Internet Enhanced Service on the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

This chapter provides information about Internet Enhanced Services support on the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C.

IES service overview

Internet Enhanced Service (IES) is a routed connectivity service where the subscriber communicates with an IP router interface to send and receive Internet traffic. An IES has one or more logical IP routing interfaces each with a SAP which acts as the access point to the subscriber's network.

IES allows IP interfaces to participate in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber be unique between other provider addressing schemes and potentially the entire Internet. While IES is part of the routing domain, the usable IP address space may be limited. This allows a portion of the service provider address space to be reserved for service IP provisioning, and be administered by a separate, but subordinate address authority.

IP interfaces defined within the context of an IES service must have a SAP associated as the access point to the subscriber network. Multiple IES services are created to segregate subscriber owned IP interfaces.

The following figure shows a visual representation of IES.

The IES service provides in-band management connectivity. Other features include:

Multiple IES services are created to separate IP interfaces.
More than one IES service can be created for a single customer ID.
More than one IP interface can be created within a single IES service ID. All IP interfaces created within an IES service ID belong to the same customer.

IES features

This section describes various general service features and any special capabilities or considerations as they relate to IES services.

IP interfaces

IES customer IP interfaces can be configured with most of the options found on the core IP interfaces. The advanced configuration options supported are:

ICMP Options
VRRP - for IES services with more than one IP interface (available only in network mode)

In network mode, configuration options found on core IP interfaces not supported on IES IP interfaces are:

NTP broadcast receipt

SAPs

IPv6 support for IES IP interfaces

IES IPv6 IP interfaces provide IPv6 connectivity in the routing base instance. It can be used to connect IPv6 networks over an IPv4 cloud using the IPv6 Provider Edge Router over MPLS (6PE) functionality. For more information about the 6PE, see the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Router Configuration Guide, ‟IPv6 Provider Edge Router over MPLS (6PE)”.

IPv4 and IPv6 route table lookup entries are shared.

A separate route table (or a block in the route table) is used for IPv6 /128-bit prefix route lookup. A limited amount of IPv6 /128 prefixes route lookup entries is supported. The software enables lookups in this table by default (that is, no user configuration is required to enable Ipv6 /128-bit route lookup). A limited amount of IPv6 /128 prefixes route lookup entries is supported.

Encapsulations

The following SAP encapsulation is supported on IES services:

Ethernet null
Ethernet dot1q
Ethernet QinQ
Ethernet QinQ (access-uplink QinQ SAP)

Routing protocols

IES IP interfaces are restricted to routing protocols that can be configured on the interface. IES IP interfaces support the following routing protocols:

OSPF
IS-IS
eBGP for the IPv4 and IPv6 address families (MPBGP is not supported)
IGMP
PIM
BFD

Note:

The SAP for the IES IP interface is created at the IES service level, but the routing protocols for the IES IP interface are configured at the routing protocol level for the main router instance.

CPE connectivity check

Static routes are used within many IES services. Unlike dynamic routing protocols, there is no way to change the state of routes based on availability information for the associated CPE. CPE connectivity check adds flexibility so that unavailable destinations will be removed from the service provider's routing tables dynamically and minimize wasted bandwidth.

The availability of the far-end static route is monitored through periodic polling. The polling period is configured. If the poll fails a specified number of sequential polls, the static route is marked as inactive.

An ICMP ping mechanism is used to test the connectivity. If the connectivity check fails and the static route is deactivated, the router will continue to send polls and re-activate any routes that are restored.

QoS policies

When applied to 7210 SAS IES services, service ingress QoS policies only create the unicast queues defined in the policy. The multi-point queues are not created on the service. With IES services, service egress QoS policies function as with other services where the class-based queues are created as defined in the policy.

Note that MAC, IPv4, and IPv6 criteria can be used in the QoS policies for traffic classification in an IES.

CPU QoS for IES access interfaces in network mode

Traffic bound to CPU received on IES access interfaces are policed/rate-limited and queued into CPU queues. The software allocates a policer per IP application or a set of IP applications, for rate-limiting CPU bound IP traffic from all IES access SAPs. The policers CIR/PIR values are set to appropriate values based on feature scaling and these values are not user configurable. The software allocates a set of queues for CPU bound IP traffic from all IES access SAPs. The queues are either shared by a set of IP applications or in some cases allocated to an IP application. The queues are shaped to appropriate rate based on feature scaling. The shaper rate is not user-configurable.

Note:

The instance of queues and policers used for traffic received on network port IP interfaces is different for traffic received from access port IP interfaces. Additionally the network CPU queues are accorded higher priority than the access CPU queues. This is done to provide better security and mitigate the risk of access traffic affecting the network side.
IP DSCP marking of self-generated traffic is assigned by software on the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C.

Filter policies

IP filter policies with IPv4 or IPv6 match entries can be applied to IES services.

VRRP support for IES IP interfaces in network mode

Virtual Router Redundancy Protocol (VRRP) for IPv4 is defined in IETF RFC 3768, Virtual Router Redundancy Protocol. VRRP describes a method of implementing a redundant IP interface shared between two or more routers on a common LAN segment, allowing a group of routers to function as one virtual router. When this IP interface is specified as a default gateway on hosts directly attached to this LAN, the routers sharing the IP interface prevent a single point of failure by limiting access to this gateway address. For more information about the use of VRRP, see the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Router Configuration Guide.

VRRP is supported for IES IPv4 interfaces in network mode only. VRRP is not supported in access-uplink mode. It is also not supported for IPv6 interfaces in network or access-uplink mode.

Note:

Only one VRRP instance for each IP interface is supported on the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C.

Configuring an IES service with CLI

This section provides information to configure IES services using the command line interface.

Basic configuration

The most basic IES service configuration has the following entities:

customer ID (see Configuring customer accounts)
an interface to create and maintain IP routing interfaces within IES service ID
a SAP on the interface specifying the access port and encapsulation values

The following is a sample configuration output of an IES service on ALA-50.

*A:ALA-50>config>service# info
----------------------------------------------
ies 1000 customer 50 create
            description "to internet"
            interface "to-web" create
                address 10.1.1.1/24
                sap 1/1/10:100.* create
                exit
            exit
            no shutdown
----------------------------------------------
*A:ALA-50>config>service#

Common configuration tasks

This section provides a brief overview of the tasks that must be performed to configure IES services and provides the CLI commands:

Associate an IES service with a customer ID.
Associate customer ID with the service.
Assign an IP address.
Create an interface.
Define SAP parameters on the interface
Select nodes and ports.
Optional - select filter policies (configured in the config>filter context).
Enable service.

Configuring IES components

Configuring an IES service

Use the following syntax to create an IES service:

The following is a sample basic IES service configuration output.

A:ALA-48>config>service#
----------------------------------------------
...
ies 1001 customer 1730 create
description "to-internet"
no shutdown
exit
----------------------------------------------
A:ALA-48>config>service#

Configuring IES interface parameters

The following is a sample of IP interface parameters under IES service.

*A:K-SASK12>config>service>ies>if# info detail
----------------------------------------------
                no description
                no enable-ingress-stats
                no enable-mac-accounting
                no tcp-mss
                cpu-protection 254
                no address
                no mac
                arp-timeout 14400
                arp-retry-timer 50
                no arp-limit
                no allow-directed-broadcasts
                icmp
                    mask-reply
                    redirects 100 10
                    unreachables 100 10
                    ttl-expired 100 10
                exit
                dhcp
                    shutdown
                    no description
                    no option
                    no server
                    no trusted
                    no relay-proxy
                    no gi-address
                    no relay-plain-bootp
                exit
                no authentication-policy
                no ip-mtu
                no delayed-enable
                no multicast-network-domain
                no bfd
                no local-dhcp-server
                no proxy-arp-policy
                no local-proxy-arp
                no remote-proxy-arp
                no ptp-hw-assist
                no qos-route-lookup
                load-balancing
                    no teid-load-balancing
                    no egr-ip-load-balancing
                    no spi-load-balancing
                exit
                no vas-if-type
                no shutdown
----------------------------------------------
*A:K-SASK12>config>service>ies>if#

Configuring IES SAP parameters

A SAP is a combination of a port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique within a router.

When configuring IES access SAP parameters, a default QoS policy is applied to each SAP ingress. Additional QoS policies must be configured in the config>qos context. Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.

The following is a sample IES SAP configuration output.

----------------------------------------------
*A:ALA-A>config>service>ies>if# info
----------------------------------------------
address 10.10.36.2/24
sap 1/1/3:100 create
ingress
qos 101
exit
exit
----------------------------------------------
*A:ALA-A>config>service>ies>if#

Configuring VRRP

Configuring VRRP parameters on an IES interface is optional. VRRP can be configured in either owner or non-owner mode. The owner is the VRRP router whose virtual router IP address is the same as the real interface IP address. This is the router that responds to packets addressed to one of the IP addresses for ICMP pings, TCP connections, and related addresses. All other virtual router instances participating in this message domain should have the same VRID configured and cannot be configured as an owner.

The following is a sample IES interface VRRP owner configuration output.

config>service>ies> info
#----------------------------------------------
...
    interface ‟vrrpowner”
       address 10.10.10.23/24
       vrrp 1 owner
           backup 10.10.10.23
           authentication-key "vh48lOV7Hs2H6lrMHg2aMJJnZStHwwyO" hash2
       exit
    exit
...
#----------------------------------------------
config>service>ies#

Service management tasks

This section describes the service management tasks.

Modifying IES service parameters

Existing IES service parameters in the CLI or NMS can be modified, added, removed, enabled or disabled. The changes are applied immediately to all services when the charges are applied.

To display a list of customer IDs, use the show service customer command.

Enter the parameters (such as description SAP information) and then enter the new information.

The following is a sample modified service.

*A:ALA-A>config>service>ies# info
----------------------------------------------
ies 1000 customer 50 create
           description ‟This is a new description”
           interface ‟to-web” create
               address 10.1.1.1/24
               mac 00:dc:98:1d:00:00


               sap 1/1/5:0.* create
               exit
           exit
           no shutdown
exit
----------------------------------------------
*A:ALA-A>config>service#

Deleting an IES service

An IES service cannot be deleted until SAPs and interfaces are shut down and deleted and the service is shutdown on the service level.

Use the following syntax to delete an IES service.

config>service#
    [no] ies service-id
    shutdown
    [no] interface ip-int-name
    shutdown
    [no] sap sap-id
    shutdown

Disabling an IES service

Use the following syntax to shut down the IES service without deleting the service parameters.

config>service> ies service-id
    shutdown

Re-enabling an IES service

Use the following syntax to re-enable an IES service that was shut down.

config>service> ies service-id
    [no] shutdown

Re-enabling an IES service

config>service# ies 2000
    config>service>ies# no shutdown
    config>service>ies# exit

IES services command reference for 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Command hierarchies

Global commands

config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id]
        - no ies service-id 
            - description description-string
            - no description
            - interface
            - no interface
            - service-name service-name
            - no service-name
            - [no] shutdown

Interface commands

config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id]
            - [no] interface ip-int-name [create]
                - address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
                - no address {ip-address/mask | ip-address netmask} 
                - arp-timeout seconds
                - no arp-timeout
                - [no] delayed-enable
                - dhcp
                    - description description-string
                    - no description
                    - gi-address ip-address [src-ip-addr]
                    - no gi-address 
                    - [no] option
                        - action {replace | drop | keep}
                        - no action
                        - [no] circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
                        - [no] remote-id [mac | string string]
                        - [no] vendor-specific-option
                            - [no] client-mac-address
                            - [no] sap-id
                            - [no] service-id
                            - string text
                            - no string
                            - [no] system-id
                    - no relay-plain-bootp
                    - relay-plain-bootp
                    - no server
                    - server server1 [server2...(up to 8 max)]
                    - [no] shutdown
                    - [no] trusted
                - description description-string
                - no description
                - icmp
                    - [no] mask-reply
                    - [no] redirects [number seconds]
                    - [no] ttl-expired [number seconds]
                    - [no] unreachables [number seconds]
                - ip-mtu octets4
                - no ip-mtu
                - [no] loopback
                - [no] local-proxy-arp
                - [no] local-dhcp-server local-server-name
                - [no] shutdown
                - static-arp ip-address ieee-address
                - no static-arp ip-address [ieee-address]
                - static-arp ieee-address unnumbered
                - no static-arp [ieee-address] unnumbered
                - unnumbered ip-int-name | ip-address 
                - no unnumbered 
                - [no] vrrp virtual-router-id

VRRP commands (applicable only for network mode)

config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id]
        - no ies service-id
            - interface ip-int-name [create]
            - no interface ip-int-name 
                - vrrp virtual-router-id [owner]
                - no vrrp virtual-router-id
                    - authentication-key authentication-key | hash-key [hash | hash2]
                    - no authentication-key
                    - [no] backup ip-address
                    - [no] bfd-enable service-id interface interface-name dst-ip ip-address
                    - [no] bfd-enable interface interface-name dst-ip ip-address
                    - init-delay seconds
                    - no init-delay
                    - [no] master-int-inherit
                    - message-interval {[seconds] [milliseconds milliseconds]}
                    - no message-interval
                    - [no] ping-reply
                    - policy vrrp-policy-id
                    - no policy
                    - [no] preempt
                    - priority priority
                    - no priority
                    - [no] shutdown
                    - [no] ssh-reply
                    - [no] standby-forwarding
                    - [no] telnet-reply
                    - [no] traceroute-reply

Routed VPLS commands

config
    - service
        - ies service-id [customer customer-id] [vpn vpn-id]
            - interface ip-interface-name [create]
            - no interface ip-interface-name
                - vpls service-name
                - no vpls
                    - ingress
                        - v4-routed-override-filter ip-filter-id
                        - no v4-routed-override-filter

IES SAP configuration — QoS and filter commands

config
    - service
        - ies service-id [customer customer-id] [vpn vpn-id] [create]
            - [no] interface ip-int-name
                - [no] sap sap-id [create]
                    - egress 
                        - agg-shaper-rate agg-rate 
                        - no agg-shaper-rate 
                        - filter ip ip-filter-id
                        - no filter [ip ip-filter-id] 
                        - qos policy-id 
                        - no qos
                    - ingress 
                        - agg-shaper-rate agg-rate 
                        - no agg-shaper-rate
                        - aggregate-meter-rate rate-in-kbps [burst burst-in-kbits]
                        - no aggregate-meter-rate
                        - filter ip ip-filter-id
                        - no filter [ip ip-filter-id] 
                        - qos policy-id 
                        - no qos

Interface IPv6 commands

config
    - service
        - ies service-id [customer customer-id] [create]
            - [no] interface ip-int-name [create]
                - ipv6
                - no ipv6
                - address ipv6-address/prefix-length [eui-64] [preferred]
                - no address ipv6-address/prefix-length
                - icmp6
                    - packet-too-big number seconds
                    - no packet-too-big
                    - param-problem number seconds
                    - no param-problem
                    - redirects number seconds
                    - no redirects
                    - time-exceeded number seconds
                    - no time-exceeded
                    - unreachables number seconds
                    - no unreachables
                - link-local-address ipv6-address [preferred]
                - local-proxy-nd
                - no local-proxy-nd
                - neighbor ipv6-address mac-address
                - no neighbor ipv6-address
                - proxy-nd-policy policy-name [policy-name...(up to 5 max)]
                - no proxy-nd-policy

Show commands

show
    - service
        - customer [customer-id] [site customer-site-name]
        - sap-using [sap sap-id]
        - sap-using interface [ip-address | ip-int-name]
        - sap-using [ingress | egress] filter filter-id
        - sap-using [ingress] qos-policy qos-policy-id
        - service-using [ies] [customer customer-id]
        - id service-id
            - all
            - arp [ip-address] | [mac ieee-address] | [sap sap-id] | [interface ip-int-name]
            - base
            - dhcp
                - statistics [sap sap-id] | [sdp sdp-id:vc-id] | [interface interface-name]
                - summary [interface interface-name | saps]
            - interface [ip-address | ip-int-name] [detail | summary]

Command descriptions

IES service configuration commands for 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Generic commands

shutdown

Syntax

[no] shutdown

Context

config>service>ies

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described as follows in Special Cases.

Note:

See the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Basic System Configuration Guide for information about how to allocate addresses toward IP subnets using the configure system resource-profile router max-ip-subnets CLI command.
Before using IPv6, resources for IPv6 routes must be allocated. See the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Basic System Configuration Guide for information about how to use the configure system resource-profile router max-ipv6-routes CLI command.

The no form of this command places the entity into an administratively enabled state.

Special Cases

IES

The default administrative status of an IES service is down. While the service is down, all its associated virtual router interfaces are operationally down. The administrative state of the service is not reflected in the administrative state of the virtual router interface.

For example if the following are true:

an IES service is operational and an associated interface is shut down
the IES service is administratively shutdown and brought back up
the interface shutdown remains in administrative shutdown state

A service is regarded as operational if one IP Interface is operational.

IES IP Interfaces: When the IP interface is shut down, it enters the administratively and operationally down states. For a SAP bound to the IP interface, no packets are transmitted out the SAP and all packets received on the SAP are dropped while incrementing the packet discard counter.

description

Syntax

description description-string

no description

Context

config>service>ies

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Parameters

description-string: Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

IES global commands

ies

Syntax

ies service-id customer customer-id [create] [vpn vpn-id]

no ies service-id

Context

config>service

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command creates or edits an IES service instance.

The ies command is used to create or maintain an IES. If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IP interfaces defined within the context of an IES service ID must have a SAP created.

When a service is created, the customer keyword and customer-idmust be specified to associate the service with a customer. The customer-id must already exist having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.

More than one IP interface may be created within a single IES service ID.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters

service-id

Specifies the unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7210 SAS on which this service is defined.

Values: service-id: 1 to 2147483648

customer customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values: 1 to 2147483647

vpn vpn-id

Specifies the VPN ID assigned to the service.

Values: 1 to 2147483647

service-name

Syntax

service-name service-name

no service-name

Context

config>service>ies

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures a service name that can be used in other configuration commands and show commands that reference the service. This helps the service provider/administrator to identify and manage services within the 7210 SAS platforms.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a specific service when it is initially created.

Parameters

service-name: Specifies a unique service name, up to 64 characters, to identify the service. Service names may not begin with an integer (0-9).

IES interface commands

interface

Syntax

interface ip-int-name [create]

no interface ip-int-name

Context

config>service>ies

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command creates a logical IP routing interface for an IES. When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command is used to create and maintain IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and default routing.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config service ies interface (that is, the network core router instance). Interface names must not be in the dotted-decimal notation of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shutdown before issuing the no interface command.

For IES services, the IP interface must be shut down before the SAP on that interface may be removed.

Parameters

ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID, an error will occur and context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

address

Syntax

address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]

address {ip-address/mask | ip-address netmask}

no address

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command assigns an IP address and IP subnet, to an IES IP router interface. Only one IP address can be associated with an IP interface. An IP address must be assigned to each IES IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7210 SAS.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted-decimal notation. The show commands display CIDR notation and is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of this command removes the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.


Address	Admin state	Oper state
No address	up	down
No address	down	down
1.1.1.1	up	up
1.1.1.1	down	down

The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an adminstratively up state and an address is assigned, it becomes operationally up.

Parameters

ip-address

Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation. Allowed values are IP addresses in the range 1.0.0.0 to 223.255.255.255 (with support of /31 subnets).

Values: a.b.c.d (no multicast/broadcast address)

/: The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted-decimal mask must follow the prefix.

mask

Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. A mask length of 32 is reserved for system IP addresses.

Values: 0 to 32

netmask

Specifies the subnet mask in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address. Allowed values are dotted-decimal addresses in the range 128.0.0.0 to 255.255.255.254. A mask of 255.255.255.255 is reserved for system IP addresses.

Values: a.b.c.d (network bits all 1 and host bits all 0)

broadcast

Specifies the broadcast format.

Values: all-ones, host-ones

arp-timeout

Syntax

arp-timeout seconds

no arp-timeout

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the minimum time in seconds an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.

The no form of this command reverts to the default value.

Default

14400 seconds

Parameters

seconds

Specifies the minimum number of seconds a learned ARP entry will be stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries will not be aged.

Values: 0 to 65535

delayed-enable

Syntax

delayed-enable seconds [init-only]

no delayed-enable

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command delays making the interface operational by the specified number of seconds. In environments with many subscribers, it can take time to synchronize the subscriber state between peers when the subscriber-interface is enabled (for example, after a reboot). To ensure that the state has time to be synchronized, the delayed-enable timer can be specified. The optional init-only parameter can be added to use this timer only after a reboot.

Default

no delayed-enable

Parameters

seconds

Specifies the number of seconds to delay before the interface is operational.

Values: 1 to 1200

init-only: Keyword to specify to use this timer only after a reboot.

loopback

Syntax

[no] loopback

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies that the associated interface is a loopback interface that has no associated physical interface. As a result, the associated IES interface cannot be bound to a SAP.

Configure an IES interface as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.

static-arp

Syntax

static-arp ip-address ieee-address

static-arp ieee-address unnumbered

no static-arp ip-address [ieee-address]

no static-arp [ieee-address] unnumbered

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures a static address resolution protocol (ARP) entry associating an IP address or an unnumbered address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address or unnumbered address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address: Specifies the IP address for the static ARP in IP address dotted-decimal notation.

ieee-address: Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered: Keyword that specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. When this command is configured, it overrides any dynamic ARP.

unnumbered

Syntax

unnumbered ip-int-name | ip-address

no unnumbered

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures an IP interface as an unnumbered interface and specifies the IP address to be used for the interface.

To conserve IP addresses, unnumbered interfaces can be configured. The address used when generating packets on this interface is the configured ip-address parameter.

An error message is generated when an unnumbered interface is configured and an IP address already exists on this interface.

The no form of this command removes the IP address from the interface, effectively removing the unnumbered property. The interface must be shut down before the no unnumbered command is issued to delete the IP address from the interface or an error message is generated.

Default

no unnumbered

Parameters

ip-int-name | ip-address: Specifies the IP interface name or IP address with which to associate the unnumbered IP interface in dotted-decimal notation. The configured IP address must exist on this node. Nokia recommends using the system IP address as it is not associated with a particular interface and is therefore always reachable. The system IP address is the default if ip-int-name or ip-address is not configured.

vpls

Syntax

vpls service-name

Context

config>service

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command, within the IP interface context, binds the IP interface to the specified service name.

The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). When the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system immediately attempts to resolve the specific name.

If a VPLS service is found associated with the name and with the allow-ip-int-binding flag set, the IP interface is attached to the VPLS service allowing routing to and from the service virtual ports when the IP interface is operational.

A VPLS service associated with the specified name that does not have the allow-ip-int-binding flag set or a non-VPLS service associated with the name will be ignored and will not be attached to the IP interface.

If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-binding flag is set at the time the name is applied, the VPLS service is automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.

If the service name is applied to a VPLS service without the allow-ip-int-binding flag set, the system does not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.

While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-binding flag set will be attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.

When an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-binding flag cannot be removed until the attached IP interface is unbound from the service name. Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-SDP commands on the interface.

Parameters

service-name: Mandatory parameter that specifies the service name that the system will attempt to resolve to an allow-ip-int-binding enabled VPLS service associated with the name. The specified name is expressed as an ASCII string composed of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.

ingress

Syntax

ingress

Context

config>service>ies>if>vpls

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

The ingress node in this context under the VPLS binding defines the routed IP filter ID optional filter overrides.

v4-routed-override-filter

Syntax

v4-routed-override-filter ip-filter-id

no v4-routed-override-filter

Context

config>service>ies>if>vpls>ingress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures an IP filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IP filter applied to SAP or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or is removed, the IP routed packets use any existing ingress IP filter on the VPLS virtual port.

The no form of this command removes the IP routed override filter from the ingress IP interface. When removed, the IP ingress routed packets within a VPLS service attached to the IP interface use the IP ingress filter applied to the packets virtual port, when defined.

Parameters

ip-filter-id

Specifies the ID for the IP filter policy. Allowed values are an integer that corresponds to a previously created IP filter policy in the configure>filter>ip-filter context.

Values: 1 to 65535

IES interface ICMP commands

icmp

Syntax

icmp

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

Commands in this context configure Internet Control Message Protocol (ICMP) parameters on an IES service.

mask-reply

Syntax

[no] mask-reply

Context

config>service>ies>if>icmp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables responses to ICMP mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance replies to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

Default

mask-reply

redirects

Syntax

redirects [number seconds]

no redirects

Context

config>service>ies>if>icmp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the rate for ICMP redirect messages issued on the router interface.

When routes are not optimal on this router and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects are issued can be controlled with the optional number and seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a specific time interval.

By default, the generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP redirects on the router interface.

Default

redirects 100 10

Parameters

number

Specifies the maximum number of ICMP redirect messages to send. This parameter must be specified with the seconds parameter.

Values: 10 to 1000

seconds

Specifies the time frame in seconds used to limit the number of ICMP redirect messages that can be issued.

Values: 1 to 60

ttl-expired

Syntax

ttl-expired number seconds

no ttl-expired

Context

config>service>ies>if>icmp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the rate ICMP TTL expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the limiting the rate of TTL expired messages on the router interface.

Default

ttl-expired 100 10

Parameters

number

Specifies the maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. This parameter must be specified with the seconds parameter.

Values: 10 to 1000

seconds

Specifies he time frame, in seconds, used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer.

Values: 1 to 60

unreachables

Syntax

unreachables [number seconds]

no unreachables

Context

config>service>ies>if>icmp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables are issued can be controlled with the optional number and time parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a specific time interval.

By default, the generation of ICMP destination unreachable messages is enabled at a maximum rate of 10 per 60 second time interval.

The no form of this command disables the generation of ICMP destination unreachable messages on the router interface.

Default

unreachables 100 10

Parameters

number

Specifie the maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.

Values: 10 to 1000

seconds

Specifies the time frame in seconds used to limit the number of ICMP unreachable messages that can be issued.

Values: 1 to 60

IES SAP commands

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command creates a SAP within a service. A SAP is a combination of port and encapsulation parameters that identify the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP does not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can be associated with only a single service. A SAP can only be defined on a port that has been configured as an access port and access uplink port using the configure port port number ethernet mode access uplink command.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted.

Special Cases

IES: A SAP is defined within the context of an IP routed interface. Each IP interface is limited to a single SAP definition. Attempts to create a second SAP on an IP interface will fail and generate an error; the original SAP will not be affected.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition. See Common CLI command descriptions for command syntax.

port-id

Specifies the physical port ID in the slot/mda/port format.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format; for example 1/1/1 specifies port 1 on MDA 1 in slot 1.

The port-id must reference a valid port type. The port must be configured as an uplink access port.

create: Keyword used to create a SAP instance. The create keyword requirement can be enabled or disabled in the environment>create context.

IES filter commands

filter

Syntax

filter ip ip-filter-id

no filter

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command associates a filter policy with an ingress or egress SAP. Filter policies control the forwarding and dropping of packets based on the matching criteria.

The filter command associates a filter policy that has a specified ip-filter-id with an ingress or egress SAP. The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is that non-IP packets are not applied to the match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP. The filter ID is not removed from the system.

Special Cases

IES: Only IP filters are supported on an IES IP interface, and the filters only apply to routed traffic.

Parameters

ip: Keyword indicating the filter policy is an IP filter.

ip-filter-id

Specifies the ID for the IP filter policy. Allowed values are an integer that corresponds to a previously created IP filter policy in the configure>filter>ip-filter context.

Values: 1 to 65535

egress

Syntax

egress

Context

config>service>ies>if>sap

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

Commands in this context apply egress policies.

ingress

Syntax

ingress

Context

config>service>ies>if>sap

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

Commands in this context apply ingress policies

DHCP server commands

dhcp

Syntax

dhcp

Context

config>service>ies>interface

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

Commands in this context configure DHCP parameters.

option

Syntax

[no] option

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enables the context for configuring Option 82 suboptions.

The no form of this command reverts the system to the default values.

Default

no option

action

Syntax

action [dhcp-action] {replace | drop | keep}

no action

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the Relay Agent Information Option (Option 82) processing.

The no form of this command reverts to the default value.

Default

the default is to keep the existing information intact

Parameters

dhcp-action: Specifies the DHCP option action.

replace: Keyword to specify that, in the upstream direction (from the user), the Option 82 field from the router is inserted in the packet (overwriting any existing Option 82 field). In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).

drop: Keyword to specify that the DHCP packet is dropped if an Option 82 field is present, and a counter is incremented.

keep

Keyword to specify that existing information is kept in the packet and the router does not add any more information. In the downstream direction, the Option 82 field is not stripped and is sent on toward the client.

The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router inserts its own VSO into the Option 82 field. This occurs only when the incoming message already has an Option 82 field.

If no Option 82 field is present, the router does not create the Option 82 field. In this in that case, no VSO is added to the message.

gi-address

Syntax

gi-address ip-address [src-ip-addr]

no gi-address

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. The GI address is needed when the router functions as a DHCP relay to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

By default, the GI address used in the relayed DHCP packet is the primary IP address of a normal IES interface. Specifying the GI address allows the user to choose a secondary address.

Default

no gi-address

Parameters

ip-address: Specifies the host IP address to be used for DHCP relay packets.

src-ip-addr: Keyword that specifies the source IP address to be used for DHCP relay packets.

circuit-id

Syntax

circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]

no circuit-id

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the router to send an ASCII-encoded tuple in the circuit-id suboption of the DHCP packet.

To send a tuple in the circuit ID, the action replace command must be configured in the same context.

If disabled, the circuit-id suboption of the DHCP packet will be left empty.

The no form of this command reverts to the default value.

Default

circuit-id

Parameters

ascii-tuple: Specifies that the ASCII-encoded concatenated tuple will be used, which consists of the access-node-identifier, service-id, and interface-name, separated by ‟|”.

ifindex: Specifies that the interface index will be used. The If Index of a router interface can be displayed using the show router interface detail command.

sap-id: Specifies that the SAP identifier will be used.

vlan-ascii-tuple: Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q-encapsulated ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

remote-id

Syntax

[no] remote-id [mac | string string]

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies what information goes into the remote ID suboption in the DHCP relay packet.

If disabled, the remote-id suboption of the DHCP packet will be left empty.

The no form of this command reverts to the default value.

Default

no remote-id

Parameters

mac: Keyword that specifies the MAC address of the remote end is encoded in the suboption.

string string: Specifies the remote ID.

vendor-specific-option

Syntax

[no] vendor-specific-option

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

This command specifies the string in the vendor-specific suboption of the DHCP relay packet.

The no form of this command reverts to the default value.

Parameters

text: Specifies a string that can be any combination of ASCII characters, up to 32 characters. If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

system-id

Syntax

[no] system-id

Context

config>service>ies>if>dhcp>option>vendor

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies whether the system ID is encoded in the vendor-specific suboption of Option 82.

relay-plain-bootp

Syntax

relay-plain-bootp

no relay-plain-bootp

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables the relaying of plain BOOTP packets.

The no form of this command disables the relaying of plain BOOTP packets.

server

Syntax

server server1 [server2...(up to 8 max)]

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers, the request is forwarded to all of the servers in the list.

A maximum of 8 DHCP servers can be configured.

Default

no server

Parameters

server: Specifies the DHCP server IP address.

trusted

Syntax

[no] trusted

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables relaying of untrusted packets.

The no form of this command disables the relay.

Default

not enabled

qos

Syntax

qos policy-id

no qos

Context

config>service>ies>if>sap>egress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command associates a Quality of Service (QoS) policy with an ingress SAP or IP interface.

QoS egress policies are important for the enforcement of SLA agreements. The policy ID must be defined before associating the policy with a SAP. If the policy-id does not exist, an error is returned.

The qos command is used to associate ingress policies. The qos command only allows egress policies to be associated on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one egress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a specific type returns an error.

By default, if no specific QoS policy is associated with the SAP for egress, the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default value.

Parameters

policy-id

Specifies the egress policy ID to associate with SAP on egress. The policy ID must already exist.

Values: 1 to 65535

agg-shaper-rate

Syntax

agg-shaper-rate agg-rate

no agg-shaper-rate

Context

config>service>ies>if>sap>ingress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies the aggregate rate for the SAP shaper. The aggregate SAP shaper is available to limit only the unicast traffic and the BUM traffic across all the FCs of the SAP configured to use ingress queues. Specify the CIR rate and the PIR rate. Users must not oversubscribe the total bandwidth available for use by ingress queues.

The no form of this command disables the use of the SAP aggregate rate shaper. That is, the SAP can use up the maximum bandwidth available.

Default

no agg-shaper-rate

Parameters

agg-rate

Specifies the rate in kilobits per second.

Values: 50 to 3000000 | max (7210 SAS-K 2F6C4T) 64 to 20000000 | max (7210 SAS-K 3SFP+ 8C)

Default: max

agg-shaper-rate

Syntax

agg-shaper-rate agg-rate

no agg-shaper-rate

Context

config>service>ies>if>sap>egress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

The no form of this command disables the use of SAP aggregate rate shaper. That is, the SAP can use up the maximum bandwidth available.

Default

no agg-shaper-rate

Parameters

agg-rate

Specifies the rate in kilobits per second.

Values

50 to 1000000 | max (7210 SAS-K 2F6C4T)

64 to 10000000 | max (7210 SAS-K 3SFP+ 8C)

Default: max

aggregate-meter-rate

Syntax

aggregate-meter-rate rate-in-kbps [burst burst-in-kbits]

no aggregate-meter-rate

Context

config>service>ies>if>sap>ingress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the access SAP ingress aggregate policer. The rate of the SAP ingress aggregate policer must be specified. Users can optionally specify the burst size for the SAP aggregate policer. The aggregate policer monitors the ingress traffic on different FCs using policers to rate-limit the flow and determines the final disposition of the packet. The packet is either forwarded to an identified profile or dropped.

Note:

The sum of CIR of the individual FCs configured under the SAP cannot exceed the PIR rate configured for the SAP. Although the 7210 SAS software does not block this configuration, it is not recommended.
The queued traffic flows are not limited by the aggregate meter. That is, only metered flows can use the aggregate meter. Queued flows can use only aggregate shaper.

The following table lists the final disposition of the packet based on the operating rate of the per-FC policer and the per-SAP aggregate policer.

Table 1. Final disposition of the packet based on per-FC and per-SAP policer or meter
Per FC meter operating rate	Per FC assigned color	SAP aggregate meter operating rate	Final packet color
Within CIR	Green	Within PIR	Green or In-profile
Within CIR	Green	Above PIR	Red and Dropped
Above CIR, Within PIR	Yellow	Within PIR	Yellow or Out-of-Profile
Above CIR, Within PIR	Yellow	Above PIR	Red or Dropped
Above PIR	Red	Within PIR	Red or Dropped
Above PIR	Red	Above PIR	Red or Dropped

The SAP ingress meter counters increment the packet or octet counts based on the final disposition of the packet.

The no form of this command removes the aggregate policer from use.

Default

no aggregate-meter-rate

Parameters

rate-in-kbps

Specifies the rate in kilobits per second.

Values

50 to 3000000 | max (7210 SAS-K 2F1C2T and 7210 SAS-K 2F6C4T)

64 to 20000000 | max (7210 SAS-K 3SFP+ 8C)

Default: max

burst-in-kbits

Specifies the burst size for the policer in kilobits. The burst size cannot be configured without configuring the rate.

Values: 1 to 16384 | default

Default: 512

qos

Syntax

qos policy-id

no qos

Context

config>service>ies>if>sap>ingress

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command associates a QoS policy with an ingress SAP or IP interface.

QoS ingress policies are important for the enforcement of SLA agreements. The policy ID must be defined before associating the policy with a SAP. If the policy-id does not exist, an error is returned.

The qos command is used to associate ingress policies. The qos command only allows ingress policies to be associated on SAP ingress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a specific type returns an error.

By default, if no specific QoS policy is associated with the SAP for ingress, the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default value.

Parameters

policy-id

Specifies the ingress policy ID to associate with SAP on ingress. The policy ID must already exist.

Values: 1 to 65535

local-proxy-arp

Syntax

[no] local-proxy-arp

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables local proxy ARP. When local proxy ARP is enabled on an IP interface, the system responds to all ARP requests for IP addresses belonging to the subnet with its own MAC address, and therefore will become the forwarding point for all traffic between hosts in that subnet. When the local-proxy-arp command is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default

no local-proxy-arp

local-dhcp-server

Syntax

local-dhcp-server server-name [create]

no local-dhcp-server server-name

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures a local DHCP server. A local DHCP server can serve multiple interfaces but is limited to the routing context in which it was created.

Parameters

server-name: Specifies the name of local DHCP server.

create: Keyword used to create the server name. The create keyword requirement can be enabled or disabled in the environment>create context.

loopback

Syntax

[no] loopback

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies that the interface is a loopback interface that has no associated physical interface. As a result, the associated IES interface cannot be bound to a SAP.

You can configure an IES interface as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined, and a SAP cannot be defined on a loopback interface.

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures the IP maximum transmit unit (MTU) (packet) for this interface.

Because this connects a Layer 2 to a Layer 3 service, this parameter can be adjusted under the IES interface.

The MTU that is advertised from the IES size is the following:

MINIMUM ((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

By default (for Ethernet network interface) if no ip-mtu is configured, it is (1568 - 14) = 1554.

The no form of this command reverts to the default value.

Default

no ip-mtu

IES interface VRRP commands

vrrp

Syntax

vrrp virtual-router-id [owner]

no vrrp virtual-router-id

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as an owner. The vrrp virtual-router-id context defines the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shut down to remove the virtual router instance.

Parameters

virtual-router-id

Specifies a new virtual router ID or one that can be modified on the IP interface.

Values: 1 to 255

owner: Keyword that defines the virtual router instance as an owner.

authentication-key

Syntax

authentication-key [authentication-key | hash-key] [hash | hash2]

no authentication-key

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key is used immediately.

If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time, altering the simple text password used when authentication-type password authentication method is used by the virtual router instance. The authentication-type password command does not need to be executed before defining the authentication-key command.

To change the current in-use password key on multiple virtual router instances:

identify the current master
shut down the virtual router instance on all backups
execute the authentication-key command on the master to change the password key
execute the authentication-key command and no shutdown command on each backup key

By default, the authentication data field contains the value 0 in all 16 octets.

The no form of this command restores the default null string to the value of key.

Parameters

authentication-key

Specifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The authentication-key parameter is expressed as a string consisting of up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( ‟ ” ). The quotation marks are not considered part of the string.

The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values

any 7-bit printable ASCII character


exceptions:	double quote	(")	ASCII 34
	carriage return		ASCII 13
	line feed		ASCII 10
	tab		ASCII 9
	backspace		ASCII 8

hash-key

Specifies the hash key. The key can be any combination of ASCII characters up to 22 characters (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

This option is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash: Keyword to specify the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2: Keyword to specify the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

backup

Syntax

[no] backup ip-address

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures virtual router IP addresses for the interface.

Default

no backup

Parameters

ip-address

Specifies the destination IP address for backup.

Values: a.b.c.d

bfd-enable

Syntax

bfd-enable service-id interface interface-name dst-ip ip-address

no bfd-enable service-id if if-name dst-ip ip-address

bfd-enable interface interface-name dst-ip ip-address

no bfd-enable interface interface-name dst-ip ip-address

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables the use of bidirectional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a specific protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set using the BFD command under the IP interface.

The no form of this command removes BFD from the associated BGP protocol peering.

Default

no bfd-enable

init-delay

Syntax

init-delay seconds

no init-delay

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values: 1 to 65535

master-int-inherit

Syntax

[no] master-int-inherit

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command allows the master instance to dictate the master down timer (non-owner context only).

Default

no master-int-inherit

message-interval

Syntax

message-interval {[seconds] [milliseconds milliseconds]}

no message-interval

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers participating as a virtual router. Any VRRP advertisement message received with an Advertisement Interval field different from the virtual router instance configured message-interval value will be silently discarded.

This command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second is used.

The no form of this command reverts to the default value.

Parameters

seconds

Specifies the number of seconds that will transpire before the advertisement timer expires.

Values: 1 to 255

Default: 1

milliseconds

Specifies the milliseconds time interval between sending advertisement messages. This parameter is not supported on single-slot chassis.

Values: 100 to 900

ping-reply

Syntax

[no] ping-reply

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of ping reply configuration.

The ping-reply command is available only in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses are silently discarded.

The no form of this command reverts to the default operation of discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.

Default

no ping-reply

policy

Syntax

policy vrrp-policy-id

no policy

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).

Parameters

vrrp-policy-id

Specifies a VRRP priority control policy.

Values: 1 to 9999

preempt

Syntax

preempt

no preempt

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command provides the ability to override an existing non-owner master to the virtual router instance. Enabling preempt mode is recommended for correct operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the affect of the dynamic changing of the in-use priority is greatly diminished.

The preempt command is available only in the non-owner vrrp virtual-router-id nodal context. The owner may not be preempted because the priority of non-owners can never be higher than the owner. The owner always preempts all other virtual routers when it is available.

Non-owner virtual router instances only preempt when preempt is set and the current master has an in-use message priority value less than the virtual router instance in-use priority.

A master non-owner virtual router allows itself to be preempted only when the incoming VRRP advertisement message priority field value is one of the following:

greater than the virtual router in-use priority value
equal to the in-use priority value and the source IP address (primary IP address) is greater than the virtual router instance primary IP address

The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable virtual router. Use the preempt command to revert to the default mode.

Default

preempt

priority

Syntax

priority priority

no priority

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures a specific priority value for the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is available only in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority is set to 100.

The no form of this command reverts to the default value of 100.

Parameters

base-priority

Specifies the base priority used by the virtual router instance. If a VRRP priority control policy is not also defined, the base-priority is the in-use priority for the virtual router instance.

Values: 1 to 254

Default: 100

ssh-reply

Syntax

[no] ssh-reply

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables the non-owner master to reply to SSH requests directed at the virtual router instance IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parent IP interface or based on the SSH source host address). Proper login and CLI command authentication is still enforced.

When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded. Non-owner backup virtual routers never respond to SSH regardless of the SSH reply configuration.

The ssh-reply command is available only in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses are silently discarded.

The no form of this command reverts to the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default

no ssh-reply

standby-forwarding

Syntax

[no] standby-forwarding

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command allows the forwarding of packets by a standby router.

The no form of this command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.

Default

no standby-forwarding

telnet-reply

Syntax

[no] telnet-reply

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the virtual router instance IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parent IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the telnet-reply configuration.

The telnet-reply command is available only in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses are silently discarded.

The no form of this command revert to the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default

no telnet-reply

traceroute-reply

Syntax

[no] traceroute-reply

Context

config>service>ies>if>vrrp

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses.

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

A non-owner backup virtual router never responds to such traceroute requests regardless of the traceroute reply status.

Default

no traceroute-reply

IES interface IPv6 commands

ipv6

Syntax

ipv6

no ipv6

Context

config>service>ies>if

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command enables IPv6 for an IES interface.

The no form of this command disables IPv6.

Default

no ipv6

address

Syntax

ipv6 ipv6-address/prefix-length [eui-64] [preferred]

no ipv6 ipv6-address/prefix-length

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command assigns an address to the IPv6 interface.

The no form of this command deletes the specified IPv6 address.

Parameters

ipv6-address/prefix-length

Specifies the interface IP address.

Values


`ipv6-address`:	x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D
prefix-length:	1 to 128

eui-64: Keyword to specify that a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces.

preferred: Keyword to specify that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address maybe used as the source (or destination) address of packets sent from (or to) the interface.

icmp6

Syntax

icmp

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures ICMPv6 parameters for the interface.

packet-too-big

Syntax

packet-too-big number seconds

no packet-too-big

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies whether, and how often, ICMPv6 ‟packet-too-big” messages should be sent. When enabled, ICMPv6 ‟packet-too-big” messages are generated by this interface.

The no form of this command disables the sending of ICMPv6 ‟packet-too-big” messages.

Default

no packet too big

Parameters

number

Specifies the number of ICMPv6 ‟packet-too-big” messages to send in the time frame specified by the seconds parameter.

Values: 10 to 1000

Default: 100

seconds

Specifies the time frame, in seconds, that is used to limit the number of ICMPv6 ‟packet-too-big” messages sent.

Values: 1 to 60

Default: 10

param-problem

Syntax

param-problem number seconds

no param-problem

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command specifies whether, and how often, ICMPv6 ‟parameter-problem” messages should be sent. When enabled, ICMPv6 ‟parameter-problem” messages are generated by this interface.

The no form of this command disables the sending of ICMPv6 ‟parameter-problem” messages.

Default

no param-problem

Parameters

number

Specifies the number of ICMPv6 ‟parameter-problem” messages to send in the time frame specified by the seconds parameter.

Values: 10 to 1000

Default: 100

seconds

Specifies the time frame, in seconds, that is used to limit the number of ICMPv6 ‟parameter-problem” messages sent.

Values: 1 to 60

Default: 10

redirects

Syntax

redirects number seconds

no redirects

Context

config>service>ies>if>ipv6>icmp6

Description

Patforms Supported: 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

This command configures ICMPv6 ‟redirect” messages. When enabled, ICMPv6 redirects are generated when routes are not optimal on this router and another router on the same subnetwork has a better route to alert that node that a better route is available should be sent.

The no form of this command disables the sending of ICMPv6 ‟redirect” messages.

Default

no redirects

Parameters

number

Specifies the number of ICMPv6 ‟redirect” messages to send in the time frame specified by the seconds parameter

Values: 10 to 1000

Default: 100

seconds

Specifies the time frame, in seconds, that is used to limit the number of ICMPv6 ‟redirect” messages sent

Values: 1 to 60

Default: 10

time-exceeded

Syntax

time-exceeded number seconds

no time-exceeded

Context

config>service>ies>if>ipv6>icmp6

Description

Patforms Supported: 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

This command configures the rate for ICMPv6 ‟time-exceeded” messages.

The no form of this command disables the sending of ICMPv6 ‟time-exceeded” messages.

Default

no time-exceeded

Parameters

number

Specifies the number of ICMPv6 ‟time-exceeded” messages to send in the time frame specified by the seconds parameter.

Values: 10 to 1000

Default: 100

seconds

Specifies the time frame, in seconds, that is used to limit the number of ICMPv6 ‟time-exceeded” messages sent.

Values: 1 to 60

Default: 10

unreachables

Syntax

unreachables number seconds

no unreachables

Context

config>service>ies>if>ipv6>icmp6

Description

Patforms Supported: 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

This command enables and configures the rate for ICMPv6 host and network destination ‟unreachables” messages issued on the router interface.

The no form of this command disables the generation of ICMPv6 destination ‟unreachables” messages on the router interface.

Default

no unreachables

Parameters

number

Specifies the number of ICMPv6 ‟unreachables” messages to send in the time frame specified by the seconds parameter.

Values: 10 to 1000

Default: 100

seconds

Specifies the time frame, in seconds, that is used to limit the number of ICMPv6 ‟unreachables” messages sent.

Values: 1 to 60

Default: 10

link-local-address

Syntax

ipv6 ipv6-address [preferred]

no ipv6 ipv6-address/prefix-length

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command assigns the IPv6 link local address to the interface.

Parameters

ipv6-address

Specifies the IPv6 link local address.

Values


`ipv6-address`:	x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D

preferred: Keyword to specify that the IPv6 link local address is the preferred IPv6 link local address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred addresses maybe used as the source (or destination) address of packets sent from (or to) the interface.

local-proxy-nd

Syntax

local-proxy-nd number seconds

no local-proxy-nd

Context

config>service>ies>if>ipv6

Description

Patforms Supported: 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

This command enables local proxy neighbor discovery on the interface.

The no form of this command disables local proxy neighbor discovery.

Default

no local-proxy-nd

neighbor

Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command configures IPv6-to-MAC address mapping on the interface.

The no form of this command deletes IPv6-to-MAC address mapping for the specified IPv6 address.

Parameters

ipv6-address

Specifies the IPv6 address.

Values


`ipv6-address`:	x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D

mac-address: Specifies the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any unicast MAC addresses and non-IEEE reserved MAC addresses.

proxy-nd-policy

Syntax

proxy-nd-policy policy-name [policy-name...(up to 5 max)]

no proxy-nd-policy

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C

Description

This command applies a proxy neighbor discovery policy for the interface.

The no form of this command disables the proxy neighbor discovery policy application.

Default

no proxy-nd-policy

Parameters

policy-name: Specifies an existing neighbor discovery policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, spaces), the entire string must be enclosed within double quotes. The specified policy names must already be defined.

IES show commands

customer

Syntax

customer [customer-id] [site customer-site-name]

Context

show>service

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays service customer information.

Parameters

customer-id

Displays only information for the specified customer ID.

Values: 1 to 2147483647

Default: all customer IDs display

site customer-site-name: Specifies the customer site that is the anchor point for an ingress and egress virtual scheduler hierarchy.

Output

The following output is an example of customer information, and Output fields: customer describes the output fields.

Sample output

*A:ALA-12# show service customer
==========================================================
Customers
==========================================================
Customer-ID : 1
Contact     : Manager
Description : Default customer
Phone       : (123) 555-1212

Customer-ID : 2
Contact     : Tech Support
Description : TiMetra Networks
Phone       : (234) 555-1212

Customer-ID : 3
Contact     : Fred
Description : TiMetra Networks
Phone       : (345) 555-1212

Customer-ID : 6
Contact     : Ethel
Description : Epipe Customer
Phone       : (456) 555-1212

Customer-ID : 7
Contact     : Lucy
Description : ABC Customer
Phone       : (567) 555-1212

Customer-ID : 8
Contact     : Customer Service
Description : IES Customer
Phone       : (678) 555-1212

Customer-ID : 274
Contact     : Mssrs. Beaucoup
Description : ABC Company
Phone       : 650 123-4567

Customer-ID : 94043
Contact     : Test Engineer on Duty
Description : TEST Customer
Phone       : (789) 555-1212

------------------------------------------------------
Total Customers : 8
-----------------------------------------------------------
*A:ALA-12#


*A:ALA-12# show service customer 274
==============================================================================
Customer  274
==============================================================================
Customer-ID : 274
Contact     : Mssrs. Beaucoup
Description : ABC Company
Phone       : 650 123-4567
------------------------------------------------------------------------------
Multi Service Site
------------------------------------------------------------------------------
Site        : west
Description : (Not Specified)
==============================================================================
*A:ALA-12#


*A:ALA-12# show service customer 274 site west
==============================================================================
Customer  274
==============================================================================
Customer-ID : 274
Contact     : Mssrs. Beaucoup
Description : ABC Company
Phone       : 650 123-4567
------------------------------------------------------------------------------
Multi Service Site
------------------------------------------------------------------------------
Site        : west
Description : (Not Specified)
Assignment  : Card 5
I. Sched Pol: SLA1
E. Sched Pol: (Not Specified)
------------------------------------------------------------------------------
Service Association
------------------------------------------------------------------------------
No Service Association Found.
==============================================================================
*A:ALA-12#

Table 2. Output fields: customer
Label	Description
Customer-ID	The ID that uniquely identifies a customer.
Contact	The name of the primary contact person.
Description	Generic information about the customer.
Phone	The phone/pager number to reach the primary contact person.
Total Customers	The total number of customers configured.
Multi-service site
Site	Multi-service site name. A multi-service customer site is a group of SAPs with common origination and termination points.
Description	Information about a specific customer multi-service site.
Assignment	The port ID, MDA, or card number, where the SAPs that are members of this multi-service site are defined.
I. Sched Pol	The ingress QoS scheduler policy assigned to this multi-service site.
E. Sched Pol	The egress QoS scheduler policy assigned to this multi-service site.
Service Association
Service-ID	The ID that uniquely identifies a service.
SAP	Specifies the SAP assigned to the service.

sap-using

Syntax

sap-using [sap sap-id]

sap-using interface [ip-address | ip-int-name]

sap-using [ingress | egress] filter filter-id

sap-using [ingress] qos-policy qos-policy-id

Context

show>service

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays SAP information.

If no optional parameters are specified, the command displays a summary of all defined SAPs. The optional parameters restrict output to only SAPs matching the specified properties.

Parameters

sap sap-id: Specifies the physical port identifier portion of the SAP definition. See Common CLI command descriptions for command syntax.

ingress: Keyword to specify matching an ingress policy.

egress: Keyword to specify matching an egress policy.

filter filter-id

Specifies the ingress or egress filter policy ID for which to display matching SAPs.

Values: 1 to 65535

interface: Keyword to specify matching SAPs with the specified IP interface.

ip-addr

Specifies the IP address of the interface for which to display matching SAPs.

Values: a.b.c.d

ip-int-name: Specifies the IP interface name for which to display matching SAPs.

Output

The following output is an example of service SAP information, and Output fields: SAP-using describes the output fields.

Sample output

*A:DUT-B# show service sap-using sap 1/1/3:100.*  
=========================================================================
Service Access Points
=========================================================================
PortId                          SvcId      Ing.  Ing.    Egr.   Adm  Opr
                                           QoS   Fltr    Fltr
-------------------------------------------------------------------------
1/1/1                           6          1     none    none   Up   Down
1/1/2                           700        1     none    none   Up   Down
-------------------------------------------------------------------------
Number of SAPs : 2
=========================================================================
*A:DUT-B#

Table 3. Output fields: SAP-using
Label	Description
Port ID	The ID of the access port where the SAP is defined.
Svc ID	The value that identifies the service.
SapMTU	The SAP MTU value.
Igr.QoS	The SAP ingress QoS policy number specified on the ingress SAP.
Ing.Fltr	The MAC or IP filter policy ID applied to the ingress SAP.
E.QoS	The SAP egress QoS policy number specified on the egress SAP.
Egr.Fltr	The MAC or IP filter policy ID applied to the egress SAP.
A.Pol	The accounting policy ID assigned to the SAP.
Adm	The administrative state of the SAP.
Opr	The actual state of the SAP.

service-using

Syntax

service-using [ies] [customer customer-id]

Context

show>service

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays the services matching specific usage properties. If no optional parameters are specified, all services defined on the system are displayed.

Parameters

ies: Display matching IES services.

customer customer-id

Displays services only associated with the specified customer ID.

Values: 1 to 2147483647

Default: services associated with an customer

Output

The following output is an example of service information, and Output fields: service-using describes the output fields.

Sample output

A:ALA-48# show service service-using ies
===============================================================================
Services [ies]
===============================================================================
ServiceId    Type      Adm    Opr        CustomerId        Last Mgmt Change
-------------------------------------------------------------------------------
88           IES       Up     Down       8                 07/25/2006 15:46:28
89           IES       Up     Down       8                 07/25/2006 15:46:28
104          IES       Up     Down       1                 07/25/2006 15:46:28
200          IES       Up     Down       1                 07/25/2006 15:46:28
214          IES       Up     Down       1                 07/25/2006 15:46:28
321          IES       Up     Down       1                 07/25/2006 15:46:28
322          IES       Down   Down       1                 07/25/2006 15:46:28
1001         IES       Up     Down       1730              07/25/2006 15:46:28
-------------------------------------------------------------------------------
Matching Services : 8
-------------------------------------------------------------------------------
A:ALA-48#

Table 4. Output fields: service-using
Label	Description
Service Id	The value that identifies the service.
Type	Specifies the service type configured for the service ID.
Adm	The administrative state of the service.
Opr	The operating state of the service.
CustomerID	The ID of the customer who owns this service.
Last Mgmt Change	The date and time of the most recent management-initiated change to this service.

id

Syntax

id service-id {all | arp | base | sap}

Context

show>service

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays information for a particular service-id.

Parameters

service-id: Specifies the unique service identification number to identify the service in the service domain.

all: Displays detailed information about the service.

arp: Displays ARP entries for the service.

base: Displays basic service information.

sap: Displays SAPs associated to the service.

all

Syntax

all

Context

show>service>id

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays detailed information for all aspects of the service.

Output

Output fields: ID all describes the all service ID command output fields.

Sample output

Table 5. Output fields: ID all
Label	Description
Service Detailed Information
Service Id	The service identifier.
VPN Id	The number which identifies the VPN.
Service Type	Specifies the type of service.
SDP Id	The SDP identifier.
Description	Generic information about the service.
Customer Id	The customer identifier.
Last Mgmt Change	The date and time of the most recent management-initiated change to this customer.
SAP Count	The number of SAPs specified for this service.
SDP Bind Count	The number of SDPs bound to this service.
Service Destination Points (SDPs)
SDP Id	The SDP identifier.
Type	Indicates whether this Service SDP binding is a spoke or a mesh.
Admin Path MTU	The largest service frame size (in octets) that can be transmitted through this SDP to the far-end router, without requiring the packet to be fragmented.
Oper Path MTU	The actual largest service frame size (in octets) that can be transmitted through this SDP to the far-end router, without requiring the packet to be fragmented.
Delivery	Specifies the type of delivery used by the SDP: MPLS.
Admin State	The administrative state of this SDP.
Oper State	The operational state of this SDP.
Ingress Label	The label used by the far-end device to send packets to this device in this service by this SDP.
Egress Label	The label used by this device to send packets to the far-end device in this service by this SDP.
Ingress Filter	The ID of the ingress filter policy.
Egress Filter	The ID of the egress filter policy.
Far End	Specifies the IP address of the remote end of the MPLS tunnel defined by this SDP.
Last Changed	The date and time of the most recent change to this customer.
Signaling	Specifies the signaling protocol used to obtain the ingress and egress labels used in frames transmitted and received on this SDP.
Admin State	Specifies the operating status of the service.
Oper State	The current status of the service.
Hello Time	Specifies how often the SDP echo request messages are transmitted on this SDP.
Hello Msg Len	Specifies the length of the SDP echo request messages transmitted on this SDP.
Max Drop Count	Specifies the maximum number of consecutive SDP Echo Request messages that can be unacknowledged before the keepalive protocol reports a fault.
Hold Down Time	Specifies the amount of time to wait before the keepalive operating status is eligible to enter the alive state.
SDP Delivery Mechanism	When the SDP type is MPLS, a list of LSPs used to reach the far-end router displays. All the LSPs in the list must terminate at the IP address specified in the far-end field.
Number of SDPs	The total number SDPs applied to this service ID.
Service Access Points
Service Id	The service identifier.
Port Id	The ID of the access port where this SAP is defined.
Description	Generic information about the SAP.
Encap	The value of the label used to identify this SAP on the access port.
Admin State	The desired state of the SAP.
Oper State	The operating state of the SAP.
Last Changed	The date and time of the last change.
Admin MTU	The largest service frame size (in octets) that can be transmitted through this SDP to the far-end router, without requiring the packet to be fragmented.
Oper MTU	The actual largest service frame size (in octets) that can be transmitted through this SDP to the far-end router, without requiring the packet to be fragmented.
Ingress qos-policy	The SAP ingress QoS policy ID.
Egress qos-policy	The SAP egress QoS policy ID.
Ingress Filter-Id	The SAP ingress filter policy ID.
Egress Filter-Id	The SAP egress filter policy ID.
Multi Svc Site	Indicates the multi-service site that the SAP is a member.
Ingress sched-policy	Indicates the ingress QoS scheduler for the SAP.
Egress sched-policy	Indicates the egress QoS scheduler for the SAP.
Acct. Pol	Indicates the accounting policy applied to the SAP.
Collect Stats	Specifies whether accounting statistics are collected on the SAP.
SAP Statistics
Dropped	The number of packets or octets dropped.
Offered Hi Priority	The number of high priority packets, as determined by the SAP ingress QoS policy.
Offered Low Priority	The number of low priority packets, as determined by the SAP ingress QoS policy.
Forwarded In Profile	The number of in-profile packets or octets (rate below CIR) forwarded.
Forwarded Out Profile	The number of out-of-profile packets or octets (rate above CIR) forwarded.

arp

Syntax

arp [ip-address] | [mac ieee-address] | [sap sap-id] | [interface ip-int-name]

Context

show>service>id

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

Displays the ARP table for the IES instance. The ARP entries for a subscriber interface are displayed uniquely. Each MAC associated with the subscriber interface child group-interfaces are displayed with each subscriber interface ARP entry. They do not reflect actual ARP entries but are displayed along the interfaces ARP entry for easy lookup.

Parameters

ip-address

Specifies the IP address of the interface for which to display matching ARP entries.

Values


ipv4-address:	a.b.c.d (host bits must be 0)
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D

mac ieee-address

Displays only ARP entries in the ARP table with the specified 48-bit MAC address. The MAC address can be expressed in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers.

Default: All MAC addresses.

sap sap-id: Displays SAP information for the specified SAP ID. See Common CLI command descriptions for command syntax.

interface: Specifies matching service ARP entries associated with the IP interface.

ip-int-name: Specifies the IP interface name for which to display matching ARPs.

Output

The following output is an example of ARP information, and Output fields: ARP describes the output fields.

Sample output

*A:DUT-B# show service id 100 arp 
==============================================================================
ARP Table
===============================================================================
IP Address      MAC Address         Type       Expiry    Interface         SAP      
-------------------------------------------------------------------------------
192.168.1.2     00:00:01:00:00:01  Other     00h00m00s   HW                1/1/1:10*
192.168.1.1     32:67:01:01:00:03  Other     00h00m00s   to7x              1/1/3:10*
192.168.2.2     32:68:01:01:00:02  Dynamic   03h59m58s   to7x              1/1/3:10*
===============================================================================
*A:DUT-B#

Table 6. Output fields: ARP
Label	Description
IP Address	The IP address.
MAC Address	The specified MAC address.
Type	Static — FDB entries created by management. Learned — Dynamic entries created by the learning process. Other — Local entries for the IP interfaces created.
Expiry	The age of the ARP entry.
Interface	The interface applied to the service.
SAP	The SAP ID.

base

Syntax

base

Context

show>service>id

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays basic information about this IES service.

Output

The following output is an example of basic IES service information, and Output fields: base describes the output fields.

Sample output

*A:ALA-A# show service id 100 base
---------------------------------------------------------------
Service Basic Information
---------------------------------------------------------------
Service Id        : 100                 Vpn Id            : 100
Service Type      : IES
Description       : Default Ies description for service id 100
Customer Id       : 1
Last Status Change: 08/29/2006 17:44:28
Last Mgmt Change  : 08/29/2006 17:44:28
Admin State       : Up                  Oper State        : Up
SAP Count         : 2
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier                       Type         AdmMTU  OprMTU  Adm     Opr
-------------------------------------------------------------------------------
sap:1/1/3                        null         1514    1514    Up      Up
sap:1/1/4                        null         1514    1514    Up      Up
===============================================================================
*A:ALA-A#

Table 7. Output fields: base
Label	Description
Service Id	Displays the service identifier.
VPN Id	Displays the VPN identifier.
Service Type	Displays the type of service.
Description	Displays generic information about the service.
Customer Id	Displays the customer identifier.
Last Status Change	Displays the date and time of the most recent status change.
Last Mgmt Change	Displays the date and time of the most recent management-initiated change to this customer.
Admin State	The administrative state of the service.
Oper State	The operational state of the service.
SAP Count	The number of SAPs defined on the service.
Identifier	Specifies the service access ID (SAP).
Type	The type of SAPs allowed in the service. It also describes the applied processing by the node to the packets received on these SAPs.
AdminMTU	The largest frame size (in octets) that the SAP can handle.
OprMTU	Specifies the actual largest service frame size (in octets) that can be transmitted through this port, without requiring the packet to be fragmented.
Admin	The administrative state of the SAP.
Opr	The operating state of the SAP.

interface

Syntax

interface [ip-address | ip-int-name] [detail | summary]

Context

show>service>id

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command displays information for the IP interfaces associated with the IES service. If no optional parameters are specified, a summary of all IP interfaces associated to the service are displayed.

Parameters

ip-address

Specifies the IP address of the interface for which to display information.

Values


ipv4-address:	a.b.c.d (host bits must be 0)
`ipv6-address`:	x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D

ip-int-name

Specifies the IP interface name for which to display information.

Values: 32 characters maximum

detail

Displays detailed IP interface information.

Default: IP interface summary output.

summary: Displays the summary of IP interface information.

Output

The following output is an example of service interface information, and Output fields: service ID interface describes the output fields.

Sample output

A:ALA-49# show service id 88 interface
===============================================================================
Interface Table
===============================================================================
Interface-Name                   Adm         Opr(v4/v6)  Type    Port/SapId
   IP-Address                                                    PfxState
-------------------------------------------------------------------------------
Sector A                         Up          Down/Down   IES     1/1/1.2.2
   -                                                             -
test                             Up          Down/Down   IES     1/1/2:0
   10.1.1.1/31                                                   n/a
   10.1.1.1/31                                                   n/a
   10.1.2.1/31                                                   n/a
test27                           Up          Up/--       IES Sub subscriber
   192.168.10.21/24                                              n/a
grp-if                           Up          Down/--     IES Grp 1/2/2
Interfaces : 4
===============================================================================
A:ALA-49#
A:ALA-49# show service id 88 interface
===============================================================================
Interface Table
===============================================================================
Interface-Name Adm Opr(v4/v6) Type Port/SapId
IP-Address PfxState
-------------------------------------------------------------------------------
Sector A Up Down/Down IES 1/1/1.2.2
- -
test Up Down/Down IES 1/1/2:0
10.1.1.1/31 n/a
10.1.1.1/31 n/a
10.1.2.1/31 n/a
test27 Up Up/-- IES Sub subscriber
192.168.10.21/24 n/a
grp-if Up Down/-- IES Grp 1/2/2
Interfaces : 4
===============================================================================
A:ALA-49#

Table 8. Output fields: service ID interface
Label	Description
If Name	The name used to refer to the IES interface.
Type	Specifies the interface type.
IP-Address	Specifies the IP address/IP subnet/broadcast address of the interface.
Adm	The administrative state of the interface.
Opr	The operational state of the interface.
Admin State	The administrative state of the interface.
Oper State	The operational state of the interface.
IP Addr/mask	Specifies the IP address/IP subnet/broadcast address of the interface.
If Index	The index corresponding to this IES interface. The primary index is 1; all IES interfaces are defined in the base virtual router context.
If Type	Specifies the interface type.
SAP Id	Specifies the SAP port ID.
SNTP B.Cast	Specifies whether SNTP broadcast client mode is enabled or disabled.
Arp Timeout	Specifies the timeout for an ARP entry learned on the interface.
MAC Address	Specifies the 48-bit IEEE 802.3 MAC address.
ICMP Mask Reply	Specifies whether ICMP mask reply is enabled or disabled.
Cflowd	Specifies whether cflowd collection and analysis on the interface is enabled or disabled.
Redirects	Specifies the rate for ICMP redirect messages.
Unreachables	Specifies the rate for ICMP unreachable messages.
TTL Expired	Specifies the rate for ICMP TTL messages.