n Commands

Context

[Tree] (config>port>ethernet>elmi n393)

Full Context

configure port ethernet elmi n393

Description

This command configures the monitored count of consecutive errors.

Parameters

value

Specifies the monitored count of consecutive errors.

Values

2 to 10

Platforms

All

Context

[Tree] (config>service>vprn>dhcp>server>pool nak-non-matching-subnet)

[Tree] (config>router>dhcp>server>pool nak-non-matching-subnet)

Full Context

configure service vprn dhcp local-dhcp-server pool nak-non-matching-subnet

configure router dhcp local-dhcp-server pool nak-non-matching-subnet

Description

When this command is enabled, if the local DHCPv4 server receives a DHCP request with option 50 (client requested a previously allocated message as described in section 3.2 of RFC 2131, Dynamic Host Configuration Protocol) and the address allocation algorithm uses a pool that does not have option 50, the system returns a DHCP NAK. Otherwise, the system drops the DHCP packet.

The no form of this command reverts to the default.

Default

no nak-non-matching-subnet

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>http-enrich>field name)

Full Context

configure application-assurance group http-enrich field name

Description

This command configures an HTTP enrichment template field header name.

The no form of this command removes the http enrichment template field header name from the configuration.

Parameters

header-name

Specifies the name of the http enrichment policy that is inserted before the actual field name (e.g. x-subId = subscriberID).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system name)

Full Context

configure system name

Description

This command creates a system name string for the device.

For example, system-name parameter ALA-1 for the name command configures the device name as ALA-1.

ABC>config>system# name "ALA-1"
ALA-1>config>system#

Only one system name can be configured. If multiple system names are configured, the last one encountered overwrites the previous entry.

The no form of the command reverts to the default value.

Default

no name

Parameters

system-name

Specifies the system name as a character string. The string may be up to 64 characters. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>entry>from>policy-variables name)

[Tree] (config>router>policy-options>global-variables name)

Full Context

configure router policy-options policy-statement entry from policy-variables name

configure router policy-options global-variables name

Description

This command configures routing policies that are often reused across BGP peers of a common type (transit, peer, customer, and so on). Using global variables allows a user to have a single variable that is consistent across all peers of a type, while retaining the flexibility to reference different policy functions (prefixes, prefix-lists, community lists, and so on) with unique names.

Depending on the parameter referenced, specify the correct type as follows:

• value-string: as-path, as-path-group, community, prefix-list, damping

• ip-address: next-hop

• value-number: aigp-metric, as-path-prepend, local-preference, metric, origin, origin-validation, preference, tag, type

The no form of this command removes the global variable.

Parameters

name-string

Specifies the name of the global variable, with the variable delimited by at-signs (@) at the beginning and the end of the name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

value-string

The value of the policy variable. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

value-number

Specifies the numerical value of the policy variable.

Values

0 to 4294967295

ip-address

Specifies the IP address of the policy variable.

Values

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

decimal

Specifies the decimal value of the policy variable.

Values

0.000 to 4294967295.000

ip-prefix/ip-prefix-length

Specifies the IP prefix and prefix length of the policy variable.

Values

ip-prefix/ip-prefix-length	ipv4-prefix/ipv4-prefix-length | ipv6-prefix/ipv6-prefix-length
ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	[0 to 32]
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D
ipv6-prefix-length	[0 to 128]

Platforms

All

Context

[Tree] (config>eth-cfm>system named-display)

Full Context

configure eth-cfm system named-display

Description

This command configures name-based display on the system for show eth-cfm CLI outputs. By default, the CLI outputs only display the values for the domain md-index, association ma-index, and bridge-identifier bridge-number. When this command is enabled, the outputs also display the administrative names for domains, associations, and bridge-identifiers in addition to the numerical values.

The no form of this command disables name-based display for show eth-cfm CLI outputs.

Default

no named-display

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>qos>copy named-pool-policy)

Full Context

configure qos copy named-pool-policy

Description

This command copies an existing named-pool-policy to another named-pool-policy. The copy command is a configuration level maintenance tool used to create new entries using an existing profile ID. If overwrite is not specified, an error occurs if the destination policy exists.

Parameters

src-name

Specifies the existing source named-pool-policy, up to 32 characters, from which the copy command attempts to copy.

dst-name

Specifies the destination named-pool-policy dst-name, up to 32 characters, to which the copy command attempts to copy.

overwrite

Use this parameter when the named-pool-policy dst-name already exists. If it does, everything in the existing destination named-pool-policy dst-name is completely overwritten with the contents of the named-pool-policy src-name. The overwrite parameter must be specified or else the following error message is returned:

MINOR: CLI use {overwrite}; destination named-pool-policy "test" exists.

If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.

Platforms

All

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-identifier)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-identifier

Description

This command enables the generation of the nas-identifier RADIUS attribute.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-identifier)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-identifier)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-identifier

configure subscriber-mgmt authentication-policy include-radius-attribute nas-identifier

Description

This command enables the generation of the nas-identifier RADIUS attribute.

The no form of this command disables the generation of the nas-identifier RADIUS attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>rad-acct-plcy>include nas-identifier)

[Tree] (config>ipsec>rad-auth-plcy>include nas-identifier)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute nas-identifier

configure ipsec radius-authentication-policy include-radius-attribute nas-identifier

Description

This command enables the generation of the nas-identifier RADIUS attribute.

Default

no nas-identifier

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-identifier)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-identifier)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-identifier

configure aaa isa-radius-policy acct-include-attributes nas-identifier

Description

This command enables the inclusion of the NAS-Identifier attributes.

The no form of the command excludes NAS-Identifier attributes.

Default

no nas-identifier

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>rad-acct-plcy>include nas-ip-addr)

[Tree] (config>ipsec>rad-auth-plcy>include nas-ip-addr)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute nas-ip-addr

configure ipsec radius-authentication-policy include-radius-attribute nas-ip-addr

Description

This command enables the generation of the NAS IP address attribute.

Default

no nas-ip-addr

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-ip-address)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-ip-address)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-ip-address

configure aaa isa-radius-policy acct-include-attributes nas-ip-address

Description

This command enables the generation of the NAS-IP-Address RADIUS attribute.

Default

no nas-ip-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy nas-ip-address-origin)

Full Context

configure aaa isa-radius-policy nas-ip-address-origin

Description

This command specifies the RADIUS NAS-IP-Address attribute.

The no form of the command reverts to the default.

Default

nas-ip-address-origin system-ip

Parameters

system-ip

Specifies that the value of the object TIMETRA-VRTR-MIB::vRiaIpAddress.1.1.1 is used.

isa-ip

Specifies that a value in the range specified by tmnxRadIsaPlcySrvSrcAddrStart and tmnxRadIsaPlcySrvSrcAddrEnd is used that corresponds to the ISA card that transmits the Access-Request packet or the Accounting-Request packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-ipv6-address)

Full Context

configure aaa isa-radius-policy acct-include-attributes nas-ipv6-address

Description

This command configures the router to include the NAS-IPv6-Address attribute in RADIUS accounting messages using the address specified in the configure aaa isa-radius-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections.

The no form of this command configures the router to exclude the NAS-IPv6-Address attribute from RADIUS accounting messages.

Default

nas-ipv6-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-ipv6-address)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-ipv6-address

Description

This command configures the router to include the NAS-IPv6-Address attribute in RADIUS authentication messages using the address specified in the configure aaa isa-radius-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections.

The no form of this command configures the router to exclude the NAS-IPv6-Address attribute from RADIUS authentication messages.

Default

nas-ipv6-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-port

Description

This command enables the generation of the nas-port RADIUS attribute. Enter decimal representation of a 32-bit string that indicates the port information. This 32-bit string can be compiled based on different information from the port (data types). Using number-of-bits data-type syntax indicates the number of bits from the 32 bits that are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0s and 1s as bits can be added.

The no form of this command disables the nas-port configuration.

Parameters

binary-spec

Specifies the NAS port attribute.

Values

binary-spec	<bit-specification> <binary-spec>
bit-specification	0 | 1 | <bit-origin>
bit-origin	*<number-of-bits><origin>
number-of-bits	1 to 32
origin	s | m | p | o | i | v | c
	s	slot number
	m	MDA number
	p	port number, lag-id, pw-id or pxc-id
	o	outer VLAN ID
	i	inner VLAN ID
	v	ATM VPI
	c	ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Output

The following output shows an example.

*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=>  0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309 

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-port)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port

configure subscriber-mgmt authentication-policy include-radius-attribute nas-port

Description

This command enables the generation of the nas-port RADIUS attribute. You enter decimal representation of a 32-bit string that indicates your port information. This 32-bit string can be compiled based on different information from the port (data types). By using syntax number-of-bits data-type you indicate how many bits from the 32 bits are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0's and/or 1's as bits can be added.

The no form of this command disables the nas-port configuration.

Parameters

binary-spec

Specifies the NAS port attribute.

Values

binary-spec	<bit-specification> <binary-spec>
bit-specification	0 | 1 | <bit-origin>
bit-origin	*<number-of-bits><origin>
number-of-bits	1 to 32
origin	s | m | p | o | i | v | c
	s	slot number
	m	MDA number
	p	port number, lag-id, pw-id or pxc-id
	o	outer VLAN ID
	i	inner VLAN ID
	v	ATM VPI
	c	ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Output

The following is an example of binary spec information.

*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=>  0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309 

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port

configure subscriber-mgmt diameter-application-policy gx include-avp nas-port

Description

This command specifies the format of the 32 bit string used as value for the Nas-Port AVP.

Parameters

binary-spec

Specifies the NAS-Port AVP format.

Values

binary-spec	<bit-specification> <binary-spec>
bit-specification	0 | 1 | <bit-origin>
bit-origin	*<number-of-bits><origin>
number-of-bits	1 to 32
origin	s | m | p | o | i | v | c
	s	slot number
	m	MDA number
	p	port number, lag-id, pw-id or pxc-id
	o	outer VLAN ID
	i	inner VLAN ID
	v	ATM VPI
	c	ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-port

configure aaa isa-radius-policy acct-include-attributes nas-port

Description

This command enables the generation of the NAS-Port RADIUS attribute.

Default

no nas-port

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port-id)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.

The no form of this command reverts to the default.

Parameters

string

Specifies that a user configurable string be added to the RADIUS NAS port attribute, up to 8 characters.

suffix-option

Specifies the suffix type to be added to the RADIUS NAS port attribute.

Values

circuit-id, remote-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-port-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute nas-port-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.

The no form of this command disables the generation of the nas-port-id RADIUS attribute.

Parameters

string

Specifies that a user configurable string is added to the RADIUS NAS port attribute, up to 8 characters.

suffix-option

Specifies the suffix type to be added to the RADIUS NAS port attribute.

Values

circuit-id, remote-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port-id)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port-id

configure subscriber-mgmt diameter-application-policy gx include-avp nas-port-id

Description

This command includes the Nas-Port-Id AVP.

Parameters

prefix-type

Specifies what type of prefix is added to the NAS-Port-Id attribute if included in Nas-Port-Id AVP messages.

Values

none — No prefix is added

user-string — Specifies the user configurable string to be added as prefix to the NAS-Port-Id attribute if included in DIAMETER Gx messages

prefix-string

Specifies the user configurable string up to 8 characters, to be added as a prefix.

suffix-type}

Specifies the suffix to be added to the NAS-Port attribute NAS-Port AVP.

Values

none — No suffix is added

circuit-id — Specifies the circuit-id is added as suffix-string

remote-id — Specifies the remote-id is added as suffix-string

user-string — Specifies a user configurable suffix-string is added

suffix-string

Specifies the string, up to 64 characters, to be added as suffix.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>rad-acct-plcy>include nas-port-id)

[Tree] (config>ipsec>rad-auth-plcy>include nas-port-id)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute nas-port-id

configure ipsec radius-authentication-policy include-radius-attribute nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.

Default

no nas-port-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port-id)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port-id)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-port-id

configure aaa isa-radius-policy acct-include-attributes nas-port-id

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.

Default

no nas-port-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port-type)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute nas-port-type

Description

This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.

The no form of this command reverts to the default.

Parameters

type

Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port-type)

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute nas-port-type)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port-type

configure subscriber-mgmt authentication-policy include-radius-attribute nas-port-type

Description

This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.

The no form of this command disables the generation of the nas-port-type RADIUS attribute

Parameters

value

Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port-type)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port-type)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port-type

configure subscriber-mgmt diameter-application-policy gx include-avp nas-port-type

Description

This command includes the Nas-Port-Type AVP.

Parameters

none

Specifies values as defined in RFC 2865, Remote Authentication Dial-In User Service (RADIUS), and RFC 4603, Additional Values for the NAS-Port-Type Attribute.

type

Specifies the integer value for the Nas-Port-Type AVP.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port-type)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port-type)

Full Context

configure aaa isa-radius-policy auth-include-attributes nas-port-type

configure aaa isa-radius-policy acct-include-attributes nas-port-type

Description

This command enables the generation of the NAS-Port-Type RADIUS attribute.

The no form of the command disables the generation.

Default

no nas-port-type

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy nasreq)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq

Description

Commands in this context configure NASREQ application-specific attributes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>wlan-gw-group nat)

Full Context

configure isa wlan-gw-group nat

Description

Commands in this context configure NAT parameters under wlan-gw-group.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync nat)

Full Context

configure redundancy multi-chassis peer sync nat

Description

Commands in this context synchronize NAT groups.

The no form of this command disables the feature.

Default

nat

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn nat)

[Tree] (config>router nat)

Full Context

configure service vprn nat

configure router nat

Description

This command enables a NAT instance for the specified router or service.

The no form of this command disables the NAT instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>li>li-source nat)

Full Context

configure li li-source nat

Description

Commands in this context configure LI NAT parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscriber-mgmt>pfcp-association nat)

Full Context

configure subscriber-mgmt pfcp-association nat

Description

Commands in this context configure NAT groups for BNG CUPS PFCP association (see the nat-group command in the config>subscriber-mgmt>pfcp-association>nat context).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ip-filter>entry>action nat)

Full Context

configure filter ip-filter entry action nat

Description

This command enables NAT traffic diversion based on IPv4 filters (LSN44) or IPv6 filters (DS-Lite, NAT64). The filter contains a matching condition based on any combination of the 5 tuple. Traffic is diverted to NAT based on such defined matching condition. Filter fields outside of the 5 tuples are not valid and it will be ignored in filter based traffic diversion to NAT.

The pool selection for the outside IP address and port along with other mapping characteristics can be specified by the means on the NAT policy.

Parameters

nat-type

Specifies the NAT type.

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ipv6-filter>entry>action nat)

Full Context

configure filter ipv6-filter entry action nat

Description

This command enables NAT traffic diversion based on IPv4 filters (LSN44) or IPv6 filters (DS-Lite, NAT64). The filter contains a matching condition based on any combination of the 5 tuple. Traffic is diverted to NAT based on such defined matching condition. Filter fields outside of the 5 tuples are not valid and it will be ignored in filter based traffic diversion to NAT.

The pool selection for the outside IP address and port along with other mapping characteristics can be specified by the means on the NAT policy.

Parameters

nat-type

Specifies the NAT type.

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (admin nat)

Full Context

admin nat

Description

This command performs NAT operations.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-profile nat-access-mode)

Full Context

configure subscriber-mgmt sub-profile nat-access-mode

Description

This command configures the NAT access mode.

Access mode in L2-Aware NAT environment is a reflection of supported home set up (bridged or routed) in relation to the configured anti-spoof setting.

This configuration option is only applicable to L2-Aware NAT subscribers. It determines which home model is supported with L2-Aware NAT:

• Bridged RG with mac-ip anti-spoof

• Bridged RG with nh-mac anti-spoof

• Routed RG with NAT and mac-ip anti-spoof

• Routed RG with NAT and nh-mac anti-spoof

• Routed RG without NAT and nh-mac anti-spoof

Default

nat-access-mode auto

Parameters

access-mode

Specifies the NAT access mode.

Values

auto — The supported combinations are:

• Bridged RG with mac-ip anti-spoof

• Routed RG with NAT and mac-ip anti-spoof

• Routed RG with NAT and nh-mac anti-spoof

• Routed RG without NAT and nh-mac anti-spoof

bridged — The supported combinations are:

• Bridged RG with mac-ip anti-spoof

• Bridged RG with nh-mac anti-spoof

• Routed RG with NAT and mac-ip anti-spoof

• Routed RG with NAT and nh-mac anti-spoof

• Routed RG without NAT and nh-mac anti-spoof

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-prof nat-allow-bypass)

Full Context

configure subscriber-mgmt sub-profile nat-allow-bypass

Description

This command enables L2-Aware NAT host for selective bypass. L2-aware NAT subscribers eligible for NAT bypass must be explicitly enabled with this command. Once enabled, the ip-filter configuration applied in sub-profile determines whether the traffic is bypassed.

The no form of this command causes traffic received from subscribers associated with this profile to not bypass the Layer-2-Aware NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>nat-policy>dnat nat-classifier)

Full Context

configure service nat nat-policy dnat nat-classifier

Description

This command when configured within the nat-policy, references a nat-classifier and consequently activates DNAT functionality. Unless this command is provisioned, the destination IP address translation will not take place. The nat-classifier identifies the traffic (in a filter-like fashion) that is subjected to DNAT.

The no form of this command removes the nat-classifier-name from the configuration.

Parameters

nat-classifier-name

Specifies the name, up to 32 characters, of the NAT classifier.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat nat-classifier)

Full Context

configure service nat nat-classifier

Description

This command creates a nat-classifier. Traffic can be identified in nat-classifier based on the protocol type and destination ports. Once the traffic is identified, an action associated with identified traffic, such as destination NAT (DNAT), can be taken.

The no form of the command removes the nat-classifier-name from the configuration.

Parameters

nat-classifier-name

Specifies the name, up to 32 characters, of the referenced NAT classifier.

create

Keyword used to create the NAT classifier.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>isa-svc-chain nat-group)

Full Context

configure router isa-service-chaining nat-group

Description

This command allows service chaining to be enabled for subscribers whose NAT flows are established on the set of ISAs in the specified NAT group.

The no form of this command removes the NAT group from the configuration.

Parameters

nat-group-id

Specifies the NAT group identifier.

Values

1 to 4

create

Keyword used to create the NAT group instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync>nat nat-group)

Full Context

configure redundancy multi-chassis peer sync nat nat-group

Description

This command enables MCS for NAT. NAT group health information is exchanged between the pair of redundant NAT nodes. The system elects one of the nodes as the active node for the NAT group, while the other node becomes a standby node.

The no form of this command disables multi-chassis synchronization for a NAT group.

Default

no nat-group

Parameters

nat-group-id

Specifies the NAT group that is synchronized.

Values

1 to 4

tag

Specifies the synchronization tag that must be the same on both nodes of the NAT group. It is mandatory and must match its counterpart on the peering node for the NAT group that is being synchronized, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa nat-group)

Full Context

configure isa nat-group

Description

This command configures an ISA NAT group.

The no form of the command removes the ID from the configuration.

Parameters

nat-group-id

Specifies the ISA NAT group ID.

Values

1 to 4

create

Keyword used to create the NAT group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscriber-mgmt>pfcp-association>nat nat-group)

Full Context

configure subscriber-mgmt pfcp-association nat nat-group

Description

This command configures a NAT group participating in NAT on BNG CUPS. ISAs in the NAT group are enabled for operation in BNG CUPS, but are not limited to BNG CUPS deployment. They can be used simultaneously with other versions of NAT in BNG, outside of the CUPS functionality.

The no version of this command deletes the NAT group.

Parameters

nat-group-id

Specifies the NAT group ID.

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>inside nat-import)

[Tree] (config>service>vprn>nat>inside nat-import)

Full Context

configure router nat inside nat-import

configure service vprn nat inside nat-import

Description

This command references an import-policy to determine the routes that should be installed in the routing table as NAT routes, which are used to steer traffic to NAT.

A dynamic route obtained by BGP-VPN can be imported into an inside (private side) routing context in NAT environment. This route is associated with a NAT policy that maps traffic destined into a NAT pool and outside routing context. If the NAT policy is not explicitly configured in the import route policy, the imported NAT route is, by default, associated with the default NAT policy defined in the NAT inside routing context.

All BGP-VPN routes that are destined to be imported into NAT inside routing context must be configured with action-type accept in the route policy.

Parameters

policy-name

Specifies up to five NAT import policy names, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>nat nat-import)

Full Context

debug nat nat-import

Description

This command enables debugging for routes dynamically imported into NAT from BGP.

The events related to dynamic routes in NAT can be filtered by a specific route and inside routing context.

Only events related to dynamic imports are dispayed. Events related to static route configurations are not shown.

Typical debug output displays the following information:

• 18 2021/06/15 09:29:54.436 UTC MINOR: DEBUG #2001 vprn550 NAT_IMPORT

  This entry represents the debug event, the inside service in which the event occurred, and the process related to the event. For this particular log, the event ID is 2001 which occurred in the inside service vprn 550 and was related to a dynamic route importing into NAT.

• dest-prefix 10.10.10.0/24 nat-policy ls-outPolicy service 500 : start import : ACCEPT by policy-statement evaluation

  This entry represents the description of the event. The destination prefix 10.10.10.0/24 is associated with nat-policy ls-outPolicy and was successfully imported from the outside vprn 500 (into the inside vprn 550 identified by the first entry).

The no form of the command disables debugging of the specified parameters.

Parameters

all

Specifies to debug all routes dynamically imported into NAT from BGP.

router-instance

Specifies filtering based on specific inside routing context.

ipv4-address

Specifies filtering based on the specific route.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>epipe nat-outside)

Full Context

configure service epipe nat-outside

Description

This command binds an Epipe to a NAT context running on an ISA-BB, allowing the Epipe to act as the outside service for the NAT or firewall. When nat-outside is enabled, one end of the Epipe is implicitly tied to ISA BB forwarding, leaving one remaining SAP, spoke, or similar available to be configured.

The no version of this command removes the Epipe binding to a NAT context.

Parameters

nat-group-id

The NAT group ID where the PPPoE client is applied.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range nat-policy)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range nat-policy)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range nat-policy

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range nat-policy

Description

This command specifies the NAT policy for WLAN-GW ISA subscribers.

The no form of this command reverts to the default.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside nat-policy)

[Tree] (config>router>nat>inside nat-policy)

[Tree] (config>router>policy-options>policy-statement>entry>action nat-policy)

Full Context

configure service vprn nat inside nat-policy

configure router nat inside nat-policy

configure router policy-options policy-statement entry action nat-policy

Description

This command configures the NAT policy that is used for large-scale NAT in this service. If a nat-policy is not configured, then the default nat-policy is used.

The no form of the command removes the policy name from the configuration.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>policy-options>policy-statement>default-action nat-policy)

Full Context

configure router policy-options policy-statement default-action nat-policy

Description

This command assigns a NAT policy to the matched routes that do not have a more specific nat-policy configured under action.

A dynamic route obtained by BGP-VPN can be imported into an inside (private side) routing context in NAT environment. This route must be associated with a NAT policy that maps traffic destined to it into a NAT pool and outside routing context. If the NAT policy is not specified within the route policy, the imported NAT route, by default, is associated with the default NAT policy defined in the NAT inside routing context.

All BGP-VPN routes that are destined to be imported into NAT inside routing context must have action-type set to accept, regardless of whether the NAT policy is configured in the action.

The no form of the command removes the policy name from the configuration.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat nat-policy)

Full Context

configure service nat nat-policy

Description

This command configures a NAT policy.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

create

Keyword used to create the NAT policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-profile nat-policy)

Full Context

configure subscriber-mgmt sub-profile nat-policy

Description

This command configures the NAT policy to be used for subscribers associated with this subscriber profile.

Parameters

policy-name

Specifies the policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>syslog>syslog-export-policy>include nat-policy-name)

Full Context

configure service nat syslog syslog-export-policy include nat-policy-name

Description

This command includes the NAT policy name in the flow log.

The no form of the command disables the feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>persistence nat-port-forwarding)

Full Context

configure system persistence nat-port-forwarding

Description

This command configures NAT port forwarding persistence parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nat-port-range)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute nat-port-range

Description

This command enables the generation of the of nat-port-range attribute.

The no form of this command disables the generation of the nat-port-range attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-prof nat-prefix-list)

Full Context

configure subscriber-mgmt sub-profile nat-prefix-list

Description

This command specifies the nat-prefix-list referenced within the subscriber-profile is used to associate L2-aware subscriber traffic with additional nat-policies based on the destination IPv4 address of the traffic.

The no form of the command removes the prefix list name from the configuration.

Parameters

name

Specifies the nat prefix list name. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat nat-prefix-list)

Full Context

configure service nat nat-prefix-list

Description

This command is used to create configuration context for:

• IP prefixes that are used select multiple nat-policies per subscriber in L2-aware NAT.

• Inside IP prefixes in DNAT-only scenario. The inside IP prefixes are then setup as downstream routes used to steer the return (downstream) traffic to the proper MS-ISA.

The no form of the command removes the prefix list name from the configuration.

Parameters

name

Specifies the nat prefix list name. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

application application-choice

Specifies how this NAT prefix list is to be applied.

Values

l2-aware-dest-to-policy: Specifies that the nat-prefix-list can be applied only within the sub-profile for l2-aware subscribers. It will contain mapping between the destination prefix and a nat-policy. dnat-only-subscribers: Specifies that the nat-prefix-list can be applied only to dnat-only-subscribers. It will contain the source-prefix that needs to be install in outside routing context so that the return traffic from the outside can be directed to proper MS-ISA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nat-subscriber-string)

Full Context

configure aaa isa-radius-policy acct-include-attributes nat-subscriber-string

Description

This command enables the inclusion of the NAT subscriber string attributes.

The no form of the command excludes NAT subscriber string attributes.

Default

no nat-subscriber-string

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy nat-traversal)

Full Context

configure ipsec ike-policy nat-traversal

Description

This command specifies whether NAT-T (Network Address Translation Traversal) is enabled, disabled or in forced mode.

The no form of this command reverts the parameters to the default.

Default

no nat-traversal

Parameters

force

Forces to enable NAT-T

keep-alive-interval keep-alive-interval

Specifies the keep-alive interval in seconds.

Values

120 to 600

force-keep-alive

When specified, the keep-alive does not expire.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>inside nat64)

Full Context

configure service vprn inside nat64

Description

Commands in this context configure NAT64.

The no form of the command disables NAT64.

Context

[Tree] (config>service>vprn>nat>inside nat64)

[Tree] (config>router>nat>inside nat64)

Full Context

configure service vprn nat inside nat64

configure router nat inside nat64

Description

Commands in this context configure NAT64 parameters.

The no form of the command disables NAT64.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>li>li-source>nat nat64-lsn-sub)

Full Context

configure li li-source nat nat64-lsn-sub

Description

This command configures a NAT64 LSN subscriber source.

Parameters

router-instance

Specifies the routing instance into which to inject the mirrored packets.

ipv6-prefix

Specifies the IPv6 address.

Values

ipv6-prefix:	<prefix>/<length>
prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x to [0 to FFFF]H
	d t o[0t o 255]D
<length>	[0 to 128]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>tdm>e1 national-bits)

Full Context

configure port tdm e1 national-bits

Description

This command configures the national use bits.

Parameters

sa-bits

Disables or enables SA bits.

Values

0, 1

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (debug>router>rsvp>event nbr)

Full Context

debug router rsvp event nbr

Description

This command debugs neighbor events.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about neighbor events.

Platforms

All

Context

[Tree] (config>subscr-mgmt>ppp-policy ncp-renegotiation)

Full Context

configure subscriber-mgmt ppp-policy ncp-renegotiation

Description

This command configures the NCP renegotiation.

The no form of the command reverts to the default value.

Default

ncp-renegotiation terminate-session

Parameters

ignore

Specifies that BNG ignore subsequent renegotiation messages after successful IPCP negotiation.

terminate-session

Specifies that the PPP session be terminated.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6 nd)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 nd)

Full Context

configure service vprn subscriber-interface group-interface ipv6 nd

configure service ies subscriber-interface group-interface ipv6 nd

Description

Commands in this context configure neighbor discovery (ND) parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>vpls>evpn nd)

[Tree] (config>service>ies>if>vpls>evpn nd)

Full Context

configure service vprn interface vpls evpn nd

configure service ies interface vpls evpn nd

Description

Commands in this context configure ND host route parameters.

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 nd-host-route)

Full Context

configure service vprn interface ipv6 nd-host-route

Description

Commands in this context populate ND host route entries.

Platforms

All

Context

[Tree] (config>service>ies>if>ipv6 nd-learn-unsolicited)

Full Context

configure service ies interface ipv6 nd-learn-unsolicited

Description

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router use standard RFC 4861 behavior, as described below, for learning of neighbor entries.

• If an unsolicited NA, regardless of the S flag, is received from a neighbor that is not yet in the ND cache, the NA is ignored.

• If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the stale state.

Parameters

global

Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.

link-local

Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

both

Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 nd-learn-unsolicited)

Full Context

configure service vprn interface ipv6 nd-learn-unsolicited

Description

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.

• If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.

• If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.

Parameters

global

Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.

link-local

Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

both

Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

Platforms

All

Context

[Tree] (config>router>if>ipv6 nd-learn-unsolicited)

Full Context

configure router interface ipv6 nd-learn-unsolicited

Description

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.

• If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.

• If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.

Parameters

global

Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages. This parameter is relevant only to global IPv6 addresses.

link-local

Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

both

Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

Platforms

All

Context

[Tree] (config>service>ies>interface>ipv6 nd-populate-host-route)

Full Context

configure service ies interface ipv6 nd-populate-host-route

Description

This command enables the addition or deletion of host routes in the route-table derived from neighbor entries in the neighbor cache. To enable this command, the interface must be shut down. The command triggers the population of host routes in the route table out of their corresponding static, dynamic, or EVPN types in the neighbor table. Neighbor entries installed by subscriber management, local interfaces, and others, do not create host-routes.

Only reachable entries are added to the route table (entries are created from solicited NA messages). Entries created as stale — from Neighbor Solicitation (NS), unsolicited Neighbor Advertisements (NA), Router Solicitation (RS), Router Advertisement (RA), and Redirect messages — are not added to the route table because the neighbor is not confirmed as two-way.

• RA, RS, NS, and Redirect messages with a link layer address are added as STALE cache entries. Unsolicited NAs are added as STALE if nd-learn-unsolicited is configured.

• To speed up the addition of host routes to the route table for neighbors created as STALE, the following procedure is used:

  • If nd-populate-host-route is configured, the router sends an NS (unicast Neighbor Unreachability Detection (NUD) message) to the neighbor created as STALE. Only one NUD message is sent.

  • If nd-populate-host-route is not configured, no confirmation message is sent and regular procedures apply.

• When the solicited NA for the neighbor is received, the entry becomes reachable and is then added to the route-table.

The no form of this command disables the creation of host routes from the neighbor cache.

Platforms

All

Context

[Tree] (config>service>ies>if>ipv6 nd-proactive-refresh)

Full Context

configure service ies interface ipv6 nd-proactive-refresh

Description

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends a NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters

global

Refreshes global neighbor entries.

link-local

Refreshes link local neighbor entries.

both

Refreshes both global and link local neighbor entries.

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 nd-proactive-refresh)

Full Context

configure service vprn interface ipv6 nd-proactive-refresh

Description

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters

global

Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.

link-local

Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

both

Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

Platforms

All

Context

[Tree] (config>router>if>ipv6 nd-proactive-refresh)

Full Context

configure router interface ipv6 nd-proactive-refresh

Description

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters

global

Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.

link-local

Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

both

Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

Platforms

All

Context

[Tree] (config>service>ies>if>ipv6 nd-route-tag)

Full Context

configure service ies interface ipv6 nd-route-tag

Description

This command adds a route tag to the ARP-ND host routes generated out of the neighbor entries in the interface. As any other route tag, it can be used to match ARP-ND routes in BGP export policies.

The no form of this command removes the route tag for the ARP-ND host routes.

Parameters

tag

Specifies the route tag to be added when the proxy ND entries are advertised to EVPN.

Values

1 to 255

Platforms

All

Context

[Tree] (config>router>router-advert>if nd-router-preference)

[Tree] (config>service>vprn>router-advert>if nd-router-preference)

Full Context

configure router router-advertisement interface nd-router-preference

configure service vprn router-advertisement interface nd-router-preference

Description

This command configures the default router preference for Router Advertisement (RA) and allows IPv6 hosts to discover and select a default gateway address by listening to RAs.

This feature provides basic traffic engineering functionality for host devices. When this command is applied, the router advertises the respective router preference to the connected host to assist in its selection of the most appropriate default gateway on a link.

This extension is backward compatible, both for routers (setting the router preference bits) and hosts (interpreting the router preference bits). These bits are ignored by hosts that do not implement the RFC 4191 functionality by configuring this command. Similarly, hosts that do not implement the RFC 4191 functionality interpret the values sent by devices that do not implement the RFC 4191 extension with the medium preference option.

The no form of this command configures this command to the default value.

Default

nd-router-preference medium

Parameters

medium

Specifies the router advertises a medium default gateway preference.

high

Specifies the router advertises a high default gateway preference.

low

Specifies the router advertises a low default gateway preference.

Platforms

All

Context

[Tree] (config>system>ned>profile neid)

Full Context

configure system network-element-discovery profile neid

Description

This command configures the NEID for this profile.

The no form of this command deletes the NEID for this profile.

Parameters

hex-string

A hexadecimal string that consists of a subnet ID and basic ID. The first 8 high-order bits indicate the subnet ID and range from 0x1 to 0xFE. The 16 low-order bits indicate the basic ID and ranges from 0x0001 to 0xFFFE. The NEID cannot be configured as 0x90006 to 0x9FF06 or 0x9bff0.

Values

0x10001 to 0xFEFFFE

Platforms

All

Context

[Tree] (config>service>vpls>gsmp>group neighbor)

[Tree] (config>service>vprn>gsmp>group neighbor)

Full Context

configure service vpls gsmp group neighbor

configure service vprn gsmp group neighbor

Description

Commands in this context configure a GSMP ANCP neighbor parameters.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IP address of the GSMP ANCP neighbor.

create

Keyword used to create the neighbor instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

Context

[Tree] (config>service>vprn>gsmp>group neighbor)

Full Context

configure service vprn gsmp group neighbor

Description

This command adds a neighbor in the GSMP group.

The no form of this command removes the neighbor from the GSMP group.

Parameters

ip-address

Specifies the IP address in dotted decimal notation.

create

This keyword is mandatory when creating a GSMP group name. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

All

Context

[Tree] (config>router>rip>group neighbor)

[Tree] (config>service>vprn>rip>group neighbor)

[Tree] (config>router>ripng>group neighbor)

Full Context

configure router rip group neighbor

configure service vprn rip group neighbor

configure router ripng group neighbor

Description

This command creates a context for configuring a RIP neighbor interface. By default, group interfaces are not activated with RIP, unless explicitly configured. The BNG only learns RIP routes from IPv4 host on the group interface. The RIP neighbor group interface defaults to none. The send operation is unchangeable for group-interface.

The no form of this command deletes the RIP interface configuration for this group interface. The shutdown command in the config>router>rip>group group-name>neighbor context can be used to disable an interface without removing the configuration for the interface.

Default

no neighbor

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.

Platforms

All

Context

[Tree] (config>service>ies>if>ipv6 neighbor)

Full Context

configure service ies interface ipv6 neighbor

Description

This command configures IPv6-to-MAC address mapping on the IES interface.

Parameters

ipv6-address

The IPv6 address of the interface for which to display information.

Values

ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D

mac-address

Specifies the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

All

Context

[Tree] (config>port>aps neighbor)

Full Context

configure port aps neighbor

Description

This command specifies the neighbor's IP address only on a multi-chassis APS where the working and protect circuits are configured on different routers. When the value the neighbor IP address is set to 0.0.0.0, this implies that the APS group is configured as a single-chassis APS group.

The route to the neighbor must not traverse the multi-chassis APS member (working or protect) circuits. It is recommended that the neighbor IP address configured is on a shared network between the routers that own the working and protect circuits.

By default no neighbor address is configured and both the working and protect circuits should be configured on the same router (i.e., single-chassis APS). APS is assumed to be configured wholly on a single chassis.

Parameters

ip-address

Specifies the neighbor's IP address only on a multi-chassis APS where the working and protect circuits are configured on different routers. The node should be connected with a direct interface to ensure optimum fail-over time.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:-[0 to FFFF]H
	d: [0 to 255]D

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>router>bgp>group neighbor)

Full Context

configure router bgp group neighbor

Description

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configuration.

The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shutdown, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.

Default

no neighbor

Parameters

ip-address

Specifies the IP address of the BGP peer router in dotted decimal notation.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface]

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: 32 characters maximum, mandatory for link local addresses

Platforms

All

Context

[Tree] (config>service>vprn>bgp>group neighbor)

Full Context

configure service vprn bgp group neighbor

Description

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configuration.

The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shut down, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.

Parameters

ip-address

The IP address of the BGP peer router in dotted decimal notation.

Values

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR only.

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 neighbor)

Full Context

configure service vprn interface ipv6 neighbor

Description

This command configures IPv6-to-MAC address mapping on the interface.

Parameters

ipv6-address

Specifies the IPv6 address on the interface.

Values

ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D

mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb: cc:dd:ee:ff or aa-bb-cc -dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

All

Context

[Tree] (config>service>vprn>ospf3>area>if neighbor)

[Tree] (config>service>vprn>ospf>area>if neighbor)

Full Context

configure service vprn ospf3 area interface neighbor

configure service vprn ospf area interface neighbor

Description

This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.

In addition to configuring the OSPF NBMA neighbor’s IP address, the neighbor’s MAC address may need to be configured with the config>service>vprn>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>service>vprn>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.

The no form of this command removes the neighbor configuration.

Default

No OSPF NBMA neighbors are configured.

Parameters

ip-address

Specifies the OSPFv2 neighbor’s IPv4 address or the OSPFv3 neighbor’s IPv6 link-local address.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x [-interface]
	x:x:x:x:x:x:d.d.d.d [-interface]
	x: [0..FFFF]H
	d: [0..255]D
	interface —32 characters max, for link local addresses.

Platforms

All

Context

[Tree] (config>router>if>ipv6 neighbor)

Full Context

configure router interface ipv6 neighbor

Description

This command configures an IPv6-to-MAC address mapping on the interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery, or for some reason, a static address must be used. This command can only be used on Ethernet media.

The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.

Parameters

ipv6-address

The IPv6 address assigned to a router interface.

Values

ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

mac-address

Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

Platforms

All

Context

[Tree] (debug>router>ip neighbor)

Full Context

debug router ip neighbor

Description

This command enables IPv6 neighbor debugging.

Parameters

ip-int-name

Specifies the IP interface name.

Platforms

All

Context

[Tree] (config>router>ospf3>area>interface neighbor)

[Tree] (config>router>ospf>area>interface neighbor)

Full Context

configure router ospf3 area interface neighbor

configure router ospf area interface neighbor

Description

This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.

In addition to configuring the IP address of the OSPF NBMA neighbor, the MAC address of the neighbor may need to be configured with the config>router>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>router>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.

The no form of this command removes the neighbor configuration.

Default

no neighbor

Parameters

ipv4-address

Specifies the IPv4 address of the OSPFv2 neighbor.

Values

ipv4-address — a.b.c.d

ipv6-address

Specifies the IPv6 link-local address of the OSPFv3 neighbor.

Values

ipv6-address:	x:x:x:x:x:x:x:x [-interface]
	x:x:x:x:x:x:d.d.d.d [-interface]
	x: [0..FFFF]H
	d: [0..255]D
	interface — 32 characters maximum for link local addresses.

Platforms

All

Context

[Tree] (debug>router>ospf3 neighbor)

[Tree] (debug>router>ospf neighbor)

Full Context

debug router ospf3 neighbor

debug router ospf neighbor

Description

This command enables debugging for an OSPF or OSPF3 neighbor.

Parameters

ip-int-name

Specifies the neighbor interface name.

ip-address

Specifies neighbor information for the neighbor identified by the specified IP address, in the debug>router>ospf context.

router-id

Specifies neighbor information for the neighbor identified by the specified router ID, in the debug>router>ospf3 context.

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>entry>to neighbor)

[Tree] (config>router>policy-options>policy-statement>entry>from neighbor)

Full Context

configure router policy-options policy-statement entry to neighbor

configure router policy-options policy-statement entry from neighbor

Description

This command specifies the neighbor address as found in the source address of the actual join and prune message as a filter criterion. If no neighbor is specified, any neighbor is considered a match.

The no form of the of the command removes the neighbor IP match criterion from the configuration.

Default

no neighbor

Parameters

ip-address

Specifies the neighbor IP address in dotted decimal notation.

Values

ipv4-address:

• a.b.c.d

ipv6-address:

• x:x:x:x:x:x:x:x [-interface]

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: 32 characters maximum, mandatory for link local addresses

prefix-list name

Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The name specified must already be defined.

Platforms

All

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>nd neighbor-limit)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>nd neighbor-limit)

Full Context

configure service ies subscriber-interface group-interface ipv6 nd neighbor-limit

configure service vprn subscriber-interface group-interface ipv6 nd neighbor-limit

Description

This command configures the maximum number of neighbors learned for a single host by doing neighbor discovery.

The no form of this command reverts to the default.

Default

neighbor-limit 1

Parameters

value

Specifies the maximum number of neighbors learned.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>ipv6 neighbor-limit)

Full Context

configure service ies interface ipv6 neighbor-limit

Description

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations is dropped. Entries that have already been learned is refreshed.

The no form of this command removes the neighbor-limit.

Default

no neighbor-limit

Parameters

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit is learned.

percent

The threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

limit

The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.

Values

0 to 102400

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 neighbor-limit)

Full Context

configure service vprn interface ipv6 neighbor-limit

Description

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of this command removes the neighbor-limit.

Default

neighbor-limit 90

Parameters

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.

percent

The threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

limit

The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.

Values

0 to 102400

Platforms

All

Context

[Tree] (config>router>if>ipv6 neighbor-limit)

Full Context

configure router interface ipv6 neighbor-limit

Description

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of this command removes the neighbor-limit.

Default

no neighbor-limit

Parameters

limit

The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.

Values

0 to 102400

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.

percent

The threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

Platforms

All

Context

[Tree] (config>router>ldp>graceful-restart neighbor-liveness-time)

Full Context

configure router ldp graceful-restart neighbor-liveness-time

Description

This command configures the neighbor liveness time.

The no form of this command returns the default value.

Default

no neighbor-liveness (which equals a value of 120 seconds)

Parameters

interval

Specifies the length of time in seconds.

Values

5 to 300

Platforms

All

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-relay neighbor-resolution)

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay neighbor-resolution)

Full Context

configure service ies interface ipv6 dhcp6-relay neighbor-resolution

configure service vprn interface ipv6 dhcp6-relay neighbor-resolution

Description

This command enables neighbor resolution with DHCPv6 relay.

The no form of this command disables neighbor resolution.

Platforms

All

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>auto-reply neighbor-solicitation)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>auto-reply neighbor-solicitation)

Full Context

configure service vprn subscriber-interface group-interface ipv6 auto-reply neighbor-solicitation

configure service ies subscriber-interface group-interface ipv6 auto-reply neighbor-solicitation

Description

This command enables auto-reply for neighbor solicitation.

The no form of this command disables auto-reply neighbor solicitation.

Default

neighbor-solicitation

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>bgp neighbor-trust)

Full Context

configure router bgp neighbor-trust

Description

This command enables a label security feature for prefixes of a VPN family at an inter-AS boundary.

This label security feature allows the configuration of a router, acting in a PE, ASBR, or both roles, to accept packets of VPN-IP or EVPN prefixes only from direct EBGP neighbors to which it advertised a service label.

The untrusted state identifies the participating interfaces. The router supports a maximum of 15 network interfaces that can participate in this feature.

At a high level, BGP tracks each direct EBGP neighbor over an untrusted interface to which it sent a prefix label. For each of those prefixes, BGP programs a bitmap in the ILM record that indicates, on per-untrusted interface basis, whether the matching received packets must be forwarded or dropped.

The no form of this command disables the inter-AS security feature for the VPN family.

Parameters

vpn-ipv4

Keyword to enable the inter-AS label security for VPN IPv4 family.

vpn-ipv6

Keyword to enable the inter-AS label security for VPN IPv6 family.

evpn

Keyword to enable the inter-AS label security for EVPN family.

Platforms

All

Context

[Tree] (config>system>ned>profile neip)

Full Context

configure system network-element-discovery profile neip

Description

Commands in this context configure the NEIP.

Platforms

All

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options netbios-name-server)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options netbios-name-server)

[Tree] (config>service>vprn>dhcp>server>pool>options netbios-name-server)

[Tree] (config>router>dhcp>server>pool>options netbios-name-server)

Full Context

configure subscriber-mgmt local-user-db ppp host options netbios-name-server

configure subscriber-mgmt local-user-db ipoe host options netbios-name-server

configure service vprn dhcp local-dhcp-server pool options netbios-name-server

configure router dhcp local-dhcp-server pool options netbios-name-server

Description

This command configures up to four Network Basic Input/Output System (NetBIOS) name server IP addresses for a DHCP client.

The no form of this command removes the IP address from the netbios-name-server configuration.

Parameters

ip-address

Specifies up to four NetBIOS name server IP addresses. The address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>dhcp>server>pool>options netbios-node-type)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options netbios-node-type)

[Tree] (config>service>vprn>dhcp>server>pool>options netbios-node-type)

Full Context

configure router dhcp local-dhcp-server pool options netbios-node-type

configure subscriber-mgmt local-user-db ipoe host options netbios-node-type

configure service vprn dhcp local-dhcp-server pool options netbios-node-type

Description

This command configures the Network Basic Input/Output System (NetBIOS) node type.

The no form of this command removes the NetBIOS node type parameters from the configuration.

Parameters

netbios-node-type

Specifies the netbios node type.

Values

B — Broadcast node uses broadcasting to query nodes on the network for the owner of a NetBIOS name.

P — Peer-to-peer node uses directed calls to communicate with a known NetBIOS name server for the IP address of a NetBIOS machine name.

M — Mixed node uses broadcast queries to find a node, and if that fails, queries a known P-node name server for the address.

H — Hybrid node is the opposite of the M-node action so that a directed query is executed first, and if that fails, a broadcast is attempted.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>system netconf)

Full Context

debug system netconf

Description

Commands in this context debug NETCONF.

Platforms

All

Context

[Tree] (config>system>security>profile netconf)

Full Context

configure system security profile netconf

Description

This command authorizes various netconf capabilities for the user.

Platforms

All

Context

[Tree] (config>system>security>management-interface netconf)

Full Context

configure system security management-interface netconf

Description

Commands in this context configure hash-control for the Netconf interface.

Platforms

All

Context

[Tree] (config>li>log>log-id netconf-stream)

Full Context

configure li log log-id netconf-stream

Description

This command is used to associate a NETCONF stream name with a Lawful Intercept log ID. The NETCONF stream name must be unique in the Lawful Intercept context of the SR OS device. For the same Lawful Intercept log ID, the to netconf command must be configured for a subscription to that NETCONF stream name to be accepted. If the NETCONF stream is changed, active subscriptions to the changed stream name are terminated by SR OS.

The no form of this command removes a NETCONF stream name from a Lawful Intercept log ID. Active subscriptions to the removed stream name are terminated by SR OS.

Parameters

stream-name

Specifies a NETCONF stream name, up to 32 characters.

Platforms

All

Context

[Tree] (config>log>log-id netconf-stream)

Full Context

configure log log-id netconf-stream

Description

This command is used to associate a NETCONF stream name with a log ID. The NETCONF stream name must be unique per SR OS device. For the same log ID, to netconf must be configured for a subscription to that NETCONF stream name to be accepted. A netconf-stream cannot be set to "NETCONF” as "NETCONF” is reserved for log-id 101. If a netconf-stream is changed, active subscriptions to the changed stream name are terminated by SR OS.

The no form of this command removes a NETCONF stream name from a log ID. Active subscriptions to the removed stream name are terminated by SR OS.

Parameters

stream-name

Specifies a NETCONF stream name, up to 32 characters.

Platforms

All

Context

[Tree] (config>subscr-mgmt>steering-profile network)

Full Context

configure subscriber-mgmt steering-profile network

Description

This command specifies the downstream next-hop IP address and an optional routing instance to be used as a network VAS router in the steering profile.

The no form of this command removes the specified next-hop IP address and the router instance if specified.

Parameters

ip-address

Specifies the IP address to be used as the downstream next-hop IP address in dotted decimal notation.

router-instance

Specifies the router instance to be used as an access VAS router.

Values

router-instance:	router-name | vprn-svc-id
router-name:	"Base”
vprn-svc-id:	1 to 2147483647

service-name

Specifies the service name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext network)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext network)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network

Description

Commands in this context configure network side attributes.

The no form of this command resets the network parameters to the default values.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port network)

[Tree] (config>card>mda network)

Full Context

configure port network

configure card mda network

Description

This command enables the network context to configure egress and ingress pool policy parameters.

On the MDA level, network egress pools are only allocated on channelized MDAs.

Platforms

All

Context

[Tree] (config>card>fp>ingress network)

Full Context

configure card fp ingress network

Description

This command specifies the CLI node that contains the network forwarding-plane parameters.

Platforms

All

Context

[Tree] (config>port>tdm>e1>channel-group network)

[Tree] (config>port>tdm>ds1>channel-group network)

Full Context

configure port tdm e1 channel-group network

configure port tdm ds1 channel-group network

Description

Commands in this context configure network channel group parameters.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>port>tdm>e1 network)

[Tree] (config>port>tdm>ds3 network)

[Tree] (config>port>tdm>ds1 network)

[Tree] (config>port>tdm>e3 network)

[Tree] (config>port>ethernet network)

[Tree] (config>port>sonet-sdh>path network)

Full Context

configure port tdm e1 network

configure port tdm ds3 network

configure port tdm ds1 network

configure port tdm e3 network

configure port ethernet network

configure port sonet-sdh path network

Description

This command enables access to the context to configure network port parameters.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

• configure port tdm e3 network
• configure port tdm ds3 network
• configure port tdm e1 network
• configure port tdm ds1 network

All

• configure port ethernet network

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure port sonet-sdh path network

Context

[Tree] (config>service>vpls>vxlan network)

Full Context

configure service vpls vxlan network

Description

Commands in this context configure network parameters for the VPLS VXLAN service.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn network)

Full Context

configure service vprn network

Description

Commands in this context configure network parameters for the VPRN service.

Platforms

All

Context

[Tree] (config>qos network)

Full Context

configure qos network

Description

This command creates or edits a QoS network policy. The network policy defines the treatment that IP or MPLS packets receive as they ingress and egress the network port.

The QoS network policy consists of an ingress and egress component. The ingress component of the policy defines how DiffServ code points and MPLS EXP bits are mapped to internal forwarding class and profile state. The forwarding class and profile state define the Per Hop Behavior (PHB) or the QoS treatment through the router. The mapping on each network interface defaults to the mappings defined in the default network QoS policy until an explicit policy is defined for the network interface.

The egress component of the network QoS policy defines the queuing parameters associated with each forwarding class. Each of the forwarding classes defined within the system automatically creates a queue on each network interface. This queue gets all the parameters defined within the default network QoS policy 1 until an explicit policy is defined for the network interface access uplink port. If the egressing packet originated on an ingress SAP, or the remarking parameter is defined for the egress interface, the egress QoS policy also defines the IP DSCP, dot1p/DE, or MPLS EXP bit marking based on the forwarding class and the profile state.

Network policy-id 1 exists as the default policy that is applied to all network interfaces by default. The network policy-id 1 cannot be modified or deleted. It defines the default DSCP-to-FC mapping and MPLS EXP-to-FC mapping for the ingress. For the egress, it defines six forwarding classes that represent individual queues and the packet marking criteria.

Network policy-id 1 exists as the default policy that is applied to all network ports by default. This default policy cannot be modified or deleted. It defines the default DSCP-to-FC mapping and default unicast meters for ingress IP traffic. For the egress, it defines the forwarding class to dot1p and DSCP values and the packet marking criteria.

If a new network policy is created (for instance, policy-id 3), only the default action and egress forwarding class parameters are identical to the default policy. A new network policy does not contain the default DSCP-to-FC and MPLS-EXP-to-FC mapping for network QoS policy of type ip-interface or the DSCP-to-FC mapping (for network QoS policy of type port). The default network policy can be copied (use the copy command) to create a new network policy that includes the default ingress DSCP-to-FC and MPLS EXP-to-FC mapping (as appropriate). Parameters can be modified, or the no form of this command can be used to remove an object from the configuration.

Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all network interfaces where this policy is applied. For this reason, when many changes are required on a policy, it is highly recommended that the policy be copied to a work area policy-id. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config qos copy command to maintain policies in this manner.

The no form of this command deletes the network policy. A policy cannot be deleted until it is removed from all entities where it is applied. The default network policy policy-id 1 cannot be deleted.

Default

network 1 — System Default Network Policy 1

Parameters

network-policy-id

The policy-id uniquely identifies the policy on the router.

Values

1 to 65535

Default

1

create

Required parameter when creating a QoS network policy.

name name

A name that is saved as part of the configuration data. If a name is not specified at creation time, then SR OS assigns a string version of the network policy identifier as the name.

Values

A string up to 64 characters

Platforms

All

Context

[Tree] (config>qos>copy network)

Full Context

configure qos copy network

Description

This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.

The copy command is used to create new policies using existing policies and also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

src-pol dst-pol

Indicates that the source and destination policies are network policy IDs. Specify the source policy that the copy command will copy and specify the destination policy to which the command will duplicate the policy to a new or different policy ID.

Values

1 to 65535

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, the following error occurs if the destination policy ID exists.

SR>config>qos# copy network 1 427
MINOR: CLI Destination "427" exists use {overwrite}.
SR>config>qos# copy network 1 427 overwrite

Platforms

All

Context

[Tree] (config>app-assure>group>policy>app-filter>entry network-address)

Full Context

configure application-assurance group policy app-filter entry network-address

Description

This command configures the network address to use in application definition. The network address will match the destination IP address in a from-sub flow or the source IP address in a to-sub flow.

The no form of this command restores the default (removes the network address from application criteria defined by this entry).

Default

no network-address

Parameters

eq

Specifies a comparison operator indicating that the value configured and the value in the flow are equal.

neq

Specifies a comparison operator indicating that the value configured differs from the value in the flow.

ip-address

Specifies a valid unicast address.

Values

ipv4-address	a.b.c.d[/mask]
	mask - [1..32]
ipv6-address	x:x:x:x:x:x:x:x/prefix-length
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D
	prefix-length [1..128]

ip-prefix-list-name

Specifies the name of an IP prefix list, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>network-domains network-domain)

Full Context

configure router network-domains network-domain

Description

This command creates network-domains that can be associated with individual interfaces and SDPs.

Default

network-domain "default”

Parameters

network-domain-name

Specifies the network domain name, up to 32 characters.

Platforms

All

Context

[Tree] (config>router>if network-domain)

Full Context

configure router interface network-domain

Description

This command assigns a given interface to a given network-domain. The network-domain is then taken into account during sap-ingress queue allocation for VPLS SAP.

The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an interface that has no physical port specified will be accepted, but will have no effect as long as a corresponding port, or LAG, is defined.

Single interfaces can be associated with multiple network-domains.

Default

network-domain "default”

Platforms

All

Context

[Tree] (config>service>sdp network-domain)

Full Context

configure service sdp network-domain

Description

This command assigns a given SDP to a given network-domain. The network-domain is then taken into account during sap-ingress queue allocation for VPLS SAP.

The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an interface that has no physical port specified will be accepted, but will have no effect as long as a corresponding port, or LAG, is undefined.

A single SDP can only be associated with a single network-domain.

Default

network-domain "default"

Platforms

All

Context

[Tree] (config>router network-domains)

Full Context

configure router network-domains

Description

This command opens context for defining network-domains. This command is applicable only in the base routing context.

Platforms

All

Context

[Tree] (config>system network-element-discovery)

Full Context

configure system network-element-discovery

Description

Commands in this context configure the network-element discovery parameters and MIB table generation.

Platforms

All

Context

[Tree] (config>service>system>bgp-evpn>eth-seg network-interconnect-vxlan)

Full Context

configure service system bgp-evpn ethernet-segment network-interconnect-vxlan

Description

This command associates the VXLAN instance with the virtual Ethernet Segment. The association of the virtual ES is based on the VXLAN instance and range of services where the VXLAN instance is configured.

The no form of this command removes the VXLAN instance from the Ethernet Segment association.

Parameters

instance

Specifies the VXLAN instance that is to be associated with the virtual ES.

Values

1

Platforms

All

Context

[Tree] (config>service>vprn network-interface)

Full Context

configure service vprn network-interface

Description

This command configures a network interface in a VPRN that acts as a CSC interface to a CSC-CE in a Carrier Supporting Carrier IP VPN deployment model.

Parameters

interface-name

Specifies the name of the interface to be added.

create

Keyword used to create the network interface.

Platforms

All

Context

[Tree] (config>app-assure>group>transit-prefix-policy>entry>match network-ip)

Full Context

configure application-assurance group transit-prefix-policy entry match network-ip

Description

This command configures an entry for an address of prefix transit aa-sub and is used when the site is a remote site on the same opposite side of the system as the parent SAP. The network IP addresses represents the dest-IP in the from-SAP direction and src-IP in the to-SAP direction.

The no form of this command removes the network IP address/mask from the match criteria.

Parameters

ip-address[/mask]

specifies the network address prefix and length associated with this transit prefix policy entry.

Values

ip-address[/mask] :	ipv4-address - a.b.c.d[/mask]
	mask - [1..32]
	ipv6-address - x:x:x:x:x:x:x:x/prefix-length
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D
	prefix-length [1..128]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos network-queue)

Full Context

configure qos network-queue

Description

This command creates a context to configure a network queue policy. Network queue policies define the ingress network queuing at the FP network node level and on the Ethernet port and SONET/SDH path level to define network egress queuing.

Default

network-queue "default”

Parameters

policy-name

The name of the network queue policy.

Values

Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

create

Required keyword when creating a network queue policy.

Platforms

All

Context

[Tree] (config>qos>copy network-queue)

Full Context

configure qos copy network-queue

Description

This command copies or overwrites existing network queue QoS policies to another network queue policy ID.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

network-queue

Indicates that the source policy ID and the destination policy ID are network-queue policy IDs. Specify the source policy ID that the copy command will attempt to copy from and specify the destination policy ID to which the command will copy a duplicate of the policy.

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, the following message is generated indicating that the destination policy ID exists.

Example:

    — SR7>config>qos# copy network-queue nq1 nq2
    — MINOR: CLI Destination "nq2" exists - use {overwrite}.
    — SR7>config>qos# copy network-queue nq1 nq2 overwrite

Platforms

All

Context

[Tree] (config>app-assure>group>tcp-optimizer network-rtt-threshold)

Full Context

configure application-assurance group tcp-optimizer network-rtt-threshold

Description

This command configures the threshold of the Route Trip Time (RTT) delay of the network side (between AA and the content provider) above which TCP Optimization (TCPO) is performed. This enables the operator to disable optimization for content that is served from a location close to the TCP optimizer.

Default

no network-rtt-threshold

Parameters

network-rtt-threshold

Specifies the network side RTT delay threshold, inmilliseconds.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>ptp network-type)

Full Context

configure system ptp network-type

Description

This command configures the codeset to be used for the encoding of QL values into PTP clockClass values and vice versa when the profile is configured for G.8265.1 or G.8275.2.

This setting only applies to the range of values observed in the clockClass values transmitted out of the node in Announce messages. The router supports the reception of any valid value in Table 1/G.8265.1 and Table2/G.8275.2.

Default

network-type sdh

Parameters

sdh

Specifies the values used on a G.781 Option 1 compliant network.

sonet

Specifies the values used on a G.781 Option 2 compliant network.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>security>user>console new-password-at-login)

Full Context

configure system security user console new-password-at-login

Description

This command forces the user to change a password at the next console login. The new password applies to FTP but the change can be enforced only by the console, SSH, or Telnet login.

The no form of this command does not force the user to change passwords.

Default

no new-password-at-login

Platforms

All

Context

[Tree] (config>system>ethernet new-qinq-untagged-sap)

Full Context

configure system ethernet new-qinq-untagged-sap

Description

This command controls the behavior of QinQ SAP y.0 (for example, 1/1/1:3000.0). If the flag is not enabled (no new-qinq-untagged-sap), the y.0 SAP works the same as the y.* SAP (for example, 1/1/1:3000.*); all frames tagged with outer VLAN y and no inner VLANs or inner VLAN x where inner VLAN x is not specified in a SAP y.x configured on the same port (for example, 1/1/1:3000.10).

If the flag is enabled, then the following new behavior immediately applies to all existing and future y.0 SAPs: the y.0 SAP maps all the ingress frames tagged with outer tag VLAN-id of y (qinq-etype) and no inner tag or with inner tag of VLAN-id of zero (0). When the flag is disabled, there is no disruption for existing usage of this SAP type.

Default

no new-qinq-untagged-sap

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh new-session-id)

Full Context

configure subscriber-mgmt diameter-application-policy gy extended-failure-handling new-session-id

Description

This command determines the Diameter session ID when Extended Failure Handling (EFH) is active and an attempt is made to establish a new Diameter Gy session with the Online Charging Server (OCS). An attempt to establish a new Diameter Gy session is made when the allocated interim credit is used or the validity time expires for a rating group of a Diameter Gy session. The first attempt always uses a new Diameter session ID. This command controls the behavior for each subsequent attempt. The behavior is as follows:

• no new-session-id (default) — The same Diameter session ID is used for each subsequent attempt.

• new-session-id — A new Diameter session ID is used for each attempt.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt newline)

Full Context

configure system management-interface cli md-cli environment prompt newline

Description

This command displays a new line before the first prompt line.

The no form of this command suppresses the new line before the first prompt line.

Default

newline

Platforms

All

Context

[Tree] (config>service>nat>pcp-server-policy>option next)

Full Context

configure service nat pcp-server-policy option next

Description

This command enables support for the next option.

The no form of this command reverts to the default.

Default

no next

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp next-attempt)

[Tree] (config>router>l2tp next-attempt)

Full Context

configure service vprn l2tp next-attempt

configure router l2tp next-attempt

Description

This command enables tunnel selection algorithm based on the tunnel preference level.

The no form of this command reverts to the default.

Default

next-attempt next-preference-level

Parameters

same-preference-level

If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example, a tunnel in a denylist) then the next elected tunnel, if available, is chosen within the same preference-level as the last attempted tunnel. Only when all tunnels within the same preference level are exhausted, the tunnel selection algorithm moves to the next preference level.

In case that a new session setup request is received while all tunnels on the same preference level are denylisted, the L2TP session tries to be established on denylisted tunnels before the tunnel selection moves to the next preference level.

next-preference-level

If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a denylist) then the selection algorithm tries to select the tunnel from the next preference level, even though the tunnels on the same preference level might be available for selection.

Default

next-preference-level

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry next-header)

Full Context

configure system security management-access-filter ipv6-filter entry next-header

Description

This command specifies the next header to match. The protocol type such as TCP, UDP or OSPF is identified by its respective protocol number. Well-known protocol numbers include ICMP(1), TCP(6), UDP(17). IPv6 Extension headers are identified by the next header IPv6 numbers as per RFC2460. This command only applies to the 7750 SR and 7950 XRS.

Parameters

next-header

Specifies for IPv4 MAF the IP protocol field, and for IPv6 the next header type to be used in the match criteria for this Management Access Filter Entry.

Values

next-header:	0 to 255, protocol numbers accepted in DHB
keywords:	none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, drp, igmp, igp, ip, ipv6, ipv6-icmp, ipv6-no-nxt, isis, iso-ip, l2tp, spf-igp, pim, pnni, ptp, rdp, rsvp, stp, tcp, udp, vrrp

Platforms

All

Context

[Tree] (config>service>vprn>static-route-entry next-hop)

Full Context

configure service vprn static-route-entry next-hop

Description

This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface or a point-to-point interface, the ip-int-name of the unnumbered or point-to-point interface (on this node) can be configured.

If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.

Default

no next-hop

Parameters

ip-int-name, ipv4-address, ipv6-address

the IP-INT, IPv4, and IPv6 addresses

Values

The following values apply to the 7750 SR and 7950 XRS:

ip-int-name	32 characters max
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x-[interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface: 32 characters maximum, mandatory for link local addresses

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

Platforms

All

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>pri next-hop)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>bkup next-hop)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop next-hop

configure router mpls forwarding-policies forwarding-policy next-hop-group backup-next-hop next-hop

Description

This command configures the address of primary or backup next hop of an NHG entry in a forwarding policy.

The no form of this command removes the address of primary or backup next hop of an NHG entry in a forwarding policy.

Parameters

ip-address

Specifies the destination IPv4 or IPv6 address.

Values

	ipv4-address	a.b.c.d
	ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x - [0..FFFF]H
		d - [0..255]D

Platforms

All

Context

[Tree] (config>router>static-route-entry next-hop)

Full Context

configure router static-route-entry next-hop

Description

This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over a point-to-point unnumbered interface, the ip-int-name of the unnumbered point-to-point interface (on this node) can be configured.

If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.

Default

no next-hop

Parameters

ip-int-name | ip-address | ipv6-address

Specifies the interface or IPv4/IPv6 address of the next hop.

Values

The following values apply to the 7750 SR, 7450 ESS, and 7950 XRS:

ip-int-name	32 characters max
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x-[interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0..FFFF]H
	d: [0..255]D
	interface: 32 characters maximum, mandatory for link local addresses

Platforms

All

Context

[Tree] (config>vrrp>policy>priority-event>route-unknown next-hop)

Full Context

configure vrrp policy priority-event route-unknown next-hop

Description

This command enables an allowed next hop IP address to match the IP route prefix for a route-unknown priority control event.

If the next-hop IP address does not match one of the defined ip-address, the match is considered unsuccessful and the route-unknown event transitions to the set state.

The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information.

When more than one next hop IP addresses are eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multiple times has no effect after the first instance.

The no form of the command removes the ip-address from the list of acceptable next hops when looking up the route-unknown prefix. If this ip-address is the last next hop defined on the route-unknown event, the returned next hop information is ignored when testing the match criteria. If the ip-address does not exist, the no next-hop command returns a warning error, but continues to execute if part of an exec script.

Default

no next-hop — No next hop IP address for the route unknown priority control event is defined.

Parameters

ip-address

The IP address for an acceptable next hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix.

Values

The following values apply to the 7450 ESS:

ipv4-address: a.b.c.d

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x[-interface]
	x:	[0..FFFF]H
	interface:	32 chars maximum, mandatory for link local addresses

The link-local IPv6 address must have an interface name specified. The global IPv6 address must not have an interface name specified.

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>entry>from next-hop)

Full Context

configure router policy-options policy-statement entry from next-hop

Description

This command enables BGP routes to be matched based on the BGP next-hop address. The match condition is evaluated against the IPv4 or IPv6 address in the NEXT_HOP or MP_REACH_NLRI attribute.

When the next-hop match is applied to VPN-IP routes, the Route Distinguisher (RD) is ignored.

A non-BGP route does not match a policy entry if it contains the next-hop command.

Default

no next-hop

Parameters

ip-address

An IPv4 or IPv6 address.

Values

a.b.c.d or x:x:x:x:x:x:x:x or x:x:x:x:x:x:d.d.d.d

name

Specifies the name of a prefix-list (up to 64 characters).

prefix-list

Specifies that the BGP next hop should be matched against a prefix-list instead of an individual IP address.

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>default-action next-hop)

[Tree] (config>router>policy-options>policy-statement>entry>action next-hop)

Full Context

configure router policy-options policy-statement default-action next-hop

configure router policy-options policy-statement entry action next-hop

Description

This command assigns the specified next hop IP address to routes matching the policy statement entry.

If a next-hop IP address is not specified, the next-hop attribute is not changed.

The no form of this command disables assigning a next hop address in the route policy entry.

Default

no next-hop

Parameters

ip-address

Specifies the next hop IP address in dotted decimal notation.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D
param-name:	The next-hop parameter variable name.
	Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

peer-address

Set the next-hop IP address to the peer’s IP address.

Platforms

All

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id next-hop-address)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id next-hop-address

Description

This command configures the IP address of the next hop for the P2MP SR tree replication segment.

The no form of this command removes the next hop address.

Parameters

ip-address

Specifies the IPv4 or IPv6 address.

Values

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	where:
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface: up to 32 characters, mandatory for link local addresses

Platforms

All

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy next-hop-group)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group

Description

This command configures an NHG entry in an MPLS forwarding policy.

Each NHG can have primary and backup next hops of the same type.

The no form of this command removes the NHG from the MPLS forwarding policy.

Parameters

index

Specifies the index value.

Values

1 to 32

direct

Specifies the direct resolution type.

indirect

Specifies the indirect resolution type.

Platforms

All

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment next-hop-id)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id

Description

This command configures the next-hop ID for the P2MP SR tree replication segment.

A replication policy can have multiple next-hop IDs used at a replication node where there are multiple outgoing interfaces or protection next hops.

The no form of this command removes the next-hop ID.

Parameters

next-hop-id-index

Specifies the index value of the next hop.

Values

1 to 4096

Platforms

All

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id next-hop-interface-name)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id next-hop-interface-name

Description

This command provides the outgoing interface name for the P2MP SR tree replication segment.

The no form of this command removes the outgoing interface name.

Parameters

interface-name

Specifies the name of the outgoing interface, up to 32 characters.

Platforms

All

Context

[Tree] (configure>service>vprn>bgp>group>neighbor>bfd-strict-mode next-hop-reachability)

[Tree] (configure>router>bgp>bfd-strict-mode next-hop-reachability)

[Tree] (configure>router>bgp>group>neighbor>bfd-strict-mode next-hop-reachability)

[Tree] (configure>service>vprn>bgp>group>bfd-strict-mode next-hop-reachability)

[Tree] (configure>router>bgp>group>bfd-strict-mode next-hop-reachability)

[Tree] (configure>service>vprn>bgp>bfd-strict-mode next-hop-reachability)

Full Context

configure service vprn bgp group neighbor bfd-strict-mode next-hop-reachability

configure router bgp bfd-strict-mode next-hop-reachability

configure router bgp group neighbor bfd-strict-mode next-hop-reachability

configure service vprn bgp group bfd-strict-mode next-hop-reachability

configure router bgp group bfd-strict-mode next-hop-reachability

configure service vprn bgp bfd-strict-mode next-hop-reachability

Description

This command configures the router to consider next-hop self routes belonging to specific address families received from a peer within scope of this command as having an unresolved next hop, provided that the following requirements are met:

• The BFD session to the peer is in a down state.

• There is a valid interface BFD configuration that applies to the peer.

• There is a valid BFD liveness configuration that applies to the peer.

The unresolved state is maintained until the BFD session state changes to up or administratively down, even if there is a resolving route or tunnel that matches the BGP next-hop address.

Routes received from one peer with a BGP next-hop address equal to the address of another peer are not affected by the BFD session to the other peer.

The behavior of the router when this command is enabled does not depend on whether Strict-BFD is used, as both features are independent.

Enabling this command only affects routes belonging to the following address families:

• IPv4

• IPv6

• IPv4 VPN

• IPv6 VPN

• labeled unicast IPv4

• labeled unicast IPv6

• EVPN

• IPv4 multicast

• IPv6 multicast

• IPv4 VPN multicast

• IPv6 VPN multicast

The no form of this command prevents the router from considering next-hop self routes belonging to the preceding address families as having an unresolved next hop if the BFD session goes down.

Default

no next-hop-reachability

Platforms

All

Context

[Tree] (config>service>vprn>bgp next-hop-resolution)

Full Context

configure service vprn bgp next-hop-resolution

Description

Commands in this context configure next-hop resolution parameters.

Platforms

All

Context

[Tree] (config>router>bgp next-hop-resolution)

Full Context

configure router bgp next-hop-resolution

Description

Commands in this context configure next-hop resolution parameters.

Platforms

All

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy next-hop-self)

Full Context

configure subscriber-mgmt bgp-peering-policy next-hop-self

Description

This command configures the neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.

The no form of this command disables the command.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp>group>neighbor next-hop-self)

[Tree] (config>service>vprn>bgp>group next-hop-self)

Full Context

configure service vprn bgp group neighbor next-hop-self

configure service vprn bgp group next-hop-self

Description

This command configures the group or neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.

This is primarily used to avoid third-party route advertisements when connected to a multi-access network.

The no form of this command used at the group level allows third-party route advertisements in a multi-access network.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no next-hop-self — Third-party route advertisements are allowed.

Platforms

All

Context

[Tree] (config>router>bgp>group next-hop-self)

[Tree] (config>router>bgp>group>neighbor next-hop-self)

Full Context

configure router bgp group next-hop-self

configure router bgp group neighbor next-hop-self

Description

This command enables BGP to advertise routes to members of a group or to a specific neighbor using a local address of the BGP instance as the BGP next-hop address. Note that next-hop-self is set without exception, regardless of the route source (EBGP or IBGP) or its family. When used with VPN-IPv4 and VPN-IPv6 routes the enable-rr-vpn-forwarding command should also be configured.

The no form of this command uses protocol standard behavior to decide whether or not to set next-hop-self in advertised routes.

Default

no next-hop-self

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>default-action next-hop-self)

[Tree] (config>router>policy-options>policy-statement>entry>action next-hop-self)

Full Context

configure router policy-options policy-statement default-action next-hop-self

configure router policy-options policy-statement entry action next-hop-self

Description

This command configures BGP to advertise routes that match a policy entry (or that match no other policy entry and, therefore, to which the default action applies) using a local address of the BGP instance as the BGP next-hop address. The command applies to IPv4, IPv6, label-IPv4, and label-IPv6 routes. It also applies to VPN-IPv4 and VPN-IPv6 routes, but only when used in conjunction with the enable-rr-vpn-forwarding command.

This command affects how routes are advertised to IBGP peers, regardless of whether or not they were learned from an IBGP or EBGP peer

The no form of this command uses protocol standard behavior to decide whether or not to set next-hop-self in advertised routes.

Default

no next-hop-self

Platforms

All

Context

[Tree] (config>router>bgp>group next-hop-unchanged)

[Tree] (config>router>bgp>group>neighbor next-hop-unchanged)

Full Context

configure router bgp group next-hop-unchanged

configure router bgp group neighbor next-hop-unchanged

Description

This command enables unchanged BGP next-hops when sending BGP routes to peers in this group or neighbor.

The no form of this command disables unchanged BGP next-hops.

Default

no next-hop-unchanged

Parameters

evpn

Specifies BGP next hops are unchanged for the evpn address family.

label-ipv4

Specifies BGP next hops are unchanged for the label-ipv4 address family.

label-ipv6

Specifies BGP next hops are unchanged for the label-ipv6 address family.

vpn-ipv4

Specifies BGP next hops are unchanged for the vpn-ipv4 address family.

vpn-ipv6

Specifies BGP next hops are unchanged for the vpn-ipv6 address family.

Platforms

All

Context

[Tree] (config>router>route-next-hop-policy>template nh-type)

Full Context

configure router route-next-hop-policy template nh-type

Description

This command configures the next-hop type constraint into the route next-hop policy template.

The user can select if tunnel backup next-hop or IP backup next-hop is preferred. The default in SR OS implementation is to prefer IP next-hop over tunnel next-hop. The implementation will fall back to the other type if no LFA next-hop of the preferred type is found.

When the route next-hop policy template is applied to an IP interface, all prefixes using this interface as a primary next-hop will follow the next-hop type preference specified in the template.

The no form deletes the next-hop type constraint from the route next-hop policy template.

Default

nh-type ip

Parameters

{ip | tunnel}

Specifies the two possible values for the next-hop type.

Default

ip

Platforms

All

Context

[Tree] (config>system>management-interface>yang-modules nmda)

Full Context

configure system management-interface yang-modules nmda

Description

Commands in this context configure the attributes for the Network Management Datastores Architecture (NMDA).

Platforms

All

Context

[Tree] (config>system>management-interface>yang-modules>nmda nmda-support)

Full Context

configure system management-interface yang-modules nmda nmda-support

Description

This command enables the advertisement of NMDA support over NETCONF through the use of YANG library 1.1.

The no form of this command disables NMDA advertisement over NETCONF and YANG library 1.0 is used.

Default

no nmda-support

Platforms

All

Context

[Tree] (config>open-flow>of-switch>flowtable no-match-action)

Full Context

configure open-flow of-switch flowtable no-match-action

Description

This command configures the action for the flow table when a packet does not match any entry for the controller.

The no form of this command restores the default action.

Default

no-match-action fall-through

Parameters

action

Specifies the action for the flow table.

Values

drop — Specifies that packets that do not match entries in the flow table as programmed by the OpenFlow switch will be dropped.

fall-through — Specifies that packets that do not match entries in the flow table as programmed by the OpenFlow switch will be forwarded using regular processing by the router. Fall-through applies if an error occurs that prevents a flow table from being installed in a filter policy.

packet-in — Specifies that packets that do not match entries in the flow table as programmed by the OpenFlow switch will be extracted and sent to the controller in a flow-controlled manner. If this action is used, an auxiliary channel should be enabled for packet-in processing using the aux-channel-enable command.

Platforms

All

Context

[Tree] (config>aaa>diam node)

Full Context

configure aaa diameter node

Description

This command creates a Diameter client node in the SR OS. Multiple Diameter client nodes with their own peer definitions are simultaneously supported in SR OS.

Each such node is defined by a unique DiameterIdentity (the origin host and realm names).

The no form of this command removes the origin host string from the configuration.

Parameters

origin-host-string

Specifies the origin host name, up to 80 characters, is a mandatory parameter that translates to an Origin-Host AVP that is carried in all Diameter messages. The origin host and origin realm form a Diameter Identity that must be unique within the Diameter network in which they participate.

destination-realm-string

Specifies the destination realm name, up to 80 characters, is an optional parameter that translates to an Origin-Realm AVP that is carried in all Diameter messages. The destination host and destination realm form a Diameter Identity that must be unique within the Diameter network in which they participate

If the realm name is not configured, it will be extracted from the host parameter as follows:

• it is set to the string after the first dot (.) in the configured origin-host-string

• it is set to the configured origin-host-string if a dot (.) is not present in the string

create

Keyword used to create the Diameter client node. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>diameter node)

Full Context

debug diameter node

Description

This command debugs the Diameter node. Node-level debugging can report on all message exchange between the peers. Although this level can report messages that contain session id (app level messages), this level is session unaware. It deals strictly with getting the messages in and out of the system (connection level messages which are not routable, and application level messages which are routable).

Parameters

host-name

Specifies the host name, up to 80 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>pfcp-association node-id)

Full Context

configure subscriber-mgmt pfcp-association node-id

Description

This command configures the FQDN as sent in PFCP messages. This command can be configured to use the linked interface source IP address, or a pre-configured.

Default

node-id use-ip-address

Parameters

domain-name

Specifies the FQDN, up to 255 characters.

use-ip-address

Specifies to use the IP address of the interface configured for this association.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>mpls>mpls-tp node-id)

Full Context

configure router mpls mpls-tp node-id

Description

This command configures the MPLS-TP Node ID for the node. This is used as the 'from’ Node ID used by MPLS-TP LSPs originating at this node. The default value of the node-id is the system interface IPv4 address. The Node ID may be entered in 4-octet IPv4 address format, <a.b.c.d>, or as an unsigned 32 bit integer. The Node ID is not treated as a routable IP address from the perspective of IP routing, and is not advertised in any IP routing protocols.

The MPLS-TP context cannot be administratively enabled unless at least a system interface IPv4 address is configured because MPLS requires that this value is configured.

Default

no node-id

Parameters

node-id

Specifies the MPLS-TP node ID for the node.

Values

a.b.c.d or 1 to 4294967295

Default

System interface IPv4 address

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-ring node-id)

Full Context

configure eth-ring node-id

Description

This optional command configures the MAC address of the RPL control. The default is to use the chassis MAC for the ring control. This command overrides the chassis MAC address with a different MAC address.

The no form of the command removes the RPL link.

Default

no node-id

Parameters

mac-address

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>rsvp node-id-in-rro)

Full Context

configure router rsvp node-id-in-rro

Description

This command enables the option to include node-id sub-object in RRO. Node-ID sub-object propagation is required to provide fast reroute protection for LSP that spans across multiple area domains.

If this option is disabled, then node-id is not included in RRO object.

Default

node-id-in-rro exclude

Platforms

All

Context

[Tree] (config>router>mpls>lsp-template>fast-reroute node-protect)

[Tree] (config>router>mpls>lsp>fast-reroute node-protect)

Full Context

configure router mpls lsp-template fast-reroute node-protect

configure router mpls lsp fast-reroute node-protect

Description

This command enables or disables node and link protection on the specified LSP. Node protection ensures that traffic from an LSP traversing a neighboring router will reach its destination even if the neighboring router fails.

Default

node-protect (for a provisioned LSP)

no node-protect (for a P2P LSP template)

Platforms

All

Context

[Tree] (config>router>isis>loopfree-alternates>remote-lfa node-protect)

Full Context

configure router isis loopfree-alternates remote-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Parameters

value

Specifies the maximum number of PQ nodes found in the LFA SPFs for which the node protection check is performed. The node-protect condition means the router must run the original Remote LFA algorithm plus one extra forward SPF on behalf of each PQ node found, potentially after applying the max-pq-cost parameter, to check if the path from the PQ node to the destination does not traverse the protected node. Setting this parameter to a lower value means the LFA SPFs will use less computation time and resources but may result in not finding a node-protect repair tunnel.

Values

1 to 32

Default

16

Platforms

All

Context

[Tree] (config>router>isis>loopfree-alternates>ti-lfa node-protect)

Full Context

configure router isis loopfree-alternates ti-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Platforms

All

Context

[Tree] (config>router>ospf3>loopfree-alternates>remote-lfa node-protect)

[Tree] (config>router>ospf>loopfree-alternates>remote-lfa node-protect)

Full Context

configure router ospf3 loopfree-alternates remote-lfa node-protect

configure router ospf loopfree-alternates remote-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Parameters

max-pq-nodes value

Specifies the maximum number of PQ nodes found in the LFA SPFs for which the node protection check is performed. The node-protect condition means the router must run the original Remote LFA algorithm plus one extra forward SPF on behalf of each PQ node found, potentially after applying the max-pq-cost parameter, to check if the path from the PQ node to the destination does not traverse the protected node. Setting this parameter to a lower value means the LFA SPFs will use less computation time and resources but may result in not finding a node-protect repair tunnel.

Values

1 to 32

Default

16

Platforms

All

Context

[Tree] (config>router>ospf3>loopfree-alternates>ti-lfa node-protect)

[Tree] (config>router>ospf>loopfree-alternates>ti-lfa node-protect)

Full Context

configure router ospf3 loopfree-alternates ti-lfa node-protect

configure router ospf loopfree-alternates ti-lfa node-protect

Description

This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.

The no form of this command disables node-protect.

Default

no node-protect

Platforms

All

Context

[Tree] (config>router>ospf3>segm-rtng>ingress-statistics node-sid)

[Tree] (config>router>ospf>segm-rtng>egress-statistics node-sid)

[Tree] (config>router>ospf>segm-rtng>ingress-statistics node-sid)

[Tree] (config>router>isis>segm-rtng>ingress-statistics node-sid)

[Tree] (config>router>ospf3>segm-rtng>egress-statistics node-sid)