n Commands

n393

n393

Syntax

n393 [value]

no n393

Context

[Tree] (config>port>ethernet>elmi n393)

Full Context

configure port ethernet elmi n393

Description

This command configures the monitored count of consecutive errors.

Parameters

value

Specifies the monitored count of consecutive errors.

Values

2 to 10

Platforms

All

nak-non-matching-subnet

nak-non-matching-subnet

Syntax

[no] nak-non-matching-subnet

Context

[Tree] (config>service>vprn>dhcp>server>pool nak-non-matching-subnet)

[Tree] (config>router>dhcp>server>pool nak-non-matching-subnet)

Full Context

configure service vprn dhcp local-dhcp-server pool nak-non-matching-subnet

configure router dhcp local-dhcp-server pool nak-non-matching-subnet

Description

When this command is enabled, if the local DHCPv4 server receives a DHCP request with option 50 (client requested a previously allocated message as described in section 3.2 of RFC 2131, Dynamic Host Configuration Protocol) and the address allocation algorithm uses a pool that does not have option 50, the system returns a DHCP NAK. Otherwise, the system drops the DHCP packet.

The no form of this command reverts to the default.

Default

no nak-non-matching-subnet

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

name

name

Syntax

name header-name

Context

[Tree] (config>app-assure>group>http-enrich>field name)

Full Context

configure application-assurance group http-enrich field name

Description

This command configures an HTTP enrichment template field header name.

The no form of this command removes the http enrichment template field header name from the configuration.

Parameters

header-name

Specifies the name of the http enrichment policy that is inserted before the actual field name (e.g. x-subId = subscriberID).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

name

Syntax

name system-name

no name

Context

[Tree] (config>system name)

Full Context

configure system name

Description

This command creates a system name string for the device.

For example, system-name parameter ALA-1 for the name command configures the device name as ALA-1.

ABC>config>system# name "ALA-1"
ALA-1>config>system#

Only one system name can be configured. If multiple system names are configured, the last one encountered overwrites the previous entry.

The no form of the command reverts to the default value.

Default

no name

Parameters

system-name

Specifies the system name as a character string. The string may be up to 64 characters. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

name

Syntax

name name-string value value-string

name name-string address ip-address

name name-string decimal decimal

name name-string number value-number

name name-string prefix ip-prefix/ip-prefix-length

no name name-string

Context

[Tree] (config>router>policy-options>policy-statement>entry>from>policy-variables name)

[Tree] (config>router>policy-options>global-variables name)

Full Context

configure router policy-options policy-statement entry from policy-variables name

configure router policy-options global-variables name

Description

This command configures routing policies that are often reused across BGP peers of a common type (transit, peer, customer, and so on). Using global variables allows a user to have a single variable that is consistent across all peers of a type, while retaining the flexibility to reference different policy functions (prefixes, prefix-lists, community lists, and so on) with unique names.

Depending on the parameter referenced, specify the correct type as follows:

  • value-string: as-path, as-path-group, community, prefix-list, damping

  • ip-address: next-hop

  • value-number: aigp-metric, as-path-prepend, local-preference, metric, origin, origin-validation, preference, tag, type

The no form of this command removes the global variable.

Parameters

name-string

Specifies the name of the global variable, with the variable delimited by at-signs (@) at the beginning and the end of the name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

value-string

The value of the policy variable. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

value-number

Specifies the numerical value of the policy variable.

Values

0 to 4294967295

ip-address

Specifies the IP address of the policy variable.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

decimal

Specifies the decimal value of the policy variable.

Values

0.000 to 4294967295.000

ip-prefix/ip-prefix-length

Specifies the IP prefix and prefix length of the policy variable.

Values

ip-prefix/ip-prefix-length

ipv4-prefix/ipv4-prefix-length | ipv6-prefix/ipv6-prefix-length

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

[0 to 32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

ipv6-prefix-length

[0 to 128]

Platforms

All

named-display

named-display

Syntax

[no] named-display

Context

[Tree] (config>eth-cfm>system named-display)

Full Context

configure eth-cfm system named-display

Description

This command configures name-based display on the system for show eth-cfm CLI outputs. By default, the CLI outputs only display the values for the domain md-index, association ma-index, and bridge-identifier bridge-number. When this command is enabled, the outputs also display the administrative names for domains, associations, and bridge-identifiers in addition to the numerical values.

The no form of this command disables name-based display for show eth-cfm CLI outputs.

Default

no named-display

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

named-pool-policy

named-pool-policy

Syntax

named-pool-policy src-name dst-name [ overwrite]

Context

[Tree] (config>qos>copy named-pool-policy)

Full Context

configure qos copy named-pool-policy

Description

This command copies an existing named-pool-policy to another named-pool-policy. The copy command is a configuration level maintenance tool used to create new entries using an existing profile ID. If overwrite is not specified, an error occurs if the destination policy exists.

Parameters

src-name

Specifies the existing source named-pool-policy, up to 32 characters, from which the copy command attempts to copy.

dst-name

Specifies the destination named-pool-policy dst-name, up to 32 characters, to which the copy command attempts to copy.

overwrite

Use this parameter when the named-pool-policy dst-name already exists. If it does, everything in the existing destination named-pool-policy dst-name is completely overwritten with the contents of the named-pool-policy src-name. The overwrite parameter must be specified or else the following error message is returned:

MINOR: CLI use {overwrite}; destination named-pool-policy "test" exists.

If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.

Platforms

All

nas-identifier

nas-identifier

Syntax

[no] nas-identifier

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-identifier)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-identifier

Description

This command enables the generation of the nas-identifier RADIUS attribute.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-identifier

Syntax

[no] nas-identifier

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-identifier)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-identifier)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-identifier

configure subscriber-mgmt authentication-policy include-radius-attribute nas-identifier

Description

This command enables the generation of the nas-identifier RADIUS attribute.

The no form of this command disables the generation of the nas-identifier RADIUS attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-identifier

Syntax

[no] nas-identifier

Context

[Tree] (config>ipsec>rad-acct-plcy>include nas-identifier)

[Tree] (config>ipsec>rad-auth-plcy>include nas-identifier)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute nas-identifier

configure ipsec radius-authentication-policy include-radius-attribute nas-identifier

Description

This command enables the generation of the nas-identifier RADIUS attribute.

Default

no nas-identifier

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-identifier

Syntax

[no] nas-identifier

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-identifier)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-identifier)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-identifier

configure aaa isa-radius-policy acct-include-attributes nas-identifier

Description

This command enables the inclusion of the NAS-Identifier attributes.

The no form of the command excludes NAS-Identifier attributes.

Default

no nas-identifier

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-ip-addr

nas-ip-addr

Syntax

[no] nas-ip-addr

Context

[Tree] (config>ipsec>rad-acct-plcy>include nas-ip-addr)

[Tree] (config>ipsec>rad-auth-plcy>include nas-ip-addr)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute nas-ip-addr

configure ipsec radius-authentication-policy include-radius-attribute nas-ip-addr

Description

This command enables the generation of the NAS IP address attribute.

Default

no nas-ip-addr

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-ip-address

nas-ip-address

Syntax

[no] nas-ip-address

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-ip-address)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-ip-address)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-ip-address

configure aaa isa-radius-policy acct-include-attributes nas-ip-address

Description

This command enables the generation of the NAS-IP-Address RADIUS attribute.

Default

no nas-ip-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-ip-address-origin

nas-ip-address-origin

Syntax

nas-ip-address-origin {isa-ip | system-ip}

no nas-ip-address-origin

Context

[Tree] (config>aaa>isa-radius-plcy nas-ip-address-origin)

Full Context

configure aaa isa-radius-policy nas-ip-address-origin

Description

This command specifies the RADIUS NAS-IP-Address attribute.

The no form of the command reverts to the default.

Default

nas-ip-address-origin system-ip

Parameters

system-ip

Specifies that the value of the object TIMETRA-VRTR-MIB::vRiaIpAddress.1.1.1 is used.

isa-ip

Specifies that a value in the range specified by tmnxRadIsaPlcySrvSrcAddrStart and tmnxRadIsaPlcySrvSrcAddrEnd is used that corresponds to the ISA card that transmits the Access-Request packet or the Accounting-Request packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-ipv6-address

nas-ipv6-address

Syntax

[no] nas-ipv6-address

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-ipv6-address)

Full Context

configure aaa isa-radius-policy acct-include-attributes nas-ipv6-address

Description

This command configures the router to include the NAS-IPv6-Address attribute in RADIUS accounting messages using the address specified in the configure aaa isa-radius-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections.

The no form of this command configures the router to exclude the NAS-IPv6-Address attribute from RADIUS accounting messages.

Default

nas-ipv6-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-ipv6-address

Syntax

[no] nas-ipv6-address

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-ipv6-address)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-ipv6-address

Description

This command configures the router to include the NAS-IPv6-Address attribute in RADIUS authentication messages using the address specified in the configure aaa isa-radius-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections.

The no form of this command configures the router to exclude the NAS-IPv6-Address attribute from RADIUS authentication messages.

Default

nas-ipv6-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-port

nas-port

Syntax

[no] nas-port binary-spec

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-port

Description

This command enables the generation of the nas-port RADIUS attribute. Enter decimal representation of a 32-bit string that indicates the port information. This 32-bit string can be compiled based on different information from the port (data types). Using number-of-bits data-type syntax indicates the number of bits from the 32 bits that are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0s and 1s as bits can be added.

The no form of this command disables the nas-port configuration.

Parameters

binary-spec

Specifies the NAS port attribute.

Values

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 to 32

origin

s | m | p | o | i | v | c

s

slot number

m

MDA number

p

port number, lag-id, pw-id or pxc-id

o

outer VLAN ID

i

inner VLAN ID

v

ATM VPI

c

ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Output

The following output shows an example.

Output Example
*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=>  0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309 

nas-port

Syntax

nas-port binary-spec

no nas-port

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-port)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port

configure subscriber-mgmt authentication-policy include-radius-attribute nas-port

Description

This command enables the generation of the nas-port RADIUS attribute. You enter decimal representation of a 32-bit string that indicates your port information. This 32-bit string can be compiled based on different information from the port (data types). By using syntax number-of-bits data-type you indicate how many bits from the 32 bits are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0's and/or 1's as bits can be added.

The no form of this command disables the nas-port configuration.

Parameters

binary-spec

Specifies the NAS port attribute.

Values

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 to 32

origin

s | m | p | o | i | v | c

s

slot number

m

MDA number

p

port number, lag-id, pw-id or pxc-id

o

outer VLAN ID

i

inner VLAN ID

v

ATM VPI

c

ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Output

The following is an example of binary spec information.

Output Example
*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=>  0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309 

nas-port

Syntax

nas-port binary-spec

no nas-port

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port

configure subscriber-mgmt diameter-application-policy gx include-avp nas-port

Description

This command specifies the format of the 32 bit string used as value for the Nas-Port AVP.

Parameters

binary-spec

Specifies the NAS-Port AVP format.

Values

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 to 32

origin

s | m | p | o | i | v | c

s

slot number

m

MDA number

p

port number, lag-id, pw-id or pxc-id

o

outer VLAN ID

i

inner VLAN ID

v

ATM VPI

c

ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port

Syntax

[no] nas-port

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-port

configure aaa isa-radius-policy acct-include-attributes nas-port

Description

This command enables the generation of the NAS-Port RADIUS attribute.

Default

no nas-port

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-port-id

nas-port-id

Syntax

nas-port-id

nas-port-id [prefix-string string] [ suffix suffix-option]

no nas-port-id

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port-id)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.

The no form of this command reverts to the default.

Parameters

string

Specifies that a user configurable string be added to the RADIUS NAS port attribute, up to 8 characters.

suffix-option

Specifies the suffix type to be added to the RADIUS NAS port attribute.

Values

circuit-id, remote-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port-id

Syntax

[no] nas-port-id [prefix-string string] [suffix suffix-option]

Context

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-port-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute nas-port-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.

The no form of this command disables the generation of the nas-port-id RADIUS attribute.

Parameters

string

Specifies that a user configurable string is added to the RADIUS NAS port attribute, up to 8 characters.

suffix-option

Specifies the suffix type to be added to the RADIUS NAS port attribute.

Values

circuit-id, remote-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port-id

Syntax

nas-port-id [prefix-type {none | user-string}] [ prefix-string prefix-string] [suffix-type {circuit-id | none | remote-id | user-string}] [suffix-string suffix-string]

no nas-port-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port-id)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port-id

configure subscriber-mgmt diameter-application-policy gx include-avp nas-port-id

Description

This command includes the Nas-Port-Id AVP.

Parameters

prefix-type

Specifies what type of prefix is added to the NAS-Port-Id attribute if included in Nas-Port-Id AVP messages.

Values

none — No prefix is added

user-string — Specifies the user configurable string to be added as prefix to the NAS-Port-Id attribute if included in DIAMETER Gx messages

prefix-string

Specifies the user configurable string up to 8 characters, to be added as a prefix.

suffix-type}

Specifies the suffix to be added to the NAS-Port attribute NAS-Port AVP.

Values

none — No suffix is added

circuit-id — Specifies the circuit-id is added as suffix-string

remote-id — Specifies the remote-id is added as suffix-string

user-string — Specifies a user configurable suffix-string is added

suffix-string

Specifies the string, up to 64 characters, to be added as suffix.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port-id

Syntax

[no] nas-port-id

Context

[Tree] (config>ipsec>rad-acct-plcy>include nas-port-id)

[Tree] (config>ipsec>rad-auth-plcy>include nas-port-id)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute nas-port-id

configure ipsec radius-authentication-policy include-radius-attribute nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.

Default

no nas-port-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-port-id

Syntax

[no] nas-port-id

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port-id)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port-id)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-port-id

configure aaa isa-radius-policy acct-include-attributes nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.

Default

no nas-port-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nas-port-type

nas-port-type

Syntax

nas-port-type

nas-port-type [type]

no nas-port-type

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port-type)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-port-type

Description

This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.

The no form of this command reverts to the default.

Parameters

type

Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port-type

Syntax

nas-port-type

nas-port-type value

no nas-port-type

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port-type)

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute nas-port-type)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port-type

configure subscriber-mgmt authentication-policy include-radius-attribute nas-port-type

Description

This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.

The no form of this command disables the generation of the nas-port-type RADIUS attribute

Parameters

value

Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port-type

Syntax

nas-port-type

nas-port-type [type]

no nas-port-type

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port-type)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port-type)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port-type

configure subscriber-mgmt diameter-application-policy gx include-avp nas-port-type

Description

This command includes the Nas-Port-Type AVP.

Parameters

none

Specifies values as defined in RFC 2865, Remote Authentication Dial-In User Service (RADIUS), and RFC 4603, Additional Values for the NAS-Port-Type Attribute.

type

Specifies the integer value for the Nas-Port-Type AVP.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nas-port-type

Syntax

[no] nas-port-type

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port-type)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port-type)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-port-type

configure aaa isa-radius-policy acct-include-attributes nas-port-type

Description

This command enables the generation of the NAS-Port-Type RADIUS attribute.

The no form of the command disables the generation.

Default

no nas-port-type

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nasreq

nasreq

Syntax

nasreq

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy nasreq)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq

Description

Commands in this context configure NASREQ application-specific attributes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nat

nat

Syntax

nat

Context

[Tree] (config>isa>wlan-gw-group nat)

Full Context

configure isa wlan-gw-group nat

Description

Commands in this context configure NAT parameters under wlan-gw-group.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

[no] nat

Context

[Tree] (config>redundancy>multi-chassis>peer>sync nat)

Full Context

configure redundancy multi-chassis peer sync nat

Description

Commands in this context synchronize NAT groups.

The no form of this command disables the feature.

Default

nat

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

[no] nat

Context

[Tree] (config>service>vprn nat)

[Tree] (config>router nat)

Full Context

configure service vprn nat

configure router nat

Description

This command enables a NAT instance for the specified router or service.

The no form of this command disables the NAT instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

nat

Context

[Tree] (config>li>li-source nat)

Full Context

configure li li-source nat

Description

Commands in this context configure LI NAT parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

nat

Context

[Tree] (config>subscriber-mgmt>pfcp-association nat)

Full Context

configure subscriber-mgmt pfcp-association nat

Description

Commands in this context configure NAT groups for BNG CUPS PFCP association (see the nat-group command in the config>subscriber-mgmt>pfcp-association>nat context).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

nat [nat-policy nat-policy-name]

Context

[Tree] (config>filter>ip-filter>entry>action nat)

Full Context

configure filter ip-filter entry action nat

Description

This command enables NAT traffic diversion based on IPv4 filters (LSN44) or IPv6 filters (DS-Lite, NAT64). The filter contains a matching condition based on any combination of the 5 tuple. Traffic is diverted to NAT based on such defined matching condition. Filter fields outside of the 5 tuples are not valid and it will be ignored in filter based traffic diversion to NAT.

The pool selection for the outside IP address and port along with other mapping characteristics can be specified by the means on the NAT policy.

Parameters

nat-type

Specifies the NAT type.

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

nat nat-type nat-type [nat-policy nat-policy-name]

Context

[Tree] (config>filter>ipv6-filter>entry>action nat)

Full Context

configure filter ipv6-filter entry action nat

Description

This command enables NAT traffic diversion based on IPv4 filters (LSN44) or IPv6 filters (DS-Lite, NAT64). The filter contains a matching condition based on any combination of the 5 tuple. Traffic is diverted to NAT based on such defined matching condition. Filter fields outside of the 5 tuples are not valid and it will be ignored in filter based traffic diversion to NAT.

The pool selection for the outside IP address and port along with other mapping characteristics can be specified by the means on the NAT policy.

Parameters

nat-type

Specifies the NAT type.

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat

Syntax

nat

Context

[Tree] (admin nat)

Full Context

admin nat

Description

This command performs NAT operations.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-access-mode

nat-access-mode

Syntax

nat-access-mode access-mode

Context

[Tree] (config>subscr-mgmt>sub-profile nat-access-mode)

Full Context

configure subscriber-mgmt sub-profile nat-access-mode

Description

This command configures the NAT access mode.

Access mode in L2-Aware NAT environment is a reflection of supported home set up (bridged or routed) in relation to the configured anti-spoof setting.

This configuration option is only applicable to L2-Aware NAT subscribers. It determines which home model is supported with L2-Aware NAT:

  • Bridged RG with mac-ip anti-spoof

  • Bridged RG with nh-mac anti-spoof

  • Routed RG with NAT and mac-ip anti-spoof

  • Routed RG with NAT and nh-mac anti-spoof

  • Routed RG without NAT and nh-mac anti-spoof

Default

nat-access-mode auto

Parameters

access-mode

Specifies the NAT access mode.

Values

auto — The supported combinations are:

  • Bridged RG with mac-ip anti-spoof

  • Routed RG with NAT and mac-ip anti-spoof

  • Routed RG with NAT and nh-mac anti-spoof

  • Routed RG without NAT and nh-mac anti-spoof

bridged — The supported combinations are:

  • Bridged RG with mac-ip anti-spoof

  • Bridged RG with nh-mac anti-spoof

  • Routed RG with NAT and mac-ip anti-spoof

  • Routed RG with NAT and nh-mac anti-spoof

  • Routed RG without NAT and nh-mac anti-spoof

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-allow-bypass

nat-allow-bypass

Syntax

[no] nat-allow-bypass

Context

[Tree] (config>subscr-mgmt>sub-prof nat-allow-bypass)

Full Context

configure subscriber-mgmt sub-profile nat-allow-bypass

Description

This command enables L2-Aware NAT host for selective bypass. L2-aware NAT subscribers eligible for NAT bypass must be explicitly enabled with this command. Once enabled, the ip-filter configuration applied in sub-profile determines whether the traffic is bypassed.

The no form of this command causes traffic received from subscribers associated with this profile to not bypass the Layer-2-Aware NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-classifier

nat-classifier

Syntax

nat-classifier nat-classifier-name

no nat-classifier

Context

[Tree] (config>service>nat>nat-policy>dnat nat-classifier)

Full Context

configure service nat nat-policy dnat nat-classifier

Description

This command when configured within the nat-policy, references a nat-classifier and consequently activates DNAT functionality. Unless this command is provisioned, the destination IP address translation will not take place. The nat-classifier identifies the traffic (in a filter-like fashion) that is subjected to DNAT.

The no form of this command removes the nat-classifier-name from the configuration.

Parameters

nat-classifier-name

Specifies the name, up to 32 characters, of the NAT classifier.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-classifier

Syntax

nat-classifier nat-classifier-name [create]

no nat-classifier

Context

[Tree] (config>service>nat nat-classifier)

Full Context

configure service nat nat-classifier

Description

This command creates a nat-classifier. Traffic can be identified in nat-classifier based on the protocol type and destination ports. Once the traffic is identified, an action associated with identified traffic, such as destination NAT (DNAT), can be taken.

The no form of the command removes the nat-classifier-name from the configuration.

Parameters

nat-classifier-name

Specifies the name, up to 32 characters, of the referenced NAT classifier.

create

Keyword used to create the NAT classifier.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-group

nat-group

Syntax

nat-group nat-group-id [create]

no nat-group nat-group-id

Context

[Tree] (config>router>isa-svc-chain nat-group)

Full Context

configure router isa-service-chaining nat-group

Description

This command allows service chaining to be enabled for subscribers whose NAT flows are established on the set of ISAs in the specified NAT group.

The no form of this command removes the NAT group from the configuration.

Parameters

nat-group-id

Specifies the NAT group identifier.

Values

1 to 4

create

Keyword used to create the NAT group instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-group

Syntax

nat-group nat-group-id sync-tag tag

no nat-group nat-group-id

Context

[Tree] (config>redundancy>multi-chassis>peer>sync>nat nat-group)

Full Context

configure redundancy multi-chassis peer sync nat nat-group

Description

This command enables MCS for NAT. NAT group health information is exchanged between the pair of redundant NAT nodes. The system elects one of the nodes as the active node for the NAT group, while the other node becomes a standby node.

The no form of this command disables multi-chassis synchronization for a NAT group.

Default

no nat-group

Parameters

nat-group-id

Specifies the NAT group that is synchronized.

Values

1 to 4

tag

Specifies the synchronization tag that must be the same on both nodes of the NAT group. It is mandatory and must match its counterpart on the peering node for the NAT group that is being synchronized, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-group

Syntax

nat-group nat-group-id [create]

no nat-group nat-group-id

Context

[Tree] (config>isa nat-group)

Full Context

configure isa nat-group

Description

This command configures an ISA NAT group.

The no form of the command removes the ID from the configuration.

Parameters

nat-group-id

Specifies the ISA NAT group ID.

Values

1 to 4

create

Keyword used to create the NAT group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-group

Syntax

nat-group nat-group-id

no nat-group

Context

[Tree] (config>subscriber-mgmt>pfcp-association>nat nat-group)

Full Context

configure subscriber-mgmt pfcp-association nat nat-group

Description

This command configures a NAT group participating in NAT on BNG CUPS. ISAs in the NAT group are enabled for operation in BNG CUPS, but are not limited to BNG CUPS deployment. They can be used simultaneously with other versions of NAT in BNG, outside of the CUPS functionality.

The no version of this command deletes the NAT group.

Parameters

nat-group-id

Specifies the NAT group ID.

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-import

nat-import

Syntax

nat-import policy-name [policy-name]

no nat-import

Context

[Tree] (config>router>nat>inside nat-import)

[Tree] (config>service>vprn>nat>inside nat-import)

Full Context

configure router nat inside nat-import

configure service vprn nat inside nat-import

Description

This command references an import-policy to determine the routes that should be installed in the routing table as NAT routes, which are used to steer traffic to NAT.

A dynamic route obtained by BGP-VPN can be imported into an inside (private side) routing context in NAT environment. This route is associated with a NAT policy that maps traffic destined into a NAT pool and outside routing context. If the NAT policy is not explicitly configured in the import route policy, the imported NAT route is, by default, associated with the default NAT policy defined in the NAT inside routing context.

All BGP-VPN routes that are destined to be imported into NAT inside routing context must be configured with action-type accept in the route policy.

Parameters

policy-name

Specifies up to five NAT import policy names, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-import

Syntax

nat-import all [inside-router router-instance]

nat-import route ipv4-address [inside-router router-instance]

no nat-import all [inside-router router-instance]

no nat-import route ipv4-address [inside-router router-instance]

Context

[Tree] (debug>nat nat-import)

Full Context

debug nat nat-import

Description

This command enables debugging for routes dynamically imported into NAT from BGP.

The events related to dynamic routes in NAT can be filtered by a specific route and inside routing context.

Only events related to dynamic imports are dispayed. Events related to static route configurations are not shown.

Typical debug output displays the following information:

  • 18 2021/06/15 09:29:54.436 UTC MINOR: DEBUG #2001 vprn550 NAT_IMPORT

    This entry represents the debug event, the inside service in which the event occurred, and the process related to the event. For this particular log, the event ID is 2001 which occurred in the inside service vprn 550 and was related to a dynamic route importing into NAT.

  • dest-prefix 10.10.10.0/24 nat-policy ls-outPolicy service 500 : start import : ACCEPT by policy-statement evaluation

    This entry represents the description of the event. The destination prefix 10.10.10.0/24 is associated with nat-policy ls-outPolicy and was successfully imported from the outside vprn 500 (into the inside vprn 550 identified by the first entry).

The no form of the command disables debugging of the specified parameters.

Parameters

all

Specifies to debug all routes dynamically imported into NAT from BGP.

router-instance

Specifies filtering based on specific inside routing context.

ipv4-address

Specifies filtering based on the specific route.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-outside

nat-outside

Syntax

nat-outside nat-group-id [create]

no nat-outside nat-group-id

Context

[Tree] (config>service>epipe nat-outside)

Full Context

configure service epipe nat-outside

Description

This command binds an Epipe to a NAT context running on an ISA-BB, allowing the Epipe to act as the outside service for the NAT or firewall. When nat-outside is enabled, one end of the Epipe is implicitly tied to ISA BB forwarding, leaving one remaining SAP, spoke, or similar available to be configured.

The no version of this command removes the Epipe binding to a NAT context.

Parameters

nat-group-id

The NAT group ID where the PPPoE client is applied.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-policy

nat-policy

Syntax

nat-policy policy-name

no nat-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range nat-policy)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range nat-policy)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range nat-policy

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range nat-policy

Description

This command specifies the NAT policy for WLAN-GW ISA subscribers.

The no form of this command reverts to the default.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-policy

Syntax

nat-policy nat-policy-name

no nat-policy

Context

[Tree] (config>service>vprn>nat>inside nat-policy)

[Tree] (config>router>nat>inside nat-policy)

[Tree] (config>router>policy-options>policy-statement>entry>action nat-policy)

Full Context

configure service vprn nat inside nat-policy

configure router nat inside nat-policy

configure router policy-options policy-statement entry action nat-policy

Description

This command configures the NAT policy that is used for large-scale NAT in this service. If a nat-policy is not configured, then the default nat-policy is used.

The no form of the command removes the policy name from the configuration.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-policy

Syntax

nat-policy nat-policy-name

no nat-policy

Context

[Tree] (config>router>policy-options>policy-statement>default-action nat-policy)

Full Context

configure router policy-options policy-statement default-action nat-policy

Description

This command assigns a NAT policy to the matched routes that do not have a more specific nat-policy configured under action.

A dynamic route obtained by BGP-VPN can be imported into an inside (private side) routing context in NAT environment. This route must be associated with a NAT policy that maps traffic destined to it into a NAT pool and outside routing context. If the NAT policy is not specified within the route policy, the imported NAT route, by default, is associated with the default NAT policy defined in the NAT inside routing context.

All BGP-VPN routes that are destined to be imported into NAT inside routing context must have action-type set to accept, regardless of whether the NAT policy is configured in the action.

The no form of the command removes the policy name from the configuration.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-policy

Syntax

nat-policy nat-policy-name [create]

no nat-policy nat-policy-name

Context

[Tree] (config>service>nat nat-policy)

Full Context

configure service nat nat-policy

Description

This command configures a NAT policy.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

create

Keyword used to create the NAT policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-policy

Syntax

nat-policy policy-name

no nat-policy

Context

[Tree] (config>subscr-mgmt>sub-profile nat-policy)

Full Context

configure subscriber-mgmt sub-profile nat-policy

Description

This command configures the NAT policy to be used for subscribers associated with this subscriber profile.

Parameters

policy-name

Specifies the policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-policy-name

nat-policy-name

Syntax

[no] nat-policy-name

Context

[Tree] (config>service>nat>syslog>syslog-export-policy>include nat-policy-name)

Full Context

configure service nat syslog syslog-export-policy include nat-policy-name

Description

This command includes the NAT policy name in the flow log.

The no form of the command disables the feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-port-forwarding

nat-port-forwarding

Syntax

nat-port-forwarding

Context

[Tree] (config>system>persistence nat-port-forwarding)

Full Context

configure system persistence nat-port-forwarding

Description

This command configures NAT port forwarding persistence parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-port-range

nat-port-range

Syntax

[no] nat-port-range

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nat-port-range)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nat-port-range

Description

This command enables the generation of the of nat-port-range attribute.

The no form of this command disables the generation of the nat-port-range attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-prefix-list

nat-prefix-list

Syntax

nat-prefix-list name

no nat-prefix-list name

Context

[Tree] (config>subscr-mgmt>sub-prof nat-prefix-list)

Full Context

configure subscriber-mgmt sub-profile nat-prefix-list

Description

This command specifies the nat-prefix-list referenced within the subscriber-profile is used to associate L2-aware subscriber traffic with additional nat-policies based on the destination IPv4 address of the traffic.

The no form of the command removes the prefix list name from the configuration.

Parameters

name

Specifies the nat prefix list name. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-prefix-list

Syntax

nat-prefix-list name [create] [application application-choice]

no nat-prefix-list name

Context

[Tree] (config>service>nat nat-prefix-list)

Full Context

configure service nat nat-prefix-list

Description

This command is used to create configuration context for:

  • IP prefixes that are used select multiple nat-policies per subscriber in L2-aware NAT.

  • Inside IP prefixes in DNAT-only scenario. The inside IP prefixes are then setup as downstream routes used to steer the return (downstream) traffic to the proper MS-ISA.

The no form of the command removes the prefix list name from the configuration.

Parameters

name

Specifies the nat prefix list name. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

application application-choice

Specifies how this NAT prefix list is to be applied.

Values

l2-aware-dest-to-policy: Specifies that the nat-prefix-list can be applied only within the sub-profile for l2-aware subscribers. It will contain mapping between the destination prefix and a nat-policy. dnat-only-subscribers: Specifies that the nat-prefix-list can be applied only to dnat-only-subscribers. It will contain the source-prefix that needs to be install in outside routing context so that the return traffic from the outside can be directed to proper MS-ISA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-subscriber-string

nat-subscriber-string

Syntax

[no] nat-subscriber-string

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nat-subscriber-string)

Full Context

configure aaa isa-radius-policy acct-include-attributes nat-subscriber-string

Description

This command enables the inclusion of the NAT subscriber string attributes.

The no form of the command excludes NAT subscriber string attributes.

Default

no nat-subscriber-string

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat-traversal

nat-traversal

Syntax

nat-traversal [force] [keep-alive-interval keep-alive-interval] [force-keep-alive]

no nat-traversal

Context

[Tree] (config>ipsec>ike-policy nat-traversal)

Full Context

configure ipsec ike-policy nat-traversal

Description

This command specifies whether NAT-T (Network Address Translation Traversal) is enabled, disabled or in forced mode.

The no form of this command reverts the parameters to the default.

Default

no nat-traversal

Parameters

force

Forces to enable NAT-T

keep-alive-interval keep-alive-interval

Specifies the keep-alive interval in seconds.

Values

120 to 600

force-keep-alive

When specified, the keep-alive does not expire.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat64

nat64

Syntax

[no] nat64

Context

[Tree] (config>service>vprn>inside nat64)

Full Context

configure service vprn inside nat64

Description

Commands in this context configure NAT64.

The no form of the command disables NAT64.

nat64

Syntax

[no] nat64

Context

[Tree] (config>service>vprn>nat>inside nat64)

[Tree] (config>router>nat>inside nat64)

Full Context

configure service vprn nat inside nat64

configure router nat inside nat64

Description

Commands in this context configure NAT64 parameters.

The no form of the command disables NAT64.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

nat64-lsn-sub

nat64-lsn-sub

Syntax

[no] nat64-lsn-sub router router-instance ip ipv6-prefix

Context

[Tree] (config>li>li-source>nat nat64-lsn-sub)

Full Context

configure li li-source nat nat64-lsn-sub

Description

This command configures a NAT64 LSN subscriber source.

Parameters

router-instance

Specifies the routing instance into which to inject the mirrored packets.

ipv6-prefix

Specifies the IPv6 address.

Values

ipv6-prefix:

<prefix>/<length>

prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x to [0 to FFFF]H

d t o[0t o 255]D

<length>

[0 to 128]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

national-bits

national-bits

Syntax

national-bits sa4 sa5 sa6 sa7 sa8

no national-bits

Context

[Tree] (config>port>tdm>e1 national-bits)

Full Context

configure port tdm e1 national-bits

Description

This command configures the national use bits.

Parameters

sa-bits

Disables or enables SA bits.

Values

0, 1

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

nbr

nbr

Syntax

nbr [detail]

no nbr

Context

[Tree] (debug>router>rsvp>event nbr)

Full Context

debug router rsvp event nbr

Description

This command debugs neighbor events.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about neighbor events.

Platforms

All

ncp-renegotiation

ncp-renegotiation

Syntax

ncp-renegotiation {ignore | terminate-session}

no ncp-renegotiation

Context

[Tree] (config>subscr-mgmt>ppp-policy ncp-renegotiation)

Full Context

configure subscriber-mgmt ppp-policy ncp-renegotiation

Description

This command configures the NCP renegotiation.

The no form of the command reverts to the default value.

Default

ncp-renegotiation terminate-session

Parameters

ignore

Specifies that BNG ignore subsequent renegotiation messages after successful IPCP negotiation.

terminate-session

Specifies that the PPP session be terminated.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nd

nd

Syntax

nd

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6 nd)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 nd)

Full Context

configure service vprn subscriber-interface group-interface ipv6 nd

configure service ies subscriber-interface group-interface ipv6 nd

Description

Commands in this context configure neighbor discovery (ND) parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

nd

Syntax

nd

Context

[Tree] (config>service>vprn>if>vpls>evpn nd)

[Tree] (config>service>ies>if>vpls>evpn nd)

Full Context

configure service vprn interface vpls evpn nd

configure service ies interface vpls evpn nd

Description

Commands in this context configure ND host route parameters.

Platforms

All

nd-host-route

nd-host-route

Syntax

nd-host-route

Context

[Tree] (config>service>vprn>if>ipv6 nd-host-route)

Full Context

configure service vprn interface ipv6 nd-host-route

Description

Commands in this context populate ND host route entries.

Platforms

All

nd-learn-unsolicited

nd-learn-unsolicited

Syntax

nd-learn-unsolicited {global | link-local | both}

no nd-learn-unsolicited

Context

[Tree] (config>service>ies>if>ipv6 nd-learn-unsolicited)

Full Context

configure service ies interface ipv6 nd-learn-unsolicited

Description

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router use standard RFC 4861 behavior, as described below, for learning of neighbor entries.

  • If an unsolicited NA, regardless of the S flag, is received from a neighbor that is not yet in the ND cache, the NA is ignored.

  • If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the stale state.

Parameters

global

Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.

link-local

Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

both

Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

Platforms

All

nd-learn-unsolicited

Syntax

nd-learn-unsolicited {global | link-local | both}

no nd-learn-unsolicited

Context

[Tree] (config>service>vprn>if>ipv6 nd-learn-unsolicited)

Full Context

configure service vprn interface ipv6 nd-learn-unsolicited

Description

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.

  • If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.

  • If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.

Parameters

global

Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.

link-local

Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

both

Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

Platforms

All

nd-learn-unsolicited

Syntax

nd-learn-unsolicited {global | link-local | both}

no nd-learn-unsolicited

Context

[Tree] (config>router>if>ipv6 nd-learn-unsolicited)

Full Context

configure router interface ipv6 nd-learn-unsolicited

Description

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.

  • If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.

  • If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.

Parameters

global

Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages. This parameter is relevant only to global IPv6 addresses.

link-local

Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

both

Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

Platforms

All

nd-populate-host-route

nd-populate-host-route

Syntax

[no] nd-populate-host-route

Context

[Tree] (config>service>ies>interface>ipv6 nd-populate-host-route)

Full Context

configure service ies interface ipv6 nd-populate-host-route

Description

This command enables the addition or deletion of host routes in the route-table derived from neighbor entries in the neighbor cache. To enable this command, the interface must be shut down. The command triggers the population of host routes in the route table out of their corresponding static, dynamic, or EVPN types in the neighbor table. Neighbor entries installed by subscriber management, local interfaces, and others, do not create host-routes.

Only reachable entries are added to the route table (entries are created from solicited NA messages). Entries created as stale — from Neighbor Solicitation (NS), unsolicited Neighbor Advertisements (NA), Router Solicitation (RS), Router Advertisement (RA), and Redirect messages — are not added to the route table because the neighbor is not confirmed as two-way.

  • RA, RS, NS, and Redirect messages with a link layer address are added as STALE cache entries. Unsolicited NAs are added as STALE if nd-learn-unsolicited is configured.

  • To speed up the addition of host routes to the route table for neighbors created as STALE, the following procedure is used:

    • If nd-populate-host-route is configured, the router sends an NS (unicast Neighbor Unreachability Detection (NUD) message) to the neighbor created as STALE. Only one NUD message is sent.

    • If nd-populate-host-route is not configured, no confirmation message is sent and regular procedures apply.

  • When the solicited NA for the neighbor is received, the entry becomes reachable and is then added to the route-table.

The no form of this command disables the creation of host routes from the neighbor cache.

Platforms

All

nd-proactive-refresh

nd-proactive-refresh

Syntax

nd-proactive-refresh {global | link-local | both}

no nd-proactive-refresh

Context

[Tree] (config>service>ies>if>ipv6 nd-proactive-refresh)

Full Context

configure service ies interface ipv6 nd-proactive-refresh

Description

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends a NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters

global

Refreshes global neighbor entries.

link-local

Refreshes link local neighbor entries.

both

Refreshes both global and link local neighbor entries.

Platforms

All

nd-proactive-refresh

Syntax

nd-proactive-refresh {global | link-local | both}

no nd-proactive-refresh

Context

[Tree] (config>service>vprn>if>ipv6 nd-proactive-refresh)

Full Context

configure service vprn interface ipv6 nd-proactive-refresh

Description

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters

global

Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.

link-local

Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

both

Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

Platforms

All

nd-proactive-refresh

Syntax

nd-proactive-refresh {global | link-local | both}

no nd-proactive-refresh

Context

[Tree] (config>router>if>ipv6 nd-proactive-refresh)

Full Context

configure router interface ipv6 nd-proactive-refresh

Description

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters

global

Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.

link-local

Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

both

Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

Platforms

All

nd-route-tag

nd-route-tag

Syntax

nd-route-tag tag

no nd-route-tag

Context

[Tree] (config>service>ies>if>ipv6 nd-route-tag)

Full Context

configure service ies interface ipv6 nd-route-tag

Description

This command adds a route tag to the ARP-ND host routes generated out of the neighbor entries in the interface. As any other route tag, it can be used to match ARP-ND routes in BGP export policies.

The no form of this command removes the route tag for the ARP-ND host routes.

Parameters

tag

Specifies the route tag to be added when the proxy ND entries are advertised to EVPN.

Values

1 to 255

Platforms

All

nd-router-preference

nd-router-preference

Syntax

nd-router-preference {medium | high | low}

no nd-router-preference

Context

[Tree] (config>router>router-advert>if nd-router-preference)

[Tree] (config>service>vprn>router-advert>if nd-router-preference)

Full Context

configure router router-advertisement interface nd-router-preference

configure service vprn router-advertisement interface nd-router-preference

Description

This command configures the default router preference for Router Advertisement (RA) and allows IPv6 hosts to discover and select a default gateway address by listening to RAs.

This feature provides basic traffic engineering functionality for host devices. When this command is applied, the router advertises the respective router preference to the connected host to assist in its selection of the most appropriate default gateway on a link.

This extension is backward compatible, both for routers (setting the router preference bits) and hosts (interpreting the router preference bits). These bits are ignored by hosts that do not implement the RFC 4191 functionality by configuring this command. Similarly, hosts that do not implement the RFC 4191 functionality interpret the values sent by devices that do not implement the RFC 4191 extension with the medium preference option.

The no form of this command configures this command to the default value.

Default

nd-router-preference medium

Parameters

medium

Specifies the router advertises a medium default gateway preference.

high

Specifies the router advertises a high default gateway preference.

low

Specifies the router advertises a low default gateway preference.

Platforms

All

neid

neid

Syntax

neid hex-string

no neid

Context

[Tree] (config>system>ned>profile neid)

Full Context

configure system network-element-discovery profile neid

Description

This command configures the NEID for this profile.

The no form of this command deletes the NEID for this profile.

Parameters

hex-string

A hexadecimal string that consists of a subnet ID and basic ID. The first 8 high-order bits indicate the subnet ID and range from 0x1 to 0xFE. The 16 low-order bits indicate the basic ID and ranges from 0x0001 to 0xFFFE. The NEID cannot be configured as 0x90006 to 0x9FF06 or 0x9bff0.

Values

0x10001 to 0xFEFFFE

Platforms

All

neighbor

neighbor

Syntax

neighbor ip-address [create]

no neighbor ip-address

Context

[Tree] (config>service>vpls>gsmp>group neighbor)

[Tree] (config>service>vprn>gsmp>group neighbor)

Full Context

configure service vpls gsmp group neighbor

configure service vprn gsmp group neighbor

Description

Commands in this context configure a GSMP ANCP neighbor parameters.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IP address of the GSMP ANCP neighbor.

create

Keyword used to create the neighbor instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

neighbor

Syntax

[no] neighbor ip-address [ create]

Context

[Tree] (config>service>vprn>gsmp>group neighbor)

Full Context

configure service vprn gsmp group neighbor

Description

This command adds a neighbor in the GSMP group.

The no form of this command removes the neighbor from the GSMP group.

Parameters

ip-address

Specifies the IP address in dotted decimal notation.

create

This keyword is mandatory when creating a GSMP group name. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

All

neighbor

Syntax

[no] neighbor ip-int-name

Context

[Tree] (config>router>rip>group neighbor)

[Tree] (config>service>vprn>rip>group neighbor)

[Tree] (config>router>ripng>group neighbor)

Full Context

configure router rip group neighbor

configure service vprn rip group neighbor

configure router ripng group neighbor

Description

This command creates a context for configuring a RIP neighbor interface. By default, group interfaces are not activated with RIP, unless explicitly configured. The BNG only learns RIP routes from IPv4 host on the group interface. The RIP neighbor group interface defaults to none. The send operation is unchangeable for group-interface.

The no form of this command deletes the RIP interface configuration for this group interface. The shutdown command in the config>router>rip>group group-name>neighbor context can be used to disable an interface without removing the configuration for the interface.

Default

no neighbor

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.

Platforms

All

neighbor

Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

[Tree] (config>service>ies>if>ipv6 neighbor)

Full Context

configure service ies interface ipv6 neighbor

Description

This command configures IPv6-to-MAC address mapping on the IES interface.

Parameters

ipv6-address

The IPv6 address of the interface for which to display information.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

mac-address

Specifies the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

All

neighbor

Syntax

neighbor ip-address

no neighbor

Context

[Tree] (config>port>aps neighbor)

Full Context

configure port aps neighbor

Description

This command specifies the neighbor's IP address only on a multi-chassis APS where the working and protect circuits are configured on different routers. When the value the neighbor IP address is set to 0.0.0.0, this implies that the APS group is configured as a single-chassis APS group.

The route to the neighbor must not traverse the multi-chassis APS member (working or protect) circuits. It is recommended that the neighbor IP address configured is on a shared network between the routers that own the working and protect circuits.

By default no neighbor address is configured and both the working and protect circuits should be configured on the same router (i.e., single-chassis APS). APS is assumed to be configured wholly on a single chassis.

Parameters

ip-address

Specifies the neighbor's IP address only on a multi-chassis APS where the working and protect circuits are configured on different routers. The node should be connected with a direct interface to ensure optimum fail-over time.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:-[0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

neighbor

Syntax

[no] neighbor ip-address

Context

[Tree] (config>router>bgp>group neighbor)

Full Context

configure router bgp group neighbor

Description

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configuration.

The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shutdown, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.

Default

no neighbor

Parameters

ip-address

Specifies the IP address of the BGP peer router in dotted decimal notation.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface]

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: 32 characters maximum, mandatory for link local addresses

Platforms

All

neighbor

Syntax

[no] neighbor ip-address

Context

[Tree] (config>service>vprn>bgp>group neighbor)

Full Context

configure service vprn bgp group neighbor

Description

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configuration.

The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shut down, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.

Parameters

ip-address

The IP address of the BGP peer router in dotted decimal notation.

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR only.

Platforms

All

neighbor

Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

[Tree] (config>service>vprn>if>ipv6 neighbor)

Full Context

configure service vprn interface ipv6 neighbor

Description

This command configures IPv6-to-MAC address mapping on the interface.

Parameters

ipv6-address

Specifies the IPv6 address on the interface.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb: cc:dd:ee:ff or aa-bb-cc -dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

All

neighbor

Syntax

[no] neighbor ip-address

Context

[Tree] (config>service>vprn>ospf3>area>if neighbor)

[Tree] (config>service>vprn>ospf>area>if neighbor)

Full Context

configure service vprn ospf3 area interface neighbor

configure service vprn ospf area interface neighbor

Description

This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.

In addition to configuring the OSPF NBMA neighbor’s IP address, the neighbor’s MAC address may need to be configured with the config>service>vprn>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>service>vprn>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.

The no form of this command removes the neighbor configuration.

Default

No OSPF NBMA neighbors are configured.

Parameters

ip-address

Specifies the OSPFv2 neighbor’s IPv4 address or the OSPFv3 neighbor’s IPv6 link-local address.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x [-interface]

x:x:x:x:x:x:d.d.d.d [-interface]

x: [0..FFFF]H

d: [0..255]D

interface —32 characters max, for link local addresses.

Platforms

All

neighbor

Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

[Tree] (config>router>if>ipv6 neighbor)

Full Context

configure router interface ipv6 neighbor

Description

This command configures an IPv6-to-MAC address mapping on the interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery, or for some reason, a static address must be used. This command can only be used on Ethernet media.

The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.

Parameters

ipv6-address

The IPv6 address assigned to a router interface.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

mac-address

Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

Platforms

All

neighbor

Syntax

neighbor [ip-int-name]

no neighbor

Context

[Tree] (debug>router>ip neighbor)

Full Context

debug router ip neighbor

Description

This command enables IPv6 neighbor debugging.

Parameters

ip-int-name

Specifies the IP interface name.

Platforms

All

neighbor

Syntax

[no] neighbor ipv4-address

[no] neighbor ipv6-address

Context

[Tree] (config>router>ospf3>area>interface neighbor)

[Tree] (config>router>ospf>area>interface neighbor)

Full Context

configure router ospf3 area interface neighbor

configure router ospf area interface neighbor

Description

This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.

In addition to configuring the IP address of the OSPF NBMA neighbor, the MAC address of the neighbor may need to be configured with the config>router>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>router>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.

The no form of this command removes the neighbor configuration.

Default

no neighbor

Parameters

ipv4-address

Specifies the IPv4 address of the OSPFv2 neighbor.

Values

ipv4-address — a.b.c.d

ipv6-address

Specifies the IPv6 link-local address of the OSPFv3 neighbor.

Values

ipv6-address:

x:x:x:x:x:x:x:x [-interface]

x:x:x:x:x:x:d.d.d.d [-interface]

x: [0..FFFF]H

d: [0..255]D

interface — 32 characters maximum for link local addresses.

Platforms

All

neighbor

Syntax

neighbor [ip-int-name | ip-address]

neighbor [ip-int-name] [router-id]

no neighbor

Context

[Tree] (debug>router>ospf3 neighbor)

[Tree] (debug>router>ospf neighbor)

Full Context

debug router ospf3 neighbor

debug router ospf neighbor

Description

This command enables debugging for an OSPF or OSPF3 neighbor.

Parameters

ip-int-name

Specifies the neighbor interface name.

ip-address

Specifies neighbor information for the neighbor identified by the specified IP address, in the debug>router>ospf context.

router-id

Specifies neighbor information for the neighbor identified by the specified router ID, in the debug>router>ospf3 context.

Platforms

All

neighbor

Syntax

neighbor {ip-address | prefix-list name}

no neighbor

Context

[Tree] (config>router>policy-options>policy-statement>entry>to neighbor)

[Tree] (config>router>policy-options>policy-statement>entry>from neighbor)

Full Context

configure router policy-options policy-statement entry to neighbor

configure router policy-options policy-statement entry from neighbor

Description

This command specifies the neighbor address as found in the source address of the actual join and prune message as a filter criterion. If no neighbor is specified, any neighbor is considered a match.

The no form of the of the command removes the neighbor IP match criterion from the configuration.

Default

no neighbor

Parameters

ip-address

Specifies the neighbor IP address in dotted decimal notation.

Values

ipv4-address:

  • a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface]

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: 32 characters maximum, mandatory for link local addresses

prefix-list name

Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The name specified must already be defined.

Platforms

All

neighbor-limit

neighbor-limit

Syntax

neighbor-limit [value]

no neighbor-limit

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>nd neighbor-limit)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>nd neighbor-limit)

Full Context

configure service ies subscriber-interface group-interface ipv6 nd neighbor-limit

configure service vprn subscriber-interface group-interface ipv6 nd neighbor-limit

Description

This command configures the maximum number of neighbors learned for a single host by doing neighbor discovery.

The no form of this command reverts to the default.

Default

neighbor-limit 1

Parameters

value

Specifies the maximum number of neighbors learned.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

neighbor-limit

Syntax

neighbor-limit limit [log-only] [ threshold percent]

no neighbor-limit

Context

[Tree] (config>service>ies>if>ipv6 neighbor-limit)

Full Context

configure service ies interface ipv6 neighbor-limit

Description

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations is dropped. Entries that have already been learned is refreshed.

The no form of this command removes the neighbor-limit.

Default

no neighbor-limit

Parameters

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit is learned.

percent

The threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

limit

The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.

Values

0 to 102400

Platforms

All

neighbor-limit

Syntax

neighbor-limit limit [log-only] [ threshold percent]

no neighbor-limit

Context

[Tree] (config>service>vprn>if>ipv6 neighbor-limit)

Full Context

configure service vprn interface ipv6 neighbor-limit

Description

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of this command removes the neighbor-limit.

Default

neighbor-limit 90

Parameters

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.

percent

The threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

limit

The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.

Values

0 to 102400

Platforms

All

neighbor-limit

Syntax

neighbor-limit limit [log-only] [ threshold percent]

no neighbor-limit

Context

[Tree] (config>router>if>ipv6 neighbor-limit)

Full Context

configure router interface ipv6 neighbor-limit

Description

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of this command removes the neighbor-limit.

Default

no neighbor-limit

Parameters

limit

The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.

Values

0 to 102400

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.

percent

The threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

Platforms

All

neighbor-liveness-time

neighbor-liveness-time

Syntax

neighbor-liveness-time interval

no neighbor-liveness-time

Context

[Tree] (config>router>ldp>graceful-restart neighbor-liveness-time)

Full Context

configure router ldp graceful-restart neighbor-liveness-time

Description

This command configures the neighbor liveness time.

The no form of this command returns the default value.

Default

no neighbor-liveness (which equals a value of 120 seconds)

Parameters

interval

Specifies the length of time in seconds.

Values

5 to 300

Platforms

All

neighbor-resolution

neighbor-resolution

Syntax

[no] neighbor-resolution

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-relay neighbor-resolution)

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay neighbor-resolution)

Full Context

configure service ies interface ipv6 dhcp6-relay neighbor-resolution

configure service vprn interface ipv6 dhcp6-relay neighbor-resolution

Description

This command enables neighbor resolution with DHCPv6 relay.

The no form of this command disables neighbor resolution.

Platforms

All

neighbor-solicitation

neighbor-solicitation

Syntax

[no] neighbor-solicitation

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>auto-reply neighbor-solicitation)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>auto-reply neighbor-solicitation)

Full Context

configure service vprn subscriber-interface group-interface ipv6 auto-reply neighbor-solicitation

configure service ies subscriber-interface group-interface ipv6 auto-reply neighbor-solicitation

Description

This command enables auto-reply for neighbor solicitation.

The no form of this command disables auto-reply neighbor solicitation.

Default

neighbor-solicitation

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

neighbor-trust

neighbor-trust

Syntax

neighbor-trust [vpn-ipv4] [vpn-ipv6] [evpn]

no neighbor-trust

Context

[Tree] (config>router>bgp neighbor-trust)

Full Context

configure router bgp neighbor-trust

Description

This command enables a label security feature for prefixes of a VPN family at an inter-AS boundary.

This label security feature allows the configuration of a router, acting in a PE, ASBR, or both roles, to accept packets of VPN-IP or EVPN prefixes only from direct EBGP neighbors to which it advertised a service label.

The untrusted state identifies the participating interfaces. The router supports a maximum of 15 network interfaces that can participate in this feature.

At a high level, BGP tracks each direct EBGP neighbor over an untrusted interface to which it sent a prefix label. For each of those prefixes, BGP programs a bitmap in the ILM record that indicates, on per-untrusted interface basis, whether the matching received packets must be forwarded or dropped.

The no form of this command disables the inter-AS security feature for the VPN family.

Parameters

vpn-ipv4

Keyword to enable the inter-AS label security for VPN IPv4 family.

vpn-ipv6

Keyword to enable the inter-AS label security for VPN IPv6 family.

evpn

Keyword to enable the inter-AS label security for EVPN family.

Platforms

All

neip

neip

Syntax

neip

Context

[Tree] (config>system>ned>profile neip)

Full Context

configure system network-element-discovery profile neip

Description

Commands in this context configure the NEIP.

Platforms

All

netbios-name-server

netbios-name-server

Syntax

netbios-name-server ip-address [ip-address]

no netbios-name-server

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options netbios-name-server)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options netbios-name-server)

[Tree] (config>service>vprn>dhcp>server>pool>options netbios-name-server)

[Tree] (config>router>dhcp>server>pool>options netbios-name-server)

Full Context

configure subscriber-mgmt local-user-db ppp host options netbios-name-server

configure subscriber-mgmt local-user-db ipoe host options netbios-name-server

configure service vprn dhcp local-dhcp-server pool options netbios-name-server

configure router dhcp local-dhcp-server pool options netbios-name-server

Description

This command configures up to four Network Basic Input/Output System (NetBIOS) name server IP addresses for a DHCP client.

The no form of this command removes the IP address from the netbios-name-server configuration.

Parameters

ip-address

Specifies up to four NetBIOS name server IP addresses. The address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

netbios-node-type

netbios-node-type

Syntax

netbios-node-type netbios-node-type

no netbios-node-type

Context

[Tree] (config>router>dhcp>server>pool>options netbios-node-type)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options netbios-node-type)

[Tree] (config>service>vprn>dhcp>server>pool>options netbios-node-type)

Full Context

configure router dhcp local-dhcp-server pool options netbios-node-type

configure subscriber-mgmt local-user-db ipoe host options netbios-node-type

configure service vprn dhcp local-dhcp-server pool options netbios-node-type

Description

This command configures the Network Basic Input/Output System (NetBIOS) node type.

The no form of this command removes the NetBIOS node type parameters from the configuration.

Parameters

netbios-node-type

Specifies the netbios node type.

Values

B — Broadcast node uses broadcasting to query nodes on the network for the owner of a NetBIOS name.

P — Peer-to-peer node uses directed calls to communicate with a known NetBIOS name server for the IP address of a NetBIOS machine name.

M — Mixed node uses broadcast queries to find a node, and if that fails, queries a known P-node name server for the address.

H — Hybrid node is the opposite of the M-node action so that a directed query is executed first, and if that fails, a broadcast is attempted.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

netconf

netconf

Syntax

netconf

Context

[Tree] (debug>system netconf)

Full Context

debug system netconf

Description

Commands in this context debug NETCONF.

Platforms

All

netconf

Syntax

netconf

Context

[Tree] (config>system>security>profile netconf)

Full Context

configure system security profile netconf

Description

This command authorizes various netconf capabilities for the user.

Platforms

All

netconf

Syntax

netconf

Context

[Tree] (config>system>security>management-interface netconf)

Full Context

configure system security management-interface netconf

Description

Commands in this context configure hash-control for the Netconf interface.

Platforms

All

netconf-stream

netconf-stream

Syntax

netconf-stream stream-name

no netconf-stream

Context

[Tree] (config>li>log>log-id netconf-stream)

Full Context

configure li log log-id netconf-stream

Description

This command is used to associate a NETCONF stream name with a Lawful Intercept log ID. The NETCONF stream name must be unique in the Lawful Intercept context of the SR OS device. For the same Lawful Intercept log ID, the to netconf command must be configured for a subscription to that NETCONF stream name to be accepted. If the NETCONF stream is changed, active subscriptions to the changed stream name are terminated by SR OS.

The no form of this command removes a NETCONF stream name from a Lawful Intercept log ID. Active subscriptions to the removed stream name are terminated by SR OS.

Parameters

stream-name

Specifies a NETCONF stream name, up to 32 characters.

Platforms

All

netconf-stream

Syntax

netconf-stream stream-name

no netconf-steam

Context

[Tree] (config>log>log-id netconf-stream)

Full Context

configure log log-id netconf-stream

Description

This command is used to associate a NETCONF stream name with a log ID. The NETCONF stream name must be unique per SR OS device. For the same log ID, to netconf must be configured for a subscription to that NETCONF stream name to be accepted. A netconf-stream cannot be set to "NETCONF” as "NETCONF” is reserved for log-id 101. If a netconf-stream is changed, active subscriptions to the changed stream name are terminated by SR OS.

The no form of this command removes a NETCONF stream name from a log ID. Active subscriptions to the removed stream name are terminated by SR OS.

Parameters

stream-name

Specifies a NETCONF stream name, up to 32 characters.

Platforms

All

network

network

Syntax

network next-hop ip-address [router router-instance]

network next-hop ip-address [service-name service-name]

no network

Context

[Tree] (config>subscr-mgmt>steering-profile network)

Full Context

configure subscriber-mgmt steering-profile network

Description

This command specifies the downstream next-hop IP address and an optional routing instance to be used as a network VAS router in the steering profile.

The no form of this command removes the specified next-hop IP address and the router instance if specified.

Parameters

ip-address

Specifies the IP address to be used as the downstream next-hop IP address in dotted decimal notation.

router-instance

Specifies the router instance to be used as an access VAS router.

Values

router-instance:

router-name | vprn-svc-id

router-name:

"Base”

vprn-svc-id:

1 to 2147483647

service-name

Specifies the service name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

network

Syntax

[no] network

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext network)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext network)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network

Description

Commands in this context configure network side attributes.

The no form of this command resets the network parameters to the default values.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

network

Syntax

network

Context

[Tree] (config>port network)

[Tree] (config>card>mda network)

Full Context

configure port network

configure card mda network

Description

This command enables the network context to configure egress and ingress pool policy parameters.

On the MDA level, network egress pools are only allocated on channelized MDAs.

Platforms

All

network

Syntax

network

Context

[Tree] (config>card>fp>ingress network)

Full Context

configure card fp ingress network

Description

This command specifies the CLI node that contains the network forwarding-plane parameters.

Platforms

All

network

Syntax

network

Context

[Tree] (config>port>tdm>e1>channel-group network)

[Tree] (config>port>tdm>ds1>channel-group network)

Full Context

configure port tdm e1 channel-group network

configure port tdm ds1 channel-group network

Description

Commands in this context configure network channel group parameters.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

network

Syntax

network

Context

[Tree] (config>port>tdm>e1 network)

[Tree] (config>port>tdm>ds3 network)

[Tree] (config>port>tdm>ds1 network)

[Tree] (config>port>tdm>e3 network)

[Tree] (config>port>ethernet network)

[Tree] (config>port>sonet-sdh>path network)

Full Context

configure port tdm e1 network

configure port tdm ds3 network

configure port tdm ds1 network

configure port tdm e3 network

configure port ethernet network

configure port sonet-sdh path network

Description

This command enables access to the context to configure network port parameters.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm e3 network
  • configure port tdm ds3 network
  • configure port tdm e1 network
  • configure port tdm ds1 network

All

  • configure port ethernet network

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path network

network

Syntax

network

Context

[Tree] (config>service>vpls>vxlan network)

Full Context

configure service vpls vxlan network

Description

Commands in this context configure network parameters for the VPLS VXLAN service.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

network

Syntax

network

Context

[Tree] (config>service>vprn network)

Full Context

configure service vprn network

Description

Commands in this context configure network parameters for the VPRN service.

Platforms

All

network

Syntax

network network-policy-id [create] [name name]

no network network-policy-id

Context

[Tree] (config>qos network)

Full Context

configure qos network

Description

This command creates or edits a QoS network policy. The network policy defines the treatment that IP or MPLS packets receive as they ingress and egress the network port.

The QoS network policy consists of an ingress and egress component. The ingress component of the policy defines how DiffServ code points and MPLS EXP bits are mapped to internal forwarding class and profile state. The forwarding class and profile state define the Per Hop Behavior (PHB) or the QoS treatment through the router. The mapping on each network interface defaults to the mappings defined in the default network QoS policy until an explicit policy is defined for the network interface.

The egress component of the network QoS policy defines the queuing parameters associated with each forwarding class. Each of the forwarding classes defined within the system automatically creates a queue on each network interface. This queue gets all the parameters defined within the default network QoS policy 1 until an explicit policy is defined for the network interface access uplink port. If the egressing packet originated on an ingress SAP, or the remarking parameter is defined for the egress interface, the egress QoS policy also defines the IP DSCP, dot1p/DE, or MPLS EXP bit marking based on the forwarding class and the profile state.

Network policy-id 1 exists as the default policy that is applied to all network interfaces by default. The network policy-id 1 cannot be modified or deleted. It defines the default DSCP-to-FC mapping and MPLS EXP-to-FC mapping for the ingress. For the egress, it defines six forwarding classes that represent individual queues and the packet marking criteria.

Network policy-id 1 exists as the default policy that is applied to all network ports by default. This default policy cannot be modified or deleted. It defines the default DSCP-to-FC mapping and default unicast meters for ingress IP traffic. For the egress, it defines the forwarding class to dot1p and DSCP values and the packet marking criteria.

If a new network policy is created (for instance, policy-id 3), only the default action and egress forwarding class parameters are identical to the default policy. A new network policy does not contain the default DSCP-to-FC and MPLS-EXP-to-FC mapping for network QoS policy of type ip-interface or the DSCP-to-FC mapping (for network QoS policy of type port). The default network policy can be copied (use the copy command) to create a new network policy that includes the default ingress DSCP-to-FC and MPLS EXP-to-FC mapping (as appropriate). Parameters can be modified, or the no form of this command can be used to remove an object from the configuration.

Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all network interfaces where this policy is applied. For this reason, when many changes are required on a policy, it is highly recommended that the policy be copied to a work area policy-id. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config qos copy command to maintain policies in this manner.

The no form of this command deletes the network policy. A policy cannot be deleted until it is removed from all entities where it is applied. The default network policy policy-id 1 cannot be deleted.

Default

network 1 — System Default Network Policy 1

Parameters

network-policy-id

The policy-id uniquely identifies the policy on the router.

Values

1 to 65535

Default

1

create

Required parameter when creating a QoS network policy.

name name

A name that is saved as part of the configuration data. If a name is not specified at creation time, then SR OS assigns a string version of the network policy identifier as the name.

Values

A string up to 64 characters

Platforms

All

network

Syntax

network src-pol dst-pol [overwrite]

Context

[Tree] (config>qos>copy network)

Full Context

configure qos copy network

Description

This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.

The copy command is used to create new policies using existing policies and also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

src-pol dst-pol

Indicates that the source and destination policies are network policy IDs. Specify the source policy that the copy command will copy and specify the destination policy to which the command will duplicate the policy to a new or different policy ID.

Values

1 to 65535

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, the following error occurs if the destination policy ID exists.

SR>config>qos# copy network 1 427
MINOR: CLI Destination "427" exists use {overwrite}.
SR>config>qos# copy network 1 427 overwrite

Platforms

All

network-address

network-address

Syntax

network-address {eq | neq} ip-address

network-address {eq | neq} ip-prefix-list ip-prefix-list-name

no network-address

Context

[Tree] (config>app-assure>group>policy>app-filter>entry network-address)

Full Context

configure application-assurance group policy app-filter entry network-address

Description

This command configures the network address to use in application definition. The network address will match the destination IP address in a from-sub flow or the source IP address in a to-sub flow.

The no form of this command restores the default (removes the network address from application criteria defined by this entry).

Default

no network-address

Parameters

eq

Specifies a comparison operator indicating that the value configured and the value in the flow are equal.

neq

Specifies a comparison operator indicating that the value configured differs from the value in the flow.

ip-address

Specifies a valid unicast address.

Values

ipv4-address

a.b.c.d[/mask]

mask - [1..32]

ipv6-address

x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

ip-prefix-list-name

Specifies the name of an IP prefix list, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

network-domain

network-domain

Syntax

[no] network-domain network-domain-name

Context

[Tree] (config>router>network-domains network-domain)

Full Context

configure router network-domains network-domain

Description

This command creates network-domains that can be associated with individual interfaces and SDPs.

Default

network-domain "default”

Parameters

network-domain-name

Specifies the network domain name, up to 32 characters.

Platforms

All

network-domain

Syntax

[no] network-domain network-domain-name

Context

[Tree] (config>router>if network-domain)

Full Context

configure router interface network-domain

Description

This command assigns a given interface to a given network-domain. The network-domain is then taken into account during sap-ingress queue allocation for VPLS SAP.

The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an interface that has no physical port specified will be accepted, but will have no effect as long as a corresponding port, or LAG, is defined.

Single interfaces can be associated with multiple network-domains.

Default

network-domain "default”

Platforms

All

network-domain

Syntax

network-domain network-domain-name

no network-domain

Context

[Tree] (config>service>sdp network-domain)

Full Context

configure service sdp network-domain

Description

This command assigns a given SDP to a given network-domain. The network-domain is then taken into account during sap-ingress queue allocation for VPLS SAP.

The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an interface that has no physical port specified will be accepted, but will have no effect as long as a corresponding port, or LAG, is undefined.

A single SDP can only be associated with a single network-domain.

Default

network-domain "default"

Platforms

All

network-domains

network-domains

Syntax

network-domains

Context

[Tree] (config>router network-domains)

Full Context

configure router network-domains

Description

This command opens context for defining network-domains. This command is applicable only in the base routing context.

Platforms

All

network-element-discovery

network-element-discovery

Syntax

network-element-discovery

Context

[Tree] (config>system network-element-discovery)

Full Context

configure system network-element-discovery

Description

Commands in this context configure the network-element discovery parameters and MIB table generation.

Platforms

All

network-interconnect-vxlan

network-interconnect-vxlan

Syntax

network-interconnect-vxlan instance

no network-interconnect-vxlan

Context

[Tree] (config>service>system>bgp-evpn>eth-seg network-interconnect-vxlan)

Full Context

configure service system bgp-evpn ethernet-segment network-interconnect-vxlan

Description

This command associates the VXLAN instance with the virtual Ethernet Segment. The association of the virtual ES is based on the VXLAN instance and range of services where the VXLAN instance is configured.

The no form of this command removes the VXLAN instance from the Ethernet Segment association.

Parameters

instance

Specifies the VXLAN instance that is to be associated with the virtual ES.

Values

1

Platforms

All

network-interface

network-interface

Syntax

network-interface interface-name [create]

no network-interface interface-name

Context

[Tree] (config>service>vprn network-interface)

Full Context

configure service vprn network-interface

Description

This command configures a network interface in a VPRN that acts as a CSC interface to a CSC-CE in a Carrier Supporting Carrier IP VPN deployment model.

Parameters

interface-name

Specifies the name of the interface to be added.

create

Keyword used to create the network interface.

Platforms

All

network-ip

network-ip

Syntax

network-ip ip-address[/mask]

no network-ip

Context

[Tree] (config>app-assure>group>transit-prefix-policy>entry>match network-ip)

Full Context

configure application-assurance group transit-prefix-policy entry match network-ip

Description

This command configures an entry for an address of prefix transit aa-sub and is used when the site is a remote site on the same opposite side of the system as the parent SAP. The network IP addresses represents the dest-IP in the from-SAP direction and src-IP in the to-SAP direction.

The no form of this command removes the network IP address/mask from the match criteria.

Parameters

ip-address[/mask]

specifies the network address prefix and length associated with this transit prefix policy entry.

Values

ip-address[/mask] :

ipv4-address - a.b.c.d[/mask]

mask - [1..32]

ipv6-address - x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

network-queue

network-queue

Syntax

network-queue policy-name [create]

no network-queue policy-name

Context

[Tree] (config>qos network-queue)

Full Context

configure qos network-queue

Description

This command creates a context to configure a network queue policy. Network queue policies define the ingress network queuing at the FP network node level and on the Ethernet port and SONET/SDH path level to define network egress queuing.

Default

network-queue "default”

Parameters

policy-name

The name of the network queue policy.

Values

Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

create

Required keyword when creating a network queue policy.

Platforms

All

network-queue

Syntax

network-queue src-name dst-name [overwrite]

Context

[Tree] (config>qos>copy network-queue)

Full Context

configure qos copy network-queue

Description

This command copies or overwrites existing network queue QoS policies to another network queue policy ID.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

network-queue

Indicates that the source policy ID and the destination policy ID are network-queue policy IDs. Specify the source policy ID that the copy command will attempt to copy from and specify the destination policy ID to which the command will copy a duplicate of the policy.

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, the following message is generated indicating that the destination policy ID exists.

Example:
    — SR7>config>qos# copy network-queue nq1 nq2
    — MINOR: CLI Destination "nq2" exists - use {overwrite}.
    — SR7>config>qos# copy network-queue nq1 nq2 overwrite

Platforms

All

network-rtt-threshold

network-rtt-threshold

Syntax

network-rtt-threshold network-rtt-threshold

no network-rtt-threshold

Context

[Tree] (config>app-assure>group>tcp-optimizer network-rtt-threshold)

Full Context

configure application-assurance group tcp-optimizer network-rtt-threshold

Description

This command configures the threshold of the Route Trip Time (RTT) delay of the network side (between AA and the content provider) above which TCP Optimization (TCPO) is performed. This enables the operator to disable optimization for content that is served from a location close to the TCP optimizer.

Default

no network-rtt-threshold

Parameters

network-rtt-threshold

Specifies the network side RTT delay threshold, inmilliseconds.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

network-type

network-type

Syntax

network-type {sdh | sonet}

Context

[Tree] (config>system>ptp network-type)

Full Context

configure system ptp network-type

Description

This command configures the codeset to be used for the encoding of QL values into PTP clockClass values and vice versa when the profile is configured for G.8265.1 or G.8275.2.

This setting only applies to the range of values observed in the clockClass values transmitted out of the node in Announce messages. The router supports the reception of any valid value in Table 1/G.8265.1 and Table2/G.8275.2.

Default

network-type sdh

Parameters

sdh

Specifies the values used on a G.781 Option 1 compliant network.

sonet

Specifies the values used on a G.781 Option 2 compliant network.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

new-password-at-login

new-password-at-login

Syntax

[no] new-password-at-login

Context

[Tree] (config>system>security>user>console new-password-at-login)

Full Context

configure system security user console new-password-at-login

Description

This command forces the user to change a password at the next console login. The new password applies to FTP but the change can be enforced only by the console, SSH, or Telnet login.

The no form of this command does not force the user to change passwords.

Default

no new-password-at-login

Platforms

All

new-qinq-untagged-sap

new-qinq-untagged-sap

Syntax

[no] new-qinq-untagged-sap

Context

[Tree] (config>system>ethernet new-qinq-untagged-sap)

Full Context

configure system ethernet new-qinq-untagged-sap

Description

This command controls the behavior of QinQ SAP y.0 (for example, 1/1/1:3000.0). If the flag is not enabled (no new-qinq-untagged-sap), the y.0 SAP works the same as the y.* SAP (for example, 1/1/1:3000.*); all frames tagged with outer VLAN y and no inner VLANs or inner VLAN x where inner VLAN x is not specified in a SAP y.x configured on the same port (for example, 1/1/1:3000.10).

If the flag is enabled, then the following new behavior immediately applies to all existing and future y.0 SAPs: the y.0 SAP maps all the ingress frames tagged with outer tag VLAN-id of y (qinq-etype) and no inner tag or with inner tag of VLAN-id of zero (0). When the flag is disabled, there is no disruption for existing usage of this SAP type.

Default

no new-qinq-untagged-sap

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, VSR

new-session-id

new-session-id

Syntax

[no] new-session-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh new-session-id)

Full Context

configure subscriber-mgmt diameter-application-policy gy extended-failure-handling new-session-id

Description

This command determines the Diameter session ID when Extended Failure Handling (EFH) is active and an attempt is made to establish a new Diameter Gy session with the Online Charging Server (OCS). An attempt to establish a new Diameter Gy session is made when the allocated interim credit is used or the validity time expires for a rating group of a Diameter Gy session. The first attempt always uses a new Diameter session ID. This command controls the behavior for each subsequent attempt. The behavior is as follows:

  • no new-session-id (default) — The same Diameter session ID is used for each subsequent attempt.

  • new-session-id — A new Diameter session ID is used for each attempt.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

newline

newline

Syntax

[no] newline

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt newline)

Full Context

configure system management-interface cli md-cli environment prompt newline

Description

This command displays a new line before the first prompt line.

The no form of this command suppresses the new line before the first prompt line.

Default

newline

Platforms

All

next

next

Syntax

[no] next

Context

[Tree] (config>service>nat>pcp-server-policy>option next)

Full Context

configure service nat pcp-server-policy option next

Description

This command enables support for the next option.

The no form of this command reverts to the default.

Default

no next

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

next-attempt

next-attempt

Syntax

next-attempt {same-preference-level | next-preference-level}

no next-attempt

Context

[Tree] (config>service>vprn>l2tp next-attempt)

[Tree] (config>router>l2tp next-attempt)

Full Context

configure service vprn l2tp next-attempt

configure router l2tp next-attempt

Description

This command enables tunnel selection algorithm based on the tunnel preference level.

The no form of this command reverts to the default.

Default

next-attempt next-preference-level

Parameters

same-preference-level

If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example, a tunnel in a denylist) then the next elected tunnel, if available, is chosen within the same preference-level as the last attempted tunnel. Only when all tunnels within the same preference level are exhausted, the tunnel selection algorithm moves to the next preference level.

In case that a new session setup request is received while all tunnels on the same preference level are denylisted, the L2TP session tries to be established on denylisted tunnels before the tunnel selection moves to the next preference level.

next-preference-level

If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a denylist) then the selection algorithm tries to select the tunnel from the next preference level, even though the tunnels on the same preference level might be available for selection.

Default

next-preference-level

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

next-header

next-header

Syntax

next-header next-header

no next-header

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry next-header)

Full Context

configure system security management-access-filter ipv6-filter entry next-header

Description

This command specifies the next header to match. The protocol type such as TCP, UDP or OSPF is identified by its respective protocol number. Well-known protocol numbers include ICMP(1), TCP(6), UDP(17). IPv6 Extension headers are identified by the next header IPv6 numbers as per RFC2460. This command only applies to the 7750 SR and 7950 XRS.

Parameters

next-header

Specifies for IPv4 MAF the IP protocol field, and for IPv6 the next header type to be used in the match criteria for this Management Access Filter Entry.

Values

next-header:

0 to 255, protocol numbers accepted in DHB

keywords:

none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, drp, igmp, igp, ip, ipv6, ipv6-icmp, ipv6-no-nxt, isis, iso-ip, l2tp, spf-igp, pim, pnni, ptp, rdp, rsvp, stp, tcp, udp, vrrp

Platforms

All

next-hop

next-hop

Syntax

next-hop {ip-address | ip-int-name | ipv6 address}

Context

[Tree] (config>service>vprn>static-route-entry next-hop)

Full Context

configure service vprn static-route-entry next-hop

Description

This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface or a point-to-point interface, the ip-int-name of the unnumbered or point-to-point interface (on this node) can be configured.

If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.

Default

no next-hop

Parameters

ip-int-name, ipv4-address, ipv6-address

the IP-INT, IPv4, and IPv6 addresses

Values

The following values apply to the 7750 SR and 7950 XRS:

ip-int-name

32 characters max

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

Platforms

All

next-hop

Syntax

next-hop ip-address

no next-hop

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>pri next-hop)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>bkup next-hop)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop next-hop

configure router mpls forwarding-policies forwarding-policy next-hop-group backup-next-hop next-hop

Description

This command configures the address of primary or backup next hop of an NHG entry in a forwarding policy.

The no form of this command removes the address of primary or backup next hop of an NHG entry in a forwarding policy.

Parameters

ip-address

Specifies the destination IPv4 or IPv6 address.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

Platforms

All

next-hop

Syntax

next-hop {ip-int-name | ip-address | ipv6-address}

Context

[Tree] (config>router>static-route-entry next-hop)

Full Context

configure router static-route-entry next-hop

Description

This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over a point-to-point unnumbered interface, the ip-int-name of the unnumbered point-to-point interface (on this node) can be configured.

If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.

Default

no next-hop

Parameters

ip-int-name | ip-address | ipv6-address

Specifies the interface or IPv4/IPv6 address of the next hop.

Values

The following values apply to the 7750 SR, 7450 ESS, and 7950 XRS:

ip-int-name

32 characters max

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface: 32 characters maximum, mandatory for link local addresses

Platforms

All

next-hop

Syntax

[no] next-hop ip-address

Context

[Tree] (config>vrrp>policy>priority-event>route-unknown next-hop)

Full Context

configure vrrp policy priority-event route-unknown next-hop

Description

This command enables an allowed next hop IP address to match the IP route prefix for a route-unknown priority control event.

If the next-hop IP address does not match one of the defined ip-address, the match is considered unsuccessful and the route-unknown event transitions to the set state.

The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information.

When more than one next hop IP addresses are eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multiple times has no effect after the first instance.

The no form of the command removes the ip-address from the list of acceptable next hops when looking up the route-unknown prefix. If this ip-address is the last next hop defined on the route-unknown event, the returned next hop information is ignored when testing the match criteria. If the ip-address does not exist, the no next-hop command returns a warning error, but continues to execute if part of an exec script.

Default

no next-hop — No next hop IP address for the route unknown priority control event is defined.

Parameters

ip-address

The IP address for an acceptable next hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix.

Values

The following values apply to the 7450 ESS:

ipv4-address: a.b.c.d

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:

[0..FFFF]H

interface:

32 chars maximum, mandatory for link local addresses

The link-local IPv6 address must have an interface name specified. The global IPv6 address must not have an interface name specified.

Platforms

All

next-hop

Syntax

next-hop ip-address

next-hop prefix-list name

no next-hop

Context

[Tree] (config>router>policy-options>policy-statement>entry>from next-hop)

Full Context

configure router policy-options policy-statement entry from next-hop

Description

This command enables BGP routes to be matched based on the BGP next-hop address. The match condition is evaluated against the IPv4 or IPv6 address in the NEXT_HOP or MP_REACH_NLRI attribute.

When the next-hop match is applied to VPN-IP routes, the Route Distinguisher (RD) is ignored.

A non-BGP route does not match a policy entry if it contains the next-hop command.

Default

no next-hop

Parameters

ip-address

An IPv4 or IPv6 address.

Values

a.b.c.d or x:x:x:x:x:x:x:x or x:x:x:x:x:x:d.d.d.d

name

Specifies the name of a prefix-list (up to 64 characters).

prefix-list

Specifies that the BGP next hop should be matched against a prefix-list instead of an individual IP address.

Platforms

All

next-hop

Syntax

next-hop {ip-address | peer-address}

no next-hop

Context

[Tree] (config>router>policy-options>policy-statement>default-action next-hop)

[Tree] (config>router>policy-options>policy-statement>entry>action next-hop)

Full Context

configure router policy-options policy-statement default-action next-hop

configure router policy-options policy-statement entry action next-hop

Description

This command assigns the specified next hop IP address to routes matching the policy statement entry.

If a next-hop IP address is not specified, the next-hop attribute is not changed.

The no form of this command disables assigning a next hop address in the route policy entry.

Default

no next-hop

Parameters

ip-address

Specifies the next hop IP address in dotted decimal notation.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

param-name:

The next-hop parameter variable name.

Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

peer-address

Set the next-hop IP address to the peer’s IP address.

Platforms

All

next-hop-address

next-hop-address

Syntax

next-hop-address ip-address

no next-hop-address

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id next-hop-address)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id next-hop-address

Description

This command configures the IP address of the next hop for the P2MP SR tree replication segment.

The no form of this command removes the next hop address.

Parameters

ip-address

Specifies the IPv4 or IPv6 address.

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

where:

x: [0 to FFFF]H

d: [0 to 255]D

interface: up to 32 characters, mandatory for link local addresses

Platforms

All

next-hop-group

next-hop-group

Syntax

next-hop-group index [resolution-type { direct | indirect}]

no next-hop-group index

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy next-hop-group)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group

Description

This command configures an NHG entry in an MPLS forwarding policy.

Each NHG can have primary and backup next hops of the same type.

The no form of this command removes the NHG from the MPLS forwarding policy.

Parameters

index

Specifies the index value.

Values

1 to 32

direct

Specifies the direct resolution type.

indirect

Specifies the indirect resolution type.

Platforms

All

next-hop-id

next-hop-id

Syntax

[no] next-hop-id next-hop-id-index

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment next-hop-id)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id

Description

This command configures the next-hop ID for the P2MP SR tree replication segment.

A replication policy can have multiple next-hop IDs used at a replication node where there are multiple outgoing interfaces or protection next hops.

The no form of this command removes the next-hop ID.

Parameters

next-hop-id-index

Specifies the index value of the next hop.

Values

1 to 4096

Platforms

All

next-hop-interface-name

next-hop-interface-name

Syntax

next-hop-interface-name interface-name

no next-hop-interface-name

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id next-hop-interface-name)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id next-hop-interface-name

Description

This command provides the outgoing interface name for the P2MP SR tree replication segment.

The no form of this command removes the outgoing interface name.

Parameters

interface-name

Specifies the name of the outgoing interface, up to 32 characters.

Platforms

All

next-hop-reachability

next-hop-reachability

Syntax

[no] next-hop-reachability

Context

[Tree] (configure>service>vprn>bgp>group>neighbor>bfd-strict-mode next-hop-reachability)

[Tree] (configure>router>bgp>bfd-strict-mode next-hop-reachability)

[Tree] (configure>router>bgp>group>neighbor>bfd-strict-mode next-hop-reachability)

[Tree] (configure>service>vprn>bgp>group>bfd-strict-mode next-hop-reachability)

[Tree] (configure>router>bgp>group>bfd-strict-mode next-hop-reachability)

[Tree] (configure>service>vprn>bgp>bfd-strict-mode next-hop-reachability)

Full Context

configure service vprn bgp group neighbor bfd-strict-mode next-hop-reachability

configure router bgp bfd-strict-mode next-hop-reachability

configure router bgp group neighbor bfd-strict-mode next-hop-reachability

configure service vprn bgp group bfd-strict-mode next-hop-reachability

configure router bgp group bfd-strict-mode next-hop-reachability

configure service vprn bgp bfd-strict-mode next-hop-reachability

Description

This command configures the router to consider next-hop self routes belonging to specific address families received from a peer within scope of this command as having an unresolved next hop, provided that the following requirements are met:

  • The BFD session to the peer is in a down state.

  • There is a valid interface BFD configuration that applies to the peer.

  • There is a valid BFD liveness configuration that applies to the peer.

The unresolved state is maintained until the BFD session state changes to up or administratively down, even if there is a resolving route or tunnel that matches the BGP next-hop address.

Routes received from one peer with a BGP next-hop address equal to the address of another peer are not affected by the BFD session to the other peer.

The behavior of the router when this command is enabled does not depend on whether Strict-BFD is used, as both features are independent.

Enabling this command only affects routes belonging to the following address families:

  • IPv4

  • IPv6

  • IPv4 VPN

  • IPv6 VPN

  • labeled unicast IPv4

  • labeled unicast IPv6

  • EVPN

  • IPv4 multicast

  • IPv6 multicast

  • IPv4 VPN multicast

  • IPv6 VPN multicast

The no form of this command prevents the router from considering next-hop self routes belonging to the preceding address families as having an unresolved next hop if the BFD session goes down.

Default

no next-hop-reachability

Platforms

All

next-hop-resolution

next-hop-resolution

Syntax

next-hop-resolution

Context

[Tree] (config>service>vprn>bgp next-hop-resolution)

Full Context

configure service vprn bgp next-hop-resolution

Description

Commands in this context configure next-hop resolution parameters.

Platforms

All

next-hop-resolution

Syntax

next-hop-resolution

Context

[Tree] (config>router>bgp next-hop-resolution)

Full Context

configure router bgp next-hop-resolution

Description

Commands in this context configure next-hop resolution parameters.

Platforms

All

next-hop-self

next-hop-self

Syntax

[no] next-hop-self

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy next-hop-self)

Full Context

configure subscriber-mgmt bgp-peering-policy next-hop-self

Description

This command configures the neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.

The no form of this command disables the command.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

next-hop-self

Syntax

[no] next-hop-self

Context

[Tree] (config>service>vprn>bgp>group>neighbor next-hop-self)

[Tree] (config>service>vprn>bgp>group next-hop-self)

Full Context

configure service vprn bgp group neighbor next-hop-self

configure service vprn bgp group next-hop-self

Description

This command configures the group or neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.

This is primarily used to avoid third-party route advertisements when connected to a multi-access network.

The no form of this command used at the group level allows third-party route advertisements in a multi-access network.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no next-hop-self — Third-party route advertisements are allowed.

Platforms

All

next-hop-self

Syntax

[no] next-hop-self

Context

[Tree] (config>router>bgp>group next-hop-self)

[Tree] (config>router>bgp>group>neighbor next-hop-self)

Full Context

configure router bgp group next-hop-self

configure router bgp group neighbor next-hop-self

Description

This command enables BGP to advertise routes to members of a group or to a specific neighbor using a local address of the BGP instance as the BGP next-hop address. Note that next-hop-self is set without exception, regardless of the route source (EBGP or IBGP) or its family. When used with VPN-IPv4 and VPN-IPv6 routes the enable-rr-vpn-forwarding command should also be configured.

The no form of this command uses protocol standard behavior to decide whether or not to set next-hop-self in advertised routes.

Default

no next-hop-self

Platforms

All

next-hop-self

Syntax

[no] next-hop-self

Context

[Tree] (config>router>policy-options>policy-statement>default-action next-hop-self)

[Tree] (config>router>policy-options>policy-statement>entry>action next-hop-self)

Full Context

configure router policy-options policy-statement default-action next-hop-self

configure router policy-options policy-statement entry action next-hop-self

Description

This command configures BGP to advertise routes that match a policy entry (or that match no other policy entry and, therefore, to which the default action applies) using a local address of the BGP instance as the BGP next-hop address. The command applies to IPv4, IPv6, label-IPv4, and label-IPv6 routes. It also applies to VPN-IPv4 and VPN-IPv6 routes, but only when used in conjunction with the enable-rr-vpn-forwarding command.

This command affects how routes are advertised to IBGP peers, regardless of whether or not they were learned from an IBGP or EBGP peer

The no form of this command uses protocol standard behavior to decide whether or not to set next-hop-self in advertised routes.

Default

no next-hop-self

Platforms

All

next-hop-unchanged

next-hop-unchanged

Syntax

next-hop-unchanged [label-ipv4] [label-ipv6] [vpn-ipv4] [vpn-ipv6] [ evpn]

no next-hop-unchanged

Context

[Tree] (config>router>bgp>group next-hop-unchanged)

[Tree] (config>router>bgp>group>neighbor next-hop-unchanged)

Full Context

configure router bgp group next-hop-unchanged

configure router bgp group neighbor next-hop-unchanged

Description

This command enables unchanged BGP next-hops when sending BGP routes to peers in this group or neighbor.

The no form of this command disables unchanged BGP next-hops.

Default

no next-hop-unchanged

Parameters

evpn

Specifies BGP next hops are unchanged for the evpn address family.

label-ipv4

Specifies BGP next hops are unchanged for the label-ipv4 address family.

label-ipv6

Specifies BGP next hops are unchanged for the label-ipv6 address family.

vpn-ipv4

Specifies BGP next hops are unchanged for the vpn-ipv4 address family.

vpn-ipv6

Specifies BGP next hops are unchanged for the vpn-ipv6 address family.

Platforms

All

nh-type

nh-type

Syntax

nh-type {ip | tunnel}

no nh-type

Context

[Tree] (config>router>route-next-hop-policy>template nh-type)

Full Context

configure router route-next-hop-policy template nh-type

Description

This command configures the next-hop type constraint into the route next-hop policy template.

The user can select if tunnel backup next-hop or IP backup next-hop is preferred. The default in SR OS implementation is to prefer IP next-hop over tunnel next-hop. The implementation will fall back to the other type if no LFA next-hop of the preferred type is found.

When the route next-hop policy template is applied to an IP interface, all prefixes using this interface as a primary next-hop will follow the next-hop type preference specified in the template.

The no form deletes the next-hop type constraint from the route next-hop policy template.

Default

nh-type ip

Parameters

{ip | tunnel}

Specifies the two possible values for the next-hop type.

Default

ip

Platforms

All

nmda

nmda

Syntax

nmda

Context

[Tree] (config>system>management-interface>yang-modules nmda)

Full Context

configure system management-interface yang-modules nmda

Description

Commands in this context configure the attributes for the Network Management Datastores Architecture (NMDA).

Platforms

All

nmda-support

nmda-support

Syntax

[no] nmda-support

Context

[Tree] (config>system>management-interface>yang-modules>nmda nmda-support)

Full Context

configure system management-interface yang-modules nmda nmda-support

Description

This command enables the advertisement of NMDA support over NETCONF through the use of YANG library 1.1.

The no form of this command disables NMDA advertisement over NETCONF and YANG library 1.0 is used.

Default

no nmda-support

Platforms

All

no-match-action

no-match-action

Syntax

no-match-action action

no no-match-action

Context

[Tree] (config>open-flow>of-switch>flowtable no-match-action)

Full Context

configure open-flow of-switch flowtable no-match-action

Description

This command configures the action for the flow table when a packet does not match any entry for the controller.

The no form of this command restores the default action.

Default

no-match-action fall-through

Parameters

action

Specifies the action for the flow table.

Values

drop — Specifies that packets that do not match entries in the flow table as programmed by the OpenFlow switch will be dropped.

fall-through — Specifies that packets that do not match entries in the flow table as programmed by the OpenFlow switch will be forwarded using regular processing by the router. Fall-through applies if an error occurs that prevents a flow table from being installed in a filter policy.

packet-in — Specifies that packets that do not match entries in the flow table as programmed by the OpenFlow switch will be extracted and sent to the controller in a flow-controlled manner. If this action is used, an auxiliary channel should be enabled for packet-in processing using the aux-channel-enable command.

Platforms

All

node

node

Syntax

node origin-host-string [destination-realm destination-realm-string]

no diameter-node

Context

[Tree] (config>aaa>diam node)

Full Context

configure aaa diameter node

Description

This command creates a Diameter client node in the SR OS. Multiple Diameter client nodes with their own peer definitions are simultaneously supported in SR OS.

Each such node is defined by a unique DiameterIdentity (the origin host and realm names).

The no form of this command removes the origin host string from the configuration.

Parameters

origin-host-string

Specifies the origin host name, up to 80 characters, is a mandatory parameter that translates to an Origin-Host AVP that is carried in all Diameter messages. The origin host and origin realm form a Diameter Identity that must be unique within the Diameter network in which they participate.

destination-realm-string

Specifies the destination realm name, up to 80 characters, is an optional parameter that translates to an Origin-Realm AVP that is carried in all Diameter messages. The destination host and destination realm form a Diameter Identity that must be unique within the Diameter network in which they participate

If the realm name is not configured, it will be extracted from the host parameter as follows:

  • it is set to the string after the first dot (.) in the configured origin-host-string

  • it is set to the configured origin-host-string if a dot (.) is not present in the string

create

Keyword used to create the Diameter client node. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

node

Syntax

[no] node host-name

Context

[Tree] (debug>diameter node)

Full Context

debug diameter node

Description

This command debugs the Diameter node. Node-level debugging can report on all message exchange between the peers. Although this level can report messages that contain session id (app level messages), this level is session unaware. It deals strictly with getting the messages in and out of the system (connection level messages which are not routable, and application level messages which are routable).

Parameters

host-name

Specifies the host name, up to 80 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

node-id

node-id

Syntax

node-id fqdn domain-name

node-id use-ip-address

Context

[Tree] (config>subscr-mgmt>pfcp-association node-id)

Full Context

configure subscriber-mgmt pfcp-association node-id

Description

This command configures the FQDN as sent in PFCP messages. This command can be configured to use the linked interface source IP address, or a pre-configured.

Default

node-id use-ip-address

Parameters

domain-name

Specifies the FQDN, up to 255 characters.

use-ip-address

Specifies to use the IP address of the interface configured for this association.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

node-id

Syntax

node-id node-id

no node-id

Context

[Tree] (config>router>mpls>mpls-tp node-id)

Full Context

configure router mpls mpls-tp node-id

Description

This command configures the MPLS-TP Node ID for the node. This is used as the 'from’ Node ID used by MPLS-TP LSPs originating at this node. The default value of the node-id is the system interface IPv4 address. The Node ID may be entered in 4-octet IPv4 address format, <a.b.c.d>, or as an unsigned 32 bit integer. The Node ID is not treated as a routable IP address from the perspective of IP routing, and is not advertised in any IP routing protocols.

The MPLS-TP context cannot be administratively enabled unless at least a system interface IPv4 address is configured because MPLS requires that this value is configured.

Default

no node-id

Parameters

node-id

Specifies the MPLS-TP node ID for the node.

Values

a.b.c.d or 1 to 4294967295

Default

System interface IPv4 address

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

node-id

Syntax

node-id mac-address

no node-id

Context

[Tree] (config>eth-ring node-id)

Full Context

configure eth-ring node-id

Description

This optional command configures the MAC address of the RPL control. The default is to use the chassis MAC for the ring control. This command overrides the chassis MAC address with a different MAC address.

The no form of the command removes the RPL link.

Default

no node-id

Parameters

mac-address

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

node-id-in-rro

node-id-in-rro

Syntax

[no] node-id-in-rro [include | exclude]

Context

[Tree] (config>router>rsvp node-id-in-rro)

Full Context

configure router rsvp node-id-in-rro

Description

This command enables the option to include node-id sub-object in RRO. Node-ID sub-object propagation is required to provide fast reroute protection for LSP that spans across multiple area domains.

If this option is disabled, then node-id is not included in RRO object.

Default

node-id-in-rro exclude

Platforms

All

node-protect

node-protect

Syntax

[no] node-protect

Context

[Tree] (config>router>mpls>lsp-template>fast-reroute node-protect)

[Tree] (config>router>mpls>lsp>fast-reroute node-protect)

Full Context

configure router mpls lsp-template fast-reroute node-protect

configure router mpls lsp fast-reroute node-protect

Description

This command enables or disables node and link protection on the specified LSP. Node protection ensures that traffic from an LSP traversing a neighboring router will reach its destination even if the neighboring router fails.

Default

node-protect (for a provisioned LSP)

no node-protect (for a P2P LSP template)

Platforms

All

node-protect

Syntax

node-protect [max-pq-nodes value]

no node-protect

Context

[Tree] (config>router>isis>loopfree-alternates>remote-lfa node-protect)

Full Context

configure router isis loopfree-alternates remote-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Parameters

value

Specifies the maximum number of PQ nodes found in the LFA SPFs for which the node protection check is performed. The node-protect condition means the router must run the original Remote LFA algorithm plus one extra forward SPF on behalf of each PQ node found, potentially after applying the max-pq-cost parameter, to check if the path from the PQ node to the destination does not traverse the protected node. Setting this parameter to a lower value means the LFA SPFs will use less computation time and resources but may result in not finding a node-protect repair tunnel.

Values

1 to 32

Default

16

Platforms

All

node-protect

Syntax

[no] node-protect

Context

[Tree] (config>router>isis>loopfree-alternates>ti-lfa node-protect)

Full Context

configure router isis loopfree-alternates ti-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Platforms

All

node-protect

Syntax

node-protect [max-pq-nodes value]

no node-protect

Context

[Tree] (config>router>ospf3>loopfree-alternates>remote-lfa node-protect)

[Tree] (config>router>ospf>loopfree-alternates>remote-lfa node-protect)

Full Context

configure router ospf3 loopfree-alternates remote-lfa node-protect

configure router ospf loopfree-alternates remote-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Parameters

max-pq-nodes value

Specifies the maximum number of PQ nodes found in the LFA SPFs for which the node protection check is performed. The node-protect condition means the router must run the original Remote LFA algorithm plus one extra forward SPF on behalf of each PQ node found, potentially after applying the max-pq-cost parameter, to check if the path from the PQ node to the destination does not traverse the protected node. Setting this parameter to a lower value means the LFA SPFs will use less computation time and resources but may result in not finding a node-protect repair tunnel.

Values

1 to 32

Default

16

Platforms

All

node-protect

Syntax

[no] node-protect

Context

[Tree] (config>router>ospf3>loopfree-alternates>ti-lfa node-protect)

[Tree] (config>router>ospf>loopfree-alternates>ti-lfa node-protect)

Full Context

configure router ospf3 loopfree-alternates ti-lfa node-protect

configure router ospf loopfree-alternates ti-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Platforms

All

node-sid

node-sid

Syntax

[no] node-sid

Context

[Tree] (config>router>ospf3>segm-rtng>ingress-statistics node-sid)

[Tree] (config>router>ospf>segm-rtng>egress-statistics node-sid)

[Tree] (config>router>ospf>segm-rtng>ingress-statistics node-sid)

[Tree] (config>router>isis>segm-rtng>ingress-statistics node-sid)

[Tree] (config>router>ospf3>segm-rtng>egress-statistics node-sid)

[Tree] (config>router>isis>segm-rtng>egress-statistics node-sid)

Full Context

configure router ospf3 segment-routing ingress-statistics node-sid

configure router ospf segment-routing egress-statistics node-sid

configure router ospf segment-routing ingress-statistics node-sid

configure router isis segment-routing ingress-statistics node-sid

configure router ospf3 segment-routing egress-statistics node-sid

configure router isis segment-routing egress-statistics node-sid

Description

This command enables the allocation of statistic indices to each node SID (received by means of IGP advertisement). All NHLFEs associated to a given SID share the same index. If a statistics index is not available at allocation time, the allocation fails, then the system re-tries the allocation. The system generates a log on the first fail and a log on the final successful allocation.

The no form of this command disables the allocation of statistic indices to each node SID, releases the statistic indices, and clears the associated counters.

Default

no node-sid

Platforms

All

node-sid

Syntax

node-sid index index-value [clear-n-flag]

node-sid label label-value [clear-n-flag]

no node-sid

Context

[Tree] (config>router>ospf>area>interface node-sid)

[Tree] (config>router>ospf3>area>interface node-sid)

Full Context

configure router ospf area interface node-sid

configure router ospf3 area interface node-sid

Description

This command assigns a node SID index or label value to the prefix representing the primary address of a network interface of type system or loopback. A separate SID value can be configured for each IPv4 and IPv6 primary address of the interface. The secondary address of an IPv4 interface cannot be assigned a node SID index and does not inherit the SID of the primary IPv4 address.

In OSPFv2 and OSPFv3, the node SID is configured in the primary area but is inherited in any other area in which the interface is added as secondary.

This command fails if the network interface is not of type loopback or if the interface is defined in an IES or VPRN context. Assigning the same SID index or label value to the same interface in two different IGP instances is not allowed within the same node.

The value of the label or index SID is taken from the range configured for this IGP instance. When using the global mode of operation, the segment routing module checks that the same index or label value is not assigned to more than one loopback interface address. When using the per-instance mode of operation, this check is not required because the index, and therefore, the label ranges of IGP instances are not allowed to overlap.

The clear-n-flag option allows the user to clear the N-flag (node-sid flag) in an OSPF or OSPF3 prefix SID sub-TLV originated for the prefix of a loopback interface on the system. By default, the prefix SID sub-TLV for the prefix of a loopback interface is tagged as a node SID; that is, it belongs to this node only. However, to configure and advertise an anycast SID using the same loopback interface prefix on multiple nodes, the user must clear the N-flag to assure interoperability with third-party implementations, which may perform a strict check on the receive end and drop duplicate prefix SID sub-TLVs when the N-flag is set.

The SR OS implementation is relaxed on the receive end and accepts duplicate prefix SIDs with the N-flag set or clear. SR OS will resolve to the closest owner, or owners if ECMP, of the prefix SID cost-wise.

Parameters

index-value

Specifies the node SID index value.

Values

0 to 4294967295

label-value

Specifies the node SID label value.

Values

0 to 4294967295

clear-n-flag

Clears the node SID flag.

Default

no clear-n-flag

Platforms

All

node-sid

Syntax

node-sid index [0..4294967295]

node-sid label [1..4294967295]

no node-sid

Context

[Tree] (config>router>ospf>area>if>flex-algo node-sid)

Full Context

configure router ospf area interface flex-algo node-sid

Description

This command configures a flexible algorithm-aware node SID label.

The no form of this command removes the configured node SID label.

Default

no node-sid

Platforms

All

node-sid

Syntax

node-sid

no node-sid

Context

[Tree] (config>router>segment-routing>sr-mpls>prefix-sids node-sid)

Full Context

configure router segment-routing sr-mpls prefix-sids node-sid

Description

This command sets the N-flag for the SR SID. The N-flag should be set when the prefix SID is a node SID for the primary prefix. If the N-flag is not set, the SR SID is an SR anycast SID.

The no form of this command removes the assigned node SID.

Default

no node-sid

Platforms

All

nokia-combined-modules

nokia-combined-modules

Syntax

[no] nokia-combined-modules

Context

[Tree] (config>system>management-interface>yang-modules nokia-combined-modules)

Full Context

configure system management-interface yang-modules nokia-combined-modules

Description

This command enables support of the "combined” Nokia SR OS YANG files for both configuration and state data in the NETCONF server.

When management-interface configuration-mode is set to classic, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF results in errors, even if nokia-combined-modules or nokia-submodules is enabled.

This command and the nokia-submodules command cannot both be enabled at the same time.

The no form of this command disables support of the combined Nokia SR OS YANG files.

Default

nokia-combined-modules

Platforms

All

nokia-submodules

nokia-submodules

Syntax

[no] nokia-submodules

Context

[Tree] (config>system>management-interface>yang-modules nokia-submodules)

Full Context

configure system management-interface yang-modules nokia-submodules

Description

This command enables support of the alternative submodule-based packaging of the Nokia SR OS YANG files for both configuration and state data in the SR OS NETCONF server.

When management-interface configuration-mode is set to classic, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF results in errors, even if nokia-combined-modules or nokia-submodules is enabled.

This command and the nokia-combined-modules command cannot both be enabled at the same time.

The no form of this command disables support of submodule-based packaging of the Nokia SR OS YANG files.

Default

no nokia-submodules

Platforms

All

non-dr-attract-traffic

non-dr-attract-traffic

Syntax

[no] non-dr-attract-traffic

Context

[Tree] (config>service>vprn>pim non-dr-attract-traffic)

Full Context

configure service vprn pim non-dr-attract-traffic

Description

This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.

An operator can configure an interface (router or IES or VPRN interfaces) to IGMP and PIM. The interface IGMP state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers a flag non-dr-attract-traffic can be used in the PIM context to have the router ignore the DR state and attract traffic when not DR. While using this flag, the router may not send the stream down to the DSLAM while not DR.

When enabled, the designated router state is ignored. When disabled, no non-dr-attract-traffic, the designated router value is honored.

Default

no non-dr-attract-traffic

Platforms

All

non-dr-attract-traffic

Syntax

non-dr-attract-traffic [from-evpn] [from-pim-mvpn]

no non-dr-attract-traffic

Context

[Tree] (config>service>vpls>bind>evpn-mcast-gateway non-dr-attract-traffic)

Full Context

configure service vpls allow-ip-int-bind evpn-mcast-gateway non-dr-attract-traffic

Description

This command triggers the required procedures so that multicast traffic can be attracted to the router when it is not elected as DR.

The no form of this command disables the attraction of non-DR traffic.

Default

non-dr-attract-traffic from-pim-mvpn

Parameters

from-evpn

Specifies that non-DR traffic generates a wildcard SMET route to attract the MCAST traffic from the OISM domain. No Layer 3 IFF or PIM/C-MCAST route is triggered from received SMET routes on the non-DR.

from-pim-mvpn

Specifies that non-DR traffic does not generate a wildcard SMET route but it does create an IIF or generate PIM/C-MCAST join upon receiving an SMET route. Local joins on a non-SBD service generate PIM/C-MCAST routes or SMETs despite this.

Platforms

All

non-dr-attract-traffic

Syntax

[no] non-dr-attract-traffic

Context

[Tree] (config>router>pim non-dr-attract-traffic)

Full Context

configure router pim non-dr-attract-traffic

Description

This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.

An operator can configure an interface (router or IES or VPRN interfaces) to IGMP and PIM. The interface state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers a flag non-dr-attract-traffic can be used in the PIM context to have the router ignore the DR state and attract traffic when not DR. While using this flag, the router may not send the stream down to the DSLAM while not DR.

When enabled, the designated router state is ignored.

The no form of this command the designated router value is honored.

Default

no non-dr-attract-traffic

Platforms

All

non-multi-chassis-tunnel-id-range

non-multi-chassis-tunnel-id-range

Syntax

non-multi-chassis-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id

non-multi-chassis-tunnel-id-range default

no non-multi-chassis-tunnel-id-range

Context

[Tree] (config>system>l2tp non-multi-chassis-tunnel-id-range)

Full Context

configure system l2tp non-multi-chassis-tunnel-id-range

Description

This command sets the tunnel-id range that is used to allocate a new tunnel-id for a tunnel for which no multi-chassis redundancy is configured.

The no form of this command is a double negation and means all tunnel-IDs are configured for multi-chassis redundancy.

Default

Sets the tunnel-id range to the full tunnel-id range available on this system meaning that by default no tunnel-ID has multi-chassis redundancy.

non-multi-chassis-tunnel-id-range default or non-multi-chassis-tunnel-id-range start 1 end <maximum tunnel-id>

The default for start l2tp-tunnel-id is 1. No tunnel-ids are available for which no multi-chassis redundancy is configured when set to 0.

The default for end l2tp-tunnel-id is the maximum tunnel-id allowed on this system. The end l2tp-tunnel-id must be set to 0 when the start l2tp-tunnel-id is set to 0 and vice versa.

Parameters

start l2tp-tunnel-id

Specifies the start of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values

0 to 16383

end l2tp-tunnel-id

Specifies the end of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values

1 to 16383

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

non-sub-traffic

non-sub-traffic

Syntax

non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string] [app-profile app-profile-name]

no non-sub-traffic

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt>single-sub non-sub-traffic)

[Tree] (config>service>vpls>sap>sub-sla-mgmt>single-sub non-sub-traffic)

[Tree] (config>subscr-mgmt>msap-policy>sub-sla-mgmt>single-sub non-sub-traffic)

[Tree] (config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt>single-sub non-sub-traffic)

Full Context

configure service ies subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters non-sub-traffic

configure service vpls sap sub-sla-mgmt single-sub-parameters non-sub-traffic

configure subscriber-mgmt msap-policy sub-sla-mgmt single-sub-parameters non-sub-traffic

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters non-sub-traffic

Description

This command configures traffic profiles for non-IP traffic such as PPPoE packets on a VPLS SAP. It is used in conjunction with the profiled-traffic-only command to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.

The no form of this command removes any configured profile.

Parameters

sub-profile-name

Specifies an existing subscriber profile name to be associated with the non-sub-traffic L2 host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.

sla-profile-name

Specifies an existing SLA profile name to be associated with the non-sub-traffic L2 host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

sub-ident-string

Specifies the subscriber ID to be associated with the non-sub-traffic L2 host. The sub-ident-string should match the dynamic subscriber associated with the SAP. If no sub-ident-string is configured and no dynamic subscriber is yet associated, then the system will use a default subscriber ID that is overridden when a dynamic subscriber is created on the SAP.

app-profile-name

Specifies an existing app profile name to be associated with the non-sub-traffic L2 host. The application profile is configured in the config>app-assure>group>policy>app-prof context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

non-vid-pid-absent

non-vid-pid-absent

Syntax

non-vid-pid-absent milli-seconds

no non-vid-pid-absent

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms non-vid-pid-absent)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms non-vid-pid-absent)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms non-vid-pid-absent)

Full Context

configure mcast-management multicast-info-policy bundle video analyzer alarms non-vid-pid-absent

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms non-vid-pid-absent

configure mcast-management multicast-info-policy bundle channel video analyzer alarms non-vid-pid-absent

Description

This command configures the analyzer to check for a PID within the specified interval.

Default

no non-vid-pid-absent

Parameters

milli-seconds

Specifies the interval, in milliseconds.

Values

100 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

nonce-length

nonce-length

Syntax

nonce-length length

no nonce-length

Context

[Tree] (config>service>vprn>l2tp>group>l2tpv3 nonce-length)

[Tree] (config>router>l2tp>l2tpv3 nonce-length)

[Tree] (config>service>vprn>l2tp>l2tpv3 nonce-length)

Full Context

configure service vprn l2tp group l2tpv3 nonce-length

configure router l2tp l2tpv3 nonce-length

configure service vprn l2tp l2tpv3 nonce-length

Description

This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP.

The no form of this command removes the nonce length from the configuration.

Default

no nonce-length

Parameters

length

Specifies the length of the Nonce AVP value.

Values

16 to 64

default

When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the nonce-length configuration within the config>service>vprn>l2tp>l2tpv3 context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

normal-state

normal-state

Syntax

normal-state {open | closed}

Context

[Tree] (config>system>alarm-contact-input normal-state)

Full Context

configure system alarm-contact-input normal-state

Description

This command configures the normal state of the alarm contact input circuit. When the system detects a transition from the normal state, an alarm is generated. The alarm is cleared when the system detects a transition back to the normal state.

Note:

Configure the normal state as closed if an external power source is used to power the alarm contact inputs.

Default

normal-state open

Parameters

open

Specifies that the normal state of the alarm contact input circuit is open. When the system detects a transition to the closed state, an alarm is generated. The alarm is cleared when the system detects a transition back to the open state.

closed

Specifies that the normal state of the alarm contact input circuit is closed. When the system detects a transition to the open state, an alarm is generated. The alarm is cleared when the system detects a transition back to the closed state.

Platforms

7750 SR-a

notification

notification

Syntax

[no] notification

Context

[Tree] (config>port>ethernet>lldp>dstmac notification)

Full Context

configure port ethernet lldp dest-mac notification

Description

This command enables LLDP notifications.

The no form of this command disables LLDP notifications.

Default

no notification

Platforms

All

notification

Syntax

notification [neighbor ip-address | group name]

no notification

Context

[Tree] (debug>router>bgp notification)

Full Context

debug router bgp notification

Description

This command decodes and logs all sent and received notification messages in the debug log.

The no form of this command disables the debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

notification-bundling

notification-bundling

Syntax

notification-bundling

Context

[Tree] (config>system>telemetry notification-bundling)

Full Context

configure system telemetry notification-bundling

Description

Commands in this context configure SubscribeResponse notification bundling.

Platforms

All

notification-interval

notification-interval

Syntax

notification-interval time

no notification-interval

Context

[Tree] (config>system>lldp notification-interval)

Full Context

configure system lldp notification-interval

Description

This command configures the minimum time between change notifications.

The no form of this command reverts to the default value.

Default

no notification-interval

Parameters

time

Specifies the minimum time, in seconds, between change notifications.

Values

5 to 3600

Default

5

Platforms

All

notify-dest-change

notify-dest-change

Syntax

[no] notify-dest-change

Context

[Tree] (config>filter>redirect-policy notify-dest-change)

Full Context

configure filter redirect-policy notify-dest-change

Description

This command instructs the system to send notifications (Log, SNMP, …) when the active destination of a redirect policy changes. No notification is sent when there are no more active destinations (as this is covered by a specific other notification). Notifications can be controlled (using the config>log>event-control command) using application ID 2017 and event-name tFilterRPActiveDstChangeEvent.

The no form of the command disables notification generation.

Default

no notify-dest-change

Platforms

All

nssa

nssa

Syntax

[no] nssa

Context

[Tree] (config>service>vprn>ospf3>area nssa)

[Tree] (config>service>vprn>ospf>area nssa)

Full Context

configure service vprn ospf3 area nssa

configure service vprn ospf area nssa

Description

This command creates the context to configure an OSPF Not So Stubby Area (NSSA) and adds/removes the NSSA designation from the area.

NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is that an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF domain.

Existing virtual links of a non-stub or NSSA area are removed when the designation is changed to NSSA or stub.

An area can be designated as stub or NSSA but never both at the same time.

By default, an area is not configured as an NSSA area.

The no form of this command removes the NSSA designation and configuration context from the area.

Default

no nssa — The OSPF area is not an NSSA.

Platforms

All

nssa

Syntax

[no] nssa

Context

[Tree] (config>router>ospf>area nssa)

[Tree] (config>router>ospf3>area nssa)

Full Context

configure router ospf area nssa

configure router ospf3 area nssa

Description

This command creates the context to configure an OSPF or OSPF3 Not So Stubby Area (NSSA) and adds/removes the NSSA designation from the area.

NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF or OSPF3 domain.

Existing virtual links of a non-stub or NSSA area will be removed when the designation is changed to NSSA or stub.

An area can be designated as stub or NSSA but never both at the same time.

By default, an area is not configured as an NSSA area.

The no form of this command removes the NSSA designation and configuration context from the area.

Default

no nssa

Platforms

All

nssa-range

nssa-range

Syntax

nssa-range [ip-address]

no nssa-range

Context

[Tree] (debug>router>ospf nssa-range)

[Tree] (debug>router>ospf3 nssa-range)

Full Context

debug router ospf nssa-range

debug router ospf3 nssa-range

Description

This command enables debugging for an NSSA range.

Parameters

ip-address

Specifies the IPv4 or IPv6 address range to debug OSPF or OSPF3 leaks.

Values

ipv4-address:

  • a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

ntf-logout-retry-count

ntf-logout-retry-count

Syntax

ntf-logout-retry-count [value]

no ntf-logout-retry-count

Context

[Tree] (config>service>vprn>wpp>portals>portal ntf-logout-retry-count)

[Tree] (config>router>wpp>portals>portal ntf-logout-retry-count)

Full Context

configure service vprn wpp portals portal ntf-logout-retry-count

configure router wpp portals portal ntf-logout-retry-count

Description

This command configures the number of retransmissions of an NTF_LOGOUT message.

The no form of this command reverts to the default.

Default

ntf-logout-retry-count 5

Parameters

value

Specifies the number of retransmissions of an NTF_LOGOUT message.

Values

0 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ntp

ntp

Syntax

[no] ntp

Context

[Tree] (config>service>vprn ntp)

Full Context

configure service vprn ntp

Description

Commands in this context configure Network Time Protocol (NTP) and its operation. It also enables NTP server mode within the VPRN routing instance so that the router will respond to NTP requests from external clients received inside the VPRN.

The no form of this command stops the execution of NTP and removes its configuration.

Platforms

All

ntp

Syntax

[no] ntp

Context

[Tree] (config>system>time ntp)

Full Context

configure system time ntp

Description

Commands in this context configure Network Time Protocol (NTP) and its operation. This protocol defines a method to accurately distribute and maintain time for network elements. Furthermore, this capability allows for the synchronization of clocks between the various network elements.

The no form of the command stops the execution of NTP and remove its configuration.

Default

ntp

Platforms

All

ntp

Syntax

ntp [router router-instance] [interface ip-int-name]

Context

[Tree] (debug>system ntp)

Full Context

debug system ntp

Description

This command enables and configures debugging for NTP.

The no form of the command disables debugging for NTP.

Parameters

router-instance

Specifies the router name or CPM router instance.

Values

router-name | vprn-svc-id

router-name – "Base”, "management”

vprn-svc-id – 1 to 2147483647

Default

Base

ip-int-name

Specifies the name of the IP interface. The name can be up to 32 characters and must begin with a letter. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Platforms

All

ntp-reply

ntp-reply

Syntax

[no] ntp-reply

Context

[Tree] (config>service>ies>if>ipv6>vrrp ntp-reply)

[Tree] (config>service>ies>if>vrrp ntp-reply)

Full Context

configure service ies interface ipv6 vrrp ntp-reply

configure service ies interface vrrp ntp-reply

Description

This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.

The no form of this command disables NTP Requests from being processed.

Default

no ntp-reply

Platforms

All

ntp-reply

Syntax

[no] ntp-reply

Context

[Tree] (config>service>vprn>if>ipv6>vrrp ntp-reply)

[Tree] (config>service>vprn>if>vrrp ntp-reply)

Full Context

configure service vprn interface ipv6 vrrp ntp-reply

configure service vprn interface vrrp ntp-reply

Description

This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.

The no form of this command disables NTP Requests from being processed.

Default

no ntp-reply

Platforms

All

ntp-reply

Syntax

[no] ntp-reply

Context

[Tree] (config>router>if>ipv6>vrrp ntp-reply)

[Tree] (config>router>if>vrrp ntp-reply)

Full Context

configure router interface ipv6 vrrp ntp-reply

configure router interface vrrp ntp-reply

Description

This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.

The no form of this command disables NTP Requests from being processed.

Default

no ntp-reply

Platforms

All

ntp-server

ntp-server

Syntax

ntp-server [authenticate]

no ntp-server

Context

[Tree] (config>system>time>ntp ntp-server)

Full Context

configure system time ntp ntp-server

Description

This command configures the node to assume the role of an NTP server. Unless the server command is used, this node will function as an NTP client only and will not distribute the time to downstream network elements.

Default

no ntp-server

Parameters

authenticate

Specifies to make authentication a requirement (optional). If authentication is required, the authentication key-id received in a message must have been configured in the authentication-key command, and that key-id type and key value must also match.

The authentication key from the received messages will be used for the transmitted messages.

Platforms

All

number

number

Syntax

number {eq | neq | lt | lte | gt | gte} event-id

no number

Context

[Tree] (config>service>vprn>log>filter>entry>match number)

Full Context

configure service vprn log filter entry match number

Description

This command adds an SR OS application event number as a match criterion.

SR OS event numbers uniquely identify a specific logging event within an application.

Only one number command can be entered per event filter entry. The latest number command overwrites the previous command.

The no form of this command removes the event number as a match criterion.

Default

no event-number — No event ID match criterion is specified.

Parameters

eq | neq | lt | lte | gt | gte

Specifies the type of match. Valid operators are listed below.

Values
Table 1. Valid Operators

Operator

Note

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

event-id

Specifies the event ID, expressed as a decimal integer.

Values

1 to 4294967295

Platforms

All

number

Syntax

number {eq | neq | lt | lte | gt | gte} event-id

no number

Context

[Tree] (config>log>filter>entry>match number)

Full Context

configure log filter entry match number

Description

This command adds an SR OS application event number as a match criterion.

SR OS event numbers uniquely identify a specific logging event within an application.

Only one number command can be entered per event filter entry. The latest number command overwrites the previous command.

The no form of this command removes the event number as a match criterion.

Parameters

eq | neq | lt | lte | gt | gte

Specifies the type of match. Valid operators are listed in Valid Operators.

Table 2. Valid Operators

Operator

Notes

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

event-id

The event ID, expressed as a decimal integer.

Values

1 to 4294967295

Platforms

All

number-down

number-down

Syntax

number-down number-lag-port-down level level-id

no number-down number-lag-port-down

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac>mc-constraints number-down)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac mc-constraints number-down

Description

This command configures the number of ports down along with level for multicast CAC policy on an MSAP.

The no form of this command reverts to the default.

Parameters

number-lag-port-down

Specifies the number of port in a LAG group that are down. If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface is as per the levels configured in this context.

Values

1 to 64 (for 64-link LAG)

1 to 32 (for other LAGs)

level-id

Specifies the amount of bandwidth available within a given bundle for MC traffic for a specified level.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

number-down

Syntax

number-down number-lag-port-down level level-id

no number-down number-lag-port-down

Context

[Tree] (config>service>vpls>sap>mld-snooping>mcac>mc-constraints number-down)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac>mc-constraints number-down)

Full Context

configure service vpls sap mld-snooping mcac mc-constraints number-down

configure service vpls sap igmp-snooping mcac mc-constraints number-down

Description

This command configure the number of ports down along with level for multicast CAC policy on this interface.

Default

no number-down

Parameters

number-lag-port-down

Specifies that the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.

Values

1 to 64 (for 64-link LAG) 1 to 32 (for other LAGs)

Platforms

All

number-down

Syntax

number-down number-lag-port-down level level-id

no number-down

Context

[Tree] (config>service>vprn>pim>if>mcac>mc-constraints number-down)

[Tree] (config>service>vprn>igmp>if>mcac>mc-constraints number-down)

[Tree] (config>service>vprn>mld>if>mcac>mc-constraints number-down)

Full Context

configure service vprn pim interface mcac mc-constraints number-down

configure service vprn igmp interface mcac mc-constraints number-down

configure service vprn mld interface mcac mc-constraints number-down

Description

This command configures the number of ports down and level for interface’s multicast CAC policy.

The no form of this command removes the values from the configuration.

Default

not enabled

Parameters

number-lag-port-down

If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.

Values

1 to 64 (for 64-link LAG)

1 to 32 (for other LAGs)

level-id

Specifies an entry for the multicast CAC policy constraint level configured on this system.

Values

1 to 8

Platforms

All

number-down

Syntax

number-down number-lag-port-down level level-id

no number-down number-lag-port-down

Context

[Tree] (config>router>pim>if>mcac>mc-constraints number-down)

[Tree] (config>router>mld>if>mcac>mc-constraints number-down)

[Tree] (config>router>igmp>if>mcac>mc-constraints number-down)

Full Context

configure router pim interface mcac mc-constraints number-down

configure router mld interface mcac mc-constraints number-down

configure router igmp interface mcac mc-constraints number-down

Description

This command configures the number of ports down along with level for the MCAC policy on this interface.

The no form of this command removes the values from the configuration.

Parameters

number-lag-port-down

Specifies the number of LAG ports down. If the number of ports available in the LAG is reduced by the number of ports configured in this command, then the bandwidth allowed for a bundle or interface will be as per the levels configured in this context.

Values

1 to 64 (for 64-link LAG)

1 to 32 (for other LAGs)

level level-id

Specifies the bandwidth for a given level. Level 1 has the highest priority. Level 8 has the lowest priority.

Values

1 to 8

Platforms

All

number-down

Syntax

[no] number-down number-of-lag-ports-down

Context

[Tree] (config>vrrp>policy>priority-event>lag-port-down number-down)

Full Context

configure vrrp policy priority-event lag-port-down number-down

Description

This command creates a context to configure an event set threshold within a lag-port-down priority control event.

The number-down command defines a sub-node within the lag-port-down event and is uniquely identified with the number-of-lag-ports-down parameter. Each number-down node within the same lag-port-down event node must have a unique number-of-lag-ports-down value. Each number-down node has its own priority command that takes effect whenever that node represents the current threshold.

The total number of sub-nodes (uniquely identified by the number-of-lag-ports-down parameter) allowed in a single lag-port-down event is equal to the total number of possible physical ports allowed in a LAG.

A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that is the active threshold.

The no form of the command deletes the event set threshold. The threshold may be removed at any time. If the removed threshold is the current active threshold, the event set thresholds must be re-evaluated after removal.

Default

no number-down — No threshold for the LAG priority event is created.

Parameters

number-of-lag-ports-down

The number of LAG ports down to create a set event threshold. This is the active threshold when the number of down ports in the LAG equals or exceeds number-of-lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports-down.

Values

1 to 64 (applies to 64-link LAG) 1 to 32 (applies to other LAGs)

Platforms

All

number-paths

number-paths

Syntax

number-paths number-of-paths [redundant-sfm number-of-paths]

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths>secondary-paths number-paths)

Full Context

configure mcast-management bandwidth-policy t2-paths secondary-paths number-paths

Description

This command is used to explicitly provision the number of secondary paths (and imply the number of primary paths) supported by the TChip based forwarding plane the bandwidth policy is managing. The default (and minimum) number of secondary paths is 1 and the maximum configurable is 15. The number of primary paths is total number of available paths minus the number of secondary paths.

Secondary paths are used by:

  • Expedited VPLS, IES and VPRN service ingress multipoint queues

  • Expedited network ingress multipoint queues

  • Managed multicast explicit path primary channels (using the primary paths managed multipoint queue)

  • All managed multicast dynamic path channels when the primary paths or multicast planes are not at their limit (using the primary paths managed multipoint queue)

  • Highest preference managed multicast dynamic path channels when the primary paths or multicast planes are at their limit (using the primary paths managed multipoint queue)

Secondary paths are used by:

  • Best-Effort VPLS, IES and VPRN service ingress multipoint queues

  • Best-Effort network ingress multipoint queues

  • Managed multicast explicit path secondary channels (using the secondary paths managed multipoint queue)

  • Lower preference managed multicast dynamic path channels when the primary paths or multicast planes are at their limit (using the secondary paths managed multipoint queue)

The number of secondary paths should be increased from the default value of 1 when a single secondary path is enough for explicit secondary path managed traffic or the amount of best-effort multipoint non-managed queue traffic.

The no form of this command restores the default number of secondary paths.

Default

number-paths 1 redundant-sfm 1

Parameters

number-of-paths

Specifies the number of secondary paths when only one switch fabric is active, while the dual-sfm parameter specifies the same value when two switch fabrics are active.

Values

1 to 15

Default

1

number-retries

number-retries

Syntax

number-retries number-retries

no number-retries

Context

[Tree] (config>service>vpls>mac-move number-retries)

[Tree] (config>service>template>vpls-template>mac-move number-retries)

Full Context

configure service vpls mac-move number-retries

configure service template vpls-template mac-move number-retries

Description

This command configures the number of times retries are performed for re-enabling the SAP/SDP.

Default

number-retries 3

Parameters

number-retries

Specifies number of retries for re-enabling the SAP/SDP. A zero (0) value indicates unlimited number of retries.

Values

0 to 255

Platforms

All