flooded traffic received on the spoke SDP is replicated on all other ‟ports” (other spoke SDPs or SAPs) and not transmitted on the port it was received on.

The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate it with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to the service. Once the binding is removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.

Default

no sdp-id is bound to a service

Special cases
IES

only one sdp-id can be bound to an IES

Parameters
sdp-id

the SDP identifier

Values

1 to 17407

vc-id

the virtual circuit identifier

Values

1 to 4294967295

egress
Syntax

egress

Context

config>service>ies>if>spoke-sdp

Description

This command enables the context to configure egress SDP parameters.

vc-label
Syntax

vc-label egress-vc-label

no vc-label [egress-vc-label]

Context

config>service>ies>if>spoke-sdp>egress

Description

This command configures the static MPLS VC label used by the 7705 SAR to send packets to the far-end device in this service via this SDP.

Parameters
egress-vc-label

a VC egress value that indicates a specific connection

Values

16 to 1048575

ingress
Syntax

ingress

Context

config>service>ies>if>spoke-sdp

Description

This command enables the context to configure ingress SDP parameters.

filter
Syntax

filter ip ip-filter-id

no filter

Context

config>service>ies>if>spoke-sdp>ingress

Description

This command associates an IP filter policy with an ingress spoke SDP. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.

The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned.

In general, filters applied to ingress spoke SDPs apply to all packets on the spoke SDP. One exception is that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the spoke SDP.

Parameters
ip-filter-id

specifies the IP filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

vc-label
Syntax

vc-label ingress-vc-label

no vc-label [ingress-vc-label]

Context

config>service>ies>if>spoke-sdp>ingress

Description

This command configures the static MPLS VC label used by the far-end device to send packets to the 7705 SAR in this service via this SDP.

Parameters
ingress-vc-label

a VC ingress value that indicates a specific connection

Values

2048 to 18431

Routed VPLS commands
vpls
Syntax

vpls service-name

no vpls

Context

config>service>ies>if

Description

This command within the IP interface context binds the IP interface to the specified VPLS service name.

The system does not attempt to resolve the service name until the IP interface is placed into the administratively up state (no shutdown). After the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the service name. If the IP interface is already in the administratively up state, the system immediately attempts to resolve the specified service name.

Parameters
service-name

specifies the service name that the system attempts to resolve to an allow-ip-int-binding enabled VPLS service associated with the service name. The specified service name is an ASCII string of up to 32 characters.

ingress
Syntax

ingress

Context

config>service>ies>if>vpls

Description

This command within the VPLS binding context defines the routed IPv4 optional filter override.

v4-routed-override-filter
Syntax

v4-routed-override-filter ip-filter-id

no v4-routed-override-filter

Context

config>service>ies>if>vpls>ingress

Description

This command specifies an IPv4 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv4 routed packets use the existing ingress IPv4 filter on the VPLS virtual ports.

The no form of the command removes the IPv4 routed override filter from the ingress IP interface.

Default

n/a

Parameters
ip-filter-id

specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

v6-routed-override-filter
Syntax

v6-routed-override-filter ipv6-filter-id

no v6-routed-override-filter

Context

config>service>ies>if>vpls>ingress

Description

This command specifies an IPv6 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if it is not defined or it is removed, the IPv6 routed packets use the existing ingress IPv6 filter on the VPLS virtual ports.

The no form of the command removes the IPv6 routed override filter from the ingress IP interface.

Default

n/a

Parameters
ipv6-filter-id

specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.

Values

1 to 65535 or filter-name (up to 64 characters)

IES service security zone configuration commands
zone
Syntax

zone {zone-id | zone-name} [create]

no zone {zone-id | zone-name}

Context

config>service>ies

Description

This command creates or specifies a security zone within an IES context. Each zone must have a unique ID.

All zones must be explicitly created with the create keyword.

Enter an existing zone without the create keyword to edit zone parameters.

The no form of this command deletes the zone. When a zone is deleted, all configuration parameters for the zone are also deleted.

Parameters
zone-id

the zone ID number. The zone ID must be unique within the system.

Values

1 to 65534

abort
Syntax

abort

Context

config>service>ies>zone

Description

This command discards changes made to a security feature.

Default

n/a

begin
Syntax

begin

Context

config>service>ies>zone

Description

This command enters the mode to create or edit security features.

Default

n/a

commit
Syntax

commit

Context

config>service>ies>zone

Description

This command saves changes made to security features.

Default

n/a

inbound
Syntax

inbound

Context

config>service>ies>zone

Description

This command enables the context to configure limit parameters on inbound firewall sessions.

Default

n/a

outbound
Syntax

outbound

Context

config>service>ies>zone

Description

This command enables the context to configure limit parameters for outbound firewall sessions on the CSM.

Default

n/a

limit
Syntax

limit

Context

config>service>ies>zone>inbound

config>service>ies>zone>outbound

Description

This command enables the context to configure limits on concurrent sessions for inbound or outbound firewall sessions on the CSM.

Default

n/a

concurrent-sessions
Syntax

concurrent-sessions {tcp | udp | icmp | other} sessions

no concurrent-sessions {tcp | udp | icmp | other}

Context

config>service>ies>zone>inbound>limit

config>service>ies>zone>outbound>limit

Description

This command configures the maximum number of concurrent firewall sessions that can be established per zone, in either the inbound or outbound direction.

Default

n/a

Parameters
tcp

specifies that TCP connection traffic is to be firewalled

udp

specifies that UDP connection traffic is to be firewalled

icmp

specifies that ICMP connection traffic is to be firewalled

other

specifies that the traffic to be firewalled is other than TCP, UDP, or ICMP

sessions

the maximum number of concurrent firewall sessions that can be created in a zone for the configured direction and protocol

Values

1 to 16383

interface
Syntax

[no] interface ip-int-name

Context

config>service>ies>zone

Description

This command creates a logical IP routing interface for a zone. When created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.

The no form of this command removes the IP interface and all the associated configurations.

Parameters
ip-int-name

the name of the interface to be configured within the zone

Values

1 to 32 characters (must start with a letter)

log
Syntax

log {log-id | name}

no log

Context

config>service>ies>zone

Description

This command applies a security log to the specified zone. The security log must already be configured in the config>security>logging context.

The no form of this command removes logging for the zone.

Parameters
log-id

the identifier for the log

Values

1 to 32 characters

name

the name of the log

Values

1 to 32 characters

name
Syntax

name zone-name

no name

Context

config>service>ies>zone

Description

This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.

Parameters
zone-name

 the name of the zone

Values

1 to 32 characters (must start with a letter). If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

nat
Syntax

nat

Context

config>service>ies>zone

Description

This command enters the context to configure NAT parameters for a zone.

pool
Syntax

pool pool-id [create]

no pool pool-id

Context

config>service>ies>zone>nat

Description

This command configures the NAT pool for the security zone within an IES service. Each pool must have a unique ID.

All pools must be explicitly created with the create keyword.

Enter an existing pool without the create keyword to edit pool parameters.

The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool are deleted.

Parameters
pool-id

the pool ID number

Values

1 to 100

direction
Syntax

direction {zone-outbound | zone-inbound | both}

no direction

Context

config>service>ies>zone>nat>pool

Description

This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.

Parameters
zone-outbound

configures a pool for the policy outbound traffic

zone-inbound

configures a pool for the policy inbound traffic

both

configures a pool for policy inbound and outbound traffic

entry
Syntax

entry entry-id [create]

no entry entry-id

Context

config>service>ies>zone>nat>pool

Description

This command configures a NAT pool entry within an IES service.

The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry are deleted.

Parameters
entry-id

the entry ID number

Values

1 to 65535

ip-address
Syntax

ip-address ip-address [to ip-address] interface ip-int-name

no ip-address

Context

config>service>ies>zone>nat>pool>entry

Description

This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.

The IP address for the interface must be entered in dotted-decimal notation. The maximum IP address range limit is 255.

The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Parameters
ip-address

the source IP address to be used by NAT. The ip-address portion of the ip-address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

1.0.0.0 to 223.255.255.255

ip-int-name

the name of the interface to be used by NAT

port
Syntax

port port [to port]

no port

Context

config>service>ies>zone>nat>pool>entry

Description

This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.

The no form of this command deletes the port or port range.

Parameters
port

the UDP/TCP port or range of ports to which NPAT is applied

name
Syntax

name pool-name

no name

Context

config>service>ies>zone>nat>pool

Description

This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.

Parameters
pool-name

 the name of the pool. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

Values

1 to 32 characters (must start with a letter).

policy
Syntax

policy {policy-id | policy-name}

no policy

Context

config>service>ies>zone

Description

This command sets the policy to be used by the security zone to build its matching criteria for incoming packets.

The no form of this command deletes the specified policy.

Parameters
policy-id

the number of the referenced policy

Values

1 to 65535

policy-name

the name of the referenced policy

IES raw socket IP transport configuration commands
ip-transport
Syntax

ip-transport ipt-id [create]

no ip-transport ipt-id

Context

config>service>ies

Description

This command creates an IP transport subservice within an IES service. An IP transport subservice is used to transmit serial raw socket data to and from a local host and remote host.

All IP transport subservices must be explicitly created using the create keyword. An IP transport subservice is owned by the service within which it is created. An IP transport subservice can only be associated with a single service. The create keyword is not needed when editing parameters for an existing IP transport subservice. An IP transport subservice must be first shut down before changes can be made to the configured parameters.

The no form of this command deletes the IP transport subservice with the specified ipt-id. When an IP transport subservice is deleted, all configured parameters for the IP transport subservice are also deleted.

Default

no ip-transport

Parameters
ipt-id

the IP transport subservice physical port identifier. The ipt-id must reference an RS-232 serial port that has been configured as a socket and has its encapsulation type set to raw. See the 7705 SAR Interface Configuration Guide, ‟Serial commands”, for more information.

Values

value in the format slot/mda/port.channel

create

creates this IP transport subservice

dscp
Syntax

dscp dscp-name

Context

config>service>ies>ip-transport

Description

This command configures the DSCP name used to mark the DSCP field in IP transport packets originating from this node.

Raw socket traffic redirection to a specific queue is enabled by the fc command.

Default

ef

Parameters
dscp-name

the DSCP name used to mark the DSCP field in IP transport packets

Table 7. Valid DSCP names

dscp-name

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

fc
Syntax

fc [fc-name] profile {in | out}

Context

config>service>ies>ip-transport

Description

This command configures the forwarding class and profile marking for IP transport packets originating from this node.

Default

ef for fc, in for profile

Parameters
fc-name

the forwarding class name to use for the IP transport packets

Values

be, l2, af, l1, h2, ef, h1, nc

profile {in| out}

the profile marking for the IP transport packets, either in or out

filter-unknown-host
Syntax

[no] filter-unknown-host

Context

config>service>ies>ip-transport

Description

This command filters connections from unknown hosts. An unknown host is any host that is not configured as a remote host.

The no form of this command disables the filter.

Default

no filter-unknown-host

local-host
Syntax

local-host ip-addr ip-addr port-num port-num protocol {tcp | udp}

no local-host

Context

config>service>ies>ip-transport

Description

This command creates the local host within the IP transport subservice.

The local host is required to accept TCP/UDP sessions initiated from far-end remote hosts, and for the node to initiate sessions toward the far-end remote hosts.

The local host must be created before a remote host is created.

The no form of this command deletes the local host.

Default

no local-host

Parameters
ip-addr

the IP address that is used for this local host. The IP address must be the same as a loopback or local interface IP address that is already configured within this service.

Values

a.b.c.d (IPv4 address)

port-num

the port number that is used by remote hosts to establish TCP/UDP sessions to this local host

Values

1026 to 49150

protocol {tcp | udp}

the protocol type that is used for all sessions to and from this local host, either tcp or udp

remote-host
Syntax

remote-host host-id ip-addr ip-addr] port-num port-num [create]

no remote-host host-id

Context

config>service>ies>ip-transport

Description

This command creates a remote host within the IP transport subservice. Multiple remote hosts may be created in order to send serial raw socket IP transport data to multiple destinations. The create keyword must be used for each remote host that is created.

The no form of this command deletes the remote host.

Default

no remote-host

Parameters
host-id

the remote host identifier

Values

1 to 2147483647or a name string up to 64 characters

ip-addr

the IP address that is used to reach the remote host in order to route IP transport packets to that remote host

Values

a.b.c.d (IPv4 address)

port-num

the destination port number that is used to reach the serial port socket on the remote host

Values

1 to 65535

create

creates this remote host

name
Syntax

name host-name

no name

Context

config>service>ies>ip-transport>remote-host

Description

This command configures a unique name for this remote host.

The no form of this command deletes the remote host name.

Default

n/a

Parameters
host-name

a unique name for this remote host, up to 64 characters long

tcp
Syntax

tcp

Context

config>service>ies>ip-transport

Description

This command enables the context to configure TCP parameters within this IP transport subservice.

Default

n/a

inactivity-timeout
Syntax

inactivity-timeout seconds

Context

config>service>ies>ip-transport>tcp

Description

This command specifies how long to wait before disconnecting a TCP connection because of traffic inactivity over the connection.

Default

30 s

Parameters
seconds

how long to wait, in seconds, before disconnecting a TCP connection

Values

1 to 65535

max-retries
Syntax

max-retries number

Context

config>service>ies>ip-transport>tcp

Description

This command specifies the number of times that a remote host, acting as a client, tries to establish a TCP connection after the initial attempt fails.

Default

5

Parameters
number

the number of attempts to establish a TCP connection after the initial attempt fails

Values

0 to 10

retry-interval
Syntax

retry-interval seconds

Context

config>service>ies>ip-transport>tcp

Description

This command specifies how long to wait before each TCP max-retries attempt.

Default

5 s

Parameters
seconds

how long to wait, in seconds, before each TCP max-retries attempt

Values

1 to 300

Show commands

Note:

The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.

customer
Syntax

customer [customer-id]

Context

show>service

Description

This command displays service customer information.

Parameters
customer-id

specifies the customer ID number to be displayed

Values

1 to 2147483647

Output

The following output is an example of service customer information, and Service customer field descriptions describes the fields.

Output example
A:ALU-2# show service customer 1
===============================================================================
Customer  1
===============================================================================
Customer-ID        : 1
Contact            : Tech Support
Description        : Default customer
Phone              : (613) 555-1122
===============================================================================
Table 8. Service customer field descriptions

Label

Description

Customer-ID

ID that uniquely identifies the customer

Contact

Name or title of the primary contact person

Description

Generic information about the customer

Phone

Phone number by which to reach the contact person

egress-label
Syntax

egress-label start-label [end-label]

Context

show>service

Description

This command displays service information using the range of egress labels.

If only the mandatory start-label parameter is specified, only services using the specified label are displayed.

If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.

Use the show router ldp bindings command to display dynamic labels.

Parameters
end-label

the ending egress label value for which to display services using the label range

Values

2049 to 131071

Default

the start-label value

start-label

the starting egress label value for which to display services using the label range. If only start-label is specified, only services using start-label are displayed.

Values

0, or 2048 to 131071

Output

The following output is an example of service egress label information, and Service egress field descriptions describes the fields.

Output example

In the example below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.

*A:ALU-12>show>service# egress-label 0 131071
===============================================================================
Martini Service Labels
===============================================================================
Svc Id     Sdp Binding        Type  I.Lbl                 E.Lbl
-------------------------------------------------------------------------------
3          15:15              Spok  0                     0
5          5:5                Spok  0                     0
6          5:6                Spok  0                     0
5000       15:5000            Mesh  0                     0
5000       15:5001            Spok  0                     0
5001       5001:100           Spok  0                     0
-------------------------------------------------------------------------------
Number of Bindings Found : 6
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-12#
Table 9. Service egress field descriptions

Label

Description

Svc Id

The ID that identifies a service

Sdp Binding

The ID that identifies an SDP

Type

Indicates whether the SDP binding is a spoke or a mesh

I. Lbl

The VC label used by the far-end device to send packets to 7705 SAR in this service by the SDP

E. Lbl

The VC label used by 7705 SAR to send packets to the far-end device in this service by the SDP

Number of Bindings Found

The total number of SDP bindings that exist within the specified label range

id
Syntax

id service-id

Context

show>service

Description

This command displays information for a particular service ID

Parameters
service-id

identifies the service in the domain by service number or name

all
Syntax

all

Context

show>service>id

Description

This command displays detailed information for all aspects of the service.

Output

The following output is an example of service ID all information, and Service ID all field descriptions describes the fields.

Output example (IES management service)
A:ALU-2# show service id 751 all 
===============================================================================
Service Detailed Information
===============================================================================
Service Id        : 751                                                        
Service Type      : IES                                                        
Name              : IES751                                                   
Description       : ATM_Backhaul_SAM_Mgmt
Customer Id       : 10                                                         
Last Status Change: 09/09/2008 16:26:25                                        
Last Mgmt Change  : 09/09/2008 16:25:04                                        
Admin State       : Up                  Oper State        : Up                 
SAP Count         : 2                                                          
-------------------------------------------------------------------------------
Service Access Points
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
SAP bundle-ima-1/3.1:0/75
-------------------------------------------------------------------------------
Service Id         : 751                                                       
SAP                : bundle-ima-1/3.1:0/75    Encap             : atm          
Admin State        : Up                       Oper State        : Up           
Flags              : None
Multi Svc Site     : None                                                      
Last Status Change : 09/09/2008 16:26:25                                       
Last Mgmt Change   : 09/09/2008 16:25:04                                       
Sub Type           : regular                                                   
 
Admin MTU          : 1572                     Oper MTU          : 1572         
Ingr IP Fltr-Id    : 1                        Egr IP Fltr-Id    : n/a          
Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a          
tod-suite          : None                     qinq-pbit-marking : both         
Egr Agg Rate Limit : max                                                       
 
Acct. Pol          : None                     Collect Stats     : Disabled     
 
Anti Spoofing      : None                     Nbr Static Hosts  : 0            
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
Ingress qos-policy : 1                        Egress qos-policy : 1            
Shared Q plcy      : n/a                      Multipoint shared : Disabled     
-------------------------------------------------------------------------------
Sap Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A   
                 
                        Packets                 Octets
Forwarding Engine Stats (Ingress)
Dropped               : 0                       n/a                            
Off. HiPrio           : 802789                  n/a                            
Off. LowPrio          : n/a                     n/a    
                        
Queueing Stats(Ingress QoS Policy 1)
Dro. HiPrio           : 0                       n/a                            
Dro. LowPrio          : n/a                     n/a                            
For. InProf           : 802789                  69039854                       
For. OutProf          : 0                       0  
                            
Queueing Stats(Egress QoS Policy 1)
Dro. InProf           : 0                       n/a                            
Dro. OutProf          : n/a                     n/a                            
For. InProf           : 802829                  41753273                       
For. OutProf          : n/a                     n/a                            
-------------------------------------------------------------------------------
Sap per Queue stats
-------------------------------------------------------------------------------
                        Packets                 Octets
 
Ingress Queue 1 (Unicast) (Priority)
Off. HiPrio           : 802789                  n/a                            
Off. LoPrio           : n/a                     n/a                            
Dro. HiPrio           : 0                       n/a                            
Dro. LoPrio           : n/a                     n/a                            
For. InProf           : 802789                  69039854                       
For. OutProf          : 0                       0                              

Ingress Queue 3 (Profile) 
Off. ColorIn          : 0                       0                         
Off. ColorOut         : 0                       0                         
Off. Uncolor          : 0                       0                         
Dro. ColorOut         : 0                       0                         
Dro. ColorIn/Uncolor  : 0                       0                         
For. InProf           : 0                       0                         
For. OutProf          : 0                       0  

Egress Queue 1
For. InProf           : 802829                  41753273                       
For. OutProf          : n/a                     n/a                            
Dro. InProf           : 0                       n/a                            
Dro. OutProf          : n/a                     n/a                            

-------------------------------------------------------------------------------
ATM SAP Configuration Information
-------------------------------------------------------------------------------
Ingress TD Profile : 32                       Egress TD Profile : 32           
Alarm Cell Handling: Enabled                  AAL-5 Encap       : mux-ip       
OAM Termination    : Enabled                  Periodic Loopback : Disabled     
   
-------------------------------------------------------------------------------
Service Interfaces
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
Interface
-------------------------------------------------------------------------------
If Name           : IP_10.75.11.0/24
Admin State       : Up                  Oper State        : Up                 
Protocols         : None                                                       
IP Addr/mask      : 10.75.11.2/24       Address Type      : Primary            
IGP Inhibit       : Disabled            Broadcast Address : Host-ones          
-------------------------------------------------------------------------------
Details
-------------------------------------------------------------------------------
If Index          : 3                   Virt. If Index    : 3                  
Last Oper Chg     : 09/09/2008 16:26:25 Global If Index   : 32                 
SAP Id            : bundle-ima-1/3.1:0/75
TOS Marking       : Untrusted           If Type           : IES                
SNTP B.Cast       : False               IES ID            : 751                
MAC Address       : 00:00:00:00:00:10   Arp Timeout       : 14400              
IP MTU            : 1524                ICMP Mask Reply   : True               
Arp Populate      : Disabled            Host Conn Verify  : Disabled           
LdpSyncTimer      : None                                                       
Proxy ARP Details
Rem Proxy ARP     : Disabled            Local Proxy ARP   : Disabled           
Policies          : none     
                                                  
ICMP Details
Unreachables : Number - 100                     Time (seconds)   - 10   
TTL Expired  : Number - 100                     Time (seconds)   - 10   

IPCP Address Extension Details
Peer IP Addr      : Not configured                                             
Peer Pri DNS Addr : Not configured                                             
Peer Sec DNS Addr : Not configured 
Table 10. Service ID all field descriptions

Label

Description

Service Detailed Information

Service Id

Service ID number

Service Type

Type of service (IES)

Name

The service name

Description

Generic information about the service

Customer Id

Customer ID number

Last Status Change

Date and time of the most recent status change to this service

Last Mgmt Change

Date and time of the most recent management-initiated change to this service

Admin State

Desired state of the service

Oper State

Operating state of the service

MTU

Service MTU

SAP Count

Number of SAPs specified for this service

Service Access Points

Service Id

Service Identifier

SAP

ID of the access port where this SAP is defined

Encap

Encapsulation type for this SAP on the access port

Admin State

Desired state of the SAP

Oper State

Operating state of the SAP

Flags

Conditions that affect the operating status of this SAP. Display output includes ServiceAdminDown, PortOperDown, and so on.

Multi Svc Site

Indicates the multiservice site that the SAP is a member of

Last Status Change

Date and time of the most recent status change to this SAP

Last Mgmt Change

Date and time of the most recent management-initiated change to this SAP

Admin MTU

Desired largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented

Oper MTU

Actual largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented

Ingr IP Fltr-Id

Ingress IP filter policy ID assigned to the SAP

Egr IP Fltr-Id

Egress IP filter policy ID assigned to the SAP

Ingr Mac Fltr-Id

Ingress MAC filter policy ID assigned to the SAP (not applicable)

Egr Mac Fltr-Id

Egress MAC filter policy ID assigned to the SAP (not applicable)

Ingr IPv6 Fltr-Id

Specifies the ingress IPv6 filter policy ID assigned to the SAP

Egr IPv6 Fltr-Id

Specifies the egress IPv6 filter policy ID assigned to the SAP

tod-suite

n/a

qinq-pbit-marking

Indicates the qinq P-bit marking for the SAP: both or top

Ing Scheduler Mode

Indicates the ingress scheduler mode for the SAP

Egr Scheduler Mode

Indicates the egress scheduler mode for the SAP

Ing Agg Rate Limit

Indicates the PIR rate limit in the access ingress direction for the aggregate of the SAP queues

Egr Agg Rate Limit

Indicates the PIR rate limit in the access egress direction for the aggregate of the SAP queues

Ing Agg cir

Indicates the CIR rate limit in the access ingress direction for the aggregate of the SAP queues

Egr Agg cir

Indicates the CIR rate limit in the access egress direction for the aggregate of the SAP queues

Ing Shaper Group

Indicates the ingress shaper group for the SAP

Egr Shaper Group

Indicates the egress shaper group for the SAP

Acct. Pol

Accounting policy applied to the SAP

Collect Stats

Specifies whether accounting statistics are collected on the SAP

QOS

Ingress qos-policy

SAP ingress QoS policy ID

Egress qos-policy

SAP egress QoS policy ID

Sap Statistics

Last Cleared Time

Date and time that a clear command was issued on statistics

Forwarding Engine Stats (Ingress)

Dropped

Number of packets or octets dropped by the forwarding engine

Off. HiPrio

Number of high-priority packets or octets offered to the forwarding engine

Off. LowPrio

Number of low-priority packets offered to the forwarding engine

Queueing Stats (Ingress QoS Policy)

Dro. HiPrio

Number of high-priority packets or octets discarded, as determined by the SAP ingress QoS policy

Dro. LowPrio

Number of low-priority packets discarded, as determined by the SAP ingress QoS policy

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP ingress QoS policy

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP ingress QoS policy

Queueing Stats (Egress QoS Policy)

Dro. InProf

Number of in-profile packets or octets discarded, as determined by the SAP egress QoS policy

Dro. OutProf

Number of out-of-profile packets or octets discarded, as determined by the SAP egress QoS policy

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP egress QoS policy

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP egress QoS policy

Sap per Queue stats

Ingress Queue n (Priority)

Index of the ingress QoS queue of this SAP, where n is the index number

Off. Combined

Combined total number of high-priority and low-priority packets or octets offered to the forwarding engine

Off. HiPrio

Number of packets or octets of high-priority traffic for the SAP (offered)

Off. LoPrio

Number of packets or octets count of low-priority traffic for the SAP (offered)

Dro. HiPrio

Number of high-priority traffic packets or octets dropped

Dro. LoPrio

Number of low-priority traffic packets or octets dropped

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded

Ingress Queue n (Profile)

Index of the ingress QoS queue of this SAP, where n is the index number

Off. ColorIn

Number of packets or octets colored as in-profile for the SAP (offered)

Off. ColorOut

Number of packets or octets colored as out-of-profile for the SAP (offered)

Off. Uncolor

Number of packets or octets that are unprofiled for the SAP (offered)

Dro. ColorOut

Number of packets or octets colored as out-of-profile that were dropped for the SAP

Dro. ColorIn/Uncolor

Number of packets or octets that were colored as in-profile or unprofiled that were dropped for the SAP

For. InProf

Number of forwarded packets or octets colored as in-profile (FC profile set to ‟in” or ‟no profile” and rate less than or equal to CIR)

For. OutProf

Number of forwarded packets or octets that were colored as out-of-profile (FC profile set to ‟out” or ‟no profile” and rate above CIR)

Egress Queue n

Index of the egress QoS queue of the SAP, where n is the index number

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded

Dro. InProf

Number of in-profile packets or octets dropped for the SAP

Dro. OutProf

Number of out-of-profile packets or octets discarded

ATM SAP Configuration Information

Ingress TD Profile

Profile ID of the traffic descriptor applied to the ingress SAP

Egress TD Profile

Profile ID of the traffic descriptor applied to the egress SAP

Alarm Cell Handling

Indicates that OAM cells are being processed

AAL-5 Encap

AAL-5 encapsulation type – this is always mux-ip

OAM Termination

Indicates whether this SAP is an OAM termination point

Services Interfaces

If Name

Name used to refer to the IES interface

Admin State

Administrative state of the interface

Oper State

Operational state of the interface

IP Addr/mask

IP address and subnet mask length of the interface

Address Type

Specifies whether the IP address for the interface is the primary or secondary address on the interface (this is always primary)

Broadcast Address

Broadcast address of the interface

If Index

Interface index corresponding to the IES interface

Virt. If Index

Virtual interface index of the IES interface

Last Oper Chg

Date and time of the last operating state change on the interface

Global IF Index

Global interface index of the IES interface

SAP Id

SAP identifier

TOS Marking

Specifies whether the ToS marking state is trusted or untrusted for the IP interface

If Type

Type of interface: IES

IES ID

Service identifier

MAC Address

IEEE 802.3 MAC address

Arp Timeout

Timeout for an ARP entry learned on the interface

IP MTU

IP maximum transmit unit for the interface

ICMP Mask Reply

Specifies whether the IP interface replies to a received ICMP mask request

ARP Populate

Indicates if ARP is enabled or disabled

Proxy ARP Details

Rem Proxy ARP

Indicates whether remote proxy ARP is enabled or disabled

Local Proxy ARP

Indicates whether local proxy ARP is enabled or disabled

Policies

Specifies the policy statements applied to proxy ARP

ICMP Details

Unreachables

Maximum number of ICMP destination unreachable messages that the IP interface issues in a given period of time, in seconds

Disabled – indicates that the IP interface will not generate ICMP destination unreachable messages

TTL Expired

Maximum number of ICMP TTL expired messages that the IP interface issues in a given period of time, in seconds

Disabled – indicates that the IP interface will not generate ICMP TTL expired messages

arp
Syntax

arp [ip-address] | [mac ieee-address] | sap sap-id] | [interface ip-int-name]

Context

show>service>id

Description

This command displays the ARP table for the IES instance.

Parameters
ip-address

the IP address for which ARP entries will be displayed

Default

all IP addresses

ieee-address

the 48-bit MAC address for which ARP entries will be displayed. The MAC address can be expressed in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers.

Default

all MAC addresses

sap-id

the SAP ID for which ARP entries will be displayed. See SAP ID configurations for a full list of SAP IDs.

ip-int-name

the interface name for which ARP entries will be displayed

Output

The following output is an example of service ID ARP information, and Service ID ARP field descriptions describes the fields.

Output example
*A:ALU-2# show service id 4 arp
===============================================================================
ARP Table
===============================================================================
IP Address      MAC Address       Type    Expiry    Interface         SAP
-------------------------------------------------------------------------------
10.2.3.3                           Other   00h00m00s to Internet       n/a
===============================================================================
*A:ALU-2#
Table 11. Service ID ARP field descriptions

Label

Description

ARP Table

IP Address

Specified IP address

MAC Address

Specified MAC address

Type

Static – FDB entries created by management

Learned – dynamic entries created by the learning process

OAM – entries created by the OAM process

Other – local entries created for the IP interfaces

Expiry

Age of the ARP entry

Interface

Interface applied to the service

SAP

SAP ID

base
Syntax

base

Context

show>service>id

Description

This command displays basic information about the service specified by the ID.

Output

The following output is an example of service ID base information, and Service ID base field descriptions describes the fields.

Output example
*A:ALU-2# show service id 4 base
===============================================================================
Service Basic Information
===============================================================================
Service Id        : 4                 
Service Type      : IES
Name              : IES4
Description       : Default IES description for service ID 4
Customer Id       : 1
Last Status Change: 01/07/2010 21:58:44
Last Mgmt Change  : 01/07/2010 22:14:40
Admin State       : Up                Oper State        : Up
SAP Count         : 2
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier                               Type         AdmMTU  OprMTU  Adm  Opr
-------------------------------------------------------------------------------
sap:1/1/3                                null         1514    1514    Up   Up
===============================================================================
Table 12. Service ID base field descriptions

Label

Description

Service Basic Information

Service Id

Service ID number

Service Type

Type of service

Name

The service name

Description

Generic information about the service

Customer Id

Customer ID number

Last Status Change

Date and time of the most recent status change to this service

Last Mgmt Change

Date and time of the most recent management-initiated change to this service

Admin State

Desired state of the service

Oper State

Operating state of the service

SAP Count

Number of SAPs specified for this service

Service Access & Destination Points

Identifier

SAP ID

Type

Signaling protocol used to obtain the ingress and egress labels used in frames transmitted and received

AdmMTU

Desired largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented

OprMTU

Actual largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented

Adm

Administrative state of the SAP

Opr

Operating state of the SAP

dhcp
Syntax

dhcp

Context

show>service>id

Description

This command enables the context to display DHCP information for the IES service.

statistics
Syntax

statistics [interface {interface-name | ip-address}]

Context

show>service>id>dhcp

Description

This command displays DHCP statistics information.

Parameters
interface-name

the interface name for which DHCP statistics will be displayed

ip-address

the IP address of the interface for which to display information

Values

a.b.c.d (host bits must be 0)

Output

The following output is an example of service ID DHCP statistics information, and Service ID DHCP statistics field descriptions describes the fields.

Output example
*A:ALU-2# show service id 4 dhcp statistics
===================================================================
DHCP Global Statistics, service 4
===================================================================
Rx Packets                           : 0
Tx Packets                           : 0
Rx Malformed Packets                 : 0
Rx Untrusted Packets                 : 0
Client Packets Discarded             : 0
Client Packets Relayed               : 0
Server Packets Discarded             : 0
Server Packets Relayed               : 0
===================================================================
Table 13. Service ID DHCP statistics field descriptions

Label

Description

DHCP Global Statistics, service x

Rx Packets

Number of packets received

Tx Packets

Number of packets transmitted

Rx Malformed Packets

Number of malformed packets received

Rx Untrusted Packets

Number of untrusted packets received

Client Packets Discarded

Number of packets from the DHCP client that were discarded

Client Packets Relayed

Number of packets from the DHCP client that were forwarded

Server Packets Discarded

Number of packets from the DHCP server that were discarded

Server Packets Relayed

Number of packets from the DHCP server that were forwarded

summary
Syntax

summary [interface interface-name | saps]

Context

show>service>id>dhcp

Description

This command displays a summary of DHCP configuration.

Parameters
interface-name

the interface name for which DHCP summary information will be displayed

saps

displays SAPs per interface

Output

The following output is an example of service ID DHCP summary information, and Service ID DHCP summary field descriptions describes the fields.

Output example
*A:ALU-2 show service id 4 dhcp summary 
===============================================================================
DHCP Summary, service 4
===============================================================================
Interface Name                   Arp      Used/                 Info    Admin
  SapId/Sdp                      Populate Provided              Option  State
-------------------------------------------------------------------------------
to Internet                      No       0/0                   Keep    Down
-------------------------------------------------------------------------------
Interfaces: 1
===============================================================================
*A:ALU-2
Table 14. Service ID DHCP summary field descriptions

Label

Description

DHCP Summary, service x

Interface Name SapID/Sdp

Name of the interface

Arp Populate

Specifies whether ARP populate is enabled

Used/Provided:

Used – number of lease-states that are currently in use on the specified interface; that is, the number of clients on the interface that got an IP address by DHCP. This number is always less than or equal to the ‟Provided” field.

Provided – lease-populate value configured for the specified interface

Info Option

Specifies whether Option 82 processing is enabled on the interface

Admin State

Administrative state

interface
Syntax

interface [{[ip-address | ip-int-name] [interface-type] [detail] [family]} | summary]

Context

show>service>id

Description

This command displays information for the IP interfaces associated with the IES service.

Parameters
ip-address

only displays the interface information associated with the specified IP address

Values

ipv4-address: a.b.c.d (host bits must be 0)

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ip-int-name

the IP interface name for which to display information

interface-type

displays either group or subscriber interfaces

detail

displays detailed IP interface information

family

displays the specified router IP interface family

Values

ipv4 – displays only those peers that have the IPv4 family enabled

ipv6 – displays the peers that are IPv6-capable

summary

displays summary IP interface information

Output

The following output is an example of service ID interface information, and Service ID interface field descriptions describes the fields.

Output example
*A:ALU-2 show service id 4 interface
===============================================================================
Interface Table
===============================================================================
Interface-Name                   Adm         Opr(v4/v6)  Type    Port/SapId
   IP-Address                                                    PfxState
-------------------------------------------------------------------------------
to Internet                      Up          Down/Down   IES     n/a
   10.2.3.3/24                                                    n/a
-------------------------------------------------------------------------------
Interfaces : 1
===============================================================================
*A:ALU-2 
Table 15. Service ID interface field descriptions

Label

Description

Interface Table

Interface-Name

Name of the interface

IP-Address

IP address of the interface

Adm

Administrative state of the interface

Opr (v4/v6)

Operational state of the interface

Type

Service type

Port/SapId PfxState

Port or SAP associated with the interface

ip-transport
Syntax

ip-transport ipt-id [detail | statistics]

Context

show>service>id

Description

This command displays information for a specified IP transport subservice within this IES service. If no IP transport subservice is specified, summary information is displayed for all IP transport subservices associated with the IES service.

Parameters
ipt-id

the physical port associated with the IP transport subservice, in the format slot/mda/port.channel

detail

displays detailed information for the specified IP transport subservice

statistics

displays statistical information for the specified IP transport subservice

Output

The following output is an example of IP transport subservice summary information for a specified service, and Service IP transport summary field descriptions describes the fields.

Output example
*A:ALU-12# show service id 100 ip-transport
=============================================================================
IP Transport (Summary), Service 100
=============================================================================
IptId     LocalIP         LocalPort Proto RemHost DSCP FC FltrUnkn Adm  Opr
-----------------------------------------------------------------------------
1/2/4.1   192.168.1.1     3000      tcp   2       ef   ef disabled Up   Up
-----------------------------------------------------------------------------
Entries found: 1
=============================================================================
*A:ALU-12#
Table 16. Service IP transport summary field descriptions

Label

Description

IP Transport (Summary), Service x

IptId

The IP transport subservice physical port identifier

LocalIP

The IP address (IPv4) that is used for the local host

LocalPort

The port number that is used by remote hosts to establish TCP/UDP sessions to the local host

Proto

The protocol type that is used for all sessions to and from the local host (either TCP or UDP)

RemHost

The number of remote hosts associated with the IP transport subservice

DSCP

The DSCP name used to mark the DSCP field in IP transport packets

FC

The FC name used for IP transport packets

FltrUnkn

Indicates whether the filter-unknown-host command is enabled or disabled on the IP transport subservice

Adm

The administrative state of the IP transport subservice

Opr

The operational state of the IP transport subservice

Entries found:

The number of IP transport subservices associated with this service

The following output is an example of detailed information for a specified IP transport subservice within a specified service, and Service IP transport detailed field descriptions describes the fields.

Output example
*A:7705:Dut-C# show service id 100 ip-transport 1/2/4.1 detail
===============================================================================
IP Transport
===============================================================================
Service Id         : 100 (IES)
IP Transport Id    : 1/2/4.1
Description        : (Not Specified)
Admin State        : Up                        Oper State          : Up
Oper Flags         : (Not Specified)
Local IP Address   : 192.168.1.1               Local Port Number   : 3000
Local IP Protocol  : tcp
DSCP               : ef                        Filter Unknown Host : enabled
FC                 : ef                        Profile             : in
TCP Inact Timeout  : 30
TCP Max Retries    : 5
TCP Retry Interval : 5
Num Remote Hosts   : 0
Last Mgmt Change   : 12/07/2016 16:48:22
Last Oper Change   : 12/07/2016 16:48:22
-------------------------------------------------------------------------------
IP Transport Accumulated Statistics
-------------------------------------------------------------------------------
Known Remote Hosts
  Packets sent                           : 44
  Characters sent                        : 66000
  Packets received                       : 67
  Characters received                    : 51114
  Connections                            : 2
    To                                   : 2
    From                                 : 0
  Connection retries                     : 20
  Connection failures                    : 2
  Currently connected                    : 0
Unknown Remote Hosts
  Packets sent                           : 119
  Characters sent                        : 178500
  Packets received                       : 153
  Characters received                    : 116039
  Successful connections from            : 2
  Rejected due to unknown host filter    : 37
  Rejected due to out of resources       : 0
  Inactivity timeouts                    : 0
  Last RemIp:RemPort                     : 192.168.1.7:4001
  Currently connected                    : 0
Dropped packets due to no remote hosts   : 27
===============================================================================
*A:7705:Dut-C#
Table 17. Service IP transport detailed field descriptions

Label

Description

IP Transport

Service Id

The ID that identifies the service (the service type is shown in brackets)

IP Transport Id

The physical port identifier for this IP transport subservice

Description

The description associated with this IP transport subservice

Admin State

The administrative state of this IP transport subservice

Oper State

The operational state of this IP transport subservice

Oper Flags

The operational flags associated with this IP transport subservice

Local IP Address

The IP address (IPv4) that is used for the local host

Local Port Number

The port number that is used by remote hosts to establish TCP/UDP sessions to the local host

Local IP Protocol

The protocol type that is used for all sessions to/from the local host (either TCP or UDP)

DSCP

The DSCP name used to mark the DSCP field in IP transport packets

Filter Unknown Host

Indicates whether the filter-unknown-host command is enabled or disabled for this IP transport subservice

FC

The FC name used for IP transport packets

Profile

The profile marking for the IP transport packets (in or out)

TCP Inact Timeout

The configured inactivity timeout value for TCP connections

TCP Max Retries

The configured maximum retry value for TCP connections

TCP Retry Interval

The configured retry interval value for TCP connections

Num Remote Hosts

The number of remote hosts associated with this IP transport subservice

Last Mgmt Change

The date and time of the most recent management-initiated change to this IP transport subservice

Last Oper Change

The date and time of the most recent operational status change for this IP transport subservice

IP Transport Accumulated Statistics

Known Remote Hosts

Packets sent

The number of packets sent to the host

Characters sent

The number of data characters sent to the host

Packets received

The number of packets received from the host

Characters received

The number of data characters received from the host

Connections

To

From

The number of connections to and from the host

Connection retries

The number of connection retries to the host

Connection failures

The number of connection failures to the host

Currently connected

The number of hosts currently connected

Unknown Remote Hosts

Packets sent

The number of packets sent to the host

Characters sent

The number of data characters sent to the host

Packets received

The number of packets received from the host

Characters received

The number of data characters received from the host

Successful connections from

The number of successful connections from the host

Rejected due to unknown host filter

The number of rejected connection attempts from the host due to the filter-unknown-host command being enabled

Rejected due to out of resource

The number of connection attempts from the host that were rejected due to the unavailability of resources

Inactivity timeouts

The number of connections from the host that timed out due to inactivity

Last RemIp:RemPort

The IP address (IPv4) and port number used by the host for the last connection

Currently connected

The number of hosts that are currently connected

Dropped packets due to no remote hosts

The number of packets dropped due to no hosts being connected

remote-host
Syntax

remote-host host-id [detail | statistics]

Context

show>service>id>ip-transport

Description

This command displays information for a specified remote host within this IP transport subservice within this service. If no remote host is specified, summary information is displayed for all remote hosts within this IP transport subservice.

Parameters
host-id

the remote host identifier

Values

1 to 2147483647or a name string up to 64 characters long

detail

displays detailed information for a specified remote host

statistics

displays summary information for a specified remote host

Output

The following output is an example of IP transport subservice remote host summary information when no remote host is specified, and IP transport subservice remote host summary field descriptions describes the fields.

Output example
*A:7705:Dut-C# show service id 100 ip-transport 1/6/4.1 remote-host
=============================================================================
IPT Remote Host (Summary), Service 100 IPT 1/6/4.1
=============================================================================
RemId      RemIp:RemPort         Rcvd Chars Sent Chars Drop Chars State
                                 Rcvd Pkts  Sent Pkts  Drop Pkts  Up Time
-----------------------------------------------------------------------------
1          192.168.1.1:3000      2555       2044       0          connected
                                 5          4          0          00h01m21s 
(unknown)  192.168.1.7:4000      0          2044       5110       connected
                                 0          4          10         00h00m42s
-----------------------------------------------------------------------------
Number of known remote hosts: 1
Number of unknown remote hosts: 1
Total entries found: 2
=============================================================================
*A:7705:Dut-C#
Table 18. IP transport subservice remote host summary field descriptions

Label

Description

IP Remote Host (Summary), Service x IPT x/x/x.x

RemId

The remote host identifier

RemIp:RemPort

The IP address (IPv4) and port number used by the remote host

Rcvd Chars

The number of data characters received from the remote host

Sent Chars

The number of data characters sent to the remote host

Drop Chars

The number of data characters destined for the remote host that were dropped

State

The operational state of the packet transport session connection to the remote host

Rcvd Pkts

The number of packets received from the remote host

Sent Pkts

The number of packets sent to the remote host

Drop Pkts

The number of packets destined for the remote host that were dropped

Up Time

The amount of time that the remote host has been connected

Number of known remote hosts

The number of known remote hosts associated with the IP transport subservice

Number of unknown remote hosts

The number of unknown remote hosts associated with the IP transport subservice

Total entries found

The total number of hosts associated with the IP-Transport subservice

The following output is an example of IP transport subservice detailed information for a specified remote host, and IP transport subservice remote host detailed field descriptions describes the fields.

Output example
*A:7705:Dut-C# show service id 100 ip-transport 1/2/4.1 remote-host 1 detail
===============================================================================
IPT Remote Host
===============================================================================
Service Id         : 100 (IES)
IP Transport Id    : 1/2/4.1
Remote Host Id     : 1
Name               : (Not Specified)
Description        : (Not Specified)
IP Address         : 192.168.1.6               Port Number         : 4000
Last Mgmt Change   : 12/07/2016 16:48:44
Session State      : connected                 Up Time             : 00h01m44s
Last Connect       : successful
-------------------------------------------------------------------------------
IPT Remote Host Statistics
-------------------------------------------------------------------------------
Sent Pkts       : 134                   Sent Chars      : 201000
Dropped Pkts    : 0                     Dropped Chars   : 0
Rcvd Pkts       : 267                   Rcvd Chars      : 201000
Session information
  Connections                            : 2
    To                                   : 1
    From                                 : 1
  Connection retries                     : 0
  Connection failures                    : 0
  Closed by far end                      : 1
  Inactivity timeouts                    : 0
===============================================================================
*A:7705:Dut-C#
Table 19. IP transport subservice remote host detailed field descriptions

Label

Description

IP Remote Host

Service Id

The ID that identifies the service (the service type is shown in brackets)

IP Transport Id

The physical port identifier for the IP transport subservice

Remote host Id

The host identifier associated with this remote host

Name

The name associated with this remote host

Description

The description associated with this remote host

IP Address

The IP address associated with this remote host

Port Number

The port number associated with this remote host

Last Mgmt Change

The date and time of the most recent management-initiated change to this remote host

Session State

The operational state of the packet transport session to this host

Up Time

The amount of time that this remote host has been connected

Last Connect

Indicates whether the last connection attempt to this remote host was successful or unsuccessful

IP Remote Host Statistics

Sent Pkts

The number of packets sent to this remote host

Sent Chars

The number of data characters sent to this remote host

Dropped Pkts

The number of packets destined for this remote host that were dropped

Dropped Chars

The number of data characters destined for this remote host that were dropped

Rcvd Pkts

The number of packets received from this remote host

Rcvd Chars

The number of data characters received from this remote host

Session information

Connections

To

From

The number of connections to and from the host

Connection retries

The number of connection retries to the host

Connection failures

The number of connection failures to this host

Closed by far end

The number of connections closed by the far end

Inactivity timeouts

The number of connections that were timed out due to inactivity

macsec
Syntax

macsec

Context

show>service>id

Description

This command displays MACsec security information for the specified service.

Output

The following output is an example of MACsec information, and Service-ID MACsec field descriptions describes the fields.

Output example
*A:ALU-12# show service id 1 macsec
============================================================================== 
MACsec (Summary), Service 1                                                    
============================================================================== 
SAP          MACsec     MACsec     Encap     CA tags   CA-name
             port       sub-port   match     in-clear  
-------------------------------------------------------------------------------
1/1/3        1/1/3      1          all       0         ca1
=============================================================================== 
*A:ALU-12# 
Table 20. Service-ID MACsec field descriptions

Label

Description

SAP

The service SAP

MACsec port

The port enabled for MACsec

MACsec sub-port

The subport enabled for MACsec

Encap match

The traffic encapsulation type to match: all traffic, untagged-only traffic, single-tag or dot1q traffic, double-tag or QinQ traffic

CA tags in-clear

The number of tags in clear text for this CA

CA-name

The name of the MACsec connectivity association for this SAP

sap
Syntax

sap [sap-id] [detail]

Context

show>service>id

Description

This command displays information for the SAP associated with the IES service.

Parameters
sap-id

the SAP ID for which SAP information is displayed. See SAP ID configurations for a full list of SAP IDs.

detail

displays detailed SAP information

Output

The following output is an example of IES service SAP information. See Service-ID SAP field descriptions in VLL services command reference for field descriptions.

Output example
*A:7705custDoc:Sar18>show>service# id 6000 sap 1/12/6 detail
===============================================================================
Service Access Points(SAP)
===============================================================================
Service Id         : 6000
SAP                : 1/12/6                   Encap             : null
Description        : (Not Specified)
Admin State        : Up                       Oper State        : Down
Flags              : ServiceAdminDown
                     PortOperDown
Multi Svc Site     : None
Last Status Change : 10/01/2012 19:47:49
Last Mgmt Change   : 10/02/2012 17:21:04
Sub Type           : regular
Dot1Q Ethertype    : 0x8100                   QinQ Ethertype    : 0x8100
Split Horizon Group: (Not Specified)
Admin MTU          : 1514                     Oper MTU          : 1514
Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a
Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a
Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a
tod-suite          : None                     qinq-pbit-marking : n/a
Ing Scheduler Mode : 16-priority              Egr Scheduler Mode: 16-priority
Ing Agg Rate Limit : 1000                     Egr Agg Rate Limit: 2000
Ing Agg cir        : 100                      Egr Agg cir       : 200
Ing Shaper Group   : n/a                      Egr Shaper Group  : n/a
Q Frame-Based Acct : Disabled
Acct. Pol          : None                     Collect Stats     : Disabled
Anti Spoofing      : None                     Avl Static Hosts  : 0
                                              Tot Static Hosts  : 0
Calling-Station-Id : n/a
Application Profile: None
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
Ingress qos-policy : 1                        Egress qos-policy : 1
Shared Q plcy      : n/a                      Multipoint shared : Disabled
-------------------------------------------------------------------------------
Sap Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A

                        Packets                 Octets
Forwarding Engine Stats (Ingress)
Dropped               : 0                       0
Off. HiPrio           : 0                       0
Off. LowPrio          : 0                       0

Queueing Stats(Ingress QoS Policy 1)
Dro. HiPrio           : 0                       0
Dro. LowPrio          : 0                       0
For. InProf           : 0                       0
For. OutProf          : 0                       0

Queueing Stats(Egress QoS Policy 1)
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
For. InProf           : 0                       0
For. OutProf          : 0                       0
-------------------------------------------------------------------------------
Sap per Queue stats
-------------------------------------------------------------------------------
                        Packets                 Octets
Ingress Queue 1 (Priority)
Off. HiPrio           : 0                       0
Off. LoPrio           : 0                       0
Dro. HiPrio           : 0                       0
Dro. LoPrio           : 0                       0
For. InProf           : 0                       0
For. OutProf          : 0                       0

Egress Queue 1
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
===============================================================================
*A:7705custDoc:Sar18>show>service# 
ingress-label
Syntax

ingress-label start-label [end-label]

Context

show>service

Description

This command displays service information using the range of ingress labels.

If only the mandatory start-label parameter is specified, only services using the specified label are displayed.

If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.

Use the show router ldp bindings command to display dynamic labels.

Parameters
end-label

the ending ingress label value for which to display services using the label range

Values

2049 to 131071

Default

the start-label value

start-label

the starting ingress label value for which to display services using the label range. If only start-label is specified, only services using start-label are displayed.

Values

0, or 2048 to 131071

Output

The following output is an example of service ingress label information, and Service ingress label field descriptions describes the fields.

Output example

In the example below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.

*A:ALU-12>show>service# ingress-label 0 131071
===============================================================================
Martini Service Labels
===============================================================================
Svc Id     Sdp Binding        Type  I.Lbl                 E.Lbl
-------------------------------------------------------------------------------
3          15:15              Spok  0                     0
5          5:5                Spok  0                     0
6          5:6                Spok  0                     0
5000       15:5000            Mesh  0                     0
5000       15:5001            Spok  0                     0
5001       5001:100           Spok  0                     0
-------------------------------------------------------------------------------
Number of Bindings Found : 6
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-12#
Table 21. Service ingress label field descriptions

Label

Description

Svc Id

The ID that identifies a service

Sdp Binding

The ID that identifies an SDP

Type

Indicates whether the SDP binding is a spoke or a mesh

I. Lbl

The VC label used by the far-end device to send packets to the 7705 SAR in this service by the SDP

E. Lbl

The VC label used by the 7705 SAR to send packets to the far-end device in this service by the SDP

Number of Bindings Found

The total number of SDP bindings that exist within the specified label range

ip-transport-using
Syntax

ip-transport-using [ip-transport ipt-id]

Context

show>service

Description

This command displays IP transport subservice information for a specified port. If no port is specified, the command displays a summary of all IP transport subservices defined for the IES service.

Parameters
ipt-id

the physical port associated with the IP transport subservice, in the format slot/mda/port.channel

Output

The following output is an example of ip-transport-using information, and IP transport-using field descriptions describes the fields.

Output example
*A:ALU-48# show service ip-transport-using
==============================================================================
IP Transports 
==============================================================================
IptId            SvcId     Type  Adm  Opr   
------------------------------------------------------------------------------
1/2/4.1          100       IES   Up   Up   
------------------------------------------------------------------------------
Entries found: 1
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
Table 22. IP transport-using field descriptions

Label

Description

IP Transports

IptId

The IP transport subservice physical port identifier

SvciD

The service identifier

Type

The type of service

Adm

The administrative state of the IP transport subservice

Opr

The operational state of the IP transport subservice

Entries found

The number of IP transport subservices using this service

sap-using
Syntax

sap-using [sap sap-id]

sap-using interface [ip-address | ip-int-name]

sap-using description

sap-using [ingress | egress] atm-td-profile td-profile-id

sap-using [ingress | egress] filter filter-id

sap-using [ingress | egress] qos-policy [qos-policy-id | qos-policy-name]

sap-using [ingress | egress] scheduler-mode {4-priority | 16-priority}

sap-using [ingress | egress] shaper-group shaper-group-name

Context

show>service

Description

This command displays SAP information.

If no optional parameters are specified, the command displays a summary of all defined SAPs.

The atm-td-profile command applies only to HSDPA offload (that is, IES management service).

Parameters
sap-id

the SAP ID for which SAP information will be displayed. See SAP ID configurations for a full list of SAP IDs.

ip-address

only displays the interface information associated with the specified IP address

Values

ipv4-address: a.b.c.d (host bits must be 0)

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ip-int-name

the IP interface name for which to display information

description

displays a SAP summary table with description information

ingress

specifies matching an ingress policy

egress

specifies matching an egress policy

td-profile-id

displays SAPs using this traffic description

filter-id

specifies the ingress filter policy for which to display matching SAP specifies. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

qos-policy-id

the ingress or egress QoS policy ID for which to display matching SAPs

Values

1 to 65535

qos-policy-name

the ingress or egress QoS policy name for which to display matching SAPs

Values

up to 64 characters

scheduler-mode

specifies the scheduler mode for which to display the SAPs

shaper-group

specifies the shaper group for which to display matching SAPs

Output

The following output is an example of service SAP-using information, and Service SAP-using field descriptions describes the fields.

Output example
*A:ALU-48# show service sap-using
==============================================================================
Service Access Points 
==============================================================================
PortId            SvcId     Ing.  Ing.    Egr.  Egr.   Adm  Opr   
                            QoS   Fltr    QoS   Fltr                
------------------------------------------------------------------------------
1/2/7:1           103       1     none    1     none   Up   Up   
1/2/7:2           104       1     none    1     none   Up   Up   
1/2/7:3           105       1     none    1     none   Up   Up   
1/1/1.1           303       1     none    1     none   Up   Up   
1/1/1.2           304       1     none    1     none   Up   Up   
1/1/1.3           305       1     none    1     none   Up   Up   
1/1/9.1:10/50     701       1     none    1     none   Up   Down 
1/1/9.1:20        702       1     none    1     none   Up   Down 
1/1/9.1:10/51     703       1     none    1     none   Up   Down 
1/1/9.1:30        704       1     none    1     none   Up   Down 
1/1/9.1:10/52     705       1     none    1     none   Up   Down 
1/1/9.1:40        706       1     none    1     none   Up   Down 
1/1/9.1:11/50     805       1     none    1     none   Up   Down 
1/1/9.1:21        806       1     none    1     none   Up   Down 
1/1/9.1:12/52     807       1     none    1     none   Up   Down 
1/1/9.1:41        808       1     none    1     none   Up   Down 
1/1/1.9           903       1     none    1     none   Up   Up   
1/1/1.10          904       1     none    1     none   Up   Up   
------------------------------------------------------------------------------
Number of SAPs : 18
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using sap 1/1/21:0
===============================================================================
Service Access Points Using Port 1/1/21:0
===============================================================================
PortId                 SvcId      Ing.  Ing.    Egr.  Egr.    Adm  Opr
                                  QoS   Fltr    QoS   Fltr    
-------------------------------------------------------------------------------
1/1/21:0               1          1     none    1     none    Up   Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using description
==============================================================================
Service Access Points 
==============================================================================
PortId                             SvcId        Adm  Opr  Description  
------------------------------------------------------------------------------
1/1/2                              1            Down Down (Not Specified)   
1/2/1.1                            4            Up   Down (Not Specified)
1/10/4                             5            Up   Down (Not Specified)
------------------------------------------------------------------------------
Number of SAPs : 3
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using egress atm-td-profile 1 
==============================================================================
Service Access Point Using ATM Traffic Profile 1
==============================================================================
PortId            SvcId     Ing.  Ing.    Egr.  Egr.   Adm  Opr   
                            QoS   Fltr    QoS   Fltr                
------------------------------------------------------------------------------
1/1/9.1:10/50     701       1     none    1     none   Up   Down 
1/1/9.1:20        702       1     none    1     none   Up   Down 
1/1/9.1:10/51     703       1     none    1     none   Up   Down 
1/1/9.1:30        704       1     none    1     none   Up   Down 
1/1/9.1:10/52     705       1     none    1     none   Up   Down 
1/1/9.1:40        706       1     none    1     none   Up   Down 
1/1/9.1:11/50     805       1     none    1     none   Up   Down 
1/1/9.1:21        806       1     none    1     none   Up   Down 
1/1/9.1:12/52     807       1     none    1     none   Up   Down 
1/1/9.1:41        808       1     none    1     none   Up   Down 
------------------------------------------------------------------------------
Saps : 10
=============================================================================== 
*A:ALU-12# 
*A:7705custDoc:Sar18>show>service# sap-using ingress scheduler-mode 4-priority
======================================================================
Service Access Points Using Ingress 4-priority Scheduler Mode
======================================================================
PortId                          SvcId      Scheduler Mode    Adm  Opr
----------------------------------------------------------------------
1/12/6                          6000       4-priority        Up   Down
----------------------------------------------------------------------
Number of SAPs : 1
----------------------------------------------------------------------
======================================================================
*A:7705custDoc:Sar18>show>service#
*A:7705custDoc:Sar18>show>service# sap-using ingress shaper-group test_sg1
===============================================================================
Service Access Points Using Ingress Shaper Group "test_sg1"
===============================================================================
PortId                      SvcId      Scheduler   Shaper Policy           Opr
                                       Mode
-------------------------------------------------------------------------------
1/2/1                       30         4-priority  test_shaper_policy      Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
*A:Sar18 Dut-B>config>service>epipe>sap>ingress#
Table 23. Service SAP-using field descriptions

Label

Description

Service Access Point Using...

PortID

ID of the access port where the SAP is defined

SvcID

Service identifier

Ing.QoS

SAP ingress QoS policy number specified on the ingress SAP

Ing. Fltr

IP filter policy applied to the ingress SAP

Egr.QoS

SAP egress QoS policy number specified on the egress SAP

Egr. Fltr

IP filter policy applied to the egress SAP

Scheduler Mode

The scheduler mode of the SAP: 4-priority or 16-priority

Shaper Policy

Identifies the shaper policy that the shaper group belongs to

Adm

Desired state of the SAP

Opr

Actual state of the SAP

Description

The description of the SAP

Number of SAPs/Saps

Number of SAPs using this service

service-using
Syntax

service-using [ies] [customer customer-id]

Context

show>service

Description

This command displays the services matching specific usage properties. If no optional parameters are specified, all services defined on the system are displayed.

Parameters
ies

displays matching IES services

customer-id

displays only those services associated with the specified customer ID

Values

1 to 2147483647

Output

The following output is an example of service-using information, and Service service-using field descriptions describes the fields.

Output example
*A:ALU-2# show service service-using ies
===============================================================================
Services [ies]
===============================================================================
ServiceId    Type      Adm    Opr        CustomerId        Last Mgmt Change
-------------------------------------------------------------------------------
4            IES       Down   Down       1                 01/07/2010 22:14:40
23           IES       Down   Down       1                 01/07/2010 21:58:44
-------------------------------------------------------------------------------
Matching Services : 2
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-2#
Table 24. Service service-using field descriptions

Label

Description

ServiceID

ID that defines the service

Type

Service type configured for the service ID

Adm

Administrative state of the service

Opr

Operational state of the service

CustomerId

ID of the customer owning the service

Last Mgmt Change

Date and time of the most recent management-initiated change to this service

Matching Services

Number of services of the same type

Clear commands

id
Syntax

id service-id

Context

clear>service

Description

This command clears commands for a specific service.

Parameters
service-id

uniquely identifies a service by service number or name

dhcp
Syntax

dhcp

Context

clear>service>id

Description

This command enables the context to clear DHCP parameters.

dhcp6
Syntax

dhcp6

Context

clear>service>id

Description

This command enables the context to clear DHCPv6 parameters.

statistics
Syntax

statistics [ip-int-name | ip-address]

Context

clear>service>id>dhcp

clear>service>id>dhcp6

Description

This command clears statistics for DHCP and DHCPv6 relay.

If no interface name or IP address is specified, statistics are cleared for all configured interfaces.

If an interface name or IP address is specified, statistics are cleared only for that interface.

Parameters
ip-int-name

32 characters maximum

ip-address

IPv4 or IPv6 address

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ip-transport
Syntax

ip-transport ipt-id

Context

clear>service>id

Description

This command clears configured information pertaining to a specified IP transport subservice.

If no port identifier is specified, information is cleared for all IP transport subservices.

Parameters
ipt-id

the IP transport subservice physical port identifier, in the format slot/mda/port.channel

remote-host
Syntax

remote-host host-id

Context

clear>service>id>ip-transport

Description

This command clears configured information pertaining to a specified remote host assigned to this IP transport subservice.

Parameters
host-id

the remote host identifier

Values

1 to 2147483647or a name string up to 64 characters long

statistics
Syntax

statistics

Context

clear>service>id>ip-transport

clear>service>id>ip-transport>remote-host

Description

This command clears statistics-related information pertaining to all configured IP transport subservices or to all configured remote hosts for a specified IP transport subservice.

Debug commands

id
Syntax

id service-id

Context

debug>service

Description

This command debugs commands for a specific service. The no form of the command disables debugging.

Parameters
service-id

the ID that uniquely identifies an IES service by service number or name