v Commands
v4-routed-override-filter
v4-routed-override-filter
Syntax
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context
[Tree] (config>service>ies>if>vpls>egress v4-routed-override-filter)
Full Context
configure service ies interface vpls egress v4-routed-override-filter
Description
This command configures an IPv4 filter ID that are applied to packets egressing the IES R-VPLS interface. The filter overrides existing egress IPv4 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.
The no form of this command removes the IPv4 routed override filter from the egress IES R-VPLS interface. When removed, egress IPv4 packets will use the IPv4 egress filter applied to the VPLS endpoint, if configured.
Parameters
- ip-filter-id
-
Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.
Platforms
All
v4-routed-override-filter
Syntax
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context
[Tree] (config>service>ies>if>vpls>ingress v4-routed-override-filter)
Full Context
configure service ies interface vpls ingress v4-routed-override-filter
Description
This command configures an IPv4 filter ID that is applied to all ingress packets entering the VPLS or I-VPLS service. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed. The IPv4 routed packets use any existing ingress IPv4 filter on the VPLS virtual port.
The no form of this command removes the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface use the IPv4 ingress filter applied to the packets virtual port, when defined.
Parameters
- ip-filter-id
-
Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.
Platforms
All
v4-routed-override-filter
Syntax
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context
[Tree] (config>service>vprn>if>vpls>egress v4-routed-override-filter)
Full Context
configure service vprn interface vpls egress v4-routed-override-filter
Description
This command configures an IPv4 filter ID that is applied to packets egressing the VPRN R-VPLS interface. The filter overrides the existing egress IPv4 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.
The no form of this command removes the IPv4 routed override filter from the egress VPRN R-VPLS interface. When removed, egress IPv4 packets will use the IPv4 egress filter applied to VPLS endpoint, if configured.
Parameters
- ip-filter-id
-
Specifies the IP filter ID. This parameter is required when executing the v4- routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.
Platforms
All
v4-routed-override-filter
Syntax
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context
[Tree] (config>service>vprn>if>vpls>ingress v4-routed-override-filter)
Full Context
configure service vprn interface vpls ingress v4-routed-override-filter
Description
This command configures an IPv4 filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv4 routed packet’s will use the any existing ingress IPv4 filter on the VPLS virtual port.
The no form of this command removes the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface will use the IPv4 ingress filter applied to the packets virtual port, when defined.
Parameters
- ip-filter-id
-
Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.
Platforms
All
v6-aggregate-stats
v6-aggregate-stats
Syntax
[no] v6-aggregate-stats
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute v6-aggregate-stats)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute v6-aggregate-stats
Description
This command enables reporting of IPv6 aggregated forwarded octet and packet counters using RADIUS VSAs. Disabled by default. It requires stat-mode v4-v6 for policers and queues for which the IPv6 aggregate forwarded packets should be counted.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
v6-frag-header
v6-frag-header
Syntax
[no] v6-frag-header
Context
[Tree] (config>service>nat>map-domain>ip-fragmentation v6-frag-header)
Full Context
configure service nat map-domain ip-fragmentation v6-frag-header
Description
This command enables and disables the insertion of the fragmentation header in an IPv6 packet when translating non-fragmented IPv4 packet with DF=0. This option is disabled by default and the size of the IPv6 packet is reduced by 8 bytes.
Default
no v6-frag-header
Platforms
VSR
v6-routed-override-filter
v6-routed-override-filter
Syntax
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context
[Tree] (config>service>ies>if>vpls>egress v6-routed-override-filter)
Full Context
configure service ies interface vpls egress v6-routed-override-filter
Description
This command configures an IPv6 filter ID that is applied to packets egressing the IES R-VPLS interface. The filter overrides existing egress IPv6 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.
The no form of this command removes the IPv4 routed override filter from the egress IES R-VPLS interface. When removed, egress IPv6 routed packets uses the IPv6 egress filter applied to VPLS endpoint, if configured
Parameters
- ipv6-filter-id
-
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.
Platforms
All
v6-routed-override-filter
Syntax
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context
[Tree] (config>service>ies>if>vpls>ingress v6-routed-override-filter)
Full Context
configure service ies interface vpls ingress v6-routed-override-filter
Description
This command configures an IPv6 filter ID that is applied to all ingress packets entering the VPLS or I-VPLS service. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets use any existing ingress IPv6 filter on the VPLS virtual port.
The no v6-routed-override-filter command is used to remove the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface will use the IPv6 ingress filter applied to the packet’s virtual port, when defined.
Parameters
- ipv6-filter-id
-
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.
Platforms
All
v6-routed-override-filter
Syntax
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context
[Tree] (config>service>vprn>if>vpls>egress v6-routed-override-filter)
Full Context
configure service vprn interface vpls egress v6-routed-override-filter
Description
This command configures an IPv6 filter ID that is applied to packets egressing the VPRN R-VPLS interface. The filter overrides existing egress IPv6 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.
The no form of the command removes the IPv4 routed override filter from the egress VPRN R-VPLS interface. When removed, egress IPv6 packets will use the IPv6 egress filter applied to the VPLS endpoint, if configured.
Parameters
- ipv6-filter-id
-
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.
Platforms
All
v6-routed-override-filter
Syntax
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context
[Tree] (config>service>vprn>if>vpls>ingress v6-routed-override-filter)
Full Context
configure service vprn interface vpls ingress v6-routed-override-filter
Description
This command configures an IPv6 filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets use the any existing ingress IPv6 filter on the VPLS virtual port.
The no form of the command removes the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface uses the IPv6 ingress filter applied to the packet’s virtual port, when defined.
Parameters
- ipv6-filter-id
-
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.
Platforms
All
valid-lifetime
valid-lifetime
Syntax
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
no valid-lifetime
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>lease-split valid-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>lease-split valid-lifetime)
[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay>lease-split valid-lifetime)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>lease-split valid-lifetime)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay lease-split valid-lifetime
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay lease-split valid-lifetime
configure service ies subscriber-interface ipv6 dhcp6 relay lease-split valid-lifetime
configure service vprn subscriber-interface ipv6 dhcp6 relay lease-split valid-lifetime
Description
This command configures the DHCPv6 lease split valid lifetime (short lease time). DHCPv6 lease split is active when enabled and for all IA_NA and IA_PD options in the transaction the configured lease split valid lifetime (short lease time) is less than or equal to the renew time T1 committed by the server (long renew time) or 50 percent of the preferred lifetime committed by the server when T1 committed by the server equals zero.
The no form of this command reverts to the default value.
Default
valid-lifetime hrs 1
Parameters
- [days days] [hrs hours] [min minutes] [sec seconds]
-
Specifies the valid lifetime values
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
valid-lifetime
Syntax
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
valid-lifetime infinite
no valid-lifetime
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server valid-lifetime)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ipv6-lease-times valid-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server valid-lifetime)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ipv6-lease-times valid-lifetime)
Full Context
configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server valid-lifetime
configure subscriber-mgmt local-user-db ipoe host ipv6-lease-times valid-lifetime
configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server valid-lifetime
configure subscriber-mgmt local-user-db ppp host ipv6-lease-times valid-lifetime
Description
This command configured valid-lifetime for DHCPv6 lease (address/prefix).
The valid lifetime is the length of time an address/prefix remains in the valid state (for example, the time until invalidation). The valid lifetime must be greater than or equal to the preferred lifetime. When the valid lifetime expires, the address/prefix becomes invalid and must not be used in communications. RFC 2461, sec 6.2.1 recommends default value of 30 days.
Each address/prefix assigned to the client has associated preferred and valid lifetimes specified by the address assignment authority (DHCP server, RADIUS, ESM). To request an extension of the lifetimes assigned to an address, the client sends a Renew message to the addressing authority. The addressing authority sends a Reply message to the client with the new lifetimes, allowing the client to continue to use the address/prefix without interruption.
The lifetimes are transmitted from the addressing authority to the client in the IA option on the top level (not the address or prefix level).
The no form of this command reverts to the default.
Default
valid-lifetime days 1
Parameters
- infinite
-
Specifies that the valid lifetime is infinite.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
valid-lifetime
Syntax
valid-lifetime infinite
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
no valid-lifetime
Context
[Tree] (config>service>vprn>dhcp6>local-dhcp-server>pool>prefix valid-lifetime)
[Tree] (config>router>dhcp6>server>pool>prefix valid-lifetime)
Full Context
configure service vprn dhcp6 local-dhcp-server pool prefix valid-lifetime
configure router dhcp6 local-dhcp-server pool prefix valid-lifetime
Description
This command configures the valid lifetime for the IPv6 prefix or address in the option.
The no form of this command reverts to the default.
Default
valid-lifetime days 1
Parameters
- infinite
-
Sets the valid lifetime to infinite value.
- valid-lifetime
-
Specifies the valid lifetime
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
valid-lifetime
Syntax
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
no valid-lifetime
Context
[Tree] (config>router>dhcp6>server>defaults valid-lifetime)
Full Context
configure router dhcp6 local-dhcp-server defaults valid-lifetime
Description
This command configures the valid lifetime.
The no form of this command reverts to the default.
Default
valid-lifetime days 1
Parameters
- valid-lifetime
-
Specifies the valid lifetime for a prefix to remain valid.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
valid-lifetime
Syntax
valid-lifetime seconds
valid-lifetime infinite
no valid-lifetime
Context
[Tree] (config>subscr-mgmt>rtr-adv>pfx-opt>stateful valid-lifetime)
[Tree] (config>subscr-mgmt>rtr-adv>pfx-opt>stateless valid-lifetime)
Full Context
configure subscriber-mgmt router-advertisement-policy prefix-options stateful valid-lifetime
configure subscriber-mgmt router-advertisement-policy prefix-options stateless valid-lifetime
Description
This command specifies the time for this prefix to remain valid.
The no form of this command reverts to the default.
Default
valid-lifetime 86400
Parameters
- seconds
-
Specifies the time, in seconds, for the prefix to remain preferred.
- infinite
-
Specifies that the time never expires.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
valid-lifetime
Syntax
valid-lifetime seconds
valid-lifetime infinite
no valid-lifetime
Context
[Tree] (config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix valid-lifetime)
Full Context
configure service ies interface ipv6 dhcp6-server prefix-delegation prefix valid-lifetime
Description
This command configures the time, in seconds, that the prefix is valid.
The no form of this command reverts to the default value.
Default
valid-lifetime 2592000 (30 days)
Parameters
- seconds
-
Specifies the time, in seconds, that this prefix remains valid.
- infinite
-
Specifies that this prefix remains valid infinitely. The value 4294967295 is interpreted as infinite.
Platforms
All
valid-lifetime
Syntax
valid-lifetime seconds
valid-lifetime infinite
no valid-lifetime
Context
[Tree] (config>service>ies>sub-if>ipv6>rtr-adv>pfx-opt valid-lifetime)
[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv>pfx-opt valid-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt valid-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv>pfx-opt valid-lifetime)
Full Context
configure service ies subscriber-interface ipv6 router-advertisements prefix-options valid-lifetime
configure service vprn subscriber-interface ipv6 router-advertisements prefix-options valid-lifetime
configure service ies subscriber-interface group-interface ipv6 router-advertisements prefix-options valid-lifetime
configure service vprn subscriber-interface group-interface ipv6 router-advertisements prefix-options valid-lifetime
Description
This command specifies the remaining time for this prefix to be valid for the purpose of on-link determination.
The no form of this command reverts to the default.
Default
valid-lifetime 86400
Parameters
- seconds
-
Specifies the time for the prefix to remain valid on this interface in seconds.
- infinite
-
Specifies that the remaining time will never expire. The value 4294967295 is interpreted as infinite.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
valid-lifetime
Syntax
valid-lifetime {seconds | infinite}
Context
[Tree] (config>service>vprn>router-advert>if valid-lifetime)
Full Context
configure service vprn router-advert interface valid-lifetime
Description
This command specifies the length of time in seconds that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity.
The address generated from an invalidated prefix should not appear as the destination or source address of a packet.
Default
valid-lifetime 2592000
Parameters
- seconds
-
Specifies the remaining length of time in seconds that this prefix will continue to be valid.
- infinite
-
Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity.
valid-lifetime
Syntax
valid-lifetime {seconds | infinite}
no valid-lifetime
Context
[Tree] (config>router>router-advert>if>prefix valid-lifetime)
Full Context
configure router router-advertisement interface prefix valid-lifetime
Description
This command specifies the length of time in seconds that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity.
The address generated from an invalidated prefix should not appear as the destination or source address of a packet.
Default
valid-lifetime 2592000
Parameters
- seconds
-
Specifies the remaining length of time in seconds that this prefix will continue to be valid.
- infinite
-
Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity.
Platforms
All
validate
validate
Syntax
validate [file-url]
Context
[Tree] (admin>system>license validate)
Full Context
admin system license validate
Description
This command performs a validation on the license file pointed to by the command line argument. A validation ensures that the license is compatible with the current state of the target system but it does not change the existing license. Aspects that can cause a failure in the validation include:
-
The license file was created for a different target system. The UUID encoded into the file must match that defined by the specific hardware platform.
-
The license file does not include license information for the release of software currently running on the system.
-
The current date/time reported to system is outside the validity period encoded in the license.
-
The system is currently using a hardware upgrade license that is not included in the new file being validated.
If the CLM tool is being used for license management, it shall perform the validation and activation and there is no need to enter these commands manually.
Parameters
- file-url
-
Specifies the file URL location to read the license file.
Platforms
All
validate
Syntax
[no] validate
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization validate)
Full Context
configure system security profile netconf base-op-authorization validate
Description
This command enables the NETCONF validate operation.
The no form of this command disables the operation.
Default
no validate
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
validate-dest-prefix
validate-dest-prefix
Syntax
validate-dest-prefix
no validate-dest-prefix
Context
[Tree] (config>service>vprn>bgp>flowspec validate-dest-prefix)
Full Context
configure service vprn bgp flowspec validate-dest-prefix
Description
This command enables or disables validation of received IPv4 and IPv6 FlowSpec routes that contain a destination-prefix subcomponent.
A FlowSpec route with a destination-prefix subcomponent is considered invalid if both of the following are true:
-
it was originated outside the local AS of the receiving BGP router
-
the neighbor AS of the FlowSpec route does not match the neighbor AS of the best match BGP (unicast) route for the destination prefix or the neighbor AS of any longer match BGP (unicast) route for the destination prefix
An invalid route is retained in the BGP but it is not used for filtering traffic or propagated to other BGP routers.
The no form of this command disables the validation procedure based on destination-prefix.
Default
no validate-dest-prefix
Platforms
All
validate-dest-prefix
Syntax
[no] validate-dest-prefix
Context
[Tree] (config>router>bgp>flowspec validate-dest-prefix)
Full Context
configure router bgp flowspec validate-dest-prefix
Description
This command enables or disables validation of received IPv4 and IPv6 FlowSpec routes that contain a destination-prefix subcomponent.
A FlowSpec route with a destination-prefix subcomponent is considered invalid if both of the following are true:
-
it was originated outside the local AS of the receiving BGP router
-
the neighbor AS of the FlowSpec route does not match the neighbor AS of the best match BGP (unicast) route for the destination prefix or the neighbor AS of any longer match BGP (unicast) route for the destination prefix
An invalid route is retained in the BGP but it is not used for filtering traffic or propagated to other BGP routers.
The no form of this command disables the validation procedure based on destination-prefix.
Default
no validate-dest-prefix
Platforms
All
validate-gtp-tunnels
validate-gtp-tunnels
Syntax
validate-gtp-tunnels direction direction [create]
no validate-gtp-tunnels direction direction
Context
[Tree] (config>app-assure>group>statistics>tca>gtp-filter validate-gtp-tunnels)
Full Context
configure application-assurance group statistics threshold-crossing-alert gtp-filter validate-gtp-tunnels
Description
This command configures a TCA for the counter capturing drops due to the validation of GTP tunnel check. A validate-gtp-tunnels drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a validate-gtp-tunnels TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
validate-gtp-tunnels
Syntax
[no] validate-gtp-tunnels
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr>gtp-tunnel-database validate-gtp-tunnels)
Full Context
configure application-assurance group gtp gtp-filter gtp-tunnel-database validate-gtp-tunnels
Description
This command configures GTP tunnel validation. This allows for validation of TEIDs and is a prerequisite for sequence checking and UE IP address validation. This command applies only when AA GTP FW is deployed on S8/S5/Gp/Gn interfaces.
The gtpc-inspection command must be enabled before using this command.
The no form of this command disables GTP tunnel validation.
Default
no validate-gtp-tunnels
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
validate-next-hop
validate-next-hop
Syntax
[no] validate-next-hop
Context
[Tree] (config>service>vprn>static-route-entry>next-hop validate-next-hop)
Full Context
configure service vprn static-route-entry next-hop validate-next-hop
Description
This optional command tracks the state of the next hop in the IPv4 ARP cache or IPv6 Neighbor Cache. When the next hop is not reachable and is removed from the ARP or Neighbor Cache, the next hop will no longer be considered valid and the associated static route state removed from the active route-table.
When the next hop is reachable again and present in the ARP/Neighbor Cache, the static route is considered valid and is subject to being placed into the active route-table.
Default
no validate-next-hop
Platforms
All
validate-next-hop
Syntax
[no] validate-next-hop
Context
[Tree] (config>router>static-route-entry>next-hop validate-next-hop)
Full Context
configure router static-route-entry next-hop validate-next-hop
Description
This optional command tracks the state of the next-hop in the IPv4 ARP cache or IPv6 Neighbor Cache. When the next-hop is not reachable and is removed from the ARP or Neighbor Cache, the next-hop will no longer be considered valid and the associated static-route state removed from the active route-table.
When the next-hop is reachable again and present in the ARP/Neighbor Cache, the static route is considered valid and is subject to being placed into the active route-table.
Default
no validate-next-hop
Platforms
All
validate-redirect-ip
validate-redirect-ip
Syntax
validate-redirect-ip
no validate-redirect-ip
Context
[Tree] (config>service>vprn>bgp>flowspec validate-redirect-ip)
Full Context
configure service vprn bgp flowspec validate-redirect-ip
Description
This command enables procedures to validate the redirect-to-IPv4 action attached to FlowSpec-IPv4 routes received by the BGP instance.
The SR OS FlowSpec implementation supports the redirect-to-IPv4 action encoded as an IPv4-address-specific BGP extended community.
When this command is configured, a FlowSpec-IPv4 route is considered invalid and not installed as a filter rule if the FlowSpec-IPv4 route is deemed to have originated in a different AS than the IP route that resolves the redirection IPv4 address. The originating AS of a flow-spec route is determined from its AS path.
The no form of this command disables the check described above.
Default
no validate-redirect-ip
Platforms
All
validate-redirect-ip
Syntax
[no] validate-redirect-ip
Context
[Tree] (config>router>bgp>flowspec validate-redirect-ip)
Full Context
configure router bgp flowspec validate-redirect-ip
Description
This command enables procedures to validate the redirect-to-IPv4 action attached to FlowSpec IPv4 routes received by the BGP instance.
The SR OS FlowSpec implementation supports the redirect-to-IPv4 action encoded as an IPv4-address-specific BGP extended community.
When this command is configured, a FlowSpec IPv4 route is considered invalid and not installed as a filter rule if the FlowSpec IPv4 route is deemed to have originated in a different AS than the IP route that resolves the redirection IPv4 address. The originating AS of a FlowSpec route is determined from its AS path.
The no form of this command disables the check described above.
Default
no validate-redirect-ip
Platforms
All
validate-sequence-number
validate-sequence-number
Syntax
validate-sequence-number direction direction [create]
no validate-sequence-number direction direction
Context
[Tree] (config>app-assure>group>statistics>tca>gtp-filter validate-sequence-number)
Full Context
configure application-assurance group statistics threshold-crossing-alert gtp-filter validate-sequence-number
Description
This command configures a TCA for the counter capturing drops due to the GTP filter invalid GTP sequence number. A validate-sequence-number drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a validate-sequence-number TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
validate-sequence-number
Syntax
[no] validate-sequence-number
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr>gtp-tunnel-database validate-sequence-number)
Full Context
configure application-assurance group gtp gtp-filter gtp-tunnel-database validate-sequence-number
Description
This command configures GTP sequence number checking. GTP packets that fail the sequence number check are discarded.
The validate-gtp-tunnels command must be enabled before using this command.
The no form of this command disables GTP sequence number checking.
Default
no validate-sequence-number
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
validate-source-ip-addr
validate-source-ip-addr
Syntax
[no] validate-source-ip-addr
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr>gtp-tunnel-database validate-source-ip-addr)
Full Context
configure application-assurance group gtp gtp-filter gtp-tunnel-database validate-source-ip-addr
Description
This command configures the checking for spoofed or invalid UE IP addresses. Upstream GTP packets that contain invalid UE IP addresses are discarded. When a packet is dropped due to source-ip-address "invalid source IP add”, the statistics counter is updated.
The validate-gtp-tunnels command must be enabled before using this command.
The no form of this command disables the checking for spoofed or invalid UE IP addresses.
Default
no validate-source-ip-addr
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
validate-src-ip-addr
validate-src-ip-addr
Syntax
validate-src-ip-addr direction direction [create]
no validate-src-ip-addr direction direction
Context
[Tree] (config>app-assure>group>statistics>tca>gtp-filter validate-src-ip-addr)
Full Context
configure application-assurance group statistics threshold-crossing-alert gtp-filter validate-src-ip-addr
Description
This command configures a TCA for the counter capturing drops due to the GTP filter anti-spoofing of the UE IP address check. A validate-src-ip-addr drop TCA can be created for traffic generated from the subscriber side of AA (from-sub). The create keyword is mandatory when creating a validate-src-ip-addr TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
validity-time
validity-time
Syntax
validity-time seconds
no validity-time
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh>interim-c validity-time)
Full Context
configure subscriber-mgmt diameter-application-policy gy extended-failure-handling interim-credit validity-time
Description
This command configures the validity time for the interim credit allocated to rating groups of a Diameter Gy session when Extended Failure Handling (EFH) is active. When either the allocated interim credit is consumed or the validity time expires, a new attempt is made to establish a Diameter Gy session with the Online Charging Server (OCS).The validity time applies to all interim credit allocated via the config>subscr-mgmt>diam-appl-plcy application-policy-name>gy>extended-failure-handling>interim-credit>volume and config>subscr -mgmt>category-map category-map-name>category category-name>default-credit CLI commands.
A validity time value of 0 (zero) disables the validity time for the assigned interim credit.
The no form of this command resets the value to the default value.
Default
validity-time 1800
Parameters
- seconds
-
Specifies the validity time, in seconds, applicable to the interim credit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
value
value
Syntax
value value
Context
[Tree] (config>service>system>bgp-evpn>eth-seg>service-carving>manual>preference value)
Full Context
configure service system bgp-evpn ethernet-segment service-carving manual preference value
Description
This command modifies the default preference value used for the PE in the ES. An ES shutdown is not required to modify this value during maintenance operations.
Default
value 32767
Parameters
- value
-
Determines the preference value used in the preference-based DF election algorithm.
Platforms
All
value
Syntax
value function-value
no value
Context
[Tree] (conf>router>segment-routing>srv6>ms-locator>un value)
Full Context
configure router segment-routing segment-routing-v6 micro-segment-locator un value
Description
This command configures the function value for uN. This draws the Nth value (where N = function-value) of the global micro-SID range (0 excluded) to form a unique uN micro SID. The configured value must be a unique network-wide permicro-SID block.
Parameters
- function-value
-
Specifies the function value for uN.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
value
Syntax
[no] value value-name
Context
[Tree] (config>app-assure>group>policy>aso>char value)
Full Context
configure application-assurance group policy app-service-options characteristic value
Description
This command configures a characteristic value.
The no form of this command removes the value for the characteristic.
Parameters
- value-name
-
Specifies a string of up to 32 characters uniquely identifying this characteristic value.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
value
Syntax
value value
no value
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>pref-opt value)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>pref-opt value)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>pref-opt value)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection preference-option value
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection preference-option value
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection preference-option value
Description
This command configures the default preference option value. A DHCPv6 preference option with specified value is inserted in the DHCPv6 advertise message for DHCPv6 clients for which no per DHCPv6 server or per client-mac solicit delay or preference option value is configured.
The no form of this command removes the configuration.
Parameters
- value
-
Specifies the default preference option value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
value
Syntax
value value
no value
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>clnt-mac>pref-opt value)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>clnt-mac>pref-opt value)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>clnt-mac>pref-opt value)
Full Context
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option value
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option value
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option value
Description
This command configures the preference option value for DHCPv6 clients with an odd or an even source MAC address. A DHCPv6 preference option with specified value is inserted in the DHCPv6 advertise message for these DHCPv6 clients.
The no form of this command removes the configuration.
Parameters
- value
-
Specifies the preference option value for DHCPv6 clients with an odd or an even source MAC address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
value
Syntax
value value
no value
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>srvr>pref-opt value)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>srvr>pref-opt value)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>srvr>pref-opt value)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server preference-option value
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server preference-option value
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection server preference-option value
Description
This command configures the preference option value. A DHCPv6 preference option with specified value is inserted in the DHCPv6 advertise message from the server.
The no form of this command removes the configuration.
Parameters
- value
-
Specifies the preference option value for DHCPv6 advertise messages from the server.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vas-filter
vas-filter
Syntax
vas-filter name [create]
no vas-filter name
Context
[Tree] (config>subscr-mgmt>isa-svc-chain vas-filter)
Full Context
configure subscriber-mgmt isa-service-chaining vas-filter
Description
This command configures a Value Added Service filter.
The no form of this command removes the VAS filter name from the configuration.
Default
This command configures a value added service (VAS) filter that can be associated to an L2-aware NAT host, and is matched on the NAT ISA to select flows for a host that needs to be steered to remote value-added services.
Parameters
- name
-
Specifies a VAS filter name, up to 32 characters.
- create
-
Keyword used to create the VAS filter instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vas-if-type
vas-if-type
Syntax
vas-if-type {to-from-access | to-from-network | to-from-both}
no vas-if-type
Context
[Tree] (config>service>ies>if vas-if-type)
Full Context
configure service ies interface vas-if-type
Description
This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.
The no form of this command removes the VAS interface type configuration.
Default
no vas-if-type
Parameters
- to-from-access
-
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from access interfaces (upstream) is redirected to a PBR target reachable over this interface for upstream VAS processing. Downstream traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
- to-from-network
-
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from network interfaces (downstream) is redirected to a PBR target reachable over this interface for downstream VAS processing. Upstream traffic after VAS processing must arrive on this interface, so that regular routing can be applied.
- to-from-both
-
Used when a single interface is used for VAS connectivity (no local-to-local traffic). For service chaining, both traffic arriving from access interfaces and from network interfaces is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing. Traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
Platforms
All
vas-if-type
Syntax
vas-if-type {to-from-access | to-from-network | to-from-both}
no vas-if-type
Context
[Tree] (config>service>vprn>if vas-if-type)
Full Context
configure service vprn interface vas-if-type
Description
This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.
The no form of this command removes the VAS interface type configuration.
Default
no vas-if-type
Parameters
- to-from-access
-
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from access interfaces (upstream) is redirected to a PBR target reachable over this interface for upstream VAS processing. Downstream traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
- to-from-network
-
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from network interfaces (downstream) is redirected to a PBR target reachable over this interface for downstream VAS processing. Upstream traffic after VAS processing must arrive on this interface, so that regular routing can be applied.
- to-from-both
-
Used when a single interface is used for VAS connectivity (no local-to-local traffic). For service chaining, both traffic arriving from access and from network is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing. Traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
Platforms
All
vas-if-type
Syntax
vas-if-type {to-from-access | to-from-network | to-from-both}
no vas-if-type
Context
[Tree] (config>router>if vas-if-type)
Full Context
configure router interface vas-if-type
Description
This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.
The no form of this command removes the VAS interface type configuration.
Default
no vas-if-type
Parameters
- to-from-access
-
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from access interfaces (upstream) is redirected to a PBR target reachable over this interface for upstream VAS processing. Downstream traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
- to-from-network
-
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from network interfaces (downstream) is redirected to a PBR target reachable over this interface for downstream VAS processing. Upstream traffic after VAS processing must arrive on this interface, so that regular routing can be applied.
- to-from-both
-
Used when a single interface is used for VAS connectivity (no local-to-local traffic). For service chaining, both traffic arriving from access interfaces and from network interfaces is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing. Traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor to egress subscriber PBR.
Platforms
All
vc-id
vc-id
Syntax
vc-id vc-id
no vc-id
Context
[Tree] (config>service>vpls>sap>l2tpv3-session vc-id)
[Tree] (config>service>epipe>sap>l2tpv3-session vc-id)
Full Context
configure service vpls sap l2tpv3-session vc-id
configure service epipe sap l2tpv3-session vc-id
Description
This command specifies the VC-ID for the L2TPv3 session.
The no form of this command deletes the VC-ID configuration.
Parameters
- vc-id
-
Specifies the VC-ID, up to 64 characters.
Platforms
All
vc-id-range
vc-id-range
Syntax
vc-id-range from [to vc-id]
no vc-id-range from
Context
[Tree] (config>service>system>bgp-evpn>ethernet-segment vc-id-range)
Full Context
configure service system bgp-evpn ethernet-segment vc-id-range
Description
This command determines the VC-IDs associated with the virtual Ethernet Segment on a specific SDP based on the following considerations:
-
VC-IDs for manual spoke-SDP and BGP-AD are included in the range.
-
Th mesh-sdp VC-IDs are not allowed on a SDP used by a virtual ES.
-
A maximum of 8 ranges are allowed.
-
A range can be comprised of a single VC-ID.
-
A vc-id-range can be comprised of a single VC-ID.
-
Shutting down the ES is not required prior to making changes.
The no form of the command removes the configured range. Only the first VC-ID value is required to remove the range.
Parameters
- vc-id
-
Specifies the VC-ID. When configuring a range of VC-IDs (and not a single value), the value of the second VC-ID must be greater than the first VC-ID.
Platforms
All
vc-label
vc-label
Syntax
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context
[Tree] (config>service>vprn>red-if>spoke-sdp>egress vc-label)
[Tree] (config>service>vprn>if>spoke-sdp>egress vc-label)
Full Context
configure service vprn redundant-interface spoke-sdp egress vc-label
configure service vprn interface spoke-sdp egress vc-label
Description
This command configures the egress VC label.
Parameters
- vc-label
-
A VC egress value that indicates a specific connection.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn redundant-interface spoke-sdp egress vc-label
All
- configure service vprn interface spoke-sdp egress vc-label
vc-label
Syntax
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context
[Tree] (config>service>vprn>if>spoke-sdp>ingress vc-label)
[Tree] (config>service>vprn>red-if>spoke-sdp>ingress vc-label)
Full Context
configure service vprn interface spoke-sdp ingress vc-label
configure service vprn redundant-interface spoke-sdp ingress vc-label
Description
This command configures the ingress VC label.
Parameters
- vc-label
-
A VC ingress value that indicates a specific connection.
Platforms
All
- configure service vprn interface spoke-sdp ingress vc-label
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn redundant-interface spoke-sdp ingress vc-label
vc-label
Syntax
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context
[Tree] (config>service>vpls>spoke-sdp>egress vc-label)
[Tree] (config>service>ies>red-if>spoke-sdp>egress vc-label)
[Tree] (config>service>ies>if>spoke-sdp>egress vc-label)
[Tree] (config>service>vpls>mesh-sdp>egress vc-label)
Full Context
configure service vpls spoke-sdp egress vc-label
configure service ies redundant-interface spoke-sdp egress vc-label
configure service ies interface spoke-sdp egress vc-label
configure service vpls mesh-sdp egress vc-label
Description
This command configures the static MPLS VC label used by this device to send packets to the far-end device in this service via this SDP.
Parameters
- egress-vc-label
-
Specifies a VC egress value that indicates a specific connection.
Platforms
All
- configure service vpls mesh-sdp egress vc-label
- configure service vpls spoke-sdp egress vc-label
- configure service ies interface spoke-sdp egress vc-label
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies redundant-interface spoke-sdp egress vc-label
vc-label
Syntax
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context
[Tree] (config>service>ies>red-if>spoke-sdp>ingress vc-label)
[Tree] (config>service>vpls>mesh-sdp>ingress vc-label)
[Tree] (config>service>vpls>spoke-sdp>ingress vc-label)
[Tree] (config>service>ies>if>spoke-sdp>ingress vc-label)
Full Context
configure service ies redundant-interface spoke-sdp ingress vc-label
configure service vpls mesh-sdp ingress vc-label
configure service vpls spoke-sdp ingress vc-label
configure service ies interface spoke-sdp ingress vc-label
Description
This command configures the static MPLS VC label used by the far-end device to send packets to this device in this service via this SDP.
Parameters
- ingress-vc-label
-
A VC ingress value that indicates a specific connection.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies redundant-interface spoke-sdp ingress vc-label
All
- configure service vpls spoke-sdp ingress vc-label
- configure service ies interface spoke-sdp ingress vc-label
- configure service vpls mesh-sdp ingress vc-label
vc-label
Syntax
[no] vc-label egress-vc-label | ingress-vc-label
Context
[Tree] (config>service>ipipe>spoke-sdp>ingress vc-label)
[Tree] (config>service>ipipe>spoke-sdp>egress vc-label)
[Tree] (config>service>fpipe>spoke-sdp>egress vc-label)
[Tree] (config>service>apipe>spoke-sdp>egress vc-label)
[Tree] (config>service>apipe>spoke-sdp>ingress vc-label)
[Tree] (config>service>fpipe>spoke-sdp>ingress vc-label)
[Tree] (config>service>cpipe>spoke-sdp>ingress vc-label)
[Tree] (config>service>cpipe>spoke-sdp>egress vc-label)
Full Context
configure service ipipe spoke-sdp ingress vc-label
configure service ipipe spoke-sdp egress vc-label
configure service fpipe spoke-sdp egress vc-label
configure service apipe spoke-sdp egress vc-label
configure service apipe spoke-sdp ingress vc-label
configure service fpipe spoke-sdp ingress vc-label
configure service cpipe spoke-sdp ingress vc-label
configure service cpipe spoke-sdp egress vc-label
Description
This command configures the egress and ingress VC label.
The actual maximum value that can be configured is limited by the config>router>mpls-labels>static-label-range command.
Parameters
- vc-label
-
A VC egress value that indicates a specific connection.
Platforms
All
- configure service ipipe spoke-sdp ingress vc-label
- configure service ipipe spoke-sdp egress vc-label
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe spoke-sdp egress vc-label
- configure service fpipe spoke-sdp egress vc-label
- configure service fpipe spoke-sdp ingress vc-label
- configure service cpipe spoke-sdp ingress vc-label
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, 7950 XRS
- configure service apipe spoke-sdp ingress vc-label
- configure service apipe spoke-sdp egress vc-label
vc-label
Syntax
vc-label vc-label
no vc-label [vc-label]
Context
[Tree] (config>service>ies>aarp-interface>spoke-sdp>ingress vc-label)
[Tree] (config>service>ies>aarp-interface>spoke-sdp>egress vc-label)
Full Context
configure service ies aarp-interface spoke-sdp ingress vc-label
configure service ies aarp-interface spoke-sdp egress vc-label
Description
This command configures the egress and ingress VC label.
The no version of this command removes the VC label.
Parameters
- vc-label
-
Specifies a VC egress value that indicates a specific connection.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vc-label
Syntax
vc-label vc-label
no vc-label [vc-label]
Context
[Tree] (config>service>vprn>aarp-interface>spoke-sdp>egress vc-label)
[Tree] (config>service>vprn>aarp-interface>spoke-sdp>ingress vc-label)
Full Context
configure service vprn aarp-interface spoke-sdp egress vc-label
configure service vprn aarp-interface spoke-sdp ingress vc-label
Description
This command configures the egress and ingress VC label.
The no version of this command removes the VC label.
Parameters
- vc-label
-
A VC egress value that indicates a specific connection.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vc-label
Syntax
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>egress vc-label)
[Tree] (config>mirror>mirror-dest>spoke-sdp>egress vc-label)
Full Context
configure mirror mirror-dest remote-source spoke-sdp egress vc-label
configure mirror mirror-dest spoke-sdp egress vc-label
Description
This command configures the spoke SDP egress VC label.
The no form of this command removes the egress VC label value from the configuration.
Parameters
- egress-vc-label
-
Specifies a VC egress value that indicates a specific connection.
Platforms
All
vc-label
Syntax
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>ingress vc-label)
[Tree] (config>service>vprn>ipmirrorif>spoke-sdp vc-label)
[Tree] (config>mirror>mirror-dest>spoke-sdp>ingress vc-label)
Full Context
configure mirror mirror-dest remote-source spoke-sdp ingress vc-label
configure service vprn ipmirrorif spoke-sdp vc-label
configure mirror mirror-dest spoke-sdp ingress vc-label
Description
This command configures the spoke SDP ingress VC label.
Parameters
- vc-label
-
Specifies the VC ingress value that indicates a specific connection.
Platforms
All
- configure mirror mirror-dest remote-source spoke-sdp ingress vc-label
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure mirror mirror-dest spoke-sdp ingress vc-label
vc-label
Syntax
vc-label vc-label
no vc-label
Context
[Tree] (config>service>sdp>binding>pw-port>egress vc-label)
Full Context
configure service sdp binding pw-port egress vc-label
Description
This command configures the egress VC label for the PW representing the PW-port.
Default
no vc-label
Parameters
- vc-label
-
Specifies the VC egress value that indicates a specific connection.
Platforms
All
vc-label
Syntax
vc-label ingress-vc-label
no vc-label
Context
[Tree] (config>service>sdp>binding>pw-port>ingress vc-label)
Full Context
configure service sdp binding pw-port ingress vc-label
Description
This command configures the ingress VC label used for the PW representing the PW port.
Note that the maximum value of the vc-label that may be configured is limited by the config>router>mpls-labels>static-label-range command.
Default
no vc-label
Parameters
- vc-label
-
Specifies a VC ingress value that indicates a specific connection.
Platforms
All
vc-type
vc-type
Syntax
vc-type {ether | vlan}
no vc-type
Context
[Tree] (config>service>sdp>binding>pw-port vc-type)
Full Context
configure service sdp binding pw-port vc-type
Description
This command sets the forwarding mode for the pseudowire port. The vc-type is signaled to the peer, and must be configured consistently on both ends of the pseudowire. vc-type VLAN is only configurable with dot1q encapsulation on the pseudowire port. The tag with vc-type vlan only has significance for transport, and is not used for service delineation or ESM. The top (provider tag) is stripped while forwarding out of the pseudowire, and a configured vlan-tag (for vc-type vlan) is inserted when forwarding into the pseudowire. With vc-type ether, the tags if present (max 2), are transparently preserved when forwarding in our out of the pseudowire.
The no form of the command reverts to the default value.
Default
vc-type ether
Parameters
- ether
-
Specifies ether as the virtual circuit (VC) associated with the SDP binding.
- vlan
-
Specifies vlan as the virtual circuit (VC) associated with the SDP binding.
Platforms
All
vc-type
Syntax
vc-type {ether | vlan}
Context
[Tree] (config>service>pw-template vc-type)
Full Context
configure service pw-template vc-type
Description
This command overrides the default VC type signaled for the binding to the far end SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled. VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.
-
The VC type value for Ethernet is 0x0005.
-
The VC type value for an Ethernet VLAN is 0x0004.
Parameters
- ether
-
Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke SDP binding. (hex 5)
- vlan
-
Defines the VC type as VLAN. The top VLAN tag, if a VLAN tag is present, is stripped from traffic received on the pseudowire, and a vlan-tag is inserted when forwarding into the pseudowire. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings.
Note:The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.
Platforms
All
vccv-ping
vccv-ping
Syntax
vccv-ping sdp-id:vc-id [reply-mode [ ip-routed | control-channel] [src-ip-address ip-addr dst-ip-address ip-addr pw-id pw-id] [target-fec-type static-pw-fec agi attachment-group-identifier pw-path-id-saii global-id:node-id:ac-id pw-path-id-taii global-id:node-id:ac-id]
vccv-ping saii-type2 global-id:prefix:ac-id taii-type2 global-id:prefix:ac-id [reply-mode [ip-routed | control-channel] [src-ip-address ip-addr dst-ip-address ip-addr]
vccv-ping spoke-sdp-fec spoke-sdp-fec-id [reply-mode [ip-routed | control-channel] [saii-type2 global-id:prefix:ac-id taii-type2 global-id:prefix:ac-id] [src-ip-address ip-addr dst-ip-address ip-addr]
vccv-ping static sdp-id:vc-id [assoc-channel [ipv4 | non-ip] [dest-global-id global-id dest-node-id node-id] [src-ip-address ip-addr] [target-fec-type pw-id-fec sender-src-address ip-addr remote-dst-address ip-addr pw-id pw-id pw-type pw-type]
NOTE: Options common to all vccv-ping cases: [count send-count] [fc fc-name [ profile {in | out}]] [interval interval] [size octets] [timeout timeout] [ ttl vc-label-ttl]
Context
[Tree] (config>saa>test>type vccv-ping)
[Tree] (oam vccv-ping)
Full Context
configure saa test type vccv-ping
oam vccv-ping
Description
This command configures a Virtual Circuit Connectivity Verification (VCCV) ping test. A vccv-ping test checks connectivity of a VLL inband. It checks to verify that the destination (target) PE is the egress for the Layer 2 FEC. It provides for a cross-check between the dataplane and the control plane. It is inband which means that the vccv-ping message is sent using the same encapsulation and along the same path as user packets in that VLL. The vccv-ping test is the equivalent of the lsp-ping test for a VLL service. The vccv-ping reuses an lsp-ping message format and can be used to test a VLL configured over both an MPLS and a GRE SDP.
Note that VCCV ping can be initiated on T-PE or S-PE. If initiated on the S-PE, the reply-mode parameter must be used with the ip-routed value The ping from the T-PE can have either values or can be omitted, in which case the default value is used.
If a VCCV ping is initiated from T-PE to neighboring a S-PE (one segment only), then it is sufficient to only use the spoke-sdp-fec-id parameter. However, if the ping is across two or more segments, at least the spoke-sdp-fec-id, src-ip-address ip-addr, dst-ip-address ip-addr, ttl vc-label-ttl parameters are used where:
-
The src-ip-address is system IP address of the router preceding the destination router.
-
The vc-label-ttl parameter must have a value equal or higher than the number of pseudowire segments.
Note that VCCV ping is a multi-segment pseudowire. For a single-hop pseudowire, only the peer VCCV CC bit of the control word is advertised when the control word is enabled on the pseudowire.
VCCV ping on multi-segment pseudowires require that the control word be enabled in all segments of the VLL. If the control word is not enabled on a spoke SDP, it is signaled peer VCCV CC bits to the far end, consequently the vccv-ping cannot be successfully initiated on that specific spoke SDP.
If the saii-type-2 and taii-type-2 parameters are specified by the user of this command for a FEC129 pseudowire, then these values are used by the vccv-ping echo request message instead of the saii and taii of the spoke-sdp indexed by the spoke-sdp-fec parameter, or any saii and taii received in a switching point TLV for the pseudowire. Furthermore, the user must enter the saii and taii in accordance with the direction of the pseudowire as seen from the node on which the vccv-ping command is executed. However, the values of the saii and taii sent in the echo request message are swapped with respect to the user-entered values to match the order in the installed FEC on the targeted node. The output of the command for FEC129 type 2 pseudowire reflects the order of the saii and taii stored on the targeted node.
This command, when used with the static option, configures a Virtual Circuit Connectivity Verification (VCCV) ping test for static MPLS-TP pseudowires used in a VLL service. It checks to verify that the destination (target) PE is the egress for the Static PW FEC. It provides for a cross-check between the dataplane and the configuration. The vccv-ping static command reuses an lsp-ping message format and can be used to test an MPLS-TP pseudowire VLL configured over an MPLS SDP. VCCV Ping for MPLS-TP pseudowires always uses the VCCV control word (associated channel header) with either an IPv4 channel type (0x0021) or on-demand CV message channel type (0x0025).
Note that vccv-ping static can only be initiated on a T-PE. Both the echo request and reply messages are send using the same, in-band, encapsulation. If the target-fec-type option is not specified, then the target FEC stack contains a static PW FEC TLV. The contents of this TLV are populated based on the source node ID, source global ID, and destination global ID and destination node ID in the vccv-ping command (or taken from the pseudowire context if omitted from the command).
The target-fec-type option allows the user to test a segment of a MS-PW that does not have the same FEC type as the local segment from the T-PE where the vccv-ping command is issued. This is applicable for performing VCCV ping on an MS-PW comprised of static PW FEC segments and dynamically signaled PW ID FEC segments.
The timestamp format to be sent, and to be expected when received in a PDU, is as configured by the config>test-oam>mpls-time-stamp-format command. If RFC 4379 (obsoleted by RFC 8029) is selected, then the timestamp is in seconds and microseconds since 1900, otherwise it is in seconds and microseconds since 1970.
Parameters
- sdp-id:vc-id
-
Specifies that if a FEC 128 PW is tested, then its VC ID must be indicated with this parameter. The VC ID needs to exist on the local router and the far-end peer needs to indicate that it supports VCCV to allow the user to send vccv-ping message.
- reply-mode {ip-routed | control-channel}
-
Indicates to the far end, the method to send the reply message. The option ip-routed indicates an out-of-band reply mode using the vccv control channel. The option control-channel indicates an in-band reply mode using the vccv control channel.
- src-ip-address ip-addr
-
Specifies the source IP address.
- dst-ip-address ip-addr
-
Specifies the destination IP address.
- src-ip-address ip-addr
-
Specifies the source IP address.
- pw-id
-
Specifies the pseudowire ID to be used for performing a VCCV ping operation. The pseudowire ID is a non-zero 32-bit connection ID required by the FEC 128, as defined in RFC 8029, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures.
- target-fec-type
-
Specifies the FEC type for a remote PW segment targeted by a VCCV Ping echo request. This parameter is used if VCCV Ping is used along a MS-PW where a static MPLS-TP PW segment using the static PW FEC is switched to a T-LDP signaled segment using the PW ID FEC (FEC128), or vice versa, thus requiring the user to explicitly specify a target FEC that is different from the local segment FEC.
- attachment-group-identifier
-
Specifies the attachment group identifier for the target FEC. This parameter is only valid in combination with the target-fec-type static-pw-fec.
- pw-path-id-saii global-id:node-id:ac-id
-
Specifies the SAII of the target FEC. This parameter is only valid in combination with the target-fec-type static-pw-fec.
global-id — Specifies the global ID of the SAII of the targeted static PW FEC element.
Values
0 to 4294967295
node-id — Specifies the node-id on far end T-PE that the pseudowire being tested is associated with.
Values
ipv4-formatted address: a.b.c.d
1 to 4294967295
ac-id — Specifies an unsigned integer representing a locally unique SAII for the pseudowire being tested at the far end T-PE.
Values
1 to 4294967295
- pw-path-id-taii global-id:node-id:ac-id
-
Specifies the SAII of the target FEC. This parameter is only valid in combination with the target-fec-type static-pw-fec.
global-id — Specifies the global ID of the SAII of the targeted static PW FEC element.
Values
0 to 4294967295
node-id — Specifies the node-id on far end T-PE that the pseudowire being tested is associated with.
Values
ipv4-formatted address: a.b.c.d
1 to 4294967295
ac-id — Specifies an unsigned integer representing a locally unique SAII for the pseudowire being tested at the far end T-PE.
Values
1 to 4294967295
- saii-type2 global-id:prefix:ac-id
-
Specifies that if a FEC129 AII Type 2 pseudowire is tested, then the source attachment individual identifier (SAII) must be indicated. The saii-type2 parameter is mutually exclusive with sdp-id:vc-id.
- taii-type2 global-id:prefix:ac-id
-
Specifies that if a FEC129 AII Type 2 pseudowire is tested, then the target attachment individual identifier (TAII) must be indicated. The taii-type2 parameter is mutually exclusive with sdp-id:vc-id.
global-id — Specifies the global ID of the far end T-PE of the FEC129 pseudowire.
Values
0 to 4294967295
Default
0
node-id — Specifies the node-id on far end T-PE that the pseudowire being tested is associated with.
Values
ipv4-formatted address: a.b.c.d
1 to 4294967295
ac-id — Specifies an unsigned integer representing a locally unique TAII for the pseudowire being tested at the far end T-PE.
Values
1 to 4294967295
- spoke-sdp-fec-id
-
Specifies that if a FEC 129 PW is tested, then its spoke-sdp-fec-id must be indicated with this parameter. The spoke-sdp-fec-id must already exist on the local router and the far-end peer must indicate that it supports VCCV to allow the user to send vccv-ping message.
spoke-sdp-fec is mutually exclusive with the sdp-id:vc-id parameter.
- assoc-channel {ipv4 | non-ip}
-
Specifies the associated channel encapsulation format to use for the VCCV ping echo request and echo reply packet for a PW that uses the static PW FEC. An associated channel type of ipv4 must be used if a vccv-ping is performed to a remote segment of a different FEC type.
- global-id
-
Specifies the MPLS-TP global ID for the far end node of the pseudowire under test. If this is not entered, then the dest-global-id is taken from the pseudowire context.
- node-id
-
Specifies the MPLS-TP node ID of the far end node for the pseudowire under test. If this is not entered, then the dest-global-id is taken from the pseudowire context.
- sender-src-address ip-addr
-
Specifies the 4-octet IPv4 address of the node originating the VCCV Ping echo request. This parameter is only valid in combination with the target-fec-type pw-id-fec.
- remote-dst-address ip-addr
-
Specifies the 4-octet IPv4 address of the far end node that is a target of the VCCV Ping echo request. This parameter is only valid in combination with the target-fec-type pw-id-fec.
- pw-type
-
Specifies the PW type value of the PW segment targeted on the far end node. This field must be included to populate the PW type field of the PW ID FEC in the FEC static TLV, when the far end FEC type is different form the local FEC type and the target-fec-type pw-id-fec.
- send-count
-
Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.
- fc-name
-
Specifies the fc parameter be used to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.
The LSP-EXP mappings on the receive network interface controls the mapping back to the internal forwarding class used by the far-end 7750 SR that receives the message request. The egress mappings of the egress network interface on the far-end router controls the forwarding class markings on the return reply message. The LSP-EXP mappings on the receive network interface controls the mapping of the message reply at the originating SR.
- profile {in | out}
-
Specifies the profile state of the MPLS echo request encapsulation.
- interval
-
Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.
If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.
- octets
-
Specifies the size, in octets, expressed as a decimal integer, of the MPLS echo request packet, including the IP header but not the label stack. The request pay-load is padded with zeros to the specified size. Note that an OAM command is not failed if the user entered a size lower than the minimum required to build the packet for the echo request message. The payload is automatically padded to meet the minimum size.
- timeout
-
Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of message time out, the requesting router assumes that the message response is not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.
- vc-label-ttl
-
Specifies the time-to-live value for the vc-label of the echo request message. The outer label TTL is still set to the default of 255 regardless of this value.
Platforms
All
Output
The following output is an example of VCCV ping information.
Sample OutputPing TPE to SPE on a LDP/GRE tunnel
===================================
*A:Dut-B# oam vccv-ping 3:1
VCCV-PING 3:1 88 bytes MPLS payload
Seq=1, send from intf toSPE1-D-8 to NH 12.1.8.2
reply from 4.4.4.4 via Control Channel
udp-data-len=56 rtt=0.689ms rc=8 (DSRtrMatchLabel)
---- VCCV PING 3:1 Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 0.689ms, avg = 0.689ms, max = 0.689ms, stddev = 0.000ms
Ping TPE to SPE on a RSVP tunnel
================================
A:Dut-C# oam vccv-ping 5:1
VCCV-PING 5:1 88 bytes MPLS payload
Seq=1, send from intf toSPE2-E-5 to NH 12.3.5.1
send from lsp toSPE2-E-5
reply from 5.5.5.5 via Control Channel
udp-data-len=56 rtt=1.50ms rc=8 (DSRtrMatchLabel)
---- VCCV PING 5:1 Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 1.50ms, avg = 1.50ms, max = 1.50ms, stddev = 0.000ms
Ping TPE to TPE over multisegment pseudowire
============================================
*A:Dut-C# oam vccv-ping 5:1 src-ip-address 4.4.4.4 dst-ip-address 2.2.2.2 pw-
id 1 ttl 3
VCCV-PING 5:1 88 bytes MPLS payload
Seq=1, send from intf toSPE2-E-5 to NH 12.3.5.1
send from lsp toSPE2-E-5
reply from 2.2.2.2 via Control Channel
udp-data-len=32 rtt=2.50ms rc=3 (EgressRtr)
---- VCCV PING 5:1 Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 2.50ms, avg = 2.50ms, max = 2.50ms, stddev = 0.000ms
Ping SPE to TPE (over LDP tunnel)
==================================
Single segment:
---------------
*A:Dut-D# oam vccv-ping 3:1 reply-mode ip-routed
VCCV-PING 3:1 88 bytes MPLS payload
Seq=1, send from intf toTPE1-B-8 to NH 12.1.8.1
reply from 2.2.2.2 via IP
udp-data-len=32 rtt=1.66ms rc=3 (EgressRtr)
---- VCCV PING 3:1 Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 1.66ms, avg = 1.66ms, max = 1.66ms, stddev = 0.000ms
Multisegment:
-------------
*A:Dut-D>config>router# oam vccv-ping 4:200 src-ip-address 5.5.5.5 dst-ip-
address 3.3.3.3 pw-id 1 ttl 2 reply-mode ip-routed
VCCV-PING 4:200 88 bytes MPLS payload
Seq=1, send from intf toSPE2-E-5 to NH 12.2.5.2
reply from 3.3.3.3 via IP
udp-data-len=32 rtt=3.76ms rc=3 (EgressRtr)
---- VCCV PING 4:200 Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 3.76ms, avg = 3.76ms, max = 3.76ms, stddev = 0.000ms
Ping SPE to SPE
===============
*A:Dut-D# oam vccv-ping 4:200 reply-mode ip-routed
VCCV-PING 4:200 88 bytes MPLS payload
Seq=1, send from intf toSPE2-E-5 to NH 12.2.5.2
reply from 5.5.5.5 via IP
udp-data-len=56 rtt=1.77ms rc=8 (DSRtrMatchLabel)
---- VCCV PING 4:200 Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 1.77ms, avg = 1.77ms, max = 1.77ms, stddev = 0.000ms
vccv-trace
vccv-trace
Syntax
vccv-trace sdp-id:vc-id [reply-mode { ip-routed | control-channel] [target-fec-type static-pw-fec agi attachment-group-identifier pw-path-id-saii global-id:node-id:ac-id pw-path-id-taii global-id:node-id:ac-id]
vccv-trace saii-type2 global-id:prefix:ac-id taii-type2 global-id:prefix:ac-id [reply-mode {ip-routed | control-channel}]
vccv-trace spoke-sdp-fec spoke-sdp-fec-id [reply-mode {ip-routed | control-channel}] [saii-type2 global-id:prefix:ac-id taii-type2 global-id:prefix:ac-id]
vccv-trace static sdp-id:vc-id [assoc-channel {ipv4 | non-ip}] [src-ip-address ipv4-address] [target-fec-type pw-id-fec sender-src-address ipv4-address remote-dst-address ipv4-address pw-id pw-id pw-type pw-type]
NOTE: Options common to all vccv-trace cases: [fc fc-name [profile {in | out]] [interval interval-value] [max-fail no-response-count] [max-ttl max-vc-label-ttl] [min-ttl min-vc-label-ttl] [probe-count probe-count] [size octets] [timeout timeout-value]
Context
[Tree] (oam vccv-trace)
[Tree] (config>saa>test>type vccv-trace)
Full Context
oam vccv-trace
configure saa test type vccv-trace
Description
This command configures a Virtual Circuit Connectivity Verification (VCCV) automated trace test. The automated VCCV-trace can trace the entire path of a PW with a single command issued at the T-PE or at an S-PE. This is equivalent to LSP-Trace and is an iterative process by which the source T-PE or S-PE node sends successive VCCV-Ping messages with incrementing the TTL value, starting from TTL=1. In each iteration, the T-PE builds the MPLS echo request message in a way like VCCV-Ping. The first message with TTL=1 has the next-hop S-PE T-LDP session source address in the Remote PE Address field in the PW FEC TLV. Each S-PE which terminates and processes the message includes in the MPLS echo reply message the FEC 128 TLV corresponding the PW segment to its downstream node. The source T-PE or S-PE node can then build the next echo reply message with TTL=2 to test the next-next hop for the MS-PW. It copies the FEC TLV it received in the echo reply message into the new echo request message. The process is terminated when the reply is from the egress T-PE or when a time out occurs.
The user can specify to display the result of the VCCV-trace for a fewer number of PW segments of the end-to-end MS-PW path. In this case, the min-ttl and max-ttl parameters are configured accordingly. However, the T-PE/S-PE node still probes all hops up to min-ttl to correctly build the FEC of the desired subset of segments.
Note that if the saii-type-2 and taii-type-2 parameters are specified this command for a FEC129 pseudowire, then these values are used by the vccv-ping echo request message instead of the saii and taii of the spoke SDP indexed by the spoke-sdp-fec parameter, or any saii and taii received in a switching point TLV for the pseudowire. Furthermore, the use must enter the saii and taii in accordance with the direction of pseudowire as seen from the node on which the vccv-trace command is executed. However, the values of the saii and taii sent in the echo request message are swapped with respect to the user-entered values to match the order in the installed FEC on the targeted node. The output of the command for a FEC129 type 2 pseudowire reflects the order of the saii and taii stored on the targeted node.
This command, when used with the static option, configures a VCCV-automated trace test for static MPLS-TP pseudowires used in a VLL service. VCCV trace for MPLS-TP pseudowires always uses the VCCV control word (associated channel header) with either an IPv4 channel type (0x0021) or on-demand CV message channel type (0x0025).
Note that vccv-trace static can only be initiated on a T-PE. Both the echo request and reply messages are send using the same, in-band, encapsulation. The target FEC stack contains a static PW FEC TLV. The contents of this TLV are populated based on the source Node ID, source global ID, and destination global ID and destination node ID taken from the pseudowire context.
The target-fec-type option allows the user to perform a vccv-trace to a segment of a MS-PW that does not have the same FEC type as the local segment from the T-PE where the vccv-trace command is issued. This is applicable for performing VCCV ping on an MS-PW comprised of static PW FEC segments and dynamically signaled PW ID FEC segments.
Parameters
- sdp-id:vc-id
-
Specifies that if a FEC 128 PW is being tested, then its VC ID must be indicated with this parameter. The VC ID needs to exist on the local router and the far-end peer needs to indicate that it supports VCCV to allow the user to send vccv-ping message.
- reply-mode {ip-routed | control-channel}
-
Indicates to the far end, the method to send the reply message. The option ip-routed indicates an out-of-band reply mode using the vccv control channel. The option control-channel indicates an in-band reply mode using the vccv control channel.
- target-fec-type
-
Specifies the FEC type for a remote PW segment targeted by a VCCV Ping echo request. This parameter is used if VCCV Ping is used along a MS-PW where a static MPLS-TP PW segment using the static PW FEC is switched to a T-LDP signaled segment using the PW ID FEC (FEC128), or vice versa, thus requiring the user to explicitly specify a target FEC that is different from the local segment FEC.
- attachment-group-identifier
-
Specifies the attachment group identifier for the target FEC. This parameter is only valid in combination with the target-fec-type static-pw-fec.
- pw-path-id-saii global-id:node-id:ac-id
-
Specifies the SAII of the target FEC. This parameter is only valid in combination with the target-fec-type static-pw-fec.
global-id — Specifies the global ID of the SAII of the targeted static PW FEC element.
Values
0 to 4294967295
Default
0
node-id — Specifies the node ID on far end T-PE that the pseudowire being tested is associated with.
Values
ipv4-formatted address: a.b.c.d
1 to 4294967295
ac-id — Specifies an unsigned integer representing a locally unique SAII for the pseudowire being tested at the far end T-PE.
Values
1 to 4294967295
- pw-path-id-taii global-id:node-id:ac-id
-
Specifies the SAII of the target FEC. This parameter is only valid in combination with the target-fec-type static-pw-fec.
global-id — Specifies the global ID of the SAII of the targeted static PW FEC element.
Values
0 to 4294967295
Default
0
node-id — Specifies the node ID of the far-end T-PE that the pseudowire being tested is associated with.
Values
ipv4-formatted address: a.b.c.d
1 to 4294967295
ac-id — Specifies an unsigned integer representing a locally unique SAII for the pseudowire being tested at the far end T-PE.
Values
1 to 4294967295
- saii-type2 global-id:prefix:ac-id
-
If a FEC129 AII Type 2 pseudowire is being tested, then the source attachment individual identifier (SAII) must be indicated.
The saii-type2 parameter is mutually exclusive with the sdp-id:vc-id parameter.
global-id — Specifies the global ID of this T-PE node.
Values
1 to 4294967295
prefix — Specifies the prefix on this T-PE node that the spoke SDP is associated with.
ac-id — Specifies an unsigned integer representing a locally unique identifier for the spoke SDP.
Values
1 to 4294967295
- taii-type2 global-id:prefix:ac-id
-
Specifies that if a FEC129 AII Type 2 pseudowire is being tested, then the target attachment individual identifier (TAII) must be indicated. The taii-type2 parameter is mutually exclusive with sdp-id:vc-id.
global-id — Specifies the global ID of the far end T-PE of the FEC129 pseudowire.
Values
0 to 4294967295
node-id — Specifies the node ID on far end T-PE that the pseudowire being tested is associated with.
Values
ipv4-formatted address: a.b.c.d
1 to 4294967295
ac-id — Specifies an unsigned integer representing a locally unique TAII for the pseudowire being tested at the far end T-PE.
Values
1 to 4294967295
- spoke-sdp-fec-id
-
Specifies that if a FEC 129 PW is being tested, then its spoke-sdp-fec-id must be indicated with this parameter. The spoke-sdp-fec-id needs to exist on the local router and the far-end peer needs to indicate that it supports VCCV to allow the user to send vccv-ping message.
spoke-sdp-fec is mutually exclusive with the sdp-id:vc-id parameter.
- assoc-channel {ipv4 | non-ip}
-
Specifies the associated channel encapsulation format to use for the VCCV trace echo request and echo reply packet for a PW that uses the static PW FEC. An associated channel type of ipv4 must be used if a vccv-ping is performed to a remote segment of a different FEC type.
- src-ip-address ipv4-address
-
Specifies the 4-octet IPv4 address of the source node.
- sender-src-address ipv4-address
-
Specifies the 4-octet IPv4 address of the node originating the VCCV trace.
- remote-dst-address ipv4-address
-
Specifies the 4-octet IPv4 address of the far end node that is a target of the VCCV Ping echo request. This parameter is only valid in combination with the target-fec-type pw-id-fec.
- pw-id
-
Specifies the pseudowire ID to be used for performing a VCCV ping operation. The pseudowire ID is a non-zero 32-bit connection ID required by the FEC 128, as defined in RFC 8029, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures.
- pw-type
-
Specifies the PW type of the PW segment targeted on the far end node. This field must be included to populate the PW type field of the PW ID FEC in the FEC static TLV, when the far end FEC type is different form the local FEC type and the target-fec-type is pw-id-fec.
- fc-name
-
Specifies the FC and profile parameters are used to indicate the forwarding class of the VCCV trace echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.
The LSP-EXP mappings on the receive network interface controls the mapping back to the internal forwarding class used by the far-end router that receives the message request. The egress mappings of the egress network interface on the far-end router controls the forwarding class markings on the return reply message. The LSP-EXP mappings on the receive network interface controls the mapping of the message reply at the originating router.
- profile {in | out}
-
Specifies the profile state of the VCCV trace echo request packet.
- interval-value
-
Specifies the interval parameter in seconds, expressed as a decimal integer. This parameter is used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.
If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.
- no-response-count
-
Specifies the maximum number of consecutive VCCV trace echo requests, expressed as a decimal integer that do not receive a reply before the trace operation fails for a given TTL value.
- max-vc-label-ttl
-
Specifies the TTL value for the VC label of the echo request message for the last hop of the MS-PW for which the results are to be displayed. This is expressed as a decimal integer. The outer label TTL is still set to the default regardless of the value of the VC label.
- min-vc-label-ttl
-
Specifies the TTL value for the VC label of the echo request message for the first hop of the MS-PW for which the results are to be displayed. This is expressed as a decimal integer. Note that the outer label TTL is still set to the default regardless of the value of the VC label.
- probe-count
-
Specifies the number of VCCV trace echo request messages to send per TTL value.
- octets
-
Specifies the size in octets, expressed as a decimal integer, of the MPLS echo request packet, including the IP header but not the label stack. The request pay-load is padded with zeros to the specified size. An OAM command is not failed if the user enters a size lower than the minimum required to build the packet for the echo request message. The payload is automatically padded to meet the minimum size.
- timeout-value
-
Specifies the timeout parameter, in seconds, expressed as a decimal integer. This value is used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response are not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.
Platforms
All
Output
Sample Output*A:138.120.214.60# oam vccv-trace 1:33
>>>>>>> 22.10.R1
VCCV-TRACE 1:33 with 88 bytes of MPLS payload
1 1.1.63.63 rtt<10ms rc=8(DSRtrMatchLabel)
2 1.1.62.62 rtt<10ms rc=8(DSRtrMatchLabel)
3 1.1.61.61 rtt<10ms rc=3(EgressRtr)
Trace with detail:
*A:138.120.214.60>oam vccv-trace 1:33 detail
VCCV-TRACE 1:33 with 88 bytes of MPLS payload
1 1.1.63.63 rtt<10ms rc=8(DSRtrMatchLabel)
Next segment: VcId=34 VcType=AAL5SDU Source=1.1.63.63 Remote=1.1.62.62
2 1.1.62.62 rtt<10ms rc=8(DSRtrMatchLabel)
Next segment: VcId=35 VcType=AAL5SDU Source=1.1.62.62 Remote=1.1.61.61
3 1.1.61.61 rtt<10ms rc=3(EgressRtr)
SAA:
*A:multisim3>config>saa# info
----------------------------------------------
test "vt1"
shutdown
type
vccv-trace 1:2 fc "af" profile in timeout 2 interval 3 size 200
min-ttl 2 max-ttl 5 max-fail 2 probe-count 3
exit
exit
..
----------------------------------------------
*A:multisim3>config>saa#
ve-id
ve-id
Syntax
ve-id value
no ve-id
Context
[Tree] (config>service>epipe>bgp-vpws>ve-name ve-id)
[Tree] (config>service>epipe>bgp-vpws>remote-ve-name ve-id)
Full Context
configure service epipe bgp-vpws ve-name ve-id
configure service epipe bgp-vpws remote-ve-name ve-id
Description
This command configures a ve-id for either the local VPWS instance when configured under the ve-name, or for the remote VPWS instance when configured under the remote-ve-name.
A single ve-id can be configured per ve-name or remote-ve-name. The ve-id can be changed without shutting down the VPWS instance. When the ve-name ve-id changes, BGP withdraws the previously advertised route and sends a route-refresh to all the peers which would result in reception of all the remote routes again. The old PWs are removed and new ones are instantiated for the new ve-id value.
When the remote-ve-name ve-id changes, BGP withdraws the previously advertised route and send a new update matching the new ve-id. The old pseudowires are removed and new ones are instantiated for the new ve-id value.
NLRIs received whose advertised ve-id does not match the list of ve-ids configured under the remote ve-id will not have a spoke SDP binding auto-created but will remain in the BGP routing table but not in the Layer 2 route table. A change in the locally configured ve-ids may result in auto-sdp-bindings either being deleted or created, based on the new matching results.
Each ve-id configured within a service must be unique.
The no form of this command removes the configured ve-id. It can be used just when the BGP VPWS status is shutdown. The no shutdown command cannot be used if there is no ve-id configured.
Default
no ve-id
Parameters
- value
-
A two bytes identifier that represents the local or remote VPWS instance and is advertised through the BGP NLRI.
Platforms
All
ve-id
Syntax
ve-id ve-id-value
no ve-id
Context
[Tree] (config>service>vpls>bgp-vpls>ve-name ve-id)
Full Context
configure service vpls bgp-vpls ve-name ve-id
Description
This command configures a ve-id. Just one ve-id can be configured per BGP VPLS instance. The VE-ID can be changed without shutting down the VPLS Instance. When the VE-ID changes, BGP is withdrawing its own previously advertised routes and sending a route-refresh to all the peers which would result in reception of all the remote routes again. The old pseudowires are removed and new ones are instantiated for the new VE-ID value.
The no form of this command removes the configured ve-id. It can be used just when the BGP VPLS status is shutdown. The no shutdown command cannot be used if there is no ve-id configured.
Default
no ve-id
Parameters
- value
-
Specifies a two-byte identifier that represents the local instance in a VPLS and is advertised through the BGP NLRI. Must be lower or equal with the max-ve-id.
Platforms
All
ve-name
ve-name
Syntax
[no] ve-name name
Context
[Tree] (config>service>epipe>bgp-vpws ve-name)
Full Context
configure service epipe bgp-vpws ve-name
Description
This command configures the name of the local VPWS instance in this service.
The no form of this command removes the ve-name.
Parameters
- name
-
Specifies a site name up to 32 characters in length.
Platforms
All
ve-name
Syntax
ve-name name
no ve-name
Context
[Tree] (config>service>vpls>bgp-vpls ve-name)
Full Context
configure service vpls bgp-vpls ve-name
Description
This command creates or edits a ve-name. Just one ve-name can be created per BGP VPLS instance.
The no form of this command removes the configured ve-name from the bgp vpls node. It can be used only when the BGP VPLS status is shutdown. The no shutdown command cannot be used if there is no ve-name configured.
Default
no ve-name
Parameters
- name
-
Specifies the A character string to identify the VPLS Edge instance up to 32 characters in length
Platforms
All
vendor-id
vendor-id
Syntax
vendor-id vendor-id
no vendor-id
Context
[Tree] (config>system>ned>profile vendor-id)
Full Context
configure system network-element-discovery profile vendor-id
Description
This command configures the vendor ID to be advertised.
The no form of this command reverts to the default value.
Default
vendor-id "Nokia"
Parameters
- vendor-id
-
Specifies the vendor ID to be advertised with the profile, up to 255 characters.
Platforms
All
vendor-specific-option
vendor-specific-option
Syntax
[no] vendor-specific-option
Context
[Tree] (config>service>ies>if>dhcp>option vendor-specific-option)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>option vendor-specific-option)
[Tree] (config>subscr-mgmt>msap-policy>vpls-only-sap-parameters>dhcp>option vendor-specific-option)
[Tree] (config>service>vprn>if>dhcp>option vendor-specific-option)
[Tree] (config>service>ies>sub-if>dhcp vendor-specific-option)
[Tree] (config>service>vpls>sap>dhcp>option vendor-specific-option)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option vendor-specific-option)
Full Context
configure service ies interface dhcp option vendor-specific-option
configure service ies subscriber-interface group-interface dhcp option vendor-specific-option
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option
configure service vprn interface dhcp option vendor-specific-option
configure service ies subscriber-interface dhcp vendor-specific-option
configure service vpls sap dhcp option vendor-specific-option
configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option
Description
This command enables the Nokia vendor-specific sub-option of the DHCP relay packet.
The no form of this command reverts to the default.
Platforms
All
- configure service ies interface dhcp option vendor-specific-option
- configure service vprn interface dhcp option vendor-specific-option
- configure service vpls sap dhcp option vendor-specific-option
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface dhcp vendor-specific-option
- configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option
- configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option
- configure service ies subscriber-interface group-interface dhcp option vendor-specific-option
vendor-specific-option
Syntax
[no] vendor-specific-option
Context
[Tree] (config>router>if>dhcp>option vendor-specific-option)
Full Context
configure router interface dhcp option vendor-specific-option
Description
This command configures the Nokia vendor specific suboption of the DHCP relay packet.
Platforms
All
vendor-support
vendor-support
Syntax
vendor-support [three-gpp | vodafone]
no vendor-support
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy vendor-support)
[Tree] (config>aaa>diam-peer-plcy vendor-support)
Full Context
configure subscriber-mgmt diameter-application-policy gy vendor-support
configure aaa diameter-peer-policy vendor-support
Description
In a diameter peer policy, this command specifies the vendor support announced in the capability exchange. In a Gy diameter application policy, this command specifies the vendor specific attributes for the user sessions.
The no form of this command reverts to the default value.
Default
vendor-support three-gpp
Parameters
- three-gpp
-
Specifies the 3GPP diameter policy vendor type.
- vodafone
-
Specifies the vodafone diameter policy vendor type.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
version
version
Syntax
version version
no version
Context
[Tree] (config>subscr-mgmt>igmp-policy version)
Full Context
configure subscriber-mgmt igmp-policy version
Description
This command configures the version of IGMP.
The no form of this command reverts to the default value.
Default
version 3
Parameters
- version
-
Specifies the IGMP version.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
version
Syntax
version version
no version
Context
[Tree] (config>subscr-mgmt>msap-policy>vpls-only-sap-parameters>igmp-snp version)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping version
Description
This command specifies the version of IGMP which is running on an MSAP. This object can be used to configure a router capable of running either value. For IGMP to function correctly, all routers on a LAN must be configured to run the same version of IGMP on that LAN.
When the send-query command is configured, all type of queries generated are of the configured version. If a report of a version higher than the configured version is received, the report gets dropped and a new "wrong version” counter is incremented.
If the send-query command is not configured, the version command has no effect. The version used on that SAP or SDP is the version of the querier. This implies that, for example, when there is a v2 querier, a v3 group or group-source specific query when a host wants to leave a certain group will never be sent.
Default
version 3
Parameters
- version
-
Specifies the IGMP version.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
version
Syntax
version version
no version
Context
[Tree] (config>subscr-mgmt>mld-policy version)
Full Context
configure subscriber-mgmt mld-policy version
Description
This command configures the MLD version.
The no form of this command reverts to the default.
Default
version 2
Parameters
- version
-
Specifies the MLD version.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
version
Syntax
version version
no version
Context
[Tree] (config>service>vprn>wpp>portals>portal version)
[Tree] (config>router>wpp>portals>portal version)
Full Context
configure service vprn wpp portals portal version
configure router wpp portals portal version
Description
This command configure the protocol version that is expected by the WPP portal.
The no form of this command reverts to the default.
Default
version 1
Parameters
- version
-
Specifies the protocol version.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
version
Syntax
version IMA-version
no version
Context
[Tree] (config>port>ml-bundle>ima version)
Full Context
configure port multilink-bundle ima version
Description
This command configures the IMA version for the multilink bundle group. If there is a version mismatch between this IMA group and the far end IMA group, the IMA group becomes operationally down. Automatic version changing is not supported. To change the IMA version, all member links must be removed from the group first.
Default
version 1-1
Parameters
- IMA-version
-
Specifies the IMA version for this group.
Platforms
7450 ESS, 7750 SR-7/12/12e
version
Syntax
version version
no version
Context
[Tree] (config>service>vpls>spoke-sdp>mld-snooping version)
[Tree] (config>service>vpls>spoke-sdp>igmp-snooping version)
[Tree] (config>service>vpls>mesh-sdp>mld-snooping version)
[Tree] (config>service>vpls>mesh-sdp>igmp-snooping version)
[Tree] (config>service>vpls>sap>igmp-snooping version)
[Tree] (config>service>vpls>sap>mld-snooping version)
Full Context
configure service vpls spoke-sdp mld-snooping version
configure service vpls spoke-sdp igmp-snooping version
configure service vpls mesh-sdp mld-snooping version
configure service vpls mesh-sdp igmp-snooping version
configure service vpls sap igmp-snooping version
configure service vpls sap mld-snooping version
Description
This command specifies the version of IGMP or MLD which is running on this SAP or SDP. This object can be used to configure a router capable of running either value. For IGMP or MLD to function correctly, all routers on a LAN must be configured to run the same version of IGMP or MLD on that LAN.
When the send-query command is configured, all type of queries generate ourselves are of the configured version. If a report of a version higher than the configured version is received, the report gets dropped and a new "wrong version” counter is incremented.
If the send-query command is not configured, the version command has no effect. The version used on that SAP or SDP is the version of the querier. This implies that, for example, when there is a v2 querier, a v3 group or group-source specific query when a host wants to leave a certain group will never be sent.
Parameters
- version
-
Specifies the IGMP or MLD version
Platforms
All
version
Syntax
version version
no version
Context
[Tree] (config>service>vprn>igmp>grp-if version)
Full Context
configure service vprn igmp group-interface version
Description
This command configures the version of IGMP.
The no form of this command removes the version.
Parameters
- version
-
Specifies the IGMP version.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
version
Syntax
version version
no version
Context
[Tree] (config>service>vprn>igmp>if version)
Full Context
configure service vprn igmp interface version
Description
This command specifies the IGMP version. If routers run different versions of IGMP, they will negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP on that LAN.
For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.
Default
version 3
Parameters
- version
-
Specifies the IGMP version number.
Platforms
All
version
Syntax
version version
no version
Context
[Tree] (config>service>vprn>mld>if version)
Full Context
configure service vprn mld interface version
Description
This command specifies the MLD version. If routers run different versions, they will negotiate the lowest common version of MLD that is supported by hosts on their subnet and operate in that version. For MLD to function correctly, all routers on a LAN should be configured to run the same version of MLD on that LAN.
Default
version 2
Parameters
- version
-
Specifies the MLD version number.
Platforms
All
version
Syntax
version minimum minimum maximum maximum
no version
Context
[Tree] (config>service>nat>pcp-server-policy version)
Full Context
configure service nat pcp-server-policy version
Description
This command configures the accepted protocol version range.
Default
version minimum 1 maximum 1
Parameters
- minimum
-
Specifies the minimum protocol version supported by the PCP servers using this PCP policy.
- maximum
-
Specifies the maximum protocol version supported by the PCP servers using this PCP policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
version
Syntax
version version
no version
Context
[Tree] (config>router>igmp>group-interface version)
[Tree] (config>router>igmp>if version)
Full Context
configure router igmp group-interface version
configure router igmp interface version
Description
This command specifies the IGMP version. If routers run different versions of IGMP, they will negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP on that LAN.
For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.
Default
version 3
Parameters
- version
-
Specifies the IGMP version number.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure router igmp group-interface version
All
- configure router igmp interface version
version
Syntax
version version
no version
Context
[Tree] (config>router>mld>interface version)
[Tree] (config>router>mld>group-interface version)
Full Context
configure router mld interface version
configure router mld group-interface version
Description
This command specifies the MLD version. If routers run different versions of MLD, they will negotiate the lowest common version of MLD that is supported by hosts on their subnet and operate in that version. For MLD to function correctly, all routers on a LAN should be configured to run the same version of MLD on that LAN.
Default
version 2
Parameters
- version
-
Specifies the MLD version number.
Platforms
All
- configure router mld interface version
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure router mld group-interface version
version
Syntax
version version
no version
Context
[Tree] (config>service>pw-template>igmp-snooping version)
Full Context
configure service pw-template igmp-snooping version
Description
This command specifies the version of IGMP. This object can be used to configure a router capable of running either value. For IGMP to function correctly, all routers on a LAN must be configured to run the same version of IGMP on that LAN.
When the send-query command is configured, all type of queries generated are of the configured version. If a report of a version higher than the configured version is received, the report gets dropped and a new "wrong version” counter is incremented.
If the send-query command is not configured, the version command has no effect. The version used on that SAP or SDP is the version of the querier. This implies that, for example, when there is a v2 querier, a v3 group or group-source specific query when a host wants to leave a certain group will never be sent.
Default
version 3
Parameters
- version
-
Specifies the IGMP version.
Platforms
All
version
Syntax
version file-url [check]
Context
[Tree] (file version)
Full Context
file version
Description
This command displays the version of an SR OS *.tim image file.
Parameters
- file-url
-
Specifies the file name of the target file.
- check
-
Validates the SR OS *.tim image file.
Platforms
All
Output
The following output is an example of SR OS version information.
Sample OutputA:Redundancy>file cf3:\ # version ftp://test:1234@192.0.2.79/usr/global/images/6.1/R4/cpm.tim
TiMOS-C-6.1.R4 for 7750
Thu Oct 30 14:21:09 PDT 2018 by builder in /relx.1/b1/Rx/panos/main
A:Redundancy>file cf3:\ # version check ftp://test:1234@192.0.2.79/usr/global/
images/6.1/R4/cpm.tim
TiMOS-C-6.1.R4 for 7750
Thu Oct 30 14:21:09 PDT 2018 by builder in /relx.1/b1/Rx/panos/main
Validation successful
A:Redundancy>file cf3:\ #
version
Syntax
version ssh-version
no version
Context
[Tree] (config>system>security>ssh version)
Full Context
configure system security ssh version
Description
This command configures the SSH protocol version that is supported by the SSH server.
The no form of this command removes the SSH version from the configuration.
Parameters
- ssh-version
-
Specifies the SSH version.
Platforms
All
vi
vi
Syntax
vi local-url
Context
[Tree] (file vi)
Full Context
file vi
Description
Edit files with the text editor. For more information, refer to "Text Editor” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Basic System Configuration Guide.
Parameters
- local-url
-
Specifies the local source file or directory.
Platforms
All
vid-pid-absent
vid-pid-absent
Syntax
vid-pid-absent milli-seconds
no vid-pid-absent
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms vid-pid-absent)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms vid-pid-absent)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms vid-pid-absent)
Full Context
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms vid-pid-absent
configure mcast-management multicast-info-policy bundle video analyzer alarms vid-pid-absent
configure mcast-management multicast-info-policy bundle channel video analyzer alarms vid-pid-absent
Description
This command configures the analyzer to check for a VID PID within the specified time interval.
Default
no vid-pid-absent
Parameters
- milli-seconds
-
Specifies the time, in milliseconds, for which to check for a VID PID.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video
video
Syntax
video
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel video)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override video)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle video)
Full Context
configure mcast-management multicast-info-policy bundle channel video
configure mcast-management multicast-info-policy bundle channel source-override video
configure mcast-management multicast-info-policy bundle video
Description
Commands in this context configure video parameters.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-group
video-group
Syntax
video-group video-group-id [create]
no video-group video-group-id
Context
[Tree] (config>isa video-group)
Full Context
configure isa video-group
Description
This command configures an ISA video group.
Parameters
- video-group-id
-
Specifies a video group ID.
- create
-
Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-group
Syntax
video-group video-group-id
video-group disable
no video-group
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video video-group)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video video-group)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video video-group)
Full Context
configure mcast-management multicast-info-policy bundle video video-group
configure mcast-management multicast-info-policy bundle channel source-override video video-group
configure mcast-management multicast-info-policy bundle channel video video-group
Description
This command assigns a video group ID to the channel.
Parameters
- video-group-id
-
specifies the identifier for this video group. The video group must have been configured in the config>isa context.
- disable
-
Explicitly disables the video group within the policy.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-interface
video-interface
Syntax
video-interface ip-address [create]
no video-interface ip-address
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy video-interface)
Full Context
configure mcast-management multicast-info-policy video-policy video-interface
Description
This command creates a video interface policy context that correlates to the IP address assigned for a video interface. This interface is created in a subscriber service to which the multicast information policy is assigned. If the specified IP address does not correlate to a video interface ip address, the parameters defined within this context have no effect.
The no form of the command deletes the video interface policy context.
Parameters
- ip-address
-
The IP address of a video interface provisioned within the context of a service to which the Multicast Information Policy is assigned. If the IP address does not match the IP address assigned to a video interface, the parameters defined within this context have no effect.
- create
-
Mandatory keyword needed when creating a new video interface within the video policy.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-interface
Syntax
video-interface ip-int-name [create]
no video-interface ip-int-name
Context
[Tree] (config>service>vprn video-interface)
[Tree] (config>service>vpls video-interface)
[Tree] (config>service>ies video-interface)
Full Context
configure service vprn video-interface
configure service vpls video-interface
configure service ies video-interface
Description
This command creates a video interface within the service. The video interface and associated IP addresses are the addresses to which clients within the service will send requests. The video interface must be associated with an ISA group using the video-sap command and have IP addresses for it to be functional.
The no form of the command deletes the video interface. The video interface must be administratively shut down before issuing the no video-interface command.
Parameters
- ip-int-name
-
Specifies the name of the video interface, up to 32 characters. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- create
-
This keyword is mandatory when creating a video interface.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-interface
Syntax
[no] video-interface video-ip-int-name
Context
[Tree] (debug>service>id video-interface)
Full Context
debug service id video-interface
Description
This command enables debugging for video interfaces.
The no form of the command disables the video interface debugging.
Parameters
- video-ip-int-name
-
Specifies the video interface name.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-policy
video-policy
Syntax
video-policy
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy video-policy)
Full Context
configure mcast-management multicast-info-policy video-policy
Description
Commands in this context configure video interfaces and video services.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-sap
video-sap
Syntax
video-sap video-group-id
no video-sap
Context
[Tree] (config>service>vpls>video-interface video-sap)
[Tree] (config>service>ies>video-interface video-sap)
[Tree] (config>service>vprn>video-interface video-sap)
Full Context
configure service vpls video-interface video-sap
configure service ies video-interface video-sap
configure service vprn video-interface video-sap
Description
This command configures a service video interface association with a video group.
The no form of the command removes the video group association.
Parameters
- video-group-id
-
Specifies the video group ID number.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
video-template
video-template
Syntax
video-template
Context
[Tree] (config>app-assure>group>cflowd>rtp-perf video-template)
Full Context
configure application-assurance group cflowd rtp-performance video-template
Description
Commands in this context configure the video template for cflowd fields.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
view
view
Syntax
view [line]
Context
[Tree] (candidate view)
Full Context
candidate view
Description
This command displays the candidate configuration along with line numbers that can be used for editing the candidate configuration.
Parameters
- line
-
Displays the candidate configuration starting at the point indicated by the following options (the display is not limited to the current CLI context/branch).
Platforms
All
view
Syntax
view [checkpoint-id | rescue | latest-rb]
Context
[Tree] (admin>rollback view)
Full Context
admin rollback view
Description
This command displays the checkpoint.
Parameters
- latest-rb
-
Specifies the most recently created rollback checkpoint (corresponds to the file-url.rb rollback checkpoint file).
- checkpoint-id
-
Indicates rollback checkpoint file to be viewed. Checkpoint-id of 1 corresponds to the file-url.rb.1 rollback checkpoint file. The higher the id, the older the checkpoint. Max is the highest rollback checkpoint supported or configured.
- rescue
-
Displays the rescue configuration.
Platforms
All
view
Syntax
view {bootup-cfg | active-cfg | candidate-cfg | latest-rb| checkpoint-id | rescue}
Context
[Tree] (admin view)
Full Context
admin view
Description
The context to configure administrative system viewing parameters. Only authorized users can execute the commands in the admin context.
Parameters
- bootup-cfg
-
Specifies the bootup configuration.
- active-cfg
-
Specifies current running configuration.
- candidate-cfg
-
Specifies candidate configuration.
- latest-rb
-
Specifies the latest configuration.
- checkpoint-id
-
Specifies a specific checkpoint file configuration.
- rescue
-
Specifies a rescue checkpoint configuration.
Platforms
All
view
Syntax
view view-name subtree oid-value
no view view-name [subtree oid-value]
Context
[Tree] (config>system>security>snmp view)
Full Context
configure system security snmp view
Description
This command configures a view. Views control the accessibility of a MIB object within the configured MIB view and subtree. Object identifiers (OIDs) uniquely identify MIB objects in the subtree. OIDs are organized hierarchically with specific values assigned by different organizations.
Once the subtree (OID) is identified, a mask can be created to select the portions of the subtree to be included or excluded for access using this particular view. See the mask command.
The view(s) configured with this command can subsequently be used in read, write, and notify commands which are used to assign specific access group permissions to created views and assigned to particular access groups.
Multiple subtrees can be added or removed from a view name to tailor a view to the requirements of the user access group.
A subtree statement matches (covers) any OID that is a descendant of the specified OID value. For example, the subtree 1.3.6.1 matches 1.3.6.1.x (for any value of x), 1.3.6.1.x.y (for any values of x & y), and so on.
Subtrees that are not covered by view statements are not accessible in the view.
Per RFC 2575, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP), each MIB view is defined by two sets of view subtrees, the included view subtrees, and the excluded view subtrees (see the included and excluded parameters of the mask command). Every such view subtree, both the included and the excluded ones, are defined in this table. To determine if a particular object instance is in a particular MIB view, compare the object instance’s OID with each of the MIB view’s active entries in this table. If none match, then the object instance is not in the MIB view. If one or more match, then the object instance is included in, or excluded from, the MIB view according to the value of vacmViewTreeFamilyType in the entry whose value of vacmViewTreeFamilySubtree has the most sub-identifiers.
The no view view-name command removes a view and all subtrees.
The no view view-name subtree oid-value removes a sub-tree from the view name.
Parameters
- view-name
-
Specifies a view name, up to 32 characters.
- oid-value
-
Specifies the object identifier (OID) value for the view-name. This value, for example, 1.3.6.1.6.3.11.2.1, combined with the mask and include and exclude statements, configures the access available in the view.
It is possible to have a view with different subtrees with their own masks and include and exclude statements. This allows for customizing visibility and write capabilities to specific user requirements.
Platforms
All
virtual-chassis-identifier
virtual-chassis-identifier
Syntax
virtual-chassis-identifier dual-homing-key
no virtual-chassis-identifier
Context
[Tree] (config>subscr-mgmt>wlan-gw virtual-chassis-identifier)
Full Context
configure subscriber-mgmt wlan-gw virtual-chassis-identifier
Description
This command specifies a virtual chassis identifier that can link two wlan-gws together.
The no form of this command removes the dual-homing-key.
Parameters
- dual-homing-key
-
Specifies the name of the dual homing key, up to 16 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
virtual-link
virtual-link
Syntax
[no] virtual-link router-id transit-area area-id
Context
[Tree] (config>service>vprn>ospf>area virtual-link)
[Tree] (config>service>vprn>ospf3>area virtual-link)
Full Context
configure service vprn ospf area virtual-link
configure service vprn ospf3 area virtual-link
Description
This command configures a virtual link to connect area border routers to the backbone via a virtual link.
The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).
The no form of this command deletes the virtual link.
Default
No virtual link is defined.
Parameters
- router-id
-
The router ID of the virtual neighbor in IP address dotted decimal notation.
- transit-area area-id
-
The area-id specified identifies the transit area that links the backbone area with the area that has no physical connection with the backbone.
Platforms
All
virtual-link
Syntax
[no] virtual-link router-id transit-area area-id
Context
[Tree] (config>router>ospf>area virtual-link)
[Tree] (config>router>ospf3>area virtual-link)
Full Context
configure router ospf area virtual-link
configure router ospf3 area virtual-link
Description
This command configures a virtual link to connect area border routers to the backbone via a virtual link.
The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).
The no form of this command deletes the virtual link.
By default, no virtual link is defined.
Default
no virtual-link
Parameters
- router-id
-
Specifies the router ID of the virtual neighbor in IP address dotted decimal notation.
- area-id
-
Specifies the area-id that identifies the transit area that links the backbone area with the area that has no physical connection with the backbone.
Platforms
All
virtual-neighbor
virtual-neighbor
Syntax
virtual-neighbor [router-id]
no virtual-neighbor
Context
[Tree] (debug>router>ospf virtual-neighbor)
[Tree] (debug>router>ospf3 virtual-neighbor)
Full Context
debug router ospf virtual-neighbor
debug router ospf3 virtual-neighbor
Description
This command enables debugging for an OSPF virtual neighbor.
Parameters
- router-id
-
Specifies the router ID of the virtual neighbor.
Platforms
All
virtual-scheduler-adjustment
virtual-scheduler-adjustment
Syntax
virtual-scheduler-adjustment
Context
[Tree] (config>card virtual-scheduler-adjustment)
Full Context
configure card virtual-scheduler-adjustment
Description
Commands in this context configure the virtual scheduler processing on the card. This is only applicable to queues and to policers parented to a scheduler.
Platforms
All
virtual-subnet
virtual-subnet
Syntax
[no] virtual-subnet
Context
[Tree] (config>service>ies>sub-if>dhcp virtual-subnet)
[Tree] (config>service>vprn>sub-if>dhcp virtual-subnet)
Full Context
configure service ies subscriber-interface dhcp virtual-subnet
configure service vprn subscriber-interface dhcp virtual-subnet
Description
This command enables a virtual-subnet for DHCPv4 hosts under the subscriber interface. With this command configured, the system will snoop and record the default router address in the DHCP ACK message for the DHCPv4 ESM host. The system could answer ping or traceroute request even if the default router address is not configured on the subscriber-interface.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vlan
vlan
Syntax
vlan [vlan-encap]
Context
[Tree] (config>redundancy>mc>peer>mcr>l3ring>node>cv vlan)
Full Context
configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify vlan
Description
This command specifies the VLAN tag of the SAP used for ring-node connectivity verification of this ring node. It is only meaningful if the value of is not zero.
The no form of this command reverts to the default.
Parameters
- vlan-encap
-
Specifies the node cc VLAN IP.
Platforms
All
vlan
Syntax
vlan tag
no vlan
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query vlan)
Full Context
configure subscriber-mgmt wlan-gw ue-query vlan
Description
This command enables matching on UEs, based on the VLAN tag within the tunnel, which typically used to indicate an SSID.
The no form of this command disables matching on the VLAN.
Default
no vlan
Parameters
- tag
-
Specifies the VLAN tag.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan
Syntax
vlan start [value] end [value] retail-svc-id service-id
no vlan start [value] end [value]
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>retailer vlan)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>retailer vlan)
Full Context
configure service ies subscriber-interface group-interface wlan-gw retailer vlan
configure service vprn subscriber-interface group-interface wlan-gw retailer vlan
Description
This command creates a mapping from a range of VLANs (appearing in the wlan-gw encapsulated Layer 2 frame) to a retail service ID.
The no form of this command removes the parameters from the configuration.
Parameters
- start
-
Specifies the start VLAN tag of this range.
- end
-
Specifies the end VLAN tag of this range.
- retail-svc-id service-id
-
Specifies the identifier of the retail service to be used by default of a value in the retail service map of this interface.
vlan
Syntax
vlan vlan-encap
no vlan
Context
[Tree] (config>redundancy>mc>peer>mcr>node>cv vlan)
Full Context
configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify vlan
Description
This command specifies the VLAN tag used for the Ring-node Connectivity Verification of this ring node. It is only meaningful if the value of service ID is not zero. A zero value means that no VLAN tag is configured.
Default
no vlan
Parameters
- vlan-encap
-
Specifies the VLAN tag.
Platforms
All
vlan
Syntax
vlan vlan-id
no vlan
Context
[Tree] (cfg>eth-cfm>domain>assoc>bridge vlan)
Full Context
configure eth-cfm domain association bridge-identifier vlan
Description
This command configures the bridge identifier primary VLAN ID. This is informational only, and no verification is done to ensure MEPs on this association are on the configured VLAN.
The no form of this command reverts to the default value.
Default
no vlan
Parameters
- vlan-id
-
Specifies a VLAN ID monitored by MA.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
vlan-id
vlan-id
Syntax
vlan-id service-port-vlan-id
no vlan-id
Context
[Tree] (config>app-assure>group>evt-log>syslog vlan-id)
Full Context
configure application-assurance group event-log syslog vlan-id
Description
This command configures the service port VLAN ID to be used by application assurance to inject the syslog events inband. This VLAN ID needs also to be configured for application assurance interface.
Default
no vlan-id
Parameters
- service-port-vlan-id
-
Specifies the service port VLAN identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-id
Syntax
vlan-id service-port-vlan-id
no vlan-id
Context
[Tree] (config>app-assure>group>http-redirect>captive-redirect vlan-id)
Full Context
configure application-assurance group http-redirect captive-redirect vlan-id
Description
This command configures the VLAN ID for captive redirect. Captive redirect uses the provisioned VLAN ID to send the HTTP response to subscribers; therefore this VLAN ID must be properly assigned in the same VPN as the subscriber.
Parameters
- service-port-vlan-id
-
Specifies the VLAN ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-id
Syntax
vlan-id service-port-vlan-id
no vlan-id
Context
[Tree] (config>app-assure>group>url-filter>icap vlan-id)
Full Context
configure application-assurance group url-filter icap vlan-id
Description
This command configures the VLAN ID on which the ISA-AA is expected to be emitting traffic mapping to a pre-configured aa-interface.
Default
no vlan-id
Parameters
- service-port-vlan-id
-
Specifies the VLAN ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-id
Syntax
vlan-id vlan-id
no vlan-id
Context
[Tree] (config>app-assure>group>url-filter>web-service vlan-id)
Full Context
configure application-assurance group url-filter web-service vlan-id
Description
This command configures the VLAN ID on which the AA ISA emits the traffic mapping to a preconfigured AA interface.
The no form of this command removes the VLAN ID configuration.
Default
no vlan-id
Parameters
- vlan-id
-
Specifies the VLAN ID to connect to the web service.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-id
Syntax
vlan-id vlan-id
no vlan-id
Context
[Tree] (config>test-oam>build-packet>header>dot1q vlan-id)
[Tree] (debug>oam>build-packet>packet>field-override>header>dot1q vlan-id)
Full Context
configure test-oam build-packet header dot1q vlan-id
debug oam build-packet packet field-override header dot1q vlan-id
Description
This command defines the Dot1Q VLAN ID to be used in the test Dot1Q header.
The no form of this command removes the VLAN ID value.
Parameters
- vlan-id
-
Specifies the Dot1Q VLAN ID to be used in the test Dot1Q header.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
vlan-id
Syntax
vlan-id service-port-vlan-id
no vlan-id
Context
[Tree] (config>app-assure>group>cflowd>dir-exp vlan-id)
Full Context
configure application-assurance group cflowd direct-export vlan-id
Description
This command configures the VLAN ID on which the ISA-AA is expected to be emitting traffic.
The no form of this command removes the VLAN ID from the configuration.
Default
no vlan-id
Parameters
- service-port-vlan-id
-
Specifies the VLAN ID of the service port.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-mismatch-timeout
vlan-mismatch-timeout
Syntax
vlan-mismatch-timeout seconds
no vlan-mismatch-timeout
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>authentication vlan-mismatch-timeout)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>authentication vlan-mismatch-timeout)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range authentication vlan-mismatch-timeout
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range authentication vlan-mismatch-timeout
Description
This command configures the timeout value for the RADIUS proxy cache if a packet is received with a non-matching VLAN tag. The new timeout value is the lesser of the vlan-mismatch-timeout value and the currently remaining proxy cache timeout value.
The no form of this command disables the timeout behavior. The cache timeout value will remain unchanged.
Parameters
- seconds
-
Specifies the timeout value for the RADIUS proxy cache, in seconds.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-range
vlan-range
Syntax
[no] vlan-range [vlan-range]
Context
[Tree] (config>service>vpls>stp>mst-instance vlan-range)
Full Context
configure service vpls stp mst-instance vlan-range
Description
This command specifies a range of VLANs associated with a certain mst-instance. This range applies to all SAPs of the M-VPLS.
Every VLAN range that is not assigned within any of the created config>service>vpls>stp mst-instance is automatically assigned to mst-instance 0. This instance is automatically maintained by the software and cannot be modified. Changing the VLAN range value can be performed only when the specified mst-instance is shutdown.
The no form of this command removes the vlan-range from the specified config>service>vpls>stp mst-instance.
Parameters
- vlan-range
-
The first VLAN range specifies the left-bound (i.e., minimum value) of a range of VLANs that are associated with the M-VPLS SAP. This value must be smaller than (or equal to) the second VLAN range value. The second VLAN range specifies the right-bound (i.e., maximum value) of a range of VLANs that are associated with the M-VPLS SAP.
Platforms
All
vlan-range
Syntax
vlan-range from [to to]
no vlan-range from
Context
[Tree] (config>connection-profile-vlan vlan-range)
Full Context
configure connection-profile-vlan vlan-range
Description
This command allows the user to configure different ranges in the connection-profile-vlan. The ranges have the following characteristics:
-
Ranges can contain a single VID or start-and-end values. When the to-vid is not specified, the end vid value is the same as the start vid value.
-
On the fly addition/removal of ranges is allowed.
-
When removing an entry, the no vlan-range vid to vid must be configured by the user.
-
Multiple ranges are allowed under the same connection-profile-vlan. No VLAN values should overlap within the same connection-profile-vlan.
-
The index for connection-profile and connection-profile-vlan must be unique between the two. For example, if connection-profile 100 is present, then connection-profile-vlan 100 is disallowed.
Each connection-profile-vlan must be explicitly configured.
Parameters
- from
-
Specifies the beginning of the vlan-range associated to the connection-profile-vlan.
- to
-
Specifies the end of the vlan-range associated to the connection-profile-vlan. If not specified, the vlan-range is comprised of only the from VLAN ID.
Platforms
All
vlan-tag-ranges
vlan-tag-ranges
Syntax
vlan-tag-ranges
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw vlan-tag-ranges)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw vlan-tag-ranges)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges
Description
Commands in this context configure VLAN-to-retail-map parameters to map dot1q tags to the retail service ID. The WIFI AP inserts a dot1Q tag in the Layer 2 frame within the GRE tunnel to indicate the retail service provider for the subscriber.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
vlan-translation
vlan-translation
Syntax
vlan-translation {vlan-id | copy-outer}
no vlan-translation
Context
[Tree] (config>service>epipe>sap>ingress vlan-translation)
[Tree] (config>service>vpls>sap>ingress vlan-translation)
Full Context
configure service epipe sap ingress vlan-translation
configure service vpls sap ingress vlan-translation
Description
This command configures ingress VLAN translation. If enabled with an explicit VLAN value, the preserved VLAN ID is overwritten with this value. This setting is applicable to dot1q encapsulated ports. If enabled with the copy-outer keyword, the outer VLAN ID is copied to inner position on QinQ encapsulated ports. The feature is not supported on:
-
Dot1q saps
-
QinQ saps with qinq-vlan-translation
-
Connection profile VLAN SAPs if the copy-outer option is configured
The no version of the command disables VLAN translation.
Default
no vlan-translation
Parameters
- vlan-id
-
Specifies the VLAN id.
- copy-outer
-
Specifies to use the outer VLAN id.
Platforms
All
vlan-vc-etype
vlan-vc-etype
Syntax
vlan-vc-etype ethernet-type
no vlan-vc-etype [ethernet-type]
Context
[Tree] (config>service>sdp vlan-vc-etype)
Full Context
configure service sdp vlan-vc-etype
Description
This command configures the VLAN VC EtherType.
The no form of this command returns the value to the default.
Default
no vlan-vc-etype
Parameters
- ethernet-type
-
Specifies a valid VLAN etype identifier.
Platforms
All
vlan-vc-tag
vlan-vc-tag
Syntax
vlan-vc-tag vlan-id
no vlan-vc-tag [vlan-id]
Context
[Tree] (config>service>vpls>spoke-sdp vlan-vc-tag)
[Tree] (config>service>vpls>mesh-sdp vlan-vc-tag)
Full Context
configure service vpls spoke-sdp vlan-vc-tag
configure service vpls mesh-sdp vlan-vc-tag
Description
This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.
When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.
The no form of this command disables the command.
Default
no vlan-vc-tag
Parameters
- vlan-id
-
Specifies a valid VLAN identifier to bind an 802.1Q VLAN tag ID.
Platforms
All
vlan-vc-tag
Syntax
vlan-vc-tag vlan-id
no vlan-vc-tag
Context
[Tree] (config>service>sdp>binding>pw-port vlan-vc-tag)
Full Context
configure service sdp binding pw-port vlan-vc-tag
Description
This command sets tag relevant for vc-type vlan mode. This tag is inserted in traffic forwarded into the pseudowire.
The no form of the command reverts to the default value.
Default
no vlan-vc-tag
Parameters
- vlan-id
-
Specifies the VLAN ID value.
Platforms
All
vlan-vc-tag
Syntax
vlan-vc-tag tag
no vlan-vc-tag tag
Context
[Tree] (config>service>epipe>spoke-sdp vlan-vc-tag)
Full Context
configure service epipe spoke-sdp vlan-vc-tag
Description
This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.
When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.
The no form of this command disables the command.
Default
no vlan-vc-tag
Parameters
- tag
-
Specifies a valid VLAN identifier to bind an 802.1Q VLAN tag ID.
Platforms
All
vlan-vc-tag
Syntax
vlan-vc-tag vlan-id
no vlan-vc-tag
Context
[Tree] (config>service>pw-template vlan-vc-tag)
Full Context
configure service pw-template vlan-vc-tag
Description
This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.
When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.
The no form of this command disables the command.
Default
no vlan-vc-tag
Parameters
- vlan-id
-
Specifies a valid VLAN identifier to bind an 802.1Q VLAN tag ID.
Platforms
All
vm
vm
Syntax
vm vm-id [create]
no vm vm-id
Context
[Tree] (config>esa vm)
Full Context
configure esa vm
Description
This command configures or creates an ESA-VM instance.
The no form of this command removes the ESA-VM from the system.
Parameters
- vm-id
-
Specifies the VM identifier.
- create
-
Mandatory keyword used when creating an ESA-VM in the config context
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s
vm-traffic-distribution-by-ip
vm-traffic-distribution-by-ip
Syntax
[no] vm-traffic-distribution-by-ip
Context
[Tree] (config>isa>aa-grp vm-traffic-distribution-by-ip)
Full Context
configure isa application-assurance-group vm-traffic-distribution-by-ip
Description
This command enables the distribution of packets by IP address across virtual CPUs of a data plane VM. This allows support for AA subscribers whose bandwidth exceeds the processing throughput of a single vCPU.
The no form of this command enables traffic distribution by AA subscriber.
Default
no vm-traffic-distribution-by-ip
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vm-traffic-distribution-by-teid
vm-traffic-distribution-by-teid
Syntax
[no] vm-traffic-distribution-by-teid
Context
[Tree] (config>isa>aa-grp vm-traffic-distribution-by-teid)
Full Context
configure isa application-assurance-group vm-traffic-distribution-by-teid
Description
This command configures AA in VSR mode to load-balance traffic across different VM cores using TEID. Load-balancing is required when VSR is deployed on 3GPP S5/S8 (Gn/Gp) interfaces to provide GTP firewalling.
The no form of this command disables load-balancing of the traffic across the VM cores.
Default
no vm-traffic-distribution-by-teid
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vm-type
vm-type
Syntax
vm-type vm-type
no vm-type
Context
[Tree] (config>esa>vm vm-type)
Full Context
configure esa vm vm-type
Description
This command configures the type of ESA-VM instance.
The no form of this command removes the specified VM type.
Parameters
- vm-type
-
Specifies the VM type.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s
vmep-filter
vmep-filter
Syntax
[no] vmep-filter
Context
[Tree] (config>service>vpls>eth-cfm>spoke-sdp vmep-filter)
[Tree] (config>service>vpls>eth-cfm>sap vmep-filter)
[Tree] (config>service>vpls>eth-cfm>mesh-sdp vmep-filter)
Full Context
configure service vpls eth-cfm spoke-sdp vmep-filter
configure service vpls eth-cfm sap vmep-filter
configure service vpls eth-cfm mesh-sdp vmep-filter
Description
Suppress eth-cfm PDUs based on level lower than or equal to configured Virtual MEP. This command is not supported under a B-VPLS context. This will also delete any MIP configured on the SAP or Spoke-SDP.
The no form of this command reverts to the default values.
Default
no vmep-filter
voice-template
voice-template
Syntax
voice template
Context
[Tree] (config>app-assure>group>cflowd>rtp-perf voice-template)
Full Context
configure application-assurance group cflowd rtp-performance voice-template
Description
Commands in this context configure the voice template for cflowd fields.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
volume
volume
Syntax
volume credits {bytes | kilobytes | megabytes | gigabytes}
no volume
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh>interim-c volume)
Full Context
configure subscriber-mgmt diameter-application-policy gy extended-failure-handling interim-credit volume
Description
This command configures the default volume interim credit that is allocated to all rating groups of a Diameter Gy session when Extended Failure Handling (EFH) is active and for which no default credit is configured at the category map category level.
The no form of this command resets the value to the default value.
Default
volume 500 megabytes
Parameters
- credits
-
Specifies the amount of volume credit that is allocated by default to all rating groups of a Diameter Gy session when EFH is active.
- bytes | kilobytes | megabytes | gigabytes
-
Specifies whether credits are in bytes, kilobytes, megabytes, or gigabytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
volume
Syntax
volume
Context
[Tree] (config>app-assure>group>cflowd volume)
Full Context
configure application-assurance group cflowd volume
Description
This command configures the cflowd volume export.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
volume-quota-direction
volume-quota-direction
Syntax
volume-quota-direction {both | ingress | egress}
no volume-quota-direction
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm volume-quota-direction)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm volume-quota-direction)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt volume-quota-direction
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt volume-quota-direction
Description
This command specifies whether volume quota is applied in the egress (downstream), ingress (upstream), or both directions. Configuration changes apply only to new DSM UEs and not to existing UEs.
Parameters
- both
-
Enforces the volume quota on the packets ingressing and egressing the WLAN-GW combined.
- ingress
-
Enforces the volume quota on packets ingressing the WLAN-GW from the UE (upstream).
- egress
-
Enforces the volume quota on packets egressing the WLAN-GW to the UE (downstream).
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
volume-stats-type
volume-stats-type
Syntax
volume-stats-type {ip | default}
no volume-stats-type
Context
[Tree] (config>subscr-mgmt>sub-prof volume-stats-type)
Full Context
configure subscriber-mgmt sub-profile volume-stats-type
Description
This command enables the reporting of Layer 3 (IP) based subscriber host volume accounting data.
By default, subscriber host volume accounting data includes Layer 2 header octets and can be configured to include a fixed packet byte offset or last-mile encapsulation overhead.
The no form of this command reverts to the default.
Default
volume-stats-type default
Parameters
- default
-
Specifies that the subscriber host volume accounting data is reported including the Layer 2 header octets and optional delta’s introduced by configuration (for example: packet byte offset, last mile aware shaping, and so on).
- ip
-
Specifies that the subscriber host volume accounting data reporting is based on Layer 3 (IP) packet sizes. This includes subscriber host ingress/egress queue and policer stats in snmp, CLI show commands, RADIUS and XML accounting, and Diameter Gx usage monitoring. RADIUS and Diameter (DCCA) based credit control volume quota are interpreted as Layer 3 (IP).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vpls
vpls
Syntax
vpls service-id [customer customer-id] [create] [vpn vpn-id] [m-vpls] [b-vpls | i-vpls] [etree] [name name]
no vpls service-id
Context
[Tree] (config>service vpls)
Full Context
configure service vpls
Description
This command creates or edits a Virtual Private LAN Services (VPLS) instance. The vpls command is used to create or maintain a VPLS service. If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.
A VPLS service connects multiple customer sites together acting like a zero-hop, Layer 2 switched domain. A VPLS is always a logical full mesh.
When a service is created, the create keyword must be specified if the create command is enabled in the environment context. When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.
To create a management VPLS on the 7450 ESS, the m-vpls keyword must be specified. See section Hierarchical VPLS Redundancy for an introduction to the concept of management VPLS.
Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.
More than one VPLS service may be created for a single customer ID.
By default, no VPLS instances exist until they are explicitly created.
The no form of this command deletes the VPLS service instance with the specified service-id. The service cannot be deleted until all SAPs and SDPs defined within the service ID have been shut down and deleted, and the service has been shut down.
Parameters
- service-id
-
Specifies unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.
- customer customer-id
-
Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
- vpn vpn-id
-
Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN identification number
- create
-
Keyword used to create the service ID. The create keyword requirement can be enabled/disabled in the environment>create context.
- m-vpls
-
Specifies a management VPLS
- e-tree
-
Specifies a VPLS service as an E-Tree VPLS. E-Tree VPLS services have root and leaf attachment circuit (AC) and root leaf tag SAPs/SDP bindings for E-Tree interconnection. The access root AC SAP behaves as a SAP in non-E-tree VPLS services. The leaf AC SAP communicates only with root-connected services. Leaf and root AC SAPs behave externally the same as SAPs in non-E-Tree VPLS services.
The root AC SDP bind behaves as an SDP bind in non-E-tree VPLS services. The leaf AC SDP bind communicates only with root-connected services.
In the E-Tree VPLS, the root AC SAP/SDP bindings can communicate with other root and leaf AC SAP/SDP bind services locally and remotely. Root-originated traffic is marked internally with a root indication and the root is tagged externally on tag SAP/SDP binds. The leaf AC SAP/SDP bindings can communicate with other root SAP/SDP bindings locally and remotely. Leaf-originated traffic is marked internally with a leaf indication and tagged externally on leaf tag SAP/SDP bindings.
Any number of root or leaf AC SAPs can be used, up to the configured SAP limits in the E-Tree VPLS.
Network-side root leaf tag SAPs use additional SAP resources. These tag SAPs used two tags; one for root and one for leaf. Network-side tag SDPs use a hard coded tag of 1 for root and 2 for leaf. AC SDP bindings are designated as root or leaf SDP bindings but carry no tags marking traffic on the egress frames.
The E-Tree SAP type must be specified when the SAP is created. To change the SAP type, the SAP must be removed and recreated.
- b-vpls | i-vpls
-
Creates a backbone-vpls or ISID-vpls
- name name
-
Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
Platforms
All
vpls
Syntax
vpls service-name
no vpls
Context
[Tree] (config>service>ies>if vpls)
Full Context
configure service ies interface vpls
Description
The vpls command, within the IP interface context, is used to bind the IP interface to the specified service name (VPLS or I-VPLS).
The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system will scan the available VPLS services that have the allow-ip-int-bind flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system will immediately attempt to resolve the given name.
If a VPLS service is found associated with the name and with the allow-ip-int-bind flag set, the IP interface is attached to the VPLS service allowing routing to and from the service virtual ports once the IP interface is operational.
A VPLS service associated with the specified name that does not have the allow-ip-int-bind flag set or a non-VPLS service associated with the name is ignored and will not be attached to the IP interface.
If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-bind flag is set at the time the name is applied, the VPLS service is automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.
If the service name is applied to a VPLS service without the allow-ip-int-bind flag set, the system will not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.
While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-bind flag set is attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.
Once an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-bind flag cannot be removed until the attached IP interface is unbound from the service name.
Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-sdp commands on the interface.
VPRN Hardware Dependency
When a service name is bound to a VPRN IP interface, all SAPs associated with the VPRN service must be on hardware based on the FlexPath2 forwarding plane. Currently, these include the IOM3-XP and the various IMM modules. If any SAPs are associated with the wrong hardware type, the service name binding to the VPRN IP interface fails. Once an IP interface within the VPRN service is bound to a service name, attempting to create a SAP on excluded hardware fails.
IP Interface MTU and Fragmentation
A VPLS service is affected by two MTU values; port MTUs and the VPLS service MTU. The MTU on each physical port defines the largest Layer 2 packet (including all DLC headers and CRC) that may be transmitted out a port. The VPLS itself has a service level MTU that defines the largest packet supported by the service. This MTU does not include the local encapsulation overhead for each port (QinQ, Dot1Q, TopQ or SDP service delineation fields and headers) but does include the remainder of the packet. As virtual ports are created in the system, the virtual port cannot become operational unless the configured port MTU minus the virtual port service delineation overhead is greater than or equal to the configured VPLS service MTU. Thus, an operational virtual port is ensured to support the largest packet traversing the VPLS service. The service delineation overhead on each Layer 2 packet is removed before forwarding into a VPLS service. VPLS services do not support fragmentation and must discard any Layer 2 packet larger than the service MTU after the service delineation overhead is removed.
IP interfaces have a configurable up MTU that defines the largest packet that may egress the IP interface without being fragmented. This MTU encompasses the IP portion of the packet and does not include any of the egress DLC header or CRC. This MTU does not affect the size of the largest ingress packet on the IP interface. If the egress IP portion of the packet is larger than the IP interface MTU and the IP header do not fragment flag is not set, the packet is fragmented into smaller packets that will not exceed the configured MTU size. If the do not fragment bit is set, the packet is silently discarded at egress when it exceeds the IP MTU.
When the IP interface is bound to a VPLS service, the IP MTU must be at least 18 bytes less than the VPLS service MTU. This allows for the addition of the minimal Ethernet encapsulation overhead; 6 bytes for the DA, 6 bytes for the SA, 2 bytes for the Etype and 4 bytes for the trailing CRC. Any remaining egress virtual port overhead (Dot1P, Dot1Q, QinQ, TopQ or SDP) required above the minimum is known to be less than the egress ports MTU since the virtual port would not be operational otherwise.
If the IP interface IP MTU value is too large based on the VPLS service MTU, the IP interface will enter the operationally down state until either the IP MTU is adequately lowered or the VPLS service MTU is sufficiently increased.
The no form of this command on the IP interface is used to remove the service name binding from the IP interface. If the service name has been resolved to a VPLS service context and the IP interface has been attached to the VPLS service, the IP interface will also be detached from the VPLS service.
Parameters
- service-name
-
The service-name parameter is required when using the IP interface vpls command and specifies the service name that the system will attempt to resolve to an allow-ip-int-bind enabled VPLS service associated with the name. The specified name is expressed as an ASCII string comprised of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.
Platforms
All
vpls
Syntax
vpls service-id
Context
[Tree] (config>subscr-mgmt>shcv-policy vpls)
Full Context
configure subscriber-mgmt shcv-policy vpls
Description
Commands in this context configure SHCV behavior in VPLS services. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN for VPLS service command syntax and descriptions.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vpls-group
vpls-group
Syntax
vpls-group vpls-group-id [create]
no vpls-group vpls-group-id
Context
[Tree] (config>service>vpls vpls-group)
Full Context
configure service vpls vpls-group
Description
This command defines a vpls-group index. Multiple vpls-group commands can be specified to allow the use of different VPLS and SAP templates for different ranges of service ids. A vpls-group can be deleted only in shutdown state. Multiple commands under different vpls-group ids can be issued and can be in progress at the same time.
Default
no vpls-group
Parameters
- vpls-group-id
-
Specifies the ID associated with the VPLS group
Platforms
All
vpls-id
vpls-id
Syntax
vpls-id vpls-id
Context
[Tree] (config>service>vpls>bgp-ad vpls-id)
Full Context
configure service vpls bgp-ad vpls-id
Description
This command configures the VPLS ID component that is signaled in one of the extended community attributes (ext-comm).
Values and format (6 bytes, other 2 bytes of type-subtype is automatically generated)
Parameters
- vpls-id
-
Specifies a globally unique VPLS ID for BGP auto-discovery in this VPLS service
Platforms
All
vpls-only-sap-parameters
vpls-only-sap-parameters
Syntax
vpls-only-sap-parameters
Context
[Tree] (config>subscr-mgmt>msap-policy vpls-only-sap-parameters)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters
Description
Commands in this context configure MSAP VPLS properties.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vpls-sap-template
vpls-sap-template
Syntax
vpls-sap-template name/id create
[no] vpls-sap-template name/id
Context
[Tree] (config>service>template vpls-sap-template)
Full Context
configure service template vpls-sap-template
Description
This is the command used to create a SAP template to be used in a vpls-template. Only certain existing VPLS SAP attributes can be changed in the vpls-sap-template, not in the instantiated VPLS SAP
The following SAP attributes are set in the instantiated saps (no configuration allowed):
description: "Sap <sap-id> controlled by MVRP service <svc id>” – auto generated
shutdown: no shutdown
Parameters
- name/id
-
Specifies the name in ASCII or the template ID
Platforms
All
vpls-template
vpls-template
Syntax
vpls-template name/id create
[no] vpls-template name/id
Context
[Tree] (config>service>template vpls-template)
Full Context
configure service template vpls-template
Description
This command is used to create a vpls-template to be used to auto-instantiate a range of VPLS services. Only certain existing VPLS attributes specified in the command reference section can be changed in the vpls-template, not in the instantiated VPLS. The following attributes are automatically set in the instantiated VPLSs (no template configuration necessary) and the operator cannot change these values.
vpn-id: none
description: "Service <svc id> auto-generated by control VPLS <svc-id>”
service-name: "Service <svc id>” (Auto-generated)
shutdown: no shutdown
Following existing attributes can be set by the user in the instantiated VPLSs:
[no] sap
All the other VPLS attributes are not supported.
Parameters
- name/id
-
Specifies the name in ASCII or the template ID
Platforms
All
vpls-template-binding
vpls-template-binding
Syntax
vpls-template-binding name/id
no vpls-template-binding
Context
[Tree] (config>service>vpls>vpls-group vpls-template-binding)
Full Context
configure service vpls vpls-group vpls-template-binding
Description
This command configures the binding to a VPLS template to be used to instantiate pre-provisioned data VPLS using as input variables the service IDs generated by the vid-range command.
The no form of this command removes the binding and deletes the related VPLS instances. The command will fail if any of the affected VPLS instances have either a provisioned SAP or an active MVRP declaration/registration or if the related vpls-group id is in no shutdown state. Any changes to the vpls-template-binding require the vpls-group to be in shutdown state.
Default
no vpls-template-binding
Parameters
- name/id
-
Specifies the name or the ID of the VPLS template
Platforms
All
vpn-apply-export
vpn-apply-export
Syntax
[no] vpn-apply-export
Context
[Tree] (config>router>bgp>group vpn-apply-export)
[Tree] (config>router>bgp vpn-apply-export)
[Tree] (config>router>bgp>group>neighbor vpn-apply-export)
Full Context
configure router bgp group vpn-apply-export
configure router bgp vpn-apply-export
configure router bgp group neighbor vpn-apply-export
Description
This command causes the base instance BGP export route policies to be applied to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.
The no form of this command disables the application of the base instance BGP route policies to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.
Default
no vpn-apply-export
Platforms
All
vpn-apply-import
vpn-apply-import
Syntax
[no] vpn-apply-import
Context
[Tree] (config>router>bgp>group vpn-apply-import)
[Tree] (config>router>bgp>group>neighbor vpn-apply-import)
[Tree] (config>router>bgp vpn-apply-import)
Full Context
configure router bgp group vpn-apply-import
configure router bgp group neighbor vpn-apply-import
configure router bgp vpn-apply-import
Description
This command causes the base instance BGP import route policies to be applied to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.
The no form of this command disables the application of the base instance BGP import route policies to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.
Default
no vpn-apply-import
Platforms
All
vpn-domain
vpn-domain
Syntax
vpn-domain [type {0005 | 0105 | 0205 | 8005}] id id
no vpn-domain
Context
[Tree] (config>service>vprn>ospf vpn-domain)
Full Context
configure service vprn ospf vpn-domain
Description
This command specifies type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance. The parameters are mandatory and can be entered in either order. This command is not applicable in the config>service>vprn>ospf3 context.
This command is not supported in OSPF3.
Default
no vpn-domain
Parameters
- id
-
Specifies the OSPF VPN domain in the "xxxx.xxxx.xxxx” format. This is exchanged using BGP in the extended community attribute associated with a prefix. This object applies to VPRN instances of OSPF only.
- type
-
Specifies the type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID.
Platforms
All
vpn-family-policy
vpn-family-policy
Syntax
vpn-family-policy policy-name
no vpn-family-policy
Context
[Tree] (config>router>bgp>next-hop-resolution vpn-family-policy)
Full Context
configure router bgp next-hop-resolution vpn-family-policy
Description
This command specifies the VPN family policy that is applied when filtering routes for consideration for next-hop resolution process for EVPN and IP-VPN families.
This policy is supported by the following families:
-
VPN-IPv4 and VPN-IPv6
-
EVPN (all routes types 1-6, although AD per-ES and AD per-EVI routes are always shown as resolved)
-
MCAST-VPN-IPv4 and MCAST-VPN-IPv6
In a VPN family policy:
-
only prefix-lists are used to match the next hop of a resolving route. No other policy qualifiers are supported.
-
the route resolving the next hop is accepted or rejected
In other words, if an imported route's next hop is resolved by route N (N is the preferred entry in tunnel-table for MPLS or the longest prefix match in the route-table for VXLAN), and route N is rejected by vpn-family-policy, then the route next hop is unresolved. This is irrespective of the existence of a route M that could potentially resolve the next hop in the tunnel-table or route-table.
The no form of this command removes the VPN family policy.
Default
no vpn-family-policy
Parameters
- policy-name
-
Specifies the route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.
Platforms
All
vpn-gre-source-ip
vpn-gre-source-ip
Syntax
vpn-gre-source-ip ip-address
no vpn-gre-source-ip
Context
[Tree] (config>service>system vpn-gre-source-ip)
Full Context
configure service system vpn-gre-source-ip
Description
This command configures a single system-wide alternate source IPv4 address of the GRE tunnels in all VPRN services using the auto-bind-tunnel or an explicit SDP binding (config>service>vprn>spoke-sdp) with a tunnel of encapsulation GRE.
A change to the value of the vpn-gre-source-ip parameter can be performed without disabling the service. Once the new value is configured, the system address is not used in services which bind to the GRE tunnel.
The primary IPv4 address of any local network IP interface, loopback or otherwise, may be used.
The address of the following interfaces are not supported, and the configuration is rejected:
-
unnumbered network IP interface
-
IES interface
-
VPRN interface
-
CSC VPRN interface
The vpn-gre-source-ip parameter value adheres to the following rules:
-
This single source address counts towards the maximum of 15 distinct address values per system that are used by all GRE SDPs under the config>service>sdp>local-end context and all L2oGRE SDPs under the config>service>system>gre-eth-bridged>tunnel-termination context.
-
The same source address can be used in both vpn-gre-source-ip and config>service>sdp>local-end contexts.
-
The same source address cannot be used in both vpn-gre-source-ip and config>service>system>gre-eth-bridged>tunnel-termination contexts because an address configured for a L2oGRE SDP matches an internally created interface which is not available to other applications.
-
The vpn-gre-source-ip address, when different from system, need not match the primary address of an interface which has the MPLS-over-GRE termination subnet configured, unless a GRE SDP or tunnel from the far-end router terminates on this address.
The no form of the command reverts to the default value.
Default
vpn-gre-source-ip ip-address (System interface primary IPv4 address)
Parameters
- ip-address
-
Specifies the IPv4 address (a.b.c.d).
Platforms
All
vpn-ipv4
vpn-ipv4
Syntax
vpn-ipv4 send send-limit receive [none]
vpn-ipv4 send send-limit
no vpn-ipv4
Context
[Tree] (config>router>bgp>add-paths vpn-ipv4)
[Tree] (config>router>bgp>group>neighbor>add-paths vpn-ipv4)
[Tree] (config>router>bgp>group>add-paths vpn-ipv4)
Full Context
configure router bgp add-paths vpn-ipv4
configure router bgp group neighbor add-paths vpn-ipv4
configure router bgp group add-paths vpn-ipv4
Description
This command configures the add-paths capability for VPN-IPv4 routes. By default, add-paths is not enabled for VPN-IPv4 routes.
The maximum number of paths per VPN-IPv4 NLRI to send is the configured send-limit, which is a mandatory parameter. The capability to receive multiple paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command the receive capability is enabled by default.
The no form of this command disables add-paths support for VPN-IPv4 routes, causing sessions established using add-paths for VPN-IPv4 to go down and come back up without the add-paths capability.
Default
no vpn-ipv4
Parameters
- send-limit
-
Specifies the maximum number of paths per VPN-IPv4 NLRI that are allowed to be advertised to add-paths peers (the actual number of advertised routes may be less depending on the next-hop diversity requirement, other configuration options, route policies, or route advertisement rules). If the value is multipaths, then BGP advertises all of the used BGP multipaths for each VPN-IPv4 NLRI if the peer has signaled support for receiving multiple add paths. If the router has not installed any of the routes in its FIB then all BGP add-paths qualify for advertisement.
- receive
-
Specifies that the router negotiates the add-paths receive capability for VPN-IPv4 routes with its peers.
- none
-
Specifies that the router does not negotiate the add-paths receive capability for VPN-IPv4 routes with its peers.
Platforms
All
vpn-ipv6
vpn-ipv6
Syntax
vpn-ipv6 send send-limit receive [none]
vpn-ipv6 send send-limit
no vpn-ipv6
Context
[Tree] (config>router>bgp>group>add-paths vpn-ipv6)
[Tree] (config>router>bgp>group>neighbor>add-paths vpn-ipv6)
[Tree] (config>router>bgp>add-paths vpn-ipv6)
Full Context
configure router bgp group add-paths vpn-ipv6
configure router bgp group neighbor add-paths vpn-ipv6
configure router bgp add-paths vpn-ipv6
Description
This command configures the add-paths capability for VPN-IPv6 routes. By default, add-paths is not enabled for VPN-IPv6 routes.
The maximum number of paths per VPN-IPv6 NLRI to send is the configured send-limit, which is a mandatory parameter. The capability to receive multiple paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command the receive capability is enabled by default.
The no form of this command disables add-paths support for VPN-IPv6 routes, causing sessions established using add-paths for VPN-IPv6 to go down and come back up without the add-paths capability.
Default
no vpn-ipv6
Parameters
- send-limit
-
Specifies the maximum number of paths per VPN-IPv6 NLRI that are allowed to be advertised to add-paths peers (the actual number of advertised routes may be less depending on the next-hop diversity requirement, other configuration options, route policies, or route advertisement rules). If the value is multipaths, then BGP advertises all of the used BGP multipaths for each VPN-IPv6 NLRI if the peer has signaled support for receiving multiple add paths. If the router has not installed any of the routes in its FIB then all BGP add-paths qualify for advertisement.
- receive
-
Specifies that the router negotiates the add-paths receive capability for VPN-IPv6 routes with its peers.
- none
-
Specifies that the router does not negotiate the add-paths receive capability for VPN-IPv6 routes with its peers.
Platforms
All
vpn-tag
vpn-tag
Syntax
vpn-tag vpn-tag
no vpn-tag
Context
[Tree] (config>service>vprn>ospf vpn-tag)
Full Context
configure service vprn ospf vpn-tag
Description
This command specifies the route tag for an OSPF VPN on a PE router. This field is set in the tag field of the OSPF external LSAs generated by the PE. This is mainly used to prevent routing loops. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance.
This command is not supported in OSPF3.
Default
vpn-tag 0
Platforms
All
vport
vport
Syntax
vport name [create]
no vport name
Context
[Tree] (config>port>ethernet>access>egress vport)
Full Context
configure port ethernet access egress vport
Description
This command configures a scheduling node, referred to as virtual port, within the context of an egress Ethernet port. The Vport scheduler operates either like a port scheduler with the difference that multiple Vport objects can be configured on the egress context of an Ethernet port, or it can be an aggregate rate when an egress port-scheduler policy is applied to the port.
The Vport is always configured at the port level even when a port is a member of a LAG.
When a port scheduler policy is applied to a Vport the following command is used:
config>port>ethernet>access>egress>vport>port-scheduler-policy
port-scheduler-policy-name
The CLI will not allow the user to apply a port scheduler policy to a Vport if one has been applied to the port. Conversely, the CLI will not allow the user to apply a port scheduler policy to the egress of an Ethernet port if one has been applied to any Vport defined on the access egress context of this port. The agg-rate, along with an egress port-scheduler, can be used to ensure that a given Vport does not oversubscribe the port’s rate.
SAP and subscriber host queues can be port-parented to a Vport scheduler in a similar way they port-parent to a port scheduler or can be port-parented directly to the egress port-scheduler if the agg-rate is used.
When the Vport uses an aggregate rate, the following command is used:
configure>port>ethernet>access>egress>vport>agg-rate-limit
The no form of this command removes the Vport name from the configuration.
Parameters
- name
-
Specifies the name of the Vport scheduling node and can be up to 32 ASCII characters. This does not need to be unique within the system but is unique within the port or a LAG.
Platforms
All
vport
Syntax
vport vport-name
no vport
Context
[Tree] (config>service>sdp>binding>pw-port>egress>shaper vport)
Full Context
configure service sdp binding pw-port egress shaper vport
Description
This command configures the name of the Vport to be used for the PW port.
This command is valid for PW ports used for enhanced subscriber management (ESM on pseudowire) and pseudowire SAPs on Ethernet ports.
The no form of this command removes the configured Vport name.
Default
no vport
Parameters
- vport-name
-
Specifies a text string, up to 32 characters, representing the name of the Vport.
Platforms
All
vport
Syntax
vport vport
no vport
Context
[Tree] (config>service>epipe>pw-port>egress>shaper vport)
Full Context
configure service epipe pw-port egress shaper vport
Description
This command configures specifies the virtual port name of the shaper on the egress side for this PW-port entry.
Parameters
- vport
-
Specifies a virtual port applicable to all PW SAPs.
Platforms
All
vport-hashing
vport-hashing
Syntax
[no] vport-hashing
Context
[Tree] (config>subscr-mgmt>sub-prof vport-hashing)
Full Context
configure subscriber-mgmt sub-profile vport-hashing
Description
This command enables LAG Vport ID hashing. When enabled, Vport ID hashing can span multiple forwarding complexes on egress LAG. The default is to perform Vport ID hashing on egress and requires all active LAG members to be on the same forwarding complex.
LAG hashing parameters that are configured under config>lag, for example, per-link-hash, take precedence and are incompatible with the vport-hashing command.
The no form of this command enables the default behavior.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vprn
vprn
Syntax
vprn service-id [name name] [customer customer-id] [create]
no vprn service-id
Context
[Tree] (config>service vprn)
Full Context
configure service vprn
Description
This command creates or edits a Virtual Private Routed Network (VPRN) service instance.
If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.
VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.
IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.
When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.
When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. If attempting to edit a service with the incorrect customer-id results in an error.
Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within an VPRN service ID belongs to the same customer.
The no form of this command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shut down and deleted.
Parameters
- service-id
-
Specifies the unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7750 SR on which this service is defined.
- customer-id
-
Specifies an existing customer identification number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
- name name
-
This parameter configures an optional VPRN name, up to 64 characters, which adds a name identifier to a given vprn to then use that vprn name in configuration references as well as display and use vprn names in show commands throughout the system. This helps the service provider/administrator to identify and manage vprn within the SR OS platforms.
All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a given service once it is initially created.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
Service names may not begin with an integer (0 to 9).
- create
-
Keyword used to create a service ID. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
All
vprn
Syntax
[no] vprn service-id interface ip-int-name
[no] vprn service-id network-interface ip-int-name
[no] vprn service-id subscriber-interface ip-int-name group-interface ip-int-name
Context
[Tree] (config>cflowd>collector>exp-filter>if-list>svc vprn)
Full Context
configure cflowd collector export-filter interface-list service vprn
Description
This command configures which VPRN service interfaces' flow data is being sent to this collector.
The no form of the command removes the values from the configuration.
Parameters
- service-id
-
Specifies the unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every SR OS on which this service is defined.
- interface ip-int-name
-
Specifies the name of an IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters and must start with a letter. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- network-interface ip-int-name
-
Specifies the name of a network interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes and must start with a letter.
- subscriber-interface ip-int-name
-
Specifies an interface name of a subscriber interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes and must start with a letter.
- group-interface ip-int-name
-
Specifies an interface name of a group interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes and must start with a letter.
Platforms
All
vprn
Syntax
vprn service-id ofc-loopback ip-address
no vprn
Context
[Tree] (config>open-flow>of-switch>of-controller vprn)
Full Context
configure open-flow of-switch of-controller vprn
Description
This command specifies the service-id of the VPRN to use for the OpenFlow control channel. The loopback address for the OF control channel in the VPRN is specified using the ofc-loopback option.
The no form of this command reverts the control channel to using base routing.
Parameters
- service-id
-
Specifies the service ID for a VPRN instance.
- ip-address
-
Specifies the loopback IP address in the VPRN for the OpenFlow channel to the controller.
Platforms
All
vprn
Syntax
vprn service-id
no vprn
Context
[Tree] (config>system>security>vprn-aaa-server vprn)
Full Context
configure system security vprn-aaa-server vprn
Description
This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in VPRNs without a AAA server configured.
The no form of this command disables the use of servers in a VPRN.
Default
no vprn
Parameters
- service-id
-
Specifies the VPRN server for AAA to use for sessions in VPRNs without a AAA server.
Platforms
All
vprn-aaa-server
vprn-aaa-server
Syntax
vprn-aaa-server
Context
[Tree] (config>system>security vprn-aaa-server)
Full Context
configure system security vprn-aaa-server
Description
Commands in this context configure the use of AAA servers in a VPRN.
Platforms
All
vprn-auto-bind
vprn-auto-bind
Syntax
vprn-auto-bind [include | exclude]
Context
[Tree] (config>router>mpls>lsp vprn-auto-bind)
[Tree] (config>router>mpls>lsp-template vprn-auto-bind)
Full Context
configure router mpls lsp vprn-auto-bind
configure router mpls lsp-template vprn-auto-bind
Description
This command determines whether the associated names LSP can be used or not as part of the auto-bind feature for VPRN services. By default, a names LSP is available for inclusion to be used for the auto-bind feature.
By configuring the command vprn-auto-bind exclude, the associated LSP will not be used by the auto-bind feature within VPRN services.
The no form of this command resets the flag back to the default value.
Default
vprn-auto-bind include
Parameters
- include
-
Allows an associated LSP to be used by auto-bin for vprn services
- exclude
-
Disables the use of the associated LSP to be used with the auto-bind feature for VPRN services.
Platforms
All
vprn-local
vprn-local
Syntax
vprn-local [{none | all | vc-only}]
Context
[Tree] (config>router>ttl-propagate vprn-local)
Full Context
configure router ttl-propagate vprn-local
Description
This command configures the TTL propagation for locally generated packets which are forwarded over a MPLS LSPs in all VPRN service contexts.
For vpn-ipv4 and vpn-ipv6 packets forwarded in the context of all VPRN services in the system, including 6VPE packets, the all value of the command enables TTL propagation from the IP header into all labels in the stack:
The user can enable the TTL propagation behavior separately for locally generated packets by CPM (vprn-local) and for user and control packets in transit at the node (vprn-transit).
The vc-only value reverts to the default behavior by which the IP TTL is propagated into the VC label but not to the transport labels in the stack. The user can explicitly set the default behavior by configuring the vc-only value. This command does not have a no version.
The value none allows the user to disable the propagation of the IP TTL to all labels in the stack, including the VC label. This is needed for a transparent operation of UDP traceroute in VPRN inter-AS option B such that the ingress and egress ASBR nodes are not traced.
The user can override the global configuration within each VPRN instance using the following commands:
-
config service vprn ttl-propagate local [inherit | none | vc-only | all]
-
config service vprn ttl-propagate transit [inherit | none | vc-only | all]
The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.
When a packet is received in a VPRN context but is looked up in the Global Routing Table (GRT), for example, leaking to GRT is enabled, the behavior of the TTL propagation is governed by the RSVP or LDP shortcut configuration when the matching routing is a LSP shortcut route. It is governed by the BGP label route configuration when the matching route is a RFC 8277 label route or a 6PE route.
When a packet is received on one VPRN instance and is redirected using Policy Based Routing (PBR) to be forwarded in another VPRN instance, the TTL propagation is governed by the configuration of the outgoing VPRN instance.
Default
vprn-local vc-only
Parameters
- none
-
Specifies that the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack
- all
-
Specifies that the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.
- vc-only
-
Specifies that the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack.
Platforms
All
vprn-network-exceptions
vprn-network-exceptions
Syntax
vprn-network-exceptions number seconds
no vprn-network-exceptions
Context
[Tree] (config>system>security vprn-network-exceptions)
Full Context
configure system security vprn-network-exceptions
Description
This command configures the rate to limit the processing of packets with label TTL expiry received within an LSP shortcut, or within all VPRN instances in the system, and from all network IP interfaces. This includes labeled user and control plane packets, ping and traceroute packets within GRT and VPRN, and ICMP replies. Packets over the configured rate are dropped.
This feature does not rate limit MPLS and service OAM packets (vprn-ping, vprn-trace, lsp-ping, lsp-trace, vccv-ping, and vccv-trace).
The no form of this command disables the rate limiting of the reply to these packets.
Parameters
- number
-
Specifies the number limit of MPLS exception messages.
- seconds
-
Specifies the rate limit of MPLS exception messages, in seconds.
Platforms
All
vprn-next-hop
vprn-next-hop
Syntax
vprn-next-hop ip-address
no vprn-next-hop
Context
[Tree] (config>service>system>bgp-evpn>eth-seg vprn-next-hop)
Full Context
configure service system bgp-evpn ethernet-segment vprn-next-hop
Description
This command configuresthe IPv4 or IPv6 address associated with an Ethernet Segment (ES). A virtual ES using this VPRN next-hop association represents a Layer 3 ES as described in draft-sajassi-bess-evpn-ip-aliasing. This IP address must be installed in the route table of the VPRN service identified by the EVI so that the Auto-Discovery per-ES or EVI routes for the ES are advertised. Only one VPRN next hop is supported per ES.
The no form of this command removes the IPv4 or IPv6 address association.
Default
no vprn-next-hop
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address associated with an Ethernet Segment.
Platforms
All
vprn-ping
vprn-ping
Syntax
vprn-ping {service-id | service service-name} source ip-address destination ip-address [fc fc-name [profile {in | out}]] [size size] [ttl vc-label-ttl] [count send-count] [return-control] [timeout timeout] [interval interval]
Context
[Tree] (config>saa>test>type vprn-ping)
[Tree] (oam vprn-ping)
Full Context
configure saa test type vprn-ping
oam vprn-ping
Description
This command performs a VPRN ping and applies only to the 7750 SR and 7950 XRS.
Parameters
- service-id
-
Specifies the VPRN service ID to diagnose or manage.
This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The configure saa test type vprn-ping service service-name variant can be used in all configuration modes.
- service-name
-
Specifies the VPRN service name to diagnose or manage, up to 64 characters.
- source ip-address
-
Specifies an unused IP address in the same network that is associated with the VPRN.
- destination ip-address
-
Specifies the IP address to be used as the destination for performing a VPRN ping operation.
- fc-name
-
Specifies the forwarding class of the MPLS echo request encapsulation.
- profile {in | out}
-
Specifies the profile state of the MPLS echo request encapsulation.
- size
-
Specifies the OAM request packet size in bytes, expressed as a decimal integer.
- vc-label-ttl
-
Specifies the TTL value in the VC label for the OAM request, expressed as a decimal integer.
- send-count
-
Specifies the number of messages to send. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.
- return-control
-
Specifies the response to come on the control plane.
- timeout
-
Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response was not received. Any response received after the request times out is silently discarded.
- interval
-
Specifies the interval time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.
If the interval is set to 1 second where the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.
Platforms
All
Output
Sample OutputA:PE_1# oam vprn-ping 25 source 10.4.128.1 destination 10.16.128.0
Sequence Node-id Reply-Path Size RTT
----------------------------------------------------------------------------
[Send request Seq. 1.]
1 10.128.0.3:cpm In-Band 100 0ms
----------------------------------------------------------------------------
...
A:PE_1#
----------------------------------------------------------------------------
A:PE_1#
vprn-trace
vprn-trace
Syntax
vprn-trace {service-id | service service-name} source ip-address destination ip-address [fc fc-name [profile {in | out}]] [size size] [min-ttl min-vc-label-ttl] [max-ttl max-vc-label-ttl] [probe-count send-count] [return-control] [timeout timeout] [interval interval]
Context
[Tree] (config>saa>test>type vprn-trace)
[Tree] (oam vprn-trace)
Full Context
configure saa test type vprn-trace
oam vprn-trace
Description
This command is used to perform a VPRN trace.
Parameters
- service-id
-
Specifies the VPRN service ID to diagnose or manage.
This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The configure saa test type vprn-trace service service-name variant can be used in all configuration modes.
- service-name
-
Specifies the VPRN service name to diagnose or manage, up to 64 characters.
- source ip-address
-
Specifies the IP address for the source IP address in dotted decimal notation.
- destination ip-address
-
Specifies the IP address to be used as the destination for performing an vprn-trace operation.
- fc-name
-
Specifies the forwarding class of the MPLS echo request encapsulation.
- profile {in | out}
-
Specifies the profile state of the MPLS echo request encapsulation.
- size
-
Specifies the OAM request packet size in bytes.
- min-vc-label-ttl
-
Specifies the minimum TTL value in the VC label for the trace test.
- max-vc-label-ttl
-
Specifies the maximum TTL value in the VC label for the trace test.
- send-count
-
Specifies the number of OAM requests sent for a TTL value.
- return-control
-
Specifies the OAM reply to a data plane OAM request be sent using the control plane instead of the data plane.
- timeout
-
Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response was not received. Any response received after the request times out is silently discarded.
- interval
-
Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.
If the interval is set to 1 second where the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.
Platforms
All
Output
Sample OutputA:PE_1# oam vprn-trace 25 source 10.4.128.1 destination 10.16.128.0
TTL Seq Reply Node-id Rcvd-on Reply-Path RTT
----------------------------------------------------------------------------
[Send request TTL: 1, Seq. 1.]
1 1 1 10.128.0.4 cpm In-Band 0ms
Requestor 10.128.0.1 Route: 0.0.0.0/0
Vpn Label: 131071 Metrics 0 Pref 170 Owner bgpVpn
Next Hops: [1] ldp tunnel
Route Targets: [1]: target:65100:1
Responder 10.128.0.4 Route: 10.16.128.0/24
Vpn Label: 131071 Metrics 0 Pref 170 Owner bgpVpn
Next Hops: [1] ldp tunnel
Route Targets: [1]: target:65001:100
[Send request TTL: 2, Seq. 1.]
2 1 1 10.128.0.3 cpm In-Band 0ms
Requestor 10.128.0.1 Route: 0.0.0.0/0
Vpn Label: 131071 Metrics 0 Pref 170 Owner bgpVpn
Next Hops: [1] ldp tunnel
Route Targets: [1]: target:65100:1
Responder 10.128.0.3 Route: 10.16.128.0/24
Vpn Label: 0 Metrics 0 Pref 0 Owner local
Next Hops: [1] ifIdx 2 nextHopIp 10.16.128.0
[Send request TTL: 3, Seq. 1.]
[Send request TTL: 4, Seq. 1.]
...
----------------------------------------------------------------------------
A:PE_1#
vprn-transit
vprn-transit
Syntax
vprn-transit [{none | all | vc-only}]
Context
[Tree] (config>router>ttl-propagate vprn-transit)
Full Context
configure router ttl-propagate vprn-transit
Description
This command configures the TTL propagation for in transit packets which are forwarded over a MPLS LSPs in all VPRN service contexts. For vpn-ipv4 and vpn-ipv6 packets forwarded in the context of all VPRN services in the system, including 6VPE packets, the all value of the command enables TTL propagation from the IP header into all labels in the stack:
The user can enable the TTL propagation behavior separately for locally generated packets by CPM (vprn-local) and for user and control packets in transit at the node (vprn-transit).
The vc-only value reverts to the default behavior by which the IP TTL is propagated into the VC label but not to the transport labels in the stack. The user can explicitly set the default behavior by configuring the vc-only value. This command does not have a no version.
The value none allows the user to disable the propagation of the IP TTL to all labels in the stack, including the VC label. This is needed for a transparent operation of UDP trace-route in VPRN inter-AS option B such that the ingress and egress ASBR nodes are not traced.
The user can override the global configuration within each VPRN service instance using the following commands:
-
config service vprn ttl-propagate local [inherit | none | vc-only | all]
-
config service vprn ttl-propagate transit [inherit | none | vc-only | all]
The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.
When a packet is received in a VPRN context but is looked up in the Global Routing Table (GRT), for example, leaking to GRT is enabled, the behavior of the TTL propagation is governed by the RSVP or LDP shortcut configuration when the matching routing is a LSP shortcut route. It is governed by the BGP label route configuration when the matching route is a RFC 8277 label route or a 6PE route.
When a packet is received on one VPRN instance and is redirected using Policy Based Routing (PBR) to be forwarded in another VPRN instance, the TTL propagation is governed by the configuration of the outgoing VPRN instance
Default
vprn-transit vc-only
Parameters
- none
-
Specifies that the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack
- all
-
Specifies that the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.
- vc-only
-
Specifies that the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack.
Platforms
All
vrf-export
vrf-export
Syntax
vrf-export plcy-or-long-expr [plcy-or-expr]
no vrf-export
Context
[Tree] (config>service>vprn>bgp-ipvpn>srv6 vrf-export)
[Tree] (config>service>vprn>bgp-evpn>mpls vrf-export)
[Tree] (config>service>vprn>bgp-ipvpn>mpls vrf-export)
Full Context
configure service vprn bgp-ipvpn segment-routing-v6 vrf-export
configure service vprn bgp-evpn mpls vrf-export
configure service vprn bgp-ipvpn mpls vrf-export
Description
This command configures route policies that control how routes are exported from the local VRF to other VRFs on the same or remote PE routers (using MP-BGP). Route policies are configured in the config>router>policy-options context.
The vrf-export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.
Only one of the 15 objects referenced by the vrf-export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.
When multiple vrf-export commands are issued, the last command entered overrides the previous command.
Aggregate routes are not advertised using MP-BGP protocols to the other MP-BGP peers.
The no form of this command removes all route policy names from the vrf-export list.
Default
no vrf-export
Parameters
- plcy-or-long-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).
- plcy-or-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Up to 14 policies may be entered.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
- configure service vprn bgp-ipvpn segment-routing-v6 vrf-export
All
- configure service vprn bgp-ipvpn mpls vrf-export
- configure service vprn bgp-evpn mpls vrf-export
vrf-export
Syntax
vrf-export {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]}
no vrf-export
Context
[Tree] (config>service>vprn>mvpn vrf-export)
Full Context
configure service vprn mvpn vrf-export
Description
This command specifies the export policy to control MVPN routes exported from the local VRF to other VRFs on the same or remote PE routers.
Default
vrf-export unicast
Parameters
- unicast
-
Specifies to use unicast VRF export policy for the MVPN.
- plcy-or-long-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
- plcy-or-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Up to 14 policies can be specified in a single statement.
Platforms
All
vrf-import
vrf-import
Syntax
vrf-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
no vrf-import
Context
[Tree] (config>service>vprn>bgp-ipvpn>srv6 vrf-import)
[Tree] (config>service>vprn>bgp-evpn>mpls vrf-import)
[Tree] (config>service>vprn>bgp-ipvpn>mpls vrf-import)
Full Context
configure service vprn bgp-ipvpn segment-routing-v6 vrf-import
configure service vprn bgp-evpn mpls vrf-import
configure service vprn bgp-ipvpn mpls vrf-import
Description
This command configures route policies that control how VPN-IP and EVPN-IFL routes exported by other VRFs, on the same or remote PEs, are imported into the local VRF. Route policies are configured in the config>router>policy-options context.
The vrf-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route
Only one of the 15 objects referenced by the vrf-import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.
When multiple vrf-import commands are issued, the last command entered overrides the previous command.
The no form of this command removes all route policy names from the import list
Unless the preference value is changed by the policy, BGP-VPN and EVPN-IFL routes imported with a vrf-import policy have the preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router.
Default
no vrf-import
Parameters
- plcy-or-long-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).
- plcy-or-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
- configure service vprn bgp-ipvpn segment-routing-v6 vrf-import
All
- configure service vprn bgp-ipvpn mpls vrf-import
- configure service vprn bgp-evpn mpls vrf-import
vrf-import
Syntax
vrf-import {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr]}
no vrf-import
Context
[Tree] (config>service>vprn>mvpn vrf-import)
Full Context
configure service vprn mvpn vrf-import
Description
This command specifies the import policy to control MVPN routes imported to the local VRF from other VRFs on the same or remote PE routers.
Default
vrf-import unicast
Parameters
- unicast
-
Specifies to use a unicast VRF import policy for the MVPN.
- plcy-or-long-expr
-
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters in length composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
- plcy-or-expr
-
Specifies the route policy statement name or a policy logical expression. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Up to 14 policies can be specified in a single statement.
Platforms
All
vrf-target
vrf-target
Syntax
vrf-target {ext-community | export ext-community | import ext-community | export ext-community import ext-community}
no vrf-target
Context
[Tree] (config>service>vprn>bgp-evpn>mpls vrf-target)
[Tree] (config>service>vprn>bgp-ipvpn>srv6 vrf-target)
[Tree] (config>service>vprn>bgp-ipvpn>mpls vrf-target)
Full Context
configure service vprn bgp-evpn mpls vrf-target
configure service vprn bgp-ipvpn segment-routing-v6 vrf-target
configure service vprn bgp-ipvpn mpls vrf-target
Description
This command provides a simplified method to configure the route target added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (using MP-BGP).
BGP-VPN and EVPN-IFL routes imported with a VRF target policy use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.
Specified VRF import or VRF export policies override the VRF target policy.
The no form of this command removes the VRF target policy.
Default
no vrf-target
Parameters
- ext-comm
-
Specifies an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. y can be 16-bit integers.
- import ext-community
-
Specifies communities allowed to be received from remote PE neighbors.
- export ext-community
-
Specifies communities allowed to be sent to remote PE neighbors.
Platforms
All
- configure service vprn bgp-ipvpn mpls vrf-target
- configure service vprn bgp-evpn mpls vrf-target
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
- configure service vprn bgp-ipvpn segment-routing-v6 vrf-target
vrf-target
Syntax
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
no vrf-target
Context
[Tree] (config>service>vprn>mvpn vrf-target)
Full Context
configure service vprn mvpn vrf-target
Description
This command specifies the route target to be added to the advertised routes or compared against the received routes from other VRFs on the same or remote PE routers. vrf-import or vrf-export policies override the vrf-target policy.
The no form of this command removes the vrf-target.
Default
no vrf-target
Parameters
- unicast
-
Specifies to use unicast vrf-target ext-community for the multicast VPN.
- ext-comm
-
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
- import ext-community
-
Specifies communities allowed to be accepted from remote PE neighbors.
- export ext-community
-
Specifies communities allowed to be sent to remote PE neighbors.
Platforms
All
vrgw
vrgw
Syntax
vrgw
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range vrgw)
[Tree] (config>subscr-mgmt vrgw)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-ranges range vrgw
configure subscriber-mgmt vrgw
Description
Commands in this context configure Virtual Residential Gateway parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vrgw
Syntax
vrgw
Context
[Tree] (config>router vrgw)
Full Context
configure router vrgw
Description
Commands in this context configure router Virtual Residential Gateway parameters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
vrgw
Syntax
vrgw
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range vrgw)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range vrgw)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw
Description
Commands in this context configure Virtual Residential Gateway parameters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
vrgw
Syntax
vrgw
Context
[Tree] (debug>subscr-mgmt vrgw)
Full Context
debug subscriber-mgmt vrgw
Description
This command clears vRGW data.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
vrrp
vrrp
Syntax
vrrp virtual-router-id [owner] [passive] [ monitor-oper-group group-name]
no vrrp virtual-router-id
Context
[Tree] (config>service>ies>if vrrp)
[Tree] (config>service>ies>if>ipv6 vrrp)
Full Context
configure service ies interface vrrp
configure service ies interface ipv6 vrrp
Description
This command configures the router to create or edit a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRRP nodes can be defined on an IP interface. The vrrp virtual-router-id command is used to define the configuration parameters for the VRID.
The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown to remove the virtual router instance.
Parameters
- virtual-router-id
-
Specifies a virtual router ID or an ID that can be modified on the IP interface.
- owner
-
Keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. When created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
- passive
-
Keyword used to identify this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operationally up), or the init state (if the interface is operationally down). The passive keyword is not required when entering the vrid for editing purposes. When a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.
- group-name
-
Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with the specified operation group.
Platforms
All
vrrp
Syntax
vrrp virtual-router-id [owner] [passive] [ monitor-oper-group group-name]
no vrrp virtual-router-id
Context
[Tree] (config>service>vprn>if vrrp)
Full Context
configure service vprn interface vrrp
Description
This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as owner. The nodal context of vrrp virtual-router-id is used to define the configuration parameters for the VRID.
The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shut down in order to remove the virtual router instance.
Parameters
- virtual-router-id
-
Specifies a new virtual router ID or one that can be modified on the IP interface.
- owner
-
Identifies this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
- passive
-
Identifies this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operational-up), or the init state (if the interface is operational-down). The passive keyword is not required when entering the vrid for editing purposes. Once a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.
- group-name
-
Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with specified operation group.
Platforms
All
vrrp
Syntax
vrrp virtual-router-id [owner] [passive] [ monitor-oper-group group-name]
no vrrp virtual-router-id
Context
[Tree] (config>service>vprn>if vrrp)
Full Context
configure service vprn interface vrrp
Description
This command configures the router to create or edit a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRRP nodes can be defined on an IP interface. The vrrp virtual-router-id command is used to define the configuration parameters for the VRID.
The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown to remove the virtual router instance.
Parameters
- virtual-router-id
-
Specifies a virtual router ID or an ID that can be modified on the IP interface.
- owner
-
Keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. When created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
- passive
-
Keyword used to identify this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operationally up), or the init state (if the interface is operationally down). The passive keyword is not required when entering the vrid for editing purposes. When a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.
- group-name
-
Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with the specified operation group.
Platforms
All
vrrp
Syntax
vrrp virtual-router-id [owner] [ passive] [monitor-oper-group group-name]
no vrrp virtual-router-id
Context
[Tree] (config>router>if>ipv6 vrrp)
[Tree] (config>router>if vrrp)
Full Context
configure router interface ipv6 vrrp
configure router interface vrrp
Description
This command creates the context to configure a VRRP virtual router instance. A virtual router is defined by its virtual router identifier (VRID) and a set of IP addresses.
The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the master virtual router.
All other virtual router instances participating in this message domain must have the same vrid configured and cannot be configured as owner. Once created, the owner keyword is optional when entering the vrid for configuration purposes.
A vrid is internally associated with the IP interface. This allows the vrid to be used on multiple IP interfaces while representing different virtual router instances.
For IPv4, up to four VRRP VRID nodes can be configured on a router interface. Each virtual router instance can manage up to 16 backup IP addresses. For IPv6, only one VRID can be configured on a router interface.
The optional passive keyword indicates that a vrid can be configured as passive, in which case, the VRRP advertisement messages are suppressed on transmission and reception, and all routers configured with the same vrid become master. Passive VRIDs can exceed the limit of four VRRP VRID nodes on a router interface.
The no form of the command removes the specified vrid from the IP interface. This terminates VRRP participation and deletes all references to the vrid in conjunction with the IP interface. The vrid does not need to be shut down to remove the virtual router instance.
Default
no vrrp — No VRRP virtual router instance is associated with the IP interface.
Parameters
- virtual-router-id
-
The virtual router ID for the IP interface expressed as a decimal integer.
- owner
-
Keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. When created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
- passive
-
Keyword used to identify this virtual router instance as passive, therefore owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages and is always in either the master state (if the interface is operationally up), or the init state (if the interface is operationally down). The passive keyword is not required when entering the vrid for editing purposes. When a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove the parameter.
- group-name
-
Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with the specified operation group.
Platforms
All
vsd
vsd
Syntax
vsd script script
no vsd
Context
[Tree] (config>python>py-policy vsd)
Full Context
configure python python-policy vsd
Description
This command configures scripts to handle VSD messages.
The no form of this command removes the script from the Python policy.
Parameters
- script
-
Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.
Platforms
All
vsd
Syntax
vsd
Context
[Tree] (config>service vsd)
Full Context
configure service vsd
Description
Commands in this context configure the vsd configuration.
Platforms
All
vsd
Syntax
[no] vsd
Context
[Tree] (config>system vsd)
[Tree] (config>system>security>cli-script>authorization vsd)
Full Context
configure system vsd
configure system security cli-script authorization vsd
Description
Commands in this context configure authorization for the VSD server.
The no form of this command removes all authorizations for the VSD server.
Platforms
All
vsd
Syntax
vsd
Context
[Tree] (debug vsd)
Full Context
debug vsd
Description
Commands in this context provide debug vsd functionality.
Platforms
All
vsd-domain
vsd-domain
Syntax
vsd-domain name
no vsd-domain
Context
[Tree] (config>service>vprn vsd-domain)
[Tree] (config>service>vpls vsd-domain)
Full Context
configure service vprn vsd-domain
configure service vpls vsd-domain
Description
This command associates a previously configured vsd-domain to an existing VPRN or VPLS service. The vsd-domain is a tag used between the VSD and the 7750 SR, 7450 ESS, or 7950 XRS to correlate configuration parameters to a service.
Parameters
- name
-
Specifies the vsd-domain name.
Platforms
All
vsd-password
vsd-password
Syntax
vsd-password password [{hash | hash2}]
no vsd-password
Context
[Tree] (config>system>security>password vsd-password)
Full Context
configure system security password vsd-password
Description
This command configures the password required to access the enable-vsd-config mode. The enable-vsd-config mode allows editing of services provisioned by the VSD in fully dynamic mode (or by the tools perform service vsd evaluate-script command.
Parameters
- password
-
Specifies the password required to login as authorized user in the enable-vsd-config mode.
- hash
-
Specifies that the primary hashing sequence should be used.
- hash2
-
Specifies that the secondary hashing sequence should be used.
Platforms
All
vsi-export
vsi-export
Syntax
vsi-export policy-name [policy-name]
no vsi-export
Context
[Tree] (config>service>vpls>bgp-ad vsi-export)
[Tree] (config>service>vpls>bgp vsi-export)
Full Context
configure service vpls bgp-ad vsi-export
configure service vpls bgp vsi-export
Description
This command specifies the name of the VSI export policies to be used for BGP EVPN, BGP auto discovery, BGP VPLS, BGP VPWS, and BGP multi-homing if these features are configured in this VPLS service.
If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.
The policy name list is handled by the SNMP agent as a single entity.
The no form of this command removes the policy from the configuration.
Default
no vsi-export
Parameters
- policy-name
-
Specifies up to five policy names, up to 32 characters.
Platforms
All
vsi-export
Syntax
vsi-export policy-name [policy-name]
no vsi-export
Context
[Tree] (config>service>epipe>bgp vsi-export)
Full Context
configure service epipe bgp vsi-export
Description
This command specifies the name of the VSI export policies to be used for BGP EVPN, BGP VPWS and BGP multi-homing if these features are configured in this Epipe service.
If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.
The policy name list is handled by the SNMP agent as a single entity.
The no form of this command removes the policy from the configuration.
Default
no vsi-export
Parameters
- policy-name
-
Specifies up to five policy names, up to 32 characters.
Platforms
All
vsi-id
vsi-id
Syntax
vsi-id
Context
[Tree] (config>service>vpls>bgp-ad vsi-id)
Full Context
configure service vpls bgp-ad vsi-id
Description
Commands in this context configure the Virtual Switch Instance Identifier (VSI-ID).
Platforms
All
vsi-import
vsi-import
Syntax
vsi-import policy-name [policy-name]
no vsi-import
Context
[Tree] (config>service>vpls>bgp-ad>vsi-id vsi-import)
[Tree] (config>service>vpls>bgp vsi-import)
Full Context
configure service vpls bgp-ad vsi-id vsi-import
configure service vpls bgp vsi-import
Description
This command specifies the name of the VSI import policies to be used for BGP EVPN, BGP auto discovery, BGP VPLS, BGP VPWS, and BGP multi-homing if these features are configured in this VPLS service.
If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.
The policy name list is handled by the SNMP agent as a single entity.
The no form of this command removes the policy from the configuration.
Default
no vsi-import
Parameters
- policy-name
-
Specifies up to five policy names, up to 32 characters.
Platforms
All
vsi-import
Syntax
vsi-import policy-name [policy-name]
no vsi-import
Context
[Tree] (config>service>epipe>bgp vsi-import)
Full Context
configure service epipe bgp vsi-import
Description
This command specifies the name of the VSI import policies to be used for BGP EVPN, BGP VPWS and BGP multi-homing if these features are configured in this Epipe service.
If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.
The policy name list is handled by the SNMP agent as a single entity.
The no form of this command removes the policy from the configuration.
Default
no vsi-import
Parameters
- policy-name
-
Specifies up to five policy names, up to 32 characters.
Platforms
All
vxlan
vxlan
Syntax
vxlan vni vni
no vxlan
Context
[Tree] (config>subscr-mgmt>isa-svc-chain>evpn>export vxlan)
Full Context
configure subscriber-mgmt isa-service-chaining evpn export vxlan
Description
This command configures a VXLAN VNI that is sent in EVPN routes advertised to the service chaining.
The no form of this command removes the VNI from the configuration.
Parameters
- vni
-
Specifies the VNI of the VXLAN created by the EVPN service.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
vxlan
Syntax
[no] vxlan
Context
[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>type vxlan)
Full Context
configure subscriber-mgmt wlan-gw tunnel-query type vxlan
Description
This command enables matching on VXLAN tunnels.
The no form of this command disables matching on VXLAN tunnels, unless no other tunnel type specifier is configured.
Default
no vxlan
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
vxlan
Syntax
vxlan [bgp bgp] [vxlan-instance vxlan-instance]
no vxlan [bgp bgp]
Context
[Tree] (config>service>vpls>bgp-evpn vxlan)
[Tree] (config>service>epipe>bgp-evpn vxlan)
Full Context
configure service vpls bgp-evpn vxlan
configure service epipe bgp-evpn vxlan
Description
Commands in this context configure the VXLAN parameters when BGP EVPN is used as the control plane. In VPLS services, instance BGP 1 or BGP 2 can be configured, as well as VXLAN instances 1 or 2. Up to two instances of this command can be configured in the same service, as long as the BGP instance and the VXLAN instance are different in both commands. In Epipe services, only BGP instance 1 and VXLAN instance 1 is supported. If the BGP or VXLAN instance are not specified, the instances are by default set to 1.
The no version of this command will remove the vxlan instance from the service.
Parameters
- bgp
-
Indicates the BGP instance identifier.
- vxlan-instance
-
Indicates the VXLAN instance identifier.
Platforms
All
vxlan
Syntax
vxlan vni vni-id [create] [ instance instance-id]
no vxlan [vni vni-id] [instance instance-id]
Context
[Tree] (config>service>epipe vxlan)
Full Context
configure service epipe vxlan
Description
This command enables the use of VXLAN in the Epipe service.
The no version of this command will remove the VXLAN instance from the service.
Parameters
- vni-id
-
Specifies the VXLAN network identifier configured in the Epipe service. When EVPN is used in the control plane, the configured VNI is encoded in the MPLS field of the NLRI. The VPLS service is operationally up when the vxlan vni vni-id is successfully created.
- instance-id
-
Specifies the VXLAN instance identifier.
- create
-
Mandatory keyword that creates a VXLAN instance.
Platforms
All
vxlan
Syntax
vxlan vni vni-id [create] [ instance instance-id]
no vxlan [vni vni-id] [instance instance-id]
Context
[Tree] (config>service>vpls vxlan)
Full Context
configure service vpls vxlan
Description
This command enables the use of VXLAN in the VPLS service.
The no version of this command will remove the VXLAN instance from the service.
Parameters
- vni-id
-
Specifies the VXLAN network identifier configured in the VPLS service. When EVPN is used in the control plane, the configured VNI is encoded in the MPLS field of the NLRI. The VPLS service is operationally up when the vxlan vni vni-id is successfully created.
- instance-id
-
Specifies the VXLAN instance identifier.
- create
-
Mandatory keyword that creates a VXLAN instance.
Platforms
All
vxlan
Syntax
vxlan
Context
[Tree] (config>service>vprn vxlan)
Full Context
configure service vprn vxlan
Description
Commands in this context configure VXLAN parameters in the VPRN.
Platforms
All
vxlan
Syntax
vxlan
Context
[Tree] (config>service>system vxlan)
Full Context
configure service system vxlan
Description
Commands in this context configure the vxlan global parameters.
Platforms
All
vxlan
Syntax
[no] vxlan vtep vtep vni vni-id
Context
[Tree] (debug>service>id>igmp-snooping vxlan)
Full Context
debug service id igmp-snooping vxlan
Description
This command shows IGMP packets for a specific VXLAN binding.
The no form of this command disables the debugging for that VXLAN binding.
Parameters
- vtep
-
IP address of the VXLAN Termination Endpoint
- vni
-
VXLAN Network Identifier of the VXLAN binding
Platforms
All
vxlan
Syntax
[no] vxlan vtep vtep vni vni-id
Context
[Tree] (debug>service>id>mld vxlan)
Full Context
debug service id mld-snooping vxlan
Description
This command shows MLD packets for a specific VXLAN binding.
The no form of this command disables the debugging for that VXLAN binding.
Parameters
- vtep
-
IP address of the VXLAN Termination Endpoint
- vni
-
VXLAN Network Identifier of the VXLAN binding
Platforms
All
vxlan
Syntax
vxlan [router router-name]
vxlan service-name service-name
no vxlan
Context
[Tree] (config>fwd-path-ext>fpe vxlan)
Full Context
configure fwd-path-ext fpe vxlan
Description
This command informs the system about the cross-connect type that is required for non-system IPv4 and IPv6 VXLAN termination. Internally, it triggers the automatic creation of two internal IP interfaces in the PXC ports and enables those internal interfaces to process and terminate VXLAN.
If no parameters are used, the VXLAN termination occurs in the base router; however, when the FPE is used for static VXLAN termination (no BGP-EVPN services), non-system IPv4 and IPv6 VXLAN can be terminated in a VPRN service. In this case, the VPRN router instance or service name must be configured with the vxlan-termination command.
The no form of this command disables the cross-connect type from the configuration.
Default
no vxlan-termination
Parameters
- router-name
-
Specifies the router instance for VXLAN termination.