Internet Enhanced Service
This chapter provides information about Internet Enhanced Service (IES), used to provide IP routing services; that is, direct forwarding of IP traffic between CE devices, and also to facilitate the transport of in-band management datagrams of the 7705 SAR over ATM links.
Internet Enhanced Services can coexist with IES management SAP services on the same 7705 SAR node. IP over ATM is used exclusively for in-band management of the 7705 SAR. Up to two IPoATM SAPs can be bound to IES along with many other SAPs with other (non-ATM) supported SAP encapsulation types. Traffic from IPoATM SAPs is extracted to the CSM for further processing. Traffic received from other IES SAPs is forwarded as per the forwarding table (FIB).
Topics in this chapter include:
IES for In-band Management
Topics in this section include:
In the HSDPA offload application (see HSDPA Offload), the main uplink out of a typical cell site is over the ATM network using leased lines. Mission-critical traffic such as voice, signaling, and synchronization traffic is carried over the ATM network.
Internet Enhanced Service (IES) provides a reliable means of diverting the node management IP packets from the DSL IP network to the more reliable Layer 2 ATM network. To do this, IES provides an IP address and interworking function between the Layer 3 IP network and the Layer 2 ATM network. Without this capability, the in-band IP management traffic for the 7705 SAR could only be connected to an IP network.
IES can be used for in-band management of the 7705 SAR over the ATM network. IP over an ATM SAP bound to IES is for in-band management purposes only, and IP traffic from the ATM SAP is only extracted to the CSM; it is not forwarded.
IES management service is supported on the following cards for the 7705 SAR-8 Shelf V2 and 7705 SAR-18:
16-port T1/E1 ASAP Adapter card
32-port T1/E1 ASAP Adapter card
IES management service is also supported on the T1/E1 ports on the following:
7705 SAR-M
7705 SAR-A
7705 SAR-X
4-port T1/E1 and RS-232 Combination module
The service can be created on an ATM port or on an IMA group.
In the 7705 SAR, all traffic received over IES management SAPs is extracted directly to the control plane (CSM) in the same way as management traffic received over the CSM console port or Ethernet management port, or management traffic destined for the 7705 SAR over an Ethernet or MLPPP encapsulated network port. With IES management, the traffic transported is always IP packets. At the termination point of the ATM link, the IP packets are extracted to the CSM for further processing.
Setting Up Connections Between the NSP NFM-P and the 7705 SAR
IP over ATM is used for in-band management of the 7705 SAR. This requires the use of IP addresses so that the packets can be routed through the network using a routing table to indicate the next hop. Because Apipe interfaces (SAPs) do not have IP addresses, Apipes cannot be used to carry the management traffic.
With IES, the ATM SAP can be used for the forwarding of management IP packets. To set up a connection, IES is enabled on an interface on the 7705 SAR and the IP address for the interface is defined. A PVCC connection is then set up between the 7705 SAR and the remote router (SR) attached to the network manager (NSP NFM-P).
The IP datagrams are encapsulated into AAL5 for transport over the ATM network.
At the remote SR end, the SAP is bound to a VPRN instance to ensure that LDP signaling to the system IP address of the 7705 SAR flows through the IP/GRE link and not over the ATM link. Within the VPRN, an IP address is assigned at the termination SAP. The IP datagram is extracted from the ATM cell at this termination point and is routed to the NSP NFM-P.
Alternatively, manually configured connections can be used instead of signaled pseudowires.
For redundancy, it is recommended that two VCs be configured per ATM port or IMA group. This requires the configuration of two static routes. ECMP must be enabled to allow duplicate routes in the routing table, and BFD can be enabled to trigger a faster handoff to the other route in case of route failure.
Encapsulation
To run IP traffic over ATM links, the system uses routed VC-mux encapsulation as specified in RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. Because the only supported Layer 3 protocol over the management VC is IP, the VC mux encapsulation method is implemented to reduce complexity and overhead; likewise, routing mode is preferred over bridged mode.
The maximum MTU size supported is 2048 bytes.
Layer 2 and Layer 3 Traffic Management
ATM traffic descriptors can be applied at the ingress (policing) and egress (shaping and service category scheduling and prioritization) of the IES SAP in order to provide traffic management functions at Layer 2.
Management IP traffic that is destined for the CSM is classified at Layer 3 and is forwarded into the fabric from one of three of the adapter card control queues:
high priority
low priority
FTP priority
The high-priority and low-priority queues are limited to 1 Mb/s and the FTP queue is rate-limited to 3 Mb/s ingress to the fabric toward the control plane.
Troubleshooting and Fault Detection Services
The IES in-band management service supports ATM OAM F4 (VP level) and F5 (VC level) cell generation and termination. For more information about OAM, see the 7705 SAR OAM and Diagnostics Guide, ‟OAM and SAA”.
Bidirectional forwarding detection (BFD) can also be configured on the IES interface. BFD is a simple protocol for detecting failures in a network. BFD uses a ‟hello” mechanism that sends control messages periodically to the far end and receives periodic control messages from the far end. BFD is implemented for IGP and BGP protocols, including static routes, in asynchronous mode only, meaning that neither end responds to control messages; rather, the messages are sent in the time period configured at each end.
To support redundancy, ECMP must be enabled to allow duplicate routes in the routing table, and BFD must be enabled to trigger the handoff to the other route in case of failure.
Because of the lightweight nature of BFD, it can detect failures faster than other detection protocols, making it ideal for use in applications such as mobile transport.
If the configured number of consecutive missed BFD messages is reached, the route to the peer is declared not active.
IP ECMP Load Balancing
IP ECMP allows the configuration of load balancing across all IP interfaces at the system level or interface level on the network side. Layer 4 port attributes and the TEID attribute in the hashing algorithm can be configured with the l4-load-balancing and teid-load-balancing commands in the config>service>ies> interface context. Configuration of the l4-load-balancing command at the interface level overrides the system-level settings for the specific interface. The teid-load-balancing command can only be configured at the interface level.
The system IP address can be included in or excluded from the hashing algorithm with the system-level system-ip-load-balancing command.
For more information about IP ECMP, see the 7705 SAR Router Configuration Guide, ‟Static Routes, Dynamic Routes, and ECMP”.
IES for Customer Traffic
Topics in this section include:
IES provides IP connectivity between customer access points. From the customer’s perspective, IES provides a direct IP connection and can be used for Internet connectivity, as shown in IES for Customer Access to the Internet. The customer is assigned an IP interface and a SAP is associated with the IP interface to designate a customer access point to the service—one SAP per interface. SAPs can be MC-MLPPP, PPP/MLPPP, LAG, or null/dot1q/qinq Ethernet. SDPs are not required, because traffic is routed instead of being encapsulated in a tunnel.
IES is supported on the following:
the 16-port T1/E1 ASAP Adapter card
the 32-port T1/E1 ASAP Adapter card
the Packet Microwave Adapter card
any V.35 port on the 12-port Serial Data Interface card, version 3 with speed set to 64 kb/s, 2048 kb/s, or any value from 128 kb/s to 1920 kb/s (every 128 kb/s)
any T1/E1 port on the 7705 SAR-M
any T1/E1 port on the 7705 SAR-A
any T1/E1 port on the 4-port T1/E1 and RS-232 Combination module
any port on the 6-port Ethernet 10Gbps Adapter card
any port on the 8-port Gigabit Ethernet Adapter card
any port on the 10-port 1GigE/1-port 10GigE X-Adapter card (10-port 1GigE mode)
any port on the 4-port SAR-H Fast Ethernet module
any port on the 6-port SAR-M Ethernet module
any Ethernet port on the 7705 SAR-M
any Ethernet port on the 7705 SAR-A
any Ethernet port on the 7705 SAR-Ax
any Ethernet port on the 7705 SAR-Wx
any Ethernet port on the 7705 SAR-H
any Ethernet port on the 7705 SAR-Hc
any Ethernet port on the 7705 SAR-X
Ports must be in access mode.
The encapsulation type for Ethernet ports must be null, dot1q, or qinq.
IES IPv6 SAPs are supported on the following cards, modules, and ports:
the 6-port Ethernet 10Gbps Adapter card
the 8-port Gigabit Ethernet Adapter card
the 10-port 1GigE/1-port 10GigE X-Adapter card (10-port 1GigE mode)
the Packet Microwave Adapter card
the 4-port SAR-H Fast Ethernet module
the 6-port SAR-M Ethernet module
any Ethernet port on the 7705 SAR-M
any Ethernet port on the 7705 SAR-A
any Ethernet port of the 7705 SAR-Ax
any Ethernet port on the 7705 SAR-Wx
the 7705 SAR-H
any Ethernet port on the 7705 SAR-Hc
any Ethernet port of the 7705 SAR-X
For more information about IPv6 addressing, see the 7705 SAR Router Configuration Guide, ‟Internet Protocol Versions”.
More than one Internet Enhanced Service can be created for a single customer ID, and more than one IP interface can be created within a single IES. All IP interfaces created within an IES belong to the same customer.
The service provider applies billing, ingress/egress shaping and policing to the customer.
Internet Enhanced Services require that the fabric mode be set to aggregate mode instead of per-destination mode. IES is only supported with aggregate-mode fabric profiles. If the fabric mode is set to per-destination mode, creation of the Internet Enhanced Service is blocked through the CLI. The fabric mode must be changed to aggregate mode before IES can be configured. As well, if IES is configured, alteration of the fabric mode is blocked.
For information about configuring fabric mode, see the 7705 SAR Quality of Service Guide, ‟Configurable Ingress Shaping to Fabric (Access and Network)”.
DHCP Relay and DHCPv6 Relay
The 7705 SAR provides DHCP/BOOTP Relay agent services and DHCPv6 Relay agent services for DHCP clients. DHCP is used for IPv4 network addresses and DHCPv6 is used for IPv6 network addresses. Both DHCP and DHCPv6 are known as stateful protocols because they use dedicated servers to maintain parameter information.
Unless stated otherwise, DHCP is equivalent to ‟DHCP for IPv4”, or DHCPv4.
In the stateful autoconfiguration model, hosts obtain interface addresses and/or configuration information and parameters from a server. The server maintains a database that keeps track of which addresses have been assigned to which hosts.
The 7705 SAR supports DHCP Relay on access IP interfaces associated with IES and VPRN and on network interfaces. Each DHCP instance supports up to eight DHCP servers.
The 7705 SAR supports DHCPv6 Relay on access IP interfaces associated with IES and VPRN. Each DHCPv6 instance supports up to eight DHCPv6 servers.
The 7705 SAR acts as a Relay agent for DHCP and DHCPv6 requests and responses, and can also be configured to function as a DHCP or DHCPv6 server. DHCPv6 functionality is only supported on network interfaces and on access IP interfaces associated with VPRN.
When used as a CPE, the 7705 SAR can act as a DHCP client to learn the IP address of the network interface. Dynamic IP address allocation is supported on both network and system interfaces.
For more information about DHCP and DHCPv6, see the 7705 SAR Router Configuration Guide, ‟DHCP and DHCPv6”.
DHCP Relay
The 7705 SAR provides DHCP/BOOTP Relay agent services for DHCP clients. DHCP is a configuration protocol used to communicate network information and configuration parameters from a DHCP server to a DHCP-aware client. DHCP is based on the BOOTP protocol, with additional configuration options and the added capability of allocating dynamic network addresses. DHCP-capable devices are also capable of handling BOOTP messages.
A DHCP client is an IP-capable device (typically a computer or base station) that uses DHCP to obtain configuration parameters such as a network address. A DHCP server is an Internet host or router that returns configuration parameters to DHCP clients. A DHCP/BOOTP Relay agent is a host or router that passes DHCP messages between clients and servers.
Home computers in a residential high-speed Internet application typically use the DHCP protocol to have their IP address assigned by their Internet service provider.
The DHCP protocol requires the client to transmit a request packet with a destination broadcast address of 255.255.255.255 that is processed by the DHCP server. Because IP routers do not forward broadcast packets, this would suggest that the DHCP client and server must reside on the same network segment. However, for various reasons, it is sometimes impractical to have the server and client reside in the same IP network. When the 7705 SAR is acting as a DHCP Relay agent, it processes these DHCP broadcast packets and relays them to a preconfigured DHCP server. Therefore, DHCP clients and servers do not need to reside on the same network segment.
DHCP OFFER messages are not dropped if they contain a yiaddr that does not match the local configured subnets on the DHCP relay interface. This applies only to regular IES and VPRN interfaces with no lease-populate configured on the DHCP relay interface.
DHCP Options
DHCP options are codes that the 7705 SAR inserts in packets being forwarded from a DHCP client to a DHCP server. Some options have more information stored in suboptions.
The 7705 SAR supports the Relay Agent Information Option 82 as specified in RFC 3046. The following suboptions are supported:
circuit ID
remote ID
vendor-specific options
DHCPv6 Relay
DHCPv6 Relay operation is similar to DHCP in that servers send configuration parameters such as IPv6 network addresses to IPv6 nodes, but DHCPv6 Relay is not based on the DHCP or BOOTP protocol. DHCPv6 can be used instead of stateless autoconfiguration (see the 7705 SAR Router Configuration Guide, ‟Neighbor Discovery”) or in conjunction with it.
DHCPv6 is also oriented around IPv6 methods of addressing, especially the use of reserved, link-local scoped multicast addresses. DHCPv6 clients transmit messages to these reserved addresses, allowing messages to be sent without the client knowing the address of any DHCP server. This transmission allows efficient communication even before a client has been assigned an IP address. When a client has an address and knows the identity of a server, it can communicate with the server directly using unicast addressing.
The DHCPv6 protocol requires the client to transmit a request packet with a destination multicast address of ff02::1:2 (all DHCP servers and relay agents on the local network segment) that is processed by the DHCP server.
Similar to DHCP address allocation, if a client needs to obtain an IPv6 address and other configuration parameters, it sends a Solicit message to locate a DHCPv6 server, then requests an address assignment and other configuration information from the server. Any server that can meet the client’s requirements responds with an Advertise message. The client chooses one of the servers and sends a Request message, and the server sends back a Reply message with the confirmed IPv6 address and configuration information.
If the client already has an IPv6 address, either assigned manually or obtained in some other way, it only needs to obtain configuration information. In this case, exchanges are done using a two-message process. The client sends an Information Request message, requesting only configuration information. A DHCPv6 server that has configuration information for the client sends back a Reply message with the information.
The 7705 SAR supports the DHCPv6 Relay Agent option in the same way that it supports the DHCP Relay Agent option. This means that when the 7705 SAR is acting as a DHCPv6 Relay Agent, it relays messages between clients and servers that are not connected to the same link.
DHCPv6 Options
DHCPv6 options are codes that the 7705 SAR inserts in packets being forwarded from a DHCPv6 client to a DHCPv6 server. DHCPv6 supports interface ID and remote ID options as defined in RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPV6) and RFC 4649, DHCPv6 Relay Agent Remote-ID Option.
IPCP
Similar to DHCP over Ethernet interfaces, Internet Protocol Control Protocol (IPCP) extensions to push IP information over PPP/MLPPP IES SAPs are supported. Within this protocol, extensions can be configured to define the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface. The IPCP-based IP and DNS assignment process is similar to DHCP behavior; IPCP-based IP/DNS assignment uses PPP/MLPPP IP layer protocol handshake procedures. PPP/MLPPP connected devices hooked up to IES can benefit from this feature for the assignment of IP and DNS to the associated interface.
IPSec Support
The 7705 SAR supports IPSec and IPSec tunnels, where IES or VPRN is used as a public (untrusted) network-facing service and VPRN is used as a private (trusted) network-facing service. IES interfaces support the provisioning of tunnel SAPs as part of IPSec provisioning. The sap-id for a public-side IPSec tunnel SAP is tunnel-1.public:tag.
For more information, see the IPSec chapter in this guide.
Security Zones and IES
The 7705 SAR supports a number of mechanisms for node security, including Access Control Lists (ACLs), Network Address Translation (NAT), and stateful, zone-based firewalls. For information about ACLs, NAT, and firewalls, see the 7705 SAR Router Configuration Guide, ‟Configuring Security Parameters”.
To enable NAT or firewall functionality for IES, security policy and profile parameters must be configured under the config>security context in the CLI, and a security zone must be configured under the config>service>ies>zone context.
A zone is created by adding at least one Layer 2 endpoint or Layer 3 interface to the zone configuration. Security Zone Interfaces and Endpoints for IES lists the supported interfaces and endpoints that can be added to zones under IES NAT or firewall.
CLI Context |
Interface/Endpoint Type |
NAT |
Firewall |
---|---|---|---|
IES |
SAP |
✓ |
✓ |
Spoke-SDP termination |
✓ |
✓ |
|
IPSec public |
✓ |
||
Routed VPLS |
✓ |
✓ |
Proxy ARP
Proxy ARP is supported on IES interfaces.
Proxy ARP is a technique by which a router on one network responds to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.
For more information about proxy ARP, see the 7705 SAR Router Configuration Guide, ‟Proxy ARP”.
Configurable ARP Retry Timer
A timer is available to configure a shorter retry interval when an ARP request fails. An ARP request may fail for a number of reasons, such as network connectivity issues. By default, the 7705 SAR waits 5000 ms before retrying an ARP request. The configurable retry timer makes it possible to shorten the retry interval to between 100 and 30 000 ms.
The configurable ARP retry timer is supported on VPRN and IES service interfaces, as well on the router interface.
Unnumbered Interfaces
Unnumbered interfaces are supported on IES and VPRN services for IPv4. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.
This feature is supported via both dynamic and static ARP for unnumbered interfaces to allow interworking with unnumbered interfaces that may not support dynamic ARP.
The use of unnumbered interfaces has no effect on IPv6 routes; however, the unnumbered command must only be used in cases where IPv4 is active (IPv4 only and mixed IPv4/IPv6 environments). When using an unnumbered interface for IPv4, the loopback address used for the unnumbered interface must have an IPv4 address. The interface type for the unnumbered interface is automatically point-to-point.
Troubleshooting and Fault Detection Services
Bidirectional forwarding detection (BFD) can be configured on the IES interface. BFD is a simple protocol for detecting failures in a network. BFD uses a ‟hello” mechanism that sends control messages periodically to the far end and expects to receive periodic control messages from the far end. On the 7705 SAR, BFD is implemented for IGP and BGP protocols, including static routes, in asynchronous mode only, meaning that neither end responds to control messages; rather, the messages are sent periodically from each end.
To support redundancy with fast switchover, BFD must be enabled to trigger the handoff to the other route in case of failure.
Because of the lightweight nature of BFD, it can detect failures faster than other detection protocols, making it ideal for use in applications such as mobile transport.
If BFD packets are not received in the configured amount of time, the associated route is declared ‟not active”, causing a reroute to an alternative path, if any.
The 7705 SAR also supports Internet Control Message Protocol (ICMP and ICMPv6). ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing. For more information about ICMP and ICMPv6, see the 7705 SAR Router Configuration Guide, ‟ICMP and ICMPv6”.
VRRP on IES Interfaces
VRRP can be implemented on IES service interfaces to participate as part of a virtual router instance. This implementation prevents a single point of failure by ensuring access to the gateway address, which is configured on all IES service interfaces in the VRRP. VRRPv3 can also be implemented on IES service interfaces, including r-VPLS interfaces for IES.
The 7705 SAR supports VRRPv3 for IPv4 and IPv6 as described in RFC 5798. Within a VRRP router, the virtual routers in each of the IPv4 and IPv6 address families are in separate domains and do not overlap.
VRRPv3 for IPv6 is not supported on a Layer 3 spoke SDP termination.
VRRP is not supported on an IPSec public interface.
For information about VRRP and VRRP IES service interface parameters, as well as the configuration parameters of VRRP policies, see the ‟VRRP” section in the 7705 SAR Router Configuration Guide. CLI command descriptions for VRRP policies are also specified in the 7705 SAR Router Configuration Guide.
For CLI command descriptions related to IES service interfaces, see IES Command Reference.
SAPs
Topics in this section include:
Encapsulations
The following SAP encapsulations are supported on the 7705 SAR Internet Enhanced Service:
Ethernet null
Ethernet dot1q
Ethernet qinq
PPP/MLPPP/MC-MLPPP
Routing Protocols
IES supports static routes on customer IP interfaces (that is, SAPs). These routes are redistributed into the global routing table of the 7705 SAR.
OSPFv2, RIP, and PIM routing protocols are supported on IES SAPs (that is, access IP interfaces). IES SAPs on V.35 ports on the 12-port Serial Data Interface card, version 3, support only OSPFv2 and static routing protocols.
The SAP for the IES IP interface is created at the IES service level, but the routing protocol for the IES IP interface is configured at the routing protocol level for the main router instance in the global context.
See the chapters on ‟OSPF” and ‟RIP” in the 7705 SAR Routing Protocols Guide for information about configuring these routing protocols.
IPv4 in IES supports PIM-SM and PIM-SSM. IPv6 in IES supports PIM-SSM. See the ‟IP Multicast” chapter in the 7705 SAR Routing Protocols Guide for information about configuring these routing protocols.
QoS Policies
When applied to an Internet Enhanced Service SAP, service ingress QoS policies only create the unicast queues defined in the policy.
Service egress QoS policies function in the same way as Ethernet and IP pseudowire services, where class-based queues are created based on the QoS policy. Multiple queues are supported. See the 7705 SAR Quality of Service Guide, ‟Creating a Service Egress QoS Policy”.
Both Layer 2 and Layer 3 match criteria can be used in the QoS policies for traffic classification in an IES.
QinQ (IES)
IES supports QinQ functionality. For details, see QinQ Support.
IP Filter Policies on an IES SAP
IPv4 filter policies can be applied to ingress IES management SAPs.
IPv4 and IPv6 filter policies can be applied to both ingress and egress IES SAPs (null, dot1q, or qinq interfaces).
Configuration and assignment of IP filter policies is similar for all services. See the 7705 SAR Router Configuration Guide, ‟Filter Policies”, for information about configuring IP filters.
Spoke SDP Termination to IES
This feature enables a customer to exchange traffic between a VLL or VPLS (Layer 2) service and an IES or VPRN (Layer 3) service. Customer premises traffic coming in from a VLL or VPLS service (SAP to spoke SDP) is forwarded over the IP/MPLS network to the IES or VPRN service, and vice versa. Network QoS policies can be applied to the spoke SDP to control traffic forwarding to the Layer 3 service.
In a Layer 3 spoke SDP termination to an IES or VPRN service, where the destination IP address resides within the IES or VPRN network, CE device-generated ARP frames must be processed by the Layer 3 interface. When an ARP frame is received over the spoke SDP at the Layer 3 interface endpoint, the 7705 SAR responds to the ARP frame with its own MAC address. When an ARP request is received from the routed network and the ARP entry for the CE device that is connected to the spoke SDP is not known, the 7705 SAR initiates an ARP frame to resolve the MAC address of the next hop or CE device.
SDP ID and VC Label Service Identifiers (Conceptual View of the Service) shows traffic terminating on a specific IES or VPRN service that is identified by the SDP ID and VC label present in the service packet.
IES Spoke SDP Termination shows a spoke SDP terminating directly into an IES. In this case, a spoke SDP could be tied to an Epipe or a hierarchical VPLS service. There is no configuration required on the PE connected to the CE.
Ethernet spoke SDP termination for IES is supported over the following network uplinks:
Ethernet network ports (null or dot1q encapsulation)
PPP/MLPPP network ports. For information about PPP/MLPPP ports, see the 7705 SAR Interface Configuration Guide, ‟Access, Network, and Hybrid Ports”
POS ports
Spoke SDP termination for IES supports the following:
Ethernet PW to VRF
interface shutdown based on PW standby signaling
spoke SDP ingress IP filtering with filter logging
label withdrawal for spoke SDPs terminated on IES
statistics collection
VCCV ping (type 2)
A spoke SDP on an IES interface can be connected to the following entities:
Epipe spoke SDP
Epipe spoke SDP redundancy with standby-signal-master enabled
IES interface
VPRN interface
VPLS spoke SDP
VPLS spoke SDP redundancy with suppress-standby-signaling disabled
Pseudowire-Based Backhaul (Spoke SDP Termination at 7750 SR) shows an example of backhauling from a specific site that uses PW and IES on the 7705 SAR. An individual PW is configured on a per-CE device or a per-service basis. For routing services, this PW can be terminated to an IES at the 7750 SR end. This scenario offers per-service OAM and redundancy capabilities. Because there is no local communication on the remote 7705 SAR, traffic between any two devices connected to the 7705 SAR must traverse through the 7750 SR at the MTSO/CO.
Bandwidth Optimization for Low-speed Links
The 7705 SAR can be used in deployments where the uplink bandwidth capacity and requirements are considerably less than if the router is used for fixed or mobile backhaul applications. For example, the 7705 SAR can be used to direct traffic from multiple individual homes for applications such as smart meter aggregation or relay connectivity. Connecting to end systems such as smart meters or relays requires uplink bandwidth capacity in terms of hundreds of kilobits per second, rather than hundreds of megabits per second.
One way to optimize operation in lower-bandwidth applications is to minimize head-of-line (HoL) blocking caused by large packets. HoL blocking occurs when transmission of a large non-mission-critical packet delays a mission-critical packet beyond acceptable limits. The propagation delay of large packets over a slow link is fairly significant. For example, the propagation delay when transmitting a 1500-byte packet over a 100 kb/s link is 120 ms. If a mission-critical packet is queued immediately after the first bit of a non-mission-critical 1500-byte packet begins transmission, the mission-critical packet must wait 120 ms before the uplink is available again.
To minimize HoL blocking, the 7705 SAR supports a lower MTU of 128 bytes (from the original 512-byte minimum) so that large IP packets are fragmented into 128-byte chunks. In the preceding example, transmitting a 128-byte packet over a 100 kb/s link only delays the next packet by 10.24 ms.
This lower MTU is supported on IES and VPRN interfaces (access interfaces) and on network interfaces. The IP MTU is derived from the port MTU, unless specifically configured with the ip-mtu command. This command is supported on access interfaces only.
The following must be considered when using a lower IP MTU:
applicability – the lower IP MTU is only applicable for IP forwarded traffic and cannot be applied to pseudowire or VPLS traffic
reassembly – the far-end/destination node must reassemble the packet before it can process the data, which may impact the performance of the end system and/or may require different hardware to perform the reassembly
extra overhead – each fragment must have an IPv4 header so that all fragments of the packet can be forwarded to the destination. Care must be taken to ensure that the extra IP overhead for each fragment does not offset the gain achieved by using the lower MTU. As an example, for a 128-byte packet, the IPv4 header, which is 20 bytes in length, constitutes approximately 15% of the total packet size.
Lower IP MTU applies to IPv4 applications only. As per RFC 2640, IPv6 interfaces or dual-stack interfaces should not be configured to a value lower than 1280 bytes.
Lower IP MTU is supported only on Ethernet encapsulated ports.
Most routing and signaling protocols, such as OSPF, IS-IS, and RSVP-TE, cannot be supported with port MTUs lower than 512 bytes because of the protocol layer requirements and restrictions.
Special care must be taken with routing protocols that use TCP, such as BGP and LDP. The minimum TCP MSS value supported on the 7705 SAR is 384 bytes; therefore, these protocols should only be enabled on links that can transport 384-byte IP packets without fragmentation. If there is a mismatch in TCP MSS in the network, this mismatch can potentially cause severe network performance issues because of the overhead caused by fragmentation and retransmissions, it can cause multi-vendor interoperability issues, and it can potentially cause the protocols to continuously flap.
Not all OAM diagnostics are supported with lower port MTUs. Detailed information is provided in OAM Diagnostics Restrictions with Lower IP MTU.
OAM Diagnostics Restrictions with Lower IP MTU
OAM tests require a minimum network port MTU in order to run; this value depends on the test. If the port MTU is set to a value lower than the minimum requirement, the test fails.
If the port MTU is set to a value that meets the minimum requirement, the packet size parameter can be configured for the test (for example, oam sdp-ping 1 size 102).
If the size parameter is not specified, the system builds the packet based on the default payload size. If the size parameter is configured and is greater than the default payload size, padding bytes are added to equal the configured value.
The packet size is dependent on the port MTU value; that is, if the minimum port MTU value is used, there are restrictions on the packet size. If the configured size is greater than the maximum value supported with the minimum port MTU, the test fails.
Port MTU Requirements for OAM Diagnostics (GRE Tunnels) and Port MTU Requirements for OAM Diagnostics (LDP Tunnels) list the minimum port MTU required for each OAM test and the maximum size of the OAM packet that can be configured when the minimum port MTU is used, based on SDP tunnel type.
SDP Type: GRE |
||
---|---|---|
Test Type |
Minimum Network Port MTU Requirement over Ethernet Dot1q Encapsulation (Bytes) |
OAM Test Size Range (Bytes) |
sdp-ping |
128 |
72 to 82 |
svc-ping |
196 |
N/A1 |
vccv-ping |
143 |
1 to 93 |
vccv-trace |
143 |
1 to 93 |
vprn-ping |
182 |
1 to 136 |
vprn-trace |
302 |
1 to 256 |
mac-ping |
188 |
1 to 142 |
mac-trace |
240 |
1 to 194 |
cpe-ping |
186 |
N/A1 |
Note:
Size is not configurable
SDP Type: LDP |
||
---|---|---|
Test Type |
Minimum Network Port MTU Requirement over Ethernet Dot1q Encapsulation (Bytes) |
OAM Test Size Range (Bytes) |
lsp-ping |
128 |
1 to 106 |
lsp-trace |
128 |
1 to 104 |
sdp-ping |
128 |
72 to 102 |
svc-ping |
176 |
N/A1 |
vccv-ping |
128 |
1 to 98 |
vccv-trace |
128 |
1 to 98 |
vprn-ping |
182 |
1 to 156 |
vprn-trace |
302 |
1 to 276 |
mac-ping |
168 |
1 to 142 |
mac-trace |
220 |
1 to 194 |
cpe-ping |
166 |
N/A1 |
Note:
Size is not configurable
For information about OAM diagnostics, see the 7705 SAR OAM and Diagnostics Guide.
Hold Up and Hold Down Timers for IP Interfaces
The 7705 SAR allows timers to be configured on an IES or VPRN IPv4 or IPv6 interface or on the base router to keep the IP interface in an operationally up or down state for a specified time beyond when it should be declared operationally up or down. The timers are configured at the IES service level using the config>service>ies>interface>hold-time>up/down commands. An init-only option enables the down delay to be applied only when the IP interface is first configured or after a system reboot. See VPRN Services for information about how to configure the hold-time command on IES interfaces. See the 7705 SAR Router Configuration Guide for information about how to configure the hold-time command at the router level.
The configuration causes the system to delay sending notifications of any state change associated with the IP interface until the timer has expired.
Configuring IES with CLI
This section provides the information required to configure IP routing services; that is, direct forwarding of IP traffic between CE devices, and to configure IES for in-band management of the 7705 SAR over ATM links.
Topics in this section include:
Common Configuration Tasks
The following list provides a brief overview of the tasks that must be performed to configure IES.
Associate the IES service with a customer ID.
Create an IP interface on the 7705 SAR.
Specify the IP address of the interface.
Define interface parameters.
Define SAP parameters.
For IES spoke SDP applications only — define spoke SDP parameters.
For IES applications only — configure VRRP (optional).
For IES management service only—manually configure the remote address of the far-end router to which the NSP NFM-P is connected (far-end router must be enabled for IES service).*
For IES management service only—create a static route to the remote router and to the NSP NFM-P.*
Enable the service.
Configuring IES Components
This section provides configuration examples for components of the IES service. Each component includes some or all of the following: introductory information, CLI syntax, a specific CLI example, and an example of the CLI display output.
Topics in this section include:
Creating an IES Service
Use the following CLI syntax to create an IES service.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
description description-string
interface ip-int-name [create]
no shutdown
- Example:
A:ALU-41>config>service# ies 5 customer 1 create
A:ALU-41>config>service>ies# description ‟IES for in-band management”
A:ALU-41>config>service>ies# interface ‟ATMoIP Management” create
A:ALU-41>config>service>ies# no shutdown
A:ALU-41>config>service>ies#
The following example displays the IES service creation output.
A:ALU-41>config>service# info
-------------------------------------
...
ies 5 customer 1 create
description "IES for in-band management"
interface ‟ATMoIP Management”
no shutdown
exit
...
Configuring IES Interface Parameters
Configure interface parameters for:
IES Management Service
Use the following CLI syntax to configure interface parameters for the IES management service.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
interface ip-int-name
address if-ip-address
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
description description-string
ip-mtu octets
no shutdown
- Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# interface ‟ATMoIP Management”
A:ALU-41>config>service>ies>if# address 10.1.1.1/8
A:ALU-41>config>service>ies>if# ip-mtu 1524
A:ALU-41>config>service>ies>if# no shutdown
A:ALU-41>config>service>ies>if#
The following example displays the IES interface creation output for the IES management service.
A:ALU-41>config>service>ies>if# info detail
-------------------------------------------
...
no description
address 10.1.1.1/8
ip-mtu 1524
no bfd
exit
no shutdown
...
-------------------------------------
IES Service
Use the following CLI syntax to configure interface parameters for the IES service.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
interface ip-int-name
address if-ip-address
allow-directed-broadcasts
arp-timeout
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
description description-string
dhcp
description description-string
option
action {replace | drop | keep}
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
remote-id [mac | string string]
vendor-specific option
client-mac-address
sap-id
service-id
string text
system-id
server server1 [server2...(up to 8 max)]
no shutdown
trusted
icmp
mask-reply
ttl-expired [number seconds]
unreachables
ip-mtu octets
ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
peer-ip-address ip-address
l4-load-balancing hashing-algorithm
local proxy-arp
loopback
mac ieee-address
proxy-arp-policy policy-name [policy-name...(up to 5 max)]
remote-proxy-arp
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no shutdown
static-arp ip-address ieee-mac-address
static-arp ieee-mac-address unnumbered
teid-load-balancing
unnumbered {ip-int-name | ip-address}
no shutdown
- Example:
A:ALU-41>config>service# ies 4
A:ALU-41>config>service>ies$ interface ‟to Internet”
A:ALU-41>config>service>ies>if$ address 192.168.0.0/16
A:ALU-41>config>service>ies>if$ dhcp option
A:ALU-41>config>service>ies>if>dhcp>option$ circuit-id ifindex
A:ALU-41>config>service>ies>if>dhcp>option$ exit
A:ALU-41>config>service>ies>if$ ip-mtu 1524
The following example displays the IES interface creation output for the IES service.
A:ALU-41>config>service>ies>if# info detail
-------------------------------------------
...
no description
address 192.168.0.0/16 broadcast host-ones
no mac
arp-timeout 14400
no allow-directed-broadcasts
icmp
mask-reply
unreachables 100 10
ttl-expired 100 10
exit
dhcp
shutdown
no description
option
action keep
circuit-id ifindex
no remote-id
no vendor-specific-option
exit
no server
no trusted
exit
ip-mtu 1524
no bfd
ipcp
no peer-ip-address
no dns
exit
proxy-arp policy ‟proxyARPpolicy”
local proxy-arp
remote proxy-arp
no shutdown...
-------------------------------------
IES IPv6 Service
Use the following CLI syntax to configure interface parameters for the IES IPv6 service.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
interface ip-int-name
ipv6
address ipv6-address/prefix-length [eui-64]
dhcp6-relay
description description-string
option
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
remote-id
server ipv6-address [ipv6-address...(up to 8 max)]
no shutdown
icmp6
packet-too-big [number seconds]
param-problem [number seconds]
time-exceeded [number seconds]
unreachables [number seconds]
neighbor ipv6-address mac-address
reachable-time seconds
stale-time seconds
- Example:
config>service# ies 9
config>service>ies$ interface ‟ies_interface”
config>service>ies>if$ ipv6
config>service>ies>if>ipv6$ address 2001:db8:0:1:1:1:1:1/24
config>service>ies>if>ipv6$ dhcp6-relay
config>service>ies>if>ipv6>dhcp6-relay$ server 2001:db8::1
config>service>ies>if>ipv6>dhcp6-relay$ option
config>service>ies>if>ipv6>dhcp6-relay>option$ interface-id ascii-tuple
config>service>ies>if>ipv6>dhcp6-relay>option$ exit
config>service>ies>if>ipv6$ icmp
config>service>ies>if>ipv6>icmp6$ packet-too-big 80 10
config>service>ies>if>ipv6>icmp6$ exit
config>service>ies>>if>ipv6# neighbor 2001:db8::2
config>service>ies>>if>ipv6>neighbor# exit
config>service>ies>>if>ipv6# reachable-time 30
config>service>ies>>if>ipv6# stale-time 14400
config>service>ies>>if>ipv6# exit
The following example displays the IES interface IPv6 output.
A:ALU-41>config>service>ies>if># info detail
-------------------------------------------
...
no description
address 2001:db8:0:1:1:1:1:1/24
dhcp6-relay
no description
option
interface-id ascii-tuple
no remote-id
server 2001:db8:0:1:1:1:1:1
exit
icmp6
packet-too-big 80 10
param-problem 100 10
time-exceeded 100 10
unreachables 100 10
exit
exit
...
reachable-time 30
stale-time 14400
exit
...
Configuring IES SAP Parameters
Configure IES SAP parameters for:
IES Management SAP
Use the following CLI syntax to configure IES management SAP parameters.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
interface ip-int-name
sap sap-id [create]
atm
encapsulation encap-type
egress
traffic-desc traffic-desc-profile-id
ingress
traffic-desc traffic-desc-profile-id
oam
alarm-cells
description description-string
ingress
filter ip ip-filter-id
no shutdown
- Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# interface ‟ATMoIP Management”
A:ALU-41>config>service>ies>if# sap 1/1/1.1:0/32 create
A:ALU-41>config>service>ies>if>sap# ingress
A:ALU-41>config>service>ies>if>sap>ingress# filter ip 3
A:ALU-41>config>service>ies>if>sap>ingress# exit
A:ALU-41>config>service>ies>if>sap# atm
A:ALU-41>config>service>ies>if>sap>atm# encapsulation aal5mux-ip
A:ALU-41>config>service>ies>if>sap>atm# egress
A:ALU-41>config>service>ies>if>sap>atm>egress# traffic-desc 3
A:ALU-41>config>service>ies>if>sap>atm>egress# exit
A:ALU-41>config>service>ies>if>sap>atm# ingress
A:ALU-41>config>service>ies>if>sap>atm>ingress# traffic-desc 2
A:ALU-41>config>service>ies>if>sap>atm>ingress# exit
A:ALU-41>config>service>ies>if>sap>atm# oam
A:ALU-41>config>service>ies>if>sap>atm>oam# alarm-cells
A:ALU-41>config>service>ies>if>sap>atm>oam# exit
A:ALU-41>config>service>ies>if>sap>atm# exit
A:ALU-41>config>service>ies>if>sap# exit
A:ALU-41>config>service>ies>if# exit
A:ALU-41>config>service>ies#
The following example displays the IES SAP creation output.
A:ALU-41>config>service>ies>if>sap# info detail
-------------------------------------------
...
no description
ingress
filter ip 3
exit
atm
encapsulation aal5mux-ip
ingress
traffic-desc 2
exit
egress
traffic-desc 3
exit
oam
alarm-cells
exit
exit
no shutdown
-------------------------------------
IES Service SAP
Use the following CLI syntax to configure SAP parameters for the IES service.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
interface ip-int-name
sap sap-id [create]
accounting policy acct-policy-id
collect stats
description description-string
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
qos policy-id
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
qos policy-id
no shutdown
- Example:
A:ALU-41>config>service# ies 4
A:ALU-41>config>service>ies$ interface ‟to Internet”
A:ALU-41>config>service>ies>if$ sap 1/4/1 create
A:ALU-41>config>service>ies>if>sap$ egress
A:ALU-41>config>service>ies>if>sap>egress$ qos 3
A:ALU-41>config>service>ies>if>sap$ ingress
A:ALU-41>config>service>ies>if>sap>ingress$ filter ip 3
The following example displays the IES SAP creation output.
A:ALU-41>config>service>ies>if>sap# info detail
-------------------------------------------
...
no description
egress
qos 3
ingress
filter ip 3
exit
no shutdown
-------------------------------------
Configuring IES Spoke SDP Parameters
Use the following CLI syntax to configure spoke SDP parameters for the IES service.
- CLI Syntax:
config>service# ies service-id [customer customer-id] [create] [vpn vpn-id]
interface ip-int-name
spoke-sdp sdp-id:vc-id [create]
egress
vc-label egress-vc-label
ingress
filter ip ip-filter-id
vc-label ingress-vc-label
[no] shutdown
- Example:
A:ALU-41>config>service# ies 6
A:ALU-41>config>service>ies$ interface ‟ies6_interface”
A:ALU-41>config>service>ies>if$ spoke-sdp 5:6 create
A:ALU-41>config>service>ies>if>spoke-sdp$ ingress
A:ALU-41>config>service>ies>if>spoke-sdp>ingress$ filter ip 56
A:ALU-41>config>service>ies>if>spoke-sdp>ingress$ vc-label 5566
The following example displays the IES spoke SDP creation output.
A:ALU-41>config>service>ies>if>spoke SDP# info detail
-------------------------------------------
...
no description
egress
no vc-label
ingress
filter ip 56
vc-label 5566
exit
no shutdown
-------------------------------------
Configuring VRRP
Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on an IES interface must specify the backup ip-address parameter.
VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP addresses shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.
The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.
For more information about VRRP CLI syntax and command descriptions for an IES service interface, see IES Command Reference. For overview information about VRRP and VRRP IES interface parameters, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.
The following displays an IES interface VRRP owner configuration:
config>service>ies> info
#----------------------------------------------
...
interface ‟vrrpowner”
address 10.10.10.23/16
vrrp 1 owner
backup 10.10.10.24
authentication-key "testabc”
exit
exit
...
#----------------------------------------------
config>service>ies#
config>service>ies>if># info
-------------------------------------------
...
ipv6
address 2001:db8:0:1:1:1:1:1/16
vrrp 1 owner
backup 2001:db8:0:1:1:1:1:2
exit
exit
exit
...
-------------------------------------------
Configuring a Security Zone Within IES
To configure NAT or firewall security, you must:
configure a NAT or firewall security profile and policy in the config>security context
in the config>security>profile context, specify the timeouts for the TCP/UDP/ICMP protocols and configure logging and application assurance parameters. This step is optional. If you do not configure the profile, a default profile is assigned.
in the config>security>policy context, configure a security policy, specify the match criteria and the action to be applied to a packet if a match is found.
configure a security zone and apply the policy ID to the zone, as shown in the CLI syntax below
- CLI Syntax:
config>service
ies service-id [customer customer-id] [create]
abort
begin
commit
zone zone-id [create]
description description-string
interface ip-int-name [create]
name zone-name
nat
pool pool-id [create]
description description-string
direction {zone-outbound | zone-inbound | both}
entry entry-id [create]
ip-address ip-address [to ip-address] interface ip-int-name
port port [to port] interface ip-int-name
name pool-name
policy policy-id | policy-name
shutdown
The following example displays a NAT zone configuration output.
A:ALU-B>config>service>ies# info
----------------------------------------------
configure
service ies 10 create
zone 1 create
begin
name ‟IES zone”
description ‟uplink zone from private”
interface ies-100-10.30.10.1
exit
nat
pool 1 create
description "pool 1"
direction zone-inbound
exit
entry 1 create
ip-addr interface ies-100-198.51.100.0/24
exit
exit
exit
policy 1 nat pool 1
commit
exit
no-shutdown
----------------------------------------------
A:ALU-B>config>service>ies#
Configuring Serial Raw Socket Transport Within IES
Configure an IP transport subservice within an IES service in order to enable the transport of serial data using raw sockets.
- CLI Syntax:
config>service
ies service-id [customer customer-id] [create]
ip-transport ipt-id [create]
description description-string
filter-unknown-host
local-host ip-addr ip-addr port-num port-num] protocol {tcp|udp}
remote-host host-id [ip-addr ip-addr] [port-num port-num] [create]
description description-string
name host-name
exit
fc fc-name profile {in |out}
shutdown
tcp
inactivity-timeout number
max-retries seconds
retry-interval seconds
exit
exit
exit
exit
The following example displays an IP transport subservice configuration output.
A:ALU-B>config>service>ies# info
----------------------------------------------
configure
service ies 20 create
ip-transport 1/2/4.1 create
description ‟ip-transport one”
filter-unknown-host
local-host ip-address 192.168.1.1 port-number 4000 protocol udp
exit
remote-host 1 ip-address 192.168.1.7 port-number 4001 create
exit
exit
no-shutdown
----------------------------------------------
A:ALU-B>config>service>ies#
Service Management Tasks
This section discusses the following service management tasks:
Modifying IES Service Parameters
Existing IES service parameters can be modified, added, removed, enabled, or disabled.
To display a list of customer IDs, use the show>service>customer command.
Enter the parameters (such as description, interface information, or SAP information), and then enter the new information.
The following is an example of changing the IP MTU size.
- Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# interface ‟testname”
A:ALU-41>config>service>ies>if# ip-mtu 1517
A:ALU-41>config>service>ies>if# exit
Disabling an IES Service
An IES service can be shut down without deleting the service parameters.
Use the shutdown command to shut down an IES service.
- CLI Syntax:
config>service# ies service-id
shutdown
- Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# shutdown
A:ALU-41>config>service>ies# exit
Re-enabling an IES Service
Use the no shutdown command to re-enable a previously disabled IES service.
- CLI Syntax:
config>service# ies service-id
no shutdown
- Example:
A:ALU-41>config>service# ies 5
A:ALU-41>config>service>ies# no shutdown
A:ALU-41>config>service>ies# exit
Deleting an IES Service
An IES service cannot be deleted until SAPs, spoke SDPs, and interfaces are shut down and deleted and the service is shut down on the service level.
Use the following CLI syntax to delete an IES service:
- CLI Syntax:
config>service#
ies service-id
interface ip-int-name
sap sap-id
shutdown
exit
no sap sap-id
spoke-sdp sdp-id:vc-id
shutdown
exit
no spoke-sdp sdp-id:vc-id
interface ip-int-name
shutdown
exit
no interface ip-int-name
shutdown
exit
no ies service-id
IES Command Reference
Command Hierarchies
Configuration Commands
IES Management Configuration Commands
config
- service
- ies service-id [customer customer-id] [create] [vpn vpn-id]
- no ies service-id
- description description-string
- no description
- interface ip-int-name [create]
- no interface ip-int-name
- address {ip-address/mask | ip-address netmask}
- no address
- bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
- no bfd
- description description-string
- no description
- ip-mtu octets
- no ip-mtu
- sap sap-id [create]
- no sap sap-id
- atm
- encapsulation atm-encap-type
- egress
- traffic-desc traffic-desc-profile-id
- no traffic-desc
- ingress
- traffic-desc traffic-desc-profile-id
- no traffic-desc
- oam
- [no] alarm-cells
- description description-string
- no description
- ingress
- filter ip ip-filter-id
- no filter ip
- no filter ip [ip ip-filter-id]
- [no] shutdown
- [no] shutdown
- service-name service-name
- no service-name
- [no] shutdown
IES Service Configuration Commands
config
- service
- ies service-id [customer customer-id] [create] [vpn vpn-id]
- description description-string
- no description
- [no] interface ip-int-name [create]
- address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
- no address {ip-address/mask | ip-address netmask}
- [no] allow-directed broadcasts
- arp-retry-timer ms-timer
- no arp-retry-timer
- arp-timeout seconds
- no arp-timeout
- bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
- no bfd
- cflowd-parameters
- sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]
- no sampling {unicast | multicast}
- description description-string
- no description
- dhcp
- description description-string
- no description
- gi-address ip-address [src-ip-addr]
- no gi-address
- [no] option
- action {replace | drop | keep}
- no action
- circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
- no circuit-id
- remote-id [mac | string string]
- no remote-id
- [no] vendor-specific option
- [no] client-mac-address
- [no] sap-id
- [no] service-id
- string text
- no string
- [no] system-id
- server server1 [server2...(up to 8 max)]
- no server
- [no] shutdown
- [no] trusted
- hold-time
- down ip seconds [init-only]
- no down ip
- down ipv6 seconds [init-only]
- no down ipv6
- up ip seconds
- no up ip
- up ipv6 seconds
- no up ipv6
- icmp
- [no] mask-reply
- ttl-expired [number seconds]
- no ttl-expired
- unreachables [number seconds]
- no unreachables
- ip-mtu octets
- no ip-mtu
- [no] ipcp
- dns ip-address [secondary ip-address]
- dns secondary ip-address
- no dns [ip-address] [secondary ip-address]
- peer-ip-address ip-address
- no peer-ip-address
- [no] ipv6
- address ipv6-address/prefix-length [eui-64] [preferred]
- no address ipv6-address/prefix-length
- bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
- no bfd
- [no] dhcp6-relay
- description description-string
- [no] description
- [no] option
- interface-id
- interface-id ascii-tuple
- interface-id ifindex
- interface-id sap-id
- interface-id string
- no interface-id
- [no] remote-id
- server ipv6-address [ipv6-address...(up to 8 max)]
- no server ipv6-address [ipv6-address...(up to 8 max)]
- [no] shutdown
- icmp6
- packet-too-big [number seconds]
- no packet-too-big
- param-problem [number seconds]
- no param-problem
- time-exceeded [number seconds]
- no time-exceeded [number seconds]
- unreachables [number seconds]
- no unreachables
- link-local-address ipv6-address [preferred]
- no link-local-address
- [no] local-dhcp-server local-server-name
- neighbor ipv6-address mac-address
- no neighbor ipv6-address
- reachable-time seconds
- stale-time seconds
- tcp-mss value
- no tcp-mss
- l4-load-balancing hashing-algorithm
- no l4-load-balancing
- [no] local-dhcp-server local-server-name
- [no] local-proxy-arp
- [no] loopback
- mac ieee-address
- no mac [ieee-address]
- proxy-arp-policy policy-name [policy-name...(up to 5 max)]
- no proxy-arp-policy
- [no] remote-proxy-arp
- [no] sap sap-id [create]
- accounting-policy acct-policy-id
- no accounting-policy [acct-policy-id]
- [no] collect-stats
- description description-string
- no description
- egress
- agg-rate-limit agg-rate [cir cir-rate]
- no agg-rate-limit
- filter ip ip-filter-id
- filter ipv6 ipv6-filter-id
- no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
- [no] qinq-mark-top-only
- qos policy-id
- no qos
- scheduler-mode {4-priority | 16-priority}
- [no] shaper-group shaper-group-name [create]
- ingress
- agg-rate-limit agg-rate [cir cir-rate]
- no agg-rate-limit
- filter ip ip-filter-id
- filter ipv6 ipv6-filter-id
- no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
- match-qinq-dot1p {top | bottom}
- no match-qinq-dot1p
- qos policy-id
- no qos
- scheduler-mode {4-priority | 16-priority}
- [no] shaper-group shaper-group-name [create]
- [no] shutdown
- secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
- no secondary {ip-address/mask | ip-address netmask}
- [no] shutdown
- spoke-sdp sdp-id:vc-id [create]
- no spoke-sdp sdp-id:vc-id
- egress
- vc-label egress-vc-label
- no [egress-vc-label]
- ingress
- filter ip ip-filter-id
- no filter
- vc-label ingress-vc-label
- no vc-label [ingress-vc-label]
- [no] shutdown
- static-arp ip-address ieee-address
- no static-arp ip-address [ieee-address]
- static-arp ieee-address unnumbered
- no static-arp [ieee-address] unnumbered
- [no] static-nat-inside
- tcp-mss value
- no tcp-mss
- [no] teid-load-balancing
- unnumbered {ip-int-name | ip-address}
- no unnumbered
- service-name service-name
- no service-name
- [no] shutdown
Routed VPLS Commands
config
- service
- ies service-id
- interface ip-interface-name [create]
- no interface ip-interface-name
- vpls service-name
- no vpls
- ingress
- v4-routed-override-filter ip-filter-id
- no v4-routed-override-filter
- v6-routed-override-filter ipv6-filter-id
- no v6-routed-override-filter
VRRP Commands
config
- service
- ies service-id [customer customer-id] [create] [vpn vpn-id]
- [no] interface ip-int-name
- [no] ipv6
- vrrp virtual-router-id [owner] [passive]
- no vrrp virtual-router-id
- [no] backup ipv6-address
- [no] bfd-enable service-id interface interface-name dst-ip ip-address
- [no] bfd-enable interface interface-name dst-ip ip-address
- init-delay seconds
- no init-delay
- mac mac-address
- no mac
- [no] master-int-inherit
- message-interval {[seconds] [milliseconds milliseconds]}
- no message-interval
- [no] ntp-reply
- [no] ping-reply
- policy vrrp-policy-id
- no policy
- [no] preempt
- priority base-priority
- no priority
- [no] shutdown
- [no] standby-forwarding
- [no] telnet-reply
- [no] traceroute-reply
- vrrp virtual-router-id [owner] [passive]
- no vrrp virtual-router-id
- authentication-key [authentication-key | hash-key] [hash | hash2]
- no authentication-key
- [no] backup ip-address
- [no] bfd-enable service-id interface interface-name dst-ip ip-address
- [no] bfd-enable interface interface-name dst-ip ip-address
- init-delay seconds
- no init-delay
- mac mac-address
- no mac
- [no] master-int-inherit
- message-interval {[seconds] [milliseconds milliseconds]}
- no message-interval
- [no] ntp-reply
- [no] ping-reply
- policy vrrp-policy-id
- no policy
- [no] preempt
- priority priority
- no priority
- [no] shutdown
- [no] ssh-reply
- [no] standby-forwarding
- [no] telnet-reply
- [no] traceroute-reply
IES Security Zone Configuration Commands
config
- service
- ies service-id [customer customer-id] [create]
- no ies service-id
- zone {zone-id | zone-name} [create]
- no zone {zone-id | zone-name}
- abort
- begin
- commit
- description description-string
- no description
- inbound
- limit
- concurrent-sessions {tcp | udp | icmp | other} sessions
- no concurrent-sessions {tcp | udp | icmp | other}
- [no] interface interface-name
- [no] shutdown
- log {log-id | name}
- no log
- name zone-name
- no name
- nat
- pool pool-id [create]
- no pool pool-id
- description description-string
- no description
- direction {zone-outbound | zone-inbound | both}
- no direction
- entry entry-id [create]
- no entry entry-id
- ip-address ip-address [to ip-address] interface ip-int-name
- no ip-address
- port port [to port]
- no port
- name pool-name
- no name
- outbound
- limit
- concurrent-sessions {tcp | udp | icmp | other} sessions
- no concurrent-sessions {tcp | udp | icmp | other}
- policy {policy-id | policy-name}
- no policy
- [no] shutdown
IES Raw Socket IP Transport Configuration Commands
config
- service
- ies service-id [customer customer-id] [create]
- no ies service-id
- ip-transport ipt-id [create]
- no ip-transport ipt-id
- description description-string
- no description
- dscp dscp-name
- fc fc-name profile {in | out}]
- [no] filter-unknown-host
- local-host ip-addr ip-addr port-num port-num protocol {tcp | udp}
- no local-host
- remote-host host-id [ip-addr ip-addr] [port-num port-num] [ceate]
- no remote-host host-id
- description description-string
- no description
- name host-name
- no name
- [no] shutdown
- tcp
- inactivity-timeout seconds
- max-retries number
- retry-interval seconds
Show Commands
show
- service
- customer [customer-id]
- egress-label start-label [end-label]
- id service-id
- all
- arp [ip-address] | [mac ieee-address] | [sap sap-id] | [interface ip-int-name]
- base
- dhcp
- statistics [interface interface-name | ip-address]
- summary [interface interface-name | saps]
- interface [{[ip-address | ip-int-name] [interface-type] [detail] [family]} | summary]
- ip-transport ipt-id [detail | statistics]
- remote-host host-id [detail | statistics]
- sap [sap-id] [detail]
- ingress-label start-label [end-label]
- ip-transport-using [ip-transport ipt-id]
- sap-using [sap sap-id]
- sap-using interface [ip-address | ip-int-name]
- sap-using description
- sap-using [ingress | egress] atm-td-profile td-profile-id
- sap-using [ingress | egress] scheduler-mode {4-priority | 16-priority}
- sap-using [ingress] filter filter-id
- sap-using [ingress | egress] qos-policy qos-policy-id
- service-using [ies] [customer customer-id]
Clear Commands
clear
- service
- id service-id
- dhcp
- statistics [ip-int-name | ip-address]
- dhcp6
- statistics [ip-int-name | ip-address]
- ip-transport ipt-id
- remote-host host-id
- statistics
- statistics
Debug Commands
debug
- service
- id service-id
Command Descriptions
IES Generic Configuration Commands
description
Syntax
description description-string
no description
Context
config>service>ies
config>service>ies>interface
config>service>ies>if>dhcp
config>service>ies>if>ipv6>dhcp6-relay
config>service>ies>if>sap
config>service>ies>if>sap
config>service>ies>ip-transport
config>service>ies>ip-transport>remote-host
config>service>ies>zone>nat>pool
Description
This command creates a text description stored in the configuration file for a configuration context.
The no form of this command removes the string from the context.
The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.
Parameters
- description-string
the description character string. Allowed values are any string up to 80 printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
shutdown
Syntax
[no] shutdown
Context
config>service>ies
config>service>ies>interface
config>service>ies>if>dhcp
config>service>ies>if>ipv6>dhcp6-relay
config>service>ies>if>sap
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
config>service>ies>ip-transport
Description
This command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.
The no form of this command places the entity into an administratively enabled state.
The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.
Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and tries to enter the operationally up state. Default administrative states for services and service entities are described in the following Special Cases.
Special Cases
- IES
the default administrative status of an IES service is down. While the service is down, its associated interface is operationally down.
For example, if:
1) An IES service is operational and its associated interface is shut down
2) The IES service is administratively shut down and brought back up
3) The interface that is shut down remains in the administrative shutdown state
A service is regarded as operational provided that one IP interface is operational.
- IES IP Interfaces
when the IP interface is shut down, it enters the administratively and operationally down states. For a SAP bound to the IP interface, no packets are transmitted out of the SAP and all packets received on the SAP are dropped and the packet discard counter is incremented.
- IES IP transport subservice
when an IP transport subservice within an IES service is shut down, all TCP/UDP packets received from remote hosts are dropped and any serial data received from the serial port is dropped. Any TCP connections that were up are closed and no new TCP connection requests are accepted.
It is not possible to make configuration changes to an IP transport subservice without performing a shutdown first.
The operational state of an IP transport subservice is relative to the operational state of the serial port for which the IP transport subservice is defined. When a serial port is shut down, the IP transport subservice associated with the serial port becomes operationally down.
When the no shutdown command is executed for an IP transport subservice, it becomes operationally up, serial data from the serial port is encapsulated in TCP/UDP packets destined for remote hosts, and TCP/UDP packets can be received by the local host, where raw serial data is then sent out the serial port.
IES Global Configuration Commands
ies
Syntax
ies service-id [customer customer-id] [create] [vpn vpn-id]
no ies service-id
Context
config>service
Description
This command enables Internet Enhanced Service (IES). On the 7705 SAR, IES is used for direct IP connectivity between customer access points as well as in-band management of the 7705 SAR over ATM links.
The no form of this command deletes the IES service instance with the specified service-id.
The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.
Parameters
- service-id
uniquely identifies a service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number or name used for every 7705 SAR on which this service is defined.
- customer-id
specifies the customer ID number to be associated with the service. This parameter is required on service creation and is optional for service editing or deleting.
- vpn-id
specifies the VPN ID number, which allows you to identify virtual private networks (VPNs) by a VPN identification number. If this parameter is not specified, the VPN ID uses the service ID number. This parameter is not the same as the VRF ID used with VPRN services.
service-name
Syntax
service-name service-name
no service-name
Context
config>service>ies
Description
This command configures a service name that can be used in other configuration commands and show commands that reference the service.
Parameters
- service-name
up to 64 characters
IES Management Configuration Commands
IES Management Interface Commands
interface
Syntax
interface ip-int-name [create]
no interface ip-int-name
Context
config>service>ies
Description
This command creates a logical IP routing interface for an Internet Enhanced Service (IES). When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.
The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. Two SAPs can be assigned to a single group interface.
Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal notation of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.
When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.
There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.
The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.
Default
no interface
Parameters
- ip-int-name
the name of the IP interface. Interface names must be unique within the group of IP interfaces defined for the network core router instance. An interface name cannot be in the form of an IP address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
address
Syntax
address {ip-address/mask | ip-address netmask}
no address
Context
config>service>ies>interface
Description
This command assigns an IP address and IP subnet to an IES IP interface. Only one IP address can be associated with an IP interface.
An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.
The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
Default
no address
Parameters
- ip-address
the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- /
the forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.
- mask
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address determines the host portion of the IP address.
- netmask
the subnet mask in dotted-decimal notation
bfd
Syntax
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
no bfd
Context
config>service>ies>interface
config>service>ies>if>ipv6
Description
This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.
Default
no bfd
Parameters
- transmit-interval
the number of milliseconds between consecutive BFD sent messages
- receive-interval
the number of milliseconds between consecutive BFD received messages
- multiplier
the number of consecutive BFD messages that must be missed before the interface is brought down
- type np
controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.
Note: The BFD session must be disabled before the type np parameter can be changed.
cflowd-parameters
Syntax
cflowd-parameters
Context
config>service>ies>interface
Description
This command enables the context to configure cflowd parameters for the specified IP interface.
Cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.
Default
n/a
sampling
Syntax
sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]
no sampling {unicast | multicast}
Context
config>service>ies>if>cflowd-parameters
Description
This command configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.
This command can be used to configure the sampling parameters for unicast and multicast traffic separately.
If cflowd sampling is enabled with no direction parameter specified, ingress-only sampling is enabled by default.
The no form of the command disables the configured type of traffic sampling on the interface.
Default
no sampling unicast no sampling multicast
Parameters
- unicast
cflowd samples unicast traffic on the interface
- multicast
cflowd samples multicast traffic on the interface
- interface
specifies that all traffic entering or exiting the interface is subject to sampling. Interface is the only sampling type supported on the 7705 SAR and must be specified with this command.
- direction
specifies the direction in which to collect traffic flow samples: ingress-only, egress-only, or both
ip-mtu
Syntax
ip-mtu octets
no ip-mtu
Context
config>service>ies>interface
Description
This command configures the IP maximum transmit unit (packet size) for this interface.
The no form of the command returns the default value.
Parameters
- octets
the MTU for the interface
IES Management SAP Commands
sap
Syntax
sap sap-id [create]
no sap sap-id
Context
config>service>ies>interface
Description
This command creates a SAP within an IES service. Each SAP must be unique.
All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.
Enter an existing SAP without the create keyword to edit SAP parameters.
A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. An IES SAP can only be defined on an ATM port or IMA group that has been configured as an access port in the config>port port-id context using the mode access command. Fractional TDM ports are always access ports. See the 7705 SAR Interface Configuration Guide for information about access ports.
If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.
Default
no sap
Parameters
- sap-id
specifies the physical port identifier portion of the SAP definition. See SAP ID Configurations for a full list of SAP IDs.
- create
keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.
ingress
Syntax
ingress
Context
config>service>ies>if>sap
Description
This command enables access to the context to associate ingress filter policies with the SAP.
If an ingress filter is not defined, no filtering is performed.
filter ip
Syntax
filter ip ip-filter-id
no filter
no filter [ip ip-filter-id]
Context
config>service>ies>if>sap>ingress
Description
This command associates an IP filter policy with an ingress SAP. Filter policies control the forwarding and dropping of packets based on the IP match criteria. Only one filter ID can be specified.
The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned. Filters applied to the ingress SAP apply to all IP packets on the SAP.
The no form of this command removes any configured filter ID association with the SAP.
Default
no filter
Parameters
- ip-filter-id
specifies the IP filter policy. The filter ID or filter name must already exist within the created IP filters.
atm
Syntax
atm
Context
config>service>ies>if>sap
Description
This command enables access to the context to configure ATM-related attributes. This command can only be used when a specific context (for example, a channel or SAP) supports ATM functionality such as:
configuring ATM port or ATM port-related functionality on T1/E1 ASAP adapter cards on a 7705 SAR-8 Shelf V2 or 7705 SAR-18 or on T1/E1 ports on a 7705 SAR-M
configuring ATM-related configuration for ATM-based SAPs that exist on T1/E1 ASAP adapter cards on a 7705 SAR-8 Shelf V2 or 7705 SAR-18 or on T1/E1 ports on a 7705 SAR-M
If ATM functionality is not supported for a specific context, the command returns an error.
encapsulation
Syntax
encapsulation atm-encap-type
Context
config>service>ies>if>sap>atm
Description
This command configures an ATM VC SAP for encapsulation in accordance with RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. This command is only supported in the IP over ATM management context.
The only supported encapsulation type is aal5mux-ip.
Ingress traffic that does not match the configured encapsulation is dropped.
Default
aal5mux-ip
Parameters
- atm-encap-type
aal5mux-ip (routed IP encapsulation for a VC multiplexed circuit as defined in RFC 2684)
egress
Syntax
egress
Context
config>service>ies>if>sap>atm
Description
This command provides access to the context to configure egress ATM traffic policies for the SAP.
ingress
Syntax
ingress
Context
config>service>ies>if>sap>atm
Description
This command provides access to the context to configure ingress ATM traffic policies for the SAP.
traffic-desc
Syntax
traffic-desc traffic-desc-profile-id
no traffic-desc
Context
config>service>ies>if>sap>atm>egress
config>service>ies>if>sap>atm>ingress
Description
This command assigns an ATM traffic descriptor profile to an egress or ingress SAP.
When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction.
When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.
The no form of the command reverts to the default traffic descriptor profile.
Default
The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created ATM VC SAPs.
Parameters
- traffic-desc-profile-id
specifies a defined traffic descriptor profile (for information about defining traffic descriptor profiles, see the 7705 SAR Quality of Service Guide)
oam
Syntax
oam
Context
config>service>ies>if>sap>atm
Description
This command enables the context to configure OAM functionality for an IES SAP.
The T1/E1 ASAP Adapter cards support F4 and F5 end-to-end OAM functionality (AIS, RDI, Loopback).
alarm-cells
Syntax
[no] alarm-cells
Context
config>service>ies>if>sap>atm>oam
Description
This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC terminations to monitor and report the status of their connection by propagating fault information through the network and by driving the PVCC operational status.
Layer 2 OAM AIS/RDI cells that are received on the IES SAP cause the IP interface to be disabled.
The no command disables alarm-cells functionality for the SAP. When alarm-cells functionality is disabled, OAM cells are not generated as result of the SAP going into the operationally down state.
Default
enabled
IES Service Configuration Commands
IES Service Interface Commands
interface
Syntax
[no] interface ip-int-name [create]
Context
config>service>ies
Description
This command creates a logical IP routing interface for Internet Enhanced Service (IES). When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.
The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and the default routing table. Two SAPs can be assigned to a single group interface.
Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal format of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.
When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.
There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.
The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.
Default
no interface
Parameters
- ip-int-name
the name of the IP interface. Interface names must be unique within the group of IP interfaces defined for the network core router instance. An interface name cannot be in the form of an IP address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
address
Syntax
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
no address {ip-address/mask | ip-address netmask}
Context
config>service>ies>interface
Description
This command assigns an IP address, IP subnet, and broadcast address format to an IES IP interface.
An IP address must be assigned to each IES IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.
The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
Default
no address
Parameters
- ip-address
the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- /
the forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.
- mask
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address determines the host portion of the IP address.
- netmask
the subnet mask in dotted-decimal notation
- broadcast
overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to the default broadcast address of host-ones.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
- all-ones
specifies that the broadcast address used by the IP interface for this IP address is 255.255.255.255 (also known as the local broadcast)
- host-ones
specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the IP address and mask with all host bits set to 1. This IP address is the default broadcast address used by an IP interface.
allow-directed broadcasts
Syntax
[no] allow-directed broadcasts
Context
config>service>ies>interface
Description
This command enables the forwarding of directed broadcasts out of the IP interface.
A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.
When enabled, a frame destined for the local subnet on this IP interface is sent as a subnet broadcast out this interface.
By default, directed broadcasts are not allowed and are discarded at this egress IP interface.
The no form of the command disables directed broadcasts forwarding out of the IP interface.
Default
no allow-directed broadcasts
arp-retry-timer
Syntax
arp-retry-timer ms-timer
no arp-retry-timer
Context
config>service>ies>interface
Description
This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.
The no form of the command resets the interval to the default value.
Default
50 (in 100s of ms)
Parameters
- ms-timer
the time interval, in 100s of milliseconds, the system waits before retrying a failed ARP request
arp-timeout
Syntax
arp-timeout seconds
no arp-timeout
Context
config>service>ies>interface
Description
This command configures the minimum interval, in seconds, that an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host. Otherwise, the ARP entry is aged from the ARP table.
If the arp-timeout value is set to 0 s, ARP aging is disabled.
The no form of the command reverts to the default value.
Default
no arp-timeout
Parameters
- seconds
the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of 0 specifies that the timer is inoperative and learned ARP entries will not be aged.
bfd
Syntax
bfd {transmit-interval} [receive receive-interval] [multiplier multiplier] [type np]
no bfd
Context
config>service>ies>interface
config>service>ies>if>ipv6
Description
This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.
Default
no bfd
Parameters
- transmit-interval
the number of milliseconds between consecutive BFD sent messages
- receive-interval
the number of milliseconds between consecutive BFD received messages
- multiplier
the number of consecutive BFD messages that must be missed before the interface is brought down
- type np
controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.
Note: The BFD session must be disabled before the type np parameter can be changed.
dhcp
Syntax
dhcp
Context
config>service>ies>interface
Description
This command enables the context to configure DHCP parameters.
gi-address
Syntax
gi-address ip-address [src-ip-addr]
no gi-address
Context
config>service>ies>if>dhcp
Description
This command configures the gateway interface address for the DHCP Relay Agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface. Specifying the GIADDR allows the user to choose a secondary address.
Default
no gi-address
Parameters
- ip-address
the IP address of the gateway interface in dotted-decimal notation
- src-ip-addr
specifies that the GIADDR is to be used as the source IP address for DHCP relay packets
option
Syntax
[no] option
Context
config>service>ies>if>dhcp
Description
This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.
The no form of this command returns the system to the default.
Default
no option
action
Syntax
action {replace | drop | keep}
no action
Context
config>service>ies>if>dhcp>option
Description
This command configures the Relay Agent Information Option (Option 82) processing.
The no form of this command returns the system to the default value.
Default
keep
Parameters
- replace
in the upstream direction (from the user), the Option 82 field from the router is inserted in the packet (overwriting any existing Option 82 field). In the downstream direction (toward the user), the Option 82 field is stripped (in accordance with RFC 3046).
- drop
the DHCP packet is dropped if an Option 82 field is present, and a counter is incremented
- keep
the existing information is kept in the packet and the router does not add any additional information. In the downstream direction, the Option 82 field is not stripped and is forwarded toward the client.
The behavior is slightly different in the case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert its own VSO into the Option 82 field. This will only be done if the incoming message already has an Option 82 field.
If no Option 82 field is present, the router will not create the Option 82 field. In this case, no VSO will be added to the message.
circuit-id
Syntax
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
no circuit-id
Context
config>service>ies>if>dhcp>option
Description
This command sends either an ASCII tuple or the interface index (If Index) on the specified SAP ID in the circuit-id suboption of the DHCP packet.
If disabled, the circuit-id suboption of the DHCP packet is left empty.
The no form of the command returns the system to the default.
Default
ascii-tuple
Parameters
- ascii-tuple
specifies that the ASCII-encoded concatenated tuple, which consists of the access node identifier, service ID, and interface name, separated by ‟/”, will be used
- ifindex
specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.
- sap-id
specifies that the SAP ID will be used
- vlan-ascii-tuple
specifies that the format will include VLAN ID and dot1p bits in addition to what is already included in ascii-tuple. The format is supported on dot1q and qinq ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.
remote-id
Syntax
remote-id [mac | string string]
no remote-id
Context
config>service>ies>if>dhcp>option
Description
This command sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit.
If disabled, the remote-id suboption of the DHCP packet is left empty.
The no form of this command returns the system to the default.
Default
remote-id
Parameters
- mac
specifies that the MAC address of the remote end is encoded in the suboption
- string
the remote ID
vendor-specific option
Syntax
[no] vendor-specific-option
Context
config>service>ies>if>dhcp>option
Description
This command configures the vendor-specific suboption of the DHCP relay packet.
client-mac-address
Syntax
[no] client-mac-address
Context
config>service>ies>if>dhcp>option>vendor-specific-option
Description
This command enables the sending of the MAC address in the vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the MAC address.
sap-id
Syntax
[no] sap-id
Context
config>service>ies>if>dhcp>option>vendor-specific-option
Description
This command enables the sending of the SAP ID in the vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the SAP ID.
service-id
Syntax
[no] service-id
Context
config>service>ies>if>dhcp>option>vendor-specific-option
Description
This command enables the sending of the service ID in the vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the service ID.
string
Syntax
string text
no string
Context
config>service>ies>if>dhcp>option>vendor-specific-option
Description
This command specifies the string in the vendor-specific suboption of the DHCP relay packet.
The no form of the command reverts to the default value.
Default
no string
Parameters
- text
any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, the entire string must be enclosed within double quotes.
system-id
Syntax
[no] system-id
Context
config>service>ies>if>dhcp>option>vendor-specific-option
Description
This command specifies whether the system ID is encoded in the vendor-specific suboption of the DHCP relay packet.
server
Syntax
server server1 [server2...(up to 8 max)]
no server
Context
config>service>ies>if>dhcp>option
Description
This command specifies a list of servers where requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers, the request is forwarded to all of the servers in the list.
There can be a maximum of 8 DHCP servers configured.
Default
no server
Parameters
- server
the DHCP server IP address
trusted
Syntax
[no] trusted
Context
config>service>ies>if>dhcp>option
Description
As specified in RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the giaddr is 0.0.0.0 and that contains a Option 82 field in the packet, should be discarded unless it arrives on a ‟trusted” circuit. If trusted mode is enabled on an IP interface, the Relay Agent (the router) will modify the request giaddr to be equal to the ingress interface and forward the request.
This behavior only applies when the action in the Relay Agent Information Option is ‟keep”. In the case where the Option 82 field is being replaced by the Relay Agent (action = ‟replace”), the original Option 82 information is lost, and therefore there is no reason to enable the trusted option.
The no form of this command returns the system to the default.
Default
not enabled
hold-time
Syntax
hold-time
Context
config>service>ies>interface
Description
This command enables the CLI context to configure interface hold-up or hold-down timers.
Default
n/a
down
Syntax
down ip seconds [init-only]
no down ip
down ipv6 seconds [init-only]
no down ipv6
Context
config>service>ies>if>hold-time
Description
This command enables a delay in the activation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is first configured, the delay is only applied when the IP interface is first configured or after a system reboot.
The no form of this command disables the delay in the activation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.
Default
n/a
Parameters
- ip
specifies that the configured down delay is applied to an IPv4 interface
- ipv6
specifies that the configured down delay is applied to an IPv6 interface
- seconds
specifies the time delay, in seconds, before the interface is activated
- init-only
specifies that the configured down delay is applied only when the interface is configured or after a reboot
up
Syntax
up ip seconds
no up ip
up ipv6 seconds
no up ipv6
Context
config>service>ies>if>hold-time
Description
This command enables a delay in the deactivation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.
The no form of this command disables the delay in the deactivation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.
Default
n/a
Parameters
- ip
specifies that the configured up delay applies to an IPv4 interface
- ipv6
specifies that the configured up delay applies to an IPv6 interface
- seconds
specifies the time delay, in seconds, before the interface is deactivated
icmp
Syntax
icmp
Context
config>service>ies>interface
Description
This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.
mask-reply
Syntax
[no] mask-reply
Context
config>service>ies>if>icmp
Description
This command enables or disables responses to ICMP mask requests on the router interface.
If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.
The no form of the command disables replies to ICMP mask requests on the router interface.
Default
mask-reply
ttl-expired
Syntax
ttl-expired [number seconds]
no ttl-expired
Context
config>service>ies>if>icmp
Description
This command configures the rate that ICMP Time To Live (TTL) expired messages are issued by the IP interface.
By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10-s time interval.
The no form of the command disables the generation of TTL expired messages.
Default
ttl-expired 100 10—maximum of 100 TTL expired message in 10 s
Parameters
- number
the maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. The seconds parameter must also be specified.
- seconds
the time frame, in seconds, used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer
unreachables
Syntax
unreachables [number seconds]
no unreachables
Context
config>service>ies>if>icmp
Description
This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.
The unreachables command enables the generation of ICMP destination unreachable messages on the router interface. The rate at which ICMP unreachable messages are issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a specified time interval.
By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 100 per 10-s time interval.
The no form of the command disables the generation of ICMP destination unreachable messages on the router interface.
Default
unreachables 100 10—maximum of 100 unreachable messages in 10 s
Parameters
- number
the maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified.
- seconds
the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer
ip-mtu
Syntax
ip-mtu octets
no ip-mtu
Context
config>service>ies>interface
Description
This command configures the IP maximum transmit unit (packet size) for this interface.
The default value is derived from the port MTU. The no form of the command returns the default value.
Default
no ip-mtu — uses the value derived from the port MTU
Parameters
- octets
the MTU for the interface
ipcp
Syntax
[no] ipcp
Context
config>service>ies>interface
Description
This command enables the context to configure IPCP. Within this context, IPCP extensions can be used to signal the remote IP address and DNS IP address to the PPP peer over the PPP/MLPPP interface. This command is only applicable if the associated SAP is a PPP/MLPPP interface.
dns
Syntax
dns ip-address [secondary ip-address]
dns secondary ip-address
no dns [ip-address] [secondary ip-address]
Context
config>service>ies>if>ipcp
Description
This command defines the DNS addresses to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/ MLPPP interface with an IPCP encapsulation.
The no form of the command deletes the specified primary DNS address, secondary DNS address, or both addresses from the IPCP extension peer-ip-address configuration.
Default
no dns
Parameters
- ip-address
specifies a unicast IPv4 address for the primary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions
- secondary ip-address
specifies a unicast IPv4 address for the secondary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions
peer-ip-address
Syntax
peer-ip-address ip-address
no peer-ip-address
Context
config>service>ies>if>ipcp
Description
This command defines the remote IP address to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/MLPPP interface with an IPCP encapsulation.
The no form of the command deletes the IPCP extension peer-ip-address configuration.
Default
no peer-ip-address (0.0.0.0)
Parameters
- ip-address
a unicast IPv4 address to be signaled to the far end of the associated PPP/MLPPP link by IPCP extensions
load-balancing
Syntax
load-balancing
Context
config>service>ies>interface
Description
This command enables the context to configure load balancing hashing options on the interface. The options enabled at the interface level overwrite parallel system-level configurations.
Default
n/a
l4-load-balancing
Syntax
l4-load-balancing hashing-algorithm
no l4-load-balancing
Context
config>service>ies>interface>load-balancing
Description
This command configures Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to determine the distribution of packets.
You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.
The default configuration on the interface is to match the Layer 4 load-balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.
Parameters
- hashing-algorithm
specifies that Layer 4 source and destination port fields are included in or excluded from the hashing calculation
spi-load-balancing
Syntax
[no] spi-load-balancing
Context
config>service>ies>interface>load-balancing
Description
This command enables SPI hashing for ESP/AH encrypted IPv4 or IPv6 traffic at the interface level.
The no form of this command disables SPI hashing.
Default
no spi-load-balancing
teid-load-balancing
Syntax
[no] teid-load-balancing
Context
config>service>ies>interface>load-balancing
Description
This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine the distribution of packets.
You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.
Default
no teid-load-balancing
local-dhcp-server
Syntax
[no] local-dhcp-server local-server-name
Context
config>service>ies>interface
config>service>ies>if>ipv6
Description
This command associates the interface with a local DHCP server configured on the system. A routed VPLS interface may not be associated with a local DHCP server.
The no form of the command removes the association of the interface with the local DHCP server.
Default
n/a
Parameters
- local-server-name
the name of the local DHCP server
local-proxy-arp
Syntax
[no] local-proxy-arp
Context
config>service>ies>interface
Description
This command enables local proxy ARP on the interface.
Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.
Local proxy ARP is used on subnets where hosts are prevented from communicating directly.
When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.
Default
no local-proxy-arp
loopback
Syntax
[no] loopback
Context
config>service>ies>interface
Description
This command specifies that the interface is a loopback interface that has no associated physical interface. If this command is enabled, a SAP cannot be defined on the interface.
Default
no loopback
mac
Syntax
mac ieee-address
no mac [ieee-address]
Context
config>service>ies>interface
Description
This command assigns a specific MAC address to an IES IP interface.
The no form of the command returns the MAC address to the default value.
Default
the physical MAC address associated with the Ethernet interface on which the SAP is configured (default MAC address assigned to the interface by the system)
Parameters
- ieee-address
a 48-bit MAC address in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers and cannot be all zeros. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.
proxy-arp-policy
Syntax
proxy-arp-policy policy-name [policy-name...(up to 5 max)]
no proxy-arp-policy
Context
config>service>ies>interface
Description
This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (see the 7705 SAR Router Configuration Guide, ‟Route Policy Command Reference, Route Policy Options”). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.
Default
no proxy-arp-policy
Parameters
- policy-name
the route policy statement name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes. The policy statement must already be defined.
remote-proxy-arp
Syntax
[no] remote-proxy-arp
Context
config>service>ies>interface
Description
This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.
Default
no remote-proxy-arp
secondary
Syntax
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no secondary {ip-address/mask | ip-address netmask}
Context
config>service>ies>interface
Description
This command assigns an secondary IP address, IP subnet, and broadcast address format to the interface.
Default
no secondary
Parameters
- ip-address
the IP address of the IP interface. The ip-address portion of the secondary command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- mask
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.
- netmask
the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address.
- broadcast
the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to a broadcast address of host-ones.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
- all-ones
specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast
- host-ones
specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.
The broadcast parameter within the secondary command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the secondary command must be executed with the broadcast parameter defined.
- igp-inhibit
specifies that this secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the secondary IP interface will not be injected and used as a passive interface and will not be advertised as an internal IP interface into the IGP link state database. For RIP, this means that the secondary IP interface will not source RIP updates.
static-arp
Syntax
static-arp ip-address ieee-address
no static-arp ip-address [ieee-address]
static-arp ieee-address unnumbered
no static-arp [ieee-address] unnumbered
Context
config>service>ies>interface
Description
This command configures a static ARP entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.
If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.
A router interface can only have one static ARP entry configured for it.
Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR configuration can specify to send a packet with a particular IP address to the corresponding ARP address.
The no form of the command removes a static ARP entry.
Default
no static-arp
Parameters
- ip-address
the IP address for the static ARP in dotted-decimal notation
- ieee-mac-address
the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.
- unnumbered
specifies the static ARP MAC addresses for an unnumbered interface. Unnumbered interfaces also support dynamic ARP. If this parameter is configured, it overrides any dynamic ARP.
static-nat-inside
Syntax
[no] static-nat-inside
Context
config>service>ies>interface
Description
This command configures an interface as an inside (private) interface.
By default, all interfaces are outside (public) interfaces. The no form of this command returns the interface to the default setting.
Default
no static-nat-inside
tcp-mss
Syntax
tcp-mss value
no tcp-mss
Context
config>service>ies>interface
config>service>ies>if>ipv6
Description
This command configures the maximum segment size (MSS) in a TCP SYN or SYN-ACK packet during the establishment of a TCP connection. A tcp-mss value can be specified on an ingress interface, egress interface, or both. When configured on two interfaces, the smaller of the two values is used. If the TCP SYN packet has no TCP MSS field, the 7705 SAR assigns it the MSS value configured on the interface and recalculates the IP checksum. If the TCP SYN or SYN-ACK packet has an MSS field and the value is greater than the value configured on the interface, the 7705 SAR overwrites the packet MSS value with the lower value. If the MSS value is less than the value configured on the interface, the packet MSS value does not change. See the 7705 SAR Router Configuration Guide, ‟TCP MSS Configuration and Adjustment”, for more information.
This command is supported on interfaces with IPv4 and IPv6 traffic, and a different MSS value can be configured for the IPv4 and IPv6 interfaces. This command is not supported on IPSec public interfaces in IES.
Default
no tcp-mss
Parameters
- value
the MSS, in bytes, to be used in a TCP SYN or SYN-ACK packet
unnumbered
Syntax
unnumbered {ip-int-name | ip-address}
no unnumbered
Context
config>service>ies>interface
Description
This command configures an IP interface as an unnumbered interface and specifies an IP address or interface name to be used for the interface. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.
By default, no IP address exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface.
Default
no unnumbered
Parameters
- ip-int-name | ip-address
the IP interface name or address to associate with the unnumbered IP interface
IES Service IPv6 Commands
ipv6
Syntax
[no] ipv6
Context
config>service>ies>interface
Description
This command enables the context to configure IPv6 for an IES interface.
address
Syntax
address ipv6-address/prefix-length [eui-64] [preferred]
no address ipv6-address/prefix-length
Context
config>service>ies>if>ipv6
Description
This command assigns an IPv6 address to the IES interface.
Default
n/a
Parameters
- ipv6-address/prefix-length
the IPv6 address on the interface
- eui-64
when the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces.
- preferred
specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.
dhcp6-relay
Syntax
[no] dhcp6-relay
Context
config>service>ies>if>ipv6
Description
This command enables the context to configure DHCPv6 Relay parameters for the IES interface.
option
Syntax
[no] option
Context
config>service>ies>if>ipv6>dhcp6-relay
Description
This command enables the context to configure DHCPv6 Relay information options.
interface-id
Syntax
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
no interface-id
Context
config>service>ies>if>ipv6>dhcp6-relay>option
Description
This command enables the sending of interface ID options in the DHCPv6 Relay packet.
Default
ascii-tuple
Parameters
- ascii-tuple
specifies that the ASCII-encoded concatenated tuple, which consists of the access node identifier, service ID, and interface name, separated by ‟/”, will be used
- ifindex
specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.
- sap-id
specifies that the SAP ID will be used
- string
specifies that a string of up to 32 printable, 7-bit ASCII characters, will be used. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
remote-id
Syntax
[no] remote-id
Context
config>service>ies>if>ipv6>dhcp6-relay>option
Description
This command enables the sending of the remote ID option in the DHCPv6 Relay packet. The client DHCP Unique Identifier (DUID) is used as the remote ID.
server
Syntax
server ipv6-address [ipv6-address...(up to 8 max)]
no server ipv6-address [ipv6-address...(up to 8 max)]
Context
config>service>ies>if>ipv6>dhcp6-relay
Description
This command specifies a list of servers where DHCPv6 requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. At least one server must be specified in order for DHCPv6 Relay to work. If there are multiple servers, the request is forwarded to all of them. A maximum of eight servers can be configured.
Default
n/a
Parameters
- ipv6-address
the IPv6 addresses of the DHCP servers
icmp6
Syntax
icmp6
Context
config>service>ies>if>ipv6
Description
This command enables the context to configure ICMPv6 parameters on the IES interface.
packet-too-big
Syntax
packet-too-big [number seconds]
no packet-too-big
Context
config>service>ies>if>ipv6>icmp6
Description
This command configures the rate for ICMPv6 packet-too-big messages.
The no form of the command disables the sending of ICMPv6 packet-too-big messages.
Default
100 10
Parameters
- number
the maximum number of packet-too-big messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, used to limit the number of packet-too-big messages that can be issued, expressed as a decimal integer
param-problem
Syntax
param-problem [number seconds]
no param-problem
Context
config>service>ies>if>ipv6>icmp6
Description
This command configures the rate for ICMPv6 param-problem messages.
The no form of the command disables the sending of ICMPv6 param-problem messages.
Default
100 10
Parameters
- number
the maximum number of param-problem messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, used to limit the number of param-problem messages that can be issued, expressed as a decimal integer
time-exceeded
Syntax
time-exceeded [number seconds]
no time-exceeded
Context
config>service>ies>if>ipv6>icmp6
Description
This command configures the rate for ICMPv6 time-exceeded messages.
The no form of the command disables the sending of ICMPv6 time-exceeded messages.
Default
100 10
Parameters
- number
the maximum number of time-exceeded messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, used to limit the number of time-exceeded messages that can be issued, expressed as a decimal integer
unreachables
Syntax
unreachables [number seconds]
no unreachables
Context
config>service>ies>if>ipv6>icmp6
Description
This command enables and configures the rate for ICMPv6 host and network destination unreachable messages issued on the router interface.
The no form of the command disables the generation of ICMPv6 destination unreachables on the router interface.
Default
100 10
Parameters
- number
the maximum number of destination unreachable messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, used to limit the number of destination unreachable messages that can be issued, expressed as a decimal integer
link-local-address
Syntax
link-local-address ipv6-address [preferred]
no link-local-address
Context
config>service>ies>if>ipv6
Description
This command configures the IPv6 link-local address.
The no form of the command removes the configured link-local address, and the router automatically generates a default link-local address.
Removing a manually configured link-local address may impact routing protocols that have a dependency on that address.
Default
n/a
Parameters
- ipv6-address
the IPv6 address
- preferred
specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.
neighbor
Syntax
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context
config>service>ies>if>ipv6
Description
This command configures an IPv6-to-MAC address mapping on the IES interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery or a static address must be used. This command can only be used on Ethernet interfaces. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.
Parameters
- ipv6-address
the IPv6 address on the interface
- mac-address
the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx
reachable-time
Syntax
[no] reachable-time seconds
Context
config>service>ies>if>ipv6
Description
This command specifies the time an IPv6 neighbor remains in reachable state.
Default
no reachable-time
Parameters
- seconds
specifies the number of seconds that an IPv6 neighbor remains in reachable state
stale-time
Syntax
[no] stale-time seconds
Context
config>service>ies>if>ipv6
Description
This command specifies the time that an IPv6 neighbor cache entry remains in stale state. When the specified time elapses, the system removes the neighbor cache entry.
Default
no stale-time
Parameters
- seconds
specifies the number of seconds that an IPv6 neighbor remains in stale state
IES Service VRRP Commands
vrrp
Syntax
vrrp virtual-router-id [owner] [passive]
no vrrp virtual-router-id
Context
config>service>ies>interface
config>service>ies>if>ipv6
Description
This command creates or edits a virtual router ID (VRID) on the service IP interface. A virtual router ID is internally represented in conjunction with the IP interface name. This allows the virtual router ID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRIDs can be defined on an IP interface. One, both, or none may be defined as owner.
The no form of this command removes the specified virtual router ID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the virtual router ID. The virtual router ID does not need to be shut down in order to remove the virtual router instance.
Default
n/a
Parameters
- virtual-router-id
specifies a new virtual router ID or one that can be modified on the IP interface
- owner
-
keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of VRID creation, the vrrp backup command must be used to define the virtual router IP addresses. The owner keyword is not required when entering the VRID for editing purposes. When created as owner, a VRID on an IP interface cannot have the owner parameter removed. The VRID must be deleted, and then recreated without the owner keyword, to remove ownership.
- passive
-
keyword used to identify this virtual router instance as passive, owning the virtual router IP addresses. A passive VRID does not send or receive VRRP advertisement messages and is always in either the master state (if the interface is operationally up), or the initialize state (if the interface is operationally down). The passive keyword is not required when entering the VRID for editing purposes. When a VRID on an IP interface is created as passive, the parameter cannot be removed from the VRID. The VRID must be deleted, and then recreated without the passive keyword, to remove the parameter.
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context
config>service>ies>if>vrrp
Description
This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
If the command is re-executed with a different password key defined, the new key is used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.
To change the current in-use password key on multiple virtual router instances:
identify the current master
shut down the virtual router instance on all backups
execute the authentication-key command on the master to change the password key
execute the authentication-key command and no shutdown command on each backup
The no form of this command restores the default value of the key.
Default
The authentication data field contains the value 0 in all octets.
Parameters
- authentication-key
identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string 8 octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The authentication-key parameter is expressed as a string consisting up to eight alphanumeric characters. Spaces must be contained in quotation marks (‟ ”). The quotation marks are not considered part of the string.
The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
- hash-key
can be any combination of ASCII characters up to 11 characters in length (encrypted) for a hash key or up to 110 characters for a hash2 key. If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).
This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
specifies that the key is entered in an encrypted form. If the hash keyword is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash keyword specified.
- hash2
specifies that the key is entered in a more complex encrypted form. If the hash2 keyword is not used, the less-encrypted hash form is assumed.
backup
Syntax
[no] backup ip-address
[no] backup ipv6-address
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command configures virtual router IP addresses for backup.
Default
n/a
Parameters
- ip-address
specifies the destination IPv4 address for backup
- ipv6-address
specifies the destination IPv6 address for backup
bfd-enable
Syntax
[no] bfd-enable service-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command assigns a BFD session that provides a heartbeat mechanism for a VRRP instance. Only one BFD session can be assigned to a VRRP instance, but multiple VRRP instances can use the same BFD session.
BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set with the bfd-enable command under the IP interface specified in this command.
The no form of this command removes BFD from the configuration.
Default
n/a
Parameters
- service-id
specifies the service ID of the interface running BFD
- interface-name
specifies the name of the interface running BFD
- ip-address
specifies the destination address to be used for the BFD session
init-delay
Syntax
init-delay seconds
no init-delay
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command configures a VRRP initialization delay timer.
Default
no init-delay
Parameters
- seconds
specifies the number of seconds for the initialization delay timer for VRRP
mac
Syntax
mac mac-address
no mac
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command assigns a specific MAC address to an IES IP interface.
The no form of the command returns the MAC address of the IP interface to the default value.
Default
the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)
Parameters
- mac-address
specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
master-int-inherit
Syntax
[no] master-int-inherit
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command allows the master instance to dictate the master down timer (non-owner context only).
The master down interval is the time that the master router can be down before the backup router takes over. The master down interval is used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state. See the "Master Down Interval" in the "VRRP" chapter of the 7705 SAR Router Configuration Guide for details.
Default
no master-int-inherit
message-interval
Syntax
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an advertisement interval field different from the virtual router instance configured message-interval value is silently discarded.
Configuring the message interval value can be done in three ways: using only the milliseconds value, using only the seconds value, or using a combination of the two values. Message Interval Configuration Ranges shows the ranges for each way of configuring the message interval.
Configuration |
IPv4 |
IPv6 |
---|---|---|
Using milliseconds value only |
100 to 900 ms |
10 to 990 ms |
Using seconds value only |
1 to 255 s |
1 to 40 s |
Using combination milliseconds and seconds values |
1 s 100 ms to 255 s 900 ms (1.1 s to 255.9 s) |
1 s 10 ms to 40s 990 ms (1.01 s to 40.99 s) |
Default setting |
1 s |
1 s |
The message-interval command is available for both non-owner and owner virtual routers. If the message-interval command is not executed, the default message interval is 1 s.
The no form of this command restores the default message-interval value of 1 s to the virtual router instance.
Default
1 s
Parameters
- seconds
the time interval, in seconds, between sending advertisement messages.
- milliseconds
the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on non-redundant chassis.
ntp-reply
Syntax
[no] ntp-reply
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command enables the reception of and response to Network Time Protocol (NTP) requests directed at the VRRP virtual IP address. This behaviour only applies to the router currently acting as the master VRRP.
The no form of this command disables NTP requests from being processed.
Default
no ntp-reply
ping-reply
Syntax
[no] ping-reply
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parent IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of the ping reply configuration.
The ping-reply command is only available for non-owner virtual routers.
The no form of this command restores the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP addresses.
Default
no ping-reply
policy
Syntax
policy vrrp-policy-id
no policy
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command associates a VRRP priority control policy with the virtual router instance (non-owner context only). VRRP policies are defined under the config>vrrp>policy context. For details, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.
Default
n/a
Parameters
- vrrp-policy-id
specifies a VRRP priority control policy. The VRRP policy ID must already exist in the system for the policy command to be successful.
preempt
Syntax
[no] preempt
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command provides the ability to override an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode enhances the operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.
The preempt command is only available for non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner always preempts all other virtual routers when it is available.
Non-owner backup virtual router instances only preempt when preempt is set and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.
A master non-owner virtual router only allows itself to be preempted when the incoming VRRP advertisement message priority field value is one of the following:
greater than its in-use priority value
equal to the in-use priority value, and the source IP address (primary IP address) is greater than its primary IP address
The no form of this command prevents a non-owner virtual router instance from preempting another, less-desirable, virtual router.
Default
preempt
priority
Syntax
priority priority
no priority
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority derives the in-use priority of the virtual router instance.
The priority command is only available for non-owner VRRP virtual routers. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.
The no form of this command restores the default value of 100.
Parameters
- priority
specifies the priority used by the virtual router instance. If a VRRP priority control policy is not defined, the base priority is in-use priority for the virtual router instance.
ssh-reply
Syntax
[no] ssh-reply
Context
config>service>ies>if>vrrp
Description
This command enables the non-owner master to reply to SSH requests directed at the IP addresses of the virtual router instances. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parent IP interface or based on the SSH source host address). Proper login and CLI command authentication are enforced.
When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to SSH requests regardless of the SSH reply configuration.
The ssh-reply command is only available for non-owner VRRP virtual routers.
The no form of this command restores the default operation of discarding all SSH packets destined for the non-owner virtual router instance IP addresses.
Default
no ssh-reply
standby-forwarding
Syntax
[no] standby-forwarding
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command allows the forwarding of packets by a standby router when sent to the virtual router MAC address.
The no form of the command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.
Default
no standby-forwarding
telnet-reply
Syntax
[no] telnet-reply
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP addresses of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parent IP interface or based on the Telnet source host address). Proper login and CLI command authentication are enforced.
If the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to Telnet requests regardless of the Telnet reply configuration.
The telnet-reply command is only available for non-owner VRRP virtual routers.
The no form of this command restores the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP addresses.
Default
no telnet-reply
traceroute-reply
Syntax
[no] traceroute-reply
Context
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description
This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses. The command is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute reply status.
Default
no traceroute-reply
IES Service SAP Commands
sap
Syntax
[no] sap sap-id [create]
Context
config>service>ies>interface
Description
This command creates a SAP within an IES service. Each SAP must be unique.
All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or an IP interface, a SAP does not exist on that object.
To edit SAP parameters, enter an existing SAP without the create keyword.
A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. A SAP can only be defined on a port that has been configured as an access port in the config>port port-id context using the mode access command. See the 7705 SAR Interface Configuration Guide, ‟Access Ports”.
If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service are discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The following SAP types are supported:
PPP IPCP encapsulation of an IPv4 packet for IES (RFC 1332)
MLPPP bundle
LAG
Ethernet SAPs supporting null, dot1q, and qinq
To configure an IES interface SAP that is used for a public IPSec tunnel interface, see sap in Service Interface Tunnel Commands.
If the IES interface has been configured as a loopback interface with the loopback command, a SAP cannot be defined on the interface.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted.
Default
no sap
Parameters
- sap-id
specifies the physical port identifier portion of the SAP definition. See SAP ID Configurations for a full list of SAP IDs.
- create
keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy [acct-policy-id]
Context
config>service>ies>if>sap
Description
This command creates the accounting policy context that can be applied to a SAP. An accounting policy must be defined before it can be associated with a SAP. If the policy ID does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
Default
no accounting-policy
Parameters
- acct-policy-id
the accounting policy ID as configured in the config>log>accounting-policy context
collect-stats
Syntax
[no] collect-stats
Context
config>service>ies>if>sap
Description
This command enables accounting and statistical data collection for the SAP. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued, the statistics are still accumulated by the CSM. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
collect-stats
egress
Syntax
egress
Context
config>service>ies>if>sap
Description
This command enables the context to configure egress SAP QoS policies and IP filter policies.
If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress IP filter policy is defined, no filtering is performed.
ingress
Syntax
ingress
Context
config>service>ies>if>sap
Description
This command enables the context to configure ingress SAP QoS policies and IP filter policies.
If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress IP filter policy is defined, no filtering is performed.
agg-rate-limit
Syntax
agg-rate-limit agg-rate [cir cir-rate]
no agg-rate-limit
Context
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description
This command sets the aggregate rate limits (PIR and CIR) for the SAP. The agg-rate sets the PIR value. The cir-rate sets the CIR value. When aggregate rate limits are configured on a second-generation (Gen-2) Ethernet adapter card, the scheduler mode must be set to 16-priority. On a third-generation (Gen-3) Ethernet adapter card, the scheduler mode is always 4-priority. For information on adapter card generations, see the ‟Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR Interface Configuration Guide.
Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.
If the specified SAP is a LAG SAP, agg-rate and cir-rate is configured regardless of the scheduler mode setting on Gen-2 or Gen-3 hardware. If the active port is on a Gen-3 card or platform, agg-rate and cir-rate are applicable. If the active port is on a Gen-2 card or platform, agg-rate and cir-rate apply when the scheduler mode is set to 16-priority. For details on the behavior of a mix-and-match LAG SAP, see the ‟LAG Support on Third-Generation Ethernet Adapter Cards, Ports, and Platforms” and ‟Network LAG Traffic Management” sections in the 7705 SAR Interface Configuration Guide.
The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.
Default
no agg-rate-limit
Parameters
- agg-rate
sets the PIR for the aggregate of all the queues on the SAP. The max keyword applies the maximum physical port rate possible.
- cir-rate
sets the CIR for the aggregate of all the queues on the SAP
filter
Syntax
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
Context
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description
This command associates an IPv4 or IPv6 filter policy with an egress or ingress IES SAP.
Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.
The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is displayed.
The no form of the command removes any configured filter ID association with the SAP. The filter policy cannot be deleted until it is removed from all SAPs where it is applied.
Default
no filter
Parameters
- ip-filter-id
specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.
- ipv6-filter-id
specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IP filters.
match-qinq-dot1p
Syntax
match-qinq-dot1p {top | bottom}
no match-qinq-dot1p
Context
config>service>ies>if>sap>ingress
Description
This command specifies which dot1q tag position (top or bottom) in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification.
The no form of the command restores the default dot1p evaluation behavior for the SAP, which means that the inner (bottom) tag (second tag) dot1p bits are used for classification.
By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.
Match-QinQ-Dot1p Matching Behavior shows which set of dot1p bits are used for QoS purposes when match-qinq-dot1p is configured. To use the table, find the row that represents the settings for Port/SAP Type and Match-QinQ-Dot1q Setting. Use the Existing Packet Tags column to identify which dot1q tags are available in the packet. Then use the P-bits Used for Match column to identify which dot1q tag contains the dot1p bits that are used for QoS dot1p classification.
Default
no match-qinq-dot1p
Parameters
- top
the top parameter and bottom parameter are mutually exclusive. When the top parameter is specified, the outer tag's dot1p bits (topmost P-bits) are used (if existing) to match any dot1p dot1p-value entries.
- bottom
the bottom parameter and top parameter are mutually exclusive. When the bottom parameter is specified, the bottommost P-bits (second tag’s P-bits) are used (if existing) to match any dot1p dot1p-value entries.
Table 5. Match-QinQ-Dot1p Matching Behavior Port/ SAP Type
Match-QinQ-Dot1p Setting 1
Existing Packet Tags
P-bits Used for Match
Null
n/a
None
None
Null
n/a
Dot1p (VLAN ID 0)
None 2
Null
n/a
Dot1q
None 2
Null
n/a
TopQ BottomQ
None 2
Dot1q
n/a
None
None
Dot1q
n/a
Dot1p (default SAP VLAN ID 0)
Dot1p P-bits
Dot1q
n/a
Dot1q
Dot1q P-bits
QinQ/ X.Y
Top
TopQ BottomQ
TopQ P-bits
QinQ/ X.Y
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ X.0
Top
TopQ
TopQ P-bits
QinQ/ X.0
Default or Bottom
TopQ
TopQ P-bits
QinQ/ X.0
Top
TopQ BottomQ
TopQ P-bits
QinQ/ X.0
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ X.*
Top
TopQ
TopQ P-bits
QinQ/ X.*
Default or Bottom
TopQ
TopQ P-bits
QinQ/ X.*
Top
TopQ BottomQ
TopQ P-bits
QinQ/ X.*
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ 0.*
Top
None
None
QinQ/ 0.*
Default or Bottom
None
None
QinQ/ 0.*
Top
TopQ
TopQ P-bits
QinQ/ 0.*
Default or Bottom
TopQ
TopQ P-bits
QinQ/ 0.*
Top
TopQ BottomQ
TopQ P-bits
QinQ/ 0.*
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ *.*
Top
None
None
QinQ/ *.*
Default or Bottom
None
None
QinQ/ *.*
Top
TopQ
TopQ P-bits
QinQ/ *.*
Default or Bottom
TopQ
TopQ P-bits
QinQ/ *.*
Top
TopQ BottomQ
TopQ P-bits
QinQ/ *.*
Default or Bottom
TopQ BottomQ
BottomQ P-bits
Notes:
‟Default” in this column refers to the no form of match-qinq-dot1p command.
For null encapsulation, the 7705 SAR does not process dot1p bits.
qinq-mark-top-only
Syntax
[no] qinq-mark-top-only
Context
config>service>ies>if>sap>egress
Description
When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. When disabled, both sets of P-bits are marked. When enabled, only the P-bits in the top Q-tag are marked. The no form of the command is the default state (disabled).
Dot1p Re-marking Behavior for the QinQ-mark-top-only Command shows the dot1p re-marking behavior for different egress port type/SAP type combinations and qinq-mark-top-only state, where ‟False” represents the default (disabled) state.
If a new tag is pushed, the dot1p bits of the new tag are zero (unless the new tag is re-marked by the egress policy. The dot1p bits are configured using the dot1p parameter under the config>qos context.
Egress Port Type/SAP Type |
QinQ-mark-top-only State |
Egress P-Bits Marked or Re-marked |
---|---|---|
Null 1 |
n/a |
None |
Dot1q/ X 1 |
n/a |
Outer tag |
Dot1q/ * 2 |
n/a |
None |
Dot1q/ 0 2 |
n/a |
Outer tag |
QinQ/ X.Y 1 |
False |
Two outer tags 3 |
True |
Outer tag 3 |
|
QinQ/ X.* 1 |
True or False |
Outer tag |
QinQ/ X.0 1 |
True or False |
Outer tag |
QinQ/ 0.* 1 |
True or False |
None |
QinQ/ *.* 2 |
True or False |
None |
Notes:
This port type/SAP type is supported by the following services: Epipe, Ipipe, VPLS, IES, and VPRN.
This port type/SAP type is supported by the following services: Epipe and VPLS.
Normally, when a new tag is pushed, the dot1p bits of the new tag is zero, unless the P-bits are remarked by the egress policy. However, an exception to this occurs when the egress SAP type is X.Y and only one new outer tag must be pushed. In this case, the new outer tag has its dot1p bits set to the inner tag's dot1p bits.
Default
no qinq-mark-top-only
qos
Syntax
qos policy-id
no qos
Context
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description
This command associates a QoS policy with an ingress or egress IES SAP.
QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined before associating the policy with a SAP. If the policy-id does not exist, an error is returned.
The qos command associates both ingress and egress QoS policies. The qos command allows only ingress policies to be associated on the SAP ingress and only egress policies to be associated on the SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.
Only one ingress and one egress QoS policy is associated with an IES SAP at one time. Attempts to associate a second QoS policy of a specified type returns an error.
By default, no specific QoS policy is associated with the SAP for ingress or egress; therefore, the default QoS policy is used.
The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.
Parameters
- policy-id
associates the ingress or egress policy ID with the SAP. The policy ID or name must already exist.
scheduler-mode
Syntax
scheduler-mode {4-priority | 16-priority}
Context
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description
This command sets the scheduler mode for the SAP and is part of the hierarchical QoS (H-QoS) feature on the 7705 SAR.
If the mode is 4-priority, then the SAP is considered an unshaped 4-priority SAP and the agg-rate-limit cannot be changed from its default values.
If the mode is 16-priority and the agg-rate limit parameters are configured to be non-default values, then the SAP is considered a shaped SAP. If the agg-rate limit parameters are left in their default settings, the SAP is considered an unshaped, 16-priority SAP.
This command is blocked on third-generation (Gen-3) Ethernet adapter cards and platforms, such as the 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X, which only support 4-priority scheduling mode.
If the specified SAP is a LAG SAP, scheduler-mode can be configured but is not applied to Gen-3 adapter cards and platforms.
Default
4-priority
Parameters
- 4-priority
sets the scheduler mode for the SAP to be 4-priority mode
- 16-priority
sets the scheduler mode for the SAP to be 16-priority mode
shaper-group
Syntax
[no] shaper-group shaper-group-name [create]
Context
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description
This command applies a shaper group to a SAP. The shaper group must already be created and must be within the shaper policy assigned to the Ethernet MDA (for ingress) or port (for egress). A shaper group is a dual-rate aggregate shaper used to shape aggregate access ingress or egress SAPs at a shaper group rate. Multiple aggregate shaper groups ensure fair sharing of available bandwidth among different aggregate shapers.
The default shaper group cannot be deleted.
The no form of this command removes the configured shaper-group.
Default
shaper-group ‟default”
Parameters
- shaper-group-name
the name of the shaper group. To access the default shaper group, enter ‟default”.
- create
keyword used to create a shaper group
IES Service Spoke SDP Commands
spoke-sdp
Syntax
spoke-sdp sdp-id:vc-id [create]
no spoke-sdp sdp-id:vc-id
Context
config>service>ies>interface
Description
This command binds a service to an existing Service Distribution Point (SDP).
A spoke SDP is treated like the equivalent of a traditional bridge ‟port”, where flooded traffic received on the spoke SDP is replicated on all other ‟ports” (other spoke SDPs or SAPs) and not transmitted on the port it was received on.
The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.
The SDP must already be defined in the config>service>sdp context in order to associate it with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.
SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.
Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to the service. Once the binding is removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.
Default
no sdp-id is bound to a service
Special Cases
- IES
only one sdp-id can be bound to an IES
Parameters
- sdp-id
the SDP identifier
- vc-id
the virtual circuit identifier
egress
Syntax
egress
Context
config>service>ies>if>spoke-sdp
Description
This command enables the context to configure egress SDP parameters.
vc-label
Syntax
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context
config>service>ies>if>spoke-sdp>egress
Description
This command configures the static MPLS VC label used by the 7705 SAR to send packets to the far-end device in this service via this SDP.
Parameters
- egress-vc-label
a VC egress value that indicates a specific connection
ingress
Syntax
ingress
Context
config>service>ies>if>spoke-sdp
Description
This command enables the context to configure ingress SDP parameters.
filter
Syntax
filter ip ip-filter-id
no filter
Context
config>service>ies>if>spoke-sdp>ingress
Description
This command associates an IP filter policy with an ingress spoke SDP. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.
The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned.
In general, filters applied to ingress spoke SDPs apply to all packets on the spoke SDP. One exception is that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.
The no form of this command removes any configured filter ID association with the spoke SDP.
Parameters
- ip-filter-id
specifies the IP filter policy. The filter ID or filter name must already exist within the created IP filters.
vc-label
Syntax
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context
config>service>ies>if>spoke-sdp>ingress
Description
This command configures the static MPLS VC label used by the far-end device to send packets to the 7705 SAR in this service via this SDP.
Parameters
- ingress-vc-label
a VC ingress value that indicates a specific connection
Routed VPLS Commands
vpls
Syntax
vpls service-name
no vpls
Context
config>service>ies>if
Description
This command within the IP interface context binds the IP interface to the specified VPLS service name.
The system does not attempt to resolve the service name until the IP interface is placed into the administratively up state (no shutdown). After the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the service name. If the IP interface is already in the administratively up state, the system immediately attempts to resolve the specified service name.
Parameters
- service-name
specifies the service name that the system attempts to resolve to an allow-ip-int-binding enabled VPLS service associated with the service name. The specified service name is an ASCII string of up to 32 characters.
ingress
Syntax
ingress
Context
config>service>ies>if>vpls
Description
This command within the VPLS binding context defines the routed IPv4 optional filter override.
v4-routed-override-filter
Syntax
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context
config>service>ies>if>vpls>ingress
Description
This command specifies an IPv4 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv4 routed packets use the existing ingress IPv4 filter on the VPLS virtual ports.
The no form of the command removes the IPv4 routed override filter from the ingress IP interface.
Default
n/a
Parameters
- ip-filter-id
specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.
v6-routed-override-filter
Syntax
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context
config>service>ies>if>vpls>ingress
Description
This command specifies an IPv6 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if it is not defined or it is removed, the IPv6 routed packets use the existing ingress IPv6 filter on the VPLS virtual ports.
The no form of the command removes the IPv6 routed override filter from the ingress IP interface.
Default
n/a
Parameters
- ipv6-filter-id
specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.
IES Service Security Zone Configuration Commands
zone
Syntax
zone {zone-id | zone-name} [create]
no zone {zone-id | zone-name}
Context
config>service>ies
Description
This command creates or specifies a security zone within an IES context. Each zone must have a unique ID.
All zones must be explicitly created with the create keyword.
Enter an existing zone without the create keyword to edit zone parameters.
The no form of this command deletes the zone. When a zone is deleted, all configuration parameters for the zone are also deleted.
Parameters
- zone-id
the zone ID number. The zone ID must be unique within the system.
abort
Syntax
abort
Context
config>service>ies>zone
Description
This command discards changes made to a security feature.
Default
n/a
begin
Syntax
begin
Context
config>service>ies>zone
Description
This command enters the mode to create or edit security features.
Default
n/a
commit
Syntax
commit
Context
config>service>ies>zone
Description
This command saves changes made to security features.
Default
n/a
inbound
Syntax
inbound
Context
config>service>ies>zone
Description
This command enables the context to configure limit parameters on inbound firewall sessions.
Default
n/a
outbound
Syntax
outbound
Context
config>service>ies>zone
Description
This command enables the context to configure limit parameters for outbound firewall sessions on the CSM.
Default
n/a
limit
Syntax
limit
Context
config>service>ies>zone>inbound
config>service>ies>zone>outbound
Description
This command enables the context to configure limits on concurrent sessions for inbound or outbound firewall sessions on the CSM.
Default
n/a
concurrent-sessions
Syntax
concurrent-sessions {tcp | udp | icmp | other} sessions
no concurrent-sessions {tcp | udp | icmp | other}
Context
config>service>ies>zone>inbound>limit
config>service>ies>zone>outbound>limit
Description
This command configures the maximum number of concurrent firewall sessions that can be established per zone, in either the inbound or outbound direction.
Default
n/a
Parameters
- tcp
specifies that TCP connection traffic is to be firewalled
- udp
specifies that UDP connection traffic is to be firewalled
- icmp
specifies that ICMP connection traffic is to be firewalled
- other
specifies that the traffic to be firewalled is other than TCP, UDP, or ICMP
- sessions
the maximum number of concurrent firewall sessions that can be created in a zone for the configured direction and protocol
interface
Syntax
[no] interface ip-int-name
Context
config>service>ies>zone
Description
This command creates a logical IP routing interface for a zone. When created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.
The no form of this command removes the IP interface and all the associated configurations.
Parameters
- ip-int-name
the name of the interface to be configured within the zone
log
Syntax
log {log-id | name}
no log
Context
config>service>ies>zone
Description
This command applies a security log to the specified zone. The security log must already be configured in the config>security>logging context.
The no form of this command removes logging for the zone.
Parameters
- log-id
the identifier for the log
- name
the name of the log
name
Syntax
name zone-name
no name
Context
config>service>ies>zone
Description
This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.
Parameters
- zone-name
the name of the zone
nat
Syntax
nat
Context
config>service>ies>zone
Description
This command enters the context to configure NAT parameters for a zone.
pool
Syntax
pool pool-id [create]
no pool pool-id
Context
config>service>ies>zone>nat
Description
This command configures the NAT pool for the security zone within an IES service. Each pool must have a unique ID.
All pools must be explicitly created with the create keyword.
Enter an existing pool without the create keyword to edit pool parameters.
The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool are deleted.
Parameters
- pool-id
the pool ID number
direction
Syntax
direction {zone-outbound | zone-inbound | both}
no direction
Context
config>service>ies>zone>nat>pool
Description
This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.
Parameters
- zone-outbound
configures a pool for the policy outbound traffic
- zone-inbound
configures a pool for the policy inbound traffic
- both
configures a pool for policy inbound and outbound traffic
entry
Syntax
entry entry-id [create]
no entry entry-id
Context
config>service>ies>zone>nat>pool
Description
This command configures a NAT pool entry within an IES service.
The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry are deleted.
Parameters
- entry-id
the entry ID number
ip-address
Syntax
ip-address ip-address [to ip-address] interface ip-int-name
no ip-address
Context
config>service>ies>zone>nat>pool>entry
Description
This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.
The IP address for the interface must be entered in dotted-decimal notation. The maximum IP address range limit is 255.
The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
Parameters
- ip-address
the source IP address to be used by NAT. The ip-address portion of the ip-address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- ip-int-name
the name of the interface to be used by NAT
port
Syntax
port port [to port]
no port
Context
config>service>ies>zone>nat>pool>entry
Description
This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.
The no form of this command deletes the port or port range.
Parameters
- port
the UDP/TCP port or range of ports to which NPAT is applied
name
Syntax
name pool-name
no name
Context
config>service>ies>zone>nat>pool
Description
This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.
Parameters
- pool-name
the name of the pool. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
policy
Syntax
policy {policy-id | policy-name}
no policy
Context
config>service>ies>zone
Description
This command sets the policy to be used by the security zone to build its matching criteria for incoming packets.
The no form of this command deletes the specified policy.
Parameters
- policy-id
the number of the referenced policy
- policy-name
the name of the referenced policy
IES Raw Socket IP Transport Configuration Commands
ip-transport
Syntax
ip-transport ipt-id [create]
no ip-transport ipt-id
Context
config>service>ies
Description
This command creates an IP transport subservice within an IES service. An IP transport subservice is used to transmit serial raw socket data to and from a local host and remote host.
All IP transport subservices must be explicitly created using the create keyword. An IP transport subservice is owned by the service within which it is created. An IP transport subservice can only be associated with a single service. The create keyword is not needed when editing parameters for an existing IP transport subservice. An IP transport subservice must be first shut down before changes can be made to the configured parameters.
The no form of this command deletes the IP transport subservice with the specified ipt-id. When an IP transport subservice is deleted, all configured parameters for the IP transport subservice are also deleted.
Default
no ip-transport
Parameters
- ipt-id
the IP transport subservice physical port identifier. The ipt-id must reference an RS-232 serial port that has been configured as a socket and has its encapsulation type set to raw. See the 7705 SAR Interface Configuration Guide, ‟Serial Commands”, for more information.
- create
creates this IP transport subservice
dscp
Syntax
dscp dscp-name
Context
config>service>ies>ip-transport
Description
This command configures the DSCP name used to mark the DSCP field in IP transport packets originating from this node.
Raw socket traffic redirection to a specific queue is enabled by the fc command.
Default
ef
Parameters
- dscp-name
the DSCP name used to mark the DSCP field in IP transport packets. Valid DSCP Names lists the valid DSCP names.
Table 7. Valid DSCP Names dscp-name
be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63
fc
Syntax
fc [fc-name] profile {in | out}
Context
config>service>ies>ip-transport
Description
This command configures the forwarding class and profile marking for IP transport packets originating from this node.
Default
ef for fc, in for profile
Parameters
- fc-name
the forwarding class name to use for the IP transport packets
- profile {in| out}
the profile marking for the IP transport packets, either in or out
filter-unknown-host
Syntax
[no] filter-unknown-host
Context
config>service>ies>ip-transport
Description
This command filters connections from unknown hosts. An unknown host is any host that is not configured as a remote host.
The no form of this command disables the filter.
Default
no filter-unknown-host
local-host
Syntax
local-host ip-addr ip-addr port-num port-num protocol {tcp | udp}
no local-host
Context
config>service>ies>ip-transport
Description
This command creates the local host within the IP transport subservice.
The local host is required to accept TCP/UDP sessions initiated from far-end remote hosts, and for the node to initiate sessions towards the far-end remote hosts.
The local host must be created before a remote host is created.
The no form of this command deletes the local host.
Default
no local-host
Parameters
- ip-addr
the IP address that is used for this local host. The IP address must be the same as a loopback or local interface IP address that is already configured within this service.
- port-num
the port number that is used by remote hosts to establish TCP/UDP sessions to this local host
- protocol {tcp | udp}
the protocol type that is used for all sessions to and from this local host, either tcp or udp
remote-host
Syntax
remote-host host-id ip-addr ip-addr] port-num port-num [create]
no remote-host host-id
Context
config>service>ies>ip-transport
Description
This command creates a remote host within the IP transport subservice. Multiple remote hosts may be created in order to send serial raw socket IP transport data to multiple destinations. The create keyword must be used for each remote host that is created.
The no form of this command deletes the remote host.
Default
no remote-host
Parameters
- host-id
the remote host identifier
- ip-addr
the IP address that is used to reach the remote host in order to route IP transport packets to that remote host
- port-num
the destination port number that is used to reach the serial port socket on the remote host
- create
creates this remote host
name
Syntax
name host-name
no name
Context
config>service>ies>ip-transport>remote-host
Description
This command configures a unique name for this remote host.
The no form of this command deletes the remote host name.
Default
n/a
Parameters
- host-name
a unique name for this remote host, up to 64 characters long
tcp
Syntax
tcp
Context
config>service>ies>ip-transport
Description
This command enables the context to configure TCP parameters within this IP transport subservice.
Default
n/a
inactivity-timeout
Syntax
inactivity-timeout seconds
Context
config>service>ies>ip-transport>tcp
Description
This command specifies how long to wait before disconnecting a TCP connection because of traffic inactivity over the connection.
Default
30 s
Parameters
- seconds
how long to wait, in seconds, before disconnecting a TCP connection
max-retries
Syntax
max-retries number
Context
config>service>ies>ip-transport>tcp
Description
This command specifies the number of times that a remote host, acting as a client, tries to establish a TCP connection after the initial attempt fails.
Default
5
Parameters
- number
the number of attempts to establish a TCP connection after the initial attempt fails
retry-interval
Syntax
retry-interval seconds
Context
config>service>ies>ip-transport>tcp
Description
This command specifies how long to wait before each TCP max-retries attempt.
Default
5 s
Parameters
- seconds
how long to wait, in seconds, before each TCP max-retries attempt
Show Commands
The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.
customer
Syntax
customer [customer-id]
Context
show>service
Description
This command displays service customer information.
Parameters
- customer-id
specifies the customer ID number to be displayed
Output
The following output is an example of service customer information, and Service Customer Field Descriptions describes the fields.
Output ExampleA:ALU-2# show service customer 1
===============================================================================
Customer 1
===============================================================================
Customer-ID : 1
Contact : Tech Support
Description : Default customer
Phone : (613) 555-1122
===============================================================================
Label |
Description |
---|---|
Customer-ID |
ID that uniquely identifies the customer |
Contact |
Name or title of the primary contact person |
Description |
Generic information about the customer |
Phone |
Phone number by which to reach the contact person |
egress-label
Syntax
egress-label start-label [end-label]
Context
show>service
Description
This command displays service information using the range of egress labels.
If only the mandatory start-label parameter is specified, only services using the specified label are displayed.
If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.
Use the show router ldp bindings command to display dynamic labels.
Parameters
- end-label
the ending egress label value for which to display services using the label range
- start-label
the starting egress label value for which to display services using the label range. If only start-label is specified, only services using start-label are displayed.
Output
The following output is an example of service egress label information, and Service Egress Field Descriptions describes the fields.
Output ExampleIn the example below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.
*A:ALU-12>show>service# egress-label 0 131071
===============================================================================
Martini Service Labels
===============================================================================
Svc Id Sdp Binding Type I.Lbl E.Lbl
-------------------------------------------------------------------------------
3 15:15 Spok 0 0
5 5:5 Spok 0 0
6 5:6 Spok 0 0
5000 15:5000 Mesh 0 0
5000 15:5001 Spok 0 0
5001 5001:100 Spok 0 0
-------------------------------------------------------------------------------
Number of Bindings Found : 6
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-12#
Label |
Description |
---|---|
Svc Id |
The ID that identifies a service |
Sdp Binding |
The ID that identifies an SDP |
Type |
Indicates whether the SDP binding is a spoke or a mesh |
I. Lbl |
The VC label used by the far-end device to send packets to 7705 SAR in this service by the SDP |
E. Lbl |
The VC label used by 7705 SAR to send packets to the far-end device in this service by the SDP |
Number of Bindings Found |
The total number of SDP bindings that exist within the specified label range |
id
Syntax
id service-id
Context
show>service
Description
This command displays information for a particular service ID
Parameters
- service-id
identifies the service in the domain by service number or name
all
Syntax
all
Context
show>service>id
Description
This command displays detailed information for all aspects of the service.
Output
The following output is an example of service ID all information, and Service ID All Field Descriptions describes the fields.
Output Example (IES Management Service)A:ALU-2# show service id 751 all
===============================================================================
Service Detailed Information
===============================================================================
Service Id : 751
Service Type : IES
Name : IES751
Description : ATM_Backhaul_SAM_Mgmt
Customer Id : 10
Last Status Change: 09/09/2008 16:26:25
Last Mgmt Change : 09/09/2008 16:25:04
Admin State : Up Oper State : Up
SAP Count : 2
-------------------------------------------------------------------------------
Service Access Points
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
SAP bundle-ima-1/3.1:0/75
-------------------------------------------------------------------------------
Service Id : 751
SAP : bundle-ima-1/3.1:0/75 Encap : atm
Admin State : Up Oper State : Up
Flags : None
Multi Svc Site : None
Last Status Change : 09/09/2008 16:26:25
Last Mgmt Change : 09/09/2008 16:25:04
Sub Type : regular
Admin MTU : 1572 Oper MTU : 1572
Ingr IP Fltr-Id : 1 Egr IP Fltr-Id : n/a
Ingr Mac Fltr-Id : n/a Egr Mac Fltr-Id : n/a
tod-suite : None qinq-pbit-marking : both
Egr Agg Rate Limit : max
Acct. Pol : None Collect Stats : Disabled
Anti Spoofing : None Nbr Static Hosts : 0
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
Ingress qos-policy : 1 Egress qos-policy : 1
Shared Q plcy : n/a Multipoint shared : Disabled
-------------------------------------------------------------------------------
Sap Statistics
-------------------------------------------------------------------------------
Last Cleared Time : N/A
Packets Octets
Forwarding Engine Stats (Ingress)
Dropped : 0 n/a
Off. HiPrio : 802789 n/a
Off. LowPrio : n/a n/a
Queueing Stats(Ingress QoS Policy 1)
Dro. HiPrio : 0 n/a
Dro. LowPrio : n/a n/a
For. InProf : 802789 69039854
For. OutProf : 0 0
Queueing Stats(Egress QoS Policy 1)
Dro. InProf : 0 n/a
Dro. OutProf : n/a n/a
For. InProf : 802829 41753273
For. OutProf : n/a n/a
-------------------------------------------------------------------------------
Sap per Queue stats
-------------------------------------------------------------------------------
Packets Octets
Ingress Queue 1 (Unicast) (Priority)
Off. HiPrio : 802789 n/a
Off. LoPrio : n/a n/a
Dro. HiPrio : 0 n/a
Dro. LoPrio : n/a n/a
For. InProf : 802789 69039854
For. OutProf : 0 0
Ingress Queue 3 (Profile)
Off. ColorIn : 0 0
Off. ColorOut : 0 0
Off. Uncolor : 0 0
Dro. ColorOut : 0 0
Dro. ColorIn/Uncolor : 0 0
For. InProf : 0 0
For. OutProf : 0 0
Egress Queue 1
For. InProf : 802829 41753273
For. OutProf : n/a n/a
Dro. InProf : 0 n/a
Dro. OutProf : n/a n/a
-------------------------------------------------------------------------------
ATM SAP Configuration Information
-------------------------------------------------------------------------------
Ingress TD Profile : 32 Egress TD Profile : 32
Alarm Cell Handling: Enabled AAL-5 Encap : mux-ip
OAM Termination : Enabled Periodic Loopback : Disabled
-------------------------------------------------------------------------------
Service Interfaces
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Interface
-------------------------------------------------------------------------------
If Name : IP_10.75.11.0/24
Admin State : Up Oper State : Up
Protocols : None
IP Addr/mask : 10.75.11.2/24 Address Type : Primary
IGP Inhibit : Disabled Broadcast Address : Host-ones
-------------------------------------------------------------------------------
Details
-------------------------------------------------------------------------------
If Index : 3 Virt. If Index : 3
Last Oper Chg : 09/09/2008 16:26:25 Global If Index : 32
SAP Id : bundle-ima-1/3.1:0/75
TOS Marking : Untrusted If Type : IES
SNTP B.Cast : False IES ID : 751
MAC Address : 00:00:00:00:00:10 Arp Timeout : 14400
IP MTU : 1524 ICMP Mask Reply : True
Arp Populate : Disabled Host Conn Verify : Disabled
LdpSyncTimer : None
Proxy ARP Details
Rem Proxy ARP : Disabled Local Proxy ARP : Disabled
Policies : none
ICMP Details
Unreachables : Number - 100 Time (seconds) - 10
TTL Expired : Number - 100 Time (seconds) - 10
IPCP Address Extension Details
Peer IP Addr : Not configured
Peer Pri DNS Addr : Not configured
Peer Sec DNS Addr : Not configured
Label |
Description |
---|---|
Service Detailed Information |
|
Service Id |
Service ID number |
Service Type |
Type of service (IES) |
Name |
The service name |
Description |
Generic information about the service |
Customer Id |
Customer ID number |
Last Status Change |
Date and time of the most recent status change to this service |
Last Mgmt Change |
Date and time of the most recent management-initiated change to this service |
Admin State |
Desired state of the service |
Oper State |
Operating state of the service |
MTU |
Service MTU |
SAP Count |
Number of SAPs specified for this service |
Service Access Points |
|
Service Id |
Service Identifier |
SAP |
ID of the access port where this SAP is defined |
Encap |
Encapsulation type for this SAP on the access port |
Admin State |
Desired state of the SAP |
Oper State |
Operating state of the SAP |
Flags |
Conditions that affect the operating status of this SAP. Display output includes ServiceAdminDown, PortOperDown, and so on. |
Multi Svc Site |
Indicates the multiservice site that the SAP is a member of |
Last Status Change |
Date and time of the most recent status change to this SAP |
Last Mgmt Change |
Date and time of the most recent management-initiated change to this SAP |
Admin MTU |
Desired largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented |
Oper MTU |
Actual largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented |
Ingr IP Fltr-Id |
Ingress IP filter policy ID assigned to the SAP |
Egr IP Fltr-Id |
Egress IP filter policy ID assigned to the SAP |
Ingr Mac Fltr-Id |
Ingress MAC filter policy ID assigned to the SAP (not applicable) |
Egr Mac Fltr-Id |
Egress MAC filter policy ID assigned to the SAP (not applicable) |
Ingr IPv6 Fltr-Id |
Specifies the ingress IPv6 filter policy ID assigned to the SAP |
Egr IPv6 Fltr-Id |
Specifies the egress IPv6 filter policy ID assigned to the SAP |
tod-suite |
n/a |
qinq-pbit-marking |
Indicates the qinq P-bit marking for the SAP: both or top |
Ing Scheduler Mode |
Indicates the ingress scheduler mode for the SAP |
Egr Scheduler Mode |
Indicates the egress scheduler mode for the SAP |
Ing Agg Rate Limit |
Indicates the PIR rate limit in the access ingress direction for the aggregate of the SAP queues |
Egr Agg Rate Limit |
Indicates the PIR rate limit in the access egress direction for the aggregate of the SAP queues |
Ing Agg cir |
Indicates the CIR rate limit in the access ingress direction for the aggregate of the SAP queues |
Egr Agg cir |
Indicates the CIR rate limit in the access egress direction for the aggregate of the SAP queues |
Ing Shaper Group |
Indicates the ingress shaper group for the SAP |
Egr Shaper Group |
Indicates the egress shaper group for the SAP |
Acct. Pol |
Accounting policy applied to the SAP |
Collect Stats |
Specifies whether accounting statistics are collected on the SAP |
QOS |
|
Ingress qos-policy |
SAP ingress QoS policy ID |
Egress qos-policy |
SAP egress QoS policy ID |
Sap Statistics |
|
Last Cleared Time |
Date and time that a clear command was issued on statistics |
Forwarding Engine Stats (Ingress) |
|
Dropped |
Number of packets or octets dropped by the forwarding engine |
Off. HiPrio |
Number of high-priority packets or octets offered to the forwarding engine |
Off. LowPrio |
Number of low-priority packets offered to the forwarding engine |
Queueing Stats (Ingress QoS Policy) |
|
Dro. HiPrio |
Number of high-priority packets or octets discarded, as determined by the SAP ingress QoS policy |
Dro. LowPrio |
Number of low-priority packets discarded, as determined by the SAP ingress QoS policy |
For. InProf |
Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP ingress QoS policy |
For. OutProf |
Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP ingress QoS policy |
Queueing Stats (Egress QoS Policy) |
|
Dro. InProf |
Number of in-profile packets or octets discarded, as determined by the SAP egress QoS policy |
Dro. OutProf |
Number of out-of-profile packets or octets discarded, as determined by the SAP egress QoS policy |
For. InProf |
Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP egress QoS policy |
For. OutProf |
Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP egress QoS policy |
Sap per Queue stats |
|
Ingress Queue n (Priority) |
Index of the ingress QoS queue of this SAP, where n is the index number |
Off. Combined |
Combined total number of high-priority and low-priority packets or octets offered to the forwarding engine |
Off. HiPrio |
Number of packets or octets of high-priority traffic for the SAP (offered) |
Off. LoPrio |
Number of packets or octets count of low-priority traffic for the SAP (offered) |
Dro. HiPrio |
Number of high-priority traffic packets or octets dropped |
Dro. LoPrio |
Number of low-priority traffic packets or octets dropped |
For. InProf |
Number of in-profile packets or octets (rate below CIR) forwarded |
For. OutProf |
Number of out-of-profile packets or octets (rate above CIR) forwarded |
Ingress Queue n (Profile) |
Index of the ingress QoS queue of this SAP, where n is the index number |
Off. ColorIn |
Number of packets or octets colored as in-profile for the SAP (offered) |
Off. ColorOut |
Number of packets or octets colored as out-of-profile for the SAP (offered) |
Off. Uncolor |
Number of packets or octets that are unprofiled for the SAP (offered) |
Dro. ColorOut |
Number of packets or octets colored as out-of-profile that were dropped for the SAP |
Dro. ColorIn/Uncolor |
Number of packets or octets that were colored as in-profile or unprofiled that were dropped for the SAP |
For. InProf |
Number of forwarded packets or octets colored as in-profile (FC profile set to ‟in” or ‟no profile” and rate less than or equal to CIR) |
For. OutProf |
Number of forwarded packets or octets that were colored as out-of-profile (FC profile set to ‟out” or ‟no profile” and rate above CIR) |
Egress Queue n |
Index of the egress QoS queue of the SAP, where n is the index number |
For. InProf |
Number of in-profile packets or octets (rate below CIR) forwarded |
For. OutProf |
Number of out-of-profile packets or octets (rate above CIR) forwarded |
Dro. InProf |
Number of in-profile packets or octets dropped for the SAP |
Dro. OutProf |
Number of out-of-profile packets or octets discarded |
ATM SAP Configuration Information |
|
Ingress TD Profile |
Profile ID of the traffic descriptor applied to the ingress SAP |
Egress TD Profile |
Profile ID of the traffic descriptor applied to the egress SAP |
Alarm Cell Handling |
Indicates that OAM cells are being processed |
AAL-5 Encap |
AAL-5 encapsulation type—this is always mux-ip |
OAM Termination |
Indicates whether this SAP is an OAM termination point |
Services Interfaces |
|
If Name |
Name used to refer to the IES interface |
Admin State |
Administrative state of the interface |
Oper State |
Operational state of the interface |
IP Addr/mask |
IP address and subnet mask length of the interface |
Address Type |
Specifies whether the IP address for the interface is the primary or secondary address on the interface (this is always primary) |
Broadcast Address |
Broadcast address of the interface |
If Index |
Interface index corresponding to the IES interface |
Virt. If Index |
Virtual interface index of the IES interface |
Last Oper Chg |
Date and time of the last operating state change on the interface |
Global IF Index |
Global interface index of the IES interface |
SAP Id |
SAP identifier |
TOS Marking |
Specifies whether the ToS marking state is trusted or untrusted for the IP interface |
If Type |
Type of interface: IES |
IES ID |
Service identifier |
MAC Address |
IEEE 802.3 MAC address |
Arp Timeout |
Timeout for an ARP entry learned on the interface |
IP MTU |
IP maximum transmit unit for the interface |
ICMP Mask Reply |
Specifies whether the IP interface replies to a received ICMP mask request |
ARP Populate |
Indicates if ARP is enabled or disabled |
Proxy ARP Details |
|
Rem Proxy ARP |
Indicates whether remote proxy ARP is enabled or disabled |
Local Proxy ARP |
Indicates whether local proxy ARP is enabled or disabled |
Policies |
Specifies the policy statements applied to proxy ARP |
ICMP Details |
|
Unreachables |
Maximum number of ICMP destination unreachable messages that the IP interface issues in a given period of time, in seconds Disabled—indicates that the IP interface will not generate ICMP destination unreachable messages |
TTL Expired |
Maximum number of ICMP TTL expired messages that the IP interface issues in a given period of time, in seconds Disabled—indicates that the IP interface will not generate ICMP TTL expired messages |
arp
Syntax
arp [ip-address] | [mac ieee-address] | sap sap-id] | [interface ip-int-name]
Context
show>service>id
Description
This command displays the ARP table for the IES instance.
Parameters
- ip-address
the IP address for which ARP entries will be displayed
- ieee-address
the 48-bit MAC address for which ARP entries will be displayed. The MAC address can be expressed in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers.
- sap-id
the SAP ID for which ARP entries will be displayed. See SAP ID Configurations for a full list of SAP IDs.
- ip-int-name
the interface name for which ARP entries will be displayed
Output
The following output is an example of service ID ARP information, and Service ID ARP Field Descriptions describes the fields.
Output Example*A:ALU-2# show service id 4 arp
===============================================================================
ARP Table
===============================================================================
IP Address MAC Address Type Expiry Interface SAP
-------------------------------------------------------------------------------
10.2.3.3 Other 00h00m00s to Internet n/a
===============================================================================
*A:ALU-2#
Label |
Description |
---|---|
ARP Table |
|
IP Address |
Specified IP address |
MAC Address |
Specified MAC address |
Type |
Static—FDB entries created by management |
Learned—dynamic entries created by the learning process |
|
OAM—entries created by the OAM process |
|
Other—local entries created for the IP interfaces |
|
Expiry |
Age of the ARP entry |
Interface |
Interface applied to the service |
SAP |
SAP ID |
base
Syntax
base
Context
show>service>id
Description
This command displays basic information about the service specified by the ID.
Output
The following output is an example of service ID base information, and Service ID Base Field Descriptions describes the fields.
Output Example*A:ALU-2# show service id 4 base
===============================================================================
Service Basic Information
===============================================================================
Service Id : 4
Service Type : IES
Name : IES4
Description : Default IES description for service ID 4
Customer Id : 1
Last Status Change: 01/07/2010 21:58:44
Last Mgmt Change : 01/07/2010 22:14:40
Admin State : Up Oper State : Up
SAP Count : 2
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier Type AdmMTU OprMTU Adm Opr
-------------------------------------------------------------------------------
sap:1/1/3 null 1514 1514 Up Up
===============================================================================
Label |
Description |
---|---|
Service Basic Information |
|
Service Id |
Service ID number |
Service Type |
Type of service |
Name |
The service name |
Description |
Generic information about the service |
Customer Id |
Customer ID number |
Last Status Change |
Date and time of the most recent status change to this service |
Last Mgmt Change |
Date and time of the most recent management-initiated change to this service |
Admin State |
Desired state of the service |
Oper State |
Operating state of the service |
SAP Count |
Number of SAPs specified for this service |
Service Access & Destination Points |
|
Identifier |
SAP ID |
Type |
Signaling protocol used to obtain the ingress and egress labels used in frames transmitted and received |
AdmMTU |
Desired largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented |
OprMTU |
Actual largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented |
Adm |
Administrative state of the SAP |
Opr |
Operating state of the SAP |
dhcp
Syntax
dhcp
Context
show>service>id
Description
This command enables the context to display DHCP information for the IES service.
statistics
Syntax
statistics [interface {interface-name | ip-address}]
Context
show>service>id>dhcp
Description
This command displays DHCP statistics information.
Parameters
- interface-name
the interface name for which DHCP statistics will be displayed
- ip-address
the IP address of the interface for which to display information
Output
The following output is an example of service ID DHCP statistics information, and Service ID DHCP Statistics Field Descriptions describes the fields.
Output Example*A:ALU-2# show service id 4 dhcp statistics
===================================================================
DHCP Global Statistics, service 4
===================================================================
Rx Packets : 0
Tx Packets : 0
Rx Malformed Packets : 0
Rx Untrusted Packets : 0
Client Packets Discarded : 0
Client Packets Relayed : 0
Server Packets Discarded : 0
Server Packets Relayed : 0
===================================================================
Label |
Description |
---|---|
DHCP Global Statistics, service x |
|
Rx Packets |
Number of packets received |
Tx Packets |
Number of packets transmitted |
Rx Malformed Packets |
Number of malformed packets received |
Rx Untrusted Packets |
Number of untrusted packets received |
Client Packets Discarded |
Number of packets from the DHCP client that were discarded |
Client Packets Relayed |
Number of packets from the DHCP client that were forwarded |
Server Packets Discarded |
Number of packets from the DHCP server that were discarded |
Server Packets Relayed |
Number of packets from the DHCP server that were forwarded |
summary
Syntax
summary [interface interface-name | saps]
Context
show>service>id>dhcp
Description
This command displays a summary of DHCP configuration.
Parameters
- interface-name
the interface name for which DHCP summary information will be displayed
- saps
displays SAPs per interface
Output
The following output is an example of service ID DHCP summary information, and Service ID DHCP Summary Field Descriptions describes the fields.
Output Example*A:ALU-2 show service id 4 dhcp summary
===============================================================================
DHCP Summary, service 4
===============================================================================
Interface Name Arp Used/ Info Admin
SapId/Sdp Populate Provided Option State
-------------------------------------------------------------------------------
to Internet No 0/0 Keep Down
-------------------------------------------------------------------------------
Interfaces: 1
===============================================================================
*A:ALU-2
Label |
Description |
---|---|
DHCP Summary, service x |
|
Interface Name SapID/Sdp |
Name of the interface |
Arp Populate |
Specifies whether ARP populate is enabled |
Used/Provided: |
Used—number of lease-states that are currently in use on the specified interface; that is, the number of clients on the interface that got an IP address by DHCP. This number is always less than or equal to the ‟Provided” field. |
Provided—lease-populate value configured for the specified interface |
|
Info Option |
Specifies whether Option 82 processing is enabled on the interface |
Admin State |
Administrative state |
interface
Syntax
interface [{[ip-address | ip-int-name] [interface-type] [detail] [family]} | summary]
Context
show>service>id
Description
This command displays information for the IP interfaces associated with the IES service.
Parameters
- ip-address
only displays the interface information associated with the specified IP address
- ip-int-name
the IP interface name for which to display information
- interface-type
displays either group or subscriber interfaces
- detail
displays detailed IP interface information
- family
displays the specified router IP interface family
- summary
displays summary IP interface information
Output
The following output is an example of service ID interface information, and Service ID Interface Field Descriptions describes the fields.
Output Example*A:ALU-2 show service id 4 interface
===============================================================================
Interface Table
===============================================================================
Interface-Name Adm Opr(v4/v6) Type Port/SapId
IP-Address PfxState
-------------------------------------------------------------------------------
to Internet Up Down/Down IES n/a
10.2.3.3/24 n/a
-------------------------------------------------------------------------------
Interfaces : 1
===============================================================================
*A:ALU-2
Label |
Description |
---|---|
Interface Table |
|
Interface-Name |
Name of the interface |
IP-Address |
IP address of the interface |
Adm |
Administrative state of the interface |
Opr (v4/v6) |
Operational state of the interface |
Type |
Service type |
Port/SapId PfxState |
Port or SAP associated with the interface |
ip-transport
Syntax
ip-transport ipt-id [detail | statistics]
Context
show>service>id
Description
This command displays information for a specified IP transport subservice within this IES service. If no IP transport subservice is specified, summary information is displayed for all IP transport subservices associated with the IES service.
Parameters
- ipt-id
the physical port associated with the IP transport subservice, in the format slot/mda/port.channel
- detail
displays detailed information for the specified IP transport subservice
- statistics
displays statistical information for the specified IP transport subservice
Output
The following output is an example of IP transport subservice summary information for a specified service, and Service IP Transport Summary Field Descriptions describes the fields.
Output Example*A:ALU-12# show service id 100 ip-transport
=============================================================================
IP Transport (Summary), Service 100
=============================================================================
IptId LocalIP LocalPort Proto RemHost DSCP FC FltrUnkn Adm Opr
-----------------------------------------------------------------------------
1/2/4.1 192.168.1.1 3000 tcp 2 ef ef disabled Up Up
-----------------------------------------------------------------------------
Entries found: 1
=============================================================================
*A:ALU-12#
Label |
Description |
---|---|
IP Transport (Summary), Service x |
|
IptId |
The IP transport subservice physical port identifier |
LocalIP |
The IP address (IPv4) that is used for the local host |
LocalPort |
The port number that is used by remote hosts to establish TCP/UDP sessions to the local host |
Proto |
The protocol type that is used for all sessions to and from the local host (either TCP or UDP) |
RemHost |
The number of remote hosts associated with the IP transport subservice |
DSCP |
The DSCP name used to mark the DSCP field in IP transport packets |
FC |
The FC name used for IP transport packets |
FltrUnkn |
Indicates whether the filter-unknown-host command is enabled or disabled on the IP transport subservice |
Adm |
The administrative state of the IP transport subservice |
Opr |
The operational state of the IP transport subservice |
Entries found: |
The number of IP transport subservices associated with this service |
The following output is an example of detailed information for a specified IP transport subservice within a specified service, and Service IP Transport Detailed Field Descriptions describes the fields.
Output Example*A:7705:Dut-C# show service id 100 ip-transport 1/2/4.1 detail
===============================================================================
IP Transport
===============================================================================
Service Id : 100 (IES)
IP Transport Id : 1/2/4.1
Description : (Not Specified)
Admin State : Up Oper State : Up
Oper Flags : (Not Specified)
Local IP Address : 192.168.1.1 Local Port Number : 3000
Local IP Protocol : tcp
DSCP : ef Filter Unknown Host : enabled
FC : ef Profile : in
TCP Inact Timeout : 30
TCP Max Retries : 5
TCP Retry Interval : 5
Num Remote Hosts : 0
Last Mgmt Change : 12/07/2016 16:48:22
Last Oper Change : 12/07/2016 16:48:22
-------------------------------------------------------------------------------
IP Transport Accumulated Statistics
-------------------------------------------------------------------------------
Known Remote Hosts
Packets sent : 44
Characters sent : 66000
Packets received : 67
Characters received : 51114
Connections : 2
To : 2
From : 0
Connection retries : 20
Connection failures : 2
Currently connected : 0
Unknown Remote Hosts
Packets sent : 119
Characters sent : 178500
Packets received : 153
Characters received : 116039
Successful connections from : 2
Rejected due to unknown host filter : 37
Rejected due to out of resources : 0
Inactivity timeouts : 0
Last RemIp:RemPort : 192.168.1.7:4001
Currently connected : 0
Dropped packets due to no remote hosts : 27
===============================================================================
*A:7705:Dut-C#
Label |
Description |
---|---|
IP Transport |
|
Service Id |
The ID that identifies the service (the service type is shown in brackets) |
IP Transport Id |
The physical port identifier for this IP transport subservice |
Description |
The description associated with this IP transport subservice |
Admin State |
The administrative state of this IP transport subservice |
Oper State |
The operational state of this IP transport subservice |
Oper Flags |
The operational flags associated with this IP transport subservice |
Local IP Address |
The IP address (IPv4) that is used for the local host |
Local Port Number |
The port number that is used by remote hosts to establish TCP/UDP sessions to the local host |
Local IP Protocol |
The protocol type that is used for all sessions to/from the local host (either TCP or UDP) |
DSCP |
The DSCP name used to mark the DSCP field in IP transport packets |
Filter Unknown Host |
Indicates whether the filter-unknown-host command is enabled or disabled for this IP transport subservice |
FC |
The FC name used for IP transport packets |
Profile |
The profile marking for the IP transport packets (in or out) |
TCP Inact Timeout |
The configured inactivity timeout value for TCP connections |
TCP Max Retries |
The configured maximum retry value for TCP connections |
TCP Retry Interval |
The configured retry interval value for TCP connections |
Num Remote Hosts |
The number of remote hosts associated with this IP transport subservice |
Last Mgmt Change |
The date and time of the most recent management-initiated change to this IP transport subservice |
Last Oper Change |
The date and time of the most recent operational status change for this IP transport subservice |
IP Transport Accumulated Statistics |
|
Known Remote Hosts |
|
Packets sent |
The number of packets sent to the host |
Characters sent |
The number of data characters sent to the host |
Packets received |
The number of packets received from the host |
Characters received |
The number of data characters received from the host |
Connections To From |
The number of connections to and from the host |
Connection retries |
The number of connection retries to the host |
Connection failures |
The number of connection failures to the host |
Currently connected |
The number of hosts currently connected |
Unknown Remote Hosts |
|
Packets sent |
The number of packets sent to the host |
Characters sent |
The number of data characters sent to the host |
Packets received |
The number of packets received from the host |
Characters received |
The number of data characters received from the host |
Successful connections from |
The number of successful connections from the host |
Rejected due to unknown host filter |
The number of rejected connection attempts from the host due to the filter-unknown-host command being enabled |
Rejected due to out of resource |
The number of connection attempts from the host that were rejected due to the unavailability of resources |
Inactivity timeouts |
The number of connections from the host that timed out due to inactivity |
Last RemIp:RemPort |
The IP address (IPv4) and port number used by the host for the last connection |
Currently connected |
The number of hosts that are currently connected |
Dropped packets due to no remote hosts |
The number of packets dropped due to no hosts being connected |
remote-host
Syntax
remote-host host-id [detail | statistics]
Context
show>service>id>ip-transport
Description
This command displays information for a specified remote host within this IP transport subservice within this service. If no remote host is specified, summary information is displayed for all remote hosts within this IP transport subservice.
Parameters
- host-id
the remote host identifier
- detail
displays detailed information for a specified remote host
- statistics
displays summary information for a specified remote host
Output
The following output is an example of IP transport subservice remote host summary information when no remote host is specified, and IP Transport Subservice Remote Host Summary Field Descriptions describes the fields.
Output Example*A:7705:Dut-C# show service id 100 ip-transport 1/6/4.1 remote-host
=============================================================================
IPT Remote Host (Summary), Service 100 IPT 1/6/4.1
=============================================================================
RemId RemIp:RemPort Rcvd Chars Sent Chars Drop Chars State
Rcvd Pkts Sent Pkts Drop Pkts Up Time
-----------------------------------------------------------------------------
1 192.168.1.1:3000 2555 2044 0 connected
5 4 0 00h01m21s
(unknown) 192.168.1.7:4000 0 2044 5110 connected
0 4 10 00h00m42s
-----------------------------------------------------------------------------
Number of known remote hosts: 1
Number of unknown remote hosts: 1
Total entries found: 2
=============================================================================
*A:7705:Dut-C#
Label |
Description |
---|---|
IP Remote Host (Summary), Service x IPT x/x/x.x |
|
RemId |
The remote host identifier |
RemIp:RemPort |
The IP address (IPv4) and port number used by the remote host |
Rcvd Chars |
The number of data characters received from the remote host |
Sent Chars |
The number of data characters sent to the remote host |
Drop Chars |
The number of data characters destined for the remote host that were dropped |
State |
The operational state of the packet transport session connection to the remote host |
Rcvd Pkts |
The number of packets received from the remote host |
Sent Pkts |
The number of packets sent to the remote host |
Drop Pkts |
The number of packets destined for the remote host that were dropped |
Up Time |
The amount of time that the remote host has been connected |
Number of known remote hosts |
The number of known remote hosts associated with the IP transport subservice |
Number of unknown remote hosts |
The number of unknown remote hosts associated with the IP transport subservice |
Total entries found |
The total number of hosts associated with the IP-Transport subservice |
The following output is an example of IP transport subservice detailed information for a specified remote host, and IP Transport Subservice Remote Host Detailed Field Descriptions describes the fields.
Output Example*A:7705:Dut-C# show service id 100 ip-transport 1/2/4.1 remote-host 1 detail
===============================================================================
IPT Remote Host
===============================================================================
Service Id : 100 (IES)
IP Transport Id : 1/2/4.1
Remote Host Id : 1
Name : (Not Specified)
Description : (Not Specified)
IP Address : 192.168.1.6 Port Number : 4000
Last Mgmt Change : 12/07/2016 16:48:44
Session State : connected Up Time : 00h01m44s
Last Connect : successful
-------------------------------------------------------------------------------
IPT Remote Host Statistics
-------------------------------------------------------------------------------
Sent Pkts : 134 Sent Chars : 201000
Dropped Pkts : 0 Dropped Chars : 0
Rcvd Pkts : 267 Rcvd Chars : 201000
Session information
Connections : 2
To : 1
From : 1
Connection retries : 0
Connection failures : 0
Closed by far end : 1
Inactivity timeouts : 0
===============================================================================
*A:7705:Dut-C#
Label |
Description |
---|---|
IP Remote Host |
|
Service Id |
The ID that identifies the service (the service type is shown in brackets) |
IP Transport Id |
The physical port identifier for the IP transport subservice |
Remote host Id |
The host identifier associated with this remote host |
Name |
The name associated with this remote host |
Description |
The description associated with this remote host |
IP Address |
The IP address associated with this remote host |
Port Number |
The port number associated with this remote host |
Last Mgmt Change |
The date and time of the most recent management-initiated change to this remote host |
Session State |
The operational state of the packet transport session to this host |
Up Time |
The amount of time that this remote host has been connected |
Last Connect |
Indicates whether the last connection attempt to this remote host was successful or unsuccessful |
IP Remote Host Statistics |
|
Sent Pkts |
The number of packets sent to this remote host |
Sent Chars |
The number of data characters sent to this remote host |
Dropped Pkts |
The number of packets destined for this remote host that were dropped |
Dropped Chars |
The number of data characters destined for this remote host that were dropped |
Rcvd Pkts |
The number of packets received from this remote host |
Rcvd Chars |
The number of data characters received from this remote host |
Session information |
|
Connections To From |
The number of connections to and from the host |
Connection retries |
The number of connection retries to the host |
Connection failures |
The number of connection failures to this host |
Closed by far end |
The number of connections closed by the far end |
Inactivity timeouts |
The number of connections that were timed out due to inactivity |
sap
Syntax
sap [sap-id] [detail]
Context
show>service>id
Description
This command displays information for the SAP associated with the IES service.
Parameters
- sap-id
the SAP ID for which SAP information is displayed. See SAP ID Configurations for a full list of SAP IDs.
- detail
displays detailed SAP information
Output
The following output is an example of IES service SAP information. See Service-ID SAP Field Descriptions in VLL Services Command Reference for field descriptions.
Output Example*A:7705custDoc:Sar18>show>service# id 6000 sap 1/12/6 detail
===============================================================================
Service Access Points(SAP)
===============================================================================
Service Id : 6000
SAP : 1/12/6 Encap : null
Description : (Not Specified)
Admin State : Up Oper State : Down
Flags : ServiceAdminDown
PortOperDown
Multi Svc Site : None
Last Status Change : 10/01/2012 19:47:49
Last Mgmt Change : 10/02/2012 17:21:04
Sub Type : regular
Dot1Q Ethertype : 0x8100 QinQ Ethertype : 0x8100
Split Horizon Group: (Not Specified)
Admin MTU : 1514 Oper MTU : 1514
Ingr IP Fltr-Id : n/a Egr IP Fltr-Id : n/a
Ingr Mac Fltr-Id : n/a Egr Mac Fltr-Id : n/a
Ingr IPv6 Fltr-Id : n/a Egr IPv6 Fltr-Id : n/a
tod-suite : None qinq-pbit-marking : n/a
Ing Scheduler Mode : 16-priority Egr Scheduler Mode: 16-priority
Ing Agg Rate Limit : 1000 Egr Agg Rate Limit: 2000
Ing Agg cir : 100 Egr Agg cir : 200
Ing Shaper Group : n/a Egr Shaper Group : n/a
Q Frame-Based Acct : Disabled
Acct. Pol : None Collect Stats : Disabled
Anti Spoofing : None Avl Static Hosts : 0
Tot Static Hosts : 0
Calling-Station-Id : n/a
Application Profile: None
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
Ingress qos-policy : 1 Egress qos-policy : 1
Shared Q plcy : n/a Multipoint shared : Disabled
-------------------------------------------------------------------------------
Sap Statistics
-------------------------------------------------------------------------------
Last Cleared Time : N/A
Packets Octets
Forwarding Engine Stats (Ingress)
Dropped : 0 0
Off. HiPrio : 0 0
Off. LowPrio : 0 0
Queueing Stats(Ingress QoS Policy 1)
Dro. HiPrio : 0 0
Dro. LowPrio : 0 0
For. InProf : 0 0
For. OutProf : 0 0
Queueing Stats(Egress QoS Policy 1)
Dro. InProf : 0 0
Dro. OutProf : 0 0
For. InProf : 0 0
For. OutProf : 0 0
-------------------------------------------------------------------------------
Sap per Queue stats
-------------------------------------------------------------------------------
Packets Octets
Ingress Queue 1 (Priority)
Off. HiPrio : 0 0
Off. LoPrio : 0 0
Dro. HiPrio : 0 0
Dro. LoPrio : 0 0
For. InProf : 0 0
For. OutProf : 0 0
Egress Queue 1
For. InProf : 0 0
For. OutProf : 0 0
Dro. InProf : 0 0
Dro. OutProf : 0 0
===============================================================================
*A:7705custDoc:Sar18>show>service#
ingress-label
Syntax
ingress-label start-label [end-label]
Context
show>service
Description
This command displays service information using the range of ingress labels.
If only the mandatory start-label parameter is specified, only services using the specified label are displayed.
If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.
Use the show router ldp bindings command to display dynamic labels.
Parameters
- end-label
the ending ingress label value for which to display services using the label range
- start-label
the starting ingress label value for which to display services using the label range. If only start-label is specified, only services using start-label are displayed.
Output
The following output is an example of service ingress label information, and Service Ingress Output Fields describes the fields.
Output ExampleIn the example below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.
*A:ALU-12>show>service# ingress-label 0 131071
===============================================================================
Martini Service Labels
===============================================================================
Svc Id Sdp Binding Type I.Lbl E.Lbl
-------------------------------------------------------------------------------
3 15:15 Spok 0 0
5 5:5 Spok 0 0
6 5:6 Spok 0 0
5000 15:5000 Mesh 0 0
5000 15:5001 Spok 0 0
5001 5001:100 Spok 0 0
-------------------------------------------------------------------------------
Number of Bindings Found : 6
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-12#
Label |
Description |
---|---|
Svc Id |
The ID that identifies a service |
Sdp Binding |
The ID that identifies an SDP |
Type |
Indicates whether the SDP binding is a spoke or a mesh |
I. Lbl |
The VC label used by the far-end device to send packets to the 7705 SAR in this service by the SDP |
E. Lbl |
The VC label used by the 7705 SAR to send packets to the far-end device in this service by the SDP |
Number of Bindings Found |
The total number of SDP bindings that exist within the specified label range |
ip-transport-using
Syntax
ip-transport-using [ip-transport ipt-id]
Context
show>service
Description
This command displays IP transport subservice information for a specified port. If no port is specified, the command displays a summary of all IP transport subservices defined for the IES service.
Parameters
- ipt-id
the physical port associated with the IP transport subservice, in the format slot/mda/port.channel
Output
The following output is an example of ip-transport-using information, and IP-Transport-Using Field Descriptions describes the fields.
Output Example*A:ALU-48# show service ip-transport-using
==============================================================================
IP Transports
==============================================================================
IptId SvcId Type Adm Opr
------------------------------------------------------------------------------
1/2/4.1 100 IES Up Up
------------------------------------------------------------------------------
Entries found: 1
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
Label |
Description |
---|---|
IP Transports |
|
IptId |
The IP transport subservice physical port identifier |
SvciD |
The service identifier |
Type |
The type of service |
Adm |
The administrative state of the IP transport subservice |
Opr |
The operational state of the IP transport subservice |
Entries found |
The number of IP transport subservices using this service |
sap-using
Syntax
sap-using [sap sap-id]
sap-using interface [ip-address | ip-int-name]
sap-using description
sap-using [ingress | egress] atm-td-profile td-profile-id
sap-using [ingress | egress] filter filter-id
sap-using [ingress | egress] qos-policy [qos-policy-id | qos-policy-name]
sap-using [ingress | egress] scheduler-mode {4-priority | 16-priority}
sap-using [ingress | egress] shaper-group shaper-group-name
Context
show>service
Description
This command displays SAP information.
If no optional parameters are specified, the command displays a summary of all defined SAPs.
The atm-td-profile command applies only to HSDPA offload (that is, IES management service).
Parameters
- sap-id
the SAP ID for which SAP information will be displayed. See SAP ID Configurations for a full list of SAP IDs.
- ip-address
only displays the interface information associated with the specified IP address
- ip-int-name
the IP interface name for which to display information
- description
displays a SAP summary table with description information
- ingress
specifies matching an ingress policy
- egress
specifies matching an egress policy
- td-profile-id
displays SAPs using this traffic description
- filter-id
specifies the ingress filter policy for which to display matching SAP specifies. The filter ID or filter name must already exist within the created IP filters.
- qos-policy-id
the ingress or egress QoS policy ID for which to display matching SAPs
- qos-policy-name
the ingress or egress QoS policy name for which to display matching SAPs
- scheduler-mode
specifies the scheduler mode for which to display the SAPs
- shaper-group
specifies the shaper group for which to display matching SAPs
Output
The following output is an example of service SAP-using information, and Service SAP-Using Field Descriptions describes the fields.
Output Example*A:ALU-48# show service sap-using
==============================================================================
Service Access Points
==============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
------------------------------------------------------------------------------
1/2/7:1 103 1 none 1 none Up Up
1/2/7:2 104 1 none 1 none Up Up
1/2/7:3 105 1 none 1 none Up Up
1/1/1.1 303 1 none 1 none Up Up
1/1/1.2 304 1 none 1 none Up Up
1/1/1.3 305 1 none 1 none Up Up
1/1/9.1:10/50 701 1 none 1 none Up Down
1/1/9.1:20 702 1 none 1 none Up Down
1/1/9.1:10/51 703 1 none 1 none Up Down
1/1/9.1:30 704 1 none 1 none Up Down
1/1/9.1:10/52 705 1 none 1 none Up Down
1/1/9.1:40 706 1 none 1 none Up Down
1/1/9.1:11/50 805 1 none 1 none Up Down
1/1/9.1:21 806 1 none 1 none Up Down
1/1/9.1:12/52 807 1 none 1 none Up Down
1/1/9.1:41 808 1 none 1 none Up Down
1/1/1.9 903 1 none 1 none Up Up
1/1/1.10 904 1 none 1 none Up Up
------------------------------------------------------------------------------
Number of SAPs : 18
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using sap 1/1/21:0
===============================================================================
Service Access Points Using Port 1/1/21:0
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
1/1/21:0 1 1 none 1 none Up Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using description
==============================================================================
Service Access Points
==============================================================================
PortId SvcId Adm Opr Description
------------------------------------------------------------------------------
1/1/2 1 Down Down (Not Specified)
1/2/1.1 4 Up Down (Not Specified)
1/10/4 5 Up Down (Not Specified)
------------------------------------------------------------------------------
Number of SAPs : 3
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using egress atm-td-profile 1
==============================================================================
Service Access Point Using ATM Traffic Profile 1
==============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
------------------------------------------------------------------------------
1/1/9.1:10/50 701 1 none 1 none Up Down
1/1/9.1:20 702 1 none 1 none Up Down
1/1/9.1:10/51 703 1 none 1 none Up Down
1/1/9.1:30 704 1 none 1 none Up Down
1/1/9.1:10/52 705 1 none 1 none Up Down
1/1/9.1:40 706 1 none 1 none Up Down
1/1/9.1:11/50 805 1 none 1 none Up Down
1/1/9.1:21 806 1 none 1 none Up Down
1/1/9.1:12/52 807 1 none 1 none Up Down
1/1/9.1:41 808 1 none 1 none Up Down
------------------------------------------------------------------------------
Saps : 10
===============================================================================
*A:ALU-12#
*A:7705custDoc:Sar18>show>service# sap-using ingress scheduler-mode 4-priority
======================================================================
Service Access Points Using Ingress 4-priority Scheduler Mode
======================================================================
PortId SvcId Scheduler Mode Adm Opr
----------------------------------------------------------------------
1/12/6 6000 4-priority Up Down
----------------------------------------------------------------------
Number of SAPs : 1
----------------------------------------------------------------------
======================================================================
*A:7705custDoc:Sar18>show>service#
*A:7705custDoc:Sar18>show>service# sap-using ingress shaper-group test_sg1
===============================================================================
Service Access Points Using Ingress Shaper Group "test_sg1"
===============================================================================
PortId SvcId Scheduler Shaper Policy Opr
Mode
-------------------------------------------------------------------------------
1/2/1 30 4-priority test_shaper_policy Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
*A:Sar18 Dut-B>config>service>epipe>sap>ingress#
Label |
Description |
---|---|
Service Access Point Using... |
|
PortID |
ID of the access port where the SAP is defined |
SvcID |
Service identifier |
Ing.QoS |
SAP ingress QoS policy number specified on the ingress SAP |
Ing. Fltr |
IP filter policy applied to the ingress SAP |
Egr.QoS |
SAP egress QoS policy number specified on the egress SAP |
Egr. Fltr |
IP filter policy applied to the egress SAP |
Scheduler Mode |
The scheduler mode of the SAP: 4-priority or 16-priority |
Shaper Policy |
Identifies the shaper policy that the shaper group belongs to |
Adm |
Desired state of the SAP |
Opr |
Actual state of the SAP |
Description |
The description of the SAP |
Number of SAPs/Saps |
Number of SAPs using this service |
service-using
Syntax
service-using [ies] [customer customer-id]
Context
show>service
Description
This command displays the services matching specific usage properties. If no optional parameters are specified, all services defined on the system are displayed.
Parameters
- ies
displays matching IES services
- customer-id
displays only those services associated with the specified customer ID
Output
The following output is an example of service-using information, and Service Service-Using Field Descriptions describes the fields.
Output Example*A:ALU-2# show service service-using ies
===============================================================================
Services [ies]
===============================================================================
ServiceId Type Adm Opr CustomerId Last Mgmt Change
-------------------------------------------------------------------------------
4 IES Down Down 1 01/07/2010 22:14:40
23 IES Down Down 1 01/07/2010 21:58:44
-------------------------------------------------------------------------------
Matching Services : 2
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-2#
Label |
Description |
---|---|
ServiceID |
ID that defines the service |
Type |
Service type configured for the service ID |
Adm |
Administrative state of the service |
Opr |
Operational state of the service |
CustomerId |
ID of the customer owning the service |
Last Mgmt Change |
Date and time of the most recent management-initiated change to this service |
Matching Services |
Number of services of the same type |
Clear Commands
id
Syntax
id service-id
Context
clear>service
Description
This command clears commands for a specific service.
Parameters
- service-id
uniquely identifies a service by service number or name
dhcp
Syntax
dhcp
Context
clear>service>id
Description
This command enables the context to clear DHCP parameters.
dhcp6
Syntax
dhcp6
Context
clear>service>id
Description
This command enables the context to clear DHCPv6 parameters.
statistics
Syntax
statistics [ip-int-name | ip-address]
Context
clear>service>id>dhcp
clear>service>id>dhcp6
Description
This command clears statistics for DHCP and DHCPv6 Relay.
If no interface name or IP address is specified, statistics are cleared for all configured interfaces.
If an interface name or IP address is specified, statistics are cleared only for that interface.
Parameters
- ip-int-name
32 characters maximum
- ip-address
IPv4 or IPv6 address
ip-transport
Syntax
ip-transport ipt-id
Context
clear>service>id
Description
This command clears configured information pertaining to a specified IP transport subservice.
If no port identifier is specified, information is cleared for all IP transport subservices.
Parameters
- ipt-id
the IP transport subservice physical port identifier, in the format slot/mda/port.channel
remote-host
Syntax
remote-host host-id
Context
clear>service>id>ip-transport
Description
This command clears configured information pertaining to a specified remote host assigned to this IP transport subservice.
Parameters
- host-id
the remote host identifier
statistics
Syntax
statistics
Context
clear>service>id>ip-transport
clear>service>id>ip-transport>remote-host
Description
This command clears statistics-related information pertaining to all configured IP transport subservices or to all configured remote hosts for a specified IP transport subservice.
Debug Commands
id
Syntax
id service-id
Context
debug>service
Description
This command debugs commands for a specific service. The no form of the command disables debugging.
Parameters
- service-id
the ID that uniquely identifies an IES service by service number or name