p Commands
p2mp
p2mp
Syntax
p2mp {enable | disable}
Context
[Tree] (config>router>ldp>session-params>peer>fec-type-capability p2mp)
Full Context
configure router ldp session-parameters peer fec-type-capability p2mp
Description
This command enables or disables P2MP FEC capability for the session.
Platforms
All
p2mp-candidate-path
p2mp-candidate-path
Syntax
[no] p2mp-candidate-path candidate-path-name
Context
[Tree] (config>router>p2mp-sr-tree>p2mp-policy p2mp-candidate-path)
Full Context
configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path
Description
This command configures a candidate path in the P2MP policy entry for the P2MP SR tree.
A P2MP SR policy can contain multiple candidate paths, which are redundant trees. Each candidate path represents a P2MP SR tree with its own traffic engineering constraints. Each candidate path has its own preference; the candidate path with the highest preference is the active P2MP SR tunnel.
The no form of this command removes the specified candidate path from the P2MP SR policy.
Parameters
- candidate-path-name
-
Specifies the name of the candidate path, up to 32 characters.
Platforms
All
p2mp-id
p2mp-id
Syntax
p2mp-id id
Context
[Tree] (config>router>mpls>lsp p2mp-id)
Full Context
configure router mpls lsp p2mp-id
Description
This command configures the identifier of an RSVP P2MP LSP. An RSVP P2MP LSP is fully identified by the combination of: <P2MP ID, tunnel ID, extended tunnel ID> part of the P2MP session object, and <tunnel sender address, LSP ID> fields in the p2mp sender_template object.
The p2mp-id is a 32-bit identifier used in the session object that remains constant over the life of the P2MP tunnel. It is unique within the scope of the ingress LER.
The no form restores the default value of this parameter.
This command is not supported on the 7450 ESS.
Default
0
Parameters
- id
-
Specifies a P2MP identifier.
Platforms
All
p2mp-ipv4
p2mp-ipv4
Syntax
p2mp {enable | disable}
Context
[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability p2mp-ipv4)
[Tree] (config>router>ldp>session-params>peer>fec-cap p2mp-ipv4)
[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability p2mp-ipv4)
Full Context
configure router ldp interface-parameters interface ipv4 fec-type-capability p2mp-ipv4
configure router ldp session-parameters peer fec-type-capability p2mp-ipv4
configure router ldp interface-parameters interface ipv6 fec-type-capability p2mp-ipv4
Description
This command enables or disables IPv4 P2MP FEC capability on the interface.
The config>router>ldp>if-params>if>ipv6>fec-type-capability>p2mp-ipv4 command is not supported on the 7450 ESS.
Platforms
All
p2mp-ipv6
p2mp-ipv6
Syntax
p2mp {enable | disable}
Context
[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability p2mp-ipv6)
[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability p2mp-ipv6)
[Tree] (config>router>ldp>session-params>peer>fec-cap p2mp-ipv6)
Full Context
configure router ldp interface-parameters interface ipv4 fec-type-capability p2mp-ipv6
configure router ldp interface-parameters interface ipv6 fec-type-capability p2mp-ipv6
configure router ldp session-parameters peer fec-type-capability p2mp-ipv6-address
Description
This command enables or disables IPv6 P2MP FEC capability on the interface.
This command is not supported on the 7450 ESS.
Platforms
All
p2mp-ldp-tree-join
p2mp-ldp-tree-join
Syntax
p2mp-ldp-tree-join
p2mp-ldp-tree-join ipv4
p2mp-ldp-tree-join ipv6
p2mp-ldp-tree-join ipv4 ipv6
no p2mp-ldp-tree-join [ipv4] [ipv6]
Context
[Tree] (config>service>vprn>pim>if p2mp-ldp-tree-join)
Full Context
configure service vprn pim interface p2mp-ldp-tree-join
Description
This command configures the option to join P2MP LDP tree toward the multicast source for the VPRN service. If p2mp-ldp-tree-join is enabled, a PIM multicast join received on an interface is processed to join P2MP LDP LSP using the in-band signaled P2MP tree for the same multicast flow. LDP P2MP tree is setup toward the multicast source. Route to source of the multicast node is looked up from the RTM. The next-hop address for the route to source is set as the root of LDP P2MP tree.
The no form of command disables joining P2MP LDP tree for IPv4 or IPv6 or both (if both or none is specified).
Default
no p2mp-ldp-tree-join
Parameters
- ipv4
-
Enables dynamic mLDP in-band signaling for IPv4 PIM joins. IPv4 multicast must be enabled; see ipv4-multicast-disable. For backward compatibility p2mp-ldp-tree-join is equivalent to p2mp-ldp-tree-join ipv4.
- ipv6
-
Enables dynamic mLDP in-band signaling for IPv6 PIM joins. IPv6 multicast must be enabled; see ipv6-multicast-disable.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
p2mp-ldp-tree-join
Syntax
[no] p2mp-ldp-tree-join [ipv4] [ipv6]
Context
[Tree] (config>router>pim>interface p2mp-ldp-tree-join)
Full Context
configure router pim interface p2mp-ldp-tree-join
Description
This command configures the option to join the P2MP LDP tree toward the multicast source. If p2mp-ldp-tree-join is enabled, a PIM multicast join received on an interface is processed to join the P2MP LDP LSP, using the in-band signaled P2MP tree for the same multicast flow. LDP P2MP tree is set up toward the multicast source. The route to the multicast node source is looked up from the RTM. The next-hop address for the route to source is set as the root of LDP P2MP tree.
The no form of this command disables joining the P2MP LDP tree for IPv4 or IPv6 or for both (if both or none is specified).
Default
no p2mp-ldp-tree-join
Parameters
- ipv4
-
Enables dynamic MLDP in-band signaling for IPv4 PIM joins. IPv4 multicast must be enabled. For backward compatibility p2mp-ldp-tree-join is equivalent to p2mp-ldp-tree-join ipv4.
- ipv6
-
Enables dynamic MLDP in-band signaling for IPv6 PIM joins. IPv6 multicast must be enabled.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
p2mp-lsp-ping
p2mp-lsp-ping
Syntax
p2mp-lsp-ping lsp-name [p2mp-instance instance-name [s2l-dest-address ipv4-address [ipv4-address (...up to 5 max)]] [ttl label-ttl]
p2mp-lsp-ping ldp p2mp-identifier [vpn-recursive-fec] [sender-addr ipv4-address] [leaf-addr ipv4-address (...up to 5 max)]
p2mp-lsp-ping ldp-ssm source ip-address group ip-address [{router router-instance | service-name service-name}] [sender-addr ipv4-address] [leaf-addr ipv4-address (...up to 5 max)]
p2mp-lsp-ping p2mp-policy root-address ipv4-address root-tree-id tree-id [{instance-id instance-id [sender-addr ipv4-address] [leaf-addr ipv4-address (...up to 5 max)]
NOTE: Options common to all p2mp-lsp-ping cases: [ fc fc-name [profile {in | out}]] [size octets] [timeout timeout] [detail]
Context
[Tree] (oam p2mp-lsp-ping)
Full Context
oam p2mp-lsp-ping
Description
This command performs an in-band connectivity test for an RSVP P2MP LSP. The Echo Request message is sent on the active P2MP instance and replicated in the datapath over all branches of the P2MP LSP instance. By default, all egress LER nodes that are leaves of the P2MP LSP instance reply to the Echo Request message.
Use the LDP P2MP generic identifier, along with source IP address of the head-end node, to uniquely identify the LDP P2MP LSP in a 7750 SR or 7950 XRS network. Use the LDP p2mp-identifier mandatory parameter to test LSP ping. A user must use the LDP P2MP identifier specified to configure a tunnel interface on the head-end node as p2mp-identifier to test a specific LSP.
Use the P2MP-policy option, along with the root-address tree ID and instance ID to identify a tree SID candidate path and instance to send an in-band Echo Request to all the leaves and bud nodes on that P2MP policy tree.
To reduce the scope of the Echo Reply messages, explicitly enter a list of addresses for the egress LER nodes that are required to reply. A maximum of five addresses can be specified in a single run of the p2mp-lsp-ping command. An LER node can parse the list of egress LER addresses and, if its address is included in the list, send back an Echo Reply message.
The output of the command without the detail keyword provides a high-level summary of received error codes and success codes. The output of the command with the detail keyword shows a line for each replying node, as in the output of the LSP ping for a P2P LSP.
The display is delayed until all responses are received or the timer configured in the timeout parameter expires. No other CLI commands can be entered while waiting for the display. Entering A ^C aborts the ping operation.
The timestamp format to be sent, and to be expected when received in a PDU, is as configured by the configure test-oam mpls-time-stamp-format command. If RFC 4379 (obsoleted by RFC 8029) is selected, the timestamp is in seconds and microseconds since 1900; otherwise, it is in seconds and microseconds since 1970.
Parameters
- detail
-
Displays detailed P2MP LSP information.
- fc-name
-
Specifies the fc and profile parameters used to indicate the forwarding class and profile of the MPLS echo request packet.
When an MPLS echo request packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to the specified FC and profile parameter values. The marking of the EXP of the packet is dictated by the LSP-EXP mappings on the outgoing interface.
When the MPLS echo request packet is received on the responding node, the fc and profile parameter values are dictated by the LSP-EXP mappings of the incoming interface.
When an MPLS echo reply packet is generated in CPM and forwarded to the outgoing interface, the packet is queued in an egress network queue. This queue is selected according to the fc and profile parameter values determined by the classification of the echo request packet that is being replied to at the incoming interface. The marking of the EXP of the packet is dictated by the LSP-EXP mappings on the outgoing interface. The ToS byte is not modified. The following table describes this behavior.
Table 1. p2mp-lsp-ping Request Packet and Behavior Request Packet
Behavior
CPM (sender node)
Echo request packet:
-
packet {tos=1, fc1, profile1}
-
fc1 and profile1 are as entered by the user in the OAM command or default values
-
tos1 as per mapping of {fc1, profile1} to IP precedence in network egress QoS policy of outgoing interface
Outgoing interface (sender node)
Echo request packet:
-
packet queued as {fc1, profile1}
-
ToS field=tos1 not remarked
-
EXP=exp1, as per mapping of {fc1, profile1} to EXP in network egress QoS policy of outgoing interface
Incoming interface (responder node)
Echo request packet:
-
packet {tos1, exp1}
-
exp1 mapped to {fc2, profile2} as per classification in network QoS policy of incoming interface
CPM (responder node)
Echo reply packet:
-
packet {tos=1, fc2, profile2}
Outgoing interface (responder node)
Echo reply packet:
-
packet queued as {fc2, profile2}
-
ToS filed= tos1 not remarked (reply inband or out-of-band)
-
EXP=exp2, if reply is inband, remarked as per mapping of {fc2, profile2} to EXP in network egress QoS policy of outgoing interface
Incoming interface (sender node)
Echo reply packet:
-
packet {tos1, exp2}
-
exp2 mapped to {fc1, profile1} as per classification in network QoS policy of incoming interface
-
- instance-id
- Specifies the path instance ID on the root.
- instance-name
-
Specifies the name, up to 32 characters, of the specific instance of the P2MP LSP to send the echo request.
- label-ttl
-
Specifies the TTL value for the MPLS label, expressed as a decimal integer.
- leaf-addr ipv4-address
-
Specifies up to five egress LER system addresses that are required to reply to the LSP ping Echo Request message as defined in RFC 6425 (applies to the 7750 SR and 7950 XRS only).
- lsp-name
-
Specifies the name, up to 64 characters, that identifies an P2MP LSP to ping.
- ldp-ssm
-
Specifies a specific multicast stream to be tested when using dynamic multicast in mLDP. The source and group addresses correspond to the <S,G> being advertised by this mLDP FEC.
- p2mp-identifier
-
Specifies the identifier for an LDP P2MP LSP to ping (applies to the 7750 SR and 7950 XRS only).
- profile {in | out}
-
Specifies the profile of the LSP ping Echo Request message.
- octets
-
Specifies the size of the MPLS echo request packet in octets, expressed as a decimal integer, including the IP header but not the label stack. The request payload is padded with zeros to the specified size.
Note: An OAM command is not failed if the user enters a size lower than the minimum required to build the packet for the Echo Request message. The payload is automatically padded to meet the minimum size.
- root-address ipv4-address
- Specifies the IPv4 identifier of the root.Note: IPv6 is not supported.
- root-tree-id tree-id
- Specifies the tree identifier of the P2MP LSP on the root.
- s2l-dest-addr ipv4-address
-
Specifies up to five egress LER system addresses that are required to reply to the LSP ping Echo Request message.
- sender-addr ipv4-address
-
Specifies the IPv4 address used in the ICMP packet configured as the source IP of the UDP ICMP packet and used for the echo reply destination IP address (applies to the 7750 SR and 7950 XRS only).Note: By default, the source IP address of the ICMP packet is set to the root address. When the sender address is set this source address is changed to the sender address.
- timeout
-
Specifies the time, in seconds, that is used to override the default timeout value and is the amount of time that the router waits for an Echo Reply message from all leaves of the P2MP LSP after sending the message request message. After the expiration of the message time out, the requesting router no longer waits for reply messages. Any Echo Reply message received after the request times out is silently discarded.
- vpn-recursive-fec
-
Specifies a VPN recursive FEC element to the launched packet (useful for pinging a VPN BGP inter-AS Option B leaf). This parameter issues an OAM p2mp-lsp-ping with RFC 6512 VPN recursive opaque FEC type 8.
See the "OAM” subsection of the "Label Distribution Protocol" chapter in the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for more information.
Platforms
All
p2mp-lsp-trace
p2mp-lsp-trace
Syntax
p2mp-lsp-trace lsp-name p2mp-instance instance-name s2l-dest-address ip-address [fc fc-name [profile {in | out}]] [size octets] [max-fail no-response-count] [probe-count probes-per-hop] [min-ttl min-label-ttl] [ max-ttl max-label-ttl] [timeout timeout] [interval interval] [detail]
Context
[Tree] (oam p2mp-lsp-trace)
Full Context
oam p2mp-lsp-trace
Description
This command discovers and displays the hop-by-hop path for a source-to-leaf (S2L) sub-LSP of an RSVP P2MP LSP.
The LSP trace capability allows the user to trace the path of a single S2L path of a P2MP LSP. Its operation is like p2mp-lsp-ping, but the sender of the echo reply request message includes the downstream mapping TLV to request the downstream branch information from a branch LSR or bud LSR. The branch LSR or bud LSR also includes the downstream mapping TLV to report the information about the downstream branches of the P2MP LSP. An egress LER does not include this TLV in the echo response message.
The parameter probe-count operates in the same way as in LSP Trace on a P2P LSP. It represents the maximum number of probes sent per TTL value before stops waiting for Echo Reply messages. If a response is received from the traced node before reaching maximum number of probes, then no more probes are sent for the same TTL. The sender of the echo request then increments the TTL and uses the information it received in the downstream mapping TLV to start sending probes to the node downstream of the last node which replied. This continues until the egress LER for the traced S2L path replies.
Like p2mp-lsp-ping, an LSP trace probe reports on all egress LER nodes that eventually receive the Echo Request message, but only the traced egress LER node replies to the last probe.
Any branch LSR node or bud LSR node in the P2MP LSP tree may receive a copy of the Echo Request message with the TTL in the outer label expiring at this node. However, only a branch LSR or bud LSR that has a downstream branch over which the traced egress LER is reachable responds.
When a branch LSR or bud LSR responds, it sets the global return code in the echo response message to RC=14 - "See DDMAP TLV for Return Code and Return Sub-Code” and the return code in the DDMAP TLV corresponding to the outgoing interface of the branch used by the traced S2L path to RC=8 - "Label switched at stack-depth <RSC>”. Note that p2mp-lsp-trace is not supported in a VPLS/B-VPLS PMSI context.
The timestamp format to be sent, and to be expected when received in a PDU, is as configured by the config>test-oam>mpls-time-stamp-format command. If RFC 4379 (obsoleted by RFC 8029) is selected, then the timestamp is in seconds and microseconds since 1900, otherwise it is in seconds and microseconds since 1970.
Parameters
- lsp-name
-
Specifies the name that identifies an P2MP LSP, up to 64 characters, to ping.
- instance-name
-
Specifies the name, up to 32 characters, of the specific instance of the P2MP LSP to send the echo request.
- ip-address
-
Specifies the egress LER system address of the S2L sub-LSP path which is being traced.
- fc-name
-
Specifies the fc and profile parameters are used to indicate the forwarding class and profile of the MPLS echo request packet.
When an MPLS echo request packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to the specified FC and profile parameter values. The marking of the packet's EXP is dictated by the LSP-EXP mappings on the outgoing interface.
When the MPLS echo request packet is received on the responding node, the fc and profile parameter values are dictated by the LSP-EXP mappings of the incoming interface.
When an MPLS echo reply packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in an egress network queue. The egress network queue is selected according to the fc and profile parameter values determined by the classification of the echo request packet that is being replied to at the incoming interface. The marking of the packet's EXP is dictated by the LSP-EXP mappings on the outgoing interface. The ToS byte is not modified. p2mp-lsp-trace Request Packet and Behavior summarizes this behavior.
Table 2. p2mp-lsp-trace Request Packet and Behavior Request Packet
Behavior
CPM (sender node)
Echo request packet:
-
packet {tos=1, fc1, profile1}
-
fc1 and profile1 are as entered by user in OAM command or default values
-
tos1 as per mapping of {fc1, profile1} to IP precedence in network egress QoS policy of outgoing interface
Outgoing interface (sender node)
Echo request packet:
-
packet queued as {fc1, profile1}
-
ToS field=tos1 not remarked
-
EXP=exp1, as per mapping of {fc1, profile1} to EXP in network egress QoS policy of outgoing interface
Incoming interface (responder node)
Echo request packet:
-
packet {tos1, exp1}
-
exp1 mapped to {fc2, profile2} as per classification in network QoS policy of incoming interface
CPM (responder node)
Echo reply packet:
-
packet {tos=1, fc2, profile2}
Outgoing interface (responder node)
Echo reply packet:
-
packet queued as {fc2, profile2}
-
ToS filed= tos1 not remarked (reply inband or out-of-band)
-
EXP=exp2, if reply is inband, remarked as per mapping of {fc2, profile2} to EXP in network egress QoS policy of outgoing interface
Incoming interface (sender node)
Echo reply packet:
-
packet{tos1, exp2}
-
exp2 mapped to {fc1, profile1} as per classification in network QoS policy of incoming interface
-
- profile {in | out}
-
Specifies the profile of the LSP trace echo request message.
- octets
-
Specifies the size in octets, expressed as a decimal integer, of the MPLS echo request packet, including the IP header but not the label stack. The request payload is padded with zeros to the specified size. Note that an OAM command is not failed if the user enters a size lower than the minimum required to build the packet for the echo request message. The payload is automatically padded to meet the minimum size.
- no-response-count
-
Specifies the maximum number of consecutive MPLS echo requests, expressed as a decimal integer that do not receive a reply before the trace operation fails for a given TTL.
- probes-per-hop
-
Specifies the number of LSP trace echo request messages to send per TTL value.
- min-label-ttl
-
Specifies the minimum TTL value in the MPLS label for the LSP trace test, expressed as a decimal integer.
- max-label-ttl
-
Specifies the maximum TTL value in the MPLS label for the LSP trace test, expressed as a decimal integer.
- timeout
-
Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for an echo reply message from all leaves of the P2MP LSP after sending the message request message. Upon the expiration of the message time out, the requesting router no longer waits for reply messages. Any echo reply message received after the request times out is silently discarded.
- interval
-
Specifies the time, in seconds, used to override the default echo request message send interval and defines the minimum amount of time that must expire before the next echo request message is sent.
If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of an echo reply message corresponding to the outstanding message request.
Platforms
All
Output
The following output is an example of p2mp-lsp-trace information.
Output Example*A:Dut-C# oam p2mp-lsp-trace "p2mp_1" p2mp-instance "1" s2l-dest-address 10.20.1.
10.20.1.4 10.20.1.5 10.20.1.6
*A:Dut-C# oam p2mp-lsp-trace "p2mp_1" p2mp-instance "1" s2l-dest-
address 10.20.1.5 detail
P2MP LSP p2mp_1: 132 bytes MPLS payload
P2MP Instance 1, S2L Egress 10.20.1.5
1 10.20.1.1 rtt=3.78 ms rc=8(DSRtrMatchLabel)
DS 1: ipaddr 10.20.1.2 iftype 'ipv4Unnumbered' ifaddr 2 MRU=1500 label=131060
proto=4(RSVP-TE) B/E flags:0/0
2 10.20.1.2 rtt=3.54 ms rc=8(DSRtrMatchLabel)
DS 1: ipaddr 10.20.1.4 iftype 'ipv4Unnumbered' ifaddr 3 MRU=1500 label=131061
proto=4(RSVP-TE) B/E flags:0/0
3 10.20.1.5 rtt=5.30 ms rc=5(DSMappingMismatched)
Probe returned multiple responses. Result may be inconsistent.
*A:Dut-C#
p2mp-merge-point-abort-timer
p2mp-merge-point-abort-timer
Syntax
p2mp-merge-point-abort-timer seconds
no p2mp-merge-point-abort-timer
Context
[Tree] (config>router>rsvp p2mp-merge-point-abort-timer)
Full Context
configure router rsvp p2mp-merge-point-abort-timer
Description
This command configures a timer to abort Merge-Point (MP) node procedures for an S2L of a P2MP LSP instance. When a value higher than zero is configured for this timer, it enters into effect anytime this node activates Merge-Point procedures for one or more P2MP LSP S2L paths. As soon an ingress interface goes operationally down, the Merge-Point node starts the abort timer. Upon expiry of the timer, MPLS cleans up all P2MP LSP S2L paths which ILM is on the failed interface and which have not already received a Path refresh over the bypass LSP.
The no form of this command disables the timer.
Default
no p2mp-merge-point-abort-timer
Parameters
- seconds
-
Specifies the length of the abort timer in seconds
Platforms
All
p2mp-policy
p2mp-policy
Syntax
[no] p2mp-policy policy-name
Context
[Tree] (config>router>p2mp-sr-tree p2mp-policy)
Full Context
configure router p2mp-sr-tree p2mp-policy
Description
This command creates a P2MP policy entry for the P2MP SR tree.
The no form of this command deletes the specified policy entry.
Parameters
- policy-name
-
Specifies the policy name, up to 32 characters.
Platforms
All
p2mp-policy
Syntax
[no] p2mp-policy
Context
[Tree] (config>service>vprn>mvpn>pt>inclusive>p2mp-sr p2mp-policy)
[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi p2mp-policy)
[Tree] (config>service>vprn>mvpn>pt>selective>p2mp-sr p2mp-policy)
Full Context
configure service vprn mvpn provider-tunnel inclusive p2mp-sr p2mp-policy
configure service vprn mvpn provider-tunnel selective multistream-spmsi p2mp-policy
configure service vprn mvpn provider-tunnel selective p2mp-sr p2mp-policy
Description
This command enables a P2MP policy for the MVPN provider tunnel.
The no form of this command disables the P2MP policy.
Platforms
All
p2mp-resignal-timer
p2mp-resignal-timer
Syntax
p2mp-resignal-timer minutes
no p2mp-resignal-timer
Context
[Tree] (config>router>mpls p2mp-resignal-timer)
Full Context
configure router mpls p2mp-resignal-timer
Description
This command configures the re-signal timer for a P2MP LSP instance. MPLS requests CSPF to re-compute the whole set of S2L paths of a given active P2MP instance each time the P2MP re-signal timer expires. The P2MP re-signal timer is configured separately from the P2P LSP parameter. MPLS performs a global MBB and moves each S2L sub-LSP in the instance into its new path using a new P2MP LSP ID if the global MBB is successful, regardless of the cost of the new S2L path.
This command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.
The no form of this command disables the timer-based re-signaling of P2MP LSPs on this system.
Parameters
- minutes
-
Specifies the time MPLS waits before attempting to re-signal the P2MP LSP instance.
Platforms
All
p2mp-s2l-fast-retry
p2mp-s2l-fast-retry
Syntax
p2mp-s2-fast-retry seconds
no p2mp-s2l-fast-retry
Context
[Tree] (config>router>mpls p2mp-s2l-fast-retry)
[Tree] (config>router>rsvp p2mp-s2l-fast-retry)
Full Context
configure router mpls p2mp-s2l-fast-retry
configure router rsvp p2mp-s2l-fast-retry
Description
This command configures a global parameter to allow the user to apply a shorter retry timer for the first try after an active LSP path went down due to a local failure or the receipt of a ResvTear. This timer is used only in the first try. Subsequent retries will continue to be governed by the existing LSP level retry-timer.
The config>router>mpls>p2mp-s2l-fast-retry command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.
The no form of this command disables the timer.
Default
no p2mp-s2l-fast-retry
Parameters
- seconds
-
Specifies the length of time for retry timer, in seconds
Platforms
All
p2mp-sr
p2mp-sr
Syntax
[no] p2mp-sr
Context
[Tree] (config>service>vprn>mvpn>pt>inclusive p2mp-sr)
[Tree] (config>service>vprn>mvpn>pt>selective p2mp-sr)
Full Context
configure service vprn mvpn provider-tunnel inclusive p2mp-sr
configure service vprn mvpn provider-tunnel selective p2mp-sr
Description
This command enables P2MP SR for the MVPN provider tunnel.
The no form of this command disables P2MP SR.
Default
no p2mp-sr
Platforms
All
p2mp-sr-tree
p2mp-sr-tree
Syntax
[no] p2mp-sr-tree
Context
[Tree] (config>router p2mp-sr-tree)
Full Context
configure router p2mp-sr-tree
Description
Commands in this context configure P2MP SR parameters.
Default
no p2mp-sr-tree
Platforms
All
p2mp-template-lsp
p2mp-template-lsp
Syntax
[no] p2mp-template-lsp rsvp-session-name SessionNameString sender sender-address
Context
[Tree] (config>router>mpls>ingress-stats p2mp-template-lsp)
Full Context
configure router mpls ingress-statistics p2mp-template-lsp
Description
This command configures an ingress statistics context matching on the RSVP session name for a RSVP P2MP LSP at the egress LER.
This command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.
When the ingress LER signals the path of the S2L sub-LSP, it includes the name of the LSP and that of the path in the Session Name field of the Session Attribute object in the Path message. The encoding is as follows:
Session Name: <lsp-name::path-name>, where lsp-name component is encoded as follows:
-
P2MP LSP through the user configuration for L3 multicast in global routing instance: "LspNameFromConfig”
-
P2MP LSP as I-PMSI or S-PMSI in L3 mVPN: templateName-SvcId-mTTmIndex
-
P2MP LSP as I-PMSI in VPLS/B-VPLS: templateName-SvcId-mTTmIndex
The ingress statistics CLI configuration allows the user to match either on the exact name of the P2MP LSP as configured at the ingress LER or on a context that matches on the template name and the service-id as configured at the ingress LER.
When the matching is performed on a context, the user must enter the RSVP session name string in the format "templateName-svcId” to include the LSP template name as well as the mVPN VPLS/B-VPLS service ID as configured at the ingress LER. In this case, one or more P2MP LSP instances signaled by the same ingress LER could be associated with the ingress statistics configuration and the user is provided with CLI parameter max-stats to limit the maximum number of stat indexes that can be assigned to this context. If the context matches more than this value, the additional request for stat indices from this context is rejected. A background tasks monitors the ingress statistics templates which have one or more matching LSP instances with unassigned stat index and assigns one to them as they are freed.
Note the following rules when configuring an ingress statistics context based on template matching:
-
max-stats, after allocated, can be increased but not decreased unless the entire ingress statistics context matching a template name is deleted.
-
To delete ingress statistics context matching a template name, a shutdown is required.
-
An accounting policy cannot be configured or de-configured until the ingress statistics context matching a template name is shut down.
-
After deleting an accounting policy from an ingress statistics context matching a template name, the policy is not removed from the log until a "no shut” is performed on the ingress statistics context.
If there are no stat indexes available at the time the session of the P2MP LSP matching a template context is signaled and the session state installed by the egress LER, no stats are allocated to the session.
Furthermore, the assignment of stat indexes to the LSP names that match the context will also be not deterministic. The latter is due to the fact that a stat index is assigned and released following the dynamics of the LSP creation or deletion by the ingress LER. For example, a multicast stream crosses the rate threshold and is moved to a newly signaled S-PMSI dedicated to this stream. Later on, the same steam crosses the threshold downwards and is moved back to the shared I-PMSI and the P2MP LSP corresponding to the S-PMSI is deleted by the ingress LER.
The no form deletes the ingress statistics context matching on the RSVP session name.
Parameters
- rsvp-session-name SessionNameString
-
Specifies the name of the RSVP P2MP session in the format of "templateName-svcId”. This field can hold up to 64 characters.
- sender sender-address
-
Specifies a string of 15 characters representing the IP address of the ingress LER for the LSP.
Platforms
All
p2mp-ttl-propagate
p2mp-ttl-propagate
Syntax
[no] p2mp-ttl-propagate
Context
[Tree] (config>router>mpls p2mp-ttl-propagate)
Full Context
configure router mpls p2mp-ttl-propagate
Description
This command configures the uniform mode of operation for RSVP P2MP LSPs.
The no form of this command configures the pipe mode of operation for P2MP LSPs.
When the mode of operation is modified, the new configuration applies to future P2MP LSPs only and the existing operational LSPs are not affected.
Default
p2mp-ttl-propagate
Platforms
All
p2p-active-path-fast-retry
p2p-active-path-fast-retry
Syntax
p2p-active-path-fast-retry seconds
no p2p-active-path-fast-retry
Context
[Tree] (config>router>mpls p2p-active-path-fast-retry)
Full Context
configure router mpls p2p-active-path-fast-retry
Description
This command configures a global parameter to allow the user to apply a shorter retry timer for the first try after an active LSP path went down due to a local failure or the receipt of a ResvTear. This timer is used only in the first try. Subsequent retries will continue to be governed by the existing LSP level retry-timer.
The no form of this command disables the timer.
Default
no p2p-active-path-fast-retry
Parameters
- seconds
-
Specifies the length of time for retry timer, in seconds
Platforms
All
p2p-merge-point-abort-timer
p2p-merge-point-abort-timer
Syntax
p2p-merge-point-abort-timer seconds
no p2p-merge-point-abort-timer
Context
[Tree] (config>router>rsvp p2p-merge-point-abort-timer)
Full Context
configure router rsvp p2p-merge-point-abort-timer
Description
This command configures a timer to abort Merge-Point (MP) node procedures for a P2P LSP path. When a value higher than zero is configured for this timer, it will enter into effect anytime this node activates Merge-Point procedures for one or more P2P LSP paths. As soon an ingress interface goes operationally down, the Merge-Point node starts the abort timer. Upon expiry of the timer, MPLS will clean up all P2P LSP paths which ILM is on the failed interface and which have not already received a Path refresh over the bypass LSP.
The no form of this command disables the timer.
Default
no p2p-merge-point-abort-timer
Parameters
- seconds
-
Specifies the length of the abort timer in seconds
Platforms
All
p2p-template-lsp
p2p-template-lsp
Syntax
[no] p2p-template-lsp rsvp-session-name SessionNameString sender sender-address
Context
[Tree] (config>router>mpls>ingress-stats p2p-template-lsp)
Full Context
configure router mpls ingress-statistics p2p-template-lsp
Description
This command configures an ingress statistics context matching on the RSVP session name for a RSVP P2P auto-LSP at the egress LER.
When the ingress LER signals the path of a template based one-hop-p2p or mesh-p2p auto-lsp, it includes the name of the LSP and that of the path in the Session Name field of the Session Attribute object in the Path message. The encoding is as follows:
Session Name: lsp-name::path-name, where lsp-name component is encoded as follows:
P2MP LSP through the user configuration for Layer 3 multicast in global routing instance: "LspNameFromConfig”
-
P2MP LSP as I-PMSI or S-PMSI in L3 mVPN: templateName-SvcId-mTTmIndex
-
P2MP LSP as I-PMSI in VPLS/B-VPLS: templateName-SvcId-mTTmIndex.
The ingress statistics CLI configuration allows the user to match either on the exact name of the P2P auto-LSP or on a context that matches on the template name and the destination of the LSP at the ingress LER.
When the matching is performed on a context, the user must enter the RSVP session name string in the format "templateName-svcId” to include the LSP template name as well as the mVPN VPLS/B-VPLS service ID as configured at the ingress LER. In this case, one or more P2MP LSP instances signaled by the same ingress LER could be associated with the ingress statistics configuration. The user is provided with CLI parameter max-stats to limit the maximum number of stat indices which can be assigned to this context. If the context matches more than this value, the additional request for stat indices from this context is rejected.
Note the following rules when configuring an ingress statistics context based on template matching:
-
max-stats, once allocated, can be increased but not decreased unless the entire ingress statistics context matching a template name is deleted.
-
To delete ingress statistics context matching a template name, a shutdown is required.
-
An accounting policy cannot be configured or de-configured until the ingress statistics context matching a template name is shut down.
-
After deleting an accounting policy from an ingress statistics context matching a template name, the policy is not removed from the log until a no shut is performed on the ingress statistics context.
If there are no stat indexes available at the time the session of the P2P LSP matching a template context is signaled and the session state installed by the egress LER, no stats are allocated to the session.
Furthermore, the assignment of stat indexes to the LSP names that match the context is not deterministic. The latter is because a stat index is assigned and released following the dynamics of the LSP creation or deletion by the ingress LER. For example, a multicast stream crosses the rate threshold and is moved to a newly signaled S-PMSI dedicated to this stream. Later on, the same steam crosses the threshold downwards and is moved back to the shared I-PMSI and the P2MP LSP corresponding to the S-PMSI is deleted by the ingress LER.
The no form deletes the ingress statistics context matching on the RSVP session name.
Parameters
- rsvp-session-name SessionNameString
-
Specifies the name of the RSVP P2MP session in the format of "templateName-svcId”. This field can hold up to 64 characters.
- sender sender-address
-
Specifies a string of 15 characters representing the IP address of the ingress LER for the LSP.
Platforms
All
packet
packet
Syntax
packet detail-level {high | low}
packet mode {all | dropped}
no packet
Context
[Tree] (debug>gtp packet)
Full Context
debug gtp packet
Description
This command enables debugging of GTP packets sent or received by the system’s control plane.
The no form of this command disables debugging of GTP packets.
Parameters
- detail-level {high | low}
-
Specifies how much detail is to be displayed when debugging a GTP packet.
- mode {all | dropped}
-
Specifies which packets is debugged.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet
Syntax
[no] packet
Context
[Tree] (debug>router>l2tp packet)
[Tree] (debug>router>l2tp>group packet)
[Tree] (debug>router>l2tp>peer packet)
[Tree] (debug>router>l2tp>assignment-id packet)
Full Context
debug router l2tp packet
debug router l2tp group packet
debug router l2tp peer packet
debug router l2tp assignment-id packet
Description
This command enables packet debugging.
The no form of this command disables packet debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
packet
Syntax
[no] packet
Context
[Tree] (debug>service>id>ppp packet)
Full Context
debug service id ppp packet
Description
This command enables debugging for specific PPPoE packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
packet
packet
Syntax
packet jitter-buffer milliseconds [payload-size bytes]
packet payload-size bytes
no packet
Context
[Tree] (config>service>cpipe>sap>cem packet)
[Tree] (config>service>epipe>sap>cem packet)
Full Context
configure service cpipe sap cem packet
configure service epipe sap cem packet
Description
This command specifies the jitter buffer size, in milliseconds, and payload size, in bytes.
Default
The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots as shown in Packet CEM SAP Endpoint Types.
Endpoint Type |
Timeslots |
Default Jitter Buffer (in ms) |
---|---|---|
unstructuredE1 |
— |
5 |
unstructuredT1 |
— |
5 |
nxDS0 (E1/T1) |
— |
32 |
N = 1 |
16 |
|
N = 2 to 4 |
8 |
|
N = 5 to 15 |
5 |
|
nxDS0WithCas (E1) |
N |
8 |
nxDS0WithCas (T1) |
N |
12 |
Parameters
- milliseconds
-
Specifies the jitter buffer size in milliseconds (ms).
Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffers is not allowed. Setting the jitter butter value to 0 sets it back to the default value.
- payload-size bytes
-
Specifies the payload size (in bytes) of packets transmitted to the packet service network (PSN) by the CEM SAP. This determines the size of the data that will be transmitted over the service. If the size of the data received is not consistent with the payload size then the packet is considered malformed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap cem packet
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
- configure service epipe sap cem packet
packet
Syntax
packet [hello | jp]
packet [hello | jp] evpn-mpls
packet [hello | jp] [ sap sap-id]
packet [hello | jp] [ sdp sdp-id:vc-id]
packet [hello | jp] vxlan vtep ip-address vni vni-id
no packet
Context
[Tree] (debug>service>id>pim-snooping packet)
Full Context
debug service id pim-snooping packet
Description
This command enables or disables debugging for PIM packets.
Parameters
- hello | jp
-
PIM packet types
- sap-id
-
Debugs packets associated with the specified SAP
- sdp-id:vc-id
-
Debugs packets associated with the specified SDP
- evpn-mpls
-
Debugs PIM snooping statistics for EVPN-MPLS destinations
Platforms
All
packet
Syntax
packet [query | v1-report | v2-report | v3-report | v2-leave] [ip-int-name | ip-address] [ mode {dropped-only | ingr-and-dropped | egr-ingr-and-dropped}]
packet [query | v1-report | v2-report | v3-report | v2-leave] [mode { dropped-only | ingr-and-dropped | egr-ingr-and-dropped}] group-interface ip-int-name
packet [query | v1-report | v2-report | v3-report | v2-leave] host ip-address [mode {dropped-only | ingr-and-dropped | egr-ingr-and-dropped}]
no packet [query | v1-report | v2-report | v3-report | v2-leave] [ip-int-name | ip-address]
no packet [query | v1-report | v2-report | v3-report | v2-leave] group-interface ip-int-name
no packet [query | v1-report | v2-report | v3-report | v2-leave] host ip-address
Context
[Tree] (debug>router>igmp packet)
Full Context
debug router igmp packet
Description
This command enables/disables debugging for IGMP packets.
Parameters
- query
-
Specifies to log the IGMP group- and source-specific queries transmitted and received on this interface.
- v1-report
-
Specifies to debug IGMP V1 reports transmitted and received on this interface.
- v2-report
-
Specifies to debug IGMP V2 reports transmitted and received on this interface.
- v3-report
-
Specifies to debug IGMP V3 reports transmitted and received on this interface.
- v2-leave
-
Specifies to debug the IGMP Leaves transmitted and received on this interface.
- ip-int-name
-
Debugs the information associated with the specified IP interface name.
- ip-address
-
Debugs the information associated with the specified IP address.
Platforms
All
packet
Syntax
packet [detail]
no packet
Context
[Tree] (debug>router>ldp>if packet)
[Tree] (debug>router>ldp>peer packet)
Full Context
debug router ldp interface packet
debug router ldp peer packet
Description
This command enables debugging for specific LDP packets.
The no form of the command disables the debugging output.
Parameters
- detail
-
Displays detailed information.
Platforms
All
packet
Syntax
[no] packet
Context
[Tree] (debug>router>rsvp packet)
Full Context
debug router rsvp packet
Description
Commands in this context debug packets.
Platforms
All
packet
Syntax
packet [pkt-type] [peer ip-address]
Context
[Tree] (debug>router>msdp packet)
Full Context
debug router msdp packet
Description
This command enables debugging for Multicast Source Discovery Protocol (MSDP) packets.
The no form of the command disables MSDP packet debugging.
Parameters
- pkt-type
-
Debugs information associated with the specified packet type.
- ip-address
-
Debugs information associated with the specified peer IP address.
Platforms
All
packet
Syntax
packet [hello | register | register-stop | jp | bsr | assert | crp | mdt-tlv | auto-rp-announcement | auto-rp-mapping | graft | graft-ack] [ip-int-name | mt-int-name | int-ip-address | mpls-if-name] [family {ipv4 | ipv6}] [ send | receive]
no packet
Context
[Tree] (debug>router>pim packet)
Full Context
debug router pim packet
Description
This command enables debugging for PIM packets.
The no form of this command disables debugging for PIM packets.
Parameters
- hello | register | register-stop | jp | bsr | assert | crp | mdt-tlv | auto-rp-announcement | auto-rp-mapping | graft | graft-ack
-
Specifies PIM packet types.
- ip-int-name
-
Debugs the information associated with the specified IP interface name, up to 32 characters.
- mt-int-name
-
Debugs the information associated with the specified VPRN ID and group address.
- int-ip-address
-
Debugs the information associated with the specified IP address.
- ipv4
-
Specifies to display IPv4 packets.
- ipv6
-
Specifies to display IPv6 packets.
- mpls-if-name
-
Debugs the information associated with the specified MPLS interface.
- receive
-
Specifies to display received packets.
- send
-
Specifies to display sent packets.
- family
-
Debugs database packet information.
Platforms
All
packet
Syntax
packet jitter-buffer milliseconds [payload-size bytes]
packet payload-size bytes
no packet
Context
[Tree] (config>mirror>mirror-dest>sap>cem packet)
Full Context
configure mirror mirror-dest sap cem packet
Description
This command specifies the jitter buffer size, in milliseconds, and payload size, in bytes.
Default
The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots.
Endpoint Type |
Timeslots |
Default Jitter Buffer (in ms) |
---|---|---|
unstructuredE1 |
n/a |
5 |
unstructuredT1 |
n/a |
5 |
unstructuredE3 |
n/a |
5 |
unstructuredT3 |
n/a |
5 |
nxDS0 (E1/T1) |
N = 1 |
32 |
N = 2 to 4 |
16 |
|
N = 5 to 15 |
8 |
|
N >= 16 |
5 |
|
nxDS0WithCas (E1) |
N |
8 |
nxDS0WithCas (T1) |
N |
12 |
Parameters
- milliseconds
-
Specifies the jitter buffer size in milliseconds (ms).
Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffers is not allowed.
Setting the jitter butter value to 0 sets it back to the default value.
- bytes
-
Specifies the payload size (in bytes) of packets transmitted to the packet service network (PSN) by the CEM SAP. This determines the size of the data that will be transmitted over the service. If the size of the data received is not consistent with the payload size then the packet is considered malformed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
packet
Syntax
packet packet-number [create]
no packet packet-number
Context
[Tree] (debug>oam>build-packet packet)
Full Context
debug oam build-packet packet
Description
This command configures a packet to be launched by the OAM find-egress tool.
The no form of this command removes the packet number value.
Parameters
- packet-number
-
Specifies a packet to be launched by the OAM find-egress tool.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
packet
Syntax
packet all
packet cfm-opcode opcode [opcode]
no packet
Context
[Tree] (debug>eth-cfm>mip packet)
[Tree] (debug>eth-cfm>mep packet)
Full Context
debug eth-cfm mip packet
debug eth-cfm mep packet
Description
This command defines the ETH-CFM opcodes of interest to be debugged.
The no form of this command stops packet debugging and the collection of PDUs.
Parameters
- all
-
Specifies that debugging is enabled for all ETH-CFM packets.
- opcode
-
Specifies a standard numerical reference or common three-letter acronym (TLA) that identifies the CFM PDU type. Up to five opcodes can be specified, and a combination of both numbers and TLAs can be used.
MEPs support all opcodes.
MIPs support 2 (LBR), 3 (LBM), 4 (LTR), and 5 (LTM).
Unknown or unsupported opcodes in TLA form are rejected. The applicable numerical opcode can be used instead. When numerical references are used, they are converted to a known TLA or left in numerical form if the TLA is unknown.
Re-entering the packet command overwrites the previous opcode entries for the MEP or MIP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
packet
Syntax
packet [{ip-int-name | ip-address}] [headers] [ protocol-id]
no packet [{ip-int-name | ip-address}]
Context
[Tree] (debug>router>ip packet)
Full Context
debug router ip packet
Description
This command enables debugging for IP packets.
Parameters
- ip-int-name
-
Only displays the interface information associated with the specified IP interface name.
- ip-address
-
Only displays the interface information associated with the specified IP address.
- headers
-
Only displays information associated with the packet header.
- protocol-id
-
Specifies the decimal value representing the IP protocol to debug. Well-known protocol numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the criteria.
Platforms
All
packet
Syntax
[no] packet
Context
[Tree] (debug>router>pcp>pcp-server packet)
Full Context
debug router pcp pcp-server packet
Description
This command enables packet debugging.
The no form of this command disables packet debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet
Syntax
[no] packet [{query | request | response}]
Context
[Tree] (debug>router>mtrace packet)
Full Context
debug router mtrace packet
Description
This command enables debugging for mtrace packets.
Platforms
All
packet
Syntax
[no] packet [{query | request | reply}]
Context
[Tree] (debug>router>mtrace2 packet)
Full Context
debug router mtrace2 packet
Description
This command enables debugging for mtrace2 packets.
Platforms
All
packet
Syntax
[no] packet
Context
[Tree] (debug>router>rpki-session packet)
Full Context
debug router rpki-session packet
Description
This command enables debugging for specific RPKI packets.
The no form of this command disables debugging for specific RPKI packets.
Platforms
All
packet
Syntax
packet [packet-type] [ip-int-name | ip-address] [ detail]
Context
[Tree] (debug>router>isis packet)
Full Context
debug router isis packet
Description
This command enables debugging for IS-IS packets.
The no form of the command disables debugging.
Parameters
- ip-address
-
When specified, only packets with the specified interface address are debugged.
- ip-int-name
-
When specified, only packets with the specified interface name are debugged.
- packet-type
-
When specified, only packets of the specified type are debugged.
- detail
-
All output is displayed in the detailed format.
Platforms
All
packet
Syntax
packet [packet-type] [interface-name] [ingress | egress] [detail]
packet [packet-type] [interface-name] [ingress | egress | drop] [ detail]
no packet
Context
[Tree] (debug>router>ospf3 packet)
[Tree] (debug>router>ospf packet)
Full Context
debug router ospf3 packet
debug router ospf packet
Description
This command enables debugging for OSPF packets.
Parameters
- packet-type
-
Specifies the OSPF packet type to debug.
- interface-name
-
Specifies the interface to debug, up to 32 characters.
- ingress
-
Specifies to display ingress packets.
- egress
-
Specifies to display egress packets.
- drop
-
Specifies to display dropped packets.
Platforms
All
packet
Syntax
packet [high-detail] [dropped-only]
no packet
Context
[Tree] (debug>subscr-mgmt>pfcp packet)
Full Context
debug subscriber-mgmt pfcp packet
Description
This command debugs PFCP packets that are received or sent. The no form of this command disables any PFCP packet debugging.
Parameters
- high-detail
-
Specifies to provide a full packet dump; without this parameter only basic packet information is provided.
- dropped-only
-
Specifies to only debug dropped packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
packet
Syntax
packet packet-type [detail]
no packet packet-type
Context
[Tree] (debug>router>pcep>pcc packet)
[Tree] (debug>router>pcep>pcc>conn packet)
Full Context
debug router pcep pcc packet
debug router pcep pcc connection packet
Description
This command enables debugging for PCEP PCC or connection packets.
The no form of this command disables debugging.
Parameters
- packet-type
-
Specifies only packets of the specified type are debugged.
- detail
-
Keyword used to specify detailed output.
Platforms
All
packet
Syntax
packet packet-type [detail]
no packet packet-type
Context
[Tree] (debug>router>pcep>pce>conn packet)
[Tree] (debug>router>pcep>pce packet)
Full Context
debug router pcep pce connection packet
debug router pcep pce packet
Description
This command enables debugging for PCEP PCE or connection packets.
The no form of this command disables debugging.
Parameters
- packet-type
-
Specifies only packets of the specified type are debugged.
- detail
-
Keyword used to specify detailed output.
Platforms
VSR-NRC
packet-byte-offset
packet-byte-offset
Syntax
packet-byte-offset add bytes
packet-byte-offset subtract sub-bytes
no packet-byte-offset
Context
[Tree] (config>qos>sap-egress>dynamic-queue packet-byte-offset)
Full Context
configure qos sap-egress dynamic-queue packet-byte-offset
Description
This command configures the packet-byte offset the system uses to modify the size of the input packets handled by the queue, by adding or subtracting the specified number of bytes. This also applies to any charging statistics. The actual packet size is not modified, only the size used to determine the egress scheduling and profiling is changed.
Parameters
- add bytes
-
Specifies the packet byte offset. The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet.
- subtract bytes
-
Specifies the packet byte offset. The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
packet-byte-offset
Syntax
packet-byte-offset{add bytes | subtract bytes}
no packet-byte-offset
Context
[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer packet-byte-offset)
[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer packet-byte-offset)
Full Context
configure subscriber-mgmt sla-profile ingress qos policer packet-byte-offset
configure subscriber-mgmt sla-profile egress qos policer packet-byte-offset
Description
This command is used to modify the size of each packet handled by the policer by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed. The packet-byte-offset command is meant to be an arbitrary mechanism the can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the policing metering and profiling throughput is affected by the offset as well as the stats associated with the policer.
When child policers are adding to or subtracting from the size of each packet, the parent policer’s min-thresh-separation value should also need to be modified by the same amount.
The policer’s packet-byte-offset defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured and the policer is managed by HQoS, however the offsets are applied to the statistics.
The no form of this command removes the per packet size modifications from the policer.
Parameters
- add bytes
-
Specifies the packet byte offset. The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- subtract bytes
-
Specifies the packet byte offset. The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When b is defined the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.
Note:The minimum resulting packet size used by the system is 1 byte.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr packet-byte-offset)
[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr packet-byte-offset)
Full Context
configure card fp ingress access queue-group policer-override policer packet-byte-offset
configure card fp ingress network queue-group policer-override policer packet-byte-offset
Description
This command modifies the size of each packet handled by the policer by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed. The packet-byte-offset command is meant to be an arbitrary mechanism the can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the policing metering and profiling throughput is affected by the offset as well as the stats associated with the policer.
When child policers are adding to or subtracting from the size of each packet, the parent policer’s min-thresh-separation value should also need to be modified by the same amount.
The policer’s packet-byte-offset defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.
The no form of this command removes per packet size modifications from the policer.
Parameters
- add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When b is defined the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet. Note that the minimum resulting packet size used by the system is 1 byte.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr packet-byte-offset)
[Tree] (config>service>epipe>sap>egress>policer-over>plcr packet-byte-offset)
[Tree] (config>service>epipe>sap>ingress>policer-over>plcr packet-byte-offset)
[Tree] (config>service>ipipe>sap>egress>policer-over>plcr packet-byte-offset)
[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr packet-byte-offset)
[Tree] (config>service>cpipe>sap>egress>policer-over>plcr packet-byte-offset)
Full Context
configure service cpipe sap ingress policer-override policer packet-byte-offset
configure service epipe sap egress policer-override policer packet-byte-offset
configure service epipe sap ingress policer-override policer packet-byte-offset
configure service ipipe sap egress policer-override policer packet-byte-offset
configure service ipipe sap ingress policer-override policer packet-byte-offset
configure service cpipe sap egress policer-override policer packet-byte-offset
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured; however, the offsets are applied to the statistics.
The no packet-byte-offset command is used to restore the policer’s packet-byte-offset setting to the policy defined value.
Default
no packet-byte-offset
Parameters
- add-bytes
-
Specifies the number of bytes that are added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- sub-bytes
-
Specifies the number of bytes that are subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress policer-override policer packet-byte-offset
- configure service cpipe sap egress policer-override policer packet-byte-offset
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service ipipe sap egress policer-override policer packet-byte-offset
- configure service epipe sap ingress policer-override policer packet-byte-offset
- configure service ipipe sap ingress policer-override policer packet-byte-offset
- configure service epipe sap egress policer-override policer packet-byte-offset
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>service>vpls>sap>ingress>policer-override>plcr packet-byte-offset)
[Tree] (config>service>vpls>sap>egress>policer-override>plcr packet-byte-offset)
Full Context
configure service vpls sap ingress policer-override policer packet-byte-offset
configure service vpls sap egress policer-override policer packet-byte-offset
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.
The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.
Default
no packet-byte-offset
Parameters
- add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>service>ies>if>sap>egress>policer-override>plcr packet-byte-offset)
[Tree] (config>service>ies>if>sap>ingress>policer-override>plcr packet-byte-offset)
Full Context
configure service ies interface sap egress policer-override policer packet-byte-offset
configure service ies interface sap ingress policer-override policer packet-byte-offset
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.
The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.
Default
no packet-byte-offset
Parameters
- add add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- subtract sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
packet-byte-offset
Syntax
packet-byte-offset add add-bytes
packet-byte-offset subtract sub-bytes
no packet-byte-offset
Context
[Tree] (config>service>vprn>if>sap>egress>policer-override>plcr packet-byte-offset)
[Tree] (config>service>vprn>if>sap>ingress>policer-override>plcr packet-byte-offset)
Full Context
configure service vprn interface sap egress policer-override policer packet-byte-offset
configure service vprn interface sap ingress policer-override policer packet-byte-offset
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.
The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.
Default
no packet-byte-offset
Parameters
- add add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- subtract sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub- bytes}
no packet-byte-offset
Context
[Tree] (config>qos>sap-ingress>policer packet-byte-offset)
[Tree] (config>qos>sap-ingress>dyn-policer packet-byte-offset)
[Tree] (config>qos>sap-egress>policer packet-byte-offset)
[Tree] (config>qos>sap-egress>dyn-policer packet-byte-offset)
Full Context
configure qos sap-ingress policer packet-byte-offset
configure qos sap-ingress dynamic-policer packet-byte-offset
configure qos sap-egress policer packet-byte-offset
configure qos sap-egress dynamic-policer packet-byte-offset
Description
This command is used to modify the size of each packet handled by the policer by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed. The packet-byte-offset command is meant to be an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the policing metering and profiling throughput is affected by the offset as well as the stats associated with the policer.
When child policers are adding to or subtracting from the size of each packet, the parent policer’s min-thresh-separation value should also need to be modified by the same amount.
The policer’s packet-byte-offset defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. Packet byte offset settings are not included in the applied rate when (queue) frame-based accounting is configured and the policer is managed by HQoS; however, the offsets are applied to the statistics.
The no form of this command is used to remove per packet size modifications from the policer.
Parameters
- add add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size of each packet associated with the policer for rate metering, profiling, and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
- subtract sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling, and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet. The minimum resulting packet size used by the system is 1 byte.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos sap-egress policer packet-byte-offset
- configure qos sap-ingress policer packet-byte-offset
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure qos sap-ingress dynamic-policer packet-byte-offset
- configure qos sap-egress dynamic-policer packet-byte-offset
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>qos>sap-ingress>queue packet-byte-offset)
Full Context
configure qos sap-ingress queue packet-byte-offset
Description
This command modifies the size of each packet handled by the queue by adding or subtracting the specified number of bytes. The actual packet size is not modified, only the size used to determine the ingress scheduling and profiling is changed. The packet-byte-offset command is an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the scheduling and profiling throughput is affected by the offset as well as the statistics (accounting) associated with the queue. The packet-byte-offset does not apply to drop statistics, received valid statistics, or the offered managed and unmanaged statistics used by Ingress Multicast Path Management.
The no form of this command removes per-packet size modifications from the queue.
Parameters
- add-bytes
-
Specifies the number of bytes added to the size of each packet associated with the queue for scheduling, profiling, and accounting purposes. From the queue’s perspective, the packet size is increased by the amount specified.
- sub-bytes
-
Specifies the number of bytes subtracted from the size of each packet associated with the queue for scheduling, profiling, and accounting purposes. From the queue’s perspective, the packet size is reduced by the amount specified. The minimum resulting packet size used by the system is 1 byte.
Platforms
All
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>qos>sap-egress>queue packet-byte-offset)
Full Context
configure qos sap-egress queue packet-byte-offset
Description
This command is used to modify the size of each packet handled by the queue by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed.
The packet-byte-offset command is meant to be an arbitrary mechanism the can be used to either add downstream frame encapsulation or remove portions of packet headers.
When a packet-byte-offset value is applied to a queue instance, it adjusts the immediate packet size. This means that the queue rates, in other words, operational PIR and CIR, and queue bucket updates use the adjusted packet size. In addition, the queue statistics also reflects the adjusted packet size. Scheduler policy rates, which are data rates, uses the adjusted packet size.
The port scheduler max-rate and the priority level rates and weights, if a Weighted Scheduler Group is used, are always on-the-wire rates and uses the actual frame size. The same applies for the agg-rate-limit on a SAP, a subscriber, or a multiservice Site (MSS) when the queue is port-parented.
When the user enables frame-based-accounting in a scheduler policy or queue-frame-based-accounting with agg-rate-limit in a port scheduler policy, the queue rate will be capped to a user-configured on-the-wire rate and the packet-byte-offset is not included. However, the offsets are applied to the statistics.
The no form of this command is used to remove per packet size modifications from the queue.
Parameters
- add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either parameter must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size of each packet associated with the queue for scheduling and accounting purposes.
- sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either parameter must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the queue for scheduling and accounting purposes. The minimum resulting packet size used by the system is 1 byte.
Platforms
All
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>qos>qgrps>ing>qgrp>policer packet-byte-offset)
Full Context
configure qos queue-group-templates ingress queue-group policer packet-byte-offset
Description
This command configures a packet byte offset for the QoS ingress queue-group policer.
Default
no packet-byte-offset
Parameters
- add-bytes
-
Specifies the number of bytes to add as the offset amount.
- sub-bytes
-
Specifies the number of bytes to add as the offset amount.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>qos>qgrps>ing>qgrp>queue packet-byte-offset)
Full Context
configure qos queue-group-templates ingress queue-group queue packet-byte-offset
Description
This command is used to modify the size of each packet handled by the queue by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the ingress scheduling and profiling is changed. The packet-byte-offset command is meant to be an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the scheduling and profiling throughput is affected by the offset as well as the stats (accounting) associated with the queue. The packet-byte-offset does not apply to drop statistics, received valid statistics, or the offered managed and unmanaged statistics used by Ingress Multicast Path Management.
The no form of this command is used to remove per packet size modifications from the queue.
Parameters
- add-bytes
-
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the queue for scheduling, profiling and accounting purposes. From the queue’s perspective, the packet size is increased by the amount being added to the size of each packet.
- sub-bytes
-
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the queue for scheduling, profiling and accounting purposes. From the queue’s perspective, the packet size is reduced by the amount being subtracted from the size of each packet. The minimum resulting packet size used by the system is 1 byte.
Platforms
All
packet-byte-offset
Syntax
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context
[Tree] (config>qos>qgrps>egr>qgrp>policer packet-byte-offset)
[Tree] (config>qos>qgrps>egr>qgrp>queue packet-byte-offset)
Full Context
configure qos queue-group-templates egress queue-group policer packet-byte-offset
configure qos queue-group-templates egress queue-group queue packet-byte-offset
Description
This command is used to modify the size of each packet handled by the queue by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed.
The packet-byte-offset command is meant to be an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers.
When a packet-byte-offset value is applied to a queue or policer instance, it adjusts the immediate packet size. This means that the queue rates (in other words, operational PIR and CIR) and policer or queue bucket updates use the adjusted packet size. In addition, the statistics also reflect the adjusted packet size. Scheduler policy rates, which are data rates, will use the adjusted packet size.
The port scheduler max-rate and the priority level rates and weights, if a Weighted Scheduler Group is used, are always on-the-wire rates and uses the actual frame size. The same applies for the agg-rate-limit on a SAP, a subscriber, or a Multiservice Site (MSS) when the queue is port-parented.
When the user enables frame-based-accounting in a scheduler policy or queue-frame-based-accounting with agg-rate-limit in a port scheduler policy, the policer or queue rate is capped to a user-configured on-the-wire rate and the packet-byte-offset is not included; however, the offsets are applied to the statistics.
The no form of this command is used to remove per packet size modifications from the queue.
Parameters
- add-bytes
-
Specifies that the corresponding bytes parameter specifies the number of bytes that is added to the size of each packet associated with the queue for scheduling and accounting purposes.
- sub-bytes
-
Specifies that the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the queue for scheduling and accounting purposes. The minimum resulting packet size used by the system is 1 byte.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos queue-group-templates egress queue-group policer packet-byte-offset
All
- configure qos queue-group-templates egress queue-group queue packet-byte-offset
packet-length
packet-length
Syntax
packet-length {lt | gt | eq} packet-length-value
packet-length range packet-length-value packet-length-value
no packet-length
Context
[Tree] (config>filter>ip-filter>entry>match packet-length)
Full Context
configure filter ip-filter entry match packet-length
Description
This command configures the IPv4 packet length value match criterion. The IPv4 packet length represents the total packet length including the IPv4 header and the payload.
Default
no packet-length
Parameters
- lt
-
Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.
- gt
-
Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.
- eq
-
Specifies "equal to”.
- packet-length-value
-
Specifies the packet length value.
- range
-
Specifies an inclusive range. When range is used, the beginning of the range must have a value less than the second value of the range.
Platforms
All
packet-length
Syntax
packet-length {lt | gt | eq} packet-length-value
packet-length range packet-length-value packet-length-value
no packet-length
Context
[Tree] (config>filter>ipv6-filter>entry>match packet-length)
Full Context
configure filter ipv6-filter entry match packet-length
Description
This command configures the IPv6 packet length value match criterion. The IPv6 packet length represents the total packet length including the IPv6 header and the payload.
Default
no packet-length
Parameters
- lt
-
Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.
- gt
-
Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.
- eq
-
Specifies "equal to”.
- packet-length-value
-
Specifies the packet length value.
- range
-
Specifies an inclusive range. When range is used, the beginning of the range must have a value less than the second value of the range.
Platforms
All
packet-rate-high-wmark
packet-rate-high-wmark
Syntax
packet-rate-high-wmark high-watermark
Context
[Tree] (config>app-assure packet-rate-high-wmark)
Full Context
configure application-assurance packet-rate-high-wmark
Description
This command configures the packet rate on the ISA-AA when a packet rate alarm will be raised by the agent.
Default
packet-rate-high-wmark max
Parameters
- high-watermark
-
Specifies the high watermark for packet rate alarms. The value must be larger than or equal to the packet-rate-low-wmark low-watermark value.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet-rate-low-wmark
packet-rate-low-wmark
Syntax
packet-rate-low-wmark low-watermark
no packet-rate-low-wmark
Context
[Tree] (config>app-assure packet-rate-low-wmark)
Full Context
configure application-assurance packet-rate-low-wmark
Description
This command configures the packet rate on the ISA-AA when a packet rate alarm will be cleared by the agent.
The no form of this command reverts to the default.
Default
packet-rate-low-wmark 0
Parameters
- low-watermark
-
Specifies the low watermark for packet rate alarms. The value must be lower than or equal to the packet-rate-high-wmark high-watermark value.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet-rx
packet-rx
Syntax
packet-rx [client client-ip [ source-port src-port]] [fcc-join] [ fcc-leave] [ret-nack]
no packet-rx
Context
[Tree] (debug>service>id>video-interface packet-rx)
Full Context
debug service id video-interface packet-rx
Description
This command enables debugging of received RTCP messages. The options for this command allow the user to filter only certain types of messages to appear in the debug traces.
Parameters
- client client-ip
-
Specifies the client IP address.
- source-port src-port
-
Specifies the source port.
- fcc-join
-
Enables debugging for FCC joins.
- fcc-leave
-
Enables debugging for FCC leaves.
- ret-nack
-
Enables debugging for retransmission nack packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
packet-sanity
packet-sanity
Syntax
packet-sanity direction direction [create]
no packet-sanity direction direction
Context
[Tree] (config>app-assure>group>statistics>tca>sctp-filter packet-sanity)
Full Context
configure application-assurance group statistics threshold-crossing-alert sctp-filter packet-sanity
Description
This command configures a TCA for the counter capturing packet sanity hits for the specified SCTP filter. A packet sanity TCA can be created for traffic generated from the subscriber side of AA ( from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet-size
packet-size
Syntax
packet-size bytes
no packet-size
Context
[Tree] (config>system>snmp packet-size)
Full Context
configure system snmp packet-size
Description
This command configures the maximum SNMP packet size generated by this node.
The no form of this command restores the default value.
Default
packet-size 1500
Parameters
- bytes
-
Specifies the SNMP packet size in bytes.
Platforms
All
packet-too-big
packet-too-big
Syntax
packet-too-big [number seconds]
no packet-too-big
Context
[Tree] (config>service>ies>if>ipv6>icmp6 packet-too-big)
Full Context
configure service ies interface ipv6 icmp6 packet-too-big
Description
This command specifies whether packet-too-big ICMP messages should be sent. When enabled, ICMPv6 packet-too-big messages are generated by this interface.
The no form of this command disables the sending of ICMPv6 packet-too-big messages.
Default
packet-too-big 100 10
Parameters
- number
-
Specifies the number of ICMP messages that are too large to send in the time frame specified by the seconds parameter.
- seconds
-
Specifies the time frame, in seconds, that is used to limit the number of "packet-too-big” ICMP messages issued.
Platforms
All
packet-too-big
Syntax
packet-too-big [number seconds]
no packet-too-big
Context
[Tree] (config>service>vprn>if>ipv6>icmp6 packet-too-big)
Full Context
configure service vprn interface ipv6 icmp6 packet-too-big
Description
This command configures the rate for Internet Control Message Protocol version 6 (ICMPv6) packet-too-big messages.
Parameters
- number
-
Specifies the number of packet-too-big messages to send in the time frame specified by the seconds parameter.
- seconds
-
Specifies the time frame, in seconds, that is used to limit the number of packet-too-big messages issued.
Platforms
All
packet-too-big
Syntax
packet-too-big
packet-too-big number [10..1000] seconds [ 1..60]
no packet-too-big
Context
[Tree] (config>service>vprn>if>sap>ip-tunnel>icmp6-gen packet-too-big)
Full Context
configure service vprn interface sap ip-tunnel icmp6-generation packet-too-big
Description
This command enables the system to send ICMPv6 PTB (Packet Too Big) messages on the private side and optionally specifies the rate.
With this command configured, the system sends PTB back if it received an IPv6 packet on the private side that is bigger than 1280 bytes and also exceeds the private MTU of the tunnel.
The ip-mtu command (under ipsec-tunnel or tunnel-template) specifies the private MTU for the ipsec-tunnel or dynamic tunnel.
The no form of this command reverts interval and message-count values to their default values.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packet-too-big
Syntax
packet-too-big [number seconds]
no packet-too-big
Context
[Tree] (config>router>if>ipv6>icmp6 packet-too-big)
Full Context
configure router interface ipv6 icmp6 packet-too-big
Description
This command configures the rate for ICMPv6 packet-too-big messages.
Parameters
- number
-
Limits the number of packet-too-big messages issued per time frame specified in the seconds parameter.
- seconds
-
Determines the time frame, in seconds, that is used to limit the number of packet-too-big messages issued per time frame.
Platforms
All
packet-tx
packet-tx
Syntax
packet-tx [group grp-addr [ source srcAddr]] [ret-nack]
no packet-tx
Context
[Tree] (debug>service>id>video-interface packet-tx)
Full Context
debug service id video-interface packet-tx
Description
This command enables debugging transmitted RTCP packets.
Parameters
- client client-ip
-
Specifies the client IP address.
- source src-srcAddr
-
Specifies the source port’s IP address.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
packet-type
packet-type
Syntax
packet-type [authentication] [accounting] [ coa]
no packet-type
Context
[Tree] (debug>router>radius packet-type)
Full Context
debug router radius packet-type
Description
This command specifies the RADIUS packet type filter of command debug router radius.
Default
authentication accounting coa
Parameters
- authentication
-
Specifies the RADIUS authentication packet.
- accounting
-
Specifies the RADIUS accounting packet.
- coa
-
Specifies the RADIUS change of authorization packet.
Platforms
All
packets
packets
Syntax
[no] packets [interface ip-int-name]
Context
[Tree] (debug>router>srrp packets)
Full Context
debug router srrp packets
Description
This command enables debugging for SRRP packets.
The no form of this command disables debugging.
Platforms
All
packets
Syntax
[no] packets
[no] packets interface ip-int-name [vrid virtual-router-id]
[no] packets interface ip-int-name vrid virtual-router-id ipv6
Context
[Tree] (debug>router>vrrp packets)
Full Context
debug router vrrp packets
Description
This command enables or disables debugging for VRRP packets.
Parameters
- ip-int-name
-
Specifies the interface name, up to 32 characters.
- virtual-router-id
-
Specifies the router ID.
- ipv6
-
Debugs the specified IPv6 VRRP interface.
Platforms
All
packets
Syntax
packets [neighbor ip-address | group name]
no packets
Context
[Tree] (debug>router>bgp packets)
Full Context
debug router bgp packets
Description
This command decodes and logs all sent and received BGP packets in the debug log.
The no form of this command disables debugging.
Parameters
- neighbor ip-address
-
Debugs only events affecting the specified BGP neighbor.
- group name
-
Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.
Platforms
All
packets
Syntax
packets [station station-name]
no packets
Context
[Tree] (debug>router>bmp packets)
Full Context
debug router bmp packets
Description
This command enables debugging for all BMP packets.
The no form of the command disables debugging for all BMP packets.
Parameters
- station-name
-
Specifies the station name of the BMP monitoring station, up to 32 characters.
Platforms
All
packets
Syntax
[no] packets [neighbor ip-int-name | ip-addr]
Context
[Tree] (debug>router>rip packets)
Full Context
debug router rip packets
Description
This command enables debugging for RIP packets.
Parameters
- ip-int-name | ip-address
-
Debugs the RIP packets sent on the neighbor IP address or interface.
Platforms
All
packets
Syntax
[no] packets [neighbor ip-int-name | ipv6-address]
Context
[Tree] (debug>router>ripng packets)
Full Context
debug router ripng packets
Description
This command enables debugging for RIPng packets.
Parameters
- ip-int-name| ipv6-address
-
Debugs the RIPng packets sent on the neighbor IP address or interface.
Platforms
All
packets-admitted-count
packets-admitted-count
Syntax
[no] packets-admitted-count
Context
[Tree] (config>log>acct-policy>cr>aa>aa-to-sub-cntr packets-admitted-count)
[Tree] (config>log>acct-policy>cr>aa>aa-from-sub-cntr packets-admitted-count)
Full Context
configure log accounting-policy custom-record aa-specific to-aa-sub-counters packets-admitted-count
configure log accounting-policy custom-record aa-specific from-aa-sub-counters packets-admitted-count
Description
This command includes the admitted packet count in the AA subscriber's custom record and only applies to the 7750 SR.
The no form of this command excludes the admitted packet count.
Default
no packets-admitted-count
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
packets-denied-count
packets-denied-count
Syntax
[no] packets-denied-count
Context
[Tree] (config>log>acct-policy>cr>aa>aa-to-sub-cntr packets-denied-count)
[Tree] (config>log>acct-policy>cr>aa>aa-from-sub-cntr packets-denied-count)
Full Context
configure log accounting-policy custom-record aa-specific to-aa-sub-counters packets-denied-count
configure log accounting-policy custom-record aa-specific from-aa-sub-counters packets-denied-count
Description
This command includes the denied packet count in the AA subscriber's custom record and only applies to the 7750 SR.
The no form of this command excludes the denied packet count.
Default
no packets-denied-count
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pad-size
pad-size
Syntax
pad-size octets
no pad-size
Context
[Tree] (config>oam-pm>session>ip>twamp-light pad-size)
Full Context
configure oam-pm session ip twamp-light pad-size
Description
This command defines the amount by which the TWAMP Light packet is padded. TWAMP session controller packets are 27 bytes smaller than TWAMP session reflector packets. If symmetrical packet sizes in the forward and backward direction are required, the pad size must be configured to a minimum of 27 bytes.
The no form of this command removes all padding.
Default
pad-size 0
Parameters
- octets
-
Specifies the value, in octets, to pad the TWAMP Light packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pad-tlv-size
pad-tlv-size
Syntax
pad-tlv-size octets
no pad-tlv-size
Context
[Tree] (config>oam-pm>session>mpls>dm pad-tlv-size)
Full Context
configure oam-pm session mpls dm pad-tlv-size
Description
This command allows the operator to add an optional Pad TLV to PDU and increase the frame on the wire by the specified amount. Note that this command only configures the size of the padding added to the PDU, and does not configure the total size of the frame on the wire. Since the bit count for the length is a maximum of 255 (8bits) the maximum pad per pad-tlv is between 0, 2 and 257 (type 1B, Length 1B, Length 255). Only a single pad-tlv can be added.
The no form of this command removes the optional TLV.
Parameters
- octets
-
Specifies the overall length of the pad-tlv.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pad-tlv-size
Syntax
pad-tlv-size octets
Context
[Tree] (config>test-oam>link-meas>template>twl pad-tlv-size)
Full Context
configure test-oam link-measurement measurement-template twamp-light pad-tlv-size
Description
This command configures an optional pad TLV size that allows a STAMP PDU to include the PAD TLV. This increases the size of the STAMP PDU by the size of the added TLV. The PAD TLV includes an all zeros pattern.
Parameters
- octets
-
Specifies the length of the pad-tlv.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pad-tlv-size
Syntax
pad-tlv-size octets [create]
no pad-tlv-size
Context
[Tree] (config>oam-pm>session>ip>twamp-light pad-tlv-size)
Full Context
configure oam-pm session ip twamp-light pad-tlv-size
Description
This command configures the PAD TLV to be included in the STAMP test packet with a total byte count equivalent to the value of this leaf.
TWAMP Light does not support TLVs. To pad the size of the TWAMP Light test packet the user must configure the pad-size command. STAMP test packets (the standard form of TWAMP Light) introduces TLVs for padding. Therefore, STAMP test packets must use the pad-tlv-size value.
The no form of this command removes the TWAMP Light test function from the OAM-PM session.
Parameters
- test-id
-
Specifies the value of the 4-byte local test identifier not sent in the TWAMP Light packets.
- create
-
Creates the test.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
padding-size
padding-size
Syntax
padding-size padding-size
no padding-size
Context
[Tree] (config>service>vprn>static-route-entry>indirect>cpe-check padding-size)
[Tree] (config>service>vprn>static-route-entry>next-hop>cpe-check padding-size)
Full Context
configure service vprn static-route-entry indirect cpe-check padding-size
configure service vprn static-route-entry next-hop cpe-check padding-size
Description
This optional parameter specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.
Default
padding-size 56
Parameters
- padding-size
-
An integer value.
Platforms
All
padding-size
Syntax
padding-size padding-size
no padding-size
Context
[Tree] (config>router>static-route-entry>next-hop>cpe-check padding-size)
[Tree] (config>router>static-route-entry>indirect>cpe-check padding-size)
Full Context
configure router static-route-entry next-hop cpe-check padding-size
configure router static-route-entry indirect cpe-check padding-size
Description
This command specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.
Default
padding-size 56
Parameters
- padding-size
-
Specifies the integer value.
Platforms
All
padding-size
Syntax
padding-size padding-size
no padding-size
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check padding-size)
[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check padding-size)
Full Context
configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check padding-size
configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check padding-size
Description
This command configures the padding size for the ICMP ping test packet of the CPE connectivity check.
Default
padding-size 56
Parameters
- padding-size
-
Specifies the padding size value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
padding-size
Syntax
padding-size size
no padding-size
Context
[Tree] (config>vrrp>priority-event>host-unreachable padding-size)
Full Context
configure vrrp priority-event host-unreachable padding-size
Description
This command allows the operator to increase the size of IP packet by padding the PDU.
The no form of the command reverts to the default.
Default
padding-size 0
Parameters
- size
-
Specifies amount of increase to the ICMP PDU.
padi-auth-policy
padi-auth-policy
Syntax
padi-auth-policy policy-name
no padi-auth-policy
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host padi-auth-policy)
Full Context
configure subscriber-mgmt local-user-db ppp host padi-auth-policy
Description
This command configures the PADI authentication policy of this host.
Parameters
- policy-name
-
Specifies the authentication policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pado-ac-name
pado-ac-name
Syntax
pado-ac-name name
no pado-ac-name
Context
[Tree] (config>subscr-mgmt>ppp-policy pado-ac-name)
Full Context
configure subscriber-mgmt ppp-policy pado-ac-name
Description
This command configures the Access Concentrator name that is used in the PPPoE PADO message.
By default, the system name or if not configured, the chassis Serial Number is used.
Parameters
- name
-
Specifies the string up to 128 characters to be used as AC name in the PPPoE PADO message.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pado-delay
pado-delay
Syntax
pado-delay deci-seconds
no pado-delay
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host pado-delay)
Full Context
configure subscriber-mgmt local-user-db ppp host pado-delay
Description
This command configures the delay timeout before sending a PPPoE Active Discovery Offer (PADO).
Parameters
- deci-seconds
-
Specifies the delay timeout before sending a PADO.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pado-delay
Syntax
pado-delay deci-seconds
no pado-delay
Context
[Tree] (config>subscr-mgmt>ppp-policy pado-delay)
Full Context
configure subscriber-mgmt ppp-policy pado-delay
Description
This command configures the delay timeout before sending a PPP Active Discovery Offer (PADO) packet.
Parameters
- deci-seconds
-
Specifies the delay timeout before sending a PADO.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pairing-button
pairing-button
Syntax
pairing-button admin-state
Context
[Tree] (config>system>bluetooth pairing-button)
Full Context
configure system bluetooth pairing-button
Description
This command is used to allow or block the function of the pairing button. This command can be used to block the accidental triggering of a pairing operation while there is already a paired device.
The actual behavior of the Bluetooth pairing is dependent on both this command and the power command.
If normal operation is to use the pairing button on the router and on the external device to initiate the Bluetooth connection, then set:
config>system>bluetooth>power enabled-manual
config>system>bluetooth>pairing-button enable
If normal operation is to only require the external device to initiate the pairing, then set:
config>system>bluetooth>power enabled-automatic
config>system>bluetooth>pairing-button disable
If normal operation is to not allow the local operator to connect without permission from the central management location, then set:
config>system>bluetooth>power enabled-manual
config>system>bluetooth>pairing-button disable
Then when a connection is wanted, the central management station must change the configuration to one of the two options shown above for the time the local operator is connecting. The central management station can change the setting back to block local access after the operations is complete.
Default
pairing-button disable
Parameters
- admin-state
-
Specifies the administrative state.
Platforms
7750 SR-1, 7750 SR-s, 7950 XRS-20e
parallel
parallel
Syntax
parallel [no-advertise]
no parallel
Context
[Tree] (config>router>isis>segm-rtng>adjacency-set parallel)
[Tree] (config>router>ospf>segm-rtng>adjacency-set parallel)
Full Context
configure router isis segment-routing adjacency-set parallel
configure router ospf segment-routing adjacency-set parallel
Description
This command indicates that all members of the adjacency set must terminate on the same neighboring node. The system raises a trap if a user attempts to add an adjacency terminating on a neighboring node that differs from the existing members of the adjacency set. In addition, the system stops advertising the adjacency set in IS-IS or OSPF and locally deprograms it.
By default, parallel adjacency sets are advertised in the IGP. The no-advertise option prevents an adjacency set from being advertised in the IGP. It is only allowed in CLI and SNMP if the parallel command is configured.
The no form of this command indicates that the adjacency set can include adjacencies to different next hop nodes.
Default
parallel
Platforms
All
param-problem
param-problem
Syntax
param-problem [number seconds]
no param-problem
Context
[Tree] (config>service>vprn>sub-if>grp-if>icmp param-problem)
[Tree] (config>service>ies>if>icmp param-problem)
[Tree] (config>service>ies>sub-if>grp-if>icmp param-problem)
[Tree] (config>service>ies>if>ipv6>icmp6 param-problem)
Full Context
configure service vprn subscriber-interface group-interface icmp param-problem
configure service ies interface icmp param-problem
configure service ies subscriber-interface group-interface icmp param-problem
configure service ies interface ipv6 icmp6 param-problem
Description
This command specifies whether parameter-problem ICMP/ICMPv6 messages should be sent. When enabled, parameter-problem ICMP/ICMPv6 messages are generated by this interface.
The no form of this command disables the sending of parameter-problem ICMP/ICMPv6 messages.
Default
param-problem 100 10
Parameters
- number
-
Specifies the number of parameter-problem ICMPv6 messages to send in the time frame specified by the seconds parameter.
- seconds
-
Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMPv6 messages issued.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface icmp param-problem
- configure service vprn subscriber-interface group-interface icmp param-problem
All
- configure service ies interface icmp param-problem
- configure service ies interface ipv6 icmp6 param-problem
param-problem
Syntax
param-problem [number number] [ seconds seconds]
no param-problem
Context
[Tree] (config>subscr-mgmt>git>ipv4>icmp param-problem)
Full Context
configure subscriber-mgmt group-interface-template ipv4 icmp param-problem
Description
This command configures the parameter-problem ICMPv4 messages that are generated by this interface.
The no form of this command disables the sending of parameter-problem ICMPv4 messages.
Default
param-problem number 100 seconds 10
Parameters
- number
-
Specifies the number of parameter-problem ICMPv4 messages sent in the time specified by the seconds parameter.
- seconds
-
Specifies the time, in seconds, that is used to limit the number of parameter-problem ICMPv4 messages issued.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
param-problem
Syntax
param-problem number seconds
no param-problem [number seconds]
Context
[Tree] (config>service>vprn>if>icmp param-problem)
[Tree] (config>service>vprn>if>ipv6>icmp6 param-problem)
[Tree] (config>service>vprn>nw-if>icmp param-problem)
Full Context
configure service vprn interface icmp param-problem
configure service vprn interface ipv6 icmp6 param-problem
configure service vprn network-interface icmp param-problem
Description
This command specifies whether parameter-problem ICMP messages should be sent. When enabled, parameter-problem ICMP messages are generated by this interface. The no form of this command disables the sending of parameter-problem ICMP messages.
Parameters
- number
-
Specifies the number of parameter-problem ICMP messages to send in the time frame specified by the seconds parameter.
- seconds
-
Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMP messages issued.
Platforms
All
param-problem
Syntax
param-problem [number seconds]
no param-problem
Context
[Tree] (config>router>if>icmp param-problem)
Full Context
configure router interface icmp param-problem
Description
This command specifies whether parameter-problem ICMP messages should be sent. When enabled, parameter-problem ICMP messages are generated by this interface.
The no form of this command disables the sending of parameter-problem ICMP messages.
Parameters
- number
-
Specifies the number of parameter-problem ICMP messages to send in the time frame specified by the seconds parameter.
- seconds
-
Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMP messages issued.
Platforms
All
param-problem
Syntax
param-problem [number seconds]
no param-problem
Context
[Tree] (config>router>if>ipv6>icmp6 param-problem)
Full Context
configure router interface ipv6 icmp6 param-problem
Description
This command specifies whether parameter-problem ICMPv6 messages should be sent. When enabled, parameter-problem ICMPv6 messages are generated by this interface.
The no form of this command disables the sending of parameter-problem ICMPv6 messages.
Parameters
- number
-
Specifies the number of parameter-problem ICMPv6 messages to send in the time frame specified by the seconds parameter.
- seconds
-
Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMPv6 messages issued.
Platforms
All
parent
parent
Syntax
parent [weight weight] [ cir-weight cir-weight]
no parent
Context
[Tree] (config>port>ethernet>access>egr>qgrp>qover>q parent)
Full Context
configure port ethernet access egress queue-group queue-overrides queue parent
Description
This command, when used in the queue-overrides context for a queue group queue, defines an optional weight and cir-weight for the queue treatment by the parent scheduler that further governs the available bandwidth for the queue aside from the queue PIR setting. When multiple schedulers and or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent bandwidth.
Parameters
- weight
-
Specifies the relative weight of this queue in comparison to other child schedulers and queues while vying for bandwidth on the parent scheduler-name. Any queues or schedulers defined as weighted receive no parental bandwidth until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.
- cir-weight
-
Specifies the weight the queue uses at the within-cir port priority level. The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
parent
Syntax
parent [weight weight] [ cir-weight cir-weight]
no parent
Context
[Tree] (config>port>ethernet>access>egr>qgrp>sched-override>scheduler parent)
[Tree] (config>port>ethernet>access>ing>qgrp>sched-override>scheduler parent)
Full Context
configure port ethernet access egress queue-group scheduler-override scheduler parent
configure port ethernet access ingress queue-group scheduler-override scheduler parent
Description
This command can be used to override the scheduler's parent weight and CIR weight. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the applied scheduler policy.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy - this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the queue group overrides. If the parent scheduler does not exist, causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.
The no form of this command returns the scheduler's parent weight and cir-weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child's weight to the total distributes the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child's cir-weight to the total distributes the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
parent
Syntax
parent scheduler-name [weight weight] [level level] [cir-weight cir-weight] [cir-level cir-level]
no parent
Context
[Tree] (config>qos>sap-egress>dynamic-queue parent)
Full Context
configure qos sap-egress dynamic-queue parent
Description
This command configures the queue treatment by the parent scheduler that governs the available bandwidth for the queue. When multiple schedulers share a child status with the parent scheduler, the weight and level options define how this queue contends with the other children for the above-CIR parent bandwidth. The cir-weight and cir-level options specify the weight the queue uses at the within-CIR port priority level.
Parameters
- scheduler-name
-
Specifies the name of the scheduler parent, up to 32 characters.
- weight
-
Specifies the relative weight of this queue in comparison to other child schedulers and queues while vying for above-CIR priority level bandwidth on the parent scheduler. Any queues or schedulers defined as weighted receive no parental bandwidth, until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.
- level
-
Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to feed to the parent, for above-CIR offered load bandwidth passes.
- cir-weight
-
Specifies the weight the queue uses at the within-cir priority level. The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight parameter is set to 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
- cir-level
-
Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to fed to the parent, for within-CIR offered load bandwidth passes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
parent
Syntax
parent {[weight weight] [cir-weight cir-weight]}
no parent
Context
[Tree] (config>service>cpipe>sap>ingress>queue-override>queue parent)
[Tree] (config>service>epipe>sap>egress>queue-override>queue parent)
[Tree] (config>service>epipe>sap>ingress>queue-override>queue parent)
[Tree] (config>service>ipipe>sap>egress>queue-override>queue parent)
[Tree] (config>service>cpipe>sap>egress>queue-override>queue parent)
[Tree] (config>service>ipipe>sap>ingress>queue-override>queue parent)
Full Context
configure service cpipe sap ingress queue-override queue parent
configure service epipe sap egress queue-override queue parent
configure service epipe sap ingress queue-override queue parent
configure service ipipe sap egress queue-override queue parent
configure service cpipe sap egress queue-override queue parent
configure service ipipe sap ingress queue-override queue parent
Description
This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.
Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multi-service customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The orphaned state must generate a log entry and a trap message. The SAP which the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.
The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.
When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.
The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. Once a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.
Parameters
- weight
-
These optional keywords are mutually exclusive to the level keyword. Specifies the relative weight of this queue in comparison to other child schedulers, policers, and queues while vying for bandwidth on the parent scheduler-name. Any policers, queues, or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.
All weight values from all weighted active policers, queues, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the policer, queue, or scheduler. A weight is considered to be active when the pertaining policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.
- cir-weight
-
Specifies the weight the queue or scheduler will use at the within-cir port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the policer, queue, or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress queue-override queue parent
- configure service cpipe sap ingress queue-override queue parent
All
- configure service epipe sap ingress queue-override queue parent
- configure service ipipe sap egress queue-override queue parent
- configure service epipe sap egress queue-override queue parent
- configure service ipipe sap ingress queue-override queue parent
parent
Syntax
parent [weight weight] [cir-weight cir-weight]
no parent
Context
[Tree] (config>service>epipe>sap>egress>sched-override>scheduler parent)
[Tree] (config>service>ipipe>sap>ingress>sched-override>scheduler parent)
[Tree] (config>service>cpipe>sap>ingress>sched-override>scheduler parent)
[Tree] (config>service>cpipe>sap>egress>sched-override>scheduler parent)
[Tree] (config>service>epipe>sap>ingress>sched-override>scheduler parent)
[Tree] (config>service>ipipe>sap>egress>sched-override>scheduler parent)
Full Context
configure service epipe sap egress scheduler-override scheduler parent
configure service ipipe sap ingress scheduler-override scheduler parent
configure service cpipe sap ingress scheduler-override scheduler parent
configure service cpipe sap egress scheduler-override scheduler parent
configure service epipe sap ingress scheduler-override scheduler parent
configure service ipipe sap egress scheduler-override scheduler parent
Description
This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.
The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers, policers, and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers, policers, and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
- configure service epipe sap egress scheduler-override scheduler parent
- configure service ipipe sap egress scheduler-override scheduler parent
- configure service ipipe sap ingress scheduler-override scheduler parent
- configure service epipe sap ingress scheduler-override scheduler parent
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress scheduler-override scheduler parent
- configure service cpipe sap egress scheduler-override scheduler parent
parent
Syntax
parent [weight weight] [cir-weight cir-weight]
no parent
Context
[Tree] (config>service>vpls>sap>egress>queue-override>queue parent)
[Tree] (config>service>vpls>sap>ingress>queue-override>queue parent)
Full Context
configure service vpls sap egress queue-override queue parent
configure service vpls sap ingress queue-override queue parent
Description
This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.
Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multi-service customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The orphaned state must generate a log entry and a trap message. The SAP which the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.
The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state mentioned above and automatically return to normal operation when the parent scheduler is available again.
When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.
The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. Once a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.
Parameters
- weight
-
These optional keywords are mutually exclusive to the level keyword. The weight defines the relative weight of this queue in comparison to other child schedulers, policers, and queues while vying for bandwidth on the parent scheduler-name. Any policers, queues, or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.
All weight values from all weighted active policers, queues, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the policer, queue, or scheduler. A weight is considered to be active when the pertaining policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.
- cir-weight
-
Specifies the weight the queue or scheduler will use at the within-cir port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the policer, queue, or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
parent
Syntax
parent [weight weight] [cir-weight cir-weight]
no parent
Context
[Tree] (config>service>vpls>sap>egress>sched-override>scheduler parent)
[Tree] (config>service>vpls>sap>ingress>sched-override>scheduler parent)
Full Context
configure service vpls sap egress scheduler-override scheduler parent
configure service vpls sap ingress scheduler-override scheduler parent
Description
This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.
The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
parent
Syntax
parent [weight weight] [ cir-weight cir-weight]
Context
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue parent)
[Tree] (config>service>ies>if>sap>egress>sched-override>scheduler parent)
[Tree] (config>service>ies>if>sap>ingress>sched-override>scheduler parent)
[Tree] (config>service>ies>if>sap>egress>queue-override>queue parent)
Full Context
configure service ies interface sap ingress queue-override queue parent
configure service ies interface sap egress scheduler-override scheduler parent
configure service ies interface sap ingress scheduler-override scheduler parent
configure service ies interface sap egress queue-override queue parent
Description
This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.
The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
parent
Syntax
parent [weight weight] [ cir-weight cir-weight]
no parent
Context
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue parent)
[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue parent)
Full Context
configure service vprn interface sap egress queue-override queue parent
configure service vprn interface sap ingress queue-override queue parent
Description
This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.
The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight weight
-
Specifes the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
parent
Syntax
parent [weight weight] [ cir-weight cir-weight]
no parent
Context
[Tree] (config>service>vprn>if>sap>egress>sched-override>scheduler parent)
[Tree] (config>service>vprn>if>sap>ingress>sched-override>scheduler parent)
Full Context
configure service vprn interface sap egress scheduler-override scheduler parent
configure service vprn interface sap ingress scheduler-override scheduler parent
Description
This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.
The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
parent
Syntax
parent {root | arbiter-name} [ level priority-level] [weight weight-within-level]
no parent
Context
[Tree] (config>qos>plcr-ctrl-plcy>tier>arbiter parent)
Full Context
configure qos policer-control-policy tier arbiter parent
Description
This command is used to define from where the tiered arbiter receives bandwidth. Both tier 1 and tier 2 arbiters default to parenting to the root arbiter. Tier 2 arbiters may be modified to parent to a tier 1 arbiter. The tier 1 arbiter parent cannot be changed.
The no form of this command is used to return the tiered arbiter to the default parenting behavior.
Default
parent root level 1 weight 1
Parameters
- root
-
In tier 1, arbiter-name is not allowed and only root is accepted. When root is specified, the arbiter will receive all bandwidth directly from the root arbiter. This is the default parent for tiered arbiters.
- arbiter-name
-
In tier 1, arbiter-name is not allowed and only root is accepted. The specified arbiter-name must exist within the policer-control-policy at tier 1 or the parent command will fail. When a tiered arbiter is acting as a parent for another tiered arbiter, the parent arbiter cannot be removed from the policy. The child arbiter will receive all bandwidth directly from its parent arbiter (that receives bandwidth from the root arbiter).
- priority-level
-
Each child arbiter attaches to its parent on one of the parent’s eight strict levels. Level 1 is the lowest and 8 is the highest. The level attribute is used to define which level the child arbiter uses on its parent. The parent distributes its available bandwidth based on strict priority starting with priority level 8 and proceeding towards level 1.
- weight-within-level
-
The weight attribute is used to define how multiple children at the same parent strict level compete when insufficient bandwidth exists on the parent for that level. Each child's weight is divided by the sum of the active children's weights and the result is multiplied by the available bandwidth. If a child cannot receive its entire weighted fair share of bandwidth due to a defined child rate limit, the remainder of its bandwidth is distributed between the other children based on their weights.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
parent
Syntax
parent arbiter-name [weight weight-within-level] [level level]
no parent
Context
[Tree] (config>qos>sap-ingress>policer parent)
[Tree] (config>qos>sap-ingress>dyn-policer parent)
[Tree] (config>qos>sap-egress>policer parent)
[Tree] (config>qos>sap-egress>dyn-policer parent)
Full Context
configure qos sap-ingress policer parent
configure qos sap-ingress dynamic-policer parent
configure qos sap-egress policer parent
configure qos sap-egress dynamic-policer parent
Description
This command is used to create a child-to-parent mapping between each instance of the policer and either the root arbiter or a specific tiered arbiter on the object where the policy is applied. Defining a parent association for the policer causes the policer to compete for the parent policer’s available bandwidth with other child policers mapped to the policer control hierarchy.
Policer control hierarchies may be created on SAPs or on a subscriber or multiservice site context. To create a policer control hierarchy on an ingress or egress SAP context, a policer-control-policy must be applied to the SAP. When applied, the system will create a parent policer that is bandwidth limited by the policy’s max-rate value under the root arbiter. The root arbiter in the policy also provides the information used to determine the various priority-level discard-unfair and discard-all thresholds. Besides the root arbiter, the policy may also contain user-defined tiered arbiters that provide arbitrary bandwidth control for subsets of child policers that are either directly or indirectly parented by the arbiter.
When the QoS policy containing the policer with a parent mapping to an arbiter name exists on the SAP, the system will scan the available arbiters on the SAP. If an arbiter exists with the appropriate name, the policer to arbiter association is created. If the specified arbiter does not exist either because a policer-control-policy is not currently applied to the SAP or the arbiter name does not exist within the applied policy, the policer is placed in an orphan state. Orphan policers operate as if they are not parented and are not subject to any bandwidth constraints other than their own PIR. When a policer enters the orphan state, it is flagged as operationally degraded due to the fact that it is not operating as intended and a trap is generated. Whenever a policer-control-policy is added to the SAP or the existing policy is modified, the SAP's policer's parenting configurations must be reevaluated. If an orphan policer becomes parented, the degraded flag is cleared, and a resulting trap is generated.
For subscribers, the policer control hierarchy is created through the policer-control-policy applied to the sub-profile used by the subscriber. A unique policer control hierarchy is created for each subscriber associated with the sub-profile. The QoS policy containing the policer with the parenting command comes into play through the subscriber sla-profile, which references the QoS policy. The combining of the sub-profile and the sla-profile at the subscriber level provides the system with the proper information to create the policer control hierarchy instance for the subscriber. This functionality is available only for the 7450 ESS and 7750 SR.
Executing the parent command will fail if:
-
The policer’s stat-mode in the QoS policy is set to no-stats
-
A stat-mode no-stats override exists on an instance of the policer on a SAP or subscriber or multiservice site context
A policer with a parent command applied cannot be configured with stat-mode no-stats in either the QoS policy or as an override on an instance of the policer.
When a policer is successfully parented to an arbiter, the parent commands level and weight parameters are used to determine at what priority level and at which weight in the priority level that the child policer competes with other children (policers or other arbiters) for bandwidth.
The no form of this command is used to remove the parent association from all instances of the policer.
Parameters
- {root | arbiter-name}
-
When the parent command is executed, either the keyword root or an arbiter-name must be specified.
- root
-
Specifies that the policer is intended to become a child to the root arbiter where an instance of the policer is created. If the root arbiter does not exist, the policer will be placed in the orphan state.
- arbiter-name
-
Specifies that the policer is intended to become a child to one of the tiered arbiters with the given arbiter-name where an instance of the policer is created. If the specified arbiter-name does not exist, the policer will be placed in the orphan state.
- weight weight-within-level
-
The weight weight-within-level keyword and parameter are optional when executing the parent command. When weight is not specified, a default level of 1 is used in the parent arbiter’s priority level. When weight is specified, the weight-within-level parameter must be specified as an integer value from 1 through 100.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos sap-egress policer parent
- configure qos sap-ingress policer parent
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure qos sap-ingress dynamic-policer parent
- configure qos sap-egress dynamic-policer parent
parent
Syntax
parent scheduler-name [weight weight] [level level] [cir-weight cir-weight] [cir-level cir-level]
no parent
Context
[Tree] (config>qos>sap-egress>queue parent)
[Tree] (config>qos>sap-ingress>queue parent)
Full Context
configure qos sap-egress queue parent
configure qos sap-ingress queue parent
Description
This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers, policers (at egress only), and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.
Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multiservice customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The SAP that the queue belongs to also depicts an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.
The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.
When a parent scheduler is defined without specifying the weight parameter, the default is a weight of 1.
The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. When a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.
Parameters
- scheduler-name
-
The defined scheduler-name conforms to the same input criteria as the schedulers defined within a scheduler policy. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. There are no checks performed at the time of definition to ensure that the scheduler-name exists within an existing scheduler policy. For the queue to use the defined scheduler-name, the scheduler exists on each egress SAP that the queue is eventually created on. For the duration where scheduler-name does not exist on the egress SAP, the queue operates in an orphaned state.
- weight
-
Specifies the relative weight of this queue in comparison to other child schedulers, policers, and queues, while vying for bandwidth on the parent scheduler-name. Any queues, policers, or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.
All weight values from all weighted active queues, policers, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the queue, policer, or scheduler. A weight is considered to be active when the pertaining queue, policer, or scheduler has not reached its maximum rate and still has packets to transmit. All child queues, policers, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted queues, policers, and schedulers at that level are operating at the maximum bandwidth or are idle.
- level
-
The optional level parameter defines the level of hierarchy when compared to other schedulers and queues competing for bandwidth on the parent scheduler-name. Queues or schedulers will not receive parental bandwidth until all queues, policers, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.
Children of the parent scheduler with a lower strict priority will not receive bandwidth until all children with a higher strict priority have either reached their maximum bandwidth or are idle. Children with the same strict level are serviced in relation to their relative weights.
- cir-weight
-
Specifies the weight that the queue or scheduler uses at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
- cir-level
-
Specifies the port priority that the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
parent
Syntax
parent {root | arbiter-name} [ level level] [weight weight-within-level]
no parent
Context
[Tree] (config>qos>qgrps>egr>qgrp>policer parent)
[Tree] (config>qos>qgrps>ing>qgrp>policer parent)
Full Context
configure qos queue-group-templates egress queue-group policer parent
configure qos queue-group-templates ingress queue-group policer parent
Description
This command is used to create a child-to-parent mapping between each instance of the policer and either the root arbiter or a specific tiered arbiter on the object where the policy is applied. Defining a parent association for the policer causes the policer to compete for the parent policer’s available bandwidth with other child policers mapped to the policer control hierarchy.
Policer control hierarchies may be created on SAPs or on a subscriber or multiservice site context. To create a policer control hierarchy on an ingress or egress SAP context, a policer-control-policy must be applied to the SAP. When applied, the system will create a parent policer that is bandwidth limited by the policy’s max-rate value under the root arbiter. The root arbiter in the policy also provides the information used to determine the various priority level discard-unfair and discard-all thresholds. Besides the root arbiter, the policy may also contain user-defined tiered arbiters that provide arbitrary bandwidth control for subsets of child policers that are either directly or indirectly parented by the arbiter.
When the QoS policy containing the policer with a parent mapping to an arbiter name exists on the SAP, the system will scan the available arbiters on the SAP. If an arbiter exists with the appropriate name, the policer to arbiter association is created. If the specified arbiter does not exist either because a policer-control-policy is not currently applied to the SAP or the arbiter name does not exist within the applied policy, the policer is placed in an orphan state. Orphan policers operate as if they are not parented and are not subject to any bandwidth constraints other than their own PIR. When a policer enters the orphan state, it is flagged as operationally degraded due to the fact that it is not operating as intended and a trap is generated. Whenever a policer-control-policy is added to the SAP or the existing policy is modified, the SAP's policer's parenting configurations must be reevaluated. If an orphan policer becomes parented, the degraded flag is cleared and a resulting trap is generated.
For subscribers, the policer control hierarchy is created through the policer-control-policy applied to the sub-profile used by the subscriber. A unique policer control hierarchy is created for each subscriber associated with the sub-profile. The QoS policy containing the policer with the parenting command comes into play through the subscriber sla-profile that references the QoS policy. The combining of the sub-profile and the sla-profile at the subscriber level provides the system with the proper information to create the policer control hierarchy instance for the subscriber. This functionality is available only for the 7450 ESS and 7750 SR.
Executing the parent command will fail if:
-
The policer’s stat-mode in the QoS policy is set to no-stats
-
A stat-mode no-stats override exists on an instance of the policer on a SAP or subscriber or multiservice site context
A policer with a parent command applied cannot be configured with stat-mode no-stats in either the QoS policy or as an override on an instance of the policer.
When a policer is successfully parented to an arbiter, the parent commands level and weight parameters are used to determine at what priority level and at which weight in the priority level that the child policer competes with other children (policers or other arbiters) for bandwidth.
The no form of this command is used to remove the parent association from all instances of the policer.
Parameters
- {root | arbiter-name}
-
When the parent command is executed, either the keyword root or an arbiter-name must be specified.
- root
-
The root keyword specifies that the policer is intended to become a child to the root arbiter where an instance of the policer is created. If the root arbiter does not exist, the policer will be placed in the orphan state.
- arbiter-name
-
The arbiter-name parameter specifies that the policer is intended to become a child to one of the tiered arbiters with the given arbiter-name where an instance of the policer is created. If the specified arbiter-name does not exist, the policer will be placed in the orphan state.
- weight weight-within-level
-
The weight weight-within-level keyword and parameter are optional when executing the parent command. When weight is not specified, a default level of 1 is used in the parent arbiters priority level. When weight is specified, the weight-within-level parameter must be specified as an integer value from 1 through 100.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
parent
Syntax
parent scheduler-name [weight weight] [level level] [ cir-weight cir-weight] [cir-level cir-level]
no parent
Context
[Tree] (config>qos>qgrps>egr>qgrp>queue parent)
[Tree] (config>qos>qgrps>ing>qgrp>queue parent)
Full Context
configure qos queue-group-templates egress queue-group queue parent
configure qos queue-group-templates ingress queue-group queue parent
Description
This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers, policers (at egress only), and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.
Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multiservice customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The SAP that the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.
The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.
When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.
The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. When a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.
Parameters
- scheduler-name
-
The defined scheduler-name conforms to the same input criteria as the schedulers defined within a scheduler policy. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. There are no checks performed at the time of definition to ensure that the scheduler-name exists within an existing scheduler policy. For the queue to use the defined scheduler-name, the scheduler exists on each egress SAP the queue is eventually created on. For the duration where scheduler-name does not exist on the egress SAP, the queue operates in an orphaned state.
- weight weight
-
weight defines the relative weight of this queue in comparison to other child schedulers and queues while vying for bandwidth on the parent scheduler-name. Any queues or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.
All weight values from all weighted active queues, policers, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the queue, policer, or scheduler. A weight is considered to be active when the pertaining queue or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted queues, policers, and schedulers at that level are operating at the maximum bandwidth or are idle.
- level level
-
The optional level parameter defines the level of hierarchy when compared to other schedulers and queues when vying for bandwidth on the parent scheduler-name. Queues or schedulers will not receive parental bandwidth until all queues and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.
Children of the parent scheduler with a lower strict priority will not receive bandwidth until all children with a higher strict priority have either reached their maximum bandwidth or are idle. Children with the same strict level are serviced relative to their weights.
- cir-weight cir-weight
-
Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
- cir-level cir-level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
parent
Syntax
parent scheduler-name [weight weight] [level level] [ cir-weight cir-weight] [cir-level cir-level]
no parent
Context
[Tree] (config>qos>scheduler-policy>tier>scheduler parent)
Full Context
configure qos scheduler-policy tier scheduler parent
Description
This command defines an optional parent scheduler that is higher up the policy hierarchy. Only schedulers in tier levels 2 and 3 can have a parental association. When multiple schedulers, policers (at egress only), and/or queues share a child status with the scheduler on the parent, the weight or strict parameters define how this scheduler contends with the other children for the parent’s bandwidth. The parent scheduler can be removed or changed at any time and is immediately reflected on the schedulers created by association of this scheduler policy.
When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.
The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. When a parent association has been removed, the former child scheduler attempts to operate based on its configured rate parameter. Removing the parent association on the scheduler within the policy will take effect immediately on all schedulers with scheduler-name that have been created using the scheduler-policy-name.
Parameters
- scheduler-name
-
Specifies a scheduler name. The scheduler-name must already exist within the context of the scheduler policy in a tier that is higher (numerically lower).
- weight weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.
A zero (0) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- level level
-
Specifies the strict priority level of this scheduler in comparison to other child schedulers and queues vying for bandwidth on the parent scheduler-name during the above-CIR distribution phase of bandwidth allocation. During the above-CIR distribution phase, any queues or schedulers defined at a lower strict level receive no parental bandwidth until all queues and schedulers defined with a higher (numerically larger) strict level on the parent have reached their maximum bandwidth or have satisfied their offered load requirements.
When the similar cir-level parameter default (undefined) are retained for the child scheduler, bandwidth is only allocated to the scheduler during the above-CIR distribution phase.
Children of the parent scheduler with a lower strict priority level will not receive bandwidth until all children with a higher strict priority level have either reached their maximum bandwidth or are idle. Children with the same strict level are serviced in relation to their relative weights.
- cir-weight cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the queue or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.
A zero (0) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
- cir-level cir-level
-
Specifies the strict priority CIR level of this scheduler in comparison to other child schedulers and queues vying for bandwidth on the parent scheduler-name during the within-CIR distribution phase of bandwidth allocation. During the within-CIR distribution phase, any queues or schedulers defined at a lower strict CIR level receive no parental bandwidth until all queues and schedulers defined with a higher (numerically larger) strict CIR level on the parent have reached their CIR bandwidth or have satisfied their offered load requirements.
If the scheduler’s cir-level parameter retains the default (undefined) state, bandwidth is only allocated to the scheduler during the above-CIR distribution phase.
Children with the same strict cir-level are serviced according to their cir-weight.
Platforms
All
parent
Syntax
parent [weight weight] [cir-weight cir-weight]
no parent
Context
[Tree] (config>service>cust>multi-service-site>ingress>sched-override>scheduler parent)
[Tree] (config>service>cust>multi-service-site>egress>sched-override>scheduler parent)
Full Context
configure service customer multi-service-site ingress scheduler-override scheduler parent
configure service customer multi-service-site egress scheduler-override scheduler parent
Description
This command overrides the scheduler’s parent weight and CIR weight information. The weights apply to the associated level or cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy. This allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.
The no form of the command returns the scheduler’s parent weight and CIR weight to the value configured in the applied scheduler policy.
Default
no parent
Parameters
- weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit. A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
- cir-weight
-
Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit. A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
Platforms
All
parent-location
parent-location
Syntax
parent-location {default | sla}
no parent-location
Context
[Tree] (config>qos>sap-egress parent-location)
Full Context
configure qos sap-egress parent-location
Description
This command determines the expected location of the parent schedulers for queues configured with a parent command within the sap-egress policy. All parent schedulers must be configured within a scheduler-policy applied at the location corresponding to the parent-location parameter.
If a parent scheduler name does not exist at the specified location, the queue will not be parented and will be orphaned.
The no form of this command reverts to the default.
Default
parent-location default
Parameters
- default
-
When the sap-egress policy is applied to an sla-profile for a subscriber, the parent schedulers of the queues need to be configured in the scheduler-policy applied to the subscriber’s sub-profile.
When the sap-egress policy is applied to a SAP, the parent schedulers of the queues need to be configured in the scheduler-policy applied to the SAP or the multiservice site.
- sla
-
When the sap-egress policy is applied to an sla-profile for a subscriber, the parent schedulers of the queues need to be configured in the scheduler-policy applied to the same sla-profile.
If this parameter is configured within a sap-egress policy that is applied to any object except of the egress of an sla-profile, the configured parent schedulers will not be found and so the queues will not be parented and will be orphaned. This parameter is not supported when policers-hqos-manageable is configured in the SAP egress QoS policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
parent-location
Syntax
parent-location {none | sub | vport}
no parent-location
Context
[Tree] (config>qos>scheduler-policy>tier parent-location)
Full Context
configure qos scheduler-policy tier parent-location
Description
This command determines the expected location of the parent schedulers for the tier 1 schedulers configured with a parent command within the scheduler-policy. The parent schedulers must be configured within a scheduler-policy applied at the location corresponding to the parent-location parameter.
If a parent scheduler name does not exist at the specified location, the schedulers will not be parented and will be orphaned.
The configuration of parent-location and frame-based-accounting in a scheduler policy is mutually exclusive in order to ensure consistency between the different scheduling levels.
The no form of this command reverts to the default.
Default
parent-location none
Parameters
- none
-
This parameter indicates that the tier 1 schedulers do not have a parent scheduler and the configuration of the parent under a tier 1 scheduler is blocked. Conversely, this parameter is blocked when any tier 1 scheduler has a parent configured.
- sub
-
When the scheduler-policy is applied to an sla-profile for a subscriber, the parent schedulers of the tier 1 schedulers need to be configured in the scheduler-policy applied to the subscriber’s sub-profile.
If this parameter is configured within a scheduler-policy that is applied to any object except for the egress of an sla-profile, the configured parent schedulers will not be found and so the tier 1 schedulers will not be parented and will be orphaned.
- vport
-
When the scheduler-policy is applied to an sla-profile, a sub-profile for a subscriber, or to the egress of a pseudowire SAP, the parent schedulers of the tier 1 schedulers need to be configured in the scheduler-policy applied to the Vport to which the subscriber will be assigned.
If this parameter is configured within a scheduler-policy that is applied to any object except for the egress of an sla-profile or sub-profile, or to the egress of a PW SAP, the configured parent schedulers will not be found and so the tier 1 schedulers will not be parented and will be orphaned.
Platforms
All
parent-mid-pool
parent-mid-pool
Syntax
parent-mid-pool mid-pool-id
no parent-mid-pool
Context
[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools>class-pool parent-mid-pool)
[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools>class-pool parent-mid-pool)
Full Context
configure qos hs-port-pool-policy alt-port-class-pools class-pool parent-mid-pool
configure qos hs-port-pool-policy std-port-class-pools class-pool parent-mid-pool
Description
This command creates the buffer allocation mapping between the associated class pool and the specified mid-pool. Use care when selecting a mid-pool in an active state (properly mapped to a root-pool with a non-zero allocation percentage). If a port-class pool is parented by an inactive mid-pool, the queues using the port-class pool are forced into an operational MBS setting of 0, causing all packet to be discarded. A port-class pool can be made inactive (no available buffers) by executing parent-mid-pool none in the port-class pool context.
The no form of the command reverts to the class-pool parenting value. For the standard port-class pools, this default is 1. For alternate port-class pools the default is none.
Default
alt-port-class-pools: none
std-port-class-pools: 1
Parameters
- mid-pool-id
-
Specifies the mid-pool identifier in the HS pool policy. Either a valid mid-pool ID or none must be specified when executing the parent-mid-pool command. The mid-pool-id parameter defines the parent mid-pool to which the port-class is associated. The none keyword deactivates the port-class pool, causing the pool to have a zero size. A queue can still map to an inactive port-class pool although all packets are discarded by the queue.
Platforms
7750 SR-7/12/12e
parent-root-pool
parent-root-pool
Syntax
parent-root-pool root-pool-id
no parent-root-pool
Context
[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool parent-root-pool)
Full Context
configure qos hs-pool-policy mid-tier mid-pool parent-root-pool
Description
This command creates a buffer allocation mapping between the associated mid-pool mid-pool-id and the specified parent-root-pool root-pool-id. The specified root pool ID must have a non-zero allocation-weight or the command fails. After a mid-pool is successfully associated with a root-pool, the parent root-pool’s allocation-weight value cannot be set to zero.
When the root-pool-id is set to none, no buffers are assigned to the mid-tier pool.
The no form of the command reverts to the default.
Default
parent-root-pool 1
Parameters
- root-pool-id
-
Specifies the parent root pool to which the mid-pool is associated. This parameter is required when executing the parent-root-pool command.
Platforms
7750 SR-7/12/12e
participant-id
participant-id
Syntax
participant-id participant-id
no participant-id
Context
[Tree] (config>app-assure>group>http-error-redirect participant-id)
Full Context
configure application-assurance group http-error-redirect participant-id
Description
This command specifies a 32-character string assigned to the operator by Barefruit. It is used by barefruit landing servers (applies to template # 1 only).
Default
no participant-id
Parameters
- participant-id
-
Specifies the 32-character string supplied by Barefruit.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
participate
participate
Syntax
[no] participate
Context
[Tree] (config>router>isis>flex-algos>flex-algo participate)
Full Context
configure router isis flexible-algorithms flex-algo participate
Description
This command enables IS-IS participation in a specific flexible algorithm.
The router advertises its capability to participate in a specific flexible algorithm within the IS-IS router-capability TLV. Router participation in a flexible algorithm assumes that segment routing and, consequently the advertise-router-capability area is enabled. However, a router only advertises flexible algorithm participation when it can support the corresponding winning flexible algorithm definition. The flexible algorithm participation is not enabled by default.
The no form of this command disables participation for a particular flexible algorithm.
Default
no participate
Platforms
All
participate
Syntax
[no] participate
Context
[Tree] (config>router>ospf>flex-algos>flex-algo participate)
Full Context
configure router ospf flexible-algorithms flex-algo participate
Description
This command enables OSPFv2 participation in a specific flexible algorithm.
The router advertises its capability to participate in a specific flexible algorithm within the OSPFv2 SR algorithm TLV of the router information opaque LSA. Router participation in a flexible algorithm assumes that segment routing and, consequently, the advertise-router-capability area is enabled. However, a router only advertises flexible algorithm participation when it can support the corresponding winning flexible algorithm definition. The flexible algorithm participation is not enabled by default.
The no form of this command disables participation for a specific flexible algorithm.
Default
no participate
Platforms
All
partner-down-delay
partner-down-delay
Syntax
partner-down-delay [hrs hours] [min minutes] [sec seconds]
no partner-down-delay
Context
[Tree] (config>router>dhcp>server>failover partner-down-delay)
[Tree] (config>router>dhcp6>server>failover partner-down-delay)
[Tree] (config>service>vprn>dhcp>server>failover partner-down-delay)
[Tree] (config>service>vprn>dhcp6>server>pool>failover partner-down-delay)
[Tree] (config>service>vprn>dhcp>server>pool>failover partner-down-delay)
[Tree] (config>router>dhcp>server>pool>failover partner-down-delay)
[Tree] (config>router>dhcp6>server>pool>failover partner-down-delay)
[Tree] (config>service>vprn>dhcp6>server>failover partner-down-delay)
Full Context
configure router dhcp local-dhcp-server failover partner-down-delay
configure router dhcp6 local-dhcp-server failover partner-down-delay
configure service vprn dhcp local-dhcp-server failover partner-down-delay
configure service vprn dhcp6 local-dhcp-server pool failover partner-down-delay
configure service vprn dhcp local-dhcp-server pool failover partner-down-delay
configure router dhcp local-dhcp-server pool failover partner-down-delay
configure router dhcp6 local-dhcp-server pool failover partner-down-delay
configure service vprn dhcp6 local-dhcp-server failover partner-down-delay
Description
This command configures the partner down delay time. Since the DHCP lease synchronization failure can be caused by the failure of the intercommunication link (and not necessary the entire node), there is a possibility the redundant DHCP servers become isolated in the network. In other words, they can serve DHCP clients but they cannot synchronize the lease. This can lead to duplicate assignment of IP addresses, since the servers have configured overlapping IP address ranges but they are not aware of each other’s leases.
The purpose of the partner down delay is to prevent the IP lease duplication during the intercommunication link failure by not allowing new IP addresses to be assigned from the remote IP address range. This timer is intended to provide the operator with enough time to remedy the failed situation and to avoid duplication of IP addresses or prefixes during the failure.
During the partner-down-delay time, the prefix designated as remote is eligible only for renewals of the existing DHCP leases that have been synchronized by the peering node. Only after the sum of the partner-down-delay and the maximum-client-lead-time will the prefix designated as remote be eligible for delegation of the new DHCP leases. When this occurs, we say that the remote IP address range has been taken over.
It is possible to expedite the takeover of a remote IP address range so that the new IP leases can start being delegated from that range shortly after the intercommunication failure is detected. This can be achieved by configuring the partner-down-delay timer to 0 seconds, along with enabling the ignore-mclt-on-takeover CLI flag. Caution must be taken before enabling this functionality. It is safe to bypass safety timers (partner-down-delay + MCLT) only in cases where the operator is certain that the intercommunication between the nodes has failed due to the entire node failure and not due to the intercommunication (MCS) link failure. Failed intercommunication due to the nodal failure would ensure that only one node is present in the network for IP address delegation (as opposed to two isolated nodes with overlapping IP address ranges where address duplication can occur). For this reason, the operator must ensure that there are redundant paths between the nodes to ensure uninterrupted synchronization of DHCP leases.
In access-driven mode of operation, partner-down-delay has no effect.
The no form of this command reverts to the default.
Default
partner-down-delay hrs 23 min 59 sec 59
Parameters
- partner-down-delay
-
Specifies the partner down delay time.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
passive
passive
Syntax
[no] passive
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy passive)
Full Context
configure subscriber-mgmt bgp-peering-policy passive
Description
This command enables the passive mode for the BGP neighbors.
The no form of this command disables the passive mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
passive
Syntax
[no] passive
Context
[Tree] (config>service>vprn>bgp>group passive)
[Tree] (config>service>vprn>bgp>group>neighbor passive)
Full Context
configure service vprn bgp group passive
configure service vprn bgp group neighbor passive
Description
This command enables passive mode for the BGP group or neighbor.
When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.
The no form of this command used at the group level disables passive mode where BGP actively attempts to connect to its peers.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
no passive — BGP will actively try to connect to all the configured peers.
Platforms
All
passive
Syntax
[no] passive
Context
[Tree] (config>service>vprn>isis>if passive)
[Tree] (config>service>vprn>isis>if>level passive)
Full Context
configure service vprn isis interface passive
configure service vprn isis interface level passive
Description
This command adds the passive attribute which causes the interface to be advertised as an IS-IS interface without running the IS-IS protocol. Normally, only interface addresses that are configured for IS-IS are advertised as IS-IS interfaces at the level that they are configured.
When the passive mode is enabled, the interface or the interface at the level ignores ingress IS-IS protocol PDUs and does not transmit IS-IS protocol PDUs.
The no form of this command removes the passive attribute.
Default
no passive
Platforms
All
passive
Syntax
[no] passive
Context
[Tree] (config>service>vprn>ospf3>area>if passive)
[Tree] (config>service>vprn>ospf>area>if passive)
Full Context
configure service vprn ospf3 area interface passive
configure service vprn ospf area interface passive
Description
This command adds the passive property to the OSPF interface where passive interfaces are advertised as OSPF interfaces but do not run the OSPF protocol.
By default, only interface addresses that are configured for OSPF are advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.
While in passive mode, the interface ignores ingress OSPF protocol packets and does not transmit any OSPF protocol packets.
The no form of this command removes the passive property from the OSPF interface.
Default
no passive
Platforms
All
passive
Syntax
[no] passive
Context
[Tree] (config>router>bgp>group>neighbor passive)
[Tree] (config>router>bgp>group passive)
Full Context
configure router bgp group neighbor passive
configure router bgp group passive
Description
Enables/disables passive mode for the BGP group or neighbor.
When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.
The no form of this command used at the group level disables passive mode where BGP actively attempts to connect to its peers.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
no passive
Platforms
All
passive
Syntax
[no] passive
Context
[Tree] (config>router>isis>if passive)
[Tree] (config>router>isis>if>level passive)
Full Context
configure router isis interface passive
configure router isis interface level passive
Description
This command adds the passive attribute which causes the interface to be advertised as an IS-IS interface without running the IS-IS protocol. Normally, only interface addresses that are configured for IS-IS are advertised as IS-IS interfaces at the level that they are configured.
When the passive mode is enabled, the interface or the interface at the level ignores ingress IS-IS protocol PDUs and does not transmit IS-IS protocol PDUs.
The no form of this command removes the passive attribute.
Default
no passive
Platforms
All
passive
Syntax
[no] passive
Context
[Tree] (config>router>ospf>area>interface passive)
[Tree] (config>router>ospf3>area>interface passive)
Full Context
configure router ospf area interface passive
configure router ospf3 area interface passive
Description
This command adds the passive property to the OSPF interface where passive interfaces are advertised as OSPF interfaces but do not run the OSPF protocol.
By default, only interface addresses that are configured for OSPF will be advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.
While in passive mode, the interface will ignore ingress OSPF protocol packets and not transmit any OSPF protocol packets.
The no form of this command removes the passive property from the OSPF interface.
Default
no passive
Platforms
All
passive-dns
passive-dns
Syntax
passive-dns
Context
[Tree] (config>app-assure>group>ip-id-asst passive-dns)
Full Context
configure application-assurance group ip-identification-assist passive-dns
Description
Commands in this context configure passive DNS monitoring for the IP identification assist feature.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
passive-mode
passive-mode
Syntax
[no] passive-mode
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ep passive-mode)
Full Context
configure redundancy multi-chassis peer mc-endpoint passive-mode
Description
This command configures the passive mode behavior for the MC-EP protocol. When in passive mode the MC-EP pair will be dormant until two of the pseudowires in a MC-EP will be signaled as active by the remote PEs, being assumed that the remote pair is configured with regular MC-EP. As soon as more than one pseudowire is active, dormant MC-EP pair will activate. It will use the regular exchange to select the best pseudowire between the active ones and it will block the Rx and Tx directions of the other pseudowires.
The no form of this command will disable the passive mode behavior.
Default
no passive-mode
Platforms
All
passkey
passkey
Syntax
passkey passkey
Context
[Tree] (config>system>bluetooth passkey)
Full Context
configure system bluetooth passkey
Description
This command configures the Bluetooth passkey that is used during pairing. This passkey must match in both devices that are attempting the pairing operation.
Default
passkey 123456
Parameters
- passkey
-
Specifies the six-digit Bluetooth passkey.
Platforms
7750 SR-1, 7750 SR-s, 7950 XRS-20e
password
password
Syntax
password
Context
[Tree] (password)
Full Context
password
Description
This operational command changes the local user password.
This command is automatically invoked when a user logs in after the administrator uses the new-password-at-login command to force a new password, or the password has expired ( aging). At this time, the user is prompted to enter the old password, new password, and then the new password again to verify the input.
If the user fails to create a new password, CLI access is denied.
A user cannot configure a nonconforming password using the global password command. In this case, the CLI displays an error message and the password change fails. To configure a password value that does not conform to the minimum length or other password complexity rules, use the config>system>security>user>password command (for example, executed by an administrator).
Platforms
All
password
Syntax
password {ignore | chap password | pap password} [hash | hash2 | custom]
no password
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host password)
Full Context
configure subscriber-mgmt local-user-db ppp host password
Description
This command specifies a password type or configures password string for pap or chap. The pap and chap passwords are stored in a hashed format in the config files. The hash|hash2 optional keywords are used for config execution.
This command will only be interpreted if the local user database is connected directly to the PPPoE node under the VPRN/IES group interface. It is not used if the local user database is accessed by a local DHCP server.
The no form of this command reverts to the default.
Parameters
- ignore
-
Specifies that the password be ignored, in which case authentication is always succeed, independent of the password used by the PPPoE client. The client must still perform authentication.
- chap password
-
Specifies that the password, up to 64 characters, for Challenge-Handshake Authentication Protocol) (CHAP) is used. Only a password received with the CHAP protocol is accepted.
- pap password
-
Specifies that the Password Authentication Protocol (PAP) is used, up to 64 characters. Only a password received with the PAP protocol is accepted, even though the CHAP protocol is proposed to the client first because it is unknown at the time of the offer which password type is allowed to the client.
- hash | hash2
-
Specifies hashing scheme.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [{hash | hash2 | custom}]
no password
Context
[Tree] (config>router>l2tp>group>tunnel password)
[Tree] (config>service>vprn>l2tp>group>tunnel password)
[Tree] (config>router>l2tp>l2tpv3 password)
[Tree] (config>router>l2tp>group password)
[Tree] (config>service>vprn>l2tp>l2tpv3 password)
[Tree] (config>service>vprn>l2tp password)
[Tree] (config>router>l2tp password)
[Tree] (config>service>vprn>l2tp>group password)
[Tree] (config>service>vprn>l2tp>group>l2tpv3 password)
[Tree] (config>router>l2tp>group>l2tpv3 password)
Full Context
configure router l2tp group tunnel password
configure service vprn l2tp group tunnel password
configure router l2tp l2tpv3 password
configure router l2tp group password
configure service vprn l2tp l2tpv3 password
configure service vprn l2tp password
configure router l2tp password
configure service vprn l2tp group password
configure service vprn l2tp group l2tpv3 password
configure router l2tp group l2tpv3 password
Description
This command configures the password between L2TP LAC and LNS
The no form of this command removes the password.
Default
no password
Parameters
- password
-
Configures the password used for challenge/response calculation and AVP hiding. The maximum length is up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [hash | hash2 | custom]
no password
Context
[Tree] (config>service>dynsvc>plcy>auth password)
Full Context
configure service dynamic-services dynamic-services-policy authentication password
Description
This command configures the password to be used for RADIUS authentication of data-triggered dynamic services.
The no form of this command removes the password from the configuration.
Parameters
- password
-
Specifies the password that is used in RADIUS authentication of a data-triggered dynamic service. The maximum length is 20 characters if unhashed, 32 characters if hashed, and 54 characters if the hash2 keyword is specified.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [hash | hash2| custom]
no password
Context
[Tree] (config>subscr-mgmt>auth-policy password)
Full Context
configure subscriber-mgmt authentication-policy password
Description
This command sets a password that is sent with user-name in every RADIUS authentication request sent to the RADIUS server upon receipt of DHCP discover or request messages. If no password is configured, no password AVP is sent.
The no form of this command reverts to the default value.
Parameters
- password
-
Specifies a text string containing the password. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- hash
-
Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [hash | hash2 | custom]
no password
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq password)
Full Context
configure subscriber-mgmt diameter-application-policy nasreq password
Description
This command sets a password that is sent with user-name in every RADIUS authentication request sent to the RADIUS server upon receipt of DHCP discover or request messages. If no password is provided, an empty password is sent.
The no form of this command reverts to the default value.
Parameters
- password
-
Specifies a text string containing the password. Allowed values are any string up to 64 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- hash
-
Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [hash | hash2 | custom]
no password
Context
[Tree] (config>aaa>route-downloader password)
Full Context
configure aaa route-downloader password
Description
This command specifies the password that is used in the RADIUS access requests.
The no form of this command resets the password to the default which is an empty string.
Parameters
- password
-
Specifies a password string up to 32 characters.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [hash | hash2| custom]
no password
Context
[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile>radius-authentication password)
[Tree] (config>aaa>radius-srv-plcy>servers>health-check>test-account password)
Full Context
configure subscriber-mgmt vrgw brg brg-profile radius-authentication password
configure aaa radius-server-policy servers health-check test-account password
Description
This command specifies the password that the test account will use to send access requests to probe the RADIUS servers.
Parameters
- password
-
Specifies the probing password up to 64 characters.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password
Context
[Tree] (config>system>security password)
Full Context
configure system security password
Description
Commands in this context configure password-related parameters.
Platforms
All
password
Syntax
password password [hash | hash2 | custom]
no password
Context
[Tree] (config>ipsec>rad-auth-plcy password)
Full Context
configure ipsec radius-authentication-policy password
Description
This command specifies the password that is used in the RADIUS access requests.
The no form of this command resets the password to its default of ALU and will be stored using hash/hash2 encryption.
Default
no password
Parameters
- password
-
Specifies a password string up to 64characters.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password password [hash | hash2 | custom]
no password
Context
[Tree] (config>aaa>isa-radius-plcy password)
Full Context
configure aaa isa-radius-policy password
Description
This command specifies the password that is used in the RADIUS access requests. It shall be specified as a string of up to 32 characters in length.
The no form of the command resets the password to its default of ALU and will be stored using hash/hash2 encryption.
Default
no password
Parameters
- password
-
Specifies a password string up to 32 characters.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
password
Syntax
password hex-string
no password
Context
[Tree] (config>li>x-interfaces>lics>lic>authentication password)
Full Context
configure li x-interfaces lics lic authentication password
Description
This command configures the password for the X1 and X2 interfaces.
The no form of this command reverts to the default.
Parameters
- hex-string
-
Specifies the password. Must contain exactly 32 hex nibbles.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
password
Syntax
password [password]
Context
[Tree] (config>system>security>user password)
Full Context
configure system security user password
Description
This command configures the user password for console and FTP access.
The password is stored in an encrypted format in the configuration file when specified. Passwords should be encased in double quotes (" ") at the time of the password creation. The double quote character (") is not accepted inside a password. It is interpreted as the start or stop delimiter of a string.
The password can be entered as plain text or a hashed value. SR OS can distinguish between hashed passwords and plain text passwords and take the appropriate action to store the password correctly.
config>system>security>user# password testuser1
The password is hashed by default.
For example:
config>system>security# user testuser1
config>system>security>user$ password xyzabcd1
config>system>security>user# exit
config>system>security# info
-------------------------------------
...
user "testuser1"
password "$2y$10$pFoehOg/tCbBMPDJ/
kqpu.8af0AoVGY2xsR7WFqyn5fVTnwRzGmOK"
exit
...
-------------------------------------
config>system>security#
The password command allows you also to enter the password as a hashed value.
For example:
config>system>security# user testuser1
config>system>security>user$ password "$2y$10$pFoehOg/tCbBMPDJ/
kqpu.8af0AoVGY2xsR7WFqyn5fVTnwRzGmOK"
config>system>security>user# exit
config>system>security# info
-------------------------------------
...
user "testuser1"
password "$2y$10$pFoehOg/tCbBMPDJ/kqpu.8af0AoVGY2xsR7WFqyn5fVTnwRzGmOK"
exit
...
-------------------------------------
config>system>security#
Parameters
- password
-
This is the password for the user that must be entered by this user during the login procedure. The minimum length of the password is determined by the minimum-length command. The maximum length can be up to 20 chars if unhashed, 32 characters if hashed. The complexity requirements for the password is determined by the complexity-rules command and must be followed; otherwise, the password will not be accepted.
All password special characters (#, $, spaces, and so on) must be enclosed within double quotes.
For example: config>system>security>user# password "south#bay?”
The question mark character (?) cannot be directly inserted as input during a telnet connection because the character is bound to the help command during a normal Telnet/console connection.
To insert a # or ? characters, they must be entered inside a notepad or clipboard program and then cut and pasted into the Telnet session in the password field that is encased in the double quotes as delimiters for the password.
If a password is entered without any parameters, a password length of zero is implied: (carriage return).
Platforms
All
password
Syntax
password password [hash | hash2 | custom]
no password
Context
[Tree] (bof password)
Full Context
bof password
Description
This command configures the password to access the BOF interactive menu at startup.
If a password is configured, the BOF interactive menu is accessible only when the correct password is entered. If the correct password is not entered in 30 s, the node reboots.
The no form of this command removes the configured password.
Default
no password
Parameters
- password
-
Specifies the password.
If the hash, hash2, or custom parameter is not configured, the password is entered in plaintext and the password length must be between 8 and 32 characters. A plaintext password cannot contain embedded nulls or end with " hash”, " hash2”, or " custom”.
If the hash, hash2, or custom parameter is configured, the password is hashed and the password length must be between 1 and 64 characters.
- hash
-
Keyword to specify that the password is entered in an encrypted form.
- hash2
-
Keyword to specify that the password is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the password cannot be transferred between nodes.
- custom
-
Keyword to specify that the password uses custom encryption.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
password-history
password-history
Syntax
password-history {user user-name | all}
Context
[Tree] (admin>clear password-history)
Full Context
admin clear password-history
Description
This command is used to clear old passwords used by a specific user, or for all users.
Parameters
- user-name
-
Clears the password history information about the specified user, up to 32 characters.
- all
-
Clears the password history information for all users.
Platforms
All
pat-repetition
pat-repetition
Syntax
pat-repetition [tnc tnc-milli-seconds qos qos-milli-seconds poa poa-milli-seconds]
no pat-repetition
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pat-repetition)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pat-repetition)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pat-repetition)
Full Context
configure mcast-management multicast-info-policy bundle channel video analyzer alarms pat-repetition
configure mcast-management multicast-info-policy bundle video analyzer alarms pat-repetition
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pat-repetition
Description
This command configures the analyzer to check for the program association table (PAT). It is expected that the PAT arrives periodically within a certain interval range. It is possible to configure the type of alarm that is raised when the PAT fails to arrive within the specified interval. As the delay increases between two consecutive PATs, the type of alarm raised becomes more critical, from TNC to POA.
Default
no pat-repetition
Parameters
- tnc-milli-seconds
-
Specifies the time, in milliseconds, for which a TNC alarm is raised if the interval between two consecutive PATs is greater than or equal to this configured value.
- qos-milli-seconds
-
Specifies the time, in milliseconds, for which a QoS alarm is raised if the interval between two consecutive PATs is greater than or equal to this configured value.
- poa-milli-seconds
-
Specifies the time, in milliseconds, for which a POA alarm is raised if the interval between two consecutive PATs is greater than or equal to this configured value.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
pat-syntax
pat-syntax
Syntax
[no] pat-syntax
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pat-syntax)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pat-syntax)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pat-syntax)
Full Context
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pat-syntax
configure mcast-management multicast-info-policy bundle video analyzer alarms pat-syntax
configure mcast-management multicast-info-policy bundle channel video analyzer alarms pat-syntax
Description
This command configures the analyzer to check for PAT syntax errors.
Default
no pat-syntax
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
path
path
Syntax
path xc-a lag-id xc-b lag-id
path pxc pxc-id
no path
Context
[Tree] (config>fwd-path-ext>fpe path)
Full Context
configure fwd-path-ext fpe path
Description
This command references a PXC (pair of PXC sub-ports) and consequently create an association between the PXC and the application which is referenced under the same FPE object. Each application will utilize the PXC in the form of an internal cross-connect. The exact use and internal provisioning of this cross-connect depends on the application itself.
The no form of this command removes the reference and association from the configuration.
Default
no path
Parameters
- xc-a lag-id
-
Specifies the LAG identifier associated with one side of the cross-connect. The operator has the freedom to associate xc-a with LAG ID containing either sub-ports.a or sub-ports.b. In other words, the system does not perform automatic check that will ensure a match between xc-a and the LAG ID containing sub-ports.a.
- xc-b lag-id
-
Specifies the LAG identifier associated with one side of the cross-connect. The operator has the freedom to associate xc-a with LAG ID containing either sub-ports.a or sub-ports.b.
- pxc-id
-
Specifies the PXC identifier, the PXC construct that contains a physical port in a loopback mode that provides the cross-connect capability. The system creates two paired sub-ports on top of this physical port and each of these two sub-ports forwards traffic in one direction over the loopback. One sub-port is associated with the transit side of the loopback, while the other sub-port is associated with the termination side (see PXC Configuration Guides for further explanation).
Platforms
All
path
Syntax
path path-id pxc pxc-id
path path-id xc-a lag-id xc-b lag-id
no path path-id
Context
[Tree] (config>fwd-path-ext>fpe>multi-path-list path)
Full Context
configure fwd-path-ext fpe multi-path-list path
Description
This command configures a multipath FPE forwarding path. A single path in a multipath FPE can contain a single PXC port or LAG of PXC ports.
The PXC references a physical port in loopback mode that provides the cross-connect capability. The system creates two paired subports on top of the physical port, each of which forwards traffic in one direction over the loopback. One subport is associated with the transit side of the loopback, while the other is associated with the termination side.
The no form of the command removes the path.
Parameters
- path-id
-
Specifies a path ID for the forwarding path.
- pxc-id
-
Specifies a dedicated PXC ID for the forwarding path.
- xc-a lag-id
-
Specifies the LAG ID associated with one side (transit or termination) of the cross-connect. The operator can associate xc-a with the LAG containing either subports.a or subports.b. The system does not enforce a match between xc-a and the LAG ID containing subports.a.
- xc-b lag-id
-
Specifies the LAG ID associated with the other side of the cross-connect (not designated for xc-a). The operator can associate xc-b with the LAG containing either subports.a or subports.b. The system does not enforce a match between xc-b and the LAG ID containing subports.b.
Platforms
All
path
Syntax
[no] path [sonet-sdh-index]
Context
[Tree] (config>port>sonet-sdh path)
Full Context
configure port sonet-sdh path
Description
This command defines the SONET/SDH path.
The no form of this command removes the specified SONET/SDH path.
This command is supported on TDM satellite.
Default
full channel (or clear channel)
Parameters
- sonet-sdh-index
-
Specifies the components making up the specified SONET/SDH path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path. The sonet-sdh-index differs for SONET and SDH ports.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path
Syntax
[no] path path-index
Context
[Tree] (config>eth-tunnel path)
Full Context
configure eth-tunnel path
Description
This command configures one of the two paths supported under the Ethernet tunnel.
The no form of this command removes the path from under the Ethernet tunnel. If this is the last path, the associated SAP need to be unconfigured before the path can be deleted.
Default
no path
Parameters
- path-index
-
Specifies the identifier for the path.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path
Syntax
path name
no path
Context
[Tree] (config>service>epipe>spoke-sdp-fec path)
Full Context
configure service epipe spoke-sdp-fec path
Description
This command specifies the explicit path, containing a list of S-PE hops, that should be used for this spoke SDP. The path-name should correspond to the name of an explicit path configured in the config>service>pw-routing context.
If no path is configured, then each next-hop of the MS-PW used by the spoke SDP will be chosen locally at each T-PE and S-PE.
Default
no path
Parameters
- name
-
The name of the explicit path to be used, as configured under the config>service>pw-routing context.
Platforms
All
path
Syntax
path path-index tag qtag[. qtag]
no path path-index
Context
[Tree] (config>service>ipipe>sap>eth-tunnel path)
[Tree] (config>service>epipe>sap>eth-tunnel path)
Full Context
configure service ipipe sap eth-tunnel path
configure service epipe sap eth-tunnel path
Description
This command configures Ethernet tunnel SAP path parameters.
The no form of this command removes the values from the configuration.
Parameters
- path-index
-
Specifies the path index value.
- qtag[.qtag]
-
Specifies the qtag value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path
Syntax
path path-index tag qtag[. qtag]
no path path-index
Context
[Tree] (config>service>vpls>sap>eth-tunnel path)
Full Context
configure service vpls sap eth-tunnel path
Description
This command configures Ethernet tunnel SAP path parameters.
The no form of this command removes the values from the configuration.
Parameters
- path-index
-
Specifies the path index value.
- tag qtag[.qtag]
-
Specifies the qtag value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path
Syntax
[no] path path-name
Context
[Tree] (config>router>mpls path)
Full Context
configure router mpls path
Description
This command creates the path to be used for an LSP. A path can be used by multiple LSPs. A path can specify some or all hops from ingress to egress and they can be either strict or loose. A path can also be empty (no path-name specified) in which case the LSP is set up based on IGP (best effort) calculated shortest path to the egress router. Paths are created in a shutdown state. A path must be shutdown before making any changes (adding or deleting hops) to the path. When a path is shutdown, any LSP using the path becomes operationally down.
To create a strict path from the ingress to the egress router, the ingress and the egress routers must be included in the path statement.
The no form of this command deletes the path and all its associated configuration information. All the LSPs that are currently using this path will be affected. Additionally all the services that are actively using these LSPs will be affected. A path must be shutdown and unbound from all LSPs using the path before it can be deleted. The no path path-name command will not result in any action except a warning message on the console indicating that the path may be in use.
Parameters
- path-name
-
Specifies a unique case-sensitive alphanumeric name label for the LSP path up to 32 characters in length.
Platforms
All
path
Syntax
path [detail]
no path
Context
[Tree] (debug>router>rsvp>event path)
Full Context
debug router rsvp event path
Description
This command debugs path-related events.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about path-related events.
Platforms
All
path
Syntax
path [detail]
no path
Context
[Tree] (debug>router>rsvp>packet path)
Full Context
debug router rsvp packet path
Description
This command enables debugging for RSVP path packets.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about path-related events.
Platforms
All
path
Syntax
path name [create]
no path name
Context
[Tree] (config>service>pw-routing path)
Full Context
configure service pw-routing path
Description
This command configures an explicit path between this T-PE and a remote T-PE. For each path, one or more intermediate S-PE hops must be configured. A path can be used by multiple multi-segment pseudowires. Paths are used by a 7450 ESS, 7750 SR, or 7950 XRS T-PE to populate the list of Explicit Route TLVs included in the signaling of a dynamic MS-PW.
A path may specify all or only some of the hops along the route to reach a T-PE.
The no form of the command removes a specified explicit path from the configuration.
Parameters
- path-name
-
Specifies a locally-unique case-sensitive alphanumeric name label for the MS-PW path of up to 32 characters in length.
Platforms
All
path
Syntax
path {a | b} [{port-id | lag-id} raps-tag qtag1[. qtag2]]
no path {a | b}
Context
[Tree] (config>eth-ring path)
Full Context
configure eth-ring path
Description
This command assigns the ring (major or sub-ring) path to a port and defines the Ring APS tag. Rings typically have two paths: a and b.
The no form of this command removes the path a or b.
Default
no path
Parameters
- port-id
-
Specifies the port ID.
- lag-id
-
Specifies the LAG ID.
- raps-tag
-
Specifies the member encapsulation.
- qtag1
-
Specifies the top or outer VLAN ID.
- qtag2
-
Specifies the bottom or inner VLAN ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path
Syntax
path path-name [create]
no path name
Context
[Tree] (config>system>telemetry>sensor-groups>sensor-group path)
Full Context
configure system telemetry sensor-groups sensor-group path
Description
This command configures a sensor path for the specified sensor-group. Multiple sensor paths can be defined for a single sensor-group. The path is defined in the form of an XML Path (XPath) syntax that refers to single or multiple objects within the YANG model.
The no form of the command removes the specified explicit path from the configuration.
Parameters
- path-name
-
Specifies a sensor path, up to 512 characters.
- create
-
Keyword used to create the sensor path.
Platforms
All
path-b
path-b
Syntax
[no] path-b
Context
[Tree] (config>redundancy>mc>peer>mcr>ring path-b)
Full Context
configure redundancy multi-chassis peer mc-ring ring path-b
Description
This command specifies the set of upper-VLAN IDs associated with the SAPs that belong to path B with respect to load-sharing. All other SAPs belong to path A.
Default
If not specified, the default is an empty set.
Platforms
All
path-computation-method
path-computation-method
Syntax
path-computation-method path-computation-method
no path-computation-method
Context
[Tree] (config>router>mpls>lsp-template path-computation-method)
[Tree] (config>router>mpls>lsp path-computation-method)
Full Context
configure router mpls lsp-template path-computation-method
configure router mpls lsp path-computation-method
Description
This command configures the path computation method of a RSVP-TE or SR-TE LSP.
The user can select among the hop-to-label translation, the local CSPF or the PCE for a configured SR-TE LSP. For SR-TE LSP templates, the PCE option is supported with the SR-TE LSP template type on-demand-p2p-srte and not other template types.
The user can select among the IGP-based path, the local CSPF, or the PCE for a configured RSVP-TE LSP. The PCE option is not supported with the RSVP-TE LSP template.
By default, the IGP-based path is used for an RSVP-TE LSP and the hop-to-label path computation method is used for an SR-TE LSP.
The no form of this command returns to the default path computation method for the type of LSP.
Default
no path-computation-method
Parameters
- path-computation-method
-
Specifies the path computation method for the LSP.
Platforms
All
path-cost
path-cost
Syntax
path-cost sap-path-cost
no path-cost [sap-path-cost]
Context
[Tree] (config>service>template>vpls-sap-template>stp path-cost)
[Tree] (config>service>vpls>sap>stp path-cost)
[Tree] (config>service>vpls>spoke-sdp>stp path-cost)
Full Context
configure service template vpls-sap-template stp path-cost
configure service vpls sap stp path-cost
configure service vpls spoke-sdp stp path-cost
Description
This command configures the Spanning Tree Protocol (STP) path cost for the SAP or spoke-SDP.
The path cost is used by STP to calculate the path cost to the root bridge. The path cost in BPDUs received on the root port is incremented with the configured path cost for that SAP or spoke-SDP. When BPDUs are sent out of other egress SAPs or spoke-SDPs, the newly calculated root path cost is used. These are the values used for CIST when running MSTP.
STP suggests that the path cost is defined as a function of the link bandwidth. Since SAPs and spoke-SDPs are controlled by complex queuing dynamics, in the 7450 ESS, 7750 SR, and 7950 XRS the STP path cost is a purely static configuration.
The no form of this command returns the path cost to the default value.
Parameters
- path-cost
-
The path cost for the SAP or spoke-SDP
Platforms
All
path-cost
Syntax
path-cost sap-path-cost
no path-cost
Context
[Tree] (config>service>pw-template>stp path-cost)
Full Context
configure service pw-template stp path-cost
Description
This command configures the Spanning Tree Protocol (STP) path cost for the SAP or spoke SDP.
The path cost is used by STP to calculate the path cost to the root bridge. The path cost in BPDUs received on the root port is incremented with the configured path cost for that SAP or spoke SDP. When BPDUs are sent out other egress SAPs or spoke SDPs, the newly calculated root path cost is used. These are the values used for CIST when running MSTP.
STP suggests that the path cost is defined as a function of the link bandwidth. Since SAPs and spoke SDPs are controlled by complex queuing dynamics, the STP path cost is a purely static configuration.
The no form of this command returns the path cost to the default value.
Default
path-cost 10
Parameters
- path-cost
-
Specifies the path cost for the SAP or spoke SDP.
Platforms
All
path-destination
path-destination
Syntax
path-destination ip-address interface if-name
path-destination ip-address [next-hop ip-address]
no path-destination
Context
[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy path-destination)
[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy path-destination)
Full Context
configure saa test type-multi-line lsp-ping sr-policy path-destination
configure saa test type-multi-line lsp-trace sr-policy path-destination
Description
This command configures the IP address of the path destination from the range 127/8. When the LDP FEC prefix is IPv6, the user must enter a 127/8 IPv4 mapped IPv6 address, that is, in the range ::ffff:127/104.
The no form of this command removes the configuration.
Parameters
- ip-address
-
Specifies the IP address.
- if-name
-
Specifies the name of an IP interface, up 32 characters, to send the MPLS echo request to. The name must already exist in the config>router>interface context.
Platforms
All
path-discovery
path-discovery
Syntax
path-discovery
Context
[Tree] (config>test-oam>ldp-treetrace path-discovery)
Full Context
configure test-oam ldp-treetrace path-discovery
Description
This command creates the context to configure the LDP ECMP OAM path discovery.
The ingress LER builds the ECMP tree for a given FEC (egress LER) by sending LSP Trace messages and including the LDP IPv4 Prefix FEC TLV as well as the downstream mapping TLV. It inserts an IP address range drawn from the 127/8 space. When received by the downstream LSR, it uses this range to determine which ECMP path is exercised by any IP address or a sub-range of addresses within that range based on its internal hash routine. When the MPLS Echo reply is received by the ingress LER, it records this information and proceeds with the next echo request message targeted for a node downstream of the first LSR node along one of the ECMP paths. The sub-range of IP addresses indicated in the initial reply is used since the objective is to have the LSR downstream of the ingress LER pass this message to its downstream node along the first ECMP path.
The user configures the frequency of running the tree discovery using the command config>test-oam>ldp-treetrace>path-discovery>interval.
The ingress LER gets the list of FECs from the LDP FEC database. New FECs are added to the discovery list at the next tree discovery and not when they are learned and added into the FEC database. The maximum number of FECs to be discovered with the tree building feature is limited to 500. The user can configure FECs to include or exclude using a policy profile by applying the command config>test-oam>ldp-treetrace>path-discovery>policy-statement.
Platforms
All
path-excl
path-excl
Syntax
[no] path-excl
Context
[Tree] (config>redundancy>mc>peer>mcr>ring path-excl)
Full Context
configure redundancy multi-chassis peer mc-ring ring path-excl
Description
This command specifies the set of upper-VLAN IDs associated with the SAPs that are to be excluded from control by the multi-chassis ring.
Default
If not specified, the default is an empty set.
Platforms
All
path-id
path-id
Syntax
path-id {lsp-num lsp-num | working-path | protect-path [src-global-id src-global-id] src-node-id src-node-id src-tunnel-num src-tunnel-num [dest-global-id dest-global-id] dest-node-id dest-node-id [dest-tunnel-num dest-tunnel-num]}
no path-id
Context
[Tree] (config>router>mpls>mpls-tp>transit-path path-id)
Full Context
configure router mpls mpls-tp transit-path path-id
Description
This command configures path ID for an MPLS-TP transit path at an LSR. The path ID is equivalent to the MPLS-TP LSP ID and is used to generate the maintenance entity group intermediate point (MIP) identifier for the LSP at the LSR. A path-id must be configured for on-demand OAM to verify an LSP at the LSR.
The path-id must contain at least the following parameters: lsp-num, src-node-id, src-global-id, src-tunnel-num, dest-node-id.
The path-id must be unique on a node. It is recommended that his is also configured to be a globally unique value.
The no form of this command removes the path ID from the configuration.
Default
no path-id
Parameters
- lsp-num
-
Specifies the LSP number.
- src-global-id
-
Specifies the source global ID.
- src-node-id
-
Specifies the source node ID.
- src-tunnel-num
-
Specifies the source tunnel number.
- dest-global-id
-
Specifies the destination global ID. If the destination global ID is not entered, then it is set to the same value as the source global ID.
- dest-node-id
-
Specifies the destination node ID.
- dest-tunnel-num
-
Specifies the destination tunnel number. If the destination tunnel number is not entered, then it is set to the same value as the source tunnel number.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path-mtu
path-mtu
Syntax
path-mtu [bytes]
no path-mtu bytes
Context
[Tree] (config>service>sdp path-mtu)
Full Context
configure service sdp path-mtu
Description
This command configures the Maximum Transmission Unit (MTU) in bytes that the Service Distribution Point (SDP) can transmit to the far-end device router without packet dropping or IP fragmentation overriding the SDP-type default path-mtu.
The default SDP-type path-mtu can be overridden on a per SDP basis. Dynamic maintenance protocols on the SDP like RSVP may override this setting.
If the physical mtu on an egress interface or PoS channel indicates the next hop on an SDP path cannot support the current path-mtu, the operational path-mtu on that SDP will be modified to a value that can be transmitted without fragmentation.
The no form of this command removes any path-mtu defined on the SDP and the SDP will use the system default for the SDP type.
Default
no path-mtu — Specifies the default path-mtu defined on the system for the type of SDP is used.
Parameters
- bytes
-
Specifies the bytes.
Platforms
All
path-mtu-discovery
path-mtu-discovery
Syntax
[no] path-mtu-discovery
Context
[Tree] (config>router>ldp>tcp-session-params>peer-transport path-mtu-discovery)
Full Context
configure router ldp tcp-session-parameters peer-transport path-mtu-discovery
Description
This command enables Path MTU discovery for the associated TCP connections. When enabled, the MTU for the associated TCP session is initially set to the egress interface MTU. The DF bit is also set so that if a router along the path of the TCP connection cannot handle a packet of a particular size without fragmenting, it sends back an ICMP message to set the path MTU for the given session to a lower value that can be forwarded without fragmenting.
If one or more transport addresses used in the Hello adjacencies to the same peer LSR are different from the LSR-ID value, the user must add each of the transport addresses to the path MTU discovery configuration as a separate peer. This means when the TCP connection is bootstrapped by a given Hello adjacency, the path MTU discovery can operate over that specific TCP connection by using its specific transport address.
Default
no path-mtu-discovery
Platforms
All
path-mtu-discovery
Syntax
[no] path-mtu-discovery
Context
[Tree] (config>router>bgp>group>neighbor path-mtu-discovery)
[Tree] (config>router>bgp>group path-mtu-discovery)
[Tree] (config>router>bgp path-mtu-discovery)
Full Context
configure router bgp group neighbor path-mtu-discovery
configure router bgp group path-mtu-discovery
configure router bgp path-mtu-discovery
Description
This command enables Path MTU Discovery (PMTUD) for the associated TCP connections.
When enabled, PMTUD is activated toward an IPv4 BGP neighbor. The Don’t Fragment (DF) bit is set in the IP header of all IPv4 packets sent to the peer. If any device along the path toward the peer cannot forward the packet because the IP MTU of the interface is smaller than the IP packet size, the device drops the packet and sends an ICMP or ICMPv6 error message encoding the interface MTU. When the router receives the ICMP or ICMPv6 message, it lowers the TCP maximum segment size limit from the previous value to accomodate the IP MTU constraint.
When PMTUD is disabled and there is no tcp-mss configuration to associate with a BGP neighbor (in either the BGP configuration or the first-hop IP interface configuration), the router advertises a TCP MSS option of only 1024 bytes, limiting received TCP segments to that size.
The no form of this command disables PMTUD.
Default
no path-mtu-discovery
Platforms
All
path-preference
path-preference
Syntax
path-preference value
no path-preference
Context
[Tree] (config>router>mpls>lsp>secondary path-preference)
Full Context
configure router mpls lsp secondary path-preference
Description
This command enables the use of path preference among configured standby secondary paths per LSP. If all standby secondary paths have a default path-preference value then a non-standby secondary path will remain the active path while a standby secondary is available. A standby secondary path configured with the highest priority (for example, the lowest path-preference value) is made the active path when the primary is not in use. If multiple standby secondary paths have the same, lowest, path-preference value then the system will select the path with the highest up-time. Path preference can only be configured on the standby secondary paths.
The no form of this command resets the path-preference to the default value.
Default
path-preference 255
Parameters
- value
-
Specifies an alternate path for the LSP if the primary path is not available.
Platforms
All
path-probing
path-probing
Syntax
path-probing
Context
[Tree] (config>test-oam>ldp-treetrace path-probing)
Full Context
configure test-oam ldp-treetrace path-probing
Description
This command creates the context to configure the LDP tree trace path probing phase.
The periodic path exercising runs in the background to test the LDP ECMP paths discovered by the path discovery capability. The probe used is an LSP Ping message with an IP address drawn from the sub-range of 127/8 addresses indicated by the output of the tree discovery for this FEC.
The user configures the frequency of running the path probes using the config>test-oam>ldp-treetrace>path-probing>interval command. If an I/F is down on the ingress LER performing the LDP tree trace, then LSP Ping probes that normally go out this interface are not sent but the ingress LER node does not raise alarms.
The LSP Ping routine updates the content of the MPLS echo request message, specifically the IP address, as soon as the LDP ECMP path discovery phase has output the results of a new computation for the path in question.
Platforms
All
path-profile
path-profile
Syntax
path-profile profile-id [path-group group-id]
no path-profile profile-id
Context
[Tree] (config router mpls lsp-template path-profile)
[Tree] (config router mpls lsp path-profile)
Full Context
configure router mpls lsp-template path-profile
configure router mpls lsp path-profile
Description
This command configures the PCE path profile and path group ID.
The PCE supports the computation of disjoint paths for two different LSPs originating and/or terminating on the same or different PE routers. To indicate this constraint to the PCE, the user must configure the PCE path profile ID and path group ID to which the PCE computed or PCE controlled LSP belongs to. These parameters are passed transparently by the PCC to the PCE and are thus opaque data to the router.
The association of the optional path-group ID is to allow the PCE to determine the profile ID that must be used with this path-group ID. One path-group ID is allowed per profile ID. The user can, however, enter the same path-group ID with multiple profile IDs by executing this command multiple times. A maximum of five path-profile [path-group] entries can be associated with the same LSP.
The no form of this command removes the path profile association with the LSP.
Parameters
- profile-id
-
Specifies the profile ID.
- path-group group-id
-
Specifies the path group ID.
Platforms
All
path-restoration-state
path-restoration-state
Syntax
path-restoration-state {standby | auto}
no path-restoration-state
Context
[Tree] (config>subscr-mgmt>up-resiliency>fsg-template path-restoration-state)
Full Context
configure subscriber-mgmt up-resiliency fate-sharing-group-template path-restoration-state
Description
This command configures how the BNG-UP manages active FSGs if the BNG-UP becomes headless (PFCP path is in restoration/headless). The BNG-UP can always move all active FSGs to standby, or it can decide whether to move them to standby based on a series of heuristic tests. If any test indicates that the BNG-UP cannot forward traffic for the FSG, or another BNG-UP becomes active, the BNG-UP moves the FSG to standby.
Default
path-restoration-state auto
Parameters
- standby
-
Keyword that indicates any FSG becomes standby when the BNG-UP becomes headless.
- auto
-
Keyword that indicates the BNG-UP determines whether to change the state of the FSGs to standby based on a series of heuristic tests.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
path-restoration-time
path-restoration-time
Syntax
path-restoration-time minutes
no path-restoration-time
Context
[Tree] (config>subscr-mgmt>pfcp-association path-restoration-time)
Full Context
configure subscriber-mgmt pfcp-association path-restoration-time
Description
This command configures the time sessions are kept after a PFCP path failure is detected. When the timer expires, or if it is not configured, all sessions associated with the path are removed. If the path recovers without a restart before the timer expires, the timer is canceled, and no sessions are removed.
The no form of this command removes the path restoration configuration.
Default
no path-restoration-time
Parameters
- minutes
-
Specifies the time, in minutes, that sessions are kept after a PFCP path failure. This timer should be configured to a value that is at least twice the sum of the heartbeat interval plus the total heartbeat timeout (heartbeat retries x heartbeat timeout = N1 x T1).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
path-threshold
path-threshold
Syntax
path-threshold num-paths
no path-threshold
Context
[Tree] (config>eth-tunnel>lag-emulation path-threshold)
Full Context
configure eth-tunnel lag-emulation path-threshold
Description
This command configures the behavior for the eth-tunnel if the number of operational members is equal to or below a threshold level
Default
no path-threshold
Parameters
- num-paths
-
Specifies the threshold for the Ethernet Tunnel group.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
path-type
path-type
Syntax
path-type {ibgp | ebgp}
no path-type
Context
[Tree] (config>router>policy-options>policy-statement>entry>from path-type)
Full Context
configure router policy-options policy-statement entry from path-type
Description
This command matches BGP routes based on their path type (EBGP or IBGP). A route learned from an EBGP peer has path-type ebgp. A route learned from an IBGP or confed-EBGP peer has path-type ibgp.
A non-BGP route does not match a policy entry if it contains the path-type command.
Default
no path-type
Parameters
- ibgp
-
Matches routes from internal BGP peers.
- ebgp
-
Matches routes from external BGP peers.
Platforms
All
patherr
patherr
Syntax
patherr [detail]
no patherr
Context
[Tree] (debug>router>rsvp>packet patherr)
Full Context
debug router rsvp packet patherr
Description
This command debugs path error packets.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about path error packets.
Platforms
All
pathtear
pathtear
Syntax
pathtear [detail]
no pathtear
Context
[Tree] (debug>router>rsvp>packet pathtear)
Full Context
debug router rsvp packet pathtear
Description
This command debugs path tear packets.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about path tear packets.
Platforms
All
pattern
pattern
Syntax
pattern pad-value
no pattern
Context
[Tree] (config>oam-pm>session>ip pattern)
Full Context
configure oam-pm session ip pattern
Description
This command configures the pattern value to be repeated in the padding portion of the TWAMP Light packet.
The no form of this command uses an incrementing byte pattern beginning with 00 and ending with FF, wrapping back to 00.
Default
pattern 0
Parameters
- pad-value
-
Specifies the specific pattern to use.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pattern
Syntax
pattern pad-value
no pattern
Context
[Tree] (config>oam-pm>session>mpls pattern)
Full Context
configure oam-pm session mpls pattern
Description
This command configures the pattern value to be repeated in the padding portion of pad-tlv length field of the dm PDU.
The no form of this command uses an incrementing byte pattern beginning with 00 and ending with FF, wrapping back to 00.
Parameters
- pad-value
-
Specifies a two octet pattern to be repeated to fill the padding field of each echo request packet launched for each test belonging to the specified session. For example, if 255 is specified, the padding field is filled with the octet values 00, FF, 00, FF, ... (hexadecimal).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
payload
payload
Syntax
payload {sts3 | tug3 | ds3 | e3 | vt2 | vt15 | ds1 | e1}
Context
[Tree] (config>port>sonet-sdh>path payload)
Full Context
configure port sonet-sdh path payload
Description
This command specifies if the associated SONET/SDH path is an asynchronous circuit or a virtual tributary group (VT). This command is only applicable to channelized MDAs.
This command is supported on TDM satellite, however the sts3, ds3, and e3 parameters are not supported.
Parameters
- sts3
-
Configures STS3/STM1 payload as clear channel.
- tu3
-
Configures STS3/STM1 payload as Tributary Unit Group 3 (TUG3).
- ds3
-
Configures the port or channel as DS-3 STS1/VC3 payload as DS-3.
- e3
-
Configures the port or channel as E-3 STS1/VC3 payload as E-3.
- vt2
-
Configures the path STS1 payload as vt2 as a virtual tributary group. Only allowed on STS-1 nodes (SONET VT container).
- vt15
-
Configures the path as a virtual tributary group. Only allowed on STS-1 nodes (SONET VT container).
- ds1
-
Configures the port or channel as DS1.vt15 or vt2 payload as DS-1.
- e1
-
Configures VT2 payload as E-1.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pbb
pbb
pbb
Syntax
pbb
Context
[Tree] (config>test-oam>build-packet>header pbb)
[Tree] (debug>oam>build-packet>packet>field-override>header pbb)
Full Context
configure test-oam build-packet header pbb
debug oam build-packet packet field-override header pbb
Description
This command configures a test Provider Backbone Bridge (PBB) packet header to be launched by the OAM find-egress tool.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pbb-etype
pbb-etype
Syntax
pbb-etype [ethertype-value]
no pbb-etype
Context
[Tree] (config>port>ethernet pbb-etype)
Full Context
configure port ethernet pbb-etype
Description
This command configures the Ethertype used for PBB encapsulation.
Default
no pbb-etype
Parameters
- ethertype-value
-
Specifies the Ethertype value in the form of 0x600 to 0xfff.
Platforms
All
pbb-etype
Syntax
pbb-etype type
no pbb-etype [type]
Context
[Tree] (config>service>sdp pbb-etype)
Full Context
configure service sdp pbb-etype
Description
This command configures the Ethertype used for PBB.
Default
no pbb-etype
Parameters
- type
-
Specifies the Ethertype.
Platforms
All
pbr-down-action-override
pbr-down-action-override
Syntax
pbr-down-action-override filter-action
no pbr-down-action-override
Context
[Tree] (config>filter>ip-filter>entry pbr-down-action-override)
[Tree] (config>filter>ipv6-filter>entry pbr-down-action-override)
[Tree] (config>filter>mac-filter>entry pbr-down-action-override)
Full Context
configure filter ip-filter entry pbr-down-action-override
configure filter ipv6-filter entry pbr-down-action-override
configure filter mac-filter entry pbr-down-action-override
Description
This command allows overriding the default action that is applied for entries with PBR/PBF action defined, when the PBR/PBF target is down.
The no form of the command preserves default behavior when PBR/PBF target is down.
Default
no pbr-down-action-override
Parameters
- filter-action
-
Specifies the packets matching the entry.
drop — Specifies that packets matching the entry will be dropped if PBR/PBF target is down.
forward — Specifies that packets matching the entry will be forwarded if PBR/PBF target is down.
filter-default-action — Specifies that packets matching the entry will be processed as per default-action configuration for this filter if PBR/PBF target is down.
Platforms
All
pcap
pcap
Syntax
pcap session-name [create]
no pcap session-name
Context
[Tree] (config>mirror>mirror-dest pcap)
Full Context
configure mirror mirror-dest pcap
Description
This command specifies a PCAP instance used for packet capture.
The no form of this command removes the PCAP instance and stops the packet capture and file transfer session.
Parameters
- session-name
-
Specifies the session name, up to 32 characters.
Platforms
All
pcap
Syntax
pcap session-name
Context
[Tree] (debug pcap)
Full Context
debug pcap
Description
This command specifies the session for the packet capture process.
Parameters
- session-name
-
Specifies the session name, up to 32 characters.
Platforms
All
pcc
pcc
Syntax
[no] pcc
Context
[Tree] (debug>router>mpls>event pcc)
Full Context
debug router mpls event pcc
Description
This command debugs pcc events.
The no form of the command disables the debugging.
Platforms
All
pcc
Syntax
pcc
Context
[Tree] (config>router>pcep pcc)
Full Context
configure router pcep pcc
Description
Commands in this context configure PCC parameters.
Platforms
All
pcc
Syntax
[no] pcc
Context
[Tree] (debug>router>pcep pcc)
Full Context
debug router pcep pcc
Description
This command enables debugging for the PCEP Path Computation Client (PCC).
The no form of this command disables PCEP PCC debugging.
Platforms
All
pce
pce
Syntax
pce
Context
[Tree] (config>router>pcep pce)
Full Context
configure router pcep pce
Description
Commands in this context configure PCE parameters.
Platforms
VSR-NRC
pce
Syntax
[no] pce
Context
[Tree] (debug>router>pcep pce)
Full Context
debug router pcep pce
Description
This command enables debugging for the PCEP Path Computation Element (PCE).
The no form of this command disables PCEP PCE debugging.
Platforms
VSR-NRC
pce-associations
pce-associations
Syntax
pce-associations
Context
[Tree] (config>router>pcep>pcc pce-associations)
Full Context
configure router pcep pcc pce-associations
Description
Commands in this context configure PCE association groups.
Platforms
All
pce-associations
Syntax
pce-associations
Context
[Tree] (config>router>mpls>lsp-template pce-associations)
[Tree] (config>router>mpls>lsp pce-associations)
Full Context
configure router mpls lsp-template pce-associations
configure router mpls lsp pce-associations
Description
Commands in this context configure LSP binding with one or more PCEP association groups.
Platforms
All
pce-control
pce-control
Syntax
[no] pce-control
Context
[Tree] (config>router>mpls>lsp pce-control)
[Tree] (config>router>mpls>lsp-template pce-control)
Full Context
configure router mpls lsp pce-control
configure router mpls lsp-template pce-control
Description
This command enables a PCE controlled LSP mode of operation. The pce-control option means the router delegates full control of the LSP to the PCE (PCE controlled). Enabling it means the PCE is acting in stateful-active mode for this LSP and the PCE will be able to reroute the path following a failure or re-optimize the path and update the router without a request from the router.
The user can delegate CSPF and non-CSPF LSPs, or LSPs that have the path-computation-method pce option enabled or disabled. The LSP maintains its latest active path computed by PCE or the router at the time it is delegated. The PCE only makes an update to the path at the next network event or reoptimization.
When configured to no, the PCE controlled mode of operation for the LSP has not effect.
Default
no pce-control
Platforms
All
pce-initiated-lsp
pce-initiated-lsp
Syntax
[no] pce-initiated-lsp
Context
[Tree] (config>router>mpls pce-initiated-lsp)
Full Context
configure router mpls pce-initiated-lsp
Description
This command creates a context to configure support for PCE-initiated LSPs.
The no form of this command removes PCE-initiated LSP support. All PCE-initiated LSPs are deleted.
Platforms
All
pce-report
pce-report
Syntax
pce-report rsvp-te {enable | disable}
pce-report sr-te {enable | disable}
Context
[Tree] (config>router>mpls pce-report)
Full Context
configure router mpls pce-report
Description
This command separately configures the reporting modes to a PCE for RSVP-TE or SR-TE LSPs. The PCC LSP database is synchronized with the PCE LSP database using the PCEP PCRpt (PCE Report) message for PCC-controlled, PCE-computed, and PCE-controlled LSPs.
The global MPLS level pce-report command can be used to enable or disable PCE reporting for all SR-TE LSPs or RSVP-TE LSPs during PCE LSP database synchronization. This configuration is inherited by all LSPs of the specified type. The PCC reports both CSPF and non-CSPF LSPs. The default value is disabled for both types of LSP. This default value is meant to control the introduction of the PCE into an existing network and to let the operator decide if all LSPs of a particular type need to be reported.
The LSP-level pce-report command overrides the global configuration for the reporting of LSPs to the PCE. The default value is to inherit the global MPLS level value. The enable or disable value allows for the override of the inherited value. The inherit value explicitly resets the LSP to inherit the global configuration for that LSP type.
If PCE reporting is disabled for the LSP, either due to inheritance or due to LSP-level configuration, then enabling the pce-control option for the LSP has no effect.
Default
pce-report rsvp-te disable
pce-report sr-te disable
Parameters
- rsvp-te
-
Specifies the PCE reporting mode for all TE LSPs of RSVP-TE type.
- sr-te
-
Specifies the PCE reporting mode for all TE LSPs of SR-TE type.
Platforms
All
pce-report
Syntax
pce-report {enable | disable | inherit}
Context
[Tree] (config>router>mpls>lsp pce-report)
[Tree] (config>router>mpls>lsp-template pce-report)
Full Context
configure router mpls lsp pce-report
configure router mpls lsp-template pce-report
Description
This command separately configures the reporting modes to a PCE for RSVP-TE or SR-TE LSPs.
The PCC LSP database is synchronized with the PCE LSP database using the PCEP PCRpt (PCE Report) message for PCC-controlled, PCE-computed and PCE-controlled LSPs.
The global MPLS-level pce-report command can be used to enable or disable PCE reporting for all SR-TE LSPs or RSVP-TE LSPs during PCE LSP database synchronization. This configuration is inherited by all LSPs of the specified type. The PCC reports both CSPF and non-CSPF LSPs. The default value is disabled for both types of LSP. This default value is meant to control the introduction of the PCE into an existing network and to let the operator decide if all LSPs of a particular type need to be reported.
The LSP-level pce-report command overrides the global configuration for the reporting of LSP to the PCE. The default value is to inherit the global MPLS level value. The enable or disable value allows for the override of the inherited value. The inherit value explicitly resets the LSP to inherit the global configuration for that LSP type.
If PCE reporting is disabled for the LSP, either due to inheritance or due to LSP-level configuration, then enabling the pce-control option for the LSP has no effect.
Default
pce-report inherit
Parameters
- enable
-
Enables PCE reporting.
- disable
-
Disables PCE reporting.
- inherit
-
Inherits the global configuration for PCE reporting.
Platforms
All
pcep
pcep
Syntax
[no] pcep
Context
[Tree] (config>router pcep)
Full Context
configure router pcep
Description
This command enables Path Computation Element communications Protocol (PCEP), and enters the context to configure PCEP parameters.
The no form of the command disables PCEP.
Platforms
All
pcep
Syntax
[no] pcep
Context
[Tree] (debug>router pcep)
Full Context
debug router pcep
Description
This command enables debugging for the Path Computation Element Protocol (PCEP).
The no form of this command disables PCEP debugging.
Platforms
All
pcm
pcm
Syntax
[no] pcm pcm-slot [chassis chassis-id]
Context
[Tree] (config>system>pwr-mgmt pcm)
Full Context
configure system power-management pcm
Description
This command sets the PCM slot number.
Parameters
- pcm-slot
-
Identifies the PCM slot.
- chassis-id
-
Specifies chassis ID for the router chassis.
Platforms
7950 XRS-20e
pcm-type
pcm-type
Syntax
[no] pcm-type {dual | quad}
Context
[Tree] (cfg>sys>pwr-mgmt>pcm pcm-type)
Full Context
configure system power-management pcm pcm-type
Description
This command sets the PCM type.
Parameters
- dual
-
Specifies the dual PCM type.
- quad
-
Specifies the quad PCM type.
Platforms
7950 XRS-20e
pcp
pcp
Syntax
pcp
Context
[Tree] (debug>router pcp)
Full Context
debug router pcp
Description
This command enables debugging for the PCP servers.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pcp-server
pcp-server
Syntax
pcp-server
Context
[Tree] (config>router pcp-server)
Full Context
configure router pcp-server
Description
Commands in this context configure a Port Control Policy (PCP) server.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pcp-server
Syntax
pcp-server name
Context
[Tree] (debug>router>pcp pcp-server)
Full Context
debug router pcp pcp-server
Description
This command enables debugging for the PCP servers.
Parameters
- name
-
Debugs the PCP server associated with the specified name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pcp-server-policy
pcp-server-policy
Syntax
pcp-server-policy name [create]
no pcp-server-policy name
Context
[Tree] (config>service>nat pcp-server-policy)
Full Context
configure service nat pcp-server-policy
Description
This command configures a PCP server policy name.
The no form of the command removes the name from the configuration.
Parameters
- name
-
Specifies a PCP server policy name up to 32 characters.
- create
-
Keyword used to create the PCP server policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pcp-server-policy
Syntax
pcp-server-policy name
no pcp-server-policy
Context
[Tree] (config>router>pcp-server>server pcp-server-policy)
Full Context
configure router pcp-server server pcp-server-policy
Description
This command configures the PCP server policy.
The no form of this command reverts to the default value.
Default
no pcp-server-policy
Parameters
- name
-
Specifies the PCP server policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pcr-repetition
pcr-repetition
Syntax
pcr-repetition [tnc tnc-milli-seconds qos qos-milli-seconds poa poa-milli-seconds]
no pcr-repetition
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pcr-repetition)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pcr-repetition)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pcr-repetition)
Full Context
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pcr-repetition
configure mcast-management multicast-info-policy bundle channel video analyzer alarms pcr-repetition
configure mcast-management multicast-info-policy bundle video analyzer alarms pcr-repetition
Description
This command configures the analyzer to check for the program clock reference (PCR). It is expected that the PCR arrives periodically within a certain interval range. It is possible to configure the type of alarm that is raised when the PCR fails to arrive within the specified interval. As the delay increases between two consecutive PCRs, the type of alarm raised becomes more critical, from TNC to POA.
Default
no pcr-repetition
Parameters
- tnc-milli-seconds
-
Specifies the time, in milliseconds, for which a TNC alarm is raised if the interval between two consecutive PCRs is greater than or equal to this configured value.
- qos-milli-seconds
-
Specifies the time, in milliseconds, for which a QoS alarm is raised if the interval between two consecutive PCRs is greater than or equal to this configured value.
- poa-milli-seconds
-
Specifies the time, in milliseconds, for which a POA alarm is raised if the interval between two consecutive PCRs is greater than or equal to this configured value.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
pd-managed-route
pd-managed-route
Syntax
pd-managed-route [next-hop {ipv4 | ipv6}]
no pd-managed-route
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 pd-managed-route)
[Tree] (config>service>ies>sub-if>ipv6>dhcp6 pd-managed-route)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6 pd-managed-route)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 pd-managed-route)
Full Context
configure service ies subscriber-interface group-interface ipv6 dhcp6 pd-managed-route
configure service ies subscriber-interface ipv6 dhcp6 pd-managed-route
configure service vprn subscriber-interface ipv6 dhcp6 pd-managed-route
configure service vprn subscriber-interface group-interface ipv6 dhcp6 pd-managed-route
Description
This command enables DHCP IA-PD (delegated prefix) to be modeled as managed (framed) route instead of as a subscriber-host. Antispoof filtering for the subscriber host associated with the IA-PD route must be set to nh-mac. The subscriber specific parameters (such as sla-profile or sub-profile) are ignored during the authentication phase because IA-PD is not modeled as a subscriber host. Other subscriber host-specific functions (for example, host overrides via CoA or host accounting) are not possible with a PD as the managed route.
By default, or when configured with the next-hop ipv6 parameter, the next-hop for PD managed route is an IPv6 WAN sub-host (DHCP IA-NA or SLAAC) with the same mac address as the one in the DHCP lease state for the managed IA-PD. The DHCP IA-NA next-hop host will always override the SLAAC next-hop host if both are available. If the IPv6 next-hop is not present when the framed IA-PD is instantiated, the IA-PD is set up but the PD managed route will not be installed in the IPv6 route table and the DHCPv6 lease state for the IA-PD will have the managed route status (DHCP6 MRt Status) set to "noNextHop”.
When configured with the next-hop ipv4 parameter the next-hop for PD managed route is a DHCPv4 sub-host that belongs to the same IPoE session or PPPoE session. For IPoE, ipoe-session must be enabled on the group-interface. If ipoe-session is disabled, an IPv4 next-hop will not be found. If the IPv4 next-hop is not found or not present at the time when the framed IA-PD is instantiated, the IA-PD is set up but the PD managed route is not installed in the IPv6 route table. In this case, the DHCPv6 lease state for the IA-PD will have the managed route status (DHCP6 MRt Status) set to noNextHop.
IPv6 filters, QoS IPv6 criteria, and IPv6 multicast are not supported for DHCPv6 IA-PD as managed route pointing to an IPv4 subscriber host as next-hop.
The DHCP IA-PD modeled as a route is displayed differently than regular subscriber hosts in show commands related to subscriber host state. The PD managed route is always shown directly below the host it is using as the next hop. The forwarding status of the PD managed route is also shown, where (N) indicate that the PD managed route is not forwarding. In addition, DHCP IA-PD route is displayed as a managed route for the corresponding IPv6 subscriber host (DHCP IA-NA or SLAAC) or DHCPv4 subscriber host.
DHCP IA-PD information for managed IA-PD route is still maintained in the DHCPv6 lease state.
The no form of this command reverts to the default.
Parameters
- next-hop
-
Specifies the next-hop type for the DHCP IA-PD managed route
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pdn-connection-id
pdn-connection-id
Syntax
[no] pdn-connection-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp pdn-connection-id)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp pdn-connection-id
Description
This command enables the inclusion of the PDN-Connection-Id AVP, which contains the APN as signaled in the incoming GTP setup message.
The no form of this command disables the inclusion of the AVP.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
pdn-type
pdn-type
Syntax
pdn-type {ipv4 | ipv6 | ipv4v6}
no pdn-type
Context
[Tree] (config>service>vprn>gtp>uplink pdn-type)
[Tree] (config>router>gtp>uplink pdn-type)
Full Context
configure service vprn gtp uplink pdn-type
configure router gtp uplink pdn-type
Description
This command configures the PDP type to be signaled in GTP, determining which addresses are requested from the P-GW/GGSN and which hosts are set up afterwards. This can be overridden by RADIUS. If the ipv4v6 keyword is used, the P-GW/GGSN can fall back to either IPv4 or IPv6.
The no form of this command reverts to the default configuration.
Default
pdn-type ipv4
Parameters
- ipv4
-
Specifies the GTP connection requests an IPv4 address.
- ipv6
-
Specifies the GTP connection requests an IPv6 address.
- ipv4v6
-
Specifies the GTP connection requests both an IPv4 and an IPv6 address.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
pdp-context-type
pdp-context-type
Syntax
[no] pdp-context-type
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp pdp-context-type)
Full Context
configure subscriber-mgmt diameter-application-policy gy include-avp pdp-context-type
Description
This command includes the [3GPP-1247] PDP-Context-Type AVP in Diameter DCCA CCR-Initial messages.
The no form of this command removes the PDP-Context-Type AVP from the Diameter DCCA CCR-Initial messages.
Default
pdp-context-type
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pe-id-mac-flush-interop
pe-id-mac-flush-interop
Syntax
[no] pe-id-mac-flush-interop
Context
[Tree] (config>router>ldp>session-params>peer pe-id-mac-flush-interop)
Full Context
configure router ldp session-parameters peer pe-id-mac-flush-interop
Description
This command enables the addition of the PE-ID TLV in the LDP MAC withdrawal (mac-flush) message, under certain conditions, and modifies the mac-flush behavior for interoperability with other vendors that do not support the flush-all-from-me vendor-specific TLV. This flag can be enabled on a per LDP peer basis and allows the flush-all-from-me interoperability with other vendors. When the pe-id-mac-flush-interop flag is enabled for a given peer, the current mac-flush behavior is modified in terms of mac-flush generation, mac-flush propagation and behavior upon receiving a mac-flush.
The mac-flush generation will be changed depending on the type of event and according to the following rules:
-
Any all-from-me mac-flush event will trigger a mac-flush all-but-mine message (RFC 4762 compliant format) with the addition of a PE-ID TLV. The PE-ID TLV contains the IP address of the sending PE.
-
Any all-but-mine mac-flush event will trigger a mac-flush all-but-mine message WITHOUT the addition of the PE-ID TLV, as long as the source spoke SDP is not part of an end-point.
-
Any all-but-mine mac-flush event will trigger a mac-flush all-but-mine message WITH the addition of the PE-ID TLV, if the source spoke SDP is part of an end-point and the spoke-sdp goes from down/standby state to active state. In this case, the PE-ID TLV will contain the IP address of the PE to which the previous active spoke-sdp was connected to.
Any other case will follow the existing mac-flush procedures.
When the pe-id-mac-flush-interop flag is enabled for a given LDP peer, the mac-flush ingress processing is modified according to the following rules:
-
Any received all-from-me mac-flush will follow the existing mac-flush all-from-me rules regardless of the existence of the PE-ID.
-
Any received all-but-mine mac-flush will take into account the received PE-ID, that is all the mac addresses associated to the PE-ID will be flushed. If the PE-ID is not included, the mac addresses associated to the sending PE will be flushed.
-
Any other case will follow the existing mac-flush procedures.
When a mac-flush message has to be propagated (for an ingress sdp-binding to an egress sdp-binding) and the pe-id-mac-flush-interop flag is enabled for the ingress and egress TLDP peers, the following behavior is observed:
-
If the ingress and egress bindings are spoke SDP, the PE will propagate the mac-flush message with its own PE-ID.
-
If the ingress binding is an spoke SDP and the egress binding a mesh SDP, the PE will propagate the mac-flush message without modifying the PE-ID included in the PE-ID TLV.
-
If the ingress binding is a mesh SDP and the egress binding an spoke SDP, the PE will propagate the mac-flush message with its own PE-ID.
-
When ingress and egress bindings are mesh-sdp, the mac-flush message is never propagated. This is the behavior regardless of the pe-id-mac-flush-interop flag configuration.
The PE-ID TLV is never added when generating a mac-flush message on a B-VPLS if the send-bvpls-flush command is enabled in the I-VPLS. In the same way, no PE-ID is added when propagating mac-flush from a B-VPLS to a I-VPLS when the propagate-mac-flush-from-bvpls command is enabled. Mac-flush messages for peers within the same I-VPLS or within the same B-VPLS domain follow the procedures described above.
Default
no pe-id-mac-flush-interop
Platforms
All
peak-rate
peak-rate
Syntax
peak-rate rate
no peak-rate
Context
[Tree] (config>router>policy-acct-template>policer peak-rate)
Full Context
configure router policy-acct-template policer peak-rate
Description
This command sets the peak rate (the fill or drain rate of the bucket).
Each policer has a peak information rate and a maximum burst size. The default peak-rate (when no value is configured or the configured value is max) is the line rate of the ingress port.
The no form of this command reverts to the default value.
Default
peak-rate max
Parameters
- rate
-
Specifies the peak rate in Kb/s
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
peer
peer
Syntax
peer ip-address tag sync-tag
no peer
Context
[Tree] (config>router>dhcp6>server>pool>failover peer)
[Tree] (config>service>vprn>dhcp>server>pool peer)
[Tree] (config>service>vprn>dhcp6>server peer)
[Tree] (config>router>dhcp>server>failover peer)
[Tree] (config>router>dhcp6>server>failover peer)
[Tree] (config>service>vprn>dhcp>server peer)
[Tree] (config>router>dhcp>server>pool>failover peer)
[Tree] (config>service>vprn>dhcp6>server>pool peer)
Full Context
configure router dhcp6 server pool failover peer
configure service vprn dhcp server pool peer
configure service vprn dhcp6 server peer
configure router dhcp local-dhcp-server failover peer
configure router dhcp6 local-dhcp-server failover peer
configure service vprn dhcp server peer
configure router dhcp server pool failover peer
configure service vprn dhcp6 server pool peer
Description
This command creates a sync tag. DHCP leases can be synchronized per DHCP server or DHCP pool. The pair of synchronizing servers or pools is identified by a tag. The synchronization information is carried over the Multi-Chassis Synchronization (MCS) link between the two peers. MCS link is a logical link (IP, or MPLS).
MCS runs over TCP, port 45067 and it is using either data traffic or keepalives to detect failure on the communication link between the two nodes. In the absence of any MCS data traffic for more than 0.5sec, MCS will send its own keepalive to the peer. If a reply is not received within three sec, MCS will declare its operation state as DOWN and the DB Sync state as out-of-sync. MCS will consequently notify its clients (DHCP Server being one of them) of this. It can take up to three seconds before the DHCP client realizes that the inter-chassis communication link has failed.
The inter-chassis communication link failure does not necessarily assume the same failed fate for the access links. The two redundant nodes can become isolated from each other in the network. This occurs when only the intercommunication (MCS) link fails. It is important that this MCS link be highly redundant.
The no form of this command reverts to the default.
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address of the peer.
- tag sync-tag
-
Specifies a tag, up to 32 characters, that identifies the synchronizing DHCP servers or pools.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
[no] peer router router-instance address ip-address [udp-port port]
Context
[Tree] (debug>gtp peer)
Full Context
debug gtp peer
Description
This command restricts debugging to only data related to the specified GTP peer. This command can be repeated multiple times, where only data for any of the specified peers is debugged.
The no form of this command removes the restriction for the specified peer. When the last peer filter is removed, all data is debugged again, but may be restricted by other filters.
Parameters
- router-instance
-
Specifies the ID of the VRF where the peer is connected.
- ip-address
-
Specifies the IP address of the peer.
- port
-
Specifies the GTP-C port used by the peer.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer ip-address
no peer
Context
[Tree] (config>router>l2tp>group>tunnel peer)
[Tree] (config>service>vprn>l2tp>group>tunnel peer)
Full Context
configure router l2tp group tunnel peer
configure service vprn l2tp group tunnel peer
Description
This command configures the peer address.
The no form of this command removes the IP address from the tunnel configuration.
Default
no peer
Parameters
- ip-address
-
Sets the LNS IP address for the tunnel.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer ip-address [udp-port port] [ip]
Context
[Tree] (debug>router>l2tp peer)
Full Context
debug router l2tp peer
Description
This command enables and configures debugging for an L2TP peer.
Parameters
- ip-address
-
Specifies the IP address of the L2TP peer.
- port
-
Specifies the UDP port for the L2TP peer. This parameter is only supported with L2TPv2 peers.
- ip
-
Displays debugging information for peers using IP transport.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer index index [destination-host-string ][create]
no peer index index
Context
[Tree] (config>aaa>diam>node peer)
Full Context
configure aaa diameter node peer
Description
This command creates context for diameter peer configuration within a Diameter client node in SR OS. Up to five Diameter peers can be configured within a given Diameter client node.
This command is not applicable to legacy Diameter base.
The no form of this command removes the peer index information from the configuration.
Parameters
- index
-
Specifies the index of a peer. Index is used to break a tie if a Diameter route for a given host or realm destination points to multiple diameter peers with the same preference. In such scenario, the peer with the lowest index will be selected as next-hop in traffic forwarding.
- destination-host-string
-
Identifies the peer by its name, up to 80 characters (of type DiameterIdentity). This peer name must match the one in Origin-Host AVP received in Capability Exchange Answer message. In case of a mismatch, the TCP connection will be terminated.
- create
-
Keyword used to create the peer index. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer ip-address [create]
no peer ip-address
Context
[Tree] (config>redundancy>multi-chassis peer)
Full Context
configure redundancy multi-chassis peer
Description
This command configures the IP address of the peer in a redundant multi-chassis setup, and enters the context for further, application-specific configuration options.
Parameters
- ip-address
-
Specifies a peer IP address. Multicast addresses are not allowed.
Platforms
All
peer
Syntax
[no] peer destination-host
Context
[Tree] (debug>diameter>node peer)
Full Context
debug diameter node peer
Description
This command debugs Diameter node peers. At this level, the forwarding/routing phase is completed and the peer is known. All messages flowing between this node and the peer are reported. Although the messages displayed can contain session-ids, this debugging level is session unaware (the session states are not maintained at this level).
Parameters
- destination-host
-
Specifies the host name, up to 80 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer ip-address ip-address
no peer
Context
[Tree] (config>subscr-mgmt>pfcp-association peer)
Full Context
configure subscriber-mgmt pfcp-association peer
Description
This command configures PFCP peer IP address.
The no form of this command removes the PFCP IP address.
Default
no peer
Parameters
- ip-address
-
Specifies the PFCP peer IP address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer ip-address [create]
no peer ip-address
Context
[Tree] (config>service>vprn>ptp peer)
Full Context
configure service vprn ptp peer
Description
This command configures a remote PTP peer and provides the context to configure parameters for this peer.
Up to 20 remote PTP peers may be configured.
If the clock-type is ordinary slave or boundary, and PTP is not shutdown, the last peer cannot be deleted. This prevents the case where the user has PTP enabled without any peer configured and enabled.
Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.
The no form of this command deletes the specified peer.
Parameters
- ip-address
-
Specifies the IP address of the remote peer.
- create
-
Keyword used to create the peer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer
Syntax
peer ip-address [create]
no peer ip-address
Context
[Tree] (config>system>ptp peer)
Full Context
configure system ptp peer
Description
This command configures a remote PTP peer. It provides the context to configure parameters for the remote PTP peer.
Up to 20 remote PTP peers may be configured.
If the clock-type is ordinary slave or boundary, and PTP is not shutdown, the last peer cannot be deleted. This prevents the user from having PTP enabled without any peer configured and enabled.
Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.
The no form of the command deletes the specified peer. The specific address being deleted must be included.
Parameters
- ip-address
-
Specifies the IP address of the remote peer.
- create
-
Creates the remote PTP peer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer
Syntax
[no] peer peer-address
Context
[Tree] (config>service>vprn>msdp>group peer)
[Tree] (config>service>vprn>msdp peer)
Full Context
configure service vprn msdp group peer
configure service vprn msdp peer
Description
This command configures peer parameters. Multicast Source Discovery Protocol (MSDP) must have at least one peer configured. A peer is defined by configuring a local-address that can be used by this node to set up a peering session and the address of a remote MSDP router, It is the address of this remote peer that is configured in this command and it identifies the remote MSDP router address.
After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. It may be required to have multiple peering sessions in which case multiple peer statements should be included in the configurations.
By default, the options applied to a peer are inherited from the global or group-level. To override these inherited options, include peer-specific options within the peer statement.
If the peer address provided is already a configured peer, then this command only provides the context to configure the parameters pertaining to this peer.
If the peer address provided is not already a configured peer, then the peer instance must be created and the context to configure the parameters pertaining to this peer should be provided. In this case, the $ prompt to indicate that a new entity (peer) is being created should be used.
The peer address provided will be validated and, if valid, will be used as the remote address for an MSDP peering session.
When the no form of this command is entered, the existing peering address will be removed from the configuration and the existing session will be terminated. Whenever a session is terminated, all source active information pertaining to and learned from that peer will be removed. Whenever a new peering session is created or a peering session is lost, an event message should be generated.
At least one peer must be configured for MSDP to function.
Parameters
- peer-address
-
The address configured in this statement must identify the remote MSDP router that the peering session must be established with.
Platforms
All
peer
Syntax
peer ipv4-address
no peer
Context
[Tree] (config>router>nat>inside>redundancy peer)
[Tree] (config>service>vprn>nat>inside>redundancy peer)
Full Context
configure router nat inside redundancy peer
configure service vprn nat inside redundancy peer
Description
This command is used in LSN44 multi-chassis redundancy in conjunction with filters. The configured peer address is an IPv4 address that is configured under an interface on the peering LSN44 node (active or standby). This IPv4 interface address is advertised via routing on the inside in order to attract traffic from the standby to the active LSN44 node.
If configured, the steering-route is advertised only from the active LSN44 node. Consequently, upstream traffic for LSN44 is attracted to the active LSN44 node. The nat action in the ipv4-filter on the active LSN44 node forwards traffic to the local MS-ISA where LSN44 function is performed. However, in that case that upstream traffic somehow arrives on the standby LSN44 node, the nat action in the IPv4-filter forwards traffic to the peer address (active LSN44 node).
The no form of the command removes the peer ipv4-address from the configuration.
Parameters
- ipv4-address
-
Specifies the IP address of the NAT redundancy peer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
[no] peer ip-address
Context
[Tree] (config>router>ldp>session-parameters peer)
Full Context
configure router ldp session-parameters peer
Description
This command configures parameters for an LDP peer.
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address of the LDP peer in dotted decimal notation.
Platforms
All
peer
Syntax
[no] peer ip-address
Context
[Tree] (config>router>ldp>targeted-session peer)
Full Context
configure router ldp targeted-session peer
Description
This command configures parameters for an LDP peer.
The no form of this command removes the LDP peer parameters.
Parameters
- ip-address
-
Specifies a peer IP address.
Platforms
All
peer
Syntax
[no] peer ip-address
Context
[Tree] (debug>router>ldp peer)
Full Context
debug router ldp peer
Description
Use this command for debugging an LDP peer.
Parameters
- ip-address
-
The IP address of the LDP peer.
Platforms
All
peer
Syntax
peer ip-address [preference preference]
no peer ip-address
Context
[Tree] (config>router>pcep>pcc peer)
Full Context
configure router pcep pcc peer
Description
This command configures the IP address of a peer PCEP speaker. The address is used as the destination address in the PCEP session messages to a PCEP peer.
The preference parameter allows the PCC to select the preferred PCE when both have their PCEP sessions successfully established. A maximum of two PCEP peers is supported.
The PCE peer that is not in overload is always selected by the PCC as the active PCE. However, if neither of the PCEs are signaling the overload state, the PCE with the higher numerical preference value is selected, and in case of a tie, the PCE with the lower IP address is selected.
The system does not support two or more simultaneously active PCEs.
The no form of the command removes the specified peer PCEP speaker.
Parameters
- ip-address
-
The IP address of the PCEP peer to be used as the destination address in the PCEP session.
- preference
-
The preference value of the peer.
Platforms
All
peer
Syntax
peer ip-address
no peer
Context
[Tree] (config>app-assure>aarp peer)
Full Context
configure application-assurance aarp peer
Description
This command defines the IP address of the peer router which must be a routable system IP address.
If no peer is configured and the AARP is no shutdown, it is configured as a single node AARP instance.
The no form of this command removes the IP address from the AARP instance.
Default
no peer
Parameters
- ip-address
-
Specifies the IP address in the a.b.c.d format.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
[no] peer peer-address
Context
[Tree] (config>router>msdp>group peer)
[Tree] (config>router>msdp peer)
Full Context
configure router msdp group peer
configure router msdp peer
Description
This command configures peer parameters. Multicast Source Discovery Protocol (MSDP) must have at least one peer configured. A peer is defined by configuring a local-address that can be used by this node to set up a peering session and the address of a remote MSDP router, It is the address of this remote peer that is configured in this command and it identifies the remote MSDP router address.
After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. It may be required to have multiple peering sessions in which case multiple peer statements should be included in the configurations.
By default, the options applied to a peer are inherited from the global or group-level. To override these inherited options, include peer-specific options within the peer statement.
If the peer address provided is already a configured peer, then this command only provides the context to configure the parameters pertaining to this peer.
If the peer address provided is not already a configured peer, then the peer instance must be created and the context to configure the parameters pertaining to this peer should be provided. In this case, the $ prompt to indicate that a new entity (peer) is being created should be used.
The peer address provided will be validated and, if valid, will be used as the remote address for an MSDP peering session.
When the no form of this command is entered, the existing peering address will be removed from the configuration and the existing session will be terminated. Whenever a session is terminated, all source active information pertaining to and learned from that peer will be removed. Whenever a new peering session is created or a peering session is lost, an event message should be generated.
At least one peer must be configured for MSDP to function.
Parameters
- peer-address
-
Specifies the peer IP address. address configured in this statement must identify the remote MSDP router that the peering session must be established with.
Platforms
All
peer
Syntax
peer lic-name
no peer
Context
[Tree] (config>li>x-interfaces>x1 peer)
Full Context
configure li x-interfaces x1 peer
Description
This command configures the LIC name for X1 interface communication, which is configured under config> li>x-interfaces>lics>lic.
The no form of this command reverts to the default.
Parameters
- lic-name
-
Specifies the LIC name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer
Syntax
peer lic-name
no peer
Context
[Tree] (config>li>x-interfaces>x2 peer)
Full Context
configure li x-interfaces x2 peer
Description
This command configures the LIC name for X2 interface communication, which is configured under config> li>x-interfaces>lics>lic.
The no form of this command reverts to the default.
Parameters
- lic-name
-
Specifies the LIC name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer
Syntax
[no] peer lic-name
Context
[Tree] (config>li>x-interfaces>x3>peers peer)
Full Context
configure li x-interfaces x3 peers peer
Description
This command configures the LIC name for X3 interface communication, which is configured under config> li>x-interfaces>lics>lic.
The no form of this command removes the LIC name.
Parameters
- lic-name
-
Specifies the name for the LIC peer, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer
Syntax
[no] peer {ip-address | ipv6-address}
Context
[Tree] (config>router>bfd>seamless-bfd peer)
Full Context
configure router bfd seamless-bfd peer
Description
This command specifies the context for the local mapping, used by an S-BFD initiator, between a discriminator for a far-end S-BFD reflector and its discriminator value.
The no form of this command removes the mapping for the peer.
Parameters
- ip-address
-
Specifies the IPv4 address of the peer.
- ipv6-address
-
Specifies the IPv6 address of the peer.
Platforms
All
peer
Syntax
peer [router router-instance | service-name service-name] {ip-address | ipv6-address} [key-id key-id | authentication-keychain keychain-name] [version version] [ prefer]
no peer [router router-instance | service-name service-name] {ip-address | ipv6-address}
Context
[Tree] (config>system>time>ntp peer)
Full Context
configure system time ntp peer
Description
This command configures symmetric active mode for an NTP peer. It is recommended to configure authentication and to only configure known time servers as peers. Peers may exist within a VPRN service.
For symmetric peering to operate correctly with a peer accessible through a VPRN, local NTP server functionality must be enabled within the VPRN using the configure service vprn ntp command.
The no form of the command removes the configured peer.
Parameters
- router-instance
-
Specifies the routing context that contains the interface.
- service name
-
Specifies the service name for the VPRN, up to 64 characters. CPM routing instances are not supported.
- ip-address
-
Configures the IPv4 address of the peer that requires a peering relationship to be set up.
- ipv6-address
-
Configures the IPv6 address of the peer that requires a peering relationship to be set up.
- key-id
-
Specifies the key ID. Successful authentication requires that both peers must have the same authentication key-id, type, and key value.
Specify the key-id that identifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP peer. If an NTP packet is received by these nodes, the authentication key-id, type, and key value must be valid, otherwise the packet is rejected and an event or trap is generated.
- keychain-name
-
Identifies the keychain name, up to 32 characters.
- version
-
Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode, in which case all versions are accepted.
- prefer
-
When configuring more than one peer, one remote system can be configured as the preferred peer. When a second peer is configured as preferred, the new entry overrides the old entry.
Platforms
All
peer
Syntax
peer ip-address [create]
no peer ip-address
Context
[Tree] (config>router>ipsec>mc-shunt-profile peer)
[Tree] (config>service>vprn>ipsec>mc-shunt-profile peer)
Full Context
configure router ipsec multi-chassis-shunting-profile peer
configure service vprn ipsec multi-chassis-shunting-profile peer
Description
Commands in this context configure a multi-chassis IPsec peer IP address for the multi-chassis-shunting-profile.
The no form of this command removes the peer IP address from the configuration.
Default
no command
Parameters
- ip-address
-
Specifies a peer IP address.
- create
-
Keyword used to create the command instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer
Syntax
peer ip-address [create]
no peer ip-address
Context
[Tree] (config>anysec>tnl-enc>enc-grp peer)
Full Context
configure anysec tunnel-encryption encryption-group peer
Description
This command configures the IPv4 or IPv6 address of the peer's node SID that are part of this encryption group.
This configuration identifies the peer's segment routing node SID and programs the egress label stack for matching on the FP5 for encrypting the LSP.
The no form of this command removes the peer node SID from the ANYsec configuration. Therefore, the LSP is not encrypted and all the traffic is transmitted in clear text.
Parameters
- ip-address
-
Specifies a peer IP address.
- create
-
Keyword used to create the peer.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
peer
Syntax
peer ip-address [detail]
Context
[Tree] (debug>anysec peer)
Full Context
debug anysec peer
Description
This command debugs ANYsec peers.
Parameters
- ip-address
-
Specifies a peer IP address.
- detail
-
Keyword used to specify detailed information.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
peer-address-change-policy
peer-address-change-policy
Syntax
peer-address-change-policy {accept | ignore | reject}
Context
[Tree] (config>router>l2tp peer-address-change-policy)
[Tree] (config>service>vprn>l2tp peer-address-change-policy)
Full Context
configure router l2tp peer-address-change-policy
configure service vprn l2tp peer-address-change-policy
Description
This command specifies what to do in case the system receives a L2TP response from another address than the one the request was sent to.
Default
peer-address-change-policy reject
Parameters
- accept
-
Specifies that this system accepts any source IP address change of received L2TP control messages related to a locally originated tunnel in the state waitReply and rejects any peer address change for other tunnels; in case the new peer IP address is accepted, it is learned and used as destination address in subsequent L2TP messages.
- ignore
-
Specifies that this system ignores any source IP address change of received L2TP control messages, does not learn any new peer IP address, and does not change the destination address in subsequent L2TP messages.
- reject
-
Specifies that this system rejects any source IP address change of received L2TP control messages and drops those messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer-as
peer-as
Syntax
peer-as as-number
no peer-as
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy peer-as)
Full Context
configure subscriber-mgmt bgp-peering-policy peer-as
Description
This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.
The no form of this command removes the as-number from the configuration.
Parameters
- as-number
-
Specifies the AS number for the remote peer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer-as
Syntax
peer-as as-number
Context
[Tree] (config>service>vprn>bgp>group>neighbor peer-as)
[Tree] (config>service>vprn>bgp>group peer-as)
Full Context
configure service vprn bgp group neighbor peer-as
configure service vprn bgp group peer-as
Description
This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.
For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level since the peer will be in a different autonomous system than this router
For IBGP peers, the peer AS number must be the same as the autonomous system number of this router configured under the global level.
This is a required command for each configured peer. This may be configured under the group level for all neighbors in a particular group.
Default
No AS numbers are defined.
Parameters
- as-number
-
The autonomous system number, expressed as a decimal integer.
Platforms
All
peer-as
Syntax
peer-as as-number
Context
[Tree] (config>router>bgp>group peer-as)
[Tree] (config>router>bgp>group>neighbor peer-as)
Full Context
configure router bgp group peer-as
configure router bgp group neighbor peer-as
Description
This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.
For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level since the peer will be in a different autonomous system than this router.
For IBGP peers, the peer AS number must be the same as the autonomous system number of this router configured under the global level.
This is required command for each configured peer. This may be configured under the group level for all neighbors in a particular group.
Parameters
- as-number
-
Specifies the autonomous system number expressed as a decimal integer.
Platforms
All
peer-endpoint
peer-endpoint
Syntax
peer-endpoint sap sap-id encap-type {dot1q | null | qinq}
peer-endpoint spoke-sdp sdp-id:vc-id
no peer-endpoint
Context
[Tree] (config>app-assure>aarp peer-endpoint)
Full Context
configure application-assurance aarp peer-endpoint
Description
This command defines the peer endpoint ID of the SAP or spoke-SDP parent-aa-sub of the AARP peer.
The no form of this command removes the peer endpoint from the AARP instance.
Default
no peer-endpoint
Parameters
- sap-id
-
Specifies the physical port identifier portion of the SAP definition.
- sdp-id:vc-id
-
Specifies the spoke SDP ID and VC ID.
- dot1q | null | qinq
-
Specifies the encapsulation type.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer-group
peer-group
Syntax
peer-group tunnel-group-id
no peer-group
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>tunnel-group peer-group)
Full Context
configure redundancy multi-chassis peer mc-ipsec tunnel-group peer-group
Description
This command specifies the corresponding tunnel-group ID on peer node. The peer tunnel-group ID does not necessary equals to local tunnel-group ID.
The no form of this command removes the tunnel-group ID from the configuration.
Parameters
- tunnel-group-id
-
Specifies the tunnel-group identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer-ip-prefix
peer-ip-prefix
Syntax
peer-ip-prefix ip-prefix/ip-prefix-length
peer-ip-prefix ipv4-any
peer-ip-prefix ipv6-any
no peer-ip-prefix
Context
[Tree] (config>ipsec>client-db>client>client-id peer-ip-prefix)
Full Context
configure ipsec client-db client client-identification peer-ip-prefix
Description
This command specifies match criteria that uses the peer’s tunnel IP address as the input. Only one peer-ip-prefix criteria can be configured for a given client entry.
The no form of this command reverts to the default.
Default
no peer-ip-prefix
Parameters
- ip-prefix/ip-prefix-length
-
Specifies an IPv4 or IPv6 prefix. It is considered a match if the peer’s tunnel IP address is within the specified prefix.
- ipv4-any
-
Matches any IPv4 address.
- ipv6-any
-
Matches any IPv6 address.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer-ip-prefix
Syntax
[no] peer-ip-prefix
Context
[Tree] (config>ipsec>client-db>match-list peer-ip-prefix)
Full Context
configure ipsec client-db match-list peer-ip-prefix
Description
This command enables the use of the peer’s tunnel IP address as the match input.
The no form of this command disables the peer IP prefix matching process.
Default
no peer-ip-prefix
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer-limit
peer-limit
Syntax
peer-limit limit
no peer-limit
Context
[Tree] (config>service>vprn>ptp peer-limit)
Full Context
configure service vprn ptp peer-limit
Description
This command specifies an upper limit to the number of discovered peers permitted within the routing instance. This command can ensure that a routing instance does not consume all the possible discovered peers and blocking discovered peers in other routing instances.
If it is desired to reserve a fixed number of discovered peers per router instance, then all router instances supporting PTP should have values specified with this command and the sum of all the peer-limit values must not exceed the maximum number of discovered peers supported by the system.
If the user attempts to specify a peer-limit, and there are already more discovered peers in the routing instance than the new limit being specified, the configuration is not accepted.
The no form of this command removes the limit from the configuration.
Default
no limit
Parameters
- limit
-
Specifies the maximum number of discovered peers allowed in the routing instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer-limit
Syntax
peer-limit limit
no peer-limit
Context
[Tree] (config>system>ptp peer-limit)
Full Context
configure system ptp peer-limit
Description
This command specifies an upper limit to the number of discovered peers permitted within the routing instance. This can be used to ensure that a routing instance does not consume all the possible discovered peers and blocking discovered peers in other routing instances.
If it is desired to reserve a fixed number of discovered peers per router instance, then all router instances supporting PTP should have values specified with this command and the sum of all the peer-limit values must not exceed the maximum number of discovered peers supported by the system.
If the user attempts to specify a peer-limit, and there are already more discovered peers in the routing instance than the new limit being specified, the configuration will not be accepted.
Default
no peer-limit
Parameters
- limit
-
Specifies the maximum number of discovered peers allowed in the routing instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
peer-name
peer-name
Syntax
peer-name name
no peer-name
Context
[Tree] (config>redundancy>multi-chassis>peer peer-name)
Full Context
configure redundancy multi-chassis peer peer-name
Description
This command specifies a peer name.
Default
no peer-name
Parameters
- name
-
Specifies the string up to 32 characters. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
peer-profile
peer-profile
Syntax
peer-profile profile-name [create]
no peer-profile profile-name
Context
[Tree] (config subscr-mgmt gtp peer-profile)
Full Context
configure subscriber-mgmt gtp peer-profile
Description
This command creates a new peer profile.
Parameters
- profile-name
-
Specifies the profile name, up to 32 characters.
- create
-
Creates an entry.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer-profile-map
peer-profile-map
Syntax
peer-profile-map
Context
[Tree] (config>service>vprn>gtp>uplink peer-profile-map)
[Tree] (config>router>gtp>s11 peer-profile-map)
[Tree] (config>router>gtp>uplink peer-profile-map)
[Tree] (config>service>vprn>gtp>s11 peer-profile-map)
Full Context
configure service vprn gtp uplink peer-profile-map
configure router gtp s11 peer-profile-map
configure router gtp uplink peer-profile-map
configure service vprn gtp s11 peer-profile-map
Description
This command configures a mapping of addresses and subnets to GTP peer profiles.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
peer-rdi-rx
peer-rdi-rx
Syntax
peer-rdi-rx
Context
[Tree] (config>port>ethernet>efm-oam peer-rdi-rx)
Full Context
configure port ethernet efm-oam peer-rdi-rx
Description
This container allows an action to be configured for the various event conditions that can be received from a peer under the context of the EFM OAM protocol.
Platforms
All
peer-template
peer-template
Syntax
[no] peer-template template-name
Context
[Tree] (config>router>ldp>targeted-session peer-template)
Full Context
configure router ldp targeted-session peer-template
Description
This command creates a targeted session peer parameter template that can be referenced in the automatic creation of targeted Hello adjacency and LDP session to a discovered peer.
The no form of this command deletes the peer template. A peer template cannot be deleted if it is bound to a peer prefix list.
Parameters
- template-name
-
Specifies the template name to identify targeted peer template. It must be 32 characters maximum.
Platforms
All
peer-template-map
peer-template-map
Syntax
peer-template-map template-name policy peer-prefix-policy1 [peer-prefix-policy2..up to 5]
no peer-template-map peer-template template-name
Context
[Tree] (config>router>ldp>targeted-session peer-template-map)
Full Context
configure router ldp targeted-session peer-template-map
Description
This command enables the automatic creation of a targeted Hello adjacency and LDP session to a discovered peer. The user configures a targeted session peer parameter template and binds it to a peer prefix policy.
Each application of a targeted session template to a given prefix in the prefix list will result in the establishment of a targeted Hello adjacency to an LDP peer using the template parameters as long as the prefix corresponds to a router-id for a node in the TE database. As a result of this, the user must enable the traffic-engineering option in ISIS or OSPF. The targeted Hello adjacency will either trigger a new LDP session or will be associated with an existing LDP session to that peer.
Up to 5 peer prefix policies can be associated with a single peer template at all times. Also, the user can associate multiple templates with the same or different peer prefix policies. Thus multiple templates can match with a given peer prefix. In all cases, the targeted session parameters applied to a given peer prefix are taken from the first created template by the user. This provides a more deterministic behavior regardless of the order in which the templates are associated with the prefix policies.
Each time the user executes the above command, with the same or different prefix policy associations, or the user changes a prefix policy associated with a targeted peer template, the system re-evaluates the prefix policy. The outcome of the re-evaluation will tell LDP if an existing targeted Hello adjacency needs to be torn down or if an existing targeted Hello adjacency needs to have its parameters updated on the fly.
If a /32 prefix is added to (removed from) or if a prefix range is expanded (shrunk) in a prefix list associated with a targeted peer template, the same prefix policy re-evaluation described above is performed.
The template comes up in the no shutdown state and as such it takes effect immediately. Once a template is in use, the user can change any of the parameters on the fly without shutting down the template. In this case, all targeted Hello adjacencies are updated.
The SR OS supports multiple ways of establishing a targeted Hello adjacency to a peer LSR:
-
User configuration of the peer with the targeted session parameters inherited from the config>router>ldp>targeted-session in the top level context or explicitly configured for this peer in the config>router>ldp>targ-session>peer context and which overrides the top level parameters shared by all targeted peers. Let us refer to the top level configuration context as the global context. Some parameters only exist in the global context; their value will always be inherited by all targeted peers regardless of which event triggered it.
-
User configuration of an SDP of any type to a peer with the signaling tldp option enabled (default configuration). In this case the targeted session parameter values are taken from the global context.
-
User configuration of a (FEC 129) PW template binding in a BGP-VPLS service. In this case the targeted session parameter values are taken from the global context.
-
User configuration of a (FEC 129 type II) PW template binding in a VLL service (dynamic multi-segment PW). In this case the target session parameter values are taken from the global context
-
User configuration of a mapping of a targeted session peer parameter template to a prefix policy when the peer address exists in the TE database (this feature). In this case, the targeted session parameter values are taken from the template.
Since the above triggering events can occur simultaneously or in any arbitrary order, the LDP code implements a priority handling mechanism in order to decide which event overrides the active targeted session parameters. The overriding trigger will become the owner of the targeted adjacency to a given peer. The following is the priority order:
-
Priority 1: manual configuration of session parameters
-
Priority 2: mapping of targeted session template to prefix policy.
-
Priority 3: auto-tx parameters
-
Priority 4: auto-rx parameters
-
Priority 5: manual configuration of SDP, PW template binding in BGP-AD VPLS and in FEC 129 VLL.
Any parameter value change to an active targeted Hello adjacency caused by any of the above triggering events is performed on the fly by having LDP immediately send a Hello message with the new parameters to the peer without waiting for the next scheduled time for the Hello message. This allows the peer to adjust its local state machine immediately and maintains both the Hello adjacency and the LDP session in UP state. The only exceptions are the following:
-
The triggering event caused a change to the local-lsr-id parameter value. In this case, the Hello adjacency is brought down which will also cause the LDP session to be brought down if this is the last Hello adjacency associated with the session. A new Hello adjacency and LDP session will then get established to the peer using the new value of the local LSR ID.
-
The triggering event caused the targeted peer shutdown option to be enabled. In this case, the Hello adjacency is brought down which will also cause the LDP session to be brought down if this is the last Hello adjacency associated with the session.
Finally, the value of any LDP parameter which is specific to the LDP/TCP session to a peer is inherited from the config>router>ldp>session-params>peer context. This includes MD5 authentication, LDP prefix per-peer policies, label distribution mode (DU or DOD), and so on.
The no form of this command deletes the binding of the template to the peer prefix list and brings down all Hello adjacencies to the discovered LDP peers.
Platforms
All
peer-to-peer
peer-to-peer
Syntax
[no] peer-to-peer
Context
[Tree] (debug>diameter>node>peer peer-to-peer)
Full Context
debug diameter node peer peer-to-peer
Description
This command reports only peer level message that are required for bringing up, maintaining and tearing down the peering connection (CER/A, DWR/A, and so on).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peer-tracking-policy
peer-tracking-policy
Syntax
peer-tracking-policy policy-name
no peer-tracking-policy
Context
[Tree] (config>service>vprn>bgp peer-tracking-policy)
Full Context
configure service vprn bgp peer-tracking-policy
Description
This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where this is enabled. The policy controls which IP routes in RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in RTM for a BGP neighbor address is an IP route that is rejected by the policy, or it is a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.
The default peer-tracking policy (when the no peer-tracking-policy command is configured) is to use the longest matching active route in RTM that is not an LDP shortcut route or an aggregate route.
When peer-tracking is configured, the peer-tracking policy should only permit one of direct-interface or direct routes to be advertised to a BGP peer. Advertising both routes will cause the best route to oscillate.
Default
no peer-tracking-policy
Parameters
- policy-name
-
Specifies the route policy name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.
Platforms
All
peer-tracking-policy
Syntax
peer-tracking-policy policy-name
no peer-tracking-policy
Context
[Tree] (config>router>bgp peer-tracking-policy)
Full Context
configure router bgp peer-tracking-policy
Description
This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where this is enabled. The policy controls which IP routes in RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in RTM for a BGP neighbor address is an IP route that is rejected by the policy, or it is a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.
The default peer-tracking policy (when the no peer-tracking-policy command is configured) is to use the longest matching active route in RTM that is not an LDP shortcut route or an aggregate route.
When peer-tracking is configured, the peer-tracking policy should only permit one of direct-interface or direct routes to be advertised to a BGP peer. Advertising both routes will cause the best route to oscillate.
Default
no peer-tracking-policy
Parameters
- policy-name
-
Specifies the route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.
Platforms
All
peer-transport
peer-transport
Syntax
peer-transport ip-address
no peer transport
Context
[Tree] (config>router>ldp>tcp-session-parameters peer-transport)
Full Context
configure router ldp tcp-session-parameters peer-transport
Description
This command configures the peer transport address, that is, the destination address of the TCP connection, and not the address corresponding to the LDP LSR-ID of the peer.
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address of the TCP connection to the LDP peer in dotted decimal notation.
Platforms
All
peer-tunnel-attributes
peer-tunnel-attributes
Syntax
peer-tunnel-attributes
Context
[Tree] (config>anysec>tnl-enc>enc-grp peer-tunnel-attributes)
Full Context
configure anysec tunnel-encryption encryption-group peer-tunnel-attributes
Description
Commands in this context configure the peer tunnel attributes.
Tunnel attributes are used to match and identify the outgoing tunnels for encryptoin with ANYsec. A single tunnel attribute is used for multiple peers. Since an LSP is unidirectional, the outgoing tunnel can have different attributes from the incoming tunnel (for example, security termination policy).
Default
peer-tunnel-attributes
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
peer6
peer6
Syntax
peer6 ipv6-address
no peer6
Context
[Tree] (config>router>nat>inside>redundancy peer6)
[Tree] (config>service>vprn>nat>inside>redundancy peer6)
Full Context
configure router nat inside redundancy peer6
configure service vprn nat inside redundancy peer6
Description
This command is used in NAT64 multi-chassis redundancy in conjunction with filters. The configured peer6 address is an IPv6 address configured under an interface on the peering NAT64 node (active or standby). This IPv6 interface address is advertised via routing on the inside in order to attract traffic from the standby to the active NAT64 node.
Under normal circumstances, the NAT64 prefix is advertised only from the active NAT64 node. Consequently, upstream traffic for NAT64 is attracted to the active NAT64 node. The nat action in the ipv6-filter on the active NAT64 node forwards traffic to the local MS-ISA where NAT64 function is performed. However, if that upstream traffic arrives on the standby NAT64 node, the nat action in the IPv6-filter forwards traffic to the peer6 address (active NAT64 node).
The no form of the command removes the peer6 ip-address from the configuration.
Parameters
- ipv6-address
-
Specifies the IPv6 address of the NAT redundancy peer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
peers
peers
Syntax
peers
Context
[Tree] (config>li>x-interfaces>x3 peers)
Full Context
configure li x-interfaces x3 peers
Description
This command enables the configuration of X3 peer LICs.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pending-requests-limit
pending-requests-limit
Syntax
pending-request-limit limit
no pending-request-limit
Context
[Tree] (config>router>radius-server>server pending-requests-limit)
[Tree] (config>service>vprn>radius-server>server pending-requests-limit)
Full Context
configure router radius-server server pending-requests-limit
configure service vprn radius-server server pending-requests-limit
Description
This command specifies the per-server maximum number of outstanding requests sent to the RADIUS server. If the maximum number is exceeded, the next RADIUS server in the pool is selected.
The no form of this command removes the limit value from the configuration.
Default
pending-requests-limit 4096
Parameters
- limit
-
Specifies the maximum number of outstanding requests sent to the RADIUS server.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
peq
peq
Syntax
[no] peq peq-slot [chassis chassis-id]
Context
[Tree] (config>system>pwr-mgmt peq)
Full Context
configure system power-management peq
Description
This command sets the APEQ slot number.
Parameters
- peq-slot
-
Identifies the APEQ slot.
- chassis-id
-
Specifies chassis ID for the router chassis.
Platforms
7750 SR-12e, 7950 XRS
peq-type
peq-type
Syntax
peq-type peq-type
no peq-type
Context
[Tree] (cfg>sys>pwr-mgmt>peq peq-type)
Full Context
configure system power-management peq peq-type
Description
This command sets the type of APEQ for the designated APEQ slot.
The no form of this command moves the APEQ to an unprovisioned state.
Default
no peq-type
Parameters
- peq-type
-
Identifies the APEQ type.
Platforms
7750 SR-12e, 7950 XRS
per-fp-egr-queuing
per-fp-egr-queuing
Syntax
[no] per-fp-egr-queuing
Context
[Tree] (config>lag>access per-fp-egr-queuing)
Full Context
configure lag access per-fp-egr-queuing
Description
This command specifies whether a more efficient method of queue allocation for LAG SAPs should be utilized.
The no form of this command disables the method of queue allocation for LAG SAPs.
Platforms
All
per-fp-ing-queuing
per-fp-ing-queuing
Syntax
[no] per-fp-ing-queuing
Context
[Tree] (config>lag>access per-fp-ing-queuing)
Full Context
configure lag access per-fp-ing-queuing
Description
This command provides the ability to reduce the number of hardware queues assigned on each LAG SAP ingress. When the feature is enabled, the queue allocation for SAPs on a LAG will be optimized and only one set of queues per ingress forwarding path (FP) is allocated instead of one per port.
The no form of this command disables the method of queue allocation for LAG SAPs.
Platforms
All
per-fp-ing-queuing
Syntax
[no] per-fp-ing-queuing
Context
[Tree] (config>eth-tunnel>lag-emulation>access per-fp-ing-queuing)
Full Context
configure eth-tunnel lag-emulation access per-fp-ing-queuing
Description
This command provides the ability to reduce the number of hardware queues assigned on each LAG SAP ingress. When the feature is enabled, the queue allocation for SAPs on a LAG will be optimized and only one set of queues per ingress forwarding path (FP) is allocated instead of one per port.
The no form of this command reverts the default.
Default
no per-fp-ing-queuing
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
per-fp-sap-instance
per-fp-sap-instance
Syntax
[no] per-fp-sap-instance
Context
[Tree] (config>lag>access per-fp-sap-instance)
Full Context
configure lag access per-fp-sap-instance
Description
This command enables optimized SAP instance allocation on a LAG. When enabled, SAP instance is allocated per each FP the LAG links exits on instead of per each LAG port.
The no form of this command disables optimized SAP instance allocation.
Default
no per-fp-sap-instance
Platforms
All
per-host-authentication
per-host-authentication
Syntax
[no] per-host-authentication
Context
[Tree] (config>port>ethernet>dot1x per-host-authentication)
Full Context
configure port ethernet dot1x per-host-authentication
Description
This command enables dot1x authenticating per host source mac or VLAN. The port does not allow traffic from any hosts or any MAC. When a host is authenticated via RADIUS policy, its source mac is then allowed through the port, while the port is closed for any other mac. Any traffic from the allowed host is forwarded on the port, including untagged and tagged traffic.
Default
no per-host-authentication
Platforms
All
per-host-replication
per-host-replication
Syntax
per-host-replication [uni-mac | mcast-mac]
no per-host-replication
Context
[Tree] (config>subscr-mgmt>igmp-policy per-host-replication)
Full Context
configure subscriber-mgmt igmp-policy per-host-replication
Description
This command enables per-host-replication in IPoE model. For PPPoX, per-host-replication is the only mode of operation. In the per-host-replication mode, multicast traffic is replicated per each host within the subscriber irrespective of the fact that some hosts may be subscribed to the same multicast stream. As a result, in case that multiple hosts within the subscriber are registered for the same multicast group, the multicast streams of that group is generated. The destination MAC address of multicast streams is changed to unicast so that each host receives its own copy of the stream. Multicast traffic in the per-host-replication mode can be classified via the existing QoS CLI structure. As such the multicast traffic will flow through the subscriber queues. HQoS Adjustment is not needed in this case.
The alternative behavior for multicast replication in IPoE environment is per-SAP- replication. In this model, only a single copy of the multicast stream is sent per SAP, irrespective of the number of hosts that are subscribed to the same multicast group. This behavior applies to 1:1 connectivity model as well as on 1:N connectivity model (SAP centric behavior as opposed to subscriber centric behavior).
In the per-SAP-replication model the destination MAC address is multicast (as opposed to unicast in the per-host-replication model). Multicast traffic is flowing via the SAP queue which is outside of the subscriber context. The consequence is that multicast traffic is not accounted in the subscriber HQoS. In addition, HQoS Adaptation is not supported in the per SAP replication model.
Default
no per-host-replication — By default there is no per host replication and replication is done per SAP. This mode utilizes the SAP queues. With per-host-replication it will allow the use of the subscriber queues. Per-host-replication uses unicast MAC and multicast IP to deliver multicast content to end hosts. This is useful for multi host per SAP cases. To interoperate with end devices that do not support unicast MAC, there is an option to use per-host-replication with a multicast MAC. The traffic is the same as replication per SAP but the difference of using the subscriber queues.
Parameters
- uni-mac
-
Specifies that multicast traffic is sent with a unicast MAC and multicast IP.
- mcast-mac
-
Specifies that multicast traffic is sent with a multicast MAC and IP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
per-host-replication
Syntax
[no] per-host-replication [uni-mac | mcast-mac]
Context
[Tree] (config>subscr-mgmt>mld-policy per-host-replication)
Full Context
configure subscriber-mgmt mld-policy per-host-replication
Description
This command enables per-host-replication. In the per-host-replication mode, multicast traffic is replicated per each host within the subscriber irrespective of the fact that some hosts may be subscribed to the same multicast stream. As a result, in case that multiple hosts within the subscriber are registered for the same multicast group, the multicast streams of that group are generated. The destination MAC address of multicast streams is changed to unicast so that each host receives its own copy of the stream. Multicast traffic in the per-host-replication mode can be classified via the existing QoS CLI structure. As such the multicast traffic flows through the subscriber queues. HQoS Adjustment is not needed in this case.
The alternative behavior for multicast replication in IPoE environment is per-SAP- replication. In this model, only a single copy of the multicast stream is sent per SAP, irrespective of the number of hosts that are subscribed to the same multicast group. This behavior applies to 1:1 connectivity model as well as on 1:N connectivity model (SAP centric behavior as opposed to subscriber centric behavior).
In the per-SAP-replication model the destination MAC address is multicast (as opposed to unicast in the per-host-replication model). Multicast traffic is flowing via the SAP queue which is outside of the subscriber context. The consequence is that multicast traffic is not accounted in the subscriber HQoS. In addition, HQoS Adaptation is not supported in the per SAP replication model.
The no form of this command reverts to the default.
Parameters
- uni-mac
-
Specifies that multicast traffic s sent with a unicast MAC and multicast IP.
- mcast-mac
-
Specifies the multicast traffic is sent with a multicast MAC and IP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
per-lag-hashing
per-lag-hashing
Syntax
[no] per-lag-hashing
Context
[Tree] (config>mirror>mirror-dest per-lag-hashing)
Full Context
configure mirror mirror-dest per-lag-hashing
Description
This command enables per-LAG hashing on the mirror destination.
When this command is enabled, the mirror destination SAP or SDP of type LAG uses all of the link members for flow hashing. Hashing to link members is based on IP flows.
The no form of this command disables per-LAG hashing. All mirrored packets sent to a SAP or SDP of type LAG, are sent to only one of the LAG link members. If the link member to which the mirrored packets are being sent fails, another link member takes over and provides mirrored packet forwarding. Although no hashing is performed, resiliency is still provided by this next link member.
Default
no per-lag-hashing
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
per-link-hash
per-link-hash
Syntax
per-link-hash
per-link-hash weighted [auto-rebalance] [subscriber-hash-mode mode]
no per-link-hash
Context
[Tree] (config>lag per-link-hash)
Full Context
configure lag per-link-hash
Description
This command configures per-link-hashing on a LAG. When enabled, SAPs/subscribers/interfaces are hashed on LAG egress to a single LAG link.
The no form of this command disables per-link-hashing on a LAG.
Default
no per-link-hash
Parameters
- weighted
-
SAPs, subscribers, and interfaces are distributed amongst LAG links based on their preconfigured class and weight. As new links are added to a LAG, existing SAPs, subscribers, and interfaces are not impacted.
- auto-rebalance
-
SAPs, subscribers, and interfaces are distributed amongst LAG links based on their preconfigured class and weight. As new links are added to a LAG, existing SAPs, subscribers, and interfaces are rebalanced automatically.
- mode
-
Subscriber traffic can be load balanced over LAG member links in a weighted way. Traffic hashing can be performed based on SAPs or Vports.
SAP-based hashing supports weights configured at the subscriber level in a subscriber profile. SAP hashing mode supports only SAP and subscriber (1:1) deployment models.
Vport based load balancing supports SAP and subscriber (1:1) and SAP and service (N:1) deployment models.
Platforms
All
per-mcast-plane-capacity
per-mcast-plane-capacity
Syntax
[no] per-mcast-plane-capacity
Context
[Tree] (config>mcast-mgmt>chassis-level per-mcast-plane-capacity)
Full Context
configure mcast-management chassis-level per-mcast-plane-capacity
Description
Commands in this context configure multicast plane bandwidth parameters. This CLI node contains the configuration of the overall multicast (primary plus secondary) and specific secondary rate limits for each switch fabric multicast plane.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
per-peer-queuing
per-peer-queuing
Syntax
[no] per-peer-queuing
Context
[Tree] (config>system>security per-peer-queuing)
Full Context
configure system security per-peer-queuing
Description
This command enables CPM hardware queuing per peer. This means that when a peering session is established, the router will automatically allocate a separate CPM hardware queue for that peer.
The no form of this command disables CPM hardware queuing per peer.
Default
per-peer-queuing
Platforms
All
per-service-hashing
per-service-hashing
Syntax
[no] per-service-hashing
Context
[Tree] (config>service>epipe>load-balancing per-service-hashing)
Full Context
configure service epipe load-balancing per-service-hashing
Description
This command enables on a per service basis, consistent per-service hashing for Ethernet services over LAG, over Ethernet tunnel (eth-tunnel) using loadsharing protection-type or over CCAG. Specifically, it enables the new hashing procedures for Epipe, VPLS, regular or PBB services.
The following algorithm describes the hash-key used for hashing when the new option is enabled:
-
If the packet is PBB encapsulated (contains an I-TAG ethertype) at the ingress side, use the ISID value from the I-TAG
-
If the packet is not PBB encapsulated at the ingress side
-
For regular (non-PBB) VPLS and Epipe services, use the related service ID
-
If the packet is originated from an ingress IVPLS or PBB Epipe SAP
-
If there is an ISID configured use the related ISID value
-
If there is no ISID yet configured use the related service ID
-
For BVPLS transit traffic use the related flood list id
-
Transit traffic is the traffic going between BVPLS endpoints
-
An example of non-PBB transit traffic in BVPLS is the OAM traffic
-
The preceding rules apply regardless of traffic type
-
Unicast, BUM flooded without MMRP or with MMRP, IGMP snooped
-
The no form of this command implies the use of existing hashing options.
Default
no per-service-hashing
Platforms
All
per-service-hashing
Syntax
[no] per-service-hashing
Context
[Tree] (config>service>vpls>load-balancing per-service-hashing)
[Tree] (config>service>template>vpls-template>load-balancing per-service-hashing)
Full Context
configure service vpls load-balancing per-service-hashing
configure service template vpls-template load-balancing per-service-hashing
Description
This command enables on a per service basis, consistent per-service hashing for Ethernet services over LAG, over Ethernet tunnel (eth-tunnel) using loadsharing protection-type or over CCAG. Specifically, it enables the new hashing procedures for Epipe, VPLS, regular or PBB services.
The following algorithm describes the hash-key used for hashing when the new option is enabled:
-
If the packet is PBB encapsulated (contains an I-TAG ethertype) at the ingress side, use the ISID value from the I-TAG
-
If the packet is not PBB encapsulated at the ingress side
-
For regular (non-PBB) VPLS and Epipe services, use the related service ID
-
If the packet is originated from an ingress IVPLS or PBB Epipe SAP
-
-
If there is an ISID configured use the related ISID value
-
If there is no ISID yet configured use the related service ID
-
For BVPLS transit traffic use the related flood list id
-
-
Transit traffic is the traffic going between BVPLS endpoints
-
An example of non-PBB transit traffic in BVPLS is the OAM traffic
-
The above rules apply regardless of traffic type
-
Unicast, BUM flooded without MMRP or with MMRP, IGMP snooped
-
The no form of this command implies the use of existing hashing options.
Default
no per-service-hashing
Platforms
All
per-source-rate
per-source-rate
Syntax
per-source-rate packet-rate-limit
no per-source-rate
Context
[Tree] (config>sys>security>cpu-protection>policy per-source-rate)
Full Context
configure system security cpu-protection policy per-source-rate
Description
This command configures a per-source packet arrival rate limit. Use this command to apply a packet arrival rate limit on a per source basis. A source is defined as a unique combination of SAP and MAC source address (mac-monitoring) or SAP and source IP address (ip-src-monitoring). The CPU will receive no more than the configured packet rate from each source (only certain protocols are rate limited for ip-src-monitoring as configured under include-protocols in the cpu-protection policy). The measurement is cleared each second.
This parameter is only applicable if the policy is assigned to an interface (some examples include saps, subscriber-interfaces, and spoke-sdps), and the mac-monitor or ip-src-monitor keyword is specified in the cpu-protection configuration of that interface.
The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In layer-3 aggregation scenarios, all packets from all subscribers behind the same aggregation router will arrive with the same source MAC address and as such the mac-monitoring functionality can not differentiate traffic from different subscribers.
Default
per-source-rate max
Parameters
- packet-rate-limit
-
Specifies a per-source packet (per SAP/MAC source address or per SAP/IP source address) arrival rate limit in packets per second.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
per-spi-replication
per-spi-replication
Syntax
[no] per-spi-replication
Context
[Tree] (config>subscr-mgmt>igmp-policy per-spi-replication)
Full Context
configure subscriber-mgmt igmp-policy per-spi-replication
Description
This command enables per-SLA Profile Instance (SPI) replication. In this mode, a multicast stream is transmitted for the subscriber host SLA profile for each registered multicast group (channel). As a result, multiple copies of the same multicast stream are transmitted over the same SAP. The replication of the multicast packets depends on the number of SLA profile instances configured for the subscriber. For example, if the subscriber hosts use three SLA profiles, the (S,G) is replicated three times, but if the subscriber hosts use the same SLA profile, the (S,G) is only replicated once.
The no form of this command disables per-SPI replication.
Default
no per-spi-replication
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
per-user
per-user
Syntax
per-user user-directory dir-url file-name file-name
no per-user
Context
[Tree] (config>system>login-control>login-scripts per-user)
Full Context
configure system login-control login-scripts per-user
Description
This command allows users to define their own login scripts that can be executed each time they first login to a CLI session. The command executes the script " file-url / username / file-name" when the user username logs into a CLI session (authenticated by any means including local user database, TACACS+, or RADIUS).
For example:
per-user user-directory "cf1:/local/users" file-name "login-script.txt"
would search for the following script when user "admin” logs in and authenticates via RADIUS:
cf1:/local/users/admin/login-script.txt
The per user login script is executed after any global script executes and before any login-exec script configured against a local user is executed. This allows users, for example, who are authenticated via TACACS+ or RADIUS to define their own login scripts.
This CLI script executes in the context of the user who opens the CLI session. Any commands in the script that the user is not authorized to execute will fail.
The no form of this command disables the execution of any per user login-scripts.
Default
no per-user
Parameters
- dir-url
-
Specifies the path or directory name.
- file-name
-
Specifies the name of the file (located in the dir-url directory) including the extension.
Platforms
All
percent-rate
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
Context
[Tree] (config>port>eth>access>egr>qgrp>qover>q percent-rate)
[Tree] (config>port>ethernet>network>egr>qgrp>qover>q percent-rate)
Full Context
configure port ethernet access egress queue-group queue-overrides queue percent-rate
configure port ethernet network egress queue-group queue-overrides queue percent-rate
Description
This command specifies percent rates (CIR and PIR).
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the egress queue group template.
Parameters
- pir-percent
-
Specifies the PIR as a percentage.
- cir-percent
-
Specifies the CIR as a percentage.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr percent-rate)
[Tree] (config>service>ipipe>sap>egress>policer-over>plcr percent-rate)
[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr percent-rate)
[Tree] (config>service>cpipe>sap>egress>policer-over>plcr percent-rate)
[Tree] (config>service>epipe>sap>egress>policer-over>plcr percent-rate)
Full Context
configure service ipipe sap ingress policer-override policer percent-rate
configure service ipipe sap egress policer-override policer percent-rate
configure service cpipe sap ingress policer-override policer percent-rate
configure service cpipe sap egress policer-override policer percent-rate
configure service epipe sap egress policer-override policer percent-rate
Description
This command configures the percent rates (CIR and PIR) override.
Parameters
- pir-percent
-
Specifies the policer’s PIR as a percentage of the policers’s parent arbiter rate.
- cir-percent
-
Specifies the policer’s CIR as a percentage of the policers’s parent arbiter rate.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service epipe sap egress policer-override policer percent-rate
- configure service ipipe sap egress policer-override policer percent-rate
- configure service ipipe sap ingress policer-override policer percent-rate
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress policer-override policer percent-rate
- configure service cpipe sap ingress policer-override policer percent-rate
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>cpipe>sap>egress>queue-override>queue percent-rate)
[Tree] (config>service>cpipe>sap>ingress>queue-override>queue percent-rate)
[Tree] (config>service>epipe>sap>egress>queue-override>queue percent-rate)
[Tree] (config>service>ipipe>sap>egress>queue-override>queue percent-rate)
[Tree] (config>service>ipipe>sap>ingress>queue-override>queue percent-rate)
Full Context
configure service cpipe sap egress queue-override queue percent-rate
configure service cpipe sap ingress queue-override queue percent-rate
configure service epipe sap egress queue-override queue percent-rate
configure service ipipe sap egress queue-override queue percent-rate
configure service ipipe sap ingress queue-override queue percent-rate
Description
The percent-rate command within the SAP ingress and egress QoS policy enables supports for a queue’s PIR and CIR rate to be configured as a percentage of the egress port’s line rate or of its parent scheduler’s rate.
When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QOS policy to be used on SAPs on different ports without needing to use SAP based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s PIR and CIR rates will be recalculated based on the defined percentage value.
When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue’s parent scheduler rate. This enables the same QOS policy to be used on SAPs with different parent scheduler rates without needing to use SAP based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the parent scheduler rate changes after the queue is created, the queue’s PIR and CIR rates will be recalculated based on the defined percentage value.
Queue rate overrides can only be specified in the form as configured in the QoS policy (a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QOS policy.
When no percent-rate is defined within a SAP ingress or egress queue-override, the queue reverts to the defined shaping and CIR rates within the SAP ingress and egress QOS policy associated with the queue.
Parameters
- percent-of-line-rate
-
The percent-of-line-rate parameter is used to express the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
- pir-percent
-
Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.
- cir-percent
-
Specifies the queue’s CIR as a percentage dependent on the use of the port-limit or local-limit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress queue-override queue percent-rate
- configure service cpipe sap egress queue-override queue percent-rate
All
- configure service ipipe sap ingress queue-override queue percent-rate
- configure service ipipe sap egress queue-override queue percent-rate
- configure service epipe sap egress queue-override queue percent-rate
percent-rate
Syntax
percent-rate percent
no percent-rate
Context
[Tree] (config>service>ipipe>sap>egress>queue-override>hs-wrr-group percent-rate)
[Tree] (config>service>epipe>sap>egress>queue-override>hs-wrr-group percent-rate)
Full Context
configure service ipipe sap egress queue-override hs-wrr-group percent-rate
configure service epipe sap egress queue-override hs-wrr-group percent-rate
Description
This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy maximum rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.
The no form of this command removes the percent rate override value from the configuration.
Parameters
- percent
-
Specifies the percent rate of the HS WRR group.
Platforms
7750 SR-7/12/12e
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>vpls>sap>ingress>policer-override>plcr percent-rate)
[Tree] (config>service>vpls>sap>egress>policer-override>plcr percent-rate)
Full Context
configure service vpls sap ingress policer-override policer percent-rate
configure service vpls sap egress policer-override policer percent-rate
Description
This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.
The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.
Parameters
- pir-percent
-
Specifies the policer's PIR as a percentage of the policers' parent arbiter rate.
- cir-percent
-
Specifies the policer's CIR as a percentage of the policers' parent arbiter rate.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate percent
no percent-rate
Context
[Tree] (config>service>vpls>sap>egress>queue-override>hs-wrr-group percent-rate)
Full Context
configure service vpls sap egress queue-override hs-wrr-group percent-rate
Description
This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.
The no form of this command removes the percent rate override value from the configuration.
Parameters
- percent
-
Specifies the percent rate of the HS WRR group.
Platforms
7750 SR-7/12/12e
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
Context
[Tree] (config>service>vpls>sap>ingress>queue-override>queue percent-rate)
[Tree] (config>service>vpls>sap>egress>queue-override>queue percent-rate)
Full Context
configure service vpls sap ingress queue-override queue percent-rate
configure service vpls sap egress queue-override queue percent-rate
Description
The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10-Gb port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.
Parameters
- pir-percent
-
Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
- cir-percent
-
Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>ies>if>sap>ingress>policer-override>plcr percent-rate)
[Tree] (config>service>ies>if>sap>egress>policer-override>plcr percent-rate)
Full Context
configure service ies interface sap ingress policer-override policer percent-rate
configure service ies interface sap egress policer-override policer percent-rate
Description
This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.
The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.
Parameters
- pir-percent
-
Specifies the policer's PIR as a percentage of the policers's parent arbiter rate.
- cir-percent
-
Specifies the policer's CIR as a percentage of the policers's parent arbiter rate.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate percent
no percent-rate
Context
[Tree] (config>service>ies>if>sap>egress>queue-override>hs-wrr-group percent-rate)
Full Context
configure service ies interface sap egress queue-override hs-wrr-group percent-rate
Description
This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.
The no form of this command removes the percent rate override value from the configuration.
Parameters
- percent
-
Specifies the percent rate of the HS WRR group.
Platforms
7750 SR-7/12/12e
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue percent-rate)
[Tree] (config>service>ies>if>sap>egress>queue-override>queue percent-rate)
Full Context
configure service ies interface sap ingress queue-override queue percent-rate
configure service ies interface sap egress queue-override queue percent-rate
Description
The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.
An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.
Parameters
- pir-percent
-
Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
- cir-percent
-
Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>vprn>if>sap>egress>policer-override>plcr percent-rate)
[Tree] (config>service>vprn>if>sap>ingress>policer-override>plcr percent-rate)
Full Context
configure service vprn interface sap egress policer-override policer percent-rate
configure service vprn interface sap ingress policer-override policer percent-rate
Description
This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.
The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.
Parameters
- pir-percent
-
Specifies the policer's PIR as a percentage of the policers's parent arbiter rate.
- cir-percent
-
Specifies the policer's CIR as a percentage of the policers's parent arbiter rate.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate percent
no percent-rate
Context
[Tree] (config>service>vprn>if>sap>egress>queue-override>hs-wrr-group percent-rate)
Full Context
configure service vprn interface sap egress queue-override hs-wrr-group percent-rate
Description
This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.
The no form of this command removes the percent rate override value from the configuration.
Parameters
- percent
-
Specifies the percent rate of the HS WRR group.
Platforms
7750 SR-7/12/12e
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue percent-rate)
Full Context
configure service vprn interface sap egress queue-override queue percent-rate
Description
The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.
An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.
Parameters
- pir-percent
-
Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
- cir-percent
-
Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Platforms
All
percent-rate
Syntax
percent-rate percentage [local-limit | reference-port-limit]
no percent-rate
Context
[Tree] (config>qos>plcr-ctrl-plcy>tier>arbiter percent-rate)
Full Context
configure qos policer-control-policy tier arbiter percent-rate
Description
This command configures the percent rate of this contexts policer policy.
The no form of this command removes the configuration.
Parameters
- percentage
-
Specifies the percentage.
- local-limit
-
Keyword used to specify the local limit.
- reference-port-limit
-
Keyword used to specify the reference port limit.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent] [local-limit | reference-port-limit]
no percent-rate
Context
[Tree] (config>qos>sap-ingress>policer percent-rate)
[Tree] (config>qos>sap-egress>policer percent-rate)
Full Context
configure qos sap-ingress policer percent-rate
configure qos sap-egress policer percent-rate
Description
The percent-rate command within the SAP ingress and egress QoS policies enables supports for a policer’s PIR and CIR rate to be configured as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
This enables the same QoS policy to be used on SAPs on different FPs without needing to use SAP-based policer overrides to modify a policer’s rate to get the same relative performance from the policer.
If the parent arbiter rate changes after the policer is created, the policer’s PIR and CIR rates will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a policer is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A policer’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
The no form of this command returns the queue to its default shaping rate and CIR rate.
Parameters
- pir-percent
-
Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- cir-percent
-
The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- local-limit
-
Keyword used to specify the local limit.
- reference-port-limit
-
Keyword used to specify the reference port limit.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent] [fir fir-percent] [{ port-limit | local-limit | reference-port-limit}]
percent-rate pir-percent police [{port-limit | local-limit | reference-port-limit}]
no percent-rate
Context
[Tree] (config>qos>sap-ingress>queue percent-rate)
Full Context
configure qos sap-ingress queue percent-rate
Description
This command configures a queue's PIR and CIR as a percentage of the ingress port line rate or as a percentage of its parent scheduler rate. When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1 Gb and a 10 Gb Ethernet port, the queue's rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QoS policy to be used on SAPs on different ports without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s PIR, CIR, and FIR rates will be recalculated based on the defined percentage value.
When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue's parent scheduler rate. This enables the same QoS policy to be used on SAPs with different parent scheduler rates without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue. If the parent scheduler rate changes after the queue is created, the queue's PIR, CIR, and FIR will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue's rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
Queue rate overrides can only be specified in the form configured in the QoS policy (for example, a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QoS policy.
When no percent-rate is defined within a SAP ingress queue-override, the queue uses the defined shaping rate, CIR, and FIR within the SAP ingress QoS policy associated with the queue.
The no form of this command returns the queue to its default shaping rate, CIR, and FIR.
Parameters
- pir-percent
-
Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.
- cir-percent
-
Specifies the queue's CIR as a percentage dependent on the use of the port-limit or local-limit.
- fir-percent
-
Specifies the queue's FIR as a percentage dependent on the use of the port-limit or local-limit. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- police
-
Keyword used to specify that traffic feeding into the physical queue instance above the specified PIR rate is dropped. When the police keyword is defined, only the PIR rate may be overridden. The police keyword is only applicable to SAP ingress.
- port-limit
-
Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the port (including the ingress-rate setting) to which the queue is attached. The port-limit is the default.
- local-limit
-
Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the queue’s parent scheduler rate. If there is no parent scheduler rate, or its rate is max, the port-limit is used.
- reference-port-limit
-
Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the reference port (including the ingress-rate setting) to which the queue is attached.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent] [{port-limit | local-limit | reference-port-limit}]
no percent-rate
Context
[Tree] (config>qos>sap-egress>queue percent-rate)
Full Context
configure qos sap-egress queue percent-rate
Description
This command configures a queue's PIR and CIR as a percentage of the egress port line rate or as a percentage of its parent scheduler rate or agg-rate rate. When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1 Gb and a 10 Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QoS policy to be used on SAPs on different ports without needing to use SAP-based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s PIR and CIR will be recalculated based on the defined percentage value.
When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue’s parent scheduler rate or agg-rate rate. This enables the same QoS policy to be used on SAPs with different parent scheduler rates without needing to use SAP-based queue overrides to modify a queue’s rate to get the same relative performance from the queue. If the parent scheduler rate changes after the queue is created, the queue’s PIR and CIR will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
Queue rate overrides can only be specified in the form as configured in the QoS policy (a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QoS policy.
When configured on an egress HSQ queue group queue, the cir keyword is ignored.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.
When no percent-rate is defined within a SAP egress queue-override, the queue uses the defined shaping rate and CIR within the SAP egress QoS policy associated with the queue.
The no form of this command returns the queue to its default shaping rate and CIR.
Parameters
- pir-percent
-
Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.
- cir-percent
-
Specifies the queue’s CIR as a percentage dependent on the use of the port-limit or local-limit.
- port-limit
-
Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the port (including the egress-rate setting) to which this queue connects. The port-limit is the default.
- local-limit
-
Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the queue’s parent scheduler rate or agg-rate rate at egress. If there is no parent scheduler rate or agg-rate rate, or those rates are max, the port-limit is used.
- reference-port-limit
-
Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the reference port (including the egress-rate setting) to which this queue connects.
Platforms
All
percent-rate
Syntax
percent-rate percent
no percent-rate
Context
[Tree] (config>qos>sap-egress>hs-wrr-group percent-rate)
Full Context
configure qos sap-egress hs-wrr-group percent-rate
Description
This command specifies the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The percent-rate and rate commands are mutually exclusive.
The no form of the command reverts to the rate max.
Parameters
- percent
-
Specifies the percent rate of the HS WRR group.
Platforms
7750 SR-7/12/12e
percent-rate
Syntax
percent-rate percent
no percent-rate
Context
[Tree] (config>qos>qgrps>egr>qgrp>hs-wrr-group percent-rate)
Full Context
configure qos queue-group-templates egress queue-group hs-wrr-group percent-rate
Description
This command specifies the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress-rate and port's HS scheduler policy max-rate, if configured. The percent-rate and rate commands are mutually exclusive.
The no form of the command reverts to the rate max.
Parameters
- percent
-
Specifies the percent rate of the HS WRR group.
Platforms
7750 SR-7/12/12e
percent-rate
Syntax
percent-rate pir-percent [cir cir-percentage] [local-limit | reference-port-limit]
no percent-rate
Context
[Tree] (config>qos>qgrps>egr>qgrp>policer percent-rate)
Full Context
configure qos queue-group-templates egress queue-group policer percent-rate
Description
This command configures the percent rate for this contexts policer.
The no form of this command removes the configuration.
Parameters
- pir-percent
-
Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- cir-percent
-
The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- local-limit
-
Keyword used to specify the local limit.
- reference-port-limit
-
Keyword used to specify the reference port limit.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate pir-percent [cir cir-percentage]
no percent-rate
Context
[Tree] (config>qos>qgrps>ing>qgrp>policer percent-rate)
Full Context
configure qos queue-group-templates ingress queue-group policer percent-rate
Description
This command configures the percent rate for this contexts policer.
The no form of this command removes the configuration.
Parameters
- pir-percent
-
Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- cir-percent
-
The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent] [fir fir-percent] [{ port-limit | local-limit | reference-port-limit}]
percent-rate pir-percent police [{port-limit | local-limit | reference-port-limit}]
no percent-rate
Context
[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue percent-rate)
Full Context
configure qos queue-group-templates ingress queue-group queue percent-rate
Description
This command configures a queue's PIR and CIR as a percentage of the ingress port line rate or as a percentage of its parent scheduler rate. When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1 Gb and a 10 Gb Ethernet port, the queue's rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QoS policy to be used on SAPs on different ports without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s PIR, CIR, and FIR rates will be recalculated based on the defined percentage value.
When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue's parent scheduler rate. This enables the same QoS policy to be used on SAPs with different parent scheduler rates without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue. If the parent scheduler rate changes after the queue is created, the queue's PIR, CIR, and FIR will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue's rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
Queue rate overrides can only be specified in the form configured in the QoS policy (for example, a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QoS policy.
When no percent-rate is defined within a SAP ingress queue-override, the queue uses the defined shaping rate, CIR, and FIR within the SAP ingress QoS policy associated with the queue.
The no form of this command returns the queue to its default shaping rate, CIR, and FIR.
Parameters
- pir-percent
-
Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.
- cir-percent
-
Specifies the queue's CIR as a percentage dependent on the use of the port-limit or local-limit.
- fir-percent
-
Specifies the queue's FIR as a percentage dependent on the use of the port-limit or local-limit. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- police
-
Keyword used to specify that traffic feeding into the physical queue instance above the specified PIR rate will be dropped. When the police keyword is defined, only the PIR rate may be overridden. The police keyword is only applicable to SAP ingress.
- port-limit
-
Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the port (including the ingress-rate setting) to which the queue is attached. The port-limit is the default.
- local-limit
-
Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the queue’s parent scheduler rate. If there is no parent scheduler rate, or its rate is max, the port-limit is used.
- reference-port-limit
-
Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the reference port (including the ingress-rate setting) to which the queue is attached.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent] [{port-limit | local-limit | reference-port-limit}]
no percent-rate
Context
[Tree] (config>qos>qgrps>egr>queue-group>queue percent-rate)
Full Context
configure qos queue-group-templates egress queue-group queue percent-rate
Description
The percent-rate command within the egress queue group template enables support for a queue’s PIR and CIR rate to be configured as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port-based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.
When configured on an egress HSQ queue group queue, the cir keyword is ignored.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the rate is performed under the hs-wrr-group within the egress queue group template.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
The no form of this command returns the queue to its default shaping rate and CIR rate.
Parameters
- pir-percent
-
Expresses the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation and the egress rate setting.
- cir-percent
-
The cir keyword is optional and when defined, the required pir-percent parameter expresses the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may change dynamically due to configuration or auto-negotiation and the egress rate setting.
- port-limit
-
Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the port (including the egress-rate setting) to which this queue connects. The port-limit is the default.
- local-limit
-
Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the queue’s parent scheduler rate or agg-rate rate at egress. If there is no parent scheduler rate or agg-rate rate, or those rates are max, the port-limit is used.
- reference-port-limit
-
Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the reference port (including the egress-rate setting) to which this queue connects.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percentage] [local-limit | reference-port-limit]
no percent-rate
Context
[Tree] (config>qos>scheduler-policy>tier>scheduler percent-rate)
Full Context
configure qos scheduler-policy tier scheduler percent-rate
Description
This command configures the percentage rate for the scheduler policy.
The no form of this command removes the configuration.
Parameters
- pir-percent
-
Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- cir-percent
-
The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- local-limit
-
Keyword used to specify the local limit.
- reference-port-limit
-
Keyword used to specify the reference port limit.
Platforms
All
percent-rate
Syntax
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context
[Tree] (config>qos>port-scheduler-policy>group percent-rate)
Full Context
configure qos port-scheduler-policy group percent-rate
Description
The percent-rate command within the port scheduler policy group enables support for a policer’s PIR and CIR rate to be configured as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
If the parent arbiter rate changes after the policer is created, the policer’s PIR and CIR rates will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a policer is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A policer’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
The no form of this command returns the queue to its default shaping rate and cir rate.
Parameters
- pir-percent
-
Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
- cir cir-percent
-
The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.
Platforms
All
percent-reduction-from-mbs
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>mcast-mgmt>bw-plcy>t2>prim-path>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>mcast-mgmt>bw-plcy>t2>sec-path>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure mcast-management bandwidth-policy t2-paths primary-path queue-parameters drop-tail low percent-reduction-from-mbs
configure mcast-management bandwidth-policy t2-paths secondary-path queue-parameters drop-tail low percent-reduction-from-mbs
Description
This command overrides the default percentage value used to determine the low drop-tail value for the queue. By default, 10 percent of the queue depth is reserved for high congestion priority traffic. When specified, the percent-reduction-from-mbs percentage value is applied to the queues’ MBS threshold. The resulting value is subtracted from the MBS to derive the low drop-tail threshold maintained by the queue. The low drop-tail threshold defines the point at which all low-congestion priority packets destined for the queue are discarded based on queue depth. Low- and high-congestion priority is derived from the multicast records preference value compared to the record’s bundle priority threshold.
The no form of this command restores the default value.
Default
percent-reduction-from-mbs 10
Parameters
- percent
-
Specifies the percent of queue depth reserved for high-congestion priority traffic.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>service>ies>if>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>vpls>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>vpls>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure service ies interface sap egress queue-override queue drop-tail low percent-reduction-from-mbs
configure service vpls sap egress queue-override queue drop-tail low percent-reduction-from-mbs
configure service ies interface sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
configure service vpls sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
Description
This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail is at 420 kbytes and out-of-profile packets are not accepted into the queue if its depth is greater than this value, and discarded.
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>port>ethernet>access>egr>qgrp>qover>q>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>port>ethernet>network>egr>qgrp>qover>q>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>port>ethernet>access>ing>qgrp>qover>q>drop-tail>low percent-reduction-from-mbs)
Full Context
configure port ethernet access egress queue-group queue-overrides queue drop-tail low percent-reduction-from-mbs
configure port ethernet network egress queue-group queue-overrides queue drop-tail low percent-reduction-from-mbs
configure port ethernet access ingress queue-group queue-overrides queue drop-tail low percent-reduction-from-mbs
Description
This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>service>epipe>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>epipe>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>cpipe>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>ipipe>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>ipipe>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>cpipe>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure service epipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
configure service epipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
configure service cpipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
configure service ipipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
configure service ipipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
configure service cpipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
Description
This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes. Any out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
- configure service epipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
- configure service ipipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
- configure service ipipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
- configure service epipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
- configure service cpipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure service vprn interface sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
configure service vprn interface sap egress queue-override queue drop-tail low percent-reduction-from-mbs
Description
This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>qos>sap-ingress>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure qos sap-ingress queue drop-tail low percent-reduction-from-mbs
Description
This command configures the ingress SAP low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.
Default
percent-reduction-from-mbs 10
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>qos>sap-egress>queue>drop-tail>highplus percent-reduction-from-mbs)
[Tree] (config>qos>sap-egress>queue>drop-tail>low percent-reduction-from-mbs)
[Tree] (config>qos>sap-egress>queue>drop-tail>exceed percent-reduction-from-mbs)
[Tree] (config>qos>sap-egress>queue>drop-tail>high percent-reduction-from-mbs)
Full Context
configure qos sap-egress queue drop-tail highplus percent-reduction-from-mbs
configure qos sap-egress queue drop-tail low percent-reduction-from-mbs
configure qos sap-egress queue drop-tail exceed percent-reduction-from-mbs
configure qos sap-egress queue drop-tail high percent-reduction-from-mbs
Description
This command configures the egress SAP queue drop tails as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.
The drop tails apply to packets with the following profile state:
-
Exceed drop tail: exceed-profile
-
High drop tail: in-profile
-
Highplus drop tail: inplus-profile
-
Low drop tail: out-of-profile
Default
Exceed drop tail: 20%
Low drop tail: 10%
High drop tail: 0%
Highplus drop tail: 0%
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>qos>network-queue>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure qos network-queue queue drop-tail low percent-reduction-from-mbs
Description
This command configures the ingress and egress network queue low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and percent-reduction-from-mbs is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.
The exceed drop tail is not configurable for network queues, however, it is set to a value of 10% in addition to low drop tail and capped by the MBS.
Default
percent-reduction-from-mbs 10
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>qos>qgrps>ing>qgrp>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure qos queue-group-templates ingress queue-group queue drop-tail low percent-reduction-from-mbs
Description
This command configures the ingress queue group queue low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, the low drop tail will be at 420 kbytes. Out-of-profile packets will not be accepted into the queue and will be discarded if the queue depth is greater than this value.
Default
10%
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>exceed percent-reduction-from-mbs)
[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>high percent-reduction-from-mbs)
[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>highplus percent-reduction-from-mbs)
[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure qos queue-group-templates egress queue-group queue drop-tail exceed percent-reduction-from-mbs
configure qos queue-group-templates egress queue-group queue drop-tail high percent-reduction-from-mbs
configure qos queue-group-templates egress queue-group queue drop-tail highplus percent-reduction-from-mbs
configure qos queue-group-templates egress queue-group queue drop-tail low percent-reduction-from-mbs
Description
This command configures the egress queue group queue drop tails as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, the low drop tail will be at 420 kbytes. Out-of-profile packets will not be accepted into the queue and will be discarded if the queue depth is greater than this value.
The drop tails apply to packets with the following profile states:
-
exceed drop tail: exceed-profile
-
high drop tail: in-profile
-
highplus drop tail: inplus-profile
-
low drop tail: out-of-profile
Default
exceed drop tail: 20%
low drop tail: 10%
high drop tail: 0%
highplus drop tail: 0%
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
percent-reduction-from-mbs
Syntax
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context
[Tree] (config>qos>shared-queue>queue>drop-tail>low percent-reduction-from-mbs)
Full Context
configure qos shared-queue queue drop-tail low percent-reduction-from-mbs
Description
This command configures the ingress shared queue low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and percent-reduction-from-mbs is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.
Default
percent-reduction-from-mbs 10
Parameters
- percent
-
Specifies the percentage reduction from the MBS for a queue drop tail.
Platforms
All
performance
performance
Syntax
performance
Context
[Tree] (config>isa>aa-grp>statistics performance)
Full Context
configure isa application-assurance-group statistics performance
Description
This command configures the ISA group to enable the aa-performance statistic record. This record contains information on the traffic load and resource consumption for each ISA in the group, to allow tracking of ISA load for long term capacity planning and short term anomalies. The user can configure the accounting policy to be used, and enables the record using the [no] collect-stats command.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
performance
Syntax
[no] performance
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>test-types performance)
Full Context
configure test-oam service-activation-testhead service-test service-stream test-types performance
Description
This command configures the performance test of the service stream.
The no form of this command removes the configured performance test.
Default
no performance
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
performance
Syntax
performance
Context
[Tree] (config>test-oam>service-activation-testhead>service-test>test-duration performance)
Full Context
configure test-oam service-activation-testhead service-test test-duration performance
Description
Commands in this context configure the duration for the performance test type.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
period
period
Syntax
period milli-seconds
no period
Context
[Tree] (config>router>rsvp>msg-pacing period)
Full Context
configure router rsvp msg-pacing period
Description
This command specifies the time interval (in ms), when the router can send the specified number of RSVP messages which is specified in the max-burst command.
Default
period 100
Parameters
- milli-seconds
-
Specifies the time interval in increments of 10 ms.
Platforms
All
periodic
periodic
Syntax
periodic
Context
[Tree] (config>subscr-mgmt>shcv-policy periodic)
Full Context
configure subscriber-mgmt shcv-policy periodic
Description
Commands in this context configure periodic SHCV properties for the subscriber management group-interface. This tool periodically scans all known DHCP hosts only and perform unicast ARP/NS requests. The subscriber host connectivity verification maintains state (connected versus not-connected) for all hosts.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
periodic-sm
periodic-sm
Syntax
[no] periodic-sm
Context
[Tree] (debug>service>id>mrp periodic-sm)
Full Context
debug service id mrp periodic-sm
Description
This command enables debugging of the periodic state machine.
The no form of this command disables debugging of the periodic state machine.
Platforms
All
periodic-time
periodic-time
Syntax
periodic-time value
no periodic-time
Context
[Tree] (config>service>vpls>spoke-sdp>mrp periodic-time)
[Tree] (config>service>vpls>mesh-sdp>mrp periodic-time)
[Tree] (config>service>vpls>sap>mrp periodic-time)
Full Context
configure service vpls spoke-sdp mrp periodic-time
configure service vpls mesh-sdp mrp periodic-time
configure service vpls sap mrp periodic-time
Description
This command controls the frequency the Periodic Transmission state machine generates periodic events if the Periodic Transmission Timer is enabled. The timer is required on a per-Port basis. The Periodic Transmission Timer is set to one second when it is started.
Default
periodic-time 10
Parameters
- value
-
The frequency with which the Periodic Transmission state machine generates periodic events, in tenths of a second.
Platforms
All
periodic-timer
periodic-timer
Syntax
[no] periodic-timer
Context
[Tree] (config>service>vpls>mesh-sdp>mrp periodic-timer)
[Tree] (config>service>vpls>sap>mrp periodic-timer)
[Tree] (config>service>vpls>spoke-sdp>mrp periodic-timer)
Full Context
configure service vpls mesh-sdp mrp periodic-timer
configure service vpls sap mrp periodic-timer
configure service vpls spoke-sdp mrp periodic-timer
Description
This command enables or disables the Periodic Transmission Timer.
Default
no periodic-timer
Platforms
All
periodic-update
periodic-update
Syntax
periodic-update interval hours [rate-limit rate]
no periodic-update
Context
[Tree] (config>aaa>isa-radius-plcy periodic-update)
Full Context
configure aaa isa-radius-policy periodic-update
Description
This command enables periodic RADIUS logging of currently allocated port blocks for a NAT subscriber (NAT binding).
Default
no periodic-update (no Interim Update messages are sent)
Parameters
- interval hours
-
Specifies the interval at which RADIUS logging is refreshed. The log generation might delayed past the configured interval value if the message pacing (rate-limit) is enabled or when the number of un-acknowledged (pending) messages in SR OS has reached its upper limit. An increased number of pending Interim Update messages in SR OS is due to lack of adequate responsiveness of the RADIUS server.
- rate-limit rate
-
Specifies the pacing of the Interim Update messages related to refreshment of the currently allocated port blocks. By default, when this command is disabled, the messages are sent at a high rate determined by the processing capability of the SR OS. Such a high message rate can exceed the processing power of the logging server which can result in the loss of logging information. To overcome this, the Interim Update messages can be generated in a staggered manner at a configured interval that is accommodating toward the processing capabilities of the logging server.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
periodic-update-interval
periodic-update-interval
Syntax
periodic-update-interval [days days] [ hrs hours] [min minutes] [sec seconds]
Context
[Tree] (config>system>security>pki>ca-prof>auto-crl-update periodic-update-interval)
Full Context
configure system security pki ca-profile auto-crl-update periodic-update-interval
Description
This command specifies the interval for periodic updates. The minimal interval is 1 hour. The maximum interval is 366 days.
Default
periodic-update-interval days 1
Parameters
- days days
-
Specifies the number of days for periodic updates.
- hours
-
Specifies the number of hours for periodic updates.
- minutes
-
Specifies the number of minutes for periodic updates.
- seconds
-
Specifies the number of seconds for periodic updates.
Platforms
All
permit-empty-passwords
permit-empty-passwords
Syntax
[no] configure system security ssh permit-empty-passwords
Context
[Tree] (config>system>security>ssh permit-empty-passwords)
Full Context
configure system security ssh permit-empty-passwords
Description
This command configures the permission of users with empty password strings to log in.
The no form of this command prevents users with empty password strings from logging in.
Default
permit-empty-passwords
Platforms
All
persist
persist
Syntax
persist {on | off}
Context
[Tree] (bof persist)
Full Context
bof persist
Description
This command specifies whether the system will preserve system indexes when a save command is executed in classic or mixed configuration mode. During a subsequent boot, the index file is read along with the configuration file. As a result, a number of system indexes are preserved between reboots, including the interface index, LSP IDs, path IDs, and so on. This reduces resynchronizations of the Network Management System (NMS) with the affected network element.
This command is ignored in model-driven configuration mode. In model-driven mode, system indices are always saved and they are embedded in the configuration file.
In the event that persist is on and the reboot with the appropriate index file fails in classic or mixed configuration mode, SNMP is operationally shut down to prevent the management system from accessing and possibly synchronizing with a partially booted or incomplete network element. To enable SNMP access, enter the config>system>snmp>no shutdown command.
If persist is enabled and the admin save url command is executed with an FTP path used as the url parameter, two FTP sessions simultaneously open to the FTP server. The FTP server must be configured to allow multiple sessions from the same login, otherwise, the configuration and index files will not be saved correctly.
-
In classic or mixed configuration mode, persistency files (.ndx) are saved on the same disk as the configuration files and the image files.
-
When an operator sets the location for the persistency file in classic or mixed configuration mode, the system will check to ensure that the disk has enough free space. If there is not enough free space, the persistency will not become active and a trap will be generated. Then, it is up to the operator to free adequate disk space. In the meantime, the system will perform a space availability check every 30 seconds. As soon as the space is available the persistency will become active on the next (30 second) check.
Default
persist off
Parameters
- on
-
Enables the system index saves between reboots.
- off
-
Disables the system index saves between reboots.
Platforms
All
persistence
persistence
Syntax
persistence seconds
no persistence
Context
[Tree] (config>python>py-pol>cache>minimum-lifetimes persistence)
Full Context
configure python python-policy cache minimum-lifetimes persistence
Description
This command configures the minimum lifetime for a cache entry to be made persistent.
The no form of this command reverts to the default.
Parameters
- persistence
-
The minimum lifetime, in seconds.
Platforms
All
persistence
Syntax
[no] persistence
Context
[Tree] (config>python>py-pol>cache persistence)
Full Context
configure python python-policy cache persistence
Description
This command enables persistency support for the cached entries of the python-policy.
The no form of this command reverts to the default.
Platforms
All
persistence
Syntax
persistence
Context
[Tree] (config>system persistence)
Full Context
configure system persistence
Description
Commands in this context configure persistence parameters on the system.
The persistence feature enables state information learned through applications such as subscriber management, DHCP server, or application assurance to be retained across reboots.
Platforms
All
persistence
Syntax
persistence [persistence-client]
no persistence
Context
[Tree] (debug>system persistence)
Full Context
debug system persistence
Description
This command displays persistence debug information.
Parameters
- persistence-client
-
Displays persistence debug information.
Platforms
All
persistency-database
persistency-database
Syntax
[no] persistency-database
Context
[Tree] (config>service>vpls>gsmp>group persistency-database)
[Tree] (config>service>vprn>gsmp>group persistency-database)
Full Context
configure service vpls gsmp group persistency-database
configure service vprn gsmp group persistency-database
Description
This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information will remain in memory and accessible for RADIUS authentication and accounting.
The no form of this command reverts to the default.
Platforms
All
persistency-database
Syntax
[no] persistency-database
Context
[Tree] (config>service>vpls>gsmp persistency-database)
Full Context
configure service vpls gsmp persistency-database
Description
This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information will remain in memory and accessible for Radius authentication and accounting.
Default
no persistency-database
Platforms
All
persistency-database
Syntax
[no] persistency-database
Context
[Tree] (config>service>vprn>gsmp persistency-database)
Full Context
configure service vprn gsmp persistency-database
Description
This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information remains in memory and accessible for RADIUS authentication and accounting.
The no form of this command reverts to the default.
Default
no persistency-database
Platforms
All
persistent-subscriptions
persistent-subscriptions
Syntax
persistent-subscriptions
Context
[Tree] (config>system>telemetry persistent-subscriptions)
Full Context
configure system telemetry persistent-subscriptions
Description
Commands in this context configure persistent subscriptions.
Platforms
All
pfcp
pfcp
Syntax
pfcp
Context
[Tree] (config>service>vpls>sap pfcp)
Full Context
configure service vpls sap pfcp
Description
Commands in this context configure an active PFCP association for the VPLS capture SAP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pfcp
Syntax
pfcp
Context
[Tree] (debug>subscr-mgmt pfcp)
Full Context
debug subscriber-mgmt pfcp
Description
Commands in this context use debug commands associated with the PFCP protocol.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pfcp-association
pfcp-association
Syntax
pfcp-association name [create]
no pfcp-association name
Context
[Tree] (config>subscr-mgmt pfcp-association)
Full Context
configure subscriber-mgmt pfcp-association
Description
This command creates a PFCP association towards a BNG CUPS CPF.
The no form of this command removes the association.
Parameters
- name
-
Specifies the name of the PFCP association, up to 32 characters.
- create
-
Keyword used to create the PFCP association.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pfcp-li-shared-key
pfcp-li-shared-key
Syntax
pfcp-li-shared-key secretpfcp-li-shared-key secret hash2
no pfcp-li-shared-key
Context
[Tree] (config>li>sci pfcp-li-shared-key)
Full Context
configure li sci pfcp-li-shared-key
Description
This command configures the shared secret key that SR OS uses in its role as a user plane (UP) to the MAG-c. The SR OS UP uses the shared secret key to encrypt and decrypt the LI PFCP IEs it exchanges with the MAG-c. The SR OS UP and the MAG-c must use matching secret keys. The system only accepts a secret key configured as a printable string.
The no form of this command removes the configuration.
Parameters
- secret
-
Specifies the name of the shared secret key, up to 128 characters. The system only accepts a secret key configured as a printable string.
- hash2
-
Keyword used to apply hash2 to the shared key.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pfcp-mappings
pfcp-mappings
Syntax
pfcp-mappings
Context
[Tree] (config>subscr-mgmt>sla-prof pfcp-mappings)
Full Context
configure subscriber-mgmt sla-profile pfcp-mappings
Description
Commands in this context configure the mapping of PFCP QoS IEs (such as QER GBR/MBR IEs), to local QoS overrides (such as queue and policer rates).
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
pfs
pfs
Syntax
pfs [dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}]
no pfs
Context
[Tree] (config>ipsec>ike-policy pfs)
Full Context
configure ipsec ike-policy pfs
Description
This command enables perfect forward secrecy on the IPsec tunnel using this policy. PFS provides for a new Diffie-Hellman key exchange each time the SA key is renegotiated. After that SA expires, the key is forgotten and another key is generated (if the SA remains up). This means that an attacker who cracks part of the exchange can only read the part that used the key before the key changed. There is no advantage in cracking the other parts if they attacker has already cracked one.
The no form of this command disables PFS. If this it turned off during an active SA, when the SA expires and it is time to re-key the session, the original Diffie-Hellman primes will be used to generate the new keys.
Default
no pfs
Parameters
- dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}
-
Specifies which Diffie-Hellman group to use for calculating session keys. More bits provide a higher level of security, but require more processing. Three groups are supported with IKE-v1:
Group 1: 768 bits
Group 2: 1024 bits
Group 5: 1536 bits
Group 14: 2048 bits
Group 15: 3072 bits
Group 19: P-256 ECC Curve, 256 bits
Group 20: P-384 ECC Curve, 384 bits
Group 21: P-512 ECC Curve, 512 bits
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pfs-dh-group
pfs-dh-group
Syntax
pfs-dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}
pfs-dh-group inherit
no pfs-dh-group
Context
[Tree] (config>ipsec>ipsec-transform pfs-dh-group)
Full Context
configure ipsec ipsec-transform pfs-dh-group
Description
This command specifies the Diffie-Hellman group to be used for Perfect Forward Secrecy (PFS) computation during CHILD_SA rekeying.
The no form of this command reverts to the default.
Default
pfs-dh-group inherit
Parameters
- {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}
-
Specifies the Diffie-Hellman group to achieve PFS.
- inherit
-
Specifies that the value of the DH group used by the system is inherited from the IPsec gateway or IPsec tunnel.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pgw
pgw
Syntax
pgw
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile pgw)
Full Context
configure subscriber-mgmt gtp peer-profile pgw
Description
Commands in this context configure communication with a Packet Data Network Gateway.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
phone
phone
Syntax
[no] phone phone-number
Context
[Tree] (config>service>cust phone)
Full Context
configure service customer phone
Description
This command adds telephone number information for a customer ID. The no form of this command removes the phone number value from the customer ID.
Parameters
- string
-
Specifies the customer phone number entered as an ASCII string up to 80 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Any printable, seven bit ASCII characters may be used within the string.
Platforms
All
physical-access-id
physical-access-id
Syntax
[no] physical-access-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp physical-access-id)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp physical-access-id
Description
This command includes the physical access ID.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pid-pmt-unref
pid-pmt-unref
Syntax
[no] pat-syntax
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pid-pmt-unref)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pid-pmt-unref)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pid-pmt-unref)
Full Context
configure mcast-management multicast-info-policy bundle video analyzer alarms pid-pmt-unref
configure mcast-management multicast-info-policy bundle channel video analyzer alarms pid-pmt-unref
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pid-pmt-unref
Description
This command configures the analyzer to check for unreferenced PIDs that have not been referred in the PMT.
Default
no pid-pmt-unref
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
pim
pim
Syntax
pim {asm | ssm} grp-ip-address
no pim
Context
[Tree] (config>service>vprn>mvpn>pt>inclusive pim)
Full Context
configure service vprn mvpn provider-tunnel inclusive pim
Description
This command specifies the PIM mode to use, ASM or SSM, for PIM-based inclusive provider tunnels and the multicast group address to use. Also enables the context for specifying parameters for PIM peering on the inclusive provider tunnel.
Auto-discovery must be enabled in order for SSM to operate.
The no form of this command removes the pim context including the statements under the context.
Default
no pim
Parameters
- asm
-
Specifies to use PIM ASM for inclusive provider tunnels.
- ssm
-
Specifies to u PIM SSM for inclusive provider tunnels.
- group-address
-
Specifies the multicast group address to use.
Platforms
All
pim
Syntax
[no] pim
Context
[Tree] (config>service>vprn pim)
Full Context
configure service vprn pim
Description
This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When an PIM instance is created, the protocol is enabled. PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).
The no form of this command deletes the PIM protocol instance removing all associated configuration parameters.
Platforms
All
pim
Syntax
[no] pim
Context
[Tree] (config>router pim)
Full Context
configure router pim
Description
This command enables a Protocol Independent Multicast (PIM) instance.
PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router OS supports PIM sparse mode (PIM-SM).
The no form of this command disables the PIM instance.
Default
no pim
Platforms
All
pim
Syntax
pim [grp-address]
no pim
Context
[Tree] (debug>router>msdp pim)
Full Context
debug router msdp pim
Description
This command enables debugging for Multicast Source Discovery Protocol (MSDP) PIM.
The no form of the command disables MSDP PIM debugging.
Parameters
- grp-address
-
Debugs the IP multicast group address for which this entry contains information.
Platforms
All
pim-asm
pim-asm
Syntax
pim-asm {grp-ip-address/mask | grp-ip-address netmask}
no pim-asm
Context
[Tree] (config>service>vprn>mvpn>pt>selective pim-asm)
Full Context
configure service vprn mvpn provider-tunnel selective pim-asm
Description
This command specifies the range of PIM-ASM groups to use on the sender PE to setup ASM multicast tree for draft Rosen based Data MDT.
Parameters
- grp-ip-address
-
Specifies the multicast group address.
- mask
-
Specifies the mask of the multicast-ip-address.
- netmask
-
The subnet mask in dotted decimal notation.
Platforms
All
pim-policy
pim-policy
Syntax
pim-policy pim-policy-name [create]
no pim-policy pim-policy-name
Context
[Tree] (config>subscr-mgmt pim-policy)
Full Context
configure subscriber-mgmt pim-policy
Description
This command creates a PIM policy or enters the context to configure a PIM policy.
The no form of this command deletes the specified PIM policy.
Parameters
- pim-policy-name
-
Specifies the PIM policy name, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- create
-
Specifies the keyword used to create the PIM policy. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pim-policy
Syntax
pim-policy policy-name
no pim-policy policy-name
Context
[Tree] (config>subscr-mgmt>sub-prof pim-policy)
Full Context
configure subscriber-mgmt sub-profile pim-policy
Description
This command adds an existing PIM policy to this subscriber profile.
The no form of this command removes the specified PIM policy from this subscriber profile.
Parameters
- policy-name
-
Specifies the name of the PIM policy name, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pim-snooping
pim-snooping
Syntax
pim-snooping [saps] [spoke-sdps]
no pim-snooping
Context
[Tree] (config>redundancy>multi-chassis>peer>sync pim-snooping)
Full Context
configure redundancy multi-chassis peer sync pim-snooping
Description
This command specifies whether PIM snooping for IPv4 information should be synchronized with a multi-chassis peer. Entering pim-snooping without any parameters results in the synchronization being applied only to SAPs.
Specifying the spoke-sdps parameter results in the synchronization being applied to manually configured spoke SDPs. Specifying both the saps and spoke-sdps parameters results in the synchronization being applied to both SAPs and manually configured spoke SDPs.
The synchronization of PIM snooping is only supported for manually configured spoke SDPs but is not supported for spoke SDPs configured within an endpoint. See PIM Snooping for IPv4 Synchronization for service support.
Default
no pim-snooping
Parameters
- saps
-
Specifies that SAPs are to be synchronized with the multi-chassis peer according to the synchronization tags configured on the port. This is the default when no parameters are specified.
- spoke-sdps
-
Specifies that spoke SDPs are to be synchronized with the multi-chassis peer according to the synchronization tags configured on spoke SDPs.
Platforms
All
pim-snooping
Syntax
pim-snooping
Context
[Tree] (config>service>vpls>spoke-sdp pim-snooping)
[Tree] (config>service>vpls pim-snooping)
[Tree] (config>service>vpls>sap pim-snooping)
Full Context
configure service vpls spoke-sdp pim-snooping
configure service vpls pim-snooping
configure service vpls sap pim-snooping
Description
This command enables PIM snooping for the VPLS service. When enabled, it is enabled for all SAPs except default SAPs. A default SAP is a SAP that has a wild card VLAN ID, such as sap 1/1/1:*.
The no form of this command removes the PIM snooping configuration.
Platforms
All
pim-snooping
Syntax
[no] pim-snooping
Context
[Tree] (debug>service>id pim-snooping)
Full Context
debug service id pim-snooping
Description
This command enables PIM-snooping debugging.
Platforms
All
pim-ssm
pim-ssm
Syntax
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
no pim-ssm
Context
[Tree] (config>service>vprn>mvpn>pt>selective pim-ssm)
Full Context
configure service vprn mvpn provider-tunnel selective pim-ssm
Description
This command specifies the PIM SSM groups to use for the selective provider tunnel.
Parameters
- group-address/mask
-
Specifies a multicast group address and netmask length.
Platforms
All
pim-ssm-scaling
pim-ssm-scaling
Syntax
[no] pim-ssm-scaling
Context
[Tree] (config>router>pim pim-ssm-scaling)
Full Context
configure router pim pim-ssm-scaling
Description
This command enables an increase of PIM SSM (S,G) scaling to a maximum of 256kper system. The per-complex (FP) multicast scaling limit is still in place, but multiple complexes can be used to achieve the 256k per-system (S,G) scaling.
The no form of this command disables the increase in PIM SSM scaling.
Default
no pim-ssm-scaling
Platforms
All
ping
ping
Syntax
ping ip-address | dns-name [bypass-routing | {interface interface-name} | {next-hop ip-address}] [{router router-or-service} | {router-instance router-instance} | {service-name service-name}] [source ip-address] [count requests] [detail | rapid] [do-not-fragment] [fc fc-name] [interval centisecs | secs] [pattern pattern] [size bytes] [timeout timeout] [tos type-of-service] [ttl time-to-live]
ping ipv4-address subscriber-id sub-ident-string [{router router-or-service} | {router-instance router-instance} | {service-name service-name}] [source ip-address] [count requests] [detail | rapid] [do-not-fragment] [fc fc-name] [interval centisecs | secs] [pattern pattern] [size bytes] [timeout timeout] [tos type-of-service] [ttl time-to-live]
ping srv6-policy color color endpoint ipv6-address [segment-list segment-list] [candidate-path protocol-owner static | bgp [preference preference] [distinguisher distinguisher]] [count requests] [detail | rapid] [do-not-fragment] [fc fc-name] [interval centisecs | secs] [pattern pattern] [size bytes] [timeout timeout] [tos type-of-service] [ttl time-to-live]
Context
[Tree] (ping)
Full Context
ping
Description
This command sends a ping to a destination to verify IP reachability.
Use the ping {ip-address | dns-name} [{bypass-routing | {interface interface-name} | {next-hop ip-address}}] command syntax to send a generic ping. This is the basic TCP/IP utility to verify IP reachability.
Use the ping ipv4-address subscriber-id sub-ident-string command syntax to send a ping to verify L2-Aware remote host reachability.
The L2-Aware form of this command can be initiated from the gateway IPv4 address in the inside routing context or from any IPv4 address in the outside routing context. If the gateway IPv4 address is used as the source address, it must be explicitly specified in conjunction with the L2-Aware syntax.
Any source address can be used for the ping to test the relevant NAT policy. If the source address refers to a policy that is not configured on the router, the message "MINOR: OAM #2160 router ID is not an outside router for this subscriber” is displayed. The source address does not need to belong to the system.
If the outside routing context is not specified, by default, the Base router is selected. If the specified or default Base router instance is not the outside routing context for the subscriber, the L2-Aware form of this command fails to execute, and the message "MINOR: OAM #2160 router ID is not an outside router for this subscriber” is displayed.
The NAT application shares query IDs between L2-Aware pings and ICMP or GRE traffic that has undergone NAT and is destined for a DMZ host. If there is query ID space exhaustion, ICMP or GRE flows destined for DMZ hosts are deleted, so their query IDs can be reused for the requested L2-Aware pings.
Use the ping srv6-policy color color endpoint ipv6-address command syntax to launch a ping for an SRv6 policy matching a specific color and endpoint. The ping probe may optionally be targeted at a specific segment list of the SRv6 policy. When the segment list is not specified, the ping probe is sent on the lowest available segment list.
Parameters
- bypass-routing
-
Specifies whether to send the ping request to a host on a directly attached network, bypassing the routing table.
- bytes
-
Specifies the request packet size in bytes, expressed as a decimal integer.
- candidate-path
-
Specifies a candidate path of the SRv6 policy to ping. The candidate path does not need to be the currently active candidate path.
- centiseconds
-
Sets the interval in centiseconds.
- detail
-
Displays detailed information.
- distinguisher
- Specifies the distinguisher of the SRv6 policy candidate path to send the ping probe on. This parameter must be configured if protocol-owner is configured to bgp.
- do-not-fragment
-
Sets the DF (Do Not Fragment) bit in the ICMP ping packet (does not apply to ICMPv6).
- dns-name
-
Specifies the DNS name of the far-end device on which to send the svc-ping request message, expressed as a character string.
- fc-name
-
Specifies the forwarding class of the MPLS echo request packets.
- interface-name
-
Specifies the name of an IP interface. The name must already exist in the configure router interface context.
- ip-address
-
Specifies the far-end IP address, in dotted decimal notation, on which to send the svc-ping request message.
- next-hop ip-address
-
Displays only static routes with the specified next hop IP address.
- pattern
-
Specifies that the date portion in a ping packet that is filled with the pattern value specified. If not specified, position information is filled instead.
- preference
- Specifies the preference of the SRv6 policy candidate path to send the ping probe on.
- protocol-owner
- Specifies the protocol owner of the SRv6 policy candidate path to ping.
- rapid
-
Specifies that packets be generated as fast as possible instead of the default 1 per second. Changes the units for the interval command from seconds to centiseconds.
- requests
-
Specifies the number of times to perform an OAM ping probe operation. Each OAM echo message request must either time out or receive a reply before the next message request is sent.
- router-instance
-
Specifies the preferred method for entering a service name. Stored as the service name. This is the only service-linking function allowed for both mixed-mode and model-driven configuration modes.
- router-or-service
-
Specifies the routing instance or service, by number. The router-instance parameter is preferred for specifying the router or service.
- seconds
-
Overrides the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.
- secs
-
Sets the interval in seconds.
- service-name
-
Specifies the alias function that allows the service-name to be used, converted, and stored as a service ID.
- sub-ident-string
-
Specifies the L2-Aware NAT subscriber to which ICMP-ping is sent, up to 32 characters. The subscriber-id keyword serves as a differentiator between the subscribers with the same IP address in the same routing context (which is allowed in L2-Aware NAT). The subscriber-id keyword is mandatory for L2-Aware IPv4 ping, but optional in generic ping framework.
- source ip-address
-
Specifies the IP address to be used.
- timeout
-
Specifies the time out, in seconds.
- type-of-service
-
Specifies the service type.
- time-to-live
-
Specifies the TTL value for the MPLS label, expressed as a decimal integer.
- srv6-policy
- Keyword to specify that the ping probe is applied to an SRv6 policy.
- color-id
- Specifies the SRv6 policy color ID.
- endpoint ipv6-address
- Specifies an endpoint as the target of the ping.
- segment-list
- Specifies the segment list to trace.
Platforms
All
ping-reply
ping-reply
Syntax
[no] ping-reply
Context
[Tree] (config>service>ies>if>ipv6>vrrp ping-reply)
Full Context
configure service ies interface ipv6 vrrp ping-reply
Description
This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parental Ip interface or based on the ping source host address). when ping-reply is not enabled, icmp Echo Requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of ping-reply configuration.
The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses will be silently discarded.
The no form of this command restores the default operation of discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.
Default
no ping-reply
Platforms
All
ping-reply
Syntax
[no] ping-reply
Context
[Tree] (config>service>ies>if>vrrp ping-reply)
Full Context
configure service ies interface vrrp ping-reply
Description
This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.
The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.
The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.
Default
no ping-reply
Platforms
All
ping-reply
Syntax
[no] ping-reply
Context
[Tree] (config>service>vprn>if>vrrp ping-reply)
[Tree] (config>service>vprn>if>ipv6>vrrp ping-reply)
Full Context
configure service vprn interface vrrp ping-reply
configure service vprn interface ipv6 vrrp ping-reply
Description
This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.
The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.
The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.
Default
no ping-reply
Platforms
All
ping-reply
Syntax
[no] ping-reply
Context
[Tree] (config>router>if>vrrp ping-reply)
[Tree] (config>router>if>ipv6>vrrp ping-reply)
Full Context
configure router interface vrrp ping-reply
configure router interface ipv6 vrrp ping-reply
Description
This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses.
Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues.
SR OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.
The ping-reply command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. The Ping request can be received on any routed interface. Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address).
When ping-reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the ping-reply setting.
The ping-reply command is only available in non-owner vrrp nodal context.
By default, ICMP echo requests to the virtual router instance IP addresses are silently discarded.
The no form of the command configures discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.
Default
no ping-reply — ICMP echo requests to the virtual router instance IP addresses are discarded.
Platforms
All
ping-template
ping-template
Syntax
ping-template template-name [create]
no ping-template template-name
Context
[Tree] (config>test-oam>icmp ping-template)
Full Context
configure test-oam icmp ping-template
Description
This command creates a ping-template that can be assigned to a VPRN or IES service IP interface.
The no form of this command removes the template name from the configuration.
Parameters
- template-name
-
Specifies the name of the ping template, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ping-template
Syntax
ping-template template-name
no ping-template
Context
[Tree] (config>service>ies>if ping-template)
[Tree] (config>service>vprn>if ping-template)
Full Context
configure service ies interface ping-template
configure service vprn interface ping-template
Description
This command maps a ping-template name to the service IP interface. The ping-template template-name is configured in the config>test-oam>icmp context and assigned to the service IP interface using this command.
The config>service>ies|vprn>if>ping-template must be shut down to remove or change the destination-address value.
The no form of this command removes the template name from the configuration.
Parameters
- template-name
-
Specifies the name of the ping template to be assigned to the IP interface, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ping-test
ping-test
Syntax
[no] ping-test
Context
[Tree] (config>filter>redirect-policy>dest ping-test)
Full Context
configure filter redirect-policy destination ping-test
Description
This command configures parameters to perform connectivity ping tests to validate the ability for the destination to receive redirected traffic.
Default
no ping-test
Platforms
All
pip
pip
Syntax
pip
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if pip)
Full Context
configure mcast-management multicast-info-policy video-policy video-interface pip
Description
Commands in this context configure within a video interface policy the properties relating to requests received by the video interface for Picture-in-Picture (PIP) channel requests.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
pir
pir
Syntax
pir pir-rate
pir max
no pir
Context
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl pir)
Full Context
configure subscriber-mgmt category-map category exhausted-credit-service-level pir
Description
This command configures the PIR which is enforced for all queues pertaining to this category.
The no form of this command reverts to the default.
Parameters
- pir-rate
-
Specifies the amount of bandwidth in kilobits per second.
- max
-
Specifies to use the maximum amount of bandwidth.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pir
Syntax
pir congested-pir
no pir
Context
[Tree] (config>app-assure>group>policer>congestion-override pir)
Full Context
configure application-assurance group policer congestion-override pir
Description
This command provides a mechanism to configure the PIR for the congestion override policer. It is recommended that the PIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic.
The no form of this command resets the PIR value to its default.
Default
pir max
Parameters
- congested-pir
-
Specifies an integer value defining size, in kbytes, for the PIR of the policer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pir
Syntax
pir pir-rate
no pir
Context
[Tree] (config>app-assure>group>pol>cng-ovrd-stg2 pir)
Full Context
configure application-assurance group policer congestion-override-stage2 pir
Description
This command provides a mechanism to configure the PIR for the congestion override policer. It is recommended that the PIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic.
The no form of this command resets the PIR value to its default.
Default
pir max
Parameters
- congested-pir
-
Specifies an integer value defining size, in kbytes, for the PIR of the policer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pir-threshold
pir-threshold
Syntax
pir-threshold kbps
no pir-threshold
Context
[Tree] (config>test-oam>sath>accept-crit-tmpl pir-threshold)
Full Context
configure test-oam service-activation-testhead acceptance-criteria-template pir-threshold
Description
This command configures a PIR value that is compared to the measured results for the cir- pir, policing, and performance test types. If the measured value is greater than or equal to the configured value, the test passes; otherwise, it fails. For more information, see the m-factor command.
The no form of this command disables the comparison of the parameter with the measured value; the threshold value is ignored while declaring the test result.
Default
no pir-threshold
Parameters
- kbps
-
Specifies the value, in kb/s, for comparison with the measured value.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
pki
pki
Syntax
pki
Context
[Tree] (config>system>security pki)
Full Context
configure system security pki
Description
Commands in this context configure PKI related parameters.
Platforms
All
pkt-too-big
pkt-too-big
Syntax
[no] pkt-too-big
Context
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>icmp6-gen pkt-too-big)
[Tree] (config>ipsec>tnl-temp>icmp6-gen pkt-too-big)
[Tree] (config>service>vprn>if>sap>ipsec-tun>icmp6-gen pkt-too-big)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>icmp6-gen pkt-too-big)
[Tree] (config>router>if>ipsec-tunnel>icmp-gen pkt-too-big)
Full Context
configure service vprn interface ipsec ipsec-tunnel icmp6-generation pkt-too-big
configure ipsec tunnel-template icmp6-generation pkt-too-big
configure service vprn interface sap ipsec-tunnel icmp6-generation pkt-too-big
configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big
configure router interface ipsec-tunnel icmp-gen pkt-too-big
Description
This command enables the system to send ICMPv6 PTB (Packet Too Big) messages on the private side and optionally specifies the rate.
With this command configured, the system sends PTB back if it received an IPv6 packet on the private side that is bigger than 1280 bytes and also exceeds the private MTU of the tunnel.
The ip-mtu command (under ipsec-tunnel or tunnel-template) specifies the private MTU for the ipsec-tunnel or dynamic tunnel.
The no form of this command reverts interval and message-count values to their default values.
Platforms
VSR
- configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big
- configure service vprn interface ipsec ipsec-tunnel icmp6-generation pkt-too-big
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure ipsec tunnel-template icmp6-generation pkt-too-big
- configure service vprn interface sap ipsec-tunnel icmp6-generation pkt-too-big
platform-type
platform-type
Syntax
platform-type type
no platform type
Context
[Tree] (config>system>ned>profile platform-type)
Full Context
configure system network-element-discovery profile platform-type
Description
This command configures the platform name and chassis type to be advertised.
The no form of this command removes any explicitly defined type and the default type of "chassis-name, chassis-type" is used.
Default
no platform-type
Parameters
- type
-
Specifies the platform type to be associates with the profile, up to 255 characters.
Platforms
All
pm-tti
pm-tti
Syntax
pm-tti
Context
[Tree] (config>port>otu pm-tti)
Full Context
configure port otu pm-tti
Description
Commands in this context configure path monitoring trail trace identifier parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pmt-repetition
pmt-repetition
Syntax
pcr-repetition [tnc tnc-milli-seconds qos qos-milli-seconds poa poa-milli-seconds]
no pcr-repetition
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pmt-repetition)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pmt-repetition)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pmt-repetition)
Full Context
configure mcast-management multicast-info-policy bundle video analyzer alarms pmt-repetition
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pmt-repetition
configure mcast-management multicast-info-policy bundle channel video analyzer alarms pmt-repetition
Description
This command configures the analyzer to check for the program map table (PMT). It is expected that the PMT arrives periodically within a certain interval range. It is possible to configure the type of alarm that is raised when the PMT fails to arrive within the specified interval. As the delay increases between two consecutive PMTs, the type of alarm raised becomes more critical, from TNC to POA.
Default
no pmt-repetition
Parameters
- tnc-milli-seconds
-
Specifies the time, in milliseconds, for which a TNC alarm is raised if the interval between two consecutive PMTs is greater than or equal to this configured value.
- qos-milli-seconds
-
Specifies the time, in milliseconds, for which a QoS alarm is raised if the interval between two consecutive PMTs is greater than or equal to this configured value.
- poa-milli-seconds
-
Specifies the time, in milliseconds, for which a POA alarm is raised if the interval between two consecutive PMTs is greater than or equal to this configured value.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
pmt-syntax
pmt-syntax
Syntax
[no] pat-syntax
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pmt-syntax)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pmt-syntax)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pmt-syntax)
Full Context
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pmt-syntax
configure mcast-management multicast-info-policy bundle video analyzer alarms pmt-syntax
configure mcast-management multicast-info-policy bundle channel video analyzer alarms pmt-syntax
Description
This command configures the analyzer to check for PMT syntax errors.
Default
no pmt-syntax
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
pmtu-discovery-aging
pmtu-discovery-aging
Syntax
pmtu-discovery-aging seconds
no pmtu-discovery-aging
Context
[Tree] (config>service>ies>if>sap>ip-tunnel pmtu-discovery-aging)
[Tree] (config>service>vprn>if>sap>ipsec-tunnel pmtu-discovery-aging)
[Tree] (config>service>vprn>if>sap>ip-tunnel pmtu-discovery-aging)
[Tree] (config>ipsec>tnl-temp pmtu-discovery-aging)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel pmtu-discovery-aging)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel pmtu-discovery-aging)
[Tree] (config>router>if>ipsec>ipsec-tunnel pmtu-discovery-aging)
Full Context
configure service ies interface sap ip-tunnel pmtu-discovery-aging
configure service vprn interface sap ipsec-tunnel pmtu-discovery-aging
configure service vprn interface sap ip-tunnel pmtu-discovery-aging
configure ipsec tunnel-template pmtu-discovery-aging
configure service vprn interface ipsec ipsec-tunnel pmtu-discovery-aging
configure service ies interface ipsec ipsec-tunnel pmtu-discovery-aging
configure router interface ipsec ipsec-tunnel pmtu-discovery-aging
Description
This command configures the time used to age out the learned temporary MTU which is from the public network. The temporary MTU is used for MTU propagation.
The no form of of this command reverts to the default value.
Default
pmtu-discovery-aging 900
Parameters
- seconds
-
specifies the time, in seconds, used to age out the learned MTU
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure ipsec tunnel-template pmtu-discovery-aging
- configure service vprn interface sap ip-tunnel pmtu-discovery-aging
- configure service ies interface sap ip-tunnel pmtu-discovery-aging
- configure service vprn interface sap ipsec-tunnel pmtu-discovery-aging
VSR
- configure router interface ipsec ipsec-tunnel pmtu-discovery-aging
- configure service vprn interface ipsec ipsec-tunnel pmtu-discovery-aging
- configure service ies interface ipsec ipsec-tunnel pmtu-discovery-aging
poi-tlv-enable
poi-tlv-enable
Syntax
[no] poi-tlv-enable
Context
[Tree] (config>service>vprn>isis poi-tlv-enable)
Full Context
configure service vprn isis poi-tlv-enable
Description
Enable use of Purge Originator Identification (POI) TLV for this IS-IS instance. The POI is added to purges and contains the system ID of the router that generated the purge, which simplifies troubleshooting and determining what caused the purge.
The no form of this command removes the POI functionality from the configuration.
Default
no poi-tlv-enable
Platforms
All
poi-tlv-enable
Syntax
[no] poi-tlv-enable
Context
[Tree] (config>router>isis poi-tlv-enable)
Full Context
configure router isis poi-tlv-enable
Description
Enable use of Purge Originator Identification (POI) TLV for this IS-IS instance. The POI is added to purges and contains the system ID of the router that generated the purge, which simplifies troubleshooting and determining what caused the purge.
The no form of this command removes the POI functionality from the configuration.
Default
no poi-tlv-enable
Platforms
All
policer
policer
Syntax
policer policer-id {ingress-only | egress-only | ingress-egress}
no policer policer-id
Context
[Tree] (config>subscr-mgmt>cat-map>category policer)
Full Context
configure subscriber-mgmt category-map category policer
Description
This command configures a policer in this category.
The no form of this command reverts to the default.
Parameters
- policer-id
-
Specifies an existing policer identifier.
- ingress-only
-
Specifies that ingress policers are defined in this category.
- egress-only
-
Specifies that egress policers are defined in this category.
- ingress-egress
-
Specifies that ingress and egress policers are defined in this category.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer
Syntax
[no] policer policer-id
Context
[Tree] (config>subscr-mgmt>sla-prof>egress>qos policer)
[Tree] (config>subscr-mgmt>sla-prof>ingress>qos policer)
Full Context
configure subscriber-mgmt sla-profile egress qos policer
configure subscriber-mgmt sla-profile ingress qos policer
Description
This command is used in the sap-ingress and sap-egress QoS policies to create, modify or delete a policer. Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. The sap-ingress policy may have up to 32 policers (numbered 1 through 32) may be defined while the sap-egress QoS policy supports a maximum of 8 (numbered 1 through 8). While a policer may be defined within a QoS policy, it is not actually created on SAPs or subscribers associated with the policy until a forwarding class is mapped to the policer’s ID.
All policers must be created within the QoS policies. A default policer is not created when a sap-ingress or sap-egress QoS policy is created.
Once a policer is created, the policer's metering rate and profiling rates may be defined as well as the policer's maximum and committed burst sizes (MBS and CBS respectively). Unlike queues which have dedicated counters, policers allow various stat-mode settings that define the counters that is associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet based on a defined number of bytes.
Once a policer is created, it cannot be deleted from the QoS policy unless any forwarding classes that are mapped to the policer are first moved to other policers or queues.
The system will allow a policer to be created on a SAP QoS policy regardless of the ability to support policers on objects where the policy is currently applied. The system only scans the current objects for policer support and sufficient resources to create the policer when a forwarding class is first mapped to the policer ID. If the policer cannot be created due to one or more instances of the policy not supporting policing or having insufficient resources to create the policer, the forwarding class mapping will fail.
The no form of this command is used to delete a policer from a sap-ingress or sap-egress QoS policy. The specified policer cannot currently have any forwarding class mappings for the removal of the policer to succeed. It is not necessary to actually delete the policer ID for the policer instances to be removed from SAPs or subscribers associated with the QoS policy once all forwarding classes have been moved away from the policer. It is automatically deleted from each policing instance although it still appears in the QoS policy.
Parameters
- policer-id
-
Specifies the policer ID. The policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID is created (depending on the system's current create keyword requirements which may require the create keyword to actually add the new policer ID to the QoS policy) and the system will enter that new policer’s context for possible parameter modification.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer
Syntax
policer policer-name
no policer
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>xconnect policer)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>xconnect policer)
Full Context
configure service ies subscriber-interface group-interface wlan-gw ranges range vrgw lanext xconnect policer
configure service vprn subscriber-interface group-interface wlan-gw ranges range vrgw lanext xconnect policer
Description
This command configures an ISA policer for cross-connect traffic.
The no form of this command removes the policer name from the configuration.
Default
no policer
Parameters
- policer-name
-
Specifies the name of the policer, up to 32 characters.
policer
Syntax
policer policer-name
no policer
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>network policer)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>network policer)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network policer
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network policer
Description
This command configures an ISA policer for HLE network (such as DC) access facing connection traffic, per tunnel.
The no form of this command removes the policer name from the configuration.
Default
no policer
Parameters
- policer-name
-
Specifies the name of the policer, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer
Syntax
policer policer-name
no policer
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>access policer)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>access policer)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access policer
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access policer
Description
This command configures an ISA policer for HLE ingress (such as home) access facing connection traffic, per tunnel
The no form of this command removes the policer name from the configuration.
Default
no policer
Parameters
- policer-name
-
Specifies the name of the policer, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (config>card>fp>ingress>access>qgrp>policer-over policer)
[Tree] (config>card>fp>ingress>network>qgrp>policer-over policer)
Full Context
configure card fp ingress access queue-group policer-override policer
configure card fp ingress network queue-group policer-override policer
Description
This command creates, modifies or deletes a policer. Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. The sap-ingress policy may have up to 32 policers (numbered 1 through 32) may be defined while the sap-egress QoS policy supports a maximum of 8 (numbered 1 through 8). While a policer may be defined within a QoS policy, it is not actually created on SAPs or subscribers associated with the policy until a forwarding class is mapped to the policer’s ID.
All policers must be created within the QoS policies. A default policer is not created when a sap-ingress or sap-egress QoS policy is created.
Once a policer is created, the policer's metering rate and profiling rates may be defined as well as the policer's maximum and committed burst sizes (MBS and CBS respectively). Unlike queues which have dedicated counters, policers allow various stat-mode settings that define the counters that will be associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet based on a defined number of bytes.
Once a policer is created, it cannot be deleted from the QoS policy unless any forwarding classes that are mapped to the policer are first moved to other policers or queues.
The system will allow a policer to be created on a SAP QoS policy regardless of the ability to support policers on objects where the policy is currently applied. The system only scans the current objects for policer support and sufficient resources to create the policer when a forwarding class is first mapped to the policer ID. If the policer cannot be created due to one or more instances of the policy not supporting policing or having insufficient resources to create the policer, the forwarding class mapping fails.
The no form of this command deletes a policer from a sap-ingress or sap-egress QoS policy. The specified policer cannot currently have any forwarding class mappings for the removal of the policer to succeed. It is not necessary to actually delete the policer ID for the policer instances to be removed from SAPs or subscribers associated with the QoS policy once all forwarding classes have been moved away from the policer. It is automatically deleted from each policing instance although it still appears in the QoS policy.
Parameters
- policer-id
-
Specifies that the policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID will be created (depending on the system's current create keyword requirements which may require the create keyword to actually add the new policer ID to the QoS policy) and the system will enter that new policer’s context for possible parameter modification.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (config>service>ipipe>sap>ingress>policer-over policer)
[Tree] (config>service>cpipe>sap>ingress>policer-over policer)
[Tree] (config>service>epipe>sap>egress>policer-over policer)
[Tree] (config>service>cpipe>sap>egress>policer-over policer)
[Tree] (config>service>ipipe>sap>egress>policer-over policer)
Full Context
configure service ipipe sap ingress policer-override policer
configure service cpipe sap ingress policer-override policer
configure service epipe sap egress policer-override policer
configure service cpipe sap egress policer-override policer
configure service ipipe sap egress policer-override policer
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.
The no form of this command is used to remove any existing overrides for the specified policer-id.
Parameters
- policer-id
-
The policer-id parameter is required when executing the policer command within the policer-overrides context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
- create
-
The create keyword is required when a policer policer-id override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service ipipe sap ingress policer-override policer
- configure service epipe sap egress policer-override policer
- configure service ipipe sap egress policer-override policer
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress policer-override policer
- configure service cpipe sap ingress policer-override policer
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (config>service>vpls>sap>ingress>policer-override policer)
[Tree] (config>service>vpls>sap>egress>policer-override policer)
Full Context
configure service vpls sap ingress policer-override policer
configure service vpls sap egress policer-override policer
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.
The no form of this command is used to remove any existing overrides for the specified policer-id.
Parameters
- policer-id
-
The policer-id parameter is required when executing the policer command within the policer-overrides context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
- create
-
The create keyword is required when a policer policer-id override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (config>service>ies>if>sap>ingress>policer-override policer)
[Tree] (config>service>ies>if>sap>egress>policer-override policer)
Full Context
configure service ies interface sap ingress policer-override policer
configure service ies interface sap egress policer-override policer
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.
The no form of this command is used to remove any existing overrides for the specified policer-id.
Parameters
- policer-id
-
This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
- create
-
The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (config>service>vprn>if>sap>ingress>policer-override policer)
[Tree] (config>service>vprn>if>sap>egress>policer-override policer)
Full Context
configure service vprn interface sap ingress policer-override policer
configure service vprn interface sap egress policer-override policer
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.
The no form of this command is used to remove any existing overrides for the specified policer-id.
Parameters
- policer-id
-
This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
- create
-
The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-name type type granularity granularity [create]
policer policer-name
no policer policer-name
Context
[Tree] (config>app-assure>group policer)
Full Context
configure application-assurance group policer
Description
This command creates application assurance policer profile of a specified type. Policers can be bandwidth or flow limiting and can have a system scope (limits traffic entering AA ISA for all or a subset of AA subscribers), subscriber scope or granularity (limits apply to each AA subscriber traffic).
The policer type and granularity can only be configured during creation. They cannot be modified. The policer profile must be removed from all AQPs in order to be removed. Changes to policer profile parameters take effect immediately for policers instantiated as result of AQP actions using this profile.
The no form of this command deletes the specified policer from the configuration.
Parameters
- policer-name
-
Specifies a string of up to 32 characters that identifies the policer.
- type
-
Specifies the policer type.
- granularity
-
Specifies the granularity type.
- create
-
Keyword used to create the policer name and parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer
Syntax
policer policer-name direction direction [create]
no policer policer-name direction direction
Context
[Tree] (config>app-assure>group>statistics>tca policer)
Full Context
configure application-assurance group statistics threshold-crossing-alert policer
Description
This command configures a TCA for the counter capturing drops or admit events due to the specified flow policer. A policer TCA can be created for traffic generated from the subscriber side of AA ( from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a policer TCA.
Parameters
- policer-name
-
Specifies the name of the flow policer, up to 32 characters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer
Syntax
policer policer-id [fp-redirect-group]
no policer
Context
[Tree] (config>qos>sap-ingress>fc policer)
Full Context
configure qos sap-ingress fc policer
Description
Within a sap-ingress QoS policy forwarding class context, the policer command is used to map packets that match the forwarding class and are considered unicast in nature to the specified policer-id. The specified policer-id must already exist within the sap-ingress QoS policy. While the system is determining the forwarding class of a packet, it is also looking up its forwarding destination. If ingress forwarding logic has resolved a unicast destination (the packet does not need to be sent to multiple destinations), it is considered to be a unicast packet and will be mapped to either an ingress queue (using the queue queue-id or queue queue-id group ingress-queue-group commands) or an ingress policer ( policer policer-id). The queue and policer commands within the forwarding class context are mutually exclusive. By default, the unicast forwarding type is mapped to the SAP ingress default queue (queue 1). If the policer policer-id command is executed, any previous policer mapping or queue mapping for the unicast forwarding type within the forwarding class is overridden if the policer mapping is successful.
A policer defined within the sap-ingress policy is not actually created on an ingress SAP or a subscriber using an sla-profile where the policy is applied until at least one forwarding type (unicast, broadcast, unknown, or multicast) from one of the forwarding classes is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber or multiservice site or ingress policing is not supported on the port associated with the SAP or subscriber or multiservice site, the initial forwarding class forwarding type mapping will fail.
When the unicast forwarding type within a forwarding class is mapped to a policer, the unicast packets classified to the subclasses within the forwarding class are also mapped to the policer.
The no form of this command is used to restore the mapping of the unicast forwarding type within the forwarding class to the default queue. If all forwarding class forwarding types had been removed from the default queue, the queue will not exist on the SAPs or subscriber or multiservice sites associated with the QoS policy and the no policer command will cause the system to attempt to create the default queue on each object. If the system cannot create the default queue in each instance, the no policer command will fail and the unicast forwarding type within the forwarding class will continue its mapping to the existing policer-id. If the no policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscriber will be lost.
Parameters
- policer-id
-
When the forwarding class policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.
- fp-redirect-group
-
Redirects a forwarding class to a forwarding plane queue-group as specified in a SAP QoS policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (config>qos>sap-ingress policer)
Full Context
configure qos sap-ingress policer
Description
This command is used in the sap-ingress and sap-egress QoS policies to create, modify, or delete a policer. Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. The sap-ingress policy may be defined to have up to 63 policers (numbered 1 through 63) while the sap-egress QoS policy supports a maximum of 8 (numbered 1 through 8). While a policer may be defined within a QoS policy, it is not actually created on SAPs or subscribers or multiservice sites associated with the policy until a forwarding class is mapped to the policer’s ID.
All policers must be created within the QoS policies. A default policer is not created when a sap-ingress or sap-egress QoS policy is created.
When a policer is created, the policer's metering rate and profiling rates may be defined as well as the policer's maximum and committed burst sizes (MBS and CBS, respectively). Unlike queues that have dedicated counters, policers allow various stat-mode settings that define the counters that will be associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet, based on a defined number of bytes.
When a policer is created, it cannot be deleted from the QoS policy unless any forwarding classes that are mapped to the policer are first moved to other policers or queues.
The system will allow a policer to be created on a SAP QoS policy regardless of the ability to support policers on objects where the policy is currently applied. The system only scans the current objects for policer support and sufficient resources to create the policer when a forwarding class is first mapped to the policer ID. If the policer cannot be created due to one or more instances of the policy not supporting policing or having insufficient resources to create the policer, the forwarding class mapping will fail.
The no form of this command is used to delete a policer from a sap-ingress or sap-egress QoS policy. The specified policer cannot currently have any forwarding class mappings for the removal of the policer to succeed. It is not necessary to actually delete the policer ID for the policer instances to be removed from SAPs or subscriber or multiservice sites associated with the QoS policy when all forwarding classes have been moved away from the policer. It is automatically deleted from each policing instance although it still appears in the QoS policy.
Parameters
- policer-id
-
The policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID will be created (depending on the system's current create keyword requirements, which may require the create keyword to actually add the new policer ID to the QoS policy) and the system will enter that new policer’s context for possible parameter modification.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [{[port-redirect-group-queue] [queue queue-id] | group group-name [instance instance-id] [queue queue-id]}]
no policer
Context
[Tree] (config>qos>sap-egress>fc policer)
Full Context
configure qos sap-egress fc policer
Description
Within a sap-egress QoS policy forwarding class context, the policer command is used to map packets that match the forwarding class to the specified policer-id. The specified policer-id must already exist within the sap-egress QoS policy. The forwarding class of the packet is first discovered at ingress, based on the ingress classification rules. When the packet arrives at egress, the sap-egress QoS policy may match a forwarding class reclassification rule that overrides the ingress derived forwarding class. The forwarding class context within the sap-egress QoS policy is then used to map the packet to an egress queue (using the queue queue-id, or port-redirect-group queue queue-id, or group queue-group-name instance instance-id queue queue-id commands) or an egress policer (policer policer-id). The queue and policer commands within the forwarding class context are mutually exclusive. By default, the forwarding class is mapped to the SAP egress default queue (queue 1). If the policer policer- id command is executed, any previous policer mapping or queue mapping for the forwarding class is overridden if the policer mapping is successful.
A policer defined within the sap-egress policy is not actually created on an egress SAP, or a subscriber using an SLA profile where the policy is applied, until at least one forwarding class is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber, or egress policing is not supported on the port associated with the SAP or subscriber, the initial forwarding class mapping will fail.
Packets that are mapped to an egress policer that are not discarded by the policer must be placed into a default queue on the packet’s destination port. The system uses egress port queue groups for this purpose. An egress queue group named policer-output-queues is automatically created on each port that supports egress policers. By default, the system uses the forwarding class mappings within this queue group to decide which queue within the group will receive each packet output from the policer. This default policer output queuing behavior may be overridden for non-subscriber packets by redirection to a queue group. The name and instance of the queue group to redirect to is either specified in the QoS policy, or the fact that a forwarding class must be redirected is identified in the QoS policy and the specific queue group instance is only identified at the time the QoS policy is applied:
-
If the policer policer-id command is successfully executed, the default egress queuing is performed for the forwarding class using the policer-output-queues queue group and the queue-id within the group based on the forwarding class map from the group template.
-
If the policer policer-id queue queue-id command is successfully executed, the specified SAP queue-id within the egress QoS policy is used instead of the default policer output queues.
-
If the policer policer-id port-redirect-group-queue keyword is successfully executed, the system will map the forwarding class to the queue within the egress queue group instance specified at the time the QoS policy is applied to the SAP, using the forwarding class map from the queue group template.
-
If the policer policer-id port-redirect-group queue queue-id command is successfully executed, the system will map the forwarding class to the configured queue-id within the egress queue group instance that is specified at the time the QoS policy is applied to the SAP (ignoring using the forwarding class map from the queue group template).
-
If the policer policer-id group queue-group-name instance instance-id command is successfully executed, the system will map the forwarding class to the queue within the specified egress queue group instance using the forwarding class map from the group template.
-
If the policer policer-id group queue-group-name instance instance-id queue queue-id command is successfully executed, the system will map the forwarding class to the specified queue-id within the specified egress queue group instance (ignoring the forwarding class map in the group template).
If the specified group group-name is not defined as an egress queue-group-template, the policer command will fail. Also, if the specified group does not exist on the port for the SAPs or subscribers associated with the sap-egress QoS policy, the policer command will fail. While a group queue-group-name is specified in a sap-egress QoS policy, the groups corresponding egress template cannot be deleted. While a port egress queue group is associated with a policer instance, the port queue group cannot be deleted.
If the specified queue queue-id is not defined in the egress queue-group-template queue-group- name, the policer command will fail. While a queue-id within an egress queue group template is referenced by a sap-egress QoS policy forwarding class policer command, the queue cannot be deleted from the queue group template.
If an egress policed packet is discarded by the egress port queue group queue, the source policer discard stats are incremented. This means that the discard counters for the policer represent both the policer discard events and the destination queue drop tail events associated with the policer.
The no form of this command is used to restore the mapping of the forwarding class to the default queue. If all forwarding classes have been removed from the default queue, the queue will not exist on the SAPs or subscribers associated with the QoS policy and the no policer command will cause the system to attempt to create the default queue on each object. If the system cannot create the default queue in each instance, the no policer command will fail and the forwarding class will continue its mapping to the existing policer-id. If the no policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscribers will be lost.
Default
no policer
Parameters
- policer-id
-
When the forwarding class policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-egress QoS policy.
- port-redirect-group-queue
-
Used to override the forwarding class default egress queue destination to an egress port queue group. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the SAP. Therefore, this parameter is only valid if SAP-based redirection is required.
- queue queue-id
-
This parameter overrides the forwarding class default egress queue destination to a specified queue-id. If port-redirect-group is not configured, this will be a local SAP queue of that queue-id. A queue of ID queue-id must exist within the egress QoS policy. If port-redirect-group-queue is configured, the queue queue-id in the egress port queue group instance is used.
- group group-name
-
The group queue-group-name is optional and is used to override the forwarding class's default egress queue destination. If the queue group-queue-id parameter is not specified, the forwarding class map within the specified group's template is used to derive which queue within the group will receive the forwarding class's packets. An egress queue group template must exist for the specified queue-group-name or the policer command will fail. The specified queue-group-name must also exist as an egress queue group on the ports where SAPs and subscribers associated with the sap-egress policy are applied or the policer command will fail.
- queue queue-id
-
The queue group-queue-id is optional when the group queue-group-name parameter is specified and is used to override the forwarding class mapping within the group's egress queue group template. The specified group-queue-id must exist within the group's egress queue group template or the policer command will fail.
- instance instance-id
-
This parameter is used to specify the specific instance of a queue group with template queue-group-name to which this queue should be redirected. This parameter is only valid for queue groups on egress ports where policy-based redirection is required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [create]
no policer
Context
[Tree] (config>qos>sap-egress policer)
Full Context
configure qos sap-egress policer
Description
A policer defined within the sap-egress policy is not actually created on an egress SAP, or a subscriber using an SLA profile where the policy is applied, until at least one forwarding class is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber, or egress policing is not supported on the port associated with the SAP or subscriber, the initial forwarding class mapping will fail.
Packets that are mapped to an egress policer that are not discarded by the policer must be placed into a default queue on the packet’s destination port. The system uses egress port queue groups for this purpose. An egress queue group named policer-output-queues is automatically created on each port that supports egress policers. By default, the system uses the forwarding class mappings within this queue group to decide which queue within the group will receive each packet output from the policer. This default policer output queuing behavior may be overridden for non-subscriber packets by redirection to a queue group. The name and instance of the queue group to redirect to is either specified in the QoS policy, or the fact that a forwarding class must be redirected is identified in the QoS policy and the specific queue group instance is only identified at the time the QoS policy is applied:
-
If the policer policer-id command is successfully executed, the default egress queuing is performed for the forwarding class using the policer-output-queues queue group and the queue-id within the group based on the forwarding class map from the group template.
-
If the policer policer-id queue queue-id command is successfully executed, the specified SAP queue-id within the egress QoS policy is used instead of the default policer output queues.
-
If the policer policer-id port-redirect-group-queue keyword is successfully executed, the system will map the forwarding class to the queue within the egress queue group instance specified at the time the QoS policy is applied to the SAP, using the forwarding class map from the queue group template.
-
If the policer policer-id port-redirect-group queue queue-id command is successfully executed, the system will map the forwarding class to the configured queue-id within the egress queue group instance that is specified at the time the QoS policy is applied to the SAP (ignoring using the forwarding class map from the queue group template).
-
If the policer policer-id group queue-group-name instance instance-id command is successfully executed, the system will map the forwarding class to the queue within the specified egress queue group instance using the forwarding class map from the group template.
-
If the policer policer-id group queue-group-name instance instance-id queue queue-id command is successfully executed, the system will map the forwarding class to the specified queue-id within the specified egress queue group instance (ignoring the forwarding class map in the group template).
If the specified group group-name is not defined as an egress queue-group-template, the policer command will fail. Also, if the specified group does not exist on the port for the SAPs or subscribers associated with the sap-egress QoS policy, the policer command will fail. While a group queue-group-name is specified in a sap-egress QoS policy, the groups corresponding egress template cannot be deleted. While a port egress queue group is associated with a policer instance, the port queue group cannot be deleted.
If the specified queue queue-id is not defined in the egress queue-group-template queue-group- name, the policer command will fail. While a queue-id within an egress queue group template is referenced by a sap-egress QoS policy forwarding class policer command, the queue cannot be deleted from the queue group template.
If an egress policed packet is discarded by the egress port queue group queue, the source policer discard stats are incremented. This means that the discard counters for the policer represent both the policer discard events and the destination queue drop tail events associated with the policer.
The no form of this command is used to restore the mapping of the forwarding class to the default queue. If all forwarding classes have been removed from the default queue, the queue will not exist on the SAPs or subscribers associated with the QoS policy and the no policer command will cause the system to attempt to create the default queue on each object. If the system cannot create the default queue in each instance, the no policer command will fail and the forwarding class will continue its mapping to the existing policer-id. If the no policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscribers will be lost.
Default
no policer
Parameters
- policer-id
-
When the forwarding class policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-egress QoS policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
policer policer-id [create]
no policer policer-id
Context
[Tree] (cfg>qos>qgrps>egr>queue-group policer)
[Tree] (config>qos>qgrps>ing>queue-group policer)
Full Context
configure qos queue-group-templates egress queue-group policer
configure qos queue-group-templates ingress queue-group policer
Description
This command is used in ingress and egress queue-group templates to create, modify, or delete a policer.
Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. While a policer may be defined in a queue-group template, it is not actually created until the queue-group template is instantiated on the ingress context of a forwarding plane or on the egress context of a port.
When a policer is created, the policer's metering rate and profiling rates may be defined, as well as the policer's maximum and committed burst sizes (MBS and CBS, respectively). Unlike queues that have dedicated counters, policers allow various stat-mode settings that define the counters that will be associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet based on a defined number of bytes.
When a policer is created, it cannot be deleted from the queue-group template unless any forwarding classes that are redirected to the policer are first removed.
The no version of this command deletes the policer.
Parameters
- policer-id
-
The policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID will be created (depending on the system's current create keyword requirements, which may require the create keyword to actually add the new policer ID to the QoS policy) and the system enters that new policer’s context for possible parameter modification.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer
Syntax
[no] policer policer-id
Context
[Tree] (config>log>acct-policy>cr policer)
Full Context
configure log accounting-policy custom-record policer
Description
This command creates a policer context for which counters should be included in the custom-record.
The no form of this command deletes the policer and its counters from the custom-record.
Parameters
- policer-id
-
Specifies the policer for which counters should be included in or deleted from the custom-record.
Platforms
All
policer
Syntax
[no] policer policer-id
Context
[Tree] (config>router>policy-acct-template policer)
Full Context
configure router policy-acct-template policer
Description
Commands in this context configure policer index information. Each policy accounting template supports up to 63 policers.
Policing by action of a policy accounting template is only supported by FP4 cards and systems.
The no form of this command deletes the policer ID from the configuration.
Parameters
- policer-id
-
Specifies the policer index.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policer-control-override
policer-control-override
Syntax
policer-control-override [create]
no policer-control-override
Context
[Tree] (config>card>fp>ingress>access>queue-group policer-control-override)
[Tree] (config>card>fp>ingress>network>queue-group policer-control-override)
Full Context
configure card fp ingress access queue-group policer-control-override
configure card fp ingress network queue-group policer-control-override
Description
This command configures policer control overrides.
Parameters
- create
-
Keyword required to create a new policer control override instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-override
Syntax
policer-control-override [create]
no policer-control-override
Context
[Tree] (config>service>epipe>sap>egress policer-control-override)
[Tree] (config>service>epipe>sap>ingress policer-control-override)
[Tree] (config>service>ipipe>sap>egress policer-control-override)
[Tree] (config>service>cpipe>sap>egress policer-control-override)
[Tree] (config>service>cpipe>sap>ingress policer-control-override)
[Tree] (config>service>ipipe>sap>ingress policer-control-override)
Full Context
configure service epipe sap egress policer-control-override
configure service epipe sap ingress policer-control-override
configure service ipipe sap egress policer-control-override
configure service cpipe sap egress policer-control-override
configure service cpipe sap ingress policer-control-override
configure service ipipe sap ingress policer-control-override
Description
This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.
The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.
Default
no policer-control-override
Parameters
- create
-
The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service epipe sap egress policer-control-override
- configure service ipipe sap ingress policer-control-override
- configure service ipipe sap egress policer-control-override
- configure service epipe sap ingress policer-control-override
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress policer-control-override
- configure service cpipe sap egress policer-control-override
policer-control-override
Syntax
policer-control-override [create]
no policer-control-override
Context
[Tree] (config>service>vpls>sap>egress policer-control-override)
[Tree] (config>service>vpls>sap>ingress policer-control-override)
Full Context
configure service vpls sap egress policer-control-override
configure service vpls sap ingress policer-control-override
Description
This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.
The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.
Default
no policer-control-override
Parameters
- create
-
The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-override
Syntax
policer-control-override [create]
no policer-control-override
Context
[Tree] (config>service>ies>if>sap>egress policer-control-override)
[Tree] (config>service>ies>if>sap>ingress policer-control-override)
Full Context
configure service ies interface sap egress policer-control-override
configure service ies interface sap ingress policer-control-override
Description
This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.
The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.
Default
no policer-control-override
Parameters
- create
-
The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-override
Syntax
policer-control-override [create]
no policer-control-override
Context
[Tree] (config>service>vprn>if>sap>egress policer-control-override)
[Tree] (config>service>vprn>if>sap>ingress policer-control-override)
Full Context
configure service vprn interface sap egress policer-control-override
configure service vprn interface sap ingress policer-control-override
Description
This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.
The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.
Default
no policer-control-override
Parameters
- create
-
The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
policer-control-policy
Syntax
policer-control-policy policy-name [create]
no policer-control-policy
Context
[Tree] (config>subscr-mgmt>sub-prof>ingress policer-control-policy)
[Tree] (config>subscr-mgmt>sub-prof>egress policer-control-policy)
Full Context
configure subscriber-mgmt sub-profile ingress policer-control-policy
configure subscriber-mgmt sub-profile egress policer-control-policy
Description
This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies the policer control policy name. Each policer-control-policy must be created with a unique policy name. The name given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
- create
-
The create keyword is required when a new policy is being created and the system is configured for explicit object creation mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>egress policer-control-policy)
[Tree] (config>service>vprn>sub-if>grp-if>sap>egress policer-control-policy)
[Tree] (config>service>ies>sub-if>grp-if>sap>ingress policer-control-policy)
Full Context
configure service ies subscriber-interface group-interface sap egress policer-control-policy
configure service vprn subscriber-interface group-interface sap egress policer-control-policy
configure service ies subscriber-interface group-interface sap ingress policer-control-policy
Description
This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.
The no form of this command resets the command to the default setting.
Parameters
- policy-name
-
Specifies the policer control policy name. Each policer control policy name must be unique and adhere to the system policy ASCII naming requirements. If the defined policy name already exists, the system enters that policy’s context for editing purposes. If policy-name does not exist, the system attempts to create a policy with the specified name.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer-control-policy
Syntax
policer-control-policy policer-control-policy-name
no policer-control-policy
Context
[Tree] (config>card>fp>ingress>access>queue-group policer-control-policy)
[Tree] (config>card>fp>ingress>network>queue-group policer-control-policy)
Full Context
configure card fp ingress access queue-group policer-control-policy
configure card fp ingress network queue-group policer-control-policy
Description
This command configures an policer-control policy that can apply to a queue-group on the forwarding plane.
The no form of this command removes the policer-control policy association from the queue-group.
Default
no policer-control-policy
Parameters
- policer-control-policy-name
-
Specifies the name of the policer-control policy to use for the queue-group. The name can be up to 32 characters long.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>port>ethernet>network>egress>queue-group>policer-control-policy policer-control-policy)
Full Context
configure port ethernet network egress queue-group policer-control-policy policer-control-policy
Description
This command configures the policer control policy for the QoS egress queue-group.
Parameters
- policy-name
-
Specifies the name of the policer control policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>service>cpipe>sap>ingress policer-control-policy)
[Tree] (config>service>cpipe>sap>egress policer-control-policy)
[Tree] (config>service>ipipe>sap>egress policer-control-policy)
[Tree] (config>service>ipipe>sap>ingress policer-control-policy)
[Tree] (config>service>epipe>sap>ingress policer-control-policy)
[Tree] (config>service>epipe>sap>egress policer-control-policy)
Full Context
configure service cpipe sap ingress policer-control-policy
configure service cpipe sap egress policer-control-policy
configure service ipipe sap egress policer-control-policy
configure service ipipe sap ingress policer-control-policy
configure service epipe sap ingress policer-control-policy
configure service epipe sap egress policer-control-policy
Description
This command, within the QoS CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs.
Policer Control Policy Instances
On the SAP side, an instance of a policy is created each time a policy is applied.
When applied to a sub-profile on a 7450 ESS and 7750 SR, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.
Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.
Maximum Rate and Root Arbiter
The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis.
For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.
The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.
Parent Policer PIR Leaky Bucket Operation
The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.
Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.
Tier 1 and Tier 2 Arbiters
As previously stated, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.
Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.
Fair and Unfair Bandwidth Control
Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.
In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.
The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.
In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.
When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.
Parent Policer Priority Level Thresholds
As stated in the Tier 1 and Tier 2 Arbiter subsection, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.
The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.
To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.
Each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.
Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds
Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.
While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.
To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.
The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.
Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.
Policer Control Policy Application
A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).
The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP context.
Parameters
- policy-name
-
Each policer-control-policy must be created with a unique policy name. The name given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
- create
-
The keyword is required when a new policy is being created and the system is configured for explicit object creation mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress policer-control-policy
- configure service cpipe sap egress policer-control-policy
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service ipipe sap ingress policer-control-policy
- configure service ipipe sap egress policer-control-policy
- configure service epipe sap egress policer-control-policy
- configure service epipe sap ingress policer-control-policy
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>service>vpls>sap>ingress policer-control-policy)
[Tree] (config>service>vpls>sap>egress policer-control-policy)
[Tree] (config>service>template>vpls-sap-template>ingress policer-control-policy)
[Tree] (config>service>template>vpls-sap-template>egress policer-control-policy)
Full Context
configure service vpls sap ingress policer-control-policy
configure service vpls sap egress policer-control-policy
configure service template vpls-sap-template ingress policer-control-policy
configure service template vpls-sap-template egress policer-control-policy
Description
This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.
Policer Control Policy Instances
On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.
Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.
Maximum Rate and Root Arbiter
The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.
The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.
Parent Policer PIR Leaky Bucket Operation
The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.
Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.
Tier 1 and Tier 2 Arbiters
As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.
Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.
Fair and Unfair Bandwidth Control
Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.
In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.
The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.
In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.
When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.
Parent Policer Priority Level Thresholds
As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.
The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.
To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.
As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.
Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds
Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.
While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.
To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.
The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.
Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.
Policer Control Policy Application
A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).
The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.
Parameters
- policy-name
-
Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
- create
-
The keyword is required when a new policy is being created and the system is configured for explicit object creation mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>service>ies>if>sap>ingress policer-control-policy)
[Tree] (config>service>ies>if>sap>egress policer-control-policy)
Full Context
configure service ies interface sap ingress policer-control-policy
configure service ies interface sap egress policer-control-policy
Description
This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.
Policer Control Policy Instances
On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.
Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.
Maximum Rate and Root Arbiter
The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.
The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.
Parent Policer PIR Leaky Bucket Operation
The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.
Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.
Tier 1 and Tier 2 Arbiters
As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.
Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.
Fair and Unfair Bandwidth Control
Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.
In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.
The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.
In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.
When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.
Parent Policer Priority Level Thresholds
As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.
The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.
To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.
As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.
Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds
Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.
While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.
To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.
The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.
Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.
Policer Control Policy Application
A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).
The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.
Parameters
- policy-name
-
Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>service>vprn>if>sap>ingress policer-control-policy)
[Tree] (config>service>vprn>if>sap>egress policer-control-policy)
Full Context
configure service vprn interface sap ingress policer-control-policy
configure service vprn interface sap egress policer-control-policy
Description
This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.
Policer Control Policy Instances
On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.
Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.
Maximum Rate and Root Arbiter
The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.
The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.
Parent Policer PIR Leaky Bucket Operation
The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.
Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.
Tier 1 and Tier 2 Arbiters
As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.
Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.
Fair and Unfair Bandwidth Control
Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.
In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.
The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.
In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.
When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.
Parent Policer Priority Level Thresholds
As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.
The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.
To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.
As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.
Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds
Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.
While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.
To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.
The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.
Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.
Policer Control Policy Application
A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).
The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.
Parameters
- policy-name
-
Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy policy-name [create]
no policer-control-policy policy-name
Context
[Tree] (config>qos policer-control-policy)
Full Context
configure qos policer-control-policy
Description
This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. When created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.
Parameters
- policy-name
-
Each policer-control-policy must be created with a unique policy name. The policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system enters that policy’s context for editing purposes. If policy-name does not exist, the system attempts to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.
- create
-
The create keyword is required when a new policy is being created and the system is configured for explicit object creation mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy policy-name
no policer-control-policy
Context
[Tree] (config>service>cust>multi-service-site>ingress policer-control-policy)
[Tree] (config>service>cust>multi-service-site>egress policer-control-policy)
Full Context
configure service customer multi-service-site ingress policer-control-policy
configure service customer multi-service-site egress policer-control-policy
Description
This command, within the QoS CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs.
Policer Control Policy Instances
On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a 7750 SR or 7450 ESS sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.
Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and not subject to bandwidth control by the policy instance.
Maximum Rate and Root Arbiter
The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For 7750 SR or 7450 ESS subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.
The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and thus the root arbiter’s parent policer.
Parent Policer PIR Leaky Bucket Operation
The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.
Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.
Tier 1 and Tier 2 Arbiters
As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.
Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.
Fair and Unfair Bandwidth Control
Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.
In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair based on the weighted fair output of the policy instance.
The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.
In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.
When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.
Parent Policer Priority Level Thresholds
As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.
The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.
To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.
As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.
Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds
Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.
While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.
In order to derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.
The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.
Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.
Policer Control Policy Application
A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).
The no form of the command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP context.
Parameters
- policy-name
-
Specifies the policy name up to 32 characters in length. Each policer-control-policy must be created with a unique policy name. The name must adhere to the system policy ASCII naming requirements. If the defined policy name already exists, the system will enter that policy’s context for editing purposes. If policy name does not exist, the system will attempt to create a policy with the specified name.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-control-policy
Syntax
policer-control-policy src-name dst-name [ overwrite]
Context
[Tree] (config>qos>copy policer-control-policy)
Full Context
configure qos copy policer-control-policy
Description
This command copies an existing policer-control-policy to another policer-control-policy. The copy command is a configuration level maintenance tool used to create new entries using an existing profile ID. If overwrite is not specified, an error occurs if the destination policy exists.
Parameters
- src-name
-
Specifies the existing source policer-control-policy, up to 32 characters, from which the copy command attempts to copy.
- dst-name
-
Specifies the destination policer-control-policy dst-name, up to 32 characters, to which the copy command attempts to copy.
- overwrite
-
Use this parameter when the policer-control-policy dst-name already exists. If it does, everything in the existing destination policer-control-policy dst-name is completely overwritten with the contents of the policer-control-policy src-name. The overwrite parameter must be specified or else the following error message is returned:
MINOR: CLI Destination "pcp-name2" exists - use {overwrite}.
If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-override
policer-override
Syntax
[no] policer-override
Context
[Tree] (config>card>fp>ingress>access>queue-group policer-override)
[Tree] (config>card>fp>ingress>network>queue-group policer-override)
Full Context
configure card fp ingress access queue-group policer-override
configure card fp ingress network queue-group policer-override
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.
The no form of this command removes any existing policer overrides.
Default
no policer-override
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-override
Syntax
[no] policer-override
Context
[Tree] (config>service>epipe>sap>ingress policer-override)
[Tree] (config>service>cpipe>sap>ingress policer-override)
[Tree] (config>service>cpipe>sap>egress policer-override)
[Tree] (config>service>ipipe>sap>egress policer-override)
[Tree] (config>service>ipipe>sap>ingress policer-override)
[Tree] (config>service>epipe>sap>egress policer-override)
Full Context
configure service epipe sap ingress policer-override
configure service cpipe sap ingress policer-override
configure service cpipe sap egress policer-override
configure service ipipe sap egress policer-override
configure service ipipe sap ingress policer-override
configure service epipe sap egress policer-override
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.
The no form of this command is used to remove any existing policer overrides.
Default
no policer-overrides
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service ipipe sap ingress policer-override
- configure service ipipe sap egress policer-override
- configure service epipe sap ingress policer-override
- configure service epipe sap egress policer-override
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress policer-override
- configure service cpipe sap egress policer-override
policer-override
Syntax
[no] policer-override
Context
[Tree] (config>service>vpls>sap>ingress policer-override)
[Tree] (config>service>vpls>sap>egress policer-override)
Full Context
configure service vpls sap ingress policer-override
configure service vpls sap egress policer-override
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.
The no form of this command is used to remove any existing policer overrides.
Default
no policer-overrides
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-override
Syntax
[no] policer-override
Context
[Tree] (config>service>ies>if>sap>egress policer-override)
[Tree] (config>service>ies>if>sap>ingress policer-override)
Full Context
configure service ies interface sap egress policer-override
configure service ies interface sap ingress policer-override
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.
The no form of this command is used to remove any existing policer overrides.
Default
no policer-override
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-override
Syntax
[no] policer-override
Context
[Tree] (config>service>vprn>if>sap>ingress policer-override)
[Tree] (config>service>vprn>if>sap>egress policer-override)
Full Context
configure service vprn interface sap ingress policer-override
configure service vprn interface sap egress policer-override
Description
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.
The no form of this command is used to remove any existing policer overrides.
Default
no policer-override
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
policer-stats
policer-stats
Syntax
[no] policer-stats
Context
[Tree] (config>app-assure>group>statistics>aa-admit-deny policer-stats)
Full Context
configure application-assurance group statistics aa-admit-deny policer-stats
Description
This command configures whether to include or exclude system and subscriber-level flow count and flow-setup rate policer admit-deny statistics in accounting records.
Default
no policer-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policer-stats-resources
policer-stats-resources
Syntax
[no] policer-stats-resources
Context
[Tree] (config>app-assure>group>statistics>aa-admit-deny policer-stats-resources)
Full Context
configure application-assurance group statistics aa-admit-deny policer-stats-resources
Description
This command allows the operator to allocate or deallocate AA partition resources for policer admit-deny statistics.
Default
no policer-stats-resources
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policers
policers
Syntax
policers policy-limit
no policers
Context
[Tree] (config>card>fp>ingress>policy-accounting policers)
Full Context
configure card fp ingress policy-accounting policers
Description
This command configures the number of policer resources for an policy accounting. Policy accounting can be used to collect statistics about the amount of traffic matching particular routes and, on FP4 cards and systems only, it can also be used to police traffic associated with certain routes as destinations of the traffic.
Using only statistics (policing is not performed) requires the reservation of policer statistics index resources on each FP receiving the traffic to be counted. Every policy-accounting interface on a card or FP uses one of these resources for every source and destination class index listed in the template referenced by the interface. The total reservation at the FP level is set using the configure card slot-number fp fp-number policy-accounting command.
Using FP4 policing requires the above resource, and in addition, policer index resources. Every policy-accounting interface on a card or FP uses one of these resources for every destination class associated with a policer in the template referenced by the interface. The total reservation of this second resource at the FP level is set using the configure card slot-number fp fp-number ingress policy-accounting policers command.
The total number of the above resources, per FP, must be less than or equal to 128000. In addition, the second resource pool size must be less than or equal to the size of the first resource pool.
It is possible to increase or decrease the size of either resource sub pool at any time. A decrease can cause some interfaces (randomly selected) to immediately lose their resources and stop counting or policing some traffic that was previously being counted or policed.
If the policy accounting is enabled on a spoke SDP or R-VPLS interface all FPs in the system should have a reservation for each of the above resources, otherwise the show router interface policy-accounting command output reports that statistics are possibly incomplete.
Default
no policers
Parameters
- policy-limit
-
Specifies the number of policer resources for policy accounting.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policers-hqos-manageable
policers-hqos-manageable
Syntax
[no] policers-hqos-manageable
Context
[Tree] (config>qos>sap-egress policers-hqos-manageable)
Full Context
configure qos sap-egress policers-hqos-manageable
Description
This command enables Hierarchical QoS (HQoS) management of the policiers within the SAP egress policy, when the policy is applied to either the egress SAP configuration or the egress SLA profile, with multiservice sites (MSS) supported for SAPs. When enabled, the system can manage egress policers and queues together in the same HQoS hierarchy.
To be managed by HQoS, egress policers within a SAP egress QoS policy must be configured with either a scheduler-parent or port-parent command or be orphaned to an egress port scheduler applied on a Vport or port.
The policers-hqos-manageable command and parent-location sla or policers with enable-exceed-pir or stat-mode no-stats within a SAP egress QoS policy are mutually exclusive.
To prevent HQoS from measuring the traffic through both a policer managed by HQoS, then again through a post-policer access egress queue group queue, configure post-policer access egress queue groups with no queues-hqos-manageable so their queues are not managed by HQoS.
A post-policer local queue is not supported with HQoS managed policers, nor are those mapped by the use-fc-mapped-queue parameter in a criteria action statement. The policers-hqos-manageable command is not supported for SAP egress dynamic policers or on a 7950 XRS.
The no form of this command rdisables HQoS management of policers within the SAP QoS egress policy.
Default
no policers-hqos-manageable
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, VSR
policers-hqos-manageable
Syntax
[no] policers-hqos-manageable
Context
[Tree] (config>qos>sap-ingress policers-hqos-manageable)
Full Context
configure qos sap-ingress policers-hqos-manageable
Description
This command specifies that the policers within this SAP ingress policy are to be managed by the Hierarchical QoS (HQoS) process when the policy is applied to either the ingress part of a SAP configuration or the ingress part of an SLA profile, with multiservice sites (MSS) supported for SAPs. When enabled, ingress policers and queues can be managed together in the same HQoS hierarchy.
To be managed by HQoS, ingress policers within a SAP ingress QoS policy must be configured with either a scheduler-parent or parent command or be orphaned to an ingress port scheduler applied on a Vport or port. The scheduler-parent and parent commands are mutually exclusive.
The policers-hqos-manageable command and the stat-mode no-stats command within a SAP ingress QoS policy are mutually exclusive.
The no form of this command results in policers within this SAP QoS ingress policy being non-HQoS-manageable.
Default
no policers-hqos-manageable
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s
policing
policing
Syntax
[no] policing
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>test-types policing)
Full Context
configure test-oam service-activation-testhead service-test service-stream test-types policing
Description
This command configures the policing test on the service stream.
The no form of this command removes the configured policing test.
Default
no policing
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policing
Syntax
policing
Context
[Tree] (config>test-oam>service-activation-testhead>service-test>test-duration policing)
Full Context
configure test-oam service-activation-testhead service-test test-duration policing
Description
Commands in this context configure the duration for the policing test type.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policy
policy
Syntax
policy msap-policy-name
no policy
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>msap-defaults policy)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>msap-defaults policy)
Full Context
configure subscriber-mgmt local-user-db ipoe host msap-defaults policy
configure subscriber-mgmt local-user-db ppp host msap-defaults policy
Description
This command configures the MSAP policy.
The no form of this command removes the MSAP policy name from the configuration.
Parameters
- msap-policy-name
-
Specifies the policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy ppp-policy-name
no policy
Context
[Tree] (config>service>ies>sub-if>grp-if>pppoe policy)
[Tree] (config>service>vprn>sub-if>grp-if>pppoe policy)
Full Context
configure service ies subscriber-interface group-interface pppoe policy
configure service vprn subscriber-interface group-interface pppoe policy
Description
This command specifies the PPPoE policy on this interface.
The no form of this command reverts to the default.
Default
policy "default”
Parameters
- ppp-policy-name
-
Specifies the PPP policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy policy-name
no policy
Context
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac policy)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac policy
Description
This command configures the multicast CAC policy name.
The no form of this command reverts to the default.
Parameters
- policy-name
-
The multicast CAC policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy name1 [name2] [ name3] [name4] [name5]
no policy
Context
[Tree] (config>subscr-mgmt>sub-prof>rad-acct policy)
Full Context
configure subscriber-mgmt sub-profile radius-accounting policy
Description
This command specifies the RADIUS accounting policy for the subscriber that is using this subscriber profile. This command allows the configuration of up to five RADIUS accounting policies. The RADIUS accounting policies function according to their respective configuration, including the individual accounting mode, their own included attributes, and the update interval.
Parameters
- name1
-
Specifies the name of the RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.
- name2
-
Specifies the name of the second RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.
- name3
-
Specifies the name of the third RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.
- name4
-
Specifies the name of the fourth RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.
- name5
-
Specifies the name of the fifth RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy vrrp-policy-id
no policy[vrrp-policy-id]
Context
[Tree] (config>service>vprn>sub-if>grp-if>srrp policy)
[Tree] (config>service>ies>sub-if>grp-if>srrp policy)
Full Context
configure service vprn subscriber-interface group-interface srrp policy
configure service ies subscriber-interface group-interface srrp policy
Description
This command associates one or more VRRP policies with the SRRP instance. A VRRP policy is a collection of connectivity and verification tests used to manipulate the in-use priorities of VRRP and SRRP instances. A VRRP policy can test the link state of ports, ping IP hosts, discover the existence of routes in the routing table or the ability to reach Layer 2 hosts. When one or more of these tests fail, the VRRP policy has the option of decrementing or setting an explicit value for the in-use priority of an SRRP instance.
More than one VRRP policy may be associated with an SRRP instance. When more than one VRRP policy is associated with an SRRP instance the delta decrement of the in-use priority is cumulative unless one or more test fail that have explicit priority values. When one or more explicit tests fail, the lowest priority value event takes effect for the SRRP instance. When the highest delta-in-use-limit is used to manage the lowest delta derived in-use priority for the SRRP instance.
VRRP policy associations may be added and removed at any time. A maximum of two VRRP policies can be associated with a single SRRP instance.
The no form of this command removes the association with the vrrp-policy-id from the SRRP instance.
Parameters
- vrrp-policy-id
-
Specifies one or more VRRP policies with the SRRP instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
[no] policy policy-name
Context
[Tree] (debug>diam>application policy)
Full Context
debug diameter application policy
Description
This command debugs Diameter applications for a particular application policy.
Parameters
- policy-name
-
Specifies the policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy msap-policy-name
no policy
Context
[Tree] (config>service>vpls>sap>msap-defaults policy)
Full Context
configure service vpls sap msap-defaults policy
Description
This command sets default msap-policy for all subscribers created based on trigger packets received on the specified capture-sap in case the corresponding VSA is not included in the RADIUS authentication response. This command is applicable to capture SAP only.
Default
no policy
Platforms
All
policy
Syntax
policy policy-name
no policy
Context
[Tree] (config>service>pw-template>igmp-snooping>mcac policy)
[Tree] (config>service>vpls>spoke-sdp>mld-snooping>mcac policy)
[Tree] (config>service>vpls>sap>igmp-snooping>mcac policy)
[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>mcac policy)
[Tree] (config>service>vpls>mesh-sdp>mld-snooping>mcac policy)
[Tree] (config>service>vpls>sap>mld-snooping>mcac policy)
[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>mcac policy)
Full Context
configure service pw-template igmp-snooping mcac policy
configure service vpls spoke-sdp mld-snooping mcac policy
configure service vpls sap igmp-snooping mcac policy
configure service vpls mesh-sdp igmp-snooping mcac policy
configure service vpls mesh-sdp mld-snooping mcac policy
configure service vpls sap mld-snooping mcac policy
configure service vpls spoke-sdp igmp-snooping mcac policy
Description
This command configures the multicast CAC policy name. MCAC policy is not supported with MLD-snooping, therefore executing the command in the mld-snooping contexts will return an error.
Parameters
- policy-name
-
Specifies the multicast CAC policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
policy
Syntax
policy vrrp-policy-id
no policy
Context
[Tree] (config>service>ies>if>ipv6>vrrp policy)
Full Context
configure service ies interface ipv6 vrrp policy
Description
This command creates VRRP control policies. The VRRP policy ID must be created by the policy command prior to association with the virtual router instance.
The policy command provides the ability to associate a VRRP priority control policy to a virtual router instance. The policy may be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base-priority dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority may eventually be restored to the base-priority value.
The policy command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base-priority will be used as the in-use priority.
The no form of this command removes any existing VRRP priority control policy association from the virtual router instance. All such associations must be removed prior to the policy being deleted from the system.
Parameters
- vrrp-policy-id
-
The vrrp-policy-id parameter associated the corresponding VRRP priority control policy-id with the virtual router instance. The vrrp-policy-id must already exist in the system for the policy command to be successful.
Platforms
All
policy
Syntax
policy vrrp-policy-id
no policy
Context
[Tree] (config>service>ies>if>vrrp policy)
Full Context
configure service ies interface vrrp policy
Description
This command creates VRRP control policies. The VRRP policy ID must be created by the policy command prior to association with the virtual router instance.
The policy command provides the ability to associate a VRRP priority control policy to a virtual router instance. The policy may be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base-priority dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority may eventually be restored to the base-priority value.
The policy command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base-priority will be used as the in-use priority.
The no form of this command removes any existing VRRP priority control policy association from the virtual router instance. All such associations must be removed prior to the policy being deleted from the system.
Parameters
- vrrp-policy-id
-
The vrrp-policy-id parameter associated the corresponding VRRP priority control policy-id with the virtual router instance. The vrrp-policy-id must already exist in the system for the policy command to be successful.
Platforms
All
policy
Syntax
policy policy-name
no policy
Context
[Tree] (config>service>vprn>bgp>next-hop-res policy)
Full Context
configure service vprn bgp next-hop-resolution policy
Description
This command specifies the name of a policy statement to use with the BGP next-hop resolution process. The policy controls which IP routes in RTM are eligible to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next-hops to MPLS tunnels. If a BGP next-hop of an IPv4 or IPv6 route R is resolved in RTM and the longest matching route for the next-hop address is an IP route N that is rejected by the policy then route R is unresolved; if the route N is accepted by the policy then it becomes the resolving route for R.
The default next-hop resolution policy (when the no policy command is configured) is to use the longest matching active route in RTM that is not a BGP route (unless use-bgp-routes is configured), an aggregate route or a subscriber management route.
Default
no policy
Parameters
- policy-name
-
Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.
Platforms
All
policy
Syntax
policy policy-name
no policy
Context
[Tree] (config>service>vprn>igmp>if>mcac policy)
[Tree] (config>service>vprn>pim>if>mcac policy)
[Tree] (config>service>vprn>mld>grp-if>mcac policy)
[Tree] (config>service>vprn>igmp>grp-if>mcac policy)
Full Context
configure service vprn igmp interface mcac policy
configure service vprn pim interface mcac policy
configure service vprn mld group-interface mcac policy
configure service vprn igmp group-interface mcac policy
Description
This command references the global channel bandwidth definition policy that is used for HMCAC and HQoS Adjust.
HQoS Adjustment is supported with redirection enabled or per-host-replication disabled. In other words, the policy from the redirected interface is used for HQoS Adjustment.
Hierarchical MCAC (HMCAC) is supported with redirection enabled or per-host-replication disabled. In HMCAC, the subscriber is checked first against its bandwidth limits followed by the check on the redirected interface against the bandwidth limits defined under the redirected interface. In the HMCAC case, the channel definition policy must be referenced under the redirected interface level.
Parameters
- policy-name
-
Specifies the name of the global MCAC channel definition policy defined under the hierarchy config>router>mcac>policy. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
Platforms
All
- configure service vprn pim interface mcac policy
- configure service vprn igmp interface mcac policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn mld group-interface mcac policy
- configure service vprn igmp group-interface mcac policy
policy
Syntax
policy vrrp-policy-id
no policy
Context
[Tree] (config>service>vprn>if>ipv6>vrrp policy)
[Tree] (config>service>vprn>if>vrrp policy)
Full Context
configure service vprn interface ipv6 vrrp policy
configure service vprn interface vrrp policy
Description
This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).
Parameters
- vrrp-policy-id
-
Specifies a VRRP priority control policy.
Platforms
All
policy
Syntax
policy
Context
[Tree] (config>app-assure>group policy)
Full Context
configure application-assurance group policy
Description
Commands in this context configure parameters for application assurance policy. To edit any policy content begin command must be executed first to enter editing mode. The editing mode is left when the abort or commit commands are issued.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy aa-sub {sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name} [create]
no policy aa-sub {sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name}
Context
[Tree] (config>app-assure>group>policy-override policy)
Full Context
configure application-assurance group policy-override policy
Description
This command specifies a given SAP or SDP to be used for a static policy override.
The no form of this command removes the policy override.
Parameters
- sap-id
-
Specifies the physical port identifier portion of the SAP definition.
- sdp-id:vc-id
-
Specifies the spoke SDP ID and VC ID.
- transit-aasub-name
-
Specifies an existing transit subscriber name, up to 32 characters.
- create
-
Keyword used to create the policy override.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policy
Syntax
policy policy-name
no policy
Context
[Tree] (config>router>pim>interface policy)
[Tree] (config>router>igmp>interface>mcac policy)
[Tree] (config>router>mld>interface policy)
[Tree] (config>router>igmp>grp-if>mcac policy)
[Tree] (config>router>mld>group-interface policy)
[Tree] (config>router>mcac policy)
Full Context
configure router pim interface policy
configure router igmp interface mcac policy
configure router mld interface policy
configure router igmp group-interface mcac policy
configure router mld group-interface policy
configure router mcac policy
Description
This command references the global channel bandwidth definition policy that is used for (H)MCAC and HQoS adjustment.
Within the scope of HQoS adjustment, the channel definition policy under the group-interface is used if redirection is disabled. In this case, the HQoS adjustment can be applied to IPoE subscribers in per-SAP replication mode.
If redirection is enabled, the channel bandwidth definition policy applied under the Layer 3 redirected interface is in effect.
Hierarchical MCAC (HMCAC) is supported on two levels simultaneously:
-
subscriber level and redirected interface in case that redirection is enabled
-
subscriber level and group-interface level in case that redirection is disabled
In HMCAC, the subscriber is first checked against its bandwidth limits followed by the check on the redirected interface (or group-interface) against the bandwidth limits there.
In the case that the redirection is enabled but the policy is referenced only under the group-interface, no admission control will be executed (HMCAC or MCAC).
Parameters
- policy-name
-
Specifies the name of the global MCAC channel definition policy, up to 32 characters, defined under the hierarchy config>router>mcac>policy.
Platforms
All
- configure router pim interface policy
- configure router mcac policy
- configure router mld interface policy
- configure router igmp interface mcac policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure router mld group-interface policy
- configure router igmp group-interface mcac policy
policy
Syntax
policy vrrp-policy-id
no policy
Context
[Tree] (config>router>if>ipv6>vrrp policy)
[Tree] (config>router>if>vrrp policy)
Full Context
configure router interface ipv6 vrrp policy
configure router interface vrrp policy
Description
This command adds a VRRP priority control policy association with the virtual router instance.
To further augment the virtual router instance base priority, VRRP priority control policies can be used to override or adjust the base priority value depending on events or conditions within the chassis.
The policy can be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base priority set with the priority command dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority can eventually be restored to the base priority value.
The policy command is only available in the non-owner vrrp nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base priority is used as the in-use priority.
The no form of the command removes existing VRRP priority control policy associations from the virtual router instance. All associations must be removed prior to deleting the policy from the system.
Default
no policy — No VRRP priority control policy is associated with the virtual router instance.
Parameters
- vrrp-policy-id
-
The policy ID of the VRRP priority control expressed as a decimal integer. The vrrp-policy-id must already exist for the command to function.
Platforms
All
policy
Syntax
policy policy-id context context-value
policy policy-id context name name
no policy policy-id
Context
[Tree] (config>vrrp policy)
Full Context
configure vrrp policy
Description
This command creates the context to configure a VRRP priority control policy which is used to control the VRRP in-use priority based on priority control events. It is a parental node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions.
The virtual router instance priority command defines the initial or base value to be used by non-owner virtual routers. This value can be modified by assigning a VRRP priority control policy to the virtual router instance. The VRRP priority control policy can override or diminish the base priority setting to establish the actual in-use priority of the virtual router instance.
The policy policy-id command must be created first, before it can be associated with a virtual router instance.
Because VRRP priority control policies define conditions and events that must be maintained, they can be resource intensive. The number of policies is limited to 1000.
The policy-id do not have to be consecutive integers. The range of available policy identifiers is from 1 to 9999.
The no form of the command deletes the specific policy-id from the system. The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail.
Parameters
- policy-id
-
The VRRP priority control ID expressed as a decimal integer that uniquely identifies this policy from any other VRRP priority control policy defined on the system. Up to 1000 policies can be defined.
- context-value
-
Specifies the service ID to which this policy applies. A value of zero (0) means that this policy does not apply to a service but applies to the base router instance.
Platforms
All
policy
Syntax
policy cpu-protection-policy-id [create]
no policy cpu-protection-policy-id
Context
[Tree] (config>sys>security>cpu-protection policy)
Full Context
configure system security cpu-protection policy
Description
This command configures CPU protection policies.
The no form of this command deletes the specified policy from the configuration.
Policies 254 and 255 are reserved as the default access and network interface policies, and cannot de deleted. The parameters within these policies can be modified. An event will be logged (warning) when the default policies are modified.
Default
Policy 254 (default access interface policy):
-
per-source-rate: max (no limit)
-
overall-rate: 6000
-
out-profile–rate: 6000
-
alarm
Policy 255 (default network interface policy):
-
per-source-rate: max (no limit)
-
overall-rate: max (no limit)
-
out-profile-rate: 3000
-
alarm
Parameters
- cpu-protection-policy-id
-
Assigns a policy ID to the specific CPU protection policy.
- create
-
Keyword used to create CPU protection policy. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
policy
Syntax
policy policy-name [create] [type {access-network | port}]
no policy policy-name
Context
[Tree] (config>sys>security>dist-cpu-protection policy)
Full Context
configure system security dist-cpu-protection policy
Description
This command configures one of the maximum 18 Distributed CPU Protection (DCP) policies. These policies can be applied to objects such as SAPs, network interfaces or ports.
Parameters
- policy-name
-
Specifies the name of the policy, up to 32 characters.
- create
-
Keyword used to create a new policy.
- type
-
Specifies the Distributed CPU protection type for the policy.
Platforms
All
policy
Syntax
policy policy-name
no policy
Context
[Tree] (config>router>bgp>next-hop-resolution policy)
Full Context
configure router bgp next-hop-resolution policy
Description
This command specifies the policy statement name to use with the BGP next-hop resolution process. The policy determines the eligibility of IP routes in the RTM to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next hops to MPLS tunnels.
For example, if a BGP next hop of an IPv4 or IPv6 route R is resolved in RTM and the longest matching route for the next-hop address is an IP route N that is rejected by the policy then route R is unresolved. If the route N is accepted by the policy, it becomes the resolving route for R.
The no form of this command reverts to the default next-hop resolution policy, which uses the longest matching active route in RTM that is not a BGP route (unless use-bgp-routes is configured), an aggregate route or a subscriber management route.
Default
no policy
Parameters
- policy-name
-
Specifies the route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.
Platforms
All
policy
Syntax
policy plcy-or-long-expr
no policy
Context
[Tree] (config>router>policy-options>policy-statement>entry>from policy)
Full Context
configure router policy-options policy-statement entry from policy
Description
This command is used to call another policy by name and evaluate it as a subroutine, or to evaluate a logical expression of subroutine policies.
If the result of the subroutine evaluation is an 'accept', then the route is considered to match the entry in the parent policy that called the subroutine. If the result of the subroutine evaluation is a 'reject’, then the route is considered a non-match of the entry in the parent policy that called the subroutine.
Up to 3 levels of subroutine calls are supported. If a subroutine at maximum depth has this command, it is automatically considered a non-match of all routes.
The no form of this command removes the policy statement as a match criterion.
Default
no policy
Parameters
- plcy-or-long-expr
-
Specifies the name of a single policy-statement (up to 64 characters in length) or a policy logical expression (up to 255 characters in length) consisting of policy-statement names (enclosed in square brackets), logical operations ('and’, 'or’, 'not’), and parentheses for grouping.
Platforms
All
policy
Syntax
policy plcy-or-long-expr
no policy
Context
[Tree] (config>router>policy-options>policy-statement>entry>action policy)
Full Context
configure router policy-options policy-statement entry action policy
Description
This command configures a nested policy statement as a match criterion for the route policy entry.
Policy statements are configured at the global route policy level (config>router>policy-options policy-statement).
The command is used to call another policy by name and evaluate it as a subroutine. If the result of the subroutine evaluation is an 'accept', then the route is considered to match the entry in the parent policy that called the subroutine. If the result of the subroutine evaluation is a 'reject’, then the route is considered a non-match of the entry in the parent policy that called the subroutine. Up to 3 levels of subroutine calls are supported. If a subroutine at maximum depth has this command, it is automatically considered a non-match of all routes.
The no form of this command removes the policy statement as a match criterion.
Default
no policy
Parameters
- plcy-or-long-expr
-
Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
policy
Syntax
[no] policy association-name
Context
[Tree] (config>router>pcep>pcc>pce-assoc policy)
Full Context
configure router pcep pcc pce-associations policy
Description
This command creates a named PCE policy association from which the parameters for specified policy association are configured.
The no form of the command deletes the specified policy association.
Parameters
- association-name
-
Specifies the name of the policy association, up to 32 characters.
Platforms
All
policy
Syntax
[no] policy policy-assoc-name
Context
[Tree] (config>router>mpls>lsp>pce-assoc policy)
[Tree] (config>router>mpls>lsp-template>pce-assoc policy)
Full Context
configure router mpls lsp pce-associations policy
configure router mpls lsp-template pce-associations policy
Description
This command binds the LSP to a named policy association. The policy association name must exist under the PCC. Up to five policy associations can be configured per LSP.
The no form of the command removes the LSP binding from the specified policy association.
Parameters
- policy-assoc-name
-
Specifies the name of an existing policy association, up to 32 characters.
Platforms
All
policy-accounting
policy-accounting
Syntax
policy-accounting
Context
[Tree] (config>card>fp>ingress policy-accounting)
Full Context
configure card fp ingress policy-accounting
Description
Commands in this context configure policy accounting FP information.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policy-accounting
Syntax
policy-accounting template-name
no policy-accounting
Context
[Tree] (config>service>vprn>sub-if>grp-if>ingress policy-accounting)
Full Context
configure service vprn subscriber-interface group-interface ingress policy-accounting
Description
This command configures the specified policy accounting template.
The no form of this command disables the policy accounting template.
Parameters
- template-name
-
Specifies the template name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-s
policy-accounting
Syntax
policy-accounting <template-name>
no policy-accounting
Context
[Tree] (config>service>vprn>if>ingress policy-accounting)
Full Context
configure service vprn interface ingress policy-accounting
Description
This command configures the service VPRN interface ingress policy accounting
Parameters
- template-name
-
Specifies the template name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policy-accounting
Syntax
policy-accounting <template-name>
no policy-accounting
Context
[Tree] (config>service>ies>if>ingress policy-accounting)
Full Context
configure service ies interface ingress policy-accounting
Description
This command configures the service IES interface ingress policy accounting
Parameters
- template-name
-
Specifies the template name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policy-accounting
Syntax
policy-accounting template-name
no policy-accounting
Context
[Tree] (config>router>if>ingress policy-accounting)
Full Context
configure router interface ingress policy-accounting
Description
This command applies a policy accounting template to the associated interface.
The no form of this command removes the policy accounting template.
Parameters
- template-name
-
Specifies the template name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policy-acct-template
policy-acct-template
Syntax
[no] policy-acct-template template-name
Context
[Tree] (config>router policy-acct-template)
Full Context
configure router policy-acct-template
Description
This command configures a policy accounting template.
The no form of this command deletes the specified policy accounting template.
Parameters
- template-name
-
Specifies the template name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
policy-control
policy-control
Syntax
policy-control diameter-policy-name
no policy-control
Context
[Tree] (config>service>ies>sub-if>grp-if policy-control)
[Tree] (config>service>vprn>sub-if>grp-if policy-control)
Full Context
configure service ies subscriber-interface group-interface policy-control
configure service vprn subscriber-interface group-interface policy-control
Description
This command configures a policy-control policy for the interface.
The no form of this command reverts to the default.
Parameters
- diameter-policy-name
-
Specifies the name of an existing diameter policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
policy-options
policy-options
Syntax
[no] policy-options
Context
[Tree] (config>router policy-options)
Full Context
configure router policy-options
Description
Commands in this context configure route policies. Route policies are applied to the routing protocol.
The no form of this command deletes the route policy configuration.
Platforms
All
policy-override
policy-override
Syntax
policy-override
Context
[Tree] (config>app-assure>group policy-override)
Full Context
configure application-assurance group policy-override
Description
Commands in this context configure policy override parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
policy-reference-checks
policy-reference-checks
Syntax
[no] policy-reference-checks
Context
[Tree] (config>router policy-reference-checks)
Full Context
configure router policy-reference-checks
Description
This command checks policy references to ensure that a policy exists and displays a CLI error if the policy does not exist. Enabling this option protects against accidentally referencing a missing or misspelled policy, that can lead to unexpected results when the policy is evaluated.
The no version of this command disables policy reference checks and allows policies that do not exist to be referenced.
Default
no policy-reference-checks
Platforms
All
policy-statement
policy-statement
Syntax
policy-statement policy-name [policy-name]
no policy-statement
Context
[Tree] (config>test-oam>ldp-treetrace>path-discovery policy-statement)
Full Context
configure test-oam ldp-treetrace path-discovery policy-statement
Description
This command configures the FEC policy to determine which routes are imported from the LDP FEC database to discover its paths and probing them.
If no policy is specified, the ingress LER imports the full list of FECs from the LDP FEC database. New FECs are added to the discovery list at the next path discovery and not when they are learned and added into the FEC database. The maximum number of FECs to be discovered with path discovery is limited to 500.
The user can configure FECs to include or exclude.
Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.
The no form of this command removes the policy from the configuration.
Default
no policy-statement
Parameters
- policy-name
-
Specifies up to five route policy names to filter LDP imported address FECs. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified policy name(s) must already be defined.
Platforms
All
policy-statement
Syntax
[no] policy-statement name
Context
[Tree] (config>router>policy-options policy-statement)
Full Context
configure router policy-options policy-statement
Description
This command creates the context to configure a route policy statement.
Route policy statements control the flow of routing information to and from a specific protocol, set of protocols, or to a specific BGP neighbor.
The policy-statement is a logical grouping of match and action criteria. A single policy-statement can affect routing in one or more protocols and/or one or more protocols peers/neighbors. A single policy-statement can also affect both the import and export of routing information.
The no form of this command deletes the policy statement.
Default
no policy-statement
Parameters
- name
-
Specifies the route policy statement name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
policy-variables
policy-variables
Syntax
policy-variables
Context
[Tree] (config>router>policy-options>policy-statement>entry>from policy-variables)
Full Context
configure router policy-options policy-statement entry from policy-variables
Description
Commands in this context configure policy-variables parameters.
The no form of this command removes all policy variables.
Platforms
All
poll
poll
Syntax
poll ca ca-profile-name
Context
[Tree] (admin>certificate>cmpv2 poll)
Full Context
admin certificate cmpv2 poll
Description
This command polls the status of the pending CMPv2 request toward the specified CA.
If the response is ready, this command will resume the CMPv2 protocol exchange with server as the original command would do. The requests could be also still be pending as a result, then this command could be used again to poll the status.
SR OS allows only one pending CMP request per CA, which means no new request is allowed when a pending request is present.
Parameters
- ca-profile-name
-
Specifies a ca-profile name up to 32 characters.
Platforms
All
poll-interval
poll-interval
Syntax
poll-interval seconds
no poll-interval
Context
[Tree] (config>service>vprn>ospf>area>if poll-interval)
[Tree] (config>service>vprn>ospf3>area>if poll-interval)
Full Context
configure service vprn ospf area interface poll-interval
configure service vprn ospf3 area interface poll-interval
Description
This command configures the poll interval, in seconds. The poll interval is the time between two Hello packets to a dead (non-adjacent) OSPF NBMA neighbor. The default value of the poll interval timer is higher than the hello interval timer to avoid wasting bandwidth on non-broadcast networks, since OSPF messages are unicast to each configured neighbor. The poll interval timer is used only on non-broadcast interface types and has no effect if configured on other interface types.
The no form of this command removes the poll-interval configuration.
Default
120
Parameters
- seconds
-
Specifies the poll interval, in seconds.
Platforms
All
poll-interval
Syntax
poll-interval seconds
no poll-interval
Context
[Tree] (config>router>ospf>area>interface poll-interval)
[Tree] (config>router>ospf3>area>interface poll-interval)
Full Context
configure router ospf area interface poll-interval
configure router ospf3 area interface poll-interval
Description
This command configures the poll interval, in seconds. The poll interval is the time between two Hello packets to a dead (non-adjacent) OSPF NBMA neighbor. The default value of the poll interval timer is higher than the hello interval timer to avoid wasting bandwidth on non-broadcast networks, since OSPF messages are unicast to each configured neighbor. The poll interval timer is used only on non-broadcast interface types and has no effect if configured on other interface types.
The no form of this command removes the poll-interval configuration.
Default
120
Parameters
- seconds
-
Specifies the poll interval, in seconds.
Platforms
All
pool
pool
Syntax
pool pool-name [create]
no pool pool-name
Context
[Tree] (config>service>vprn>dhcp>server pool)
[Tree] (config>service>vprn>dhcp6>server pool)
[Tree] (config>router>dhcp>server pool)
[Tree] (config>router>dhcp6>server pool)
Full Context
configure service vprn dhcp local-dhcp-server pool
configure service vprn dhcp6 local-dhcp-server pool
configure router dhcp local-dhcp-server pool
configure router dhcp6 local-dhcp-server pool
Description
This command configures a DHCP address pool on the router.
The no form of this command removes the pool name from the configuration.
Parameters
- pool name
-
Specifies the name of this IP address pool. Allowed values are any string, up to 32 characters.
- create
-
Keyword used to create the pool. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pool
Syntax
pool pool-name router router-instance [create]
no pool pool-name router router-instance
Context
[Tree] (config>subscr-mgmt>isa-svc-chain>evpn>export>ip-advertise-routes pool)
Full Context
configure subscriber-mgmt isa-service-chaining evpn export ip-advertise-routes pool
Description
This command configures NAT pools that are advertised in EVPN type 5 routes to the peer participating in service chaining.
The no form of this command removes the parameters from the configuration.
Parameters
- pool-name
-
Specifies the name of the NAT pool up, to 32 characters.
- router-instance
-
Specifies the router instance belonging to the pool.
- create
-
Keyword used to create a pool instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool
Syntax
pool [name]
Context
[Tree] (config>port>access>egress pool)
[Tree] (config>port>network>egress pool)
[Tree] (config>port>access>ingress pool)
Full Context
configure port access egress pool
configure port network egress pool
configure port access ingress pool
Description
This command configures pool policies.
On the MDA level, access and network egress and access ingress pools are only allocated on channelized MDAs. Network ingress pools are allocated on the FP level for non-channelized MDAs.
Default
pool default
Parameters
- name
-
If specified, the name must be default.
Platforms
All
pool
Syntax
pool [name]
Context
[Tree] (config>card>fp>ingress>network pool)
Full Context
configure card fp ingress network pool
Description
This command configures the per-FP network ingress pool.
Default
pool default
Parameters
- name
-
If specified, the name must be default.
Platforms
All
pool
Syntax
pool nat-pool-name [nat-group nat-group-id type pool-type [ applications applications] [create]
no pool nat-pool-name
Context
[Tree] (config>service>vprn>nat>outside pool)
Full Context
configure service vprn nat outside pool
Description
This command configures a NAT pool.
Parameters
- nat-pool-name
-
Specifies the NAT pool name.
- nat-group-id
-
Specifies the NAT group ID.
- create
-
This parameter must be specified to create the instance.
- pool-type
-
Specifies the pool type.
- applications
-
Specifies the application.
- create
-
Keyword used to create the pool.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool
Syntax
pool nat-pool-name nat-group nat-group-id type pool-type [applications applications] [create]
no pool nat-pool-name
Context
[Tree] (config>router>nat>outside pool)
Full Context
configure router nat outside pool
Description
This command creates a NAT pool in the outside routing context. The NAT pool defines the parameters that will be used for IP address and port translation within the pool.
Parameters
- nat-pool-name
-
Specifies the NAT pool name, up to 32 characters.
- nat-group-id
-
Specifies the NAT group ID.
- create
-
Creates the instance.
- pool-type
-
Species the pool type.
- applications
-
This creation-time parameter configures the NAT pool for protocol agnostic operation. The IP addresses are translated in 1:1 fashion regardless of the protocol. No ports are translated for TCP or UDP traffic. Traffic through the pool can be initiated from inside or outside. When nat-pool is configured in agnostic mode, certain parameters in the pool are pre-set and cannot be changed:
-
mode one-to-one
-
port-forwarding-range 0
-
port-reservation blocks 1
-
subscriber-limit 1
-
deterministic port-reservation 65536.
This pool is used to configure static 1:1 NAT, where the operator have the control of the mapping between the inside and outside IP addresses. The static IP address mapping is using CLI constructs used in deterministic NAT (prefix and map deterministic NAT commands in the inside routing context).
ALG for TCP/UDP is supported in the protocol agnostic pool.
-
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool
Syntax
pool [name]
no pool
Context
[Tree] (config>isa>aa-grp>qos>egress>to-subscriber pool)
[Tree] (config>isa>aa-grp>qos>egress>from-subscriber pool)
Full Context
configure isa application-assurance-group qos egress to-subscriber pool
configure isa application-assurance-group qos egress from-subscriber pool
Description
Commands in this context configure an IOM pool as applicable to the specific application assurance group traffic. The user can configure resv-cbs (as percentage) values and slope-policy similarly to other IOM pool commands.
Default
pool default
Parameters
- name
-
If specified, the name must be default.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool
Syntax
pool nat-pool-name service-name service-name
pool nat-pool-name router router-instance
no pool
Context
[Tree] (config>service>nat>nat-policy pool)
Full Context
configure service nat nat-policy pool
Description
This command configures the NAT pool of this policy.
Parameters
- nat-pool-name
-
Specifies the name of the NAT pool, up to 32 characters.
- router-instance
-
Specifies the router instance the pool belongs to, either by router name or service ID.
- service-name
-
Specifies the name of the service, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool-manager
pool-manager
Syntax
pool-manager
Context
[Tree] (config>service>ies>sub-if>wlan-gw pool-manager)
[Tree] (config>service>vprn>sub-if>wlan-gw pool-manager)
Full Context
configure service ies subscriber-interface wlan-gw pool-manager
configure service vprn subscriber-interface wlan-gw pool-manager
Description
Commands in this context configure pool manager data for a WLAN GW subscriber interface.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool-name
pool-name
Syntax
[no] pool-name
Context
[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor pool-name)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor pool-name)
[Tree] (config>service>vprn>if>dhcp>option>vendor pool-name)
[Tree] (config>service>ies>if>dhcp>option>vendor pool-name)
Full Context
configure service ies subscriber-interface group-interface dhcp option vendor-specific-option pool-name
configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option pool-name
configure service vprn interface dhcp option vendor-specific-option pool-name
configure service ies interface dhcp option vendor-specific-option pool-name
Description
This command sends the pool name in the Nokia vendor specific sub-option of the DHCP relay packet.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option pool-name
- configure service ies subscriber-interface group-interface dhcp option vendor-specific-option pool-name
All
- configure service ies interface dhcp option vendor-specific-option pool-name
- configure service vprn interface dhcp option vendor-specific-option pool-name
pool-name
Syntax
pool-name name
no pool-name
Context
[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat pool-name)
[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat pool-name)
[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na pool-name)
[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na pool-name)
[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac pool-name)
[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac pool-name)
Full Context
configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat pool-name
configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat pool-name
configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na pool-name
configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na pool-name
configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client slaac pool-name
configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client slaac pool-name
Description
This command specifies the pool name that should be sent in the DHCPv6 messages. This is reflected in the Nokia vendor specific pool option (vendor-id 6527, option-id 0x02).
The no form of this command removes pool-name and the option will not be sent in DHCPv6.
Parameters
- name
-
Specifies the pool name up with 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
pool-name
Syntax
[no] pool-name
Context
[Tree] (config>router>if>dhcp>option>vendor-specific-option pool-name)
Full Context
configure router interface dhcp option vendor-specific-option pool-name
Description
This command enables the sending of the pool name in the Nokia vendor-specific suboption of the DHCP relay packet.
The no form of this command disables the feature.
Default
no pool-name
Platforms
All
pool-type
pool-type
Syntax
pool-type pool-type
Context
[Tree] (config>test-oam>twamp>twl>src-udp-pools>port pool-type)
Full Context
configure test-oam twamp twamp-light source-udp-port-pools port pool-type
Description
This command maps the specified source UDP port to the TWAMP Light application allowed to configure the source UDP port. The OAM-PM IP family of tests can only configure the source UDP port when the port pool UDP source port is configured with a pool-type oam-pm. The test-oam link-measurement measurement-template can only configure the src-udp-port when the port pool UDP source port is configured with pool-type link-measurement.A pool type cannot be changed if its current application (either an oam-pm session or link-measurement template) is configured to use the specified port, regardless of the administrative or operational state. The configuration reference linking to the source UDP prevents the change.
Default
pool-type oam-pm
Parameters
- pool-type
-
Specifies the port to an application pool.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pop
pop
Syntax
[no] pop
Context
[Tree] (config>router>mpls>if>label-map pop)
Full Context
configure router mpls interface label-map pop
Description
This command specifies that the incoming label must be popped (removed). No label stacking is supported for a static LSP. The service header follows the top label. Once the label is popped, the packet is forwarded based on the service header.
The no form of this command removes the pop action for the in-label.
Platforms
All
populate
populate
Syntax
populate {static | dynamic | evpn} [ route-tag [1..255]]
no populate {static | dynamic | evpn}
Context
[Tree] (config>service>vprn>if>ipv6>nd-host-route populate)
[Tree] (config>service>vprn>if>arp-host-route populate)
[Tree] (config>service>ies>if>arp-host-route populate)
Full Context
configure service vprn interface ipv6 nd-host-route populate
configure service vprn interface arp-host-route populate
configure service ies interface arp-host-route populate
Description
This command enables the creation of ARP/ND host-route entries in the route-table out of a certain ARP/ND entry type.
The no form of this command reverts to the default.
Default
no populate
Parameters
- evpn
-
Enables the creation of ARP-ND host routes in the route table out of EVPN ARP/ND entries (entries learned from EVPN MAC/IP routes).
- dynamic
-
Enables the creation of ARP-ND host routes in the route table out of dynamic ARP/ND entries (learned from received ARP/ND messages from the hosts).
- static
-
Enables the creation of ARP-ND host routes in the route table out of configured static ARP/ND entries.
- route-tag [1..255]
-
Specifies the route tag that is added in the route table for ARP-ND host routes of type evpn, dynamic, or static. This tag can be matched on BGP VRF export and BGP peer export policies.
Platforms
All
port
port
Syntax
port port-id [sync-tag sync-tag] [create]
no port port-id]
Context
[Tree] (config>redundancy>multi-chassis>peer>sync port)
Full Context
configure redundancy multi-chassis peer sync port
Description
This command specifies the port to be synchronized with the multi-chassis peer and a synchronization tag to be used while synchronizing this port with the multi-chassis peer.
Parameters
- port-id
-
Specifies the port to be synchronized with the multi-chassis peer.
- sync-tag
-
Specifies a synchronization tag, up to 32 characters in length, to be used while synchronizing this port with the multi-chassis peer.
- create
-
Creates an entry; mandatory while creating an entry.
Platforms
All
port
Syntax
[no] port {port-id | aps-id | connector-port-id}
Context
[Tree] (config port)
Full Context
configure port
Description
This command enables access to the context to configure ports, multilink bundles, and bundle protection groups (BPGs). Before a port can be configured, the chassis slot must be provisioned with a valid card type and the MDA parameter must be provisioned with a valid MDA type.
Default
No ports are configured. All ports must be explicitly configured and enabled.
Parameters
- port-id
-
Specifies the physical port ID in the following format:
- eth-sat-id
-
Specifies the Ethernet satellite ID to be associated with this IP interface. This parameter applies to the 7950 XRS only.
- pxc-id
-
Specifies the PXC ID to be associated with this IP interface. This parameter applies to the 7950 XRS only.
- aps-id
-
This option configures APS on unbundled SONET/SDH ports. All SONET-SDH port parameters, with certain exceptions, for the working and protection circuit ports must be configured in the config>port>aps-id context. The working and protection circuit ports inherit all those parameters configured. The exception parameters for the working and protect circuits can be configured in the config>port>sonet-sdh context. Exception list commands include:
-
clock-source
-
[no] loopback
-
[no] report-alarm
-
section-trace
-
[no] threshold
When an configure port aps-id is created all applicable parameters under the port CLI tree (including parameters under any submenus) assume aps-id defaults, or when those are not explicitly specified, default to SONET/SDH port defaults for any SONET port.
All but a few exception SONET/SDH parameters for the working channel port must be configured in the configure port sonet-sdh context. The protection channel inherits all the configured parameters. The exception parameters for the protection channel can be configured in the configure port sonet-sdh context.
Signal failure (SF) and signal degrade (SD) alarms are not enabled by default on POS interfaces. It is recommended to change the default alarm notification configuration for POS ports that belong to APS groups in order to be notified of SF/SD occurrences to be able to interpret the cause for an APS group to switch the active line.
For path alarms, modify the logical line aps-id in the configure port aps-id <sonet-sdh>path report-alarm context. For example:
configure port aps-1 sonet-sdh path report-alarm p-ais
For line alarms, separately, modify the 2 physical ports that are members of the logical aps-id port (the working and protect lines). APS reacts only to line alarms, not path alarms. For example:
configure port 1/2/3 sonet-sdh report-alarm lb2er-sd
configure port 4/5/6 sonet-sdh report-alarm lb2er-sd
If the SD and SF threshold rates must be modified, the changes must be performed at the line level on both the working and protect APS port member.
The no form of this command deletes an aps-group-id or bundle-aps-group-id. In order for an aps- group-id to be deleted,
The same rules apply for physical ports, bundles deletions apply to APS ports/bundles deletions (for example an aps-group-id must be shutdown, have no service configuration on it, and no path configuration on it). In addition working and protection circuits must be removed before an aps-group-id may be removed.
-
- connector-port-id
-
Specifies the physical port of a connector in the following format.
Platforms
All
port
Syntax
port port-id
no port
Context
[Tree] (config>port-xc>pxc port)
Full Context
configure port-xc pxc port
Description
This command configures the referenced Ethernet port as a loopback or a cross-connect port (PXC). When this command is executed, the system automatically creates two PXC subports under this Ethernet port.
The physical PXC port does not require any external connectivity or optical transceivers to function properly. Consequently, all optic-related alarms are disabled on the port.
The physical PXC port is automatically configured as a hybrid port. The MTU is preset to 9212 bytes, the encapsulation type is set to dot1q, and dot1x tunneling is turned on.
A single physical port can be associated with more than one PXC. In other words, multiple PXCs are supported per physical port. Because PXC subports use a single physical port to transmit traffic in both directions, the nominal port bandwidth is asymmetrically divided between the two directions. For example, a 10 Gb/s Ethernet port in PXC mode can accommodate 9 Gb/s of traffic in one direction and 1 Gb/s in the other. Any other ratio can be achieved as long as the sum of the bandwidth of the two PXC subports does not exceed the bandwidth capacity of the physical port (10 Gb/s in this case).
Since the PXC uses a single physical port to transmit traffic in both directions, the nominal port bandwidth is asymmetrically divided between the two directions. For example, a 10 Gb/s Ethernet port in PXC mode can accommodate 9 Gb/s of traffic in one direction and 1 Gb/s in the other. Any other ratio can be achieved as long as the sum of the bandwidth of the two PXC subports does not exceed the bandwidth capacity of the physical port (10 Gb/s in this case).
The following rules apply to PXC port configurations:
-
Only unused physical ports (not associated with an interface or SAP) can be referenced inside of a PXC ID configuration.
-
The physical port cannot be removed from a PXC ID configuration if the corresponding PXC subports are currently in use.
-
A physical port cannot be used outside the configured PXC context. For example, a regular IP interface cannot use this physical port, or a SAP on that port cannot be associated with a service.
The no form of this command removes the port ID from the configuration.
Parameters
- port-id
-
Specifies the physical port in the slot/mda/port format.
Platforms
All
port
Syntax
port port-id [port-id] [priority priority] [sub-group sub-group-id] [hash-weight weight]
no port port-id [port-id]
Context
[Tree] (config>lag port)
Full Context
configure lag port
Description
This command adds ports to a Link Aggregation Group (LAG).
The port configuration of the first port added to the LAG is used as a basis to compare to subsequently added ports. If a discrepancy is found with a newly added port, that port will not be added to the LAG.
Multiple (space separated) ports can be added or removed from the LAG link assuming the maximum of number of ports is not exceeded.
Ports that are part of a LAG must be configured with auto-negotiate limited or disabled.
The no form of this command removes ports from the LAG.
Default
No ports are defined as members of a LAG.
Parameters
- port-id
-
Specifies the port ID.
The maximum number of ports in a LAG depends on the platform type, the hardware deployment, and the SR OS software release. Adding a port over the maximum allowed per given router or switch is blocked. Some platforms support double port scale for specific port types on LAGs with LAG ID in the range of 1 to 64 inclusive. Up to 16 ports can be specified in a single statement, up to 64 ports total.
- priority
-
Specifies the port priority used by LACP. The port priority is also used to determine the primary port. The port with the lowest priority is the primary port. In the event of a tie, the smallest port ID becomes the primary port.
- sub-group-id
-
Identifies a LAG subgroup. When using subgroups in a LAG, they should only be configured on one side of the LAG, not both. Only having one side perform the active/standby selection guarantees a consistent selection and fast convergence. The active or standby selection is signaled through LACP to the other side. The hold time should be configured when using subgroups to prevent the LAG going down when switching between active and standby subgroup since momentarily all ports are down in a LAG (break-before-make).
- weight
-
Specifies the flow hashing distribution between LAG ports.
Platforms
All
port
Syntax
port port-id
no port
Context
[Tree] (config>service>system>bgp-evpn>eth-seg port)
Full Context
configure service system bgp-evpn ethernet-segment port
Description
This command configures a port-id associated with the Ethernet-Segment. If the Ethernet-Segment is configured as all-active, then only a lag or a PW port can be associated to the Ethernet-Segment. If the Ethernet-Segment is configured as single-active, then a lag, port or sdp can be associated to the Ethernet-Segment. In any case, only one of the four objects can be configured in the Ethernet-Segment. A specified port can be part of only one Ethernet-Segment. Only Ethernet ports can be added to an Ethernet-Segment.
Default
no port
Parameters
- port-id
-
Specifies the port ID associated to the Ethernet-Segment.
port-id
slot/mda/port [.channel]
eth-sat-id
esat-id/slot/port
esat
keyword
id
1 to 20
pxc-id
pxc-id.sub-port
pxc
keyword
id
1 to 64
sub-port
a, b
Platforms
All
port
Syntax
port [port-id | lag-id]
no port
Context
[Tree] (config>service>sdp>binding port)
Full Context
configure service sdp binding port
Description
This command specifies the port or lag identifier, to which the pseudowire ports associated with the underlying SDP are bound. If the underlying SDP is re-routed to a port or lag other than the specified one, the pseudowire ports on the SDP are operationally brought down.
The no form of the command removes the value from the configuration.
Default
no port
Parameters
- port-id
-
Specifies the identifier of the port in the slot/mda/port format.
port-id
slot/mda/port[.channel]
pxc-id
psc-id.sub-port
pxc psc-id.sub-port
pxc: keyword
id: 1 to 64
sub-port: a, b
aps-id
aps-group-id[.channel]
aps keyword
group-id
1 to 64
group-id
1 to 16
ccag-id - ccag-<id>.<path-id>[cc-type]
ccag
keyword
id
1 to 8
path-id
a, b
cc-type[.sap-net | .net-sap]
lag-id
lag-id
lag
keyword
id
1 to 800
- lag-id
-
Specifies the LAG identifier.
Platforms
All
port
Syntax
port [evpn-mpls | sap sap-id | sdp sdp-id:vc-id | vxlan vtep ip-address vni vni-id] [detail]
no port
Context
[Tree] (debug>service>id>pim-snooping port)
Full Context
debug service id pim-snooping port
Description
This command enables or disables debugging for PIM ports.
Parameters
- sap-id
-
Only debugs packets associated with the specified SAP
- sdp-id:vc-id
-
Only debugs packets associated with the specified SDP
- detail
-
Provides detailed debugging information
- evpn-mpls
-
Debugs PIM snooping statistics for EVPN-MPLS destinations
Platforms
All
port
Syntax
[no] port port-id
Context
[Tree] (config>service>pw-port-list port)
Full Context
configure service pw-port-list port
Description
This command is only applicable for VSR configurations. This command is used to select ports eligible for use with Flex PW port. Physical ports used by Flex PW port can be shared with any other Layer 2 or Layer 3 service. In other words, a Layer 3 interface using a regular SAP can be associated with a VPRN service, while the port is used by a Flex PW port. Another regular SAP from the same port can be associated with a VPLS or Epipe service at the same time.
The following rules should be followed when populating a pw-port-list:
-
A port must be in hybrid mode before it is added to a pw-port-list.
-
Before a port is removed from or added to a pw-port-list, all PW ports must be dissociated from the corresponding Epipe services (PW ports must be unconfigured). This implies that all PW SAPs must be deleted.
-
Network interfaces (configured in the Base routing context) can be configured only on ports that are in the pw-port-list.
-
A port mode (access, network, or hybrid) cannot be changed while the port is in the pw-port-list.
From this, the operator can consider adding all ports that are in hybrid mode to a pw-port-list at the beginning of the system configuration. This ensures that those ports can be used by a Flex PW port at any later time, independently of their current use.
The no form of this command removes the port ID from the configuration.
Parameters
- port-id
-
Specifies the IP of the port.
port
Syntax
port port
no port
Context
[Tree] (config>service>vprn>aaa>remote-servers>radius port)
Full Context
configure service vprn aaa remote-servers radius port
Description
This command configures the UDP port number to contact the RADIUS server.
The no form of this command reverts to the default value.
Default
port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))
Parameters
- port
-
Specifies the UDP port number to contact the RADIUS server.
Platforms
All
port
Syntax
port value
no port
Context
[Tree] (config>service>vprn>log>syslog port)
Full Context
configure service vprn log syslog port
Description
This command configures the UDP port that will be used to send syslog messages to the syslog target host.
The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.
Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.
The no form of this command reverts to default value.
Default
no port
Parameters
- value
-
The value is the configured UDP port number used when sending syslog messages.
Platforms
All
port
Syntax
port port
Context
[Tree] (config>app-assure>group>event-log>syslog port)
Full Context
configure application-assurance group event-log syslog port
Description
This command specifies the UDP port used by application assurance to inject the syslog events inband.
Default
port 514
Parameters
- port
-
Specifies the UDP port number.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port
Syntax
[no] port port-number
[no] port range start-port-num end-port-num
Context
[Tree] (config>app-assure>group>port-list port)
Full Context
configure application-assurance group port-list port
Description
This command specifies the server TCP or UDP port number to use in the port list definition.
The no form of this command restores the default by removing port number from the port list.
Default
no port
Parameters
- port-number
-
Specifies the port number.
- start-port-number
-
Specifies the start port number.
- end-port-number
-
Specifies the end port number.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port
Syntax
port {port-id | lag lag-id} [egress] [ingress]
no port {port-id | lag lag-id} {[egress] [ ingress]}
Context
[Tree] (config>mirror>mirror-source port)
Full Context
configure mirror mirror-source port
Description
This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, SONET/SDH channel, TDM channel, or Link Aggregation Group (LAG)).
The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, Access or network, SONET/SDH, or TDM channel access. A network port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is given as the port-id, mirroring is enabled on all ports making up the LAG. If the port is a SONET/SDH interface, the channel-id must be specified to identify which channel is being mirrored (applies to the 7450 ESS and 7750 SR). Either a LAG port member or the LAG port can be mirrored.
The port is only referenced in the mirror source for mirroring purposes. The mirror source association does not need to be removed before deleting the card to which the port belongs. If the port is removed from the system, the mirroring association will be removed from the mirror source.
The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.
If a SAP is mirrored on an access port, the SAP mirroring will have precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations will also precedence over a port-mirroring destination.
If the port is not associated with a mirror-source, packets on that port will not be mirrored. Mirroring may still be defined for a SAP, label or filter entry, which will mirror based on a more specific criteria.
The encapsulation type on an access port or channel cannot be changed to Frame Relay if it is being mirrored (applies to the 7750 SR and 7450 ESS).
The no port command disables port mirroring for the specified port. Mirroring of packets on the port may continue due to more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition will be removed.
Parameters
- port-id
-
Specifies the port ID of the 7750 SR or 7950 XRS.
The following syntax applies to the 7750 SR:
port-id
slot/mda/port [.channel]
eth-sat-id
esat-id/slot/port
esat
keyword
id
1 to 20
pxc-id
pxc-id.sub-port
pxc
keyword
id
1 to 64
sub-port
a, b
bgrp-id
bpgrp-type-bpgrp-num
bgrp
keyword
type
ima, ppp
bgrp-num
1 to 2000
ccag-id
ccag-id.path-id cc-type:cc-id
ccag
keyword
id
1 to 8
path-id
a, b
cc-type
sap-net, .net-sap
cc-id
0 to 4094
The following syntax applies to the 7950 XRS:
port-id
slot/mda/port [.channel]
eth-sat-id
esat-id/slot/port
esat
keyword
id
1 to 20
pxc-id
pxc-id.sub-port
pxc
keyword
id
1 to 64
sub-port
a, b
- lag-id
-
The LAG identifier, expressed as a decimal integer.
Note:On the 7950 XRS, the XMA ID takes the place of the MDA.
- egress
-
Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.
- ingress
-
Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.
Platforms
All
port
Syntax
port {port-id | lag lag-id} {[ egress] [ingress]}
no port {port-id | lag lag-id} [ egress] [ingress]
Context
[Tree] (config>li>li-source port)
Full Context
configure li li-source port
Description
This command specifies the port to perform lawful intercept. It is recommended when configuring li-source>port criteria, the li-source should only contain ports. All other criteria such as SAPs and subscribers should use a different li-source.
The no form of this command reverts to the default.
Parameters
- port-id
-
Specifies the port ID to perform lawful intercept.
port-id
slot/mda/port [.channel]
aps-id
aps-<group-id>[.channel]
aps
keyword
group-id
1 to 128
eth-sat-id
esat-<id>/<slot>/[u]<port>
esat
keyword
id
1 to 20
u
keyword for up-link port
tdm-sat-id
tsat-<id>/<slot>/[<u>]<port>.<channel>
tsat
keyword
id
1 to 20
u
keyword for up-link port
pxc-id
pxc-<id>.<sub-port>
pxc
keyword
id
1 to 64
sub-port
a, b
- lag-id
-
The LAG identifier, expressed as a decimal integer.
Note:On the 7950 XRS, the XMA ID takes the place of the MDA.
- egress
-
Performs lawful intercept on egress traffic.
- ingress
-
Performs lawful intercept on ingress traffic.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port tcp-port
no port
Context
[Tree] (config>li>x-interfaces>lics>lic port)
Full Context
configure li x-interfaces lics lic port
Description
This command configures the TCP port associated with this LIC.
The no form of this command reverts to the default.
Parameters
- tcp-port
-
Specifies the TCP source port of the LIC.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port tcp-port
no port
Context
[Tree] (config>li>x-interfaces>x1 port)
Full Context
configure li x-interfaces x1 port
Description
This command configures the TCP port for the X1 interface. The system listens to this port and uses it as the source TCP port.
The no form of this command reverts to the default.
Parameters
- tcp-port
-
Specifies the TCP port.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port {port-id | lag lag-id} {[egress] [ingress]}
no port {port-id | lag lag-id} [egress] [ ingress]
Context
[Tree] (debug>mirror-source port)
Full Context
debug mirror-source port
Description
This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, SONET/SDH channel, TDM channel, or Link Aggregation Group (LAG)).
The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, Access or network, SONET/SDH, or TDM channel access. A network port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is given as the port-id, mirroring is enabled on all ports making up the LAG. If the port is a SONET/SDH interface, the channel-id must be specified to identify which channel is being mirrored (applies to the 7450 ESS and 7750 SR). Either a LAG port member or the LAG port can be mirrored.
The port is only referenced in the mirror source for mirroring purposes. The mirror source association does not need to be removed before deleting the card to which the port belongs. If the port is removed from the system, the mirroring association will be removed from the mirror source.
The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.
If a SAP is mirrored on an access port, the SAP mirroring will have precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations will also precedence over a port-mirroring destination.
If the port is not associated with a mirror-source, packets on that port will not be mirrored. Mirroring may still be defined for a SAP, label or filter entry, which will mirror based on a more specific criteria.
The encapsulation type on an access port or channel cannot be changed to Frame Relay if it is being mirrored (applies to the 7750 SR and 7450 ESS).
The no port command disables port mirroring for the specified port. Mirroring of packets on the port may continue due to more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition will be removed.
Parameters
- port-id
-
Specifies the port ID of the 7750 SR or 7950 XRS.
The following syntax applies to the 7750 SR:
port-id
slot/mda/port [.channel]
eth-sat-id
esat-id/slot/port
esat
keyword
id
1 to 20
pxc-id
pxc-id.sub-port
pxc
keyword
id
1 to 64
sub-port
a, b
ccag-id
ccag-id.path-id cc-type:cc-id
ccag
keyword
id
1 to 8
path-id
a,b
cc-type
sap-net, net-sap
cc-id
0 to 4094
The following syntax applies to the 7950 XRS:
port-id
slot/mda/port [.channel]
eth-sat-id
esat-id/slot/port
esat
keyword
id
1 to 20
pxc-id
pxc-id.sub-port
pxc
keyword
id
1 to 64
sub-port
a, b
- lag-id
-
Specifies the LAG identifier, expressed as a decimal integer.
Note:On the 7950 XRS, the XMA ID takes the place of the MDA.
- egress
-
Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.
- ingress
-
Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.
Platforms
All
port
Syntax
port {lt | gt | eq} port-number
port port-list port-list-name
port range port-number port-number
no port
Context
[Tree] (config>filter>ipv6-exception>entry>match port)
[Tree] (config>filter>ip-filter>entry>match port)
[Tree] (config>filter>ipv6-filter>entry>match port)
Full Context
configure filter ipv6-exception entry match port
configure filter ip-filter entry match port
configure filter ipv6-filter entry match port
Description
This command configures a TCP/UDP/SCTP source or destination port match criterion in IPv4 and IPv6 CPM (SCTP not supported) and/or ACL filter policies. A packet matches this criterion if the packet TCP/UDP/SCTP (as configured by protocol/next-header match) source OR destination port matches either the specified port value or a port in the specified port range or port-list.
Operational Note: This command is mutually exclusive with src-port and dst-port commands. Configuring "port eq 0", may match non-initial fragments where the source/destination port values are not present in a packet fragment if other match criteria are also met.
The no form of this command deletes the specified port match criterion.
Default
no port
Parameters
- lt | gt | eq
-
Specifies the operator to use relative to port-number for specifying the port number match criteria.
- lt
-
Specifies that all port numbers less than port-number match.
- gt
-
Specifies that all port numbers greater than port-number match.
- eq
-
Specifies that the port-number must be an exact match.
- port-number
-
Specifies a source or destination port to be used as a match criterion. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. The following value shows a decimal integer only.
- port-list port-list-name
-
Specifies an inclusive range of source or destination port values to be used as match criteria.
- range port-number port-number
-
Specifies an inclusive range of source or destination port values to be used as match criteria.
Platforms
VSR
- configure filter ipv6-exception entry match port
All
- configure filter ip-filter entry match port
- configure filter ipv6-filter entry match port
port
Syntax
[no] port port-number
[no] port range start end
Context
[Tree] (config>filter>match-list>port-list port)
Full Context
configure filter match-list port-list port
Description
This command adds a port or a range of ports to an existing port match list. The no form of this command deletes the specified port or range of ports form the list.
Parameters
- port-number
-
Specifies the port number to add to the list. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. Below shows decimal integer only.
- start end
-
Specifies an inclusive port range between two port numbers values. The start of the range and end of the range can be expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.
Platforms
All
port
Syntax
port port-id
no port
Context
[Tree] (config>router>origin-validation>rpki-session port)
Full Context
configure router origin-validation rpki-session port
Description
This command configures the destination port number to use when contacting the cache server. The default port number is 323. The port cannot be changed without first shutting down the session.
Default
no port
Parameters
- port-id
-
Specifies a port ID.
Platforms
All
port
Syntax
port port-name
no port
Context
[Tree] (config>router>if port)
Full Context
configure router interface port
Description
This command creates an association with a logical IP interface and a physical port.
An interface can also be associated with the system (loopback address).
The command returns an error if the interface is already associated with another port or the system. In this case, the association must be deleted before the command is re-attempted. The port-id or port-id for Ethernet ports can be in one of the following forms:
Ethernet interfaces
If the card in the slot has MDAs/XMAs, port-id is in the slot_number/MDA or XMA _number/port_number format; for example, 1/1/3 specifies port 3 of the MDA/XMA installed in MDA/XMA slot 1 on the card installed in chassis slot 1.
SONET/SDH interfaces
When the port-id represents a POS interface, the port-id must include the channel-id. The POS interface must be configured as a network port.
The no form of this command deletes the association with the port. The no form of this command can only be performed when the interface is administratively down.
Default
no port
Parameters
- port-name
-
The physical port identifier to associate with the IP interface.
Platforms
All
port
Syntax
port port-id to port-id [create]
no port port-id
Context
[Tree] (config>system>port-topology port)
Full Context
configure system port-topology port
Description
This command is used for satellites. It identifies to the SR OS that there is an internal connection between two ports.
Permitted pairings of the two ports are:
First port |
Second port |
Router port |
Satellite uplink port |
Satellite uplink port |
Router port |
For satellites, this command configures the binding between a host port ID and the satellite uplink from the satellite chassis. The port topology can be configured with the host connected to a satellite uplink or the satellite uplink port connected to the specified host port. Both configurations are supported, as shown in the following examples:
*A:Dut-A# configure system port-topology port esat-1/1/u4 to 1/2/2 create
*A:Dut-A# configure system port-topology no port esat-1/1/u4
*A:Dut-A# configure system port-topology port 1/2/2 to esat-1/1/u4 create
*A:Dut-A# configure system port-topology no port 1/2/2
The no form of the command removes the internal connection.
Default
no port port-id
Parameters
- port-id
-
Specifies one port of an internal port connection. These ports can be router ports or Ethernet satellite uplink ports. Acceptable pairings are defined in the command description.
- create
-
Specifies the keyword required to create the binding between the two ports.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port port-id
Context
[Tree] (config>system>satellite>port-template port)
Full Context
configure system satellite port-template port
Description
This command specifies the satellite port to be reconfigured.
The no form of this command deletes the specified port configuration.
Parameters
- port-id
-
Specifies the satellite physical port ID. This must use the format slot/mda/port. Currently, all satellites have a single slot and a single MDA, so these values will always be 1. For example, port 10 would be specified as 1/1/10.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port port-id [create]
no port port-id
Context
[Tree] (config>system>ptp port)
Full Context
configure system ptp port
Description
This command configures PTP over Ethernet on the physical port. The PTP process shall transmit and receive PTP messages through the port using Ethernet encapsulation (as opposed to UDP/IPv4 encapsulation).
The frames are transmitted with no VLAN tags even if the port is configured for dot1q or qinq modes for encap-type. In addition, the received frames from the external PTP clock must also be untagged.
There are two reserved multicast addresses allocated for PTP messages (see Annex F IEEE Std 1588™-2008). Either address can be configured for the PTP messages sent through this port.
A PTP port may not be created if the PTP profile is set g8265dot1-2010.
If the port specified in the port-id supports 1588 port based timestamping, then a side effect of enabling PTP over Ethernet on the port shall be the enabling of Synchronous Ethernet on that port.
De-provisioning of the card or MDA containing the specified port is not permitted while the port is configured within PTP.
Changing the encapsulation or the port type of the Ethernet port is not permitted when PTP Ethernet Multicast operation is configured on the port.
To allocate an ethernet satellite client port as a PTP port, the ethernet satellite must first be enabled for the transparent clock function. For more information, see the config>system>satellite>eth-sat ptp-tc command.
The SyncE/1588 ports of the CPM and CCMs can be specified as a PTP port. These use the 'A/3’ and 'B/3’ designation and they both must be specified as two PTP ports if both are to be used. The active CPM sends and receives messages on both ports if they are specified and enabled.
Parameters
- port-id
-
Specifies a specific physical port.
- create
-
Creates the PTP port. This keyword is required when first creating the PTP port, if the system is configured to require it (enabled in the environment create command). Once the PTP port is created, it is possible to navigate into the context without the create keyword.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port value
no port
Context
[Tree] (config>log>syslog port)
Full Context
configure log syslog port
Description
This command configures the UDP port that will be used to send syslog messages to the syslog target host.
The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.
Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.
The no form of this command removes the value from the configuration.
Parameters
- value
-
Specifies the value that is the configured UDP port number used when sending syslog messages.
Platforms
All
port
Syntax
port port
no port
Context
[Tree] (config>system>netconf port)
Full Context
configure system netconf port
Description
This command specifies the port on which the SR OS NETCONF server listens for new connections. Only one port can be configured for NETCONF management.
The configured port applies to both non-VPRN and VPRN management. New NETCONF connections are able to use the configured port. The SR OS NETCONF server errors if a port, different from the configured port, is used to SSH to the SR OS NETCONF server. For NETCONF connections not using VPRN management, active NETCONF connections are not disconnected if the port used to establish the connections is changed. For NETCONF connections using VPRN management, active NETCONF connections are disconnected if the port used to establish the connections is changed.
The no form of this command resets the port on which the SR OS NETCONF server listens to the default port of 830.
Parameters
- port
-
Specifies the port on which NETCONF listens for new connections.
Platforms
All
port
Syntax
port tcp/udp port-number [mask]
port port-list port-list-name
port range tcp/udp port-number tcp/udp port-number
no port
Context
[Tree] (config>system>security>cpm-filter>ip-filter>entry>match port)
[Tree] (config>system>security>cpm-filter>ipv6-filter>entry>match port)
Full Context
configure system security cpm-filter ip-filter entry match port
configure system security cpm-filter ipv6-filter entry match port
Description
This command configures a TCP/UDP source or destination port match criterion in IPv4 and IPv6 CPM filter policies. A packet matches this criterion if packet’s TCP/UDP (as configured by protocol/next-header match) source OR destination port matches either the specified port value or a port in the specified port range or port list.
This command is mutually exclusive with src-port and dst-port commands.
The no form of this command deletes the specified port match criterion.
Default
no port
Parameters
- tcp/udp port-number
-
Specifies the source or destination port to be used as a match criterion specified as a decimal integer.
- mask
-
Specifies the 16 bit mask to be applied when matching the port.
- range tcp/udp port-number
-
Specifies an inclusive range of source or destination port values to be used as match criteria. start of the range and end of the range are expressed as decimal integers.
- port-list port-list-name
-
Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port port
no port
Context
[Tree] (config>system>security>radius port)
Full Context
configure system security radius port
Description
This command configures the TCP port number to contact the RADIUS server.
The no form of this command reverts to the default value.
Default
port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))
Parameters
- port
-
Specifies the TCP port number to contact the RADIUS server.
Platforms
All
port
Syntax
[no] port port-number
[no] port range start end
Context
[Tree] (config>qos>match-list>port-list port)
Full Context
configure qos match-list port-list port
Description
This command adds a port or a range of ports to an existing port match list.
The no form of this command deletes the specified port or range of ports form the list.
Parameters
- port-number
-
Specifies the port number to add to the list. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. Below shows decimal integer only.
- range
-
Keyword specifying a range of port values.
- start
-
Specifies the start of the port range, expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.
- end
-
Specifies the end of the port range, expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Syntax
port port
no port
Context
[Tree] (config>system>grpc-tunnel>tunnel>handler port)
Full Context
configure system grpc-tunnel tunnel handler port
Description
This command assigns the TCP port number that the handler listens to internally.
The no form of this command disables the handler from listening to a TCP port.
Default
no port
Parameters
- port
-
Specifies the TCP port number.
Platforms
All
port
Syntax
port port-number
Context
[Tree] (config>test-oam>twamp>twl>src-udp-pools port)
Full Context
configure test-oam twamp twamp-light source-udp-port-pools port
Description
This command configures the TWAMP Light reserved source UDP ports to be mapped to a specific TWAMP Light or STAMP application.
Parameters
- port-number
-
Specifies the TWAMP Light reserved source UDP port number.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-block-extensions
port-block-extensions
Syntax
port-block-extensions ports num-ports subscriber-limit number
port-block-extension no ports
Context
[Tree] (config>service>vprn>nat>outside>pool port-block-extensions)
[Tree] (config>router>nat>outside>pool port-block-extensions)
Full Context
configure service vprn nat outside pool port-block-extensions
configure router nat outside pool port-block-extensions
Description
This command configures a port block reserved for a dynamic NAT traffic flow for each subscriber with a port forwarding entry.
The no form of this command removes the values from the configuration.
Parameters
- num-ports
-
Specifies the size of extended port-block for L2-aware subscribers
- number
-
Specifies the limit of L2-aware NAT subscribers per an outside IP address
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-block-extensions
Syntax
port-block-extensions
Context
[Tree] (config>service>nat>up-nat-policy port-block-extensions)
Full Context
configure service nat up-nat-policy port-block-extensions
Description
Commands in this context configure the attributes for dynamic allocation of NAT port blocks beyond the initial port blocks.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-bw-oversub-factor
port-bw-oversub-factor
Syntax
port-bw-oversub-factor oversubscription-factor
no port-bw-oversub-factor
Context
[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool port-bw-oversub-factor)
Full Context
configure qos hs-pool-policy mid-tier mid-pool port-bw-oversub-factor
Description
This command modifies the size of the mid-pool when calculating the port-class pool sizes based on port bandwidth ratios. The command does not actually change the size of the mid-pool, only the size reported to the port-class pool sizing function.
Port-class pools can be sized in one of two ways: dynamically (proportionate to the bandwidth of each port) or explicitly (based on a percentage of the parent mid-pool). Explicit percentages require careful determination of the amount to give each pool. The dynamic sizing function attempts to automatically size each pool based on the relative amount of bandwidth each port-class pool is supporting compared to other port’s port-class pools. This is accomplished by determining a dynamic weight for each port with port-class pools mapped to a given mid-pool. As true with any weighted behavior, the mid-pool buffer allocation resource is distributed in a non-oversubscribed manner to its child port-class pools. The port-bw-oversub-factor oversubscription-factor allows this distribution mechanism to become proportionally oversubscribed based on the defined factor. An oversubscription-factor of 1.5 causes the port-class pool dynamic sizes to be 1.5 times bigger, allowing for a potentially more efficient utilization of the buffers represented by mid-pool.
The port-bw-oversub-factor oversubscription-factor for a mid-pool can be modified at any time, causing the corresponding port-class pool dynamic sizes to be recalculated.
A similar behavior can be obtained by increasing the mid-pool’s allocation-percent of its parent root-pool. However, the major difference in using port-bw-oversub-factor is that it provides larger port-class pools without allowing the mid-pool to use a higher number of buffers in the root pool.
The no form of the command reverts to the default.
Default
port-bw-oversub-factor 1
Parameters
- oversubscription-factor
-
Specifies the factor by which the dynamically-sized port-class pools associated with the mid-pool may oversubscribe the mid-pool. This parameter is required when the port-bw-oversub-factor command is executed.
Platforms
7750 SR-7/12/12e
port-control
port-control
Syntax
port-control [auto | force-auth | force-unauth]
Context
[Tree] (config>port>ethernet>dot1x port-control)
Full Context
configure port ethernet dot1x port-control
Description
This command configures the 802.1x authentication mode.
The no form of this command returns the value to the default.
Default
port-control force-auth
Parameters
- force-auth
-
Disables 802.1x authentication and causes the port to transition to the authorized state without requiring any authentication exchange. The port transmits and receives normal traffic without requiring 802.1x-based host authentication.
- force-unauth
-
Causes the port to remain in the unauthorized state, ignoring all attempts by the hosts to authenticate. The switch cannot provide authentication services to the host through the interface.
- auto
-
Enables 802.1x authentication. The port starts in the unauthorized state, allowing only EAPoL frames to be sent and received through the port. Both the router and the host can initiate an authentication procedure. The port will remain in unauthorized state (no traffic except EAPoL frames is allowed) until the first client is authenticated successfully. After this, traffic is allowed on the port for all connected hosts.
Platforms
All
port-down
port-down
Syntax
[no] port-down
Context
[Tree] (config>subscr-mgmt>ancp>ancp-policy port-down)
Full Context
configure subscriber-mgmt ancp ancp-policy port-down
Description
Commands in this context configure the actions taken on port-down.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
port-down
Syntax
[no] port-down port-id
Context
[Tree] (config>vrrp>policy>priority-event port-down)
Full Context
configure vrrp policy priority-event port-down
Description
This command configures a port down priority control event that monitors the operational state of a port or SONET/SDH channel. When the port or channel enters the operational down state, the event is considered set. When the port or channel enters the operational up state, the event is considered cleared.
Multiple unique port-down event nodes can be configured within the priority-event context up to the overall limit of 32 events. Up to 32 events can be defined in any combination of types.
The port-down command can reference an arbitrary port or channel. The port or channel does not need to be preprovisioned or populated within the system. The operational state of the port-down event is set as follows:
-
Set – non-provisioned
-
Set – not populated
-
Set – down
-
Cleared – up
When the port or channel is provisioned, populated, or enters the operationally up or down state, the event operational state is updated appropriately.
When the event enters the operationally down, non-provisioned, or non-populated state, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instances in-use priority value. As the event transitions from cleared to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.
When the event enters the operationally up state, the event is considered to be cleared. Once the events hold-set expires, the effects of the events priority value are immediately removed from the in-use priority of all associated virtual router instances.
The actual effect on the virtual router instance in-use priority value depends on the defined event priority and its delta or explicit nature.
The no form of the command deletes the specific port or channel monitoring event. The event may be removed at anytime. When the event is removed, the in-use priority of all associated virtual router instances will be re-evaluated. The events hold-set timer has no effect on the removal procedure.
Default
no port-down — No port down priority control events are defined.
Parameters
- port-id
-
The port ID of the port monitored by the VRRP priority control event.
The port-id can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy.
Platforms
All
port-format
port-format
Syntax
port-format formatting
no port-format
Context
[Tree] (config>service>vprn>wpp>portals>portal port-format)
[Tree] (config>router>wpp>portals>portal port-format)
Full Context
configure service vprn wpp portals portal port-format
configure router wpp portals portal port-format
Description
This command specifies the encoding format of WPP port attribute.
The standard format is as follows:
<0 to 20 character system-name><1 character separator><2-digit slot><1-digit mda><2-digit port><4-digit top><5-digit bottom>
As a general rule, if a value is not present or is too large to fit in the field, is the field set to all zeros. The following rules apply to standard formats.
-
With a standard port, when the separator is a "-” character, the slot is the slot-id, mda is the mda-id, and the port is the port-id.
-
With an ESAT port, when the separator is a ":” character, the slot is the satellite-id, MDA is satellite slot-id, and the port is satellite port-id.
-
With a PXC port, when separator is a "#” character, the MDA is the PXC subport-id, and the port is the PXC port-id.
-
With a LAG port, the port is the lag-id.
-
With a connector port, the slot is the slot-id, the MDA is the mda-id, and the port is the connector-id.
The vendor-specific format is as follows:
With dot1q, append "%u” with the top vlan-id.
With qinq, append "%u.%u” with the top vlan-id and the bottom vlan-id.
As a general rule, there can be no trailing zeros. The string truncates if it becomes too long. 0 to 16 characters are allowed for the system name. The following rules apply to vendor-specific formats.
-
With a standard port, append "%s-%u/%u/%” with the system-name, slot-id, mda-id, and port-id.
-
With an ESAT port, append "%s-S%u/%u/%u” with the system-name, satellite-id, satellite-slot-id, and satellite-port-id.
-
With a PXC port, append "%s-P%u%c” with the system-name, PXC port-id, and PXC subport-id ? 'a' : 'b'.
-
With a LAG port, append "%s-L%u” with the system-name and lag-id.
-
With a connector port append "%s-%u%uc%u/%u” with the system-name, slot-id, mda-id, connector-id, and connector-port-id.
The no form of this command reverts to the default.
Default
port-format standard
Parameters
- formatting
-
Specifies the encoding format of the WPP port attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
port-forwarding
port-forwarding
Syntax
port-forwarding
Context
[Tree] (config>service>nat port-forwarding)
Full Context
configure service nat port-forwarding
Description
Commands in this context configure NAT port forwarding parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-forwarding-dyn-block-reservation
port-forwarding-dyn-block-reservation
Syntax
[no] port-forwarding-dyn-block-reservation
Context
[Tree] (config>service>vprn>nat>outside>pool port-forwarding-dyn-block-reservation)
[Tree] (config>router>nat>outside>pool port-forwarding-dyn-block-reservation)
Full Context
configure service vprn nat outside pool port-forwarding-dyn-block-reservation
configure router nat outside pool port-forwarding-dyn-block-reservation
Description
This command will enable the reservation of the dynamic port blocks when the first port forward for the subscriber is created. The dynamic port bloc allocation is logged only if the block is being utilized (mapping are created). In other words, dynamic port block reservation due to the port forward creation but without any dynamic mapping, will not be logged.
The reserved port block will be released only when the last mapping in the block expires and there is not port forward associated with the subscriber. The de-allocation log (syslog or Radius) will be generated when the dynamic port block is completely released.
Dynamic port block reservation can be enabled only if the configured maximum number of subscriber per outside IP address is less or equal then the maximum number of configured port blocks per outside IP address.
Default
no port-forwarding-dyn-block-reservation
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-forwarding-range
port-forwarding-range
Syntax
port-forwarding-range [range-start] range-end
no port-forwarding-range
Context
[Tree] (config>service>vprn>nat>outside>pool port-forwarding-range)
[Tree] (config>router>nat>outside>pool port-forwarding-range)
Full Context
configure service vprn nat outside pool port-forwarding-range
configure router nat outside pool port-forwarding-range
Description
This command configures the lower and upper limit for port forwards in the ephemeral port space (wildcard port space) of all IP addresses in a NAT pool. A well-known port range (ports 1 to 1023) is always enabled for port forwards, and it cannot be disabled for pools in NAPT mode.
Pools in 1:1 mode do not support configured port forwards. These pools do not perform port translation and they automatically forward traffic initiated on the outside toward the inside.
Port 0 is always excluded from the port forwarding range.
The upper bound of the wildcard port range is reserved for port forwards. If the value for the range-start is not provided, the wildcard port range implicitly starts at 1024.
range-start 0 cannot be configured by an operator because it is reserved for 1:1 pools that do not support configured port forwards.
If you configure port-forwarding-range 3000, configures ports 1 to 3000 as port forwards. This implies that the well-known ports and wildcard ports are contiguous. If you configure port-forwarding-range 2000 3000, the router implicitly includes ports 1 to 1023, plus enables the wildcard port range 2000 to 3000, which is now disjoined from the well-known ports.
The range-start parameter has additional values that are configurable in the CLI. 0 is reserved for pools that do not support configured port forwards (those are 1:1 pools).
range-start 1 means that well-known ports and wildcard port forwards are contiguous. This is configured by omitting the range-start parameter and only configuring the range-end parameter.
The no form of this command disables the port forwards capability in the wildcard port range of all IP addresses in a NAT pool.
Default ranges in the range-start and range-end parameters in the MIB for the NAT pools that support port forwarding ranges are set to include only well-known ports, range-start 1 and range-end 1023.
Parameters
- range-start
-
Specifies the lower boundary of the wildcard port range reserved for port forwards. When configured, the value must be less than the range-end value.
- range-end
-
Specifies the upper boundary of the wildcard port range reserved for port forwards.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-forwarding-range
Syntax
port-forwarding-range range-end
no port-forwarding-range
Context
[Tree] (config>service>nat>firewall-policy port-forwarding-range)
[Tree] (config>service>nat>nat-policy port-forwarding-range)
Full Context
configure service nat firewall-policy port-forwarding-range
configure service nat nat-policy port-forwarding-range
Description
This command configures the end of the port range available for port forwarding. The start of the range is always equal to one.
The number of ports that can be configured is half of the available block => 64512 : 2 = 32256
In combination with port-forwarding-range the formulas are:
"max port-reservation blocks" = 65535 - "port-forwarding-range"
"max port-reservation ports" = (65535 - "port-forwarding-range") / 2
with:
the default min value for "port-forwarding-range" = 1023
Also, the same applies for max port-forwarding-range if the port-reservation is already configured:
"max port-forwarding-range" = 65535 - "port-reservation blocks"
"max port-forwarding-range" = 65535 - ("port-reservation ports" * 2)
The no form of the command reverts to the default.
Default
port-forwarding-range 1023
Parameters
- range-end
-
Specifies the end of the port range available for port forwarding.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat firewall-policy port-forwarding-range
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat nat-policy port-forwarding-range
port-id
port-id
Syntax
[no] port-id
Context
[Tree] (config>router>if>dhcp>option>vendor-specific-option port-id)
Full Context
configure router interface dhcp option vendor-specific-option port-id
Description
This command enables sending of the port-id in the Nokia vendor specific suboption of the DHCP relay packet
The no form of this command disables the sending.
Default
no port-id
Platforms
All
port-id-subtype
port-id-subtype
Syntax
port-id-subtype {tx-if-alias | tx-if-name | tx-local}
Context
[Tree] (config>port>ethernet>lldp>dstmac port-id-subtype)
Full Context
configure port ethernet lldp dest-mac port-id-subtype
Description
This command specifies how to encode the PortID TLV transmit to the peer. The default setting tx-local (ifindex value) is required by some versions of the NSP NSM-P to properly build the Layer 2 topology map using LLDP. Changing this value to transmit the ifname ( tx-if-name) or ifAlias (tx-if-alias) in place of the ifindex (tx-local) may affect the ability of the NSP NFM-P to build the Layer 2 topology map using LLDP.
Default
port-id-subtype tx-local
Parameters
- tx-if-alias
-
Transmits the ifAlias String (subtype 1) that describes the port as stored in the IF-MIB, either user configured or the default entry (i.e. 10/100/Gig Ethernet SFP).
- tx-if-name
-
Transmits the ifName string (subtype 5) that describes the port as stored in the IF-MIB ifName info.
- tx-local
-
The interface ifIndex value (subtype 7) as the PortID.
Platforms
All
port-limits
port-limits
Syntax
port-limits
Context
[Tree] (config>service>nat>nat-policy port-limits)
[Tree] (config>service>nat>up-nat-policy port-limits)
[Tree] (config>service>nat>firewall-policy port-limits)
Full Context
configure service nat nat-policy port-limits
configure service nat up-nat-policy port-limits
configure service nat firewall-policy port-limits
Description
This command configures the port limits of this policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat up-nat-policy port-limits
- configure service nat nat-policy port-limits
7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat firewall-policy port-limits
port-list
port-list
Syntax
port-list port-list-name [create]
no port-list port-list-name
Context
[Tree] (config>app-assure>group port-list)
Full Context
configure application-assurance group port-list
Description
This command defines an AA group or partition named port-list, which contains a list of port numbers or port ranges. The port list is then referenced in AA policy app-filters, allowing increased flexibility in the use of server ports or HTTP proxy ports for application definition.
The no form of this command removes the list.
Parameters
- port-list-name
-
Specifies the name of the port list.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-list
Syntax
port-list port-list-name [create]
no port-list port-list-name
Context
[Tree] (config>filter>match-list port-list)
Full Context
configure filter match-list port-list
Description
This command creates a list of TCP/UDP/SCTP port values or ranges for match criteria in IPv4 and IPv6 ACL and CPM filter policies.
The no form of this command deletes the specified list.
Operational notes:
SCTP port match is supported in ACL filter policies only.
A port-list must contain only TCP/UDP/SCTP port values or ranges.
A TCP/UDP/SCTP port match list cannot be deleted if it is referenced by a filter policy.
See general description related to match-list usage in filter policies.
Parameters
- port-list-name
-
Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.
Platforms
All
port-list
Syntax
port-list port-list-name [create]
no port-list port-list-name
Context
[Tree] (config>qos>match-list port-list)
Full Context
configure qos match-list port-list
Description
This command creates a list of port values or ranges for match criteria in QoS policies.
The no form of this command deletes the specified list.
Parameters
- port-list-name
-
Specifies a port list name, up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-map
port-map
Syntax
port-map client-port-id primary primary-uplink-port-id [secondary secondary-uplink-port-id]
port-map client-port-id system-default
Context
[Tree] (config>system>satellite>eth-sat port-map)
Full Context
configure system satellite eth-sat port-map
Description
This command configures the mapping between a satellite client port and its associated uplink. This command allows both a primary and an optional secondary uplink to be configured.
If a secondary uplink is configured, it is used to forward traffic if the primary uplink is down for any reason.
Before an uplink can be used as either a primary or secondary uplink, it must be configured using the port-topology configuration command.
To return the uplink association to its default the port-map client-port-id system-default command should be used.
Parameters
- client-port-id
-
Specifies the satellite client port associated with the port mapping, in the format esat- id/slot/port.
- primary-uplink-port-id
-
Specifies the primary satellite uplink to be associated with the associate client port, in the format esat-id/slot/uport where id is 1 to 20.
- secondary-uplink-port-id
-
Specifies the secondary satellite uplink to be associated with the associate client port, in the format esat-id/slot/uport where id is 1 to 20.
- system-default
-
Specifies to set the port map to the system default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-num
port-num
Syntax
port-num virtual-port-number
no port-num [virtual-port-number]
Context
[Tree] (config>service>vpls>spoke-sdp>stp port-num)
[Tree] (config>service>vpls>sap>stp port-num)
Full Context
configure service vpls spoke-sdp stp port-num
configure service vpls sap stp port-num
Description
This command configures the virtual port number which uniquely identifies a SAP within configuration bridge protocol data units (BPDUs). The internal representation of a SAP is unique to a system and has a reference space much bigger than the 12 bits definable in a configuration BPDU. STP takes the internal representation value of a SAP and identifies it with its own virtual port number that is unique to every other SAP defined on the TLS. The virtual port number is assigned at the time that the SAP is added to the TLS. Since the order that the SAP was added to the TLS is not preserved between reboots of the system, the virtual port number may change between restarts of the STP instance.
The virtual port number cannot be administratively modified.
Platforms
All
port-overall-rate
port-overall-rate
Syntax
port-overall-rate packet-rate-limit [low-action-priority]
no port-overall-rate
Context
[Tree] (config>sys>security>cpu-protection port-overall-rate)
Full Context
configure system security cpu-protection port-overall-rate
Description
This command configures a per-port overall rate limit for CPU protection.
Default
port-overall-rate max
Parameters
- packet-rate-limit
-
Specifies an overall per-port packet arrival rate limit in packets per second.
- action-low-priority
-
Marks packets that exceed the rate as low-priority (for preferential discard later if there is congestion in the control plane) instead of discarding them immediately.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
port-parent
port-parent
Syntax
parent [weight weight] [level level] [ cir-weight cir-weight] [cir-level cir-level]
no parent
Context
[Tree] (config>qos>sap-egress>dynamic-queue port-parent)
Full Context
configure qos sap-egress dynamic-queue port-parent
Description
This command configures the queue treatment by the port parent that governs the available bandwidth for the queue. When multiple queues share a child status with the parent port, the weight and level options define how this queue contends with the other children for the above-CIR parent bandwidth. The cir-weight and cir-level options specify the weight the queue uses for the within-CIR port priority.
Parameters
- weight
-
Specifies the relative weight of this queue in comparison to other child queues while vying for above-CIR priority level bandwidth on the parent scheduler. Any queues defined as weighted receive no parental bandwidth, until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.
- level
-
Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to feed to the parent, for above-CIR offered load bandwidth passes.
- cir-weight
-
Specifies the weight the queue uses at the within-CIR port priority level. This applies to any charging statistics also. The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight option is set to 0 (the default), the queue does not receive bandwidth during the port scheduler's within-CIR passes and the cir-level option is ignored. If the cir-weight is 1 or greater, the cir-level option comes into play.
- cir-level
-
Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to fed to the port parent, for within-CIR offered load bandwidth passes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
port-parent
Syntax
port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]
no port-parent
Context
[Tree] (config>qos>sap-egress>policer port-parent)
Full Context
configure qos sap-egress policer port-parent
Description
This command specifies whether this SAP egress policer feeds off a port-level scheduler. When configured, the policer is parented by a port-level scheduler. This requires that policers-hqos-manageable be configured in the SAP egress QoS policy. This command and the SAP egress policer scheduler-parent and the parent commands are mutually exclusive.
The port-parent command defines a child/parent association between an egress policer and a port-based scheduler or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the policer. If the port-parent command is executed without any parameters, the default parameters are used.
In this context, the port-parent command and the scheduler-parent command (used to create a parent/child association between a queue and an intermediate scheduler) are mutually exclusive. Executing a port-parent command when a scheduler-parent definition exists causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a scheduler-parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler association.
Changing the parent context on a SAP egress policy policer may cause a SAP or subscriber or a multiservice site context of the policer (policy associated with a SAP or subscriber profile or a multiservice site) to enter an orphaned state. If an instance of a policer is created on a port or channel that does not have a port scheduler enabled, and the SAP egress policy creating the policer has a port parent association, the policer will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a policer is on a port or channel that has a port scheduler configured and the SAP egress policy defines the policer as having a non-existent intermediate scheduler parent, the policer will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.
The no form of this command removes a port scheduler parent association for the policer. When removed, if a port scheduler is defined on the port on which the policer instance exists, the policer will be treated as orphaned to the port scheduler.
Default
no port-parent
Parameters
- weight weight
-
Specifies the weight that the policer will use at the above-CIR port priority level (defined by the level parameter).
All weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.
The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the weight parameter is set to a value of 0, the policer receives bandwidth only after other children with a non-zero weight at this level.
- level level
-
Specifies the port priority that the policer uses to receive bandwidth for its above-CIR offered load.
- cir-weight cir-weight
-
Specifies the weight that the policer uses at the within-CIR port priority level (defined by the cir-level parameter).
All cir-weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.
The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the policer receives bandwidth only after the other children with a non-zero weight at this level.
- cir-level cir-level
-
Specifies the port priority that the policer will use to receive bandwidth for its within-CIR offered load. If the cir-level parameter is set to a value of 0 (the default value), the policer does not receive bandwidth during the port schedulers within-CIR pass and the cir-weight parameter is ignored. If the cir-level parameter is 1 or greater, the cir- weight parameter is used.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, VSR
port-parent
Syntax
port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]
no port-parent
Context
[Tree] (config>qos>sap-egress>queue port-parent)
Full Context
configure qos sap-egress queue port-parent
Description
This command specifies whether this queue feeds off a port-level scheduler. When configured, this SAP egress queue is parented by a port-level scheduler. This object is mutually exclusive with SAP egress queue parent. Only one kind of parent is allowed.
The port-parent command defines a child/parent association between an egress queue and a port-based scheduler or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the queue or scheduler. If the port-parent command is executed without any parameters, the default parameters are assumed.
In this context, the port-parent command is mutually exclusive to the parent command (used to create a parent/child association between a queue and an intermediate scheduler). Executing a port-parent command when a parent definition is in place causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler name.
Changing the parent context on a SAP egress policy queue may cause a SAP or subscriber or multiservice site context of the queue (policy associated with a SAP or subscriber profile or multiservice site) to enter an orphaned state. If an instance of a queue is created on a port or channel that does not have a port scheduler enabled and the sap-egress policy creating the queue has a port-parent association, the queue will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a queue is on a port or channel that has a port scheduler configured and the sap-egress policy defines the queue as having a non-existent intermediate scheduler parent, the queue will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.
The no form of this command removes a port scheduler parent association for the queue or scheduler. If a port scheduler is defined on the port on which the queue or scheduler instance exists, the queue or scheduler will become orphaned if an port scheduler is configured on the egress port of the queue or scheduler.
Default
no port-parent
Parameters
- weight weight
-
Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).
- level level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.
- cir-weight cir-weight
-
Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
- cir-level cir-level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
port-parent
Syntax
port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]
no port-parent
Context
[Tree] (config>qos>network-queue>queue port-parent)
Full Context
configure qos network-queue queue port-parent
Description
This command specifies whether this queue feeds off a port-level scheduler. For the network-queue policy context, only the port-parent command is supported. When a port scheduler exists on the port, network queues without a port-parent association will be treated as an orphan queue on the port scheduler and treated according to the current orphan behavior on the port scheduler. If the port-parent command is defined for a network queue on a port without a port scheduler defined, the network queue will operate as if a parent association does not exist. When a port scheduler policy is associated with the egress port, the port-parent command will come into effect.
When a network-queue policy is associated with an FP for ingress queue definition, the port-parent association of the queues is ignored.
The no form of this command removes a port scheduler parent association for the queue or scheduler. If a port scheduler is defined on the port then the queue or scheduler instance exists, the queue or scheduler will become orphaned.
Default
no port-parent
Parameters
- weight weight
-
Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).
- level level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.
- cir-weight cir-weight
-
Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.
- cir-level cir-level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
port-parent
Syntax
port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]
no port-parent
Context
[Tree] (config>qos>qgrps>egr>qgrp>queue port-parent)
Full Context
configure qos queue-group-templates egress queue-group queue port-parent
Description
This command defines the port scheduling parameters used to control the queue’s behavior when a virtual egress port scheduling is enabled where the egress queue group template is applied. The port-parent command follows the same behavior and provisioning characteristics as the parent command in the SAP egress QoS policy. The port-parent command and the parent command are mutually exclusive.
The no form of this command removes the values from the configuration.
Parameters
- weight weight
-
Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).
- level level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.
- cir-weight cir-weight
-
Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.
- cir-level cir-level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.
Platforms
All
port-parent
Syntax
port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]
no port-parent
Context
[Tree] (config>qos>scheduler-policy>tier>scheduler port-parent)
Full Context
configure qos scheduler-policy tier scheduler port-parent
Description
The port-parent command defines a child/parent association between an egress scheduler and a port-based scheduler, or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the scheduler. If the port-parent command is executed without any parameters, the default parameters are assumed.
In this context, the port-parent command and the parent command (used to create a parent/child association to an intermediate scheduler) are mutually exclusive. Executing a port-parent command when a parent definition is in place causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler name.
Changing the parent context on a SAP egress policy policer or queue may cause a SAP or subscriber context of the policer or queue (policy associated with a SAP or subscriber profile) to enter an orphaned state. If an instance of a policer or queue is created on a port or channel that does not have a port scheduler enabled and the sap-egress policy creating the policer queue has a port-parent association, the policer or queue will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a policer or queue is on a port or channel that has a port scheduler configured and the sap-egress policy defines the policer or queue as having a non-existent intermediate scheduler parent, the policer or queue will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.
The no form of this command removes a port scheduler parent association for the scheduler. If a port scheduler is defined on the port that the scheduler instance exists, the scheduler will become orphaned if an port scheduler is configured on the egress port of the queue or scheduler.
Default
no port-parent
Parameters
- weight weight
-
Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).
- level level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.
- cir-weight cir-weight
-
Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
- cir-level cir-level
-
Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.
Platforms
All
port-policy
port-policy
Syntax
port-policy [port-policy]
no port-policy
Context
[Tree] (config>isa>wlan-gw-group port-policy)
Full Context
configure isa wlan-gw-group port-policy
Description
This command configures the port policy of this WLAN Gateway ISA group. If a port policy is associated with a WLAN Gateway ISA group, ports created for this group can take applicable configuration from that port policy. This port policy is applicable to those ports that take part in the per-tunnel QoS processing.
The no form of the command removes the port-policy name from the configuration.
Default
no port-policy
Parameters
- port-policy
-
Specifies the port policy of this WLAN Gateway ISA group, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-policy
Syntax
port-policy port-policy-name [create]
no port-policy port-policy-name
Context
[Tree] (config port-policy)
Full Context
configure port-policy
Description
This command either creates a new port-policy with create parameter or enters the configuration context of an existing port-policy.
The no form of this command removes the port policy name from the configuration.
Parameters
- port-policy-name
-
Specifies the name of port-policy up to 32 characters.
- create
-
Creates the port-policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-policy
Syntax
port-policy policy-name
no port-policy
Context
[Tree] (config>isa>lns-group port-policy)
Full Context
configure isa lns-group port-policy
Description
This command enables policies referenced in the config>port-policy context to be created under ports. These are the ports that link the carrier IOM to the ISA, and are hidden within the system (they cannot be created through the CLI). They are created automatically. Use the show port command to view information.
Currently only the port scheduler policy is supported. Each lns-esm port in the lns-group receives an independent port scheduler instance. The port schedulers are instantiated in the carrier IOM on the lns-esm ports that carry PPPoE traffic in the downstream direction towards the ISA before the PPPoE traffic is L2TP encapsulated.
The no form of the command removes the policy name from the configuration.
Default
no port-policy
Parameters
- policy-name
-
Specifies the port policy of this LNS group, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-range-block
port-range-block
Syntax
[no] port-range-block
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes port-range-block)
Full Context
configure aaa isa-radius-policy acct-include-attributes port-range-block
Description
This command enables the inclusion of the NAT port range block attributes.
The no form of the command excludes NAT port range block attributes.
Default
no port-range-block
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-recorder
port-recorder
Syntax
[no] port-recorder
Context
[Tree] (debug>app-assure>group port-recorder)
Full Context
debug application-assurance group port-recorder
Description
This commands allows to stop or start the http-host-recorder. To reset the recorded values execute shutdown followed by no shutdown.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-redirect-group
port-redirect-group
Syntax
port-redirect-group {queue queue-id | policer policer-id [queue queue-id]}
no port-redirect-group
Context
[Tree] (config>qos>network>egress>fc port-redirect-group)
Full Context
configure qos network egress fc port-redirect-group
Description
This command is used to redirect the FC of a packet of a pseudowire (PW) or network IP interface to an egress port queue group.
It defines the mapping of an FC to a queue ID or a policer ID and a queue ID and redirects the lookup of the queue or policer of the same ID in some egress port queue-group instance. However, the queue-group name and instance are explicitly provided only at the time the network QoS policy is applied to egress context of a spoke-sdp or a network IP interface.
The no version of this command removes the redirection of the FC.
Parameters
- queue-id
-
This parameter must be specified when executing the port-redirect-group command. The specified queue-id must exist within the egress port queue group on each IP interface where the network QoS policy is applied.
- policer id
-
The specified policer-id must exist within the queue-group template applied to the ingress context of the forwarding plane.
Platforms
All
port-reservation
port-reservation
Syntax
port-reservation blocks num-blocks
port-reservation ports num-ports
no port-reservation
Context
[Tree] (config>router>nat>outside>pool port-reservation)
[Tree] (config>service>vprn>nat>outside>pool port-reservation)
Full Context
configure router nat outside pool port-reservation
configure service vprn nat outside pool port-reservation
Description
This command configures the size of the port-block that will be assigned to a host that is served by this pool. The number of ports configured are available to UDP, TCP and ICMP (as identifiers).
Parameters
- num-blocks
-
Specifies the number of port-blocks per IP address. Setting this parameter to one (1) for large scale NAT enables 1:1 NAT for IP addresses in this pool.
- num-ports
-
Specifies the number of ports per block.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-reservation
Syntax
port-reservation num-ports
no port-reservation
Context
[Tree] (config>service>vprn>nat>outside>pool>deterministic port-reservation)
[Tree] (config>router>nat>outside>pool>deterministic port-reservation)
Full Context
configure service vprn nat outside pool deterministic port-reservation
configure router nat outside pool deterministic port-reservation
Description
This command is applicable only to deterministic NAT. It configures the number of deterministic ports per subscriber (for example a subscriber is an inside IP address in LSN44 or IPv6 address or prefix in DS-Lite). Once this command is enabled, the pool will transition into deterministic mode of operation. This means that the subscribers can use dynamic port-blocks in the pool only as a mean to expand the range of originally assigned deterministic ports. A pool with such property is referred to as deterministic pool. However, deterministic NAT and non-deterministic NAT cannot use the same pool simultaneously.
All subscribers in deterministic pool are pre-mapped during the configuration phase to outside IP addresses and deterministic port-blocks. Because of this, the deterministic pool cannot be oversubscribed with subscribers (first-come, first-served).
Once the deterministic pool becomes operational (no shutdown) a log is created. The same applies if the pool is disabled (shutdown). As a result of this one-time logging, there will be no additional logging when a subscriber starts using ports from the pre-assigned deterministic port block. This drastically reduces the logging overhead. However, when a deterministic port block is expanded by a dynamic port block, a log will be created on any allocation/de-allocation of the dynamic port block. The logs are also created for static port forwards (including PCP).
The number of subscribers per outside IP address (subscriber-limit) multiplied by the number of deterministic ports per subscriber (port-reservation) will determine the port range of an outside IP address that will be dedicated to deterministic mappings. The number of subscribers per outside IP address in deterministic NAT must be power of 2 (2^n). Once the deterministic ports are allocated, the dynamic ports are carved out of the remaining port space of the same outside IP address according to the existing port-reservation command under the same hierarchy,
Parameters
- num-ports
-
Specifies the number of ports in a deterministic port block that is allocated and dedicated to a single subscribers during the configuration phase.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-reservation
Syntax
[no] port-reservation
Context
[Tree] (config>service>nat>pcp-server-policy>option port-reservation)
Full Context
configure service nat pcp-server-policy option port-reservation
Description
This command enables/disables support for the port-reservation option.
Default
no port-reservation
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-role
port-role
Syntax
[no] port-role
Context
[Tree] (debug>service>id>stp port-role)
Full Context
debug service id stp port-role
Description
This command enables STP debugging for changes in port roles.
Platforms
All
port-scheduler-policy
port-scheduler-policy
Syntax
port-scheduler-policy port-scheduler-policy-name
no port-scheduler-policy
Context
[Tree] (config>port>ethernet>access>egress>vport port-scheduler-policy)
Full Context
configure port ethernet access egress vport port-scheduler-policy
Description
This command specifies the destination and organization strings to be used for matching subscriber hosts with this Vport.
The parent Vport of a subscriber host queue, which has the port-parent option enabled, is determined by matching the destination string dest string associated with the subscriber and the organization string org string associated with the subscriber host with the strings defined under a Vport on the port associated with the subscriber.
If a given subscriber host policers or queue does not have the port-parent option enabled, it is foster-parented to the Vport used by this subscriber and which is based on matching the dest string and org string. If the subscriber could not be matched with a Vport on the egress port, the host policer or queue will not be bandwidth controlled and competes for bandwidth directly based on its own PIR and CIR parameters.
By default, a subscriber host policer or queue with the port-parent option enabled is scheduled within the context of the port’s port scheduler policy.
The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate or port-scheduler-policy involves removing the existing command and applying the new command. Applying a scheduler policy to a Vport is only applicable to Ethernet interfaces.
The no form of this command removes the port-scheduler-policy-name from the configuration.
The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate/port-scheduler-policy involves removing the existing command and applying the new command.
The no form of this command reverts to the default.
Parameters
- port-scheduler-policy-name
-
Specifies an existing port-scheduler-policy configured in the config>qos context.
Platforms
All
port-scheduler-policy
Syntax
port-scheduler-policy port-scheduler-policy-name
no port-scheduler-policy
Context
[Tree] (config>isa>aa-grp>qos>egress>to-subscriber port-scheduler-policy)
[Tree] (config>isa>aa-grp>qos>egress>from-subscriber port-scheduler-policy)
Full Context
configure isa application-assurance-group qos egress to-subscriber port-scheduler-policy
configure isa application-assurance-group qos egress from-subscriber port-scheduler-policy
Description
This command assigns an existing port scheduler policy as applicable to the specific application assurance group traffic.
Default
no port-scheduler-policy
Parameters
- port-scheduler-policy-name
-
Specifies the name of an existing port scheduler policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-scheduler-policy
Syntax
port-scheduler-policy port-scheduler-name [ create]
no port-scheduler-policy port-scheduler-name
Context
[Tree] (config>qos port-scheduler-policy)
Full Context
configure qos port-scheduler-policy
Description
When a port scheduler has been associated with an egress port, it is possible to override the following parameters:
-
The max-rate allowed for the scheduler
-
The maximum rate for each priority level (1 to 8)
-
The cir associated with each priority level (1 to 8)
The orphan priority level (level 0) has no configuration parameters and cannot be overridden.
The no form of this command removes a port scheduler policy from the system. If the port scheduler policy is associated with an egress port or channel, the command will fail.
Parameters
- port-scheduler-name
-
Specifies an existing port scheduler name. Each port scheduler must be uniquely named within the system and can be up to 32 ASCII characters.
Platforms
All
port-scheduler-policy
Syntax
port-scheduler-policy src-name dst-name [overwrite]
Context
[Tree] (config>qos>copy port-scheduler-policy)
Full Context
configure qos copy port-scheduler-policy
Description
This command copies existing QoS policy entries for a QoS policy to another QoS policy.
The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.
If overwrite is not specified, an error will occur if the destination policy exists.
Parameters
- src-name dst-name
-
Indicates that the source policy and the destination policy are port scheduler policy IDs. Specify the source policy that the copy command will attempt to copy from and specify the destination policy name to which the command will copy a duplicate of the policy.
- overwrite
-
Forces the destination policy name to be copied as specified. When forced, everything in the existing destination policy will be completely overwritten with the contents of the source policy.
Platforms
All
port-set
port-set
Syntax
[no] port-set
Context
[Tree] (config>service>nat>pcp-server-policy>option port-set)
Full Context
configure service nat pcp-server-policy option port-set
Description
This command enables PORT_SET option support. When this command is disabled, the PCP uses a plain MAP option to allocate a single port at a time. This is default behavior. Instead of asking for each individual port in multiple requests through the MAP option, this port-set option allows individual ports to ask the SR OS for a set of ports at once in a single request.
The no form of this command disables PORT_SET option support.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port-state
port-state
Syntax
[no] port-state
Context
[Tree] (debug>service>id>stp port-state)
Full Context
debug service id stp port-state
Description
This command enables STP debugging for port states.
The no form of the command disables debugging.
Platforms
All
port-template
port-template
Syntax
port-template template-name sat-type sat-type [create]
no port-template template-name
Context
[Tree] (config>system>satellite port-template)
Full Context
configure system satellite port-template
Description
This command creates a new port template context to define the port usage for a specific satellite type. A port template is specific to the specified satellite type. Port templates must be configured separately using different template names for each different satellite chassis type.
The no form of this command deletes the specified port template.
Parameters
- template-name
-
Specifies the name for the associated port template. This value must be unique in the network.
- sat-type
-
Specifies the type of satellite chassis associated with the port-template.
- create
-
Creates a new port template.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-threshold
port-threshold
Syntax
port-threshold value [action { dynamic-cost | static-cost | down}] [ cost static-cost]
no port-threshold
Context
[Tree] (config>lag port-threshold)
Full Context
configure lag port-threshold
Description
This command configures the behavior for the Link Aggregation Group (LAG) if the number of operational links is equal to or below a threshold level.
Nokia recommends that operators use the weight-threshold or hash-weight-threshold command instead of the port-threshold command to control LAG operational status. For example, when 10GE and 100GE ports are mixed in a LAG, each 10GE port will have a weight of 1, while each 100GE port will have a weight of 10.
The weight-threshold or hash-weight-threshold command can also be used for LAGs with all ports of equal speed to allow a common operational model. For example, each port has a weight of 1 to mimic port-threshold and its related configuration.
The no form of this command reverts to the default values.
Default
port-threshold 0 action down
Parameters
- value
-
Specifies the decimal integer threshold number of operational links for the LAG at or below which the configured action is invoked. If the number of operational links exceeds the port-threshold value, any action taken for being below the threshold value will cease.
- action
-
Specifies the action to take if the number of active links in the LAG is at or below the threshold value.
- dynamic-cost
-
Specifies that dynamic costing is activated. As a result, the LAG remains operationally up with a cost relative to the number of operational links. The link is only regarded as operationally down when all links in the LAG are down.
- static-cost
-
Specifies that static costing is activated. As a result, the LAG remains operationally up with the configured cost, regardless of the number of operational links. The link is only regarded as operationally down when all links in the LAG are down.
- down
-
Specifies that LAG is brought operationally down if the number of operational links is equal to or less than the configured threshold value. The LAG is only regarded as up once the number of operational links exceeds the configured threshold value.
- static-cost
-
Specifies decimal integer static cost of the LAG.
Platforms
All
port-topology
port-topology
Syntax
port-topology
Context
[Tree] (config>system port-topology)
Full Context
configure system port-topology
Description
This parameter creates or edits the context to configure intra-node port connections.
Default
disabled
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-type
port-type
Syntax
port-type lag-port-type
no port-type
Context
[Tree] (config>lag port-type)
Full Context
configure lag port-type
Description
This command configures the port type for the link aggregation group.
The no form of this command reverts to the default.
Default
port-type standard
Parameters
- lag-port-type
-
Specifies the type of ports allowed in this LAG.
Platforms
7750 SR-7/12/12e
port-xc
port-xc
Syntax
port-xc
Context
[Tree] (config port-xc)
Full Context
configure port-xc
Description
Commands in this context configure port-cross connect functionality.
Platforms
All
port1
port1
Syntax
port1 {eq | neq} port-num
no port1
Context
[Tree] (debug>app-assure>group>traffic-capture>match port1)
Full Context
debug application-assurance group traffic-capture match port1
Description
This command configures debugging on port 1.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
port2
port2
Syntax
port2 {eq | neq} port-num
no port2
Context
[Tree] (debug>app-assure>group>traffic-capture>match port2)
Full Context
debug application-assurance group traffic-capture match port2
Description
This command configures debugging on port 2.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
portal
portal
Syntax
portal router router-instance name wpp-portal-name
no portal
Context
[Tree] (config>service>ies>sub-if>grp-if>wpp portal)
[Tree] (config>service>vprn>sub-if>grp-if>wpp portal)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>wpp portal)
Full Context
configure service ies subscriber-interface group-interface wpp portal
configure service vprn subscriber-interface group-interface wpp portal
configure subscriber-mgmt local-user-db ipoe host wpp portal
Description
This command specifies the web portal server that system talks to for the hosts on the group-interface. This command is mutually exclusive with the portal-group command.
The no form of this command removes the router instance or portal name from the configuration.
Parameters
- router-instance
-
Specifies the virtual router instance.
- wpp-portal-name
-
Specifies the name of the web portal server up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal
Syntax
[no] portal router router-instance name wpp-portal-name
Context
[Tree] (config>aaa>wpp>portal-groups>portal-group portal)
Full Context
configure aaa wpp portal-groups portal-group portal
Description
This command configures the portal for this portal group.
Parameters
- router-instance
-
Specifies the virtual router instance.
- wpp-portal-name
-
Specifies the name of the web portal server up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal
Syntax
[no] portal wpp-portal-name
Context
[Tree] (debug>router>wpp portal)
Full Context
debug router wpp portal
Description
This command enables WPP debugging for the specified WPP portal.
Parameters
- wpp-portal-name
-
Specifies the WPP portal name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal
Syntax
[no] portal
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state portal)
Full Context
configure subscriber-mgmt wlan-gw ue-query state portal
Description
This command enables matching on UEs in a portal state.
The no form of this command disables matching on UEs in a portal state, unless all state matching is disabled.
Default
no portal
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
portal-group
portal-group
Syntax
portal-group portal-group-name
no portal-group
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>wpp portal-group)
Full Context
configure subscriber-mgmt local-user-db ipoe host wpp portal-group
Description
This command configures the WPP portal group name. This command is mutually exclusive with the portal command.
Parameters
- portal-group-name
-
Specifies the WPP portal group name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal-group
Syntax
portal-group portal-group-name [create]
no portal-group portal-group-name
Context
[Tree] (config>aaa>wpp>portal-groups portal-group)
Full Context
configure aaa wpp portal-groups portal-group
Description
This command creates a new portal group or enters the configuration context of an existing port group.
Parameters
- portal-group-name
-
Specifies the portal group name up to 32 characters.
- create
-
Keyword required to create the configuration context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal-group
Syntax
portal-group portal-group-name
no portal-group
Context
[Tree] (config>service>ies>sub-if>grp-if>wpp portal-group)
[Tree] (config>service>vprn>sub-if>grp-if>wpp portal-group)
Full Context
configure service ies subscriber-interface group-interface wpp portal-group
configure service vprn subscriber-interface group-interface wpp portal-group
Description
This command specifies the WPP portal group for the subscriber interface. This command is mutually exclusive with the portal command.
The no form of this command removes the name from the service configuration.
Parameters
- portal-group-name
-
Specifies the portal group name up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal-groups
portal-groups
Syntax
portal-groups
Context
[Tree] (config>aaa>wpp portal-groups)
Full Context
configure aaa wpp portal-groups
Description
Commands in this context configure portal group parameters for WPP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
portal-hold-time
portal-hold-time
Syntax
portal-hold-time seconds
no portal-hold-time
Context
[Tree] (config>subscr-mgmt>http-rdr-plcy portal-hold-time)
Full Context
configure subscriber-mgmt http-redirect-policy portal-hold-time
Description
This command configures the time for which the forwarding state applicable during redirect phase is held in the system, after the user has been authenticated on the portal. This allows the HTTP response from the portal to be forwarded back on the existing connection.
Parameters
- seconds
-
Specifies how long the system holds on to re-direct forwarding resources of a subscriber, after it has left the re-direct portal.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
portals
portals
Syntax
portals
Context
[Tree] (config>service>vprn>wpp portals)
[Tree] (config>router>wpp portals)
Full Context
configure service vprn wpp portals
configure router wpp portals
Description
Commands in this context configure WPP portal server parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ports
ports
Syntax
ports
Context
[Tree] (config>qos>fp-resource-policy ports)
Full Context
configure qos fp-resource-policy ports
Description
This command enters the ports context.
Platforms
7750 SR-1, 7750 SR-s
ports
Syntax
ports num-ports
no ports
Context
[Tree] (config>service>nat>up-nat-policy>port-block-extensions ports)
Full Context
configure service nat up-nat-policy port-block-extensions ports
Description
This command configures the number of ports in extended port blocks for the NAT subscriber.
Parameters
- num-ports
-
Specifies the number of ports per extended port block.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
positive-app-id
positive-app-id
Syntax
positive-app-id
Context
[Tree] (config>app-assure>group>ip-id-asst positive-app-id)
Full Context
configure application-assurance group ip-identification-assist positive-app-id
Description
Commands in this context implement the positive application identification mechanism, which monitors the correlations between IP addresses and applications identified with a high degree of confidence independently of any IP identification assist mechanism.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
post-policer-mapping
post-policer-mapping
Syntax
post-policer-mapping mapping-policy-name [ create]
no post-policer-mapping mapping-policy-name
Context
[Tree] (config>qos post-policer-mapping)
Full Context
configure qos post-policer-mapping
Description
This command configures a post-policer mapping policy which is used to remap a packet's forwarding class and profile state to another forwarding class and profile state for post-policer traffic.
A post-policer mapping policy is created without any forwarding class or profile remapping statements. If an empty policy is applied to a SAP-egress QoS policy, no remapping occurs.
The no form of this command deletes the post-policer mapping policy. A post-policer mapping policy can only be deleted if there are no references to it.
Parameters
- mapping-policy-name
-
Specifies the name of the post-policer mapping policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
post-policer-mapping
Syntax
post-policer-mapping src-name dst-name [ overwrite]
Context
[Tree] (config>qos>copy post-policer-mapping)
Full Context
configure qos copy post-policer-mapping
Description
This command copies an existing post-policer mapping policy to another policy name.
The copy command is used to create new policies using existing policies and also allows bulk modifications to an existing policy with the use of the overwrite keyword.
Parameters
- src-name
-
Specifies the source policy name that the copy command attempts to copy from.
- dst-name
-
Specifies the destination policy name to which the command copies a duplicate of the policy.
- overwrite
-
Specifies that the existing destination policy is to be replaced. Everything in the existing destination policy is overwritten with the contents of the source policy. If overwrite is not specified, an error occurs if the destination policy name exists.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
post-policer-mapping
Syntax
post-policer-mapping mapping-policy-name
no post-policer-mapping
Context
[Tree] (config>qos>sap-egress post-policer-mapping)
Full Context
configure qos sap-egress post-policer-mapping
Description
This command applies a post-policer mapping policy in a SAP egress QoS policy. The policy contains forwarding class and profile remapping statements, which remap the forwarding class and profile state of an egress policed packet (the profile being the resulting profile after the packet has been processed by the egress policer) to another forwarding class and profile.
The remapping applies to all policers within the SAP egress QoS policy, including regular child policers and policers configured in an IP/IPv6 criteria action statement, except for dynamic policers.
Post-policer mapping is supported on FP3- and higher-based hardware, with the exception of the 7750 SR-a4/a8, which does not support egress policers resulting in the policy being ignored.
The no form of this command deletes the post-policer mapping policy from the SAP egress QoS policy.
Parameters
- mapping-policy-name
-
Specifies the name of the post-policer mapping policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
power
power
Syntax
power power-state
Context
[Tree] (config>system>bluetooth power)
Full Context
configure system bluetooth power
Description
This command sets the operating mode of the Bluetooth module. This can be powered off or powered on but requires the pairing button to initiate the pairing operation, or powered on and continuously pairing.
The pairing-button setting also impacts how pairing operations work.
Default
power off
Parameters
- power-state
-
Specifies the power state.
Platforms
7750 SR-1, 7750 SR-s, 7950 XRS-20e
power-priority-level
power-priority-level
Syntax
power-priority-level priority
no power-priority-level
Context
[Tree] (config>card>mda power-priority-level)
[Tree] (config>card>xiom>mda power-priority-level)
Full Context
configure card mda power-priority-level
configure card xiom mda power-priority-level
Description
This command sets the power priority value for an XMA or MDA-s on platforms that support intelligent power management.
Default
power-priority-level 150
Parameters
- priority
-
Specifies the power priority level. An operator must assign a priority value to each XMA or MDA-s using a range of number from 1 to 200. The lowest number has the highest priority. The priority number range from 1 to 100 should be used for modules considered essential for system operation. Lower priority values of 101 to 200 should be used for non-essential modules.
Platforms
7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS
- configure card mda power-priority-level
7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s
- configure card xiom mda power-priority-level
power-safety-alert
power-safety-alert
Syntax
power-safety-alert wattage
Context
[Tree] (config>system>pwr-mgmt power-safety-alert)
Full Context
configure system power-management power-safety-alert
Description
This command sets a value in watts for the Power Safety Alert. The Power Safety Alert minor alarm is generated when the system power capacity drops below the Power Safety Level (in watts) plus the Power Safety Alert. This is a critical level, which when breached the system starts shutting down IO cards based on card priority.
Parameters
- wattage
-
Specifies the number of watts for the power safety alert level.
Platforms
7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS
power-safety-level
power-safety-level
Syntax
power-safety-level percent
Context
[Tree] (config>system>pwr-mgmt power-safety-level)
Full Context
configure system power-management power-safety-level
Description
This command sets the Power Safety Level, which is a percentage of the calculated worst case power draw value. Once a Power Safety Level is configured by the operator, both the Basic and Advanced modes use the Power Safety Level as a reference for calculating the power redundancy using N+1 algorithm during startup and recovery from power depression.
Default
power-safety-level 100
Parameters
- percent
-
Specifies the Power Safety Level as a percentage of the calculated worst case power draw value.
Platforms
7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS
power-save
power-save
Syntax
[no] power-save
Context
[Tree] (config>card power-save)
Full Context
configure card power-save
Description
This command enables power-save mode on a specific card when it is not in use. Power-save mode allows a card to be installed and configured in a platform for future use, while having minimal impact on the overall power consumption. The card placed in power-save mode is forced into an idle state to consume minimal power. This command resets the card and then disallows the download of a software image when the card comes back up. To enable power-save mode, the desired card must first be shut down, then placed into power-save mode. In this mode, the card is not counted in the intelligent power management budget. Cards set to power-save mode do not pass traffic.
The no form of this command removes the card from power-save mode.
Default
no power-save
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a8, 7750 SR-2e, 7750 SR-3e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS
power-supply
power-supply
Syntax
power-supply power-supply-id type
Context
[Tree] (config>system power-supply)
Full Context
configure system power-supply
Description
This command configures information about the type of power supply used for each power feed connection on the router chassis. The information is used to populate queries made using the show>chassis detail and show>chassis power-supply commands.
Parameters
- power-supply-id
-
Specifies the power feed connection.
- type
-
Specifies the type of power source that is connected to the power feed connection.
Platforms
7450 ESS, 7750 SR-7/12
ppid
ppid
Syntax
ppid
Context
[Tree] (config>app-assure>group>statistics>tca>sctp-filter ppid)
Full Context
configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid
Description
This command configures a TCA for the counter capturing PPID hits for the specified SCTP filter.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
ppid
Syntax
ppid
Context
[Tree] (config>app-assure>group>sctp-filter ppid)
Full Context
configure application-assurance group sctp-filter ppid
Description
Commands in this context configure actions for specific or default Payload Protocol Identifiers (PPIDs).
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
ppid-range
ppid-range
Syntax
ppid-range direction direction [create]
no ppid-range direction direction
Context
[Tree] (config>app-assure>group>statistics>tca>sctp-filter ppid-range)
Full Context
configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid-range
Description
This command configures a TCA for the counter capturing hits for the specified SCTP filter PPID range command. An PPIPD range TCA can be created for traffic generated from the subscriber side of AA ( from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
ppid-range
Syntax
ppid-range min min-ppid max max-ppid
no ppid-range
Context
[Tree] (config>app-assure>group>sctp-filter ppid-range)
Full Context
configure application-assurance group sctp-filter ppid-range
Description
This command specifies the range of PPID values that are allowed by AA SCTP filter firewall.
The no form of this command removes this PPID range.
Default
no ppid-range
Parameters
- min-ppid
-
Specifies the minimum SCTP Payload Protocol Identifier (PPID) to be permitted by the SCTP filter. The value must be less than or equal to the max max-ppid value.
- max-ppid
-
Specifies the minimum SCTP Payload Protocol Identifier (PPID) to be permitted by the SCTP filter. The value must be greater or equal to the min min-ppid value.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
ppp
ppp
Syntax
ppp
Context
[Tree] (config>subscr-mgmt>loc-user-db ppp)
Full Context
configure subscriber-mgmt local-user-db ppp
Description
Commands in this context configure PPP host parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
ppp
Context
[Tree] (config>service>vprn>l2tp>group>tunnel ppp)
[Tree] (config>service>vprn>l2tp>group ppp)
[Tree] (config>router>l2tp>group ppp)
[Tree] (config>router>l2tp>group>tunnel ppp)
Full Context
configure service vprn l2tp group tunnel ppp
configure service vprn l2tp group ppp
configure router l2tp group ppp
configure router l2tp group tunnel ppp
Description
This command configures PPP for the L2TP tunnel group.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
[no] ppp [lcp] [pap] [ chap] [ipcp] [ ipv6cp] [other]
Context
[Tree] (debug>router>l2tp>packet ppp)
[Tree] (debug>router>l2tp>assignment-id>packet ppp)
[Tree] (debug>router>l2tp>peer>packet ppp)
[Tree] (debug>router>l2tp>group>packet ppp)
Full Context
debug router l2tp packet ppp
debug router l2tp assignment-id packet ppp
debug router l2tp peer packet ppp
debug router l2tp group packet ppp
Description
This command selects protocol for PPP packet debugging.
The no form of this command disables the protocols selection for PPP packet debugging.
Parameters
- lcp
-
Specifies the LCP protocol.
- pap
-
Specifies the PAP protocol.
- chap
-
Specifies the CHAP protocol.
- ipcp
-
Specifies the IPCP protocol.
- ipv6cp
-
Specifies the IPv6CP protocol.
- other
-
Specifies any other protocol.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
[no] ppp
Context
[Tree] (debug>service>id ppp)
Full Context
debug service id ppp
Description
This command enables and configures PPP debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
ppp [terminate-only]
no ppp
Context
[Tree] (debug>service>id>ppp>event ppp)
Full Context
debug service id ppp event ppp
Description
This command enables debugging for PPP events.
Parameters
- terminate-only
-
Enables debugging for terminate-only PPP events.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
ppp [lcp] [pap] [chap] [ ipcp]
no ppp
Context
[Tree] (debug>service>id>ppp>packet ppp)
Full Context
debug service id ppp packet ppp
Description
This command enables debugging for specific PPP packets
Parameters
- lcp
-
Enables debugging for LCP packets.
- pap
-
Enables debugging for PAP packets.
- chap
-
Enables debugging for CHAP packets.
- ipcp
-
Enables debugging for IPCP packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
ppp
Context
[Tree] (debug>call-trace ppp)
Full Context
debug call-trace ppp
Description
Commands in this context set up call trace debugging for Point-to-Point Protocol sessions.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp
Syntax
ppp [lcp] [pap] [ chap] [ipcp] [ipv6cp] [ipv6]
Context
[Tree] (debug>subscr-mgmt>vrgw>brg>pppoe-client>brg-id ppp)
Full Context
debug subscriber-mgmt vrgw brg pppoe-client brg-id ppp
Description
This command specifies which messages in PPP setup are tracked by debugging. If no messages are specified, they are all tracked. LCP Echo Request and Echo Response are never shown during debugging.
Parameters
- lcp
-
Tracks lcp messages during debugging.
- pap
-
Tracks pap messages during debugging.
- chap
-
Tracks chap messages during debugging.
- ipcp
-
Tracks ipcp messages during debugging.
- ipv6cp
-
Tracks ipv6cp messages during debugging.
- ipv6
-
Tracks ipv6 messages during debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-authentication
ppp-authentication
Syntax
ppp-authentication {pap | chap | pref-chap | pref-pap}
no ppp-authentication
Context
[Tree] (config>subscr-mgmt>ppp-policy ppp-authentication)
Full Context
configure subscriber-mgmt ppp-policy ppp-authentication
Description
This command configures the PPP protocol used to authenticate the PPP session.
Default
ppp-authentication pref-chap
Parameters
- pap
-
Specifies to always use PAP to authenticate the sessions.
- chap
-
Specifies to always use CHAP to authenticate the sessions.
- pref-chap
-
Specifies to attempt to use CHAP and if it fails, use PAP.
- pref-pap
-
Specifies to attempt to use PAP and if it fails, use CHAP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-chap-challenge-length
ppp-chap-challenge-length
Syntax
ppp-chap-challenge-length min minimum-length max maximum-length
no ppp-chap-challenge-length
Context
[Tree] (config>subscr-mgmt>ppp-policy ppp-chap-challenge-length)
Full Context
configure subscriber-mgmt ppp-policy ppp-chap-challenge-length
Description
This command configures the minimum and maximum length of a PPP Chap Challenge.
When the Chap Challenge is exactly 16 bytes, it is send in the [60] CHAP-Challenge RADIUS attribute and copied in the RADIUS Authenticator field from the RADIUS Access Request.
Default
ppp-chap-challenge-length min 32 max 64
Parameters
- min minimum-length
-
Specifies the minimum PPP CHAP challenge length.
- max maximum-length
-
Specifies the maximum PPP CHAP challenge length.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-initial-delay
ppp-initial-delay
Syntax
[no] ppp-initial-delay
Context
[Tree] (config>subscr-mgmt>ppp-policy ppp-initial-delay)
Full Context
configure subscriber-mgmt ppp-policy ppp-initial-delay
Description
This command delays the sending of an LCP-configure request after the discovery phase by 40 – 60 milliseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-mtu
ppp-mtu
Syntax
ppp-mtu mtu-bytes
no ppp-mtu
Context
[Tree] (config>subscr-mgmt>ppp-policy ppp-mtu)
Full Context
configure subscriber-mgmt ppp-policy ppp-mtu
Description
This command configures the maximum PPP MTU size.
Parameters
- mtu-bytes
-
Specifies the maximum PPP MTU size.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-options
ppp-options
Syntax
ppp-options
Context
[Tree] (config>subscr-mgmt>ppp-policy ppp-options)
Full Context
configure subscriber-mgmt ppp-policy ppp-options
Description
Commands in this context configure PPP options.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-policy
ppp-policy
Syntax
ppp-policy ppp-policy-name [create]
no ppp-policy ppp-policy-name
Context
[Tree] (config>subscr-mgmt ppp-policy)
Full Context
configure subscriber-mgmt ppp-policy
Description
This command configures a PPP policy. These policies are referenced from interfaces configured for PPP. Multiple PPP policies may be configured.
The default policy cannot be modified or deleted.
Default
ppp-policy default
Parameters
- ppp-policy-name
-
Specifies the PPP policy name, up to 32 characters.
- create
-
Keyword used to create the entity. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-policy-parameters
ppp-policy-parameters
Syntax
ppp-policy-parameters
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ppp-policy-parameters)
Full Context
configure subscriber-mgmt local-user-db ppp host ppp-policy-parameters
Description
This command enables the context to configure PPP policy parameters to override the values from the host associated with the PPP policy.
The PPP host uses the values configured in the PPP policy under the group interface. It is possible to use this command to override the values from the host associated with the PPP policy. Matching a pattern on the subscriber MAC address to limit the number of sessions per MAC address is possible.
When a value is configured, the system overrides that particular PPP policy parameter. The absence of specific parameters means no overriding is performed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-sub-id-key
ppp-sub-id-key
Syntax
ppp-sub-id-key sub-id-key [sub-id-key]
no ppp-sub-id-key
Context
[Tree] (config>subscr-mgmt>auto-sub-id-key ppp-sub-id-key)
Full Context
configure subscriber-mgmt auto-sub-id-key ppp-sub-id-key
Description
This command enables certain fields to become the base for auto-generation of default sub-id name. The sub-id name is auto-generated if there is not a more specific method available. Examples of these specific methods would be a default sub-id name as a sap-id, a preconfigured static string or explicit mappings based on RADIUS/LUDB returned strings.
In case that a more specific sub-id name generation method is not available and the auto-id keyword is defined under the def-sub-id hierarchy, the sub-id name is generated by concatenating fields defined in this command separated by a "|” character.
The maximum length of the auto-generated sub-id name is 64 characters while the concatenation of subscriber identification fields can exceed 64 characters. Subscriber host instantiation fails if the sub-id name is based on subscriber identification fields whose concatenated length exceeds 64 characters. Failing the host creation rather than truncating the sub-id name on a 64 character boundary prevents collision of sub-ids (subscriber name duplication).
In case that a more specific sub-id name generation method is not available and the auto-id keyword is not defined under the def-sub-id hierarchy, the sub-id name is a random 10 character encoded string based on the fields defined under this command.
There is only one set of identification fields allowed per host type (IPoE or PPP) per chassis.
The no form of this command reverts to the default.
Default
ppp-sub-id-key mac sap-id session-id
Parameters
- sub-id-key
-
Specifies the auto-generated sub-id keys for PPP hosts.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ppp-user-db
ppp-user-db
Syntax
ppp-user-db local-user-db-name
no ppp-user-db
Context
[Tree] (config>service>vpls ppp-user-db)
Full Context
configure service vpls ppp-user-db
Description
This command enabled access to LUDB for PPPoE and PPPoEoA v4and v6 hosts under the capture SAP. The name of this local user database must match the name of local user database configured under the config>service>vprn/ies>sub-if>grp-if>pppoe hierarchy.
The no form of this command reverts to the default.
Parameters
- local-user-db
-
Specifies the name of the local-user-database, up to 256 characters.
Platforms
All
ppp-user-name
ppp-user-name
Syntax
ppp-user-name append domain-name
ppp-user-name default-domain domain-name
ppp-user-name replace domain-name
ppp-user-name strip
no ppp-user-name
Context
[Tree] (config>subscr-mgmt>auth-plcy ppp-user-name)
Full Context
configure subscriber-mgmt authentication-policy ppp-user-name
Description
This command specifies the domain name manipulation action to perform on the PAP/CHAP user name prior to authentication.
The no form of this command reverts to the default.
Default
The PAP/CHAP user name is not changed.
Parameters
- append domain-name
-
Appends an "@” delimiter followed by the specified domain-name to the PAP/CHAP user name, independent if a domain name is already present.
- default-domain domain-name
-
Appends an "@” delimiter followed by the specified domain-name to the PAP/CHAP user name only if a domain name is not already present.
- replace domain-name
-
Replaces the string after the "@” delimiter in the PAP/CHAP user name with the specified domain-name.
- strip
-
Removes the "@” delimiter and all subsequent characters from the PAP/CHAP user name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe
pppoe
Syntax
[no] pppoe
Context
[Tree] (config>service>vprn>sub-if>grp-if pppoe)
[Tree] (config>service>ies>sub-if>grp-if pppoe)
Full Context
configure service vprn subscriber-interface group-interface pppoe
configure service ies subscriber-interface group-interface pppoe
Description
Commands in this context configure PPPoE parameters.
The no form of this command reverts all PPPoE parameters from the PPPoE context to their defaults.
Default
pppoe
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe
Syntax
pppoe type direction {ingress | egress} script name
no pppoe type direction {ingress | egress}
Context
[Tree] (config>python>py-policy pppoe)
Full Context
configure python python-policy pppoe
Description
This command specifies the python-script for the specified PPPoE message type in the specified direction. Multiple pppoe command configuration are allowed in the same Python policy.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the message type.
- direction {ingress | egress}
-
Specifies whether the event is incoming or outgoing. The system only invokes the configured script for the specified packet type in the specified direction.
- script
-
Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.
Platforms
All
pppoe
Syntax
pppoe service-id
no pppoe
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>fwd-wholesale pppoe)
[Tree] (config>service>vprn>if>sap>fwd-wholesale pppoe)
Full Context
configure service vprn subscriber-interface group-interface sap fwd-wholesale pppoe
configure service vprn interface sap fwd-wholesale pppoe
Description
This command specifies that PPPoE packets on ingress on Ethertypes 0x8863 and 0x8864 are redirected to the specified service. The service referred to by svc-id must be an Epipe service. Redirection to VC-switching Epipe services is not supported.
The no form of this command removes the redirect.
Parameters
- service-id
-
Specifies the service ID of the Epipe to which packets are redirected.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe
Syntax
pppoe service-id
no pppoe
Context
[Tree] (config>service>ies>if>sap>fwd-wholesale pppoe)
[Tree] (config>service>ies>sub-if>grp-if>sap>fwd-wholesale pppoe)
Full Context
configure service ies interface sap fwd-wholesale pppoe
configure service ies subscriber-interface group-interface sap fwd-wholesale pppoe
Description
This command specifies that PPPoE packets on ingress on Ethertypes 0x8863 and 0x8864 will be redirected to the specified service. The service referred to by svc-id must be an Epipe service. Redirection to VC-switching Epipe services is not supported.
The no form of this command removes the redirect.
Parameters
- service-id
-
Specifies the service ID of the Epipe to which packets are redirected.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe
Syntax
pppoe origin
Context
[Tree] (config>li>x-interfaces>correlation-id pppoe)
Full Context
configure li x-interfaces correlation-id pppoe
Description
This command specifies the type of RADIUS accounting session ID to use for PPPoE subscriber correlation.
Default
host
Parameters
- origin
-
Specifies the correlation identifiers origin for PPPoE.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pppoe-access-method
pppoe-access-method
Syntax
pppoe-access-method {none | padi | pap-chap}
no pppoe-access-method
Context
[Tree] (config>subscr-mgmt>auth-plcy pppoe-access-method)
Full Context
configure subscriber-mgmt authentication-policy pppoe-access-method
Description
This command indicates the authentication method used towards the RADIUS server in case the policy is used for PPPoE.
The no form of this command reverts to the default.
Parameters
- none
-
Indicates that the client is authenticated by the local user database defined under the group interface and not through RADIUS.
- padi
-
Indicates that the client is authenticated by RADIUS as soon as the PADI packet comes in (there is no PPP authentication done in the session in this case).
- pap-chap
-
Indicates that the RADIUS authentication of the client is delayed until the authentication protocol phase in the PPP session (PAP or CHAP) and authentication is performed with the user name and PAP password / CHAP response supplied by the client.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-client
pppoe-client
Syntax
pppoe-client
Context
[Tree] (debug>subscr-mgmt>vrgw>brg pppoe-client)
Full Context
debug subscriber-mgmt vrgw brg pppoe-client
Description
Commands in this context debug pppoe-client information.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-client-policy
pppoe-client-policy
Syntax
pppoe-client-policy pppoe-client-policy-name [create]
no pppoe-client-policy pppoe-client-policy-name
Context
[Tree] (config>subscr-mgmt pppoe-client-policy)
Full Context
configure subscriber-mgmt pppoe-client-policy
Description
This command provisions a policy containing a set of parameters to be used to configure a PPPoE client.
The no form of this command removes the policy from the system. The policy can only be removed when it is not in use.
Parameters
- pppoe-client-policy-name
-
Specifies a unique name for the policy.
- create
-
Mandatory keyword when creating a new policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-lac
pppoe-lac
Syntax
pppoe-lac max-nr-of-sessions
no pppoe-lac
Context
[Tree] (config>subscr-mgmt>sub-profile>session-limits pppoe-lac)
[Tree] (config>subscr-mgmt>sla-profile>session-limits pppoe-lac)
Full Context
configure subscriber-mgmt sub-profile session-limits pppoe-lac
configure subscriber-mgmt sla-profile session-limits pppoe-lac
Description
This command configures the maximum number of PPPoE L2TP LAC sessions per SLA profile instance or per subscriber.
The no form of this command removes the maximum number of PPPoE L2TP LAC sessions limit.
Parameters
- max-nr-of-sessions
-
Specifies the maximum number of PPPoE L2TP LAC sessions.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-local
pppoe-local
Syntax
pppoe-local max-nr-of-sessions
no pppoe-local
Context
[Tree] (config>subscr-mgmt>sla-profile>session-limits pppoe-local)
[Tree] (config>subscr-mgmt>sub-profile>session-limits pppoe-local)
Full Context
configure subscriber-mgmt sla-profile session-limits pppoe-local
configure subscriber-mgmt sub-profile session-limits pppoe-local
Description
This command configures the maximum number of PPPoE local-terminated sessions (PTA) per SLA profile instance or per subscriber.
The no form of this command removes maximum number of PPPoE local-terminated sessions (PTA) limit.
Parameters
- max-nr-of-sessions
-
Specifies the maximum number of PPPoE local-terminated sessions (PTA).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-overall
pppoe-overall
Syntax
pppoe-overall max-nr-of-sessions
no pppoe-overall
Context
[Tree] (config>subscr-mgmt>sla-profile>session-limits pppoe-overall)
[Tree] (config>subscr-mgmt>sub-profile>session-limits pppoe-overall)
Full Context
configure subscriber-mgmt sla-profile session-limits pppoe-overall
configure subscriber-mgmt sub-profile session-limits pppoe-overall
Description
This command configures the maximum number of PPPoE sessions per SLA profile instance or per subscriber.
The no form of this command removes the maximum number of PPPoE sessions limit.
Parameters
- max-nr-of-sessions
-
Specifies the maximum number of PPPoE sessions.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-policy
pppoe-policy
Syntax
pppoe-policy pppoe-policy-name
no pppoe-policy
Context
[Tree] (config>service>vpls>sap pppoe-policy)
Full Context
configure service vpls sap pppoe-policy
Description
This command references a pppoe-policy that defines session parameters (ppp-mtu, authentication options, and so on) during the session initiation phase. Normally, the PPPoE policy is referenced under the group-interface hierarchy. But with capture SAP is it not known at the session initiation phase to which group-interface the session belongs. This is why, with the capture SAP, the ppp-policy must be referenced directly under the capture SAP. The pppoe-policy referenced under the group-interface must be the same as the pppoe-policy referenced under the capture SAP. Otherwise the session will not come up.
The no form of this command reverts to the default.
Parameters
- pppoe-policy-name
-
Specifies the pppoe-policy name up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-python-policy
pppoe-python-policy
Syntax
pppoe-python-policy policy-name
no pppoe-python-policy
Context
[Tree] (config>service>vpls>sap pppoe-python-policy)
Full Context
configure service vpls sap pppoe-python-policy
Description
This command specified the Python policy for PPPoE packets sent/received on the capture SAP.
The no form of this command removes the policy name from the configuration.
Parameters
- policy-name
-
Specifies an existing Python policy name, up to 32 characters.
Platforms
All
pppoe-service-name
pppoe-service-name
Syntax
[no] pppoe-service-name
Context
[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute pppoe-service-name)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute pppoe-service-name
Description
This command enables the generation of the pppoe-service-name RADIUS attribute.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-trace
pppoe-trace
Syntax
pppoe-trace [sap sap-id] [ mac ieee-address] circuit-id circuit-id [remote-id remote-id] [username user-name] [profile trace-profile-name] [trace-existing-sessions] [ max-jobs num] [name trace-name]
pppoe-trace [sap sap-id] mac ieee-address [circuit-id circuit-id] [remote-id remote-id] [username user-name] [profile trace-profile-name] [ trace-existing-sessions] [max-jobs num] [name trace-name]
pppoe-trace sap sap-id [mac ieee-address] [ circuit-id circuit-id] [remote-id remote-id] [username user-name] [profile trace-profile-name] [trace-existing-sessions] [max-jobs num] [name trace-name]
pppoe-trace [sap sap-id] [mac ieee-address] [circuit-id circuit-id] remote-id remote-id [username user-name] [ profile trace-profile-name] [trace-existing-sessions] [max-jobs num] [name trace-name]
pppoe-trace [sap sap-id] [ mac ieee-address] [circuit-id circuit-id] [remote-id remote-id] username user-name [profile trace-profile-name] [trace-existing-sessions] [max-jobs num] [name trace-name]
no pppoe-trace name trace-name
no pppoe-trace [sap sap-id] [ mac ieee-address] [circuit-id circuit-id] [remote-id remote-id] [username user-name]
Context
[Tree] (debug>call-trace>ppp pppoe-trace)
Full Context
debug call-trace ppp pppoe-trace
Description
This command enables tracing locally terminated or LAC PPPoE sessions specified by the configured parameters. At least one filter rule must be provisioned. This command can trace a single session or multiple sessions, and can use wildcard characters.
This command can be executed multiple times to start multiple traces. When rules overlap, such as for a wildcard SAP and a specific SAP, the rule that a specific trace is associated with cannot be guaranteed.
The no form of this command prevents new traces from being configured and terminates all trace jobs that were previously started using the trace command.
Parameters
- circuit-id
-
Specifies a circuit ID, up to 255 characters, that is used to filter sessions to trace.
- ieee-address
-
Specifies a MAC address that is used to identify a session to trace, in the format "ab:cd:ef:01:23:45”. A wildcard character can be used to match all remaining octets; for example, the format "ab:cd:ef:*” can be used to filter by OUI.
- user-name
-
Specifies a username, up to 32 characters, that is used to filter sessions to trace. A wildcard character (*) can be used at the beginning and at the end of the filter.
- num
-
Specifies the maximum number of jobs that may be started with this rule.
- remote-id
-
Specifies a remote ID, up to 255 characters, that is used to filter sessions to trace.
- sap-id
-
Specifies a SAP to trace. The following formats are accepted:
-
port/lag/pw-port:svlan.cvlan
-
port/lag/pw-port:vlan
-
port/lag/pw-port
-
port/lag/pw-port:vlan.*
-
port/lag/pw-port:* (also matches *.*)
-
- trace-existing-sessions
-
Specifies that existing PPPoE sessions are traced. If this parameter is not included, only new PPPoE sessions are traced.
- trace-name
-
Specifies the name, up to 32 characters, by which the trace is referenced.
- trace-profile-name
-
Specifies the name of the trace profile to be applied, up to 32 characters. The default parameters are used if a trace profile is not specified.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pppoe-user-db
pppoe-user-db
Syntax
pppoe-user-db local-user-db-name
no pppoe-user-db
Context
[Tree] (config>service>vpls pppoe-user-db)
Full Context
configure service vpls pppoe-user-db
Description
This command enabled access to LUDB for PPPoE and PPPoEoA v4and v6 hosts under the capture SAP. The name of this LUDB must match the name of the LUDB configured under the config>service>vprn/ies>sub-if>grp-if>pppoe hierarchy.
The no form of this command reverts to the default.
Parameters
- local-user-db
-
Specifies the name of the local user database, up to 256 characters.
Platforms
All
pppoe-user-db
Syntax
pppoe-user-db ludb-name
no pppoe-user-db
Context
[Tree] (config>service>vpls>sap pppoe-user-db)
Full Context
configure service vpls sap pppoe-user-db
Description
This command enables LUDB authentication on capture SAPs for PPPoE(oA) clients. If this command is configured along with the authentication-policy command (RADIUS authentication), then the authentication-policy command takes precedence.
The no form of this command reverts to the default.
Parameters
- ludb-name
-
Specifies the name of the local user database up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pptp
pptp
Syntax
[no] pptp
Context
[Tree] (config>service>nat>nat-policy>alg pptp)
[Tree] (config>service>nat>up-nat-policy>alg pptp)
Full Context
configure service nat nat-policy alg pptp
configure service nat up-nat-policy alg pptp
Description
This command enables PPTP ALG.
The call-id is captured in the outgoing call management messages and along with the source IP address and the source TCP, is translated by NAT. Once the PPTP call is established, the call-id in the associated GRE packet in the incoming direction (from outside to inside) is correspondingly translated so that it matches the call-id mapping established during the call establishment phase. The call IDs used in the mappings are selected randomly and they try to honor parity (odds/even).
A PPTP session can be initiated only from the inside of NAT.
GRE traffic is allowed through NAT only if the corresponding mapping exists. This mapping is created during the call negotiation phase.
There can be seven calls (GRE tunnels) per control session.
Default
no pptp
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pre-auth-policy
pre-auth-policy
Syntax
pre-auth-policy policy-name
no pre-auth-policy
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host pre-auth-policy)
Full Context
configure subscriber-mgmt local-user-db ppp host pre-auth-policy
Description
This command configures the RADIUS pre-authentication policy to use to authenticate the PPP host.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies the pre-authentication policy of the host, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pre-login-message
pre-login-message
Syntax
pre-login-message login-text-string [name]
no pre-login-message
Context
[Tree] (config>system>login-control pre-login-message)
Full Context
configure system login-control pre-login-message
Description
This command configures a message to display before logging in to the router using Telnet, SSH, or the console port.
Only one message can be configured. If a new pre-login message is configured, the new message overwrites the previous message.
The no form of this command removes the pre-login message.
Default
no pre-login-message
Parameters
- login-text-string
-
Specifies the pre-login message text, up to 900 characters. Any printable, 7-bit ASCII characters can be used. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Some special characters can be used to format the message text. Use the newline (\n) character to create multiline messages. A newline (\n) character in the message moves to the beginning of the next line by sending ASCII/UTF-8 characters 0xA (LF) and 0xD (CR) to the client terminal. A carriage return (\r) character in the message sends the ASCII/UTF-8 character 0xD (CR) to the client terminal.
- name
-
Displays the configured system name before the pre-login message. To remove the system name from the pre-login message, remove the current message and configure a new message without using the name parameter.
Platforms
All
pre-shared-key
pre-shared-key
Syntax
pre-shared-key pre-shared-key-index [encryption-type encryption-type] [create]
no pre-shared-key pre-shared-key-index
Context
[Tree] (config>macsec>conn-assoc>static-cak pre-shared-key)
Full Context
configure macsec connectivity-association static-cak pre-shared-key
Description
This command specifies the pre-shared key used to enable MACsec using static connectivity association key (CAK) security mode. This command also specifies the encryption algorithm used for encrypting the SAK.
A pre-shared key includes a connectivity association key name (CKN) and a connectivity association key (CAK). The pre-shared key-the CKN and CAK-must match on both ends of a link.
A pre-shared key is configured on both devices at each end of point-to-point link to enable MACsec using static CAK security mode. The MACsec Key Agreement (MKA) protocol is enabled after the successful MKA liveliness negotiation.
The encryption-type is used for encrypting the SAK and authenticating the MKA packet. The symmetric encryption key SAK (Security Association Key) needs to be encrypted (wrapped) via the MKA protocols. The AES key is derived via pre-shared-key.
The no form of this command removes the index.
Parameters
- pre-shared-key-index
-
Specifies the index of this pre-shared-key.
- encryption-type
-
Specifies the type of encryption.
- create
-
Mandatory to create an entry.
Platforms
All
pre-shared-key
Syntax
pre-shared-key key [hash | hash2 | custom]
no pre-shared-key
Context
[Tree] (config>ipsec>client-db>client>credential pre-shared-key)
Full Context
configure ipsec client-db client credential pre-shared-key
Description
This command specifies a pre-shared key used to authenticate peers.
The no form of this command reverts to the default.
Default
no pre-shared-key
Parameters
- key
-
An ASCII string to use as the pre-shared key for dynamic keying. When the hash or hash2 parameters are not used, the key is a clear text key; otherwise, the key text is encrypted.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
pre-shared-key
Syntax
pre-shared-key key [hash | hash2 | custom]
no pre-shared-key
Context
[Tree] (config>service>ies>if>sap>ipsec-gw pre-shared-key)
[Tree] (config>service>vprn>if>sap>ipsec-tunnel>dynamic-keying pre-shared-key)
[Tree] (config>ipsec>trans-mode-prof>dyn pre-shared-key)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn pre-shared-key)
[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn pre-shared-key)
[Tree] (config>service>vprn>if>sap>ipsec-gw pre-shared-key)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn pre-shared-key)
Full Context
configure service ies interface sap ipsec-gw pre-shared-key
configure service vprn interface sap ipsec-tunnel dynamic-keying pre-shared-key
configure ipsec ipsec-transport-mode-profile dynamic-keying pre-shared-key
configure service vprn interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
configure router interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
configure service vprn interface sap ipsec-gw pre-shared-key
configure service ies interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
Description
This command configures the pre-shared key for authentication.
The no form of this command reverts to the default.
Default
no pre-shared-key
Parameters
- key
-
Specifies an ASCII string to use as the pre-shared key for dynamic keying. When the hash or hash2 parameters are not used, the key is a clear text key; otherwise, the key text is encrypted.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ipsec-tunnel dynamic-keying pre-shared-key
- configure service vprn interface sap ipsec-gw pre-shared-key
- configure ipsec ipsec-transport-mode-profile dynamic-keying pre-shared-key
- configure service ies interface sap ipsec-gw pre-shared-key
VSR
- configure router interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
- configure service vprn interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
- configure service ies interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
pre-update-time
pre-update-time
Syntax
pre-update-time [days days] [ hrs hours] [min minutes] [sec seconds]
Context
[Tree] (config>system>security>pki>ca-prof>auto-crl-update pre-update-time)
Full Context
configure system security pki ca-profile auto-crl-update pre-update-time
Description
This command specifies the pre-download time for next-update-based update.
Default
pre-update-time hrs 1
Parameters
- days
-
Specifies the time period, in days, prior to the next update time of the current CRL.
- hours
-
Specifies the time period, in hours, prior to the next update time of the current CRL.
- minutes
-
Specifies the time period, in minutes, prior to the next update time of the current CRL.
- seconds
-
Specifies the time period, in seconds, prior to the next update time of the current CRL.
Platforms
All
prec
prec
Syntax
prec ip-prec-value [fc fc-name] [priority {high | low}]
no prec ip-prec-value
Context
[Tree] (config>qos>sap-ingress prec)
Full Context
configure qos sap-ingress prec
Description
This command explicitly sets the forwarding class or enqueuing priority when a packet is marked with an IP precedence value ( ip-prec-value). Adding an IP precedence rule on the policy forces packets that match the specified ip-prec-value to override the forwarding class and enqueuing priority based on the parameters included in the IP precedence rule.
When the forwarding class is not specified in the rule, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy.
When the enqueuing priority is not specified in the rule, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.
The ip-prec-value is derived from the most significant three bits in the IP header ToS byte field (precedence bits). The three precedence bits define eight Class-of-Service (CoS) values commonly used to map packets to per-hop Quality of Service (QoS) behavior. The precedence bits are also part of the DiffServ Code Point (DSCP) method of mapping packets to QoS behavior. The DSCP uses the most significant six bits in the IP header ToS byte and so overlaps with the precedence bits. Both IP precedence and DSCP classification rules are supported. DSCP rules have a higher match priority than IP precedence rules and where a dscp-name DSCP value overlaps an ip-prec-value, the DSCP rule takes precedence.
The no form of this command removes the explicit IP precedence classification rule from the SAP ingress policy. Removing the rule on the policy immediately removes the rule on all ingress SAPs using the policy.
Parameters
- ip-prec-value
-
The ip-prec-value is a required parameter that specifies the unique IP header ToS byte precedence bits value that will match the IP precedence rule. If the command is executed more than once with the same ip-prec-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.
A maximum of eight IP precedence rules are allowed on a single policy.
The precedence is evaluated from the lowest to highest value.
- fc fc-name
-
The value given for the fc-name parameter must be one of the predefined forwarding classes in the system. Specifying the fc-name is optional. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.
The subclass-name parameter is optional and used with the fc-name parameter to define a pre-existing subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.
- priority
-
The priority parameter overrides the default enqueuing priority for all packets received on an ingress SAP using this policy that match this rule. Specifying the priority is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.
- high
-
This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to high for a packet increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
- low
-
This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to low for a packet decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
Platforms
All
prec
Syntax
prec {ip-prec-value | in-profile ip-prec-value out-profile ip-prec-value [ exceed-profile ip-prec-value]}
no prec
Context
[Tree] (config>qos>sap-egress>fc prec)
Full Context
configure qos sap-egress fc prec
Description
This command defines a value to be used for remarking packets for the specified FC. If the optional in/out/exceed-profile is specified, the command will remark different IP precedence values depending on whether the packet was classified to be in, exceed, or out-of-profile. All inplus-profile traffic is marked with the same value as in-profile traffic.
Parameters
- ip-prec-value
-
This parameter specifies the IP precedence to be used to remark all traffic.
- exceed-profile ip-prec-value
-
This optional parameter specifies the IP precedence to be used to remark traffic that is exceed-profile. If not specified, this defaults to the same value configured for the out-profile parameter.
- in-profile ip-prec-value
-
This parameter specifies the IP precedence to be used to remark traffic that is in-profile.
- out-profile ip-prec-value
-
This parameter specifies the IP precedence to be used to remark traffic that is out-of-profile.
Platforms
All
prec
Syntax
prec ip-prec-value [fc fc-name] [profile {in | out | exceed | inplus}]
no prec ip-prec-value
Context
[Tree] (config>qos>sap-egress prec)
Full Context
configure qos sap-egress prec
Description
This command defines a specific IP precedence value that must be matched to perform the associated reclassification actions. If an egress packet on the SAP matches the specified IP precedence value, the forwarding class, or profile behavior may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions.
The IP precedence bits used to match against precedence reclassification rules come from the Type of Service (ToS) field within the IPv4 header. If the packet does not have an IPv4 header, precedence-based matching is not performed.
The reclassification actions from a precedence reclassification rule may be overridden by a DSCP or IP flow matching event.
The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions. If a DSCP, ipv6-criteria, or ip-criteria match occurs after the IP precedence match, the new forwarding class may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new fc, the fc from the IP precedence match will be used.
The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior. If a DSCP, IPv6 criteria, or IP criteria match occurs after the IP precedence match, the new profile may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new profile, the profile from the IP precedence match will be used.
The no form of this command removes the reclassification rule from the SAP egress QoS policy.
Parameters
- fc fc-name
-
This keyword is optional. When specified, packets matching the IP precedence value will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The explicit forwarding class reclassification may be overwritten by a higher priority DSCP, IPv6 criteria, or IP criteria reclassification match. The FC name defined must be one of the eight forwarding classes supported by the system. To remove the forwarding class reclassification action for the specified precedence value, the prec command must be re-executed without the fc parameter defined.
- profile {in | out | exceed | inplus}
-
This keyword is optional. When specified, packets matching the IP precedence value will be explicitly reclassified to the specified profile regardless of the ingress profiling decision. The explicit profile reclassification may be overwritten by a higher priority DSCP, IPv6 criteria, or IP criteria reclassification match. To remove the profile reclassification action for the specified precedence value, the prec command must be re-executed without the profile parameter defined.
- in
-
Specifies that any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.
- out
-
Specifies that any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.
- exceed
-
Specifies that any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.
- inplus
-
Specifies that any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.
Platforms
All
prec
Syntax
prec ip-prec-value fc fc-name profile {in | out | exceed | inplus}
no prec ip-prec-value
Context
[Tree] (config>qos>network>egress prec)
Full Context
configure qos network egress prec
Description
This command defines a specific IP precedence value that must be matched in order to perform the associated reclassification actions. If an egress packet on an IES/VPRN interface spoke SDP, on a CSC network interface in a VPRN, or network interface that the network QoS policy is applied to, matches the specified IP precedence value, the forwarding class and profile may be overridden.
By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions.
The IP precedence bits used to match against the reclassification rules come from the Type of Service (ToS) field within the IPv4 header or the Traffic Class field from the IPv6 header. If the packet does not have an IP header, IP precedence-based matching is not performed.
The configuration of egress prec classification and the configuration of an egress IP criteria or IPv6 criteria entry statement within a network QoS policy are mutually exclusive.
The IP precedence-based and DSCP-based reclassification are supported on a network interface, on a CSC network interface in a VPRN, and on a PW used in an IES or VPRN spoke interface.
This command will block the application of a network QoS policy with the egress reclassification commands to a spoke SDP part of a Layer 2 service. Conversely, this command will not allow the user to add the egress reclassification commands to a network QoS policy if it is being used by a Layer 2 spoke SDP.
The egress reclassification commands will only take effect if the redirection of the spoke SDP or CSC interface to use an egress port queue-group succeeds. For example, the following commands will succeed:
- config>service>vprn>if>
spoke-sdp>egress>qos network-policy-id port-redirect-group
queue-group-name instance instance-id
- config>service>ies>if>spoke-sdp>
egress>qos network-policy-id port-redirect-group queue-group-name
instance instance-id
- config>service>vprn>nw-if> qos network-policy-id port-redirect-group
queue-group-name instance instance-id
When the redirection command fails in CLI, the PW will use the network QoS policy assigned to the network IP interface; however, any reclassification in the network QoS policy applied to the network interface will be ignored.
The no form of this command removes the egress reclassification rule.
Parameters
- ip-prec-value
-
0 to 7
- fc fc-name
-
be, l2, af, l1, h2, ef, h1, nc
- profile {in | out | exceed | inplus}
-
The profile reclassification action is mandatory. When specified, packets matching the IP precedence value will be explicitly reclassified to the profile specified regardless of the ingress profiling decision. To remove the profile reclassification action for the specified IP precedence value, the no prec command must be executed.
This value may be overwritten by an explicit profile action in an DSCP reclassification match.
in - Specifies that any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.
out - Specifies that any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.
exceed - Specifies that any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.
inplus - Specifies that any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.
Platforms
All
precedence
precedence
Syntax
precedence {primary | secondary}
no precedence
Context
[Tree] (config>eth-tunnel>path precedence)
Full Context
configure eth-tunnel path precedence
Description
This command specifies the precedence to be used for the path. Only two precedence options are supported: primary and secondary.
The no form of this command sets the precedence to the default value.
Default
precedence secondary
Parameters
- primary | secondary
-
Specifies the path precedence as either primary or secondary.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
precedence
Syntax
precedence [precedence-value | primary]
no precedence
Context
[Tree] (config>service>epipe>spoke-sdp precedence)
[Tree] (config>service>cpipe>spoke-sdp precedence)
[Tree] (config>service>ipipe>spoke-sdp precedence)
Full Context
configure service epipe spoke-sdp precedence
configure service cpipe spoke-sdp precedence
configure service ipipe spoke-sdp precedence
Description
This command specifies the precedence of the SDP binding when there are multiple SDP bindings attached to one service endpoint. The value of zero can only be assigned to one SDP bind making it the primary SDP bind. When an SDP binding goes down, the next highest precedence SDP binding will begin to forward traffic.
The no form of this command returns the precedence value to the default.
Default
precedence 4
Parameters
- precedence-value
-
Specifies the spoke SDP precedence.
- primary
-
Assigns primary precedence to the spoke SDP.
Platforms
All
- configure service epipe spoke-sdp precedence
- configure service ipipe spoke-sdp precedence
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe spoke-sdp precedence
precedence
Syntax
precedence prec-value
precedence primary
no precedence
Context
[Tree] (config>service>epipe>spoke-sdp-fec precedence)
Full Context
configure service epipe spoke-sdp-fec precedence
Description
This command specifies the precedence of the SDP binding when there are multiple SDP bindings attached to one service endpoint. The value of zero can only be assigned to one SDP bind making it the primary SDP bind. When an SDP binding goes down, the next highest precedence SDP binding will begin to forward traffic.
The no form of this command returns the precedence value to the default.
Default
precedence 42
Parameters
- prec-value
-
Specifies the spoke SDP precedence.
- primary
-
Assigns primary precedence to this spoke SDP.
Platforms
All
precedence
Syntax
precedence [precedence-value | primary]
no precedence
Context
[Tree] (config>service>vpls>spoke-sdp precedence)
Full Context
configure service vpls spoke-sdp precedence
Description
This command configures the precedence of this SDP bind when there are multiple SDP binds attached to one service endpoint. When an SDP bind goes down, the next highest precedence SDP bind begins forwarding traffic.
Parameters
- precedence-value
-
Specifies the precedence of this SDP bind
- primary
-
Assigns this as the primary spoke-SDP
Platforms
All
precedence
Syntax
precedence {precedence-value | primary}
no precedence
Context
[Tree] (config>mirror>mirror-dest>spoke-sdp precedence)
Full Context
configure mirror mirror-dest spoke-sdp precedence
Description
This command indicates that the SDP is of type secondary with a specific precedence value or of type primary.
The mirror or LI service always uses the primary type as the active pseudowire and only switches to a secondary pseudowire when the primary is down. The mirror service switches the path back to the primary pseudowire when it is back up. The user can configure a timer to delay reverting back to primary or to never revert back.
If the active pseudowire goes down, the mirror service switches the path to a secondary sdp with the lowest precedence value. That is, secondary SDPs which are operationally up are considered in the order of their precedence value, 1 being the lowest value and 4 being the highest value. If the precedence value is the same, then the SDP with the lowest SDP ID is selected.
An explicitly named endpoint can have a maximum of one SAP and one ICB. Once a SAP is added to the endpoint, only one more object of type ICB SDP is allowed. An explicitly named endpoint, which does not have a SAP object, can have a maximum of four SDPs, which can include any of the following: a single primary SDP, one or many secondary SDPs with precedence, and a single ICB SDP.
An SDP is created with type secondary and with the lowest precedence value of 4.
Parameters
- precedence-value
-
Specifies the precedence of the SDP.
- primary
-
Specified that a special value of the precedence which assigns the SDP the lowest precedence and enables the revertive behavior.
Platforms
All
preempt
preempt
Syntax
[no] preempt
Context
[Tree] (config>service>ies>sub-if>grp-if>srrp preempt)
[Tree] (config>service>vprn>sub-if>grp-if>srrp preempt)
Full Context
configure service ies subscriber-interface group-interface srrp preempt
configure service vprn subscriber-interface group-interface srrp preempt
Description
When preempt is enabled, a newly initiated SRRP instance can overrides an existing Master SRRP instance if its priority value is higher than the priority of the current Master.
If preempt is disabled, an SRRP instance only becomes Master if the master down timer expires before an SRRP advertisement message is received from the adjacent SRRP enabled node.
The no form of this command reverts to the default.
Default
preempt
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preempt
Syntax
[no] preempt
Context
[Tree] (config>service>ies>if>ipv6>vrrp preempt)
Full Context
configure service ies interface ipv6 vrrp preempt
Description
The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.
When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.
The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.
The no form of this command disables preempt mode.
Default
preempt
Platforms
All
preempt
Syntax
[no] preempt
Context
[Tree] (config>service>ies>if>vrrp preempt)
Full Context
configure service ies interface vrrp preempt
Description
The preempt command provides the ability of overriding an existing non-owner master to the virtual router instance. Enabling preempt mode is almost required for proper operation of the base-priority and vrrp-policy-id definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.
The preempt command is only available in the non-owner vrrp virtual-router-id nodal context. The owner may not be preempted due to the fact that the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.
Non-owner virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the virtual router instances in-use priority.
A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP Advertisement message Priority field value is one of the following:
-
Greater than the virtual router in-use priority value
-
Equal to the in-use priority value and the source IP address (primary IP address) is greater than the virtual router instance primary IP address
The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable virtual router. Use the preempt command to restore the default mode.
Default
preempt
Platforms
All
preempt
Syntax
[no] preempt
Context
[Tree] (config>service>vprn>if>ipv6>vrrp preempt)
[Tree] (config>service>vprn>if preempt)
Full Context
configure service vprn interface ipv6 vrrp preempt
configure service vprn interface preempt
Description
The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.
When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.
The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.
The default value for preempt mode is enabled.
Default
preempt
Platforms
All
preempt
Syntax
[no] preempt
Context
[Tree] (config>router>if>vrrp preempt)
[Tree] (config>router>if>ipv6>vrrp preempt)
Full Context
configure router interface vrrp preempt
configure router interface ipv6 vrrp preempt
Description
The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.
When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.
The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.
The default value for preempt mode is enabled.
Default
preempt
Platforms
All
preemption-timer
preemption-timer
Syntax
preemption-timer seconds
no preemption-timer
Context
[Tree] (config>router>rsvp preemption-timer)
Full Context
configure router rsvp preemption-timer
Description
This parameter configures the time in seconds a node holds to a reservation for which it triggered the soft preemption procedure.
The preempting node starts a separate preemption timer for each preempted LSP path. While this timer is on, the node should continue to refresh the Path and Resv for the preempted LSP paths. When the preemption timer expires, the node tears down the reservation if the head-end node has not already done so.
A value of zero means the LSP should be preempted immediately; hard preempted.
The no form of this command reverts to the default value.
Default
preemption-timer 300
Parameters
- seconds
-
Specifies the time (in s), of the preemption timer.
Platforms
All
prefer-failure
prefer-failure
Syntax
[no] prefer-failure
Context
[Tree] (config>service>nat>pcp-server-policy>option prefer-failure)
Full Context
configure service nat pcp-server-policy option prefer-failure
Description
This command enables/disables support for the prefer-failure option.
Default
no prefer-failure
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefer-local-time
prefer-local-time
Syntax
[no] prefer-local-time
Context
[Tree] (config>system>time prefer-local-time)
Full Context
configure system time prefer-local-time
Description
This command sets the preference to use local or UTC time in the system. This preference is applied to objects such as log file names, created and completed times reported in log files, NETCONF and gRPC date-and-time leafs, and rollback times displayed in show routines.
The operator may force the timezone used for show outputs during a CLI session using an environment variable in the environment>time-display {utc | local} command.
The preference for CLI output is set with the environment time-display command.
The format used for the date-time strings may change when the prefer-local-time option is enabled. For example, when enabled, all date-time strings include a suffix of three to five characters that indicates the timezone used for the presentation. This suffix may not be present if the option in not enabled.
The time format for timestamps on log events is controlled on a per-log basis using the config> log>log-id>time-format {utc | local} CLI command and not via prefer-local-time.
The no form of this command indicates preference for UTC time.
Default
no prefer-local-time
Platforms
All
prefer-mcast-tunnel-in-tunnel
prefer-mcast-tunnel-in-tunnel
Syntax
[no] prefer-mcast-tunnel-in-tunnel
Context
[Tree] (config>router>ldp prefer-mcast-tunnel-in-tunnel)
Full Context
configure router ldp prefer-mcast-tunnel-in-tunnel
Description
At a downstream router, this command specifies that for upstream FEC resolution a T-LDP session to the upstream peer is preferred over an I-LDP session.
At an upstream router, this command specifies that for downstream FEC resolution a T-LDP session to the downstream peer is preferred over an I-LDP session.
The no form of this command reverts to the default value.
Default
no prefer-mcast-tunnel-in-tunnel
Platforms
All
prefer-protocol-stitching
prefer-protocol-stitching
Syntax
[no] prefer-protocol-stitching
Context
[Tree] (config>router>ldp prefer-protocol-stitching)
Full Context
configure router ldp prefer-protocol-stitching
Description
This command stitches an LDP ILM to an SR NHLFE rather than to an LDP NHLFE when both LDP and SR NHLFEs exist.
The no form of this command stitches an LDP ILM to an LDP NHLFE by preference over an SR NHLFE.
Default
no prefer-protocol-stitching
Platforms
All
prefer-tunnel-in-tunnel
prefer-tunnel-in-tunnel
Syntax
[no] prefer-tunnel-in-tunnel
Context
[Tree] (config>router>ldp prefer-tunnel-in-tunnel)
Full Context
configure router ldp prefer-tunnel-in-tunnel
Description
This command specifies to use tunnel-in-tunnel over a simple LDP tunnel. Specifically, the user packets for LDP FECs learned over this targeted LDP session can be sent inside an RSVP LSP which terminates on the same egress router as the destination of the targeted LDP session. The user can specify an explicit list of RSVP LSP tunnels under the Targeted LDP session or LDP will perform a lookup in the Tunnel Table Manager (TTM) for the best RSVP LSP. In the former case, only the specified LSPs will be considered to tunnel LDP user packets. In the latter case, all LSPs available to the TTM and which terminate on the same egress router as this target ed LDP session will be considered. In both cases, the metric specified under the LSP configuration is used to control this selection.
The lookup in the TTM will prefer a LDP tunnel over an LDP-over-RSVP tunnel if both are available. Also, the tunneling operates on the dataplane only. Control packets of this targeted LDP session are sent over the IGP path.
Platforms
All
preference
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>l2tp>group>tunnel preference)
[Tree] (config>service>vprn>l2tp>group>tunnel preference)
Full Context
configure router l2tp group tunnel preference
configure service vprn l2tp group tunnel preference
Description
This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment.
The no form of this command removes the preference value from the tunnel configuration.
Default
no preference
Parameters
- preference
-
Specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preference
Syntax
preference preference-level
no preference
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle preference)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override preference)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel preference)
Full Context
configure mcast-management multicast-info-policy bundle preference
configure mcast-management multicast-info-policy bundle channel source-override preference
configure mcast-management multicast-info-policy bundle channel preference
Description
This command sets the relative preference level for multicast channels. The preference of a channel specifies its relative importance over other multicast channels. Eight levels of preference are supported; 0 through 7. Preference value 7 indicates the highest preference level.
When the multicast ingress path manager is congested on one or more of the switch fabric multicast paths, it uses the preference values associated with each multicast record to determine which records are allowed on the path and which records be placed in a black-hole state.
The preference value is also compared to the bundles cong-priority-threshold setting to determine the congestion priority of the channel. The result also dictates the channels multicast CAC class level (high or low). When the channels preference value is less than the congestion priority threshold, it is considered to have a congestion priority and CAC class value equal to low. When the channels preference value is equal to or greater than the threshold, it is considered to have a congestion priority and a CAC class value equal to high.
The preference value is also compared to the bundles ecmp-opt-threshold setting to determine whether the channel is eligible for ECMP path dynamic optimization. If the preference value is equal to or less than the threshold, the channel may be optimized. If the preference value is greater than the threshold, the channel will not be dynamically optimized.
The preference command may be executed in three contexts; bundle, channel and source-override. The bundle default preference value is 0. The channel and source-override preference settings are considered overrides to the bundle setting and have a default value of null (undefined).
The no form of this command restores the default preference value (0 or null depending on the context).
Parameters
- preference-level
-
The preference-level parameter is required and defines the preference value of the channel.
Platforms
All
preference
Syntax
[no] preference preference
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy preference)
Full Context
configure subscriber-mgmt bgp-peering-policy preference
Description
This command configures the route preference for routes learned from the configured peer.
The lower the preference the higher the chance of the route being the active route. The OS assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.
The no form of this command used at the global level reverts to default value.
Default
preference 170
Parameters
- preference
-
The route preference, expressed as a decimal integer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preference
Syntax
preference preference
no preference
Context
[Tree] (config>aaa>diam>node>peer preference)
Full Context
configure aaa diameter node peer preference
Description
This command configures the Diameter routing preference for a peer. All open peers are installed in the Diameter realm routing table but only the one with the lowest numerical value for preference is used as next-hop for a given destination realm. If multiple peers with the same preference are configured for the same realm, the peer index with the lowest value is used to break the tie.
The no form of this command reverts to the default.
Default
preference 50
Parameters
- preference
-
Specifies the peer preference.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preference
Syntax
preference preference
no preference
Context
[Tree] (config>aaa>diam>node>peer>route preference)
Full Context
configure aaa diameter node peer route preference
Description
This command configures the preference of the static route. The lower value is preferred during route selection.
The no form of this command reverts to the default.
Default
preference 50
Parameters
- preference
-
Specifies the static route preference.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preference
Syntax
preference preference
no preference
Context
[Tree] (config>subscr-mgmt>sub-prof preference)
Full Context
configure subscriber-mgmt sub-profile preference
Description
This command sets the relative preference value for a subscriber profile. When multiple subscriber hosts/sessions of the same subscriber point to a different subscriber profile, the profile with the highest preference value is used. With equal preference, the subscriber profile of the last instantiated subscriber host/session is used.
Nokia recommends not to configure a subscriber profile preference value unless explicitly required for the targeted design.
The no form of this command reverts to the default value.
Default
preference 5
Parameters
- preference
-
Specifies the preference value. A lower number means a lower preference.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preference
Syntax
preference [create] [non-revertive]
no preference
Context
[Tree] (config>service>system>bgp-evpn>eth-seg>service-carving>manual preference)
Full Context
configure service system bgp-evpn ethernet-segment service-carving manual preference
Description
This command creates the preference context for the Ethernet Segment (ES) and determines whether the DF election for the ES is revertive or not. Creation of the preference context ensures that the PE will run the preference-based DF election algorithm.
Parameters
- create
-
Mandatory keyword required to create the preference context in an ES.
- non-revertive
-
Configures a non-revertive ES, which ensures that when the Ethernet Segment comes back after a failure, it does not take over an existing active DF PE.
Platforms
All
preference
Syntax
[no] preference preference
Context
[Tree] (config>service>vprn>bgp preference)
[Tree] (config>service>vprn>bgp>group preference)
Full Context
configure service vprn bgp preference
configure service vprn bgp group preference
Description
This command configures the route preference for routes learned from the configured peer(s).
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.
The lower the preference the higher the chance of the route being the active route. The OS assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.
The no form of this command, if used at the global level, reverts to default value.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
preference 170
Parameters
- preference
-
Specifies the route preference, expressed as a decimal integer.
Platforms
All
preference
Syntax
preference preference-value
no preference
Context
[Tree] (config>service>vprn>static-route-entry>grt preference)
[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel preference)
[Tree] (config>service>vprn>static-route-entry>black-hole preference)
[Tree] (config>service>vprn>static-route-entry>indirect preference)
[Tree] (config>service>vprn>static-route-entry>next-hop preference)
Full Context
configure service vprn static-route-entry grt preference
configure service vprn static-route-entry ipsec-tunnel preference
configure service vprn static-route-entry black-hole preference
configure service vprn static-route-entry indirect preference
configure service vprn static-route-entry next-hop preference
Description
This command specifies the route preference to be assigned to the associated static route. The lower the preference value the more preferred the route is considered.
Default Route Preference lists the default route preference based on the route source.
Label |
Preference |
Configurable |
---|---|---|
Direct attached |
0 |
No |
Static route |
5 |
Yes |
OSPF Internal routes |
10 |
Yes |
IS-IS level 1 internal |
15 |
Yes |
IS-IS level 2 internal |
18 |
Yes |
RIP |
100 |
Yes |
Aggregate |
130 |
No |
OSPF external |
150 |
Yes |
IS-IS level 1 external |
160 |
Yes |
IS-IS level 2 external |
165 |
Yes |
BGP |
170 |
Yes |
The no form of this command returns the returns the associated static route preference to its default value.
Default
preference 5
Parameters
- preference-value
-
Specifies the route preference value.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>service>vprn>isis>level preference)
Full Context
configure service vprn isis level preference
Description
This command configures the preference level of either IS-IS Level 1 or IS-IS Level 2 internal routes. By default, the preferences are listed in the table below.
A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide to which route will be used.
Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the table below. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision what route to use is determined by the configuration of the ecmp in the config>router context.
Default
Default preferences are listed in Default Preferences.
Route Type |
Preference |
Configurable |
---|---|---|
Direct attached |
0 |
No |
Static route |
5 |
Yes |
MPLS |
7 |
— |
OSPF internal routes |
10 |
No |
IS-IS level 1 internal |
15 |
Yes |
IS-IS level 2 internal |
18 |
Yes |
OSPF external |
150 |
Yes |
IS-IS level 1 external |
160 |
Yes1 |
IS-IS level 2 external |
165 |
Yes1 |
BGP |
170 |
Yes |
Parameters
- preference
-
The preference for external routes at this level expressed as a decimal integer.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>service>vprn>ospf3 preference)
[Tree] (config>service>vprn>ospf preference)
Full Context
configure service vprn ospf3 preference
configure service vprn ospf preference
Description
This command configures the preference for OSPF internal routes.
A route can be learned by the router from different protocols in which case the costs are not comparable, when this occurs the preference is used to decide to which route will be used.
Different protocols should not be configured with the same preference. If the same preference is configured, the tiebreaker is per the default preference table as defined in Default Route Preferences . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.
If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.
The no form of this command reverts to the default value.
Route Type |
Preference |
Configurable |
---|---|---|
Direct attached |
0 |
No |
Static routes |
5 |
Yes |
OSPF internal |
10 |
Yes2 |
IS-IS level 1 internal |
15 |
Yes |
IS-IS level 2 internal |
18 |
Yes |
RIP |
100 |
Yes |
OSPF external |
150 |
Yes |
IS-IS level 1 external |
160 |
Yes |
IS-IS level 2 external |
165 |
Yes |
Default
preference 10 — OSPF internal routes have a preference of 10.
Parameters
- preference
-
The preference for internal routes expressed as a decimal integer. Defaults for different route types are listed in the following table.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>service>vprn>rip>group preference)
[Tree] (config>service>vprn>ripng>group preference)
[Tree] (config>service>vprn>ripng>group>neighbor preference)
[Tree] (config>service>vprn>rip preference)
[Tree] (config>service>vprn>ripng preference)
[Tree] (config>service>vprn>rip>group>neighbor preference)
Full Context
configure service vprn rip group preference
configure service vprn ripng group preference
configure service vprn ripng group neighbor preference
configure service vprn rip preference
configure service vprn ripng preference
configure service vprn rip group neighbor preference
Description
This command sets the route preference assigned to RIP routes. This value can be overridden by route policies.
The no form of this command resets the preference to the default.
Default
no preference
Parameters
- preference
-
Specifies the preference value.
Platforms
All
preference
Syntax
preference preference-value
no preference
Context
[Tree] (config>router>mpls>fwd-policies>fwd-policy preference)
Full Context
configure router mpls forwarding-policies forwarding-policy preference
Description
This command configures the preference of an MPLS forwarding policy.
The no form of this command removes the preference parameter from the MPLS forwarding policy.
Default
preference 255
Parameters
- preference-value
-
Specifies the preference value.
The preference-value parameter allows the user to configure multiple label-binding forwarding policies with the same binding label or multiple endpoint policies with the same endpoint address. This provides the capability to achieve a 1:N backup strategy for the forwarding policy. Only the most preferred, lowest numerically preference value, policy is activated in data path.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path preference)
Full Context
configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path preference
Description
This command sets the candidate path preference for the P2MP SR tree. The candidate path with the highest preference is the active candidate path.
The no form of this command removes the candidate path preference.
Default
no preference
Parameters
- preference
-
Specifies the preference of the candidate path.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>static-route-entry>indirect preference)
[Tree] (config>router>static-route-entry>black-hole preference)
[Tree] (config>router>static-route-entry>next-hop preference)
Full Context
configure router static-route-entry indirect preference
configure router static-route-entry black-hole preference
configure router static-route-entry next-hop preference
Description
This command specifies the route preference to be assigned to the associated static route. The lower the preference value the more preferred the route is considered.
Default Route Preference shows the default route preference based on the route source.
Label |
Preference |
Configurable |
---|---|---|
Direct attached |
0 |
No |
Static route |
5 |
Yes |
OSPF Internal routes |
10 |
Yes |
IS-IS level 1 internal |
15 |
Yes |
IS-IS level 2 internal |
18 |
Yes |
RIP |
100 |
Yes |
Aggregate |
130 |
No |
OSPF external |
150 |
Yes |
IS-IS level 1 external |
160 |
Yes |
IS-IS level 2 external |
165 |
Yes |
BGP |
170 |
Yes |
The no form of this command returns the returns the associated static route preference to its default value.
Default
preference 5
Parameters
- preference
-
Specifies the route preference value.
Platforms
All
preference
Syntax
[no] preference preference
Context
[Tree] (config>router>bgp>group preference)
[Tree] (config>router>bgp preference)
[Tree] (config>router>bgp>group>neighbor preference)
Full Context
configure router bgp group preference
configure router bgp preference
configure router bgp group neighbor preference
Description
This command configures the route preference for routes learned from the configured peers.
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.
The lower the preference the higher the chance of the route being the active route. The router assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.
The no form of this command used at the global level reverts to default value.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
preference 170
Parameters
- preference
-
Specifies the route preference expressed as a decimal integer.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>isis>level preference)
Full Context
configure router isis level preference
Description
This command configures the preference level of either IS-IS Level 1 or IS-IS Level 2 internal routes. By default, the preferences are listed in the table below.
A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide to which route will be used.
Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the following table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision what route to use is determined by the configuration of the ecmp in the config>router context.
Default
preference (Level 1) — 15
preference (Level 2) — 18
Parameters
- preference
-
Specifies the preference for external routes at this level expressed as a decimal integer. The default preferences are listed in Default Internal Route Preferences .
Table 13. Default Internal Route Preferences Route Type
Preference
Configurable
Direct attached
0
—
Static-route
5
Yes
OSPF internal routes
10
—
IS-IS level 1 internal
15
Yes
IS-IS level 2 internal
18
Yes
OSPF external
150
Yes
IS-IS level 1 external
160
Yes3 IS-IS level 2 external
165
Yes3 BGP
170
Yes
1 External preferences are changed using the external-preference command in the config>router>isis>level level-number context.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>ospf3 preference)
[Tree] (config>router>ospf preference)
Full Context
configure router ospf3 preference
configure router ospf preference
Description
This command configures the preference for OSPF internal routes.
A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.
Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in Route Preference Defaults by Route Type . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.
If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.
The no form of this command reverts to the default value.
Default
preference 10
Parameters
- preference
-
Specifies the preference for internal routes expressed as a decimal integer. Defaults for different route types are listed in Route Preference Defaults by Route Type .
Table 14. Route Preference Defaults by Route Type Route Type
Preference
Configurable
Direct attached
0
No
Static routes
5
Yes
OSPF internal
10
Yes4 IS-IS level 1 internal
15
Yes
IS-IS level 2 internal
18
Yes
RIP
100
Yes
OSPF external
150
Yes
IS-IS level 1 external
160
Yes
IS-IS level 2 external
165
Yes
BGP
170
Yes
1 Preference for OSPF internal routes is configured with the preference command.
Platforms
All
preference
Syntax
preference {none | all}
no preference
Context
[Tree] (config>router>ospf>lfa>mhp preference)
[Tree] (config>router>isis>lfa>mhp preference)
Full Context
configure router ospf loopfree-alternates multi-homed-prefix preference
configure router isis loopfree-alternates multi-homed-prefix preference
Description
This command configures the preference for the multihomed prefix LFA backup path. This knob can be enabled at a LFA computing node to force the programming of the multihomed prefix LFA backup path which, in some topologies, can avoid transiting using the best ABR or ASBR.
The no form of this command reverts to the default value.
Default
preference none
Parameters
- none
-
Specifies the preference for an LFA, TI-LFA, or RLFA backup path over the multihomed prefix LFA backup path. The multihomed prefix LFA is only programmed in cases where the prefix is not protected by LFA, RLFA, or TI-LFA.
- all
-
Specifies the forced programming of the multihomed prefix LFA backup path regardless of the outcome of the LFA, TI-LFA, or RLFA backup path computation.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>ripng preference)
[Tree] (config>router>ripng>group>neighbor preference)
[Tree] (config>router>rip>group>neighbor preference)
[Tree] (config>router>rip preference)
[Tree] (config>router>ripng>group preference)
[Tree] (config>router>rip>group preference)
Full Context
configure router ripng preference
configure router ripng group neighbor preference
configure router rip group neighbor preference
configure router rip preference
configure router ripng group preference
configure router rip group preference
Description
This command configures the preference for RIP routes.
A route can be learned by the router from different protocols in which case the costs are not comparable. When this occurs, the preference is used to decide which route will be used.
Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in Route Preference Defaults by Route Type . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.
If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.
The no form of the command reverts to the default value.
Default
preference 100
Parameters
- preference
-
Specifies the preference for RIP routes expressed as a decimal integer. Defaults for different route types are listed in Route Preference Defaults by Route Type .
Table 15. Route Preference Defaults by Route Type Route Type
Preference
Configurable
Direct attached
0
—
Static routes
5
Yes
OSPF internal
10
Yes
IS-IS level 1 internal
15
Yes
IS-IS level 2 internal
18
Yes
RIP
100
Yes
OSPF external
150
Yes
IS-IS level 1 external
160
Yes
IS-IS level 2 external
165
Yes
BGP
170
Yes
Platforms
All
preference
Syntax
preference preference
Context
[Tree] (conf>router>segment-routing>sr-policies>policy preference)
Full Context
configure router segment-routing sr-policies static-policy preference
Description
This command associates a preference value with a statically defined-segment routing policy. This is an optional parameter.
When there are multiple policies for the same (color, endpoint) combination that are targeted for local installation, only one is selected as the active path for the (color, endpoint). In this selection process (which considers both static local policies and BGP signaled policies), the policy with the highest preference value is preferred over all policies with a lower preference value.
The no form of this command reverts to the default value.
Default
preference 100
Parameters
- preference
-
Specifies the preference ID.
Platforms
All
preference
Syntax
preference preference
no preference
Context
[Tree] (config>router>policy-options>policy-statement>name>default-action preference)
[Tree] (config>router>policy-options>policy-statement>entry>action preference)
Full Context
configure router policy-options policy-statement name default-action preference
configure router policy-options policy-statement entry action preference
Description
This command assigns a route preference to routes matching the route policy statement entry.
If no preference is specified, the default Route Table Manager (RTM) preference for the protocol is used.
The no form of this command disables setting an RTM preference in the route policy entry.
This command is supported with the following protocols: RIP import, BGP import, VPRN VRF import ( vrf-import), and VPRN GRT lookup export (export-grt).
Default
no preference
Parameters
- preference
-
Specifies the route preference expressed as a decimal integer.
Platforms
All
preference
Syntax
preference value
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry preference)
[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry preference)
Full Context
configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry preference
configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry preference
Description
This command associates a preference with the provisioned managed route.
Parameters
- value
-
Specifies the preference value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preference-option
preference-option
Syntax
[no] preference-option
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>clnt-mac preference-option)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>clnt-mac preference-option)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel preference-option)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel preference-option)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel preference-option)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>srvr preference-option)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>srvr preference-option)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>clnt-mac preference-option)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>srvr preference-option)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection preference-option
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection preference-option
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection preference-option
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server preference-option
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection server preference-option
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server preference-option
Description
This command enables the DHCPv6 preference option that is inserted in the DHCPv6 advertise message.
The no form of this command removes the preference option.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preferred
preferred
Syntax
[no] preferred
Context
[Tree] (config>isa>nat-group>inter-chassis-redundancy preferred)
Full Context
configure isa nat-group inter-chassis-redundancy preferred
Description
This command sets the preference for activity of a nat-group in stateful inter-chassis redundancy configuration if both nodes have equal health. An example of where this can be useful is in a load balancing environment where the activity of NAT groups can be distributed between the two redundant nodes.
A nat-group with preferred command configured on a node that freshly became part of multi-chassis redundancy, takes over activity from an existing and traffic-serving node with equal health that does not have the preferred command configured. This causes a switchover and a brief interruption in traffic flow.
By default the preferred status is not set for the node.
The no form of this command reverts to the default.
Default
no preferred
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
preferred-lifetime
preferred-lifetime
Syntax
preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
preferred-lifetime infinite
no preferred-lifetime
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ipv6-lease-times preferred-lifetime)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ipv6-lease-times preferred-lifetime)
Full Context
configure subscriber-mgmt local-user-db ppp host ipv6-lease-times preferred-lifetime
configure subscriber-mgmt local-user-db ipoe host ipv6-lease-times preferred-lifetime
Description
This command specifies the preferred lifetime for the lease times. When the preferred lifetime expires, then any derived addresses are deprecated.
The no form of this command reverts to the default.
Parameters
- infinite
-
Specifies that the valid lifetime is infinite.
- preferred-lifetime
-
Specifies the preferred lifetime.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preferred-lifetime
Syntax
preferred-lifetime [days days] [ hrs hours] [min minutes] [sec seconds]
no preferred-lifetime
Context
[Tree] (config>router>dhcp6>server>defaults preferred-lifetime)
[Tree] (config>service>vprn>dhcp6>server>defaults preferred-lifetime)
[Tree] (config>router>dhcp6>server>pool>prefix preferred-lifetime)
[Tree] (config>service>vprn>dhcp6>server>pool>prefix preferred-lifetime)
Full Context
configure router dhcp6 local-dhcp-server defaults preferred-lifetime
configure service vprn dhcp6 local-dhcp-server defaults preferred-lifetime
configure router dhcp6 local-dhcp-server pool prefix preferred-lifetime
configure service vprn dhcp6 local-dhcp-server pool prefix preferred-lifetime
Description
This command configures the preferred lifetime.
The no form of this command reverts to the default value.
Default
preferred-lifetime hrs 1
Parameters
- preferred-lifetime
-
Specifies the preferred time for a prefix.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure router dhcp6 local-dhcp-server defaults preferred-lifetime
- configure service vprn dhcp6 local-dhcp-server defaults preferred-lifetime
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure router dhcp6 local-dhcp-server pool prefix preferred-lifetime
- configure service vprn dhcp6 local-dhcp-server pool prefix preferred-lifetime
preferred-lifetime
Syntax
preferred-lifetime seconds
preferred-lifetime infinite
no preferred-lifetime
Context
[Tree] (config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix preferred-lifetime)
[Tree] (config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix preferred-lifetime)
Full Context
configure service ies interface ipv6 dhcp6-server prefix-delegation prefix preferred-lifetime
configure service vprn interface ipv6 dhcp6-server prefix-delegation prefix preferred-lifetime
Description
This command configures the IPv6 prefix/mask preferred lifetime. The preferred-lifetime value cannot be bigger than the valid-lifetime value.
The no form of this command reverts to the default value.
Default
preferred-lifetime 604800 (7 days)
Parameters
- seconds
-
Specifies the time, in seconds, that this prefix remains preferred.
- infinite
-
Specifies that this prefix remains preferred infinitely.
Platforms
All
preferred-lifetime
Syntax
preferred-lifetime seconds
preferred-lifetime infinite
no preferred-lifetime
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)
[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)
[Tree] (config>service>ies>sub-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)
Full Context
configure service vprn subscriber-interface group-interface ipv6 router-advertisements prefix-options preferred-lifetime
configure service ies subscriber-interface group-interface ipv6 router-advertisements prefix-options preferred-lifetime
configure service vprn subscriber-interface ipv6 router-advertisements prefix-options preferred-lifetime
configure service ies subscriber-interface ipv6 router-advertisements prefix-options preferred-lifetime
Description
This command specifies the remaining time for this prefix to be preferred, thus time until deprecation.
The no form of this command reverts to the default.
Default
preferred-lifetime 3600
Parameters
- seconds
-
Specifies the time for the prefix to remain preferred on this group-interface in seconds.
- infinite
-
Specifies that the remaining time will never expire. The value 4294967295 is interpreted as infinite.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preferred-lifetime
Syntax
preferred-lifetime seconds
preferred-lifetime infinite
no preferred-lifetime
Context
[Tree] (config>subscr-mgmt>rtr-adv>pfx-opt>stateful preferred-lifetime)
[Tree] (config>subscr-mgmt>rtr-adv>pfx-opt>stateless preferred-lifetime)
Full Context
configure subscriber-mgmt router-advertisement-policy prefix-options stateful preferred-lifetime
configure subscriber-mgmt router-advertisement-policy prefix-options stateless preferred-lifetime
Description
This command specifies the remaining time for this prefix to be preferred.
The no form of this command reverts to the default.
Default
preferred-lifetime 3600
Parameters
- seconds
-
Specifies the time, in seconds, for the prefix to remain preferred.
- infinite
-
Specifies that the remaining time never expires.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preferred-lifetime
Syntax
preferred-lifetime infinite
preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
no preferred-lifetime
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server preferred-lifetime)
[Tree] (config>service>ies>sub-if>ipv6>dhcp6>proxy-server preferred-lifetime)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy-server preferred-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server preferred-lifetime)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server preferred-lifetime
configure service ies subscriber-interface ipv6 dhcp6 proxy-server preferred-lifetime
configure service vprn subscriber-interface ipv6 dhcp6 proxy-server preferred-lifetime
configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server preferred-lifetime
Description
This command configures the preferred lifetime. When the preferred lifetime expires, any derived addresses are deprecated.
Default
preferred-lifetime hrs 1
Parameters
- infinite
-
Specifies that the preferred lifetime is infinite.
- days days
-
Specifies the number of days of a preferred lifetime.
- hrs hours
-
Specifies the number of hours of a preferred lifetime.
- min minutes
-
Specifies the number of minutes of a preferred lifetime.
- sec seconds
-
Specifies the number of seconds of a preferred lifetime.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
preferred-lifetime
Syntax
[no] preferred-lifetime {seconds | infinite}
Context
[Tree] (config>router>router-advert>if>prefix preferred-lifetime)
[Tree] (config>service>vprn>router-advert>if>prefix preferred-lifetime)
Full Context
configure router router-advertisement interface prefix preferred-lifetime
configure service vprn router-advertisement interface prefix preferred-lifetime
Description
This command configures the remaining length of time in seconds that this prefix will continue to be preferred, such as, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.
Default
preferred-lifetime 604800
Parameters
- seconds
-
Specifies the remaining length of time in seconds that this prefix will continue to be preferred.
- infinite
-
Specifies that the prefix will always be preferred. A value of 4,294,967,295 represents infinity.
Platforms
All
prefix
prefix
Syntax
prefix ipv6-addr/prefix-length [failover {local | remote | access-driven}] [pd] [wan-host] [create]
no prefix ipv6-addr/prefix-length
Context
[Tree] (config>service>vprn>dhcp6>server>pool prefix)
[Tree] (config>router>dhcp6>server>pool prefix)
Full Context
configure service vprn dhcp6 local-dhcp-server pool prefix
configure router dhcp6 local-dhcp-server pool prefix
Description
This command allocates a prefix to a pool from which Prefix Delegation prefixes and or WAN addresses can be assigned for DHCP6.
The no form of this command removes the prefix parameters from the configuration.
Default
prefix failover local
Parameters
- prefix ipv6-addr/prefix-length
-
Specifies the prefix.
- failover {local | remote | access-driven}
-
This command designates a prefix as local, remote, or access-driven. This is used when multi-chassis synchronization is enabled.
- pd
-
Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.
- wan-host
-
Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.
- create
-
Keyword used to create the prefix configuration. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
[no] prefix ipv6-address/prefix-length
Context
[Tree] (config>service>ies>if>ipv6>dhcp6-server>pfx-delegate prefix)
Full Context
configure service ies interface ipv6 dhcp6-server prefix-delegation prefix
Description
This command specifies the IPv6 prefix that is delegated by this system.
The no form of this command reverts to the default.
Parameters
- ipv6-address/prefix-length
-
Specifies the IPv6 address on the interface
Platforms
All
prefix
Syntax
prefix ipv6-address/prefix-length [pd] [wan-host]
no prefix ipv6-address/prefix-length
Context
[Tree] (config>service>ies>sub-if>ipv6>sub-pfx prefix)
[Tree] (config>service>vprn>sub-if>ipv6>sub-pfx prefix)
Full Context
configure service ies subscriber-interface ipv6 subscriber-prefixes prefix
configure service vprn subscriber-interface ipv6 subscriber-prefixes prefix
Description
This command allows a list of prefixes (using the prefix command multiple times) to be routed to hosts associated with this subscriber interface. Each prefix is represented in the associated FDB with a reference to the subscriber interface. Prefixes are defined as being for prefix delegation (pd) or use on a WAN interface or host (wan-host).
The no form of this command reverts to the default.
Parameters
- ipv6-address
-
Specifies the 128-bit IPv6 address.
- prefix-length
-
Specifies the length of any associated aggregate prefix.
- pd
-
Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.
- wan-host
-
Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
prefix low-order-vsi-id
no prefix
Context
[Tree] (config>service>vpls>bgp-ad>vsi-id prefix)
Full Context
configure service vpls bgp-ad vsi-id prefix
Description
This command specifies the low-order 4 bytes used to compose the Virtual Switch Instance Identifier (VSI-ID) to use for NLRI in BGP auto-discovery in this VPLS service.
If no value is set, the system IP address will be used.
Default
no prefix
Parameters
- low-order-vsi-id
-
Specifies a unique VSI ID
Platforms
All
prefix
Syntax
[no] prefix ip-prefix/prefix-length
Context
[Tree] (config>service>vprn>bgp>group>dynamic-neighbor>match prefix)
Full Context
configure service vprn bgp group dynamic-neighbor match prefix
Description
This command configures a prefix to accept dynamic BGP sessions (sessions from source IP addresses not matching any configured neighbor addresses). A dynamic session is associated with the group having the longest match prefix entry for the source IP address of the peer. The group association determines local parameters that apply to the session, including the local AS, the local IP address, the MP-BGP families, the import and export policies, and so on.
The no form of this command removes a prefix entry.
Parameters
- ip-prefix/prefix-length
-
Specifies a prefix from which to accept dynamic BGP sessions.
Platforms
All
prefix
Syntax
[no] prefix ipv6-prefix/prefix-length
Context
[Tree] (config>service>vprn>router-advert>if prefix)
Full Context
configure service vprn router-advertisement interface prefix
Description
This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements.
Parameters
- ipv6-prefix
-
Specifies the IP prefix for prefix list entry in dotted decimal notation.
- prefix-length
-
Specifies a route must match the most significant bits and have a prefix length.
Platforms
All
prefix
Syntax
prefix prefix-string
no prefix
Context
[Tree] (config>app-assure>group>cflowd>export-override prefix)
Full Context
configure application-assurance group cflowd export-override prefix
Description
This command specifies the prefix-string associated with the export-override.
Parameters
- prefix-string
-
Specifies a prefix string,up to eight characters. If the eight-character prefix is "ABCDEFG_" for a particular node, the cflowd export override would generate IPv4 interface names such as ABCDEFG_255.255.255.255 or IPv6 as ABCDEFG_2001:DB8:EF01:2345::/64. By default the prefix will be left blank.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
prefix ip-prefix/ip-prefix-length [name prefix-name]
no prefix ip-prefix/ip-prefix-length
Context
[Tree] (config>app-assure>group>ip-prefix-list prefix)
Full Context
configure application-assurance group ip-prefix-list prefix
Description
This command configures an IP prefix within the list.
The no form of this command removes the IP prefix from the configuration.
Parameters
- ip-prefix/ip-prefix-length
-
The IP address in dotted decimal notation.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
prefix ipv6-prefix/prefix-length
no prefix
Context
[Tree] (config>service>vprn>nat>inside>nat64 prefix)
[Tree] (config>router>nat>inside>nat64 prefix)
Full Context
configure service vprn nat inside nat64 prefix
configure router nat inside nat64 prefix
Description
This command configures the IPv6 prefix used to derive the IPv6 address from the IPv4 address, and is same as the prefix used by DNS64 to generate AAAA record returned for IPv4 endpoint resolution. NAT64 node announces this prefix in routing to attract traffic from IPv6 hosts. If the prefix is not configured, then a well-known prefix, 64:FF9B::/96, is used.
The no form of the command removes the prefix from the NAT64 configuration.
Parameters
- ipv6-prefix/prefix-length
-
Specifies the NAT64 destination prefix.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
prefix ip-prefix/length [nat-policy nat-policy-name]
no prefix ip-prefix/length
Context
[Tree] (config>service>nat>nat-prefix-list prefix)
Full Context
configure service nat nat-prefix-list prefix
Description
This command creates a prefix entry in the nat-prefix-list.
This prefix can be used to identify traffic with specific destination IP that needs to be associated with corresponding nat-policy (and implicitly the NAT pool) for L2-aware subscribers. In this fashion, a single L2-aware subscriber can direct traffic to multiple NAT pools, depending on the traffic destination.
Another use for a prefix is in DNAT-only application (DNAT without SNAPT). In this case the prefix identifies the inside source IP range that will be explicitly configured to ensure proper downstream routing in dNAT-only case.
The nat-prefix-list cannot reference the default nat-policy (the one that is referenced in the subscriber-profile).
The no form of the command reverts to the default.
Parameters
- ip-prefix/length
-
Specifies the IP prefix for nat prefix list entry in dotted decimal notation.
- nat-policy nat-policy-name
-
Specifies the NAT policy name. Allowed values are any string up to 32 characters composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes..
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
prefix prefix/prefix-length [ create]
no prefix prefix/prefix-length
Context
[Tree] (config>service>vprn>firewall>domain prefix)
[Tree] (config>router>firewall>domain prefix)
Full Context
configure service vprn firewall domain prefix
configure router firewall domain prefix
Description
This command specifies a prefix for which firewall functionality will apply within the domain. Prefixes cannot be shared or duplicated across multiple domains in the same routing context. A domain can contain multiple prefixes.
The no form of the command removes the prefix from the domain.
Parameters
- create
-
Mandatory keyword used when creating a prefix entry.
- prefix/prefix-length
-
Specifies the prefix.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefix
Syntax
prefix ip-address
no prefix
Context
[Tree] (config>router>bier>template>sub-domain prefix)
Full Context
configure router bier template sub-domain prefix
Description
This command specifies the prefix used for BFR. The prefix should be an IPv4 /32 address. The prefix can be a loopback interface or system IP address.
The no form of this command removes the prefix.
Parameters
- ip-address
-
Specifies the IP address to be used as the BFR prefix in dotted decimal format.
Platforms
All
prefix
Syntax
prefix ip-prefix/prefix-length [create]
no prefix ip-prefix/prefix-length
Context
[Tree] (config>test-oam>twamp>server prefix)
Full Context
configure test-oam twamp server prefix
Description
This command configures an IP address prefix containing one or more TWAMP clients. For a TWAMP client to connect to the TWAMP server (and subsequently conduct tests) it must establish the control connection using an IP address that is part of a configured prefix.
Parameters
- ip-prefix/prefix-length
-
Specifies an IPv4 or IPv6 address prefix.
- prefix length
-
Specifies the prefix length.
- create
-
Creates a prefix instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
prefix
Syntax
prefix ip-prefix/prefix-length [create]
no prefix ip-prefix/prefix-length
Context
[Tree] (config>router>twamp-light>reflector prefix)
[Tree] (config>service>vprn>twamp-light>reflector prefix)
Full Context
configure router twamp-light reflector prefix
configure service vprn twamp-light reflector prefix
Description
This command defines which TWAMP Light packet prefixes the reflector processes.
The no form of this command with the specific prefix removes the accepted source.
Parameters
- ip-prefix/prefix-length
-
Specifies the IPv4 or IPv6 address and length.
- create
-
Creates a prefix instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
prefix
Syntax
[no] prefix ip-prefix/prefix-length
Context
[Tree] (config>qos>match-list>ip-prefix-list prefix)
Full Context
configure qos match-list ip-prefix-list prefix
Description
This command adds an IPv4 address prefix to an existing IPv4 address prefix match list.
To add a set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv4 address space.
An IPv4 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of QoS Policies that use this IPv4 address prefix list.
The no form of this command deletes the specified prefix from the list.
Parameters
- ip-prefix
-
A valid IPv4 address prefix in dotted decimal notation.
- prefix-length
-
Length of the entered IP prefix
Platforms
All
prefix
Syntax
[no] prefix ipv6-prefix/prefix-length
Context
[Tree] (config>qos>match-list>ipv6-prefix-list prefix)
Full Context
configure qos match-list ipv6-prefix-list prefix
Description
This command adds an IPv6 address prefix to an existing IPv6 address prefix match list.
To add set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv6 address space.
An IPv6 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of QoS Policies that use this IPv6 address prefix list.
The no form of this command deletes the specified prefix from the list.
Parameters
- ipv6-prefix
-
Specifies the IPv6 prefix for the IP match criterion in hex digits.
- prefix-length
-
Specifies the IPv6 prefix length for the IPv6 address expressed as a decimal integer.
Platforms
All
prefix
Syntax
[no] prefix ip-prefix/prefix-length
Context
[Tree] (config>filter>match-list>ip-prefix-list prefix)
Full Context
configure filter match-list ip-prefix-list prefix
Description
This command adds an IPv4 address prefix to an existing IPv4 address prefix match list.
The no form of this command deletes the specified prefix from the list.
Operational Notes:
To add set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv4 address space.
An IPv4 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of filter policies that use this IPv4 address prefix list.
Parameters
- ip-prefix
-
Specifies a valid IPv4 address prefix in dotted decimal notation.
- prefix-length
-
Specifies the length of the entered IPv4 prefix.
Platforms
All
prefix
Syntax
[no] prefix ipv6-prefix/prefix-length
Context
[Tree] (config>filter>match-list>ipv6-prefix-list prefix)
Full Context
configure filter match-list ipv6-prefix-list prefix
Description
This command adds an IPv6 address prefix to an existing IPv6 address prefix match list.
The no form of this command deletes the specified prefix from the list.
Operational Notes:
To add set of different prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv6 address space.
An IPv6 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of filter policies that use this IPv6 address prefix list.
Parameters
- ipv6-prefix/prefix-length
-
Specifies an IPv6 address prefix written as hexadecimal numbers separated by colons with host bits set to 0. One string of zeros can be omitted, so 2001:db8::700:0:217A is equivalent to 2001:db8:0:0:0:700:0:217A.
- prefix-length
-
Specifies the length of the entered IPv6 prefix.
Platforms
All
prefix
Syntax
[no] prefix ipv6-prefix/prefix-length
Context
[Tree] (config>router>router-advert>if prefix)
Full Context
configure router router-advertisement interface prefix
Description
This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements.
Parameters
- ipv6-prefix
-
The IP prefix for prefix list entry in dotted decimal notation.
- prefix-length
-
Specifies a route must match the most significant bits and have a prefix length.
Platforms
All
prefix
Syntax
[no] prefix ip-prefix/ip-prefix-length
Context
[Tree] (config>router>bgp>group>dynamic-neighbor>match prefix)
Full Context
configure router bgp group dynamic-neighbor match prefix
Description
This command configures a prefix to accept dynamic BGP sessions (sessions from source IP addresses not matching any configured neighbor addresses). A dynamic session is associated with the group having the longest match prefix entry for the source IP address of the peer. The group association determines local parameters that apply to the session, including the local AS, the local IP address, the MP-BGP families, the import and export policies, and so on.
The no form of this command removes a prefix entry.
Parameters
- ip-prefix/ip-prefix-length
-
Specifies a prefix from which to accept dynamic BGP sessions.
Platforms
All
prefix
Syntax
[no] prefix ip-prefix/prefix-length [exact | longer | through length | prefix-length-range length1-length2 | to ip-prefix/prefix-length | address-mask mask-pattern]
Context
[Tree] (config>router>policy-options>prefix-list prefix)
Full Context
configure router policy-options prefix-list prefix
Description
This command creates a prefix entry in the route policy prefix list.
The no form of this command deletes the prefix entry from the prefix list.
Parameters
- ip-prefix/prefix-length
-
Specifies the IP prefix and length for the prefix list entry in dotted decimal notation.
- exact
-
Specifies the prefix list entry only matches the route with the specified ip-prefix and prefix mask (length) values.
- longer
-
Specifies the prefix list entry matches any route that matches the specified ip-prefix and prefix mask length values equal to or greater than the specified mask.
- through length
-
Specifies the prefix list entry matches any route that matches the specified ip-prefix and has a prefix length between the specified length values inclusive.
- prefix-length-range length1 - length2
-
Specifies a route must match the most significant bits and have a prefix length with the given range. The range is inclusive of start and end values.
- to ip-prefix/prefix-length
-
Specifies a second IP prefix and length used in route policy prefix lists. A route matches prefix1 to prefix2 if it matches prefix1 and prefix2 according to their respective prefix lengths and if the route’s own prefix length is between the prefix lengths of prefix1 and prefix2. It could take many individual 'exact’ match prefix entries to reproduce the same logic.
- mask-pattern
-
Specifies the address mask to use for matching entries to this prefix entry. A route matches a prefix and address mask combination if the bitwise logical AND of this prefix and the mask equals the bitwise logical AND of the route’s address and the same mask and, additionally, the prefix length of the route matches the prefix length of the prefix entry.
Platforms
All
prefix
Syntax
prefix
Context
[Tree] (config>router>segment-routing>srv6>locator prefix)
Full Context
configure router segment-routing segment-routing-v6 locator prefix
Description
Commands in this context configure IPv6 prefix parameters for an SRv6 locator.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
prefix
Syntax
prefix
Context
[Tree] (conf>router>sr>srv6>ms>block prefix)
Full Context
configure router segment-routing segment-routing-v6 micro-segment block prefix
Description
Commands in this context configure IPv6 prefix parameters for an SRv6 micro-segment locator.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
prefix
Syntax
prefix ip-prefix/prefix-length
no prefix
Context
[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf prefix)
[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-isis prefix)
[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf3 prefix)
Full Context
configure oam-pm session ip tunnel mpls sr-ospf prefix
configure oam-pm session ip tunnel mpls sr-isis prefix
configure oam-pm session ip tunnel mpls sr-ospf3 prefix
Description
This command configures the IP prefix used with the IGP instance to tunnel IP packets for the session tests.
The no form of this command deletes the prefix from the configuration.
Default
no prefix
Parameters
- ip-prefix/prefix-length
-
Specifies an IPv4 or IPv6 address prefix.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
prefix-attributes-tlv
prefix-attributes-tlv
Syntax
[no] prefix-attributes-tlv
Context
[Tree] (config>service>vprn>isis prefix-attributes-tlv)
Full Context
configure service vprn isis prefix-attributes-tlv
Description
This command enables IS-IS Prefix Attributes TLV support to exchange extended IPv4 and IPv6 reachability information. Extended reachability information is required for traffic engineering features using path computation element (PCE) or optimal route reflection.
The no form of this command removes the prefix-attributes-tlv configuration.
Default
no prefix-attributes-tlv
Platforms
All
prefix-attributes-tlv
Syntax
[no] prefix-attributes-tlv
Context
[Tree] (config>router>isis prefix-attributes-tlv)
Full Context
configure router isis prefix-attributes-tlv
Description
This command enables IS-IS Prefix Attributes TLV support to exchange extended IPv4 and IPv6 reachability information. Extended reachability information is required for traffic engineering features using path computation element (PCE) or optimal route reflection.
The no form of this command removes the prefix-attributes-tlv configuration.
Default
no prefix-attributes-tlv
Platforms
All
prefix-delegation
prefix-delegation
Syntax
[no] prefix-delegation
Context
[Tree] (config>service>ies>if>ipv6>dhcp6-server prefix-delegation)
Full Context
configure service ies interface ipv6 dhcp6-server prefix-delegation
Description
This command enables the prefix delegation options for delegating a long-lived prefix from a delegating router to a requesting router, where the delegating router does not require knowledge about the topology of the links in the network to which the prefixes are assigned.
The no form of this command disables prefix-delegation.
Platforms
All
prefix-exclude
prefix-exclude
Syntax
prefix-exclude policy-name [policy-name]
no prefix-exclude
Context
[Tree] (config>router>ldp>aggregate-prefix-match prefix-exclude)
Full Context
configure router ldp aggregate-prefix-match prefix-exclude
Description
This command specifies the policy name containing the prefixes to be excluded from the aggregate prefix match procedures. In this case, LDP will perform an exact match of a specific FEC element prefix as opposed to a longest match of one or more LDP FEC element prefixes, against this prefix when it receives a FEC-label binding or when a change to this prefix occurs in the routing table.
The no form of this command removes all policies from the configuration.
Default
no prefix-exclude
Parameters
- policy-name
-
Specifies the route policy name, up to five. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
The specified name(s) must already be defined.
Platforms
All
prefix-exclude
Syntax
[no] prefix-exclude ip-prefix/prefix-length
Context
[Tree] (config>filter>match-list>ip-pfx-list prefix-exclude)
Full Context
configure filter match-list ip-prefix-list prefix-exclude
Description
This command excludes IPv4 prefix(es) from an ip-prefix-list. The prefix-exclude command is mutually exclusive with apply-path.
The no form of this command deletes the specified excluded prefixes from the ip-prefix-list.
Parameters
- ip-prefix
-
Specifies a valid IPv4 address prefix in dotted decimal notation.
- prefix-length
-
Specifies the length of the entered IPv4 prefix.
Platforms
All
prefix-exclude
Syntax
[no] prefix ipv6-prefix/prefix-length
Context
[Tree] (config>filter>match-list>ipv6-pfx-list prefix-exclude)
Full Context
configure filter match-list ipv6-prefix-list prefix-exclude
Description
This command excludes IPv6 prefix(es) from an ipv6-prefix-list.The prefix-exclude command is mutually exclusive with apply-path.
The no form of this command deletes the specified excluded prefixes from the ipv6-prefix-list.
Parameters
- ipv6-prefix/prefix-length
-
Specifies an IPv6 address prefix written as hexadecimal numbers separated by colons with host bits set to 0. One string of zeros can be omitted, so 2001:db8::700:0:217A is equivalent to 2001:db8:0:0:0:700:0:217A.
- prefix-length
-
Specifies the length of the entered IPv6 prefix.
Platforms
All
prefix-ipv4
prefix-ipv4
Syntax
prefix-ipv4 {enable | disable}
Context
[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability prefix-ipv4)
[Tree] (config>router>ldp>session-params>peer>fec-type-capability prefix-ipv4)
[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability prefix-ipv4)
Full Context
configure router ldp interface-parameters interface ipv4 fec-type-capability prefix-ipv4
configure router ldp session-parameters peer fec-type-capability prefix-ipv4
configure router ldp interface-parameters interface ipv6 fec-type-capability prefix-ipv4
Description
This command enables or disables IPv4 prefix FEC capability on the session or interface.
The config>router>ldp>if-params>if>ipv6>fec-type-capability>prefix-ipv4 command is not supported on the 7450 ESS.
Platforms
All
prefix-ipv6
prefix-ipv6
Syntax
prefix-ipv6 {enable | disable}
Context
[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability prefix-ipv6)
[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability prefix-ipv6)
[Tree] (config>router>ldp>session-params>peer>fec-type-capability prefix-ipv6)
Full Context
configure router ldp interface-parameters interface ipv4 fec-type-capability prefix-ipv6
configure router ldp interface-parameters interface ipv6 fec-type-capability prefix-ipv6
configure router ldp session-parameters peer fec-type-capability prefix-ipv6
Description
This command enables or disables IPv6 prefix FEC capability on the session or interface.
This command is not supported on the 7450 ESS.
Platforms
All
prefix-limit
prefix-limit
Syntax
prefix-limit family limit [threshold percentage] [idle-timeout {minutes | forever} | log-only | hold-excess percentage] [post-import]
no prefix-limit family
Context
[Tree] (config>service>vprn>bgp>group>neighbor prefix-limit)
[Tree] (config>service>vprn>bgp>group prefix-limit)
Full Context
configure service vprn bgp group neighbor prefix-limit
configure service vprn bgp group prefix-limit
Description
This command configures the maximum number of BGP routes received from a peer before administrative action is taken. The administrative action can include generating a log or taking the session down. If a session is taken down, configure the idle-timeout parameter to bring it back up automatically after a specific duration. Alternatively, it can be configured to stay down indefinitely, until the user performs a reset.
No prefix limits for any address family are configured by default.
This command allows the user to apply a separate limit to each address family. A set of address family limits can be applied to one neighbor or to all neighbors in a group.
The no form of this command removes the prefix-limit.
Parameters
- threshold percentage
-
Specifies the threshold value (as a percentage) that triggers a warning message to be sent.
- family
-
Specifies the address family to which the limit applies.
- limit
-
Specifies the number of routes that can be learned from a peer expressed as a decimal integer.
- idle-timeout minutes
-
Specifies the duration in minutes before automatically re-establishing a session.
- idle-timeout forever
-
Specifies that the session is re-established only after the clear router bgp command is executed.
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is reached. However, the BGP session is not taken down.
- post-import
-
Specifies that the limit should be applied only to the number of routes that are accepted by import policies.
- hold-excess percentage
- Specifies the percentage of maximum routes that are allowed to be installed in the route table. If a peer within scope of the configuration exceeds the limit, the overflow routes are held in the BGP RIB as inactive routes and are ineligible for forwarding or advertisement to other peers. If the post-import parameter is configured, only routes not rejected by import policies count toward the limit. A BGP route in the overflow state is reconsidered for activation and reinstallation when an UPDATE message is received for the route. This parameter is mutually exclusive with the idle-timeout and log-only parameters.
Platforms
All
prefix-limit
Syntax
prefix-limit limit [log-only] [threshold percent] [overload-timeout { seconds | forever}]
no prefix-limit
Context
[Tree] (config>service>vprn>isis prefix-limit)
Full Context
configure service vprn isis prefix-limit
Description
This command configures the maximum number of prefixes that IS-IS can learn, and use to protect the system from a router that has accidentally advertised a large number of prefixes. If the number of prefixes reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, IS-IS will go into overload.
The overload-timeout option controls the length of time that IS-IS is in the overload state when the prefix limit is reached. The system automatically attempts to restart IS-IS at the end of this duration. If the overload-timeout forever option is used, IS-IS is not restarted automatically and stays in overload until the condition is manually cleared by the administrator. This is also the default behavior when the overload-timeout option is not configured.
The no form of this command removes the prefix-limit.
Default
prefix-limit overload-timeout forever
Parameters
- limit
-
Specifies the number of prefixes that can be learned, expressed as a decimal integer.
- log-only
-
Enables a warning message to be sent at the specified threshold percentage and also when the limit is exceeded. However, overload is not set when this parameter is configured.
- percent
-
Specifies the threshold value (as a percentage) that triggers a warning message to be sent.
- overload-timeout
-
Keyword used to control the length of time that IS-IS is in the overload state when the prefix limit is reached.
- seconds
-
Specifies the time in minutes before IS-IS is restarted.
- forever
-
Specifies that IS-IS should be restarted only after the execution of the clear router isis overload prefix-limit command.
Platforms
All
prefix-limit
Syntax
prefix-limit family limit [threshold percentage] [idle-timeout {minutes | forever} | log-only | hold-excess percentage] [post-import]
no prefix-limit family
Context
[Tree] (config>router>bgp>group prefix-limit)
[Tree] (config>router>bgp>group>neighbor prefix-limit)
Full Context
configure router bgp group prefix-limit
configure router bgp group neighbor prefix-limit
Description
This command configures the maximum number of BGP routes received from a peer before administrative action is taken. The administrative action can include generating a log or taking the session down. If a session is taken down, configure the idle-timeout parameter to bring it back up automatically after a specific duration. Alternatively, it can be configured to stay down indefinitely, until the user performs a reset.
No prefix limits for any address family are configured by default.
This command allows the user to apply a separate limit to each address family. A set of address family limits can be applied to one neighbor or to all neighbors in a group.
The no form of this command removes the prefix-limit.
Parameters
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is reached. However, the BGP session is not taken down.
- threshold percentage
-
Specifies the threshold value (as a percentage) that triggers a warning message to be sent.
- family
-
Specifies the address family to which the limit applies.
- limit
-
Specifies the number of routes that can be learned from a peer expressed as a decimal integer.
- idle-timeout minutes
-
Specifies the duration in minutes before automatically re-establishing a session.
- idle-timeout forever
-
Specifies that the session is re-established only after the clear router bgp command is executed.
- post-import
-
Specifies that the limit applies only to the number of routes that are accepted by import policies.
- hold-excess percentage
- Specifies the percentage of maximum routes that are allowed to be installed in the route table. If a peer within scope of the configuration exceeds the limit, the overflow routes are held in the BGP RIB as inactive routes and are ineligible for forwarding or advertisement to other peers. If the post-import parameter is configured, only routes not rejected by import policies count toward the limit. A BGP route in the overflow state is reconsidered for activation and reinstallation when an UPDATE message is received for the route. This parameter is mutually exclusive with the idle-timeout and log-only parameters.
Platforms
All
prefix-limit
Syntax
prefix-limit limit [log-only] [threshold percent] [overload-timeout { seconds | forever}]
no prefix-limit
Context
[Tree] (config>router>isis prefix-limit)
Full Context
configure router isis prefix-limit
Description
This command configures the maximum number of prefixes that IS-IS can learn, and use to protect the system from a router that has accidentally advertised a large number of prefixes. If the number of prefixes reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, IS-IS will go into overload.
The overload-timeout option controls the length of time that IS-IS is in the overload state when the prefix-limit is reached. The system automatically attempts to restart IS-IS at the end of this duration. If the overload-timeout forever option is used, IS-IS is not restarted automatically and stays in overload until the condition is manually cleared by the administrator. This is also the default behavior when the overload-timeout option is not configured.
The no form of this command removes the prefix-limit.
Default
no prefix-limit
Parameters
- log-only
-
Enables a warning message to be sent at the specified threshold percentage and also when the limit is exceeded. However, overload is not set when this parameter is configured.
- limit
-
Specifies the number of prefixes that can be learned expressed as a decimal integer.
- percent
-
Specifies the threshold value (as a percentage) that triggers a warning message to be sent.
- seconds
-
Specifies the time in minutes before IS-IS is restarted.
- forever
-
Specifies that IS-IS should be restarted only after the execution of the clear router isis overload prefix-limit command.
Platforms
All
prefix-limits
prefix-limits
Syntax
prefix-limits family limit [threshold percentage] [idle-timeout minutes] [log-only] [post-import]
no prefix-limits family
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy prefix-limits)
Full Context
configure subscriber-mgmt bgp-peering-policy prefix-limits
Description
This command configures the maximum number of BGP routes per address family that can be received from an ESM dynamic BGP peer before an administrative action is taken. Administrative actions include the generation of a log event and taking down the session. If a session is taken down, it can be brought back up automatically after an idle-timeout period. With no idle timeout configured, the session stays down until the user performs a reset.
The no form of this command removes the prefix limits for the specified family.
Default
prefix-limits threshold 90
Parameters
- family
-
Specifies the IP address family for prefix limits.
- limit
-
Specifies the prefix limit.
- percentage
-
Specifies the percentage at which a warning log message is sent.
- minutes
-
Specifies the time, in minutes, before a BGP peer is automatically reestablished on reaching the prefix limit.
- log-only
-
Keyword used to specify if the maximum limit is reached, only a log event is generated. This parameterdoes not disable the BGP session upon reaching the prefix limit.
- post-import
-
Keyword used to specify that limits are only applied to the number of routes accepted by the import policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
prefix-list
prefix-list
Syntax
prefix-list name [{all | none | any}]
no prefix-list [name] [{all | none | any}]
Context
[Tree] (config>service>vprn>static-route-entry>black-hole prefix-list)
[Tree] (config>service>vprn>static-route-entry>next-hop prefix-list)
[Tree] (config>service>vprn>static-route-entry>indirect prefix-list)
Full Context
configure service vprn static-route-entry black-hole prefix-list
configure service vprn static-route-entry next-hop prefix-list
configure service vprn static-route-entry indirect prefix-list
Description
This command associates a new constraint to the associated static route such that the static route is only active if any, none, or all of the routes in the prefix list are present and active in the route-table.
Default
no prefix-list
Parameters
- name
-
Specifies the name of a currently configured prefix-list.
- all
-
Specifies that the static route condition is met if all prefixes in the prefix-list must be present in the active static route.
- none
-
Specifies that the static route condition is met if none of the prefixes in the named prefix-list can be present in the active static route.
- any
-
Specifies that the static route condition is met if any prefixes in the prefix-list are present in the active static route.
Platforms
All
prefix-list
Syntax
prefix-list prefix-list-name [{all | none}]
no prefix-list [prefix-list-name] [{all | none}]
Context
[Tree] (config>router>static-route-entry>indirect prefix-list)
[Tree] (config>router>static-route-entry>black-hole prefix-list)
[Tree] (config>router>static-route-entry>next-hop prefix-list)
Full Context
configure router static-route-entry indirect prefix-list
configure router static-route-entry black-hole prefix-list
configure router static-route-entry next-hop prefix-list
Description
This command associates a new constraint to the associated static route such that the static route is only active if none or all of the routes in the prefix list are present and active in the route-table.
Default
no prefix-list
Parameters
- prefix-list-name
-
Specifies the name of a currently configured prefix-list.
- all
-
Specifies that the static route condition is met if all prefixes in the prefix-list must be present in the active route-table.
- none
-
Specifies that the static route condition is met if none of the prefixes in the named prefix-list can be present in the active route-table.
Platforms
All
prefix-list
Syntax
[no] prefix-list name
Context
[Tree] (config>router>policy-options prefix-list)
Full Context
configure router policy-options prefix-list
Description
This command creates a context to configure a prefix list to use in route policy entries.
The no form of this command deletes the named prefix list.
Parameters
- name
-
Specifies the prefix list name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".
An empty prefix list can be configured for pre-provisioning. This empty prefix list will not find a match when referred to by a policy. When removing member prefixes from a prefix list, the prefix list will not be automatically removed when the last member is removed. If required, an empty prefix list must be explicitly removed using the no form of this command.
Platforms
All
prefix-list
Syntax
prefix-list name [name]
no prefix-list
Context
[Tree] (config>router>policy-options>policy-statement>entry>from prefix-list)
[Tree] (config>router>policy-options>policy-statement>entry>to prefix-list)
Full Context
configure router policy-options policy-statement entry from prefix-list
configure router policy-options policy-statement entry to prefix-list
Description
This command configures a prefix list as a match criterion for a route policy statement entry.
If no prefix list is specified, any network prefix is considered a match.
An empty prefix list will evaluate as if 'no match' was found.
The prefix lists specify the network prefix (this includes the prefix and length) a specific policy entry applies.
A maximum of 28 prefix names can be specified.
The no form of this command removes the prefix list match criterion.
Default
no prefix-list
Parameters
- name
-
Specifies the prefix list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".
Platforms
All
prefix-list-override
prefix-list-override
Syntax
no prefix-list-override
prefix-list-override name {exact | longer}
prefix-list-override name prefix-length-range length1-length2
prefix-list-override name through length
Context
[Tree] (config>router>policy-options>policy-statement>entry>from prefix-list-override)
Full Context
configure router policy-options policy-statement entry from prefix-list-override
Description
This command converts a prefix list to a specific match type. The routing policy uses the converted list as a match condition.
The prefix list to be converted can be specified by its name, as an expression containing the name of a global variable that holds the name of the prefix list, or as an expression containing the name of a subroutine variable that holds the name of the prefix list.
Parameters
- name
-
Specifies the prefix list to be converted, up to 64 characters.
- exact
-
Keyword to convert all entries in the specified prefix list to the exact match type.
- longer
-
Keyword to convert all entries in the specified prefix list to the longer match type.
- length1-length2
-
Specifies the start and end length of the prefix range.
- length
-
Specifies the through length of the prefix.
Platforms
All
prefix-map
prefix-map
Syntax
prefix-map ip-prefix/length subscriber-type nat-sub-type nat-policy nat-policy-name [ create]
prefi-map ip-prefix/length subscriber-type nat-sub-type
no prefix-map ip-prefix/length subscriber-type nat-sub-type
Context
[Tree] (config>router>nat>inside>deterministic prefix-map)
[Tree] (config>service>vprn>nat>inside>deterministic prefix-map)
Full Context
configure router nat inside deterministic prefix-map
configure service vprn nat inside deterministic prefix-map
Description
This command is applicable to deterministic NAT and static 1:1 NAT. It is used to configure source IP prefixes on the inside and their association with outside deterministic NAT pools via the NAT policy. Hosts within the source IP prefix are deterministically mapped to outside IP addresses and port ranges in the associated deterministic NAT pool.
Multiple source IP prefixes within an inside routing instance can be defined and they can reference different NAT policies (and therefore, outside deterministic NAT pools and routing instances). Source IP prefixes from multiple routing instances can share the same deterministic NAT pool.
With this command, multiple NAT policies based on a destination prefix or filter criteria can be used together with deterministic NAT.
Non-deterministic NAT can be used simultaneously with deterministic NAT within the same inside routing instance. However, they cannot share the same NAT pool.
Source IP prefixes can be added or removed as long as the associated deterministic NAT pool is in a no shutdown mode.
Removing a prefix or modifying the map statement under it requires that the source IP prefix be in a shutdown mode.
Parameters
- ip-prefix/length
-
Specifies source IP prefix on the inside whose hosts is deterministically mapped to an outside IP address and port block in the corresponding deterministic NAT pool.
- nat-sub-type
-
Specifies the subscriber type.
- nat-policy-name
-
Specifies a NAT policy, up to 32 characters, that points to an outside pool and outside routing instance.
- create
-
Keyword used to create the particular prefix instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
prefix-options
prefix-options
Syntax
[no] prefix-options
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6 prefix-options)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv prefix-options)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv prefix-options)
[Tree] (config>service>ies>sub-if>ipv6>rtr-adv prefix-options)
[Tree] (config>subscr-mgmt>rtr-adv-plcy prefix-options)
[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv prefix-options)
[Tree] (config>service>ies>sub-if>grp-if>ipv6 prefix-options)
Full Context
configure service vprn subscriber-interface group-interface ipv6 prefix-options
configure service vprn subscriber-interface group-interface ipv6 router-advertisements prefix-options
configure service ies subscriber-interface group-interface ipv6 router-advertisements prefix-options
configure service ies subscriber-interface ipv6 router-advertisements prefix-options
configure subscriber-mgmt router-advertisement-policy prefix-options
configure service vprn subscriber-interface ipv6 router-advertisements prefix-options
configure service ies subscriber-interface group-interface ipv6 prefix-options
Description
This command configures Router Advertisement parameters for IPv6 prefixes returned via RADIUS Framed-IPv6-Prefix. All prefixes will inherit these configuration parameters.
The no form of this command unconfigures the Router Advertisement parameters for IPv6 prefixes returned via RADIUS Framed-IPv6-Prefix.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
prefix-policy
prefix-policy
Syntax
prefix-policy prefix-policy [prefix-policy]
no prefix-policy
Context
[Tree] (config>service>vprn>isis>loopfree-alternates>exclude prefix-policy)
Full Context
configure service vprn isis loopfree-alternates exclude prefix-policy
Description
This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this ISIS instance.
The no form of this command deletes the exclude prefix policy.
Default
no prefix-policy
Parameters
- prefix-policy prefix-policy
-
Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.
Platforms
All
prefix-policy
Syntax
[no] prefix-policy prefix-policy [prefix-policy]
Context
[Tree] (config>service>vprn>ospf3>loopfree-alternates>exclude prefix-policy)
[Tree] (config>service>vprn>ospf>loopfree-alternates>exclude prefix-policy)
Full Context
configure service vprn ospf3 loopfree-alternates exclude prefix-policy
configure service vprn ospf loopfree-alternates exclude prefix-policy
Description
This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this OSPF or OSPF3 instance.
The no form of this command deletes the exclude prefix policy.
Default
no prefix-policy
Parameters
- prefix-policy prefix-policy
-
Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.
Platforms
All
prefix-policy
Syntax
prefix-policy prefix-policy [prefix-policy]
no prefix-policy
Context
[Tree] (config>router>isis>loopfree-alternates>exclude prefix-policy)
Full Context
configure router isis loopfree-alternates exclude prefix-policy
Description
This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.
The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.
If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.
This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this IS-IS instance.
Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.
The default action, when not explicitly specified by the user in the prefix policy, is a "reject". Thus, regardless if the user did or did not explicitly add the statement "default-action reject" to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.
The no form of this command deletes the exclude prefix policy.
Default
no prefix-policy
Parameters
- prefix-policy prefix-policy
-
Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.
Platforms
All
prefix-policy
Syntax
prefix-policy prefix-policy [prefix-policy]
no prefix-policy
Context
[Tree] (config>router>ospf>loopfree-alternates>exclude prefix-policy)
[Tree] (config>router>ospf3>loopfree-alternates>exclude prefix-policy)
Full Context
configure router ospf loopfree-alternates exclude prefix-policy
configure router ospf3 loopfree-alternates exclude prefix-policy
Description
This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.
The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.
If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.
This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this OSPF or OSPF3 instance.
Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.
The default action, when not explicitly specified by the user in the prefix policy, is a "reject”. Thus, regardless if the user did or did not explicitly add the statement "default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.
The no form of this command deletes the exclude prefix policy.
Default
no prefix-policy
Parameters
- prefix-policy
-
Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.
Platforms
All
prefix-sid-range
prefix-sid-range
Syntax
prefix-sid-range global
prefix-sid-range start-label start-label max-index max-index
no prefix-sid-range
Context
[Tree] (config>router>bgp>segment-routing prefix-sid-range)
Full Context
configure router bgp segment-routing prefix-sid-range
Description
This command configures the label block that BGP segment routing is allowed to use.
The start-label and max-index parameters specify that BGP should be restricted to a subrange of the SRGB, with the subrange starting at start-label and ending at max-index.
It is not possible to enable segment routing (perform a no shutdown) unless the prefix-sid-range is configured using the global keyword or using the start-label and max-index parameters.
The no form of the command allocates no labels for BGP segment-routing.
Default
no prefix-sid-range
Parameters
- global
-
Specifies that BGP is allowed to allocate labels from the entire space of the SRGB, as defined under config>router>mpls-labels>sr-labels.
- start-label
-
Specifies the first label value that is available to BGP in a contiguous range of labels.
- max-index
-
Specifies the last label value that is available to BGP in a contiguous range of labels.
Platforms
All
prefix-sid-range
Syntax
prefix-sid-range {global | start-label label-value max-index index-value}
no prefix-sid-range
Context
[Tree] (config>router>isis>segment-routing prefix-sid-range)
Full Context
configure router isis segment-routing prefix-sid-range
Description
This command configures the prefix SID index range and offset label value for a given IGP instance.
The key parameter is the configuration of the prefix SID index range and the offset label value which this IGP instance will use. Since each prefix SID represents a network global IP address, the SID index for a prefix must be network-wide unique. Thus, all routers in the network are expected to configure and advertise the same prefix SID index range for a given IGP instance. However, the label value used by each router to represent this prefix; that is, the label programmed in the ILM can be local to that router by the use of an offset label, referred to as a start label:
Local Label (Prefix SID) = start-label + {SID index}
The label operation in the network becomes thus very similar to LDP when operating in the independent label distribution mode (RFC 5036, LDP Specification) with the difference that the label value used to forward a packet to each downstream router is computed by the upstream router based on advertised prefix SID index using the above formula.
There are two mutually exclusive modes of operation for the prefix SID range on the router. In the global mode of operation, the user configures the global value and this IGP instance will assume the start label value is the lowest label value in the SRGB and the prefix SID index range size equal to the range size of the SRGB. Once one IGP instance selected the global option for the prefix SID range, all IGP instances on the system will be restricted to do the same. The user must shutdown the segment routing context and delete the prefix-sid-range command in all IGP instances in order to change the SRGB. Once the SRGB is changed, the user must re-enter the prefix-sid-range command again. The SRGB range change will be failed if an already allocated SID index/label goes out of range.
In the per-instance mode of operation, the user partitions the SRGB into non-overlapping sub-ranges among the IGP instances. The user thus configures a subset of the SRGB by specifying the start label value and the prefix SID index range size. All resulting net label values (start-label + index} must be within the SRGB or the configuration will be failed. Furthermore, the code checks for overlaps of the resulting net label value range across IGP instances and will strictly enforce that these ranges do not overlap. The user must shutdown the segment routing context of an IGP instance in order to change the SID index/label range of that IGP instance using the prefix-sid-range command. In addition, any range change will be failed if an already allocated SID index/label goes out of range. The user can however change the SRGB on the fly as long as it does not reduce the current per IGP instance SID index/label range defined with the prefix-sid-range. Otherwise, the user must shutdown the segment routing context of the IGP instance and delete and re-configure the prefix-sid-range command.
Default
no prefix-sid-range
Parameters
- label-value
-
Specifies the label offset for the SR label range of this IGP instance.
- index-value
-
Specifies the maximum value of the prefix SID index range for this IGP instance.
Platforms
All
prefix-sid-range
Syntax
prefix-sid-range global
prefix-sid-range start-label label-value max-index index-value
no prefix-sid-range
Context
[Tree] (config>router>ospf>segm-rtng prefix-sid-range)
[Tree] (config>router>ospf3>segm-rtng prefix-sid-range)
Full Context
configure router ospf segment-routing prefix-sid-range
configure router ospf3 segment-routing prefix-sid-range
Description
This command configures the prefix SID index range and offset label value for an IGP instance.
The key parameter is the configuration of the prefix SID index range and the offset label value that this IGP instance will use. Because each prefix SID represents a network global IP address, the SID index for a prefix must be unique network-wide. Therefore, all routers in the network are expected to configure and advertise the same prefix SID index range for an IGP instance. However, the label value used by each router to represent this prefix, that is, the label programmed in the ILM, can be local to that router by the use of an offset label, referred to as a start label:
Local Label (Prefix SID) = start-label + {SID index}
The label operation in the network is very similar to LDP when operating in independent label distribution mode (RFC 5036, LDP Specification), with the difference being that the label value used to forward a packet to each downstream router is computed by the upstream router based on the advertised prefix SID index using the above formula.
There are two mutually exclusive modes of operation for the prefix SID range on the router. In the global mode of operation, the user configures the global value and this IGP instance will assume the start label value is the lowest label value in the SRGB and the prefix SID index range size equal to the range size of the SRGB. After one IGP instance selected the global option for the prefix SID range, all IGP instances on the system will be restricted to do the same. The user must shutdown the segment routing context and delete the prefix-sid-range command in all IGP instances in order to change the SRGB. After the SRGB is changed, the user must re-enter the prefix-sid-range command again. The SRGB range change will be failed if an already allocated SID index/label goes out of range.
In per-instance mode, the user partitions the SRGB into non-overlapping sub-ranges among the IGP instances. The user configures a subset of the SRGB by specifying the start label value and the prefix SID index range size. All resulting net label values (start-label + index) must be within the SRGB or the configuration will fail. The 7750 SR checks for overlaps of the resulting net label value range across IGP instances and will strictly enforce no overlapping of these ranges. The user must shut down the segment routing context of an IGP instance in order to change the SID index/label range of that IGP instance using the prefix-sid-range command. A range change will fail if an already allocated SID index/label goes out of range. The user can change the SRGB without shutting down the segment routing context as long as it does not reduce the current per-IGP instance SID index/label range defined with the prefix-sid-range command. Otherwise, shut down the segment routing context of the IGP instance, and disable and re-enable the prefix-sid-range command.
Default
no prefix-sid-range
Parameters
- label-value
-
Specifies the label offset for the SR label range of this IGP instance.
- index-value
-
Specifies the maximum value of the prefix SID index range for this IGP.
Platforms
All
prefix-sids
prefix-sids
Syntax
prefix-sids ip-int-name
no prefix-sids ip-int-name
Context
[Tree] (config>router>segment-routing>sr-mpls prefix-sids)
Full Context
configure router segment-routing sr-mpls prefix-sids
Description
This command configures the prefix SIDs for an interface.
The no form of this command removes the prefix SIDs list instance.
Default
no prefix-sids
Parameters
- ip-int-name
-
Specifies the loopback or system interface name that owns the prefix to be advertised, up to 32 characters.
Platforms
All
preserve-key
preserve-key
Syntax
[no] preserve-key
Context
[Tree] (config>system>security>ssh preserve-key)
Full Context
configure system security ssh preserve-key
Description
After enabling this command, private keys, public keys, and host key file are saved by the server. It is restored following a system reboot or the ssh server restart.
The no form of this command specifies that the keys are held in memory by an SSH server and is not restored following a system reboot.
Default
no preserve-key
Platforms
All
primary
primary
Syntax
primary
Context
[Tree] (config>aaa>radius-scr-plcy primary)
Full Context
configure aaa radius-script-policy primary
Description
Commands in this context configure a primary script.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
primary
Syntax
primary
Context
[Tree] (config>subscr-mgmt>sub-ident-pol primary)
Full Context
configure subscriber-mgmt sub-ident-policy primary
Description
Commands in this context configure primary identification script parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
primary
Syntax
primary path-name
no primary
Context
[Tree] (config>router>mpls>lsp primary)
Full Context
configure router mpls lsp primary
Description
This command specifies a preferred path for the LSP. This command is optional only if the secondary path-name is included in the LSP definition. Only one primary path can be defined for an LSP.
Some of the attributes of the LSP such as the bandwidth, and hop-limit can be optionally specified as the attributes of the primary path. The attributes specified in the primary path path-name command, override the LSP attributes.
The no form of this command deletes the association of this path-name from the LSP lsp-name. All configurations specific to this primary path, such as record, bandwidth, and hop limit, are deleted. The primary path must be shutdown first in order to delete it. The no primary command will not result in any action except a warning message on the console indicating that the primary path is administratively up.
Parameters
- path-name
-
Specifies the case-sensitive alphanumeric name label for the LSP path up to 64 characters in length.
Platforms
All
primary
Syntax
[no] primary [mda-id | esa-vm-id]
Context
[Tree] (config>isa>aa-grp primary)
Full Context
configure isa application-assurance-group primary
Description
This command assigns an AA ISA or ESA-VM configured in the specified location to this application assurance group. Primary and backup ISAs have equal operational status and when both ISAs are coming up, the one that becomes operational first becomes the active ISA.
On an activity switch from the primary ISA, all configurations are already on the backup ISA but flow state information must be re-learned. Any statistics not yet spooled will be lost. Auto-switching from the backup to primary, once the primary becomes available again, is not supported.
Operator is notified through SNMP events when:
-
When AA service goes down (all ISAs in the group are down) or comes back up (an ISA in the group becomes active)
-
When AA redundancy fails (one of the ISAs in the group is down) or recovers (the failed MDA comes back up)
-
When an AA activity switch occurred.
The no form of this command removes the specified ISA from the application assurance group.
Parameters
- mda-id
-
Specifies the slot/mda or esa/vm, identifying a provisioned AA ISA.
- esa-vm-id
-
Specifies the ESA and VM, identifying a provisioned ESA-VM. The value of the esa-vm-id for application assurance is used as the esa-id plus 128. For example, an ESA 1 with VM2 would be referred to as esa-129/2.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
primary
Syntax
primary mda-id
no primary
Context
[Tree] (config>isa>tunnel-grp primary)
Full Context
configure isa tunnel-group primary
Description
This command assigns an ISA IPsec module configured in the specified slot to this IPsec group. The backup ISA IPsec provides the IPsec group with warm redundancy when the primary ISA IPsec in the group is configured. Primary and backup ISA IPsec have equal operational status and when both MDAs are coming up, the one that becomes operational first becomes the active ISA IPsec.
All configuration information is pushed down to the backup MDA from the CPM once the CPM gets notice that the primary module has gone down. This allows multiple IPsec groups to use the same backup module. Any statistics not yet spooled will be lost. Auto-switching from the backup to primary, once the primary becomes available again, is supported.
The operator is notified through SNMP events when:
-
When the ISA IPsec service goes down (all modules in the group are down) or comes back up (a module in the group becomes active).
-
When ISA IPsec redundancy fails (one of the modules in the group is down) or recovers (the failed module comes back up).
-
When an ISA IPsec activity switch took place.
The no form of this command removes the specified primary ID from the group’s configuration.
Default
no primary
Parameters
- mda-id
-
Specifies the card/slot identifying a provisioned IPsec ISA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
primary
Syntax
primary primary secondary secondary
Context
[Tree] (config>ipsec>trans-mode-prof>dyn>cert>status-verify primary)
[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert>status-verify primary)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert>status-verify primary)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert>status-verify primary)
[Tree] (config>service>ies>if>sap>ipsec-gw>cert>status-verify primary)
[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert>status-verify primary)
[Tree] (config>service>vprn>if>sap>ipsec-gw>cert>status-verify primary)
Full Context
configure ipsec ipsec-transport-mode-profile dynamic-keying cert primary
configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
configure service ies interface sap ipsec-gw cert status-verify primary
configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify primary
configure service vprn interface sap ipsec-gw cert status-verify primary
Description
This command specifies the primary and secondary CVS methods used to verify the revocation status of the peer’s certificate.
OCSP or CRL uses the corresponding configuration in the CA profile of the issuer of the certificate in question.
Default
primary crl
Parameters
- primary
-
Specifies the primary CSV method used to verify the revocation status of the peer’s certificate.
- secondary
-
Specifies the secondary CSV method used to verify the revocation status of the peer’s certificate.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ipsec-gw cert status-verify primary
- configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify primary
- configure service ies interface sap ipsec-gw cert status-verify primary
- configure ipsec ipsec-transport-mode-profile dynamic-keying cert primary
VSR
- configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
- configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
- configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
primary
Syntax
[no] primary mda-id
Context
[Tree] (config>isa>video-group primary)
Full Context
configure isa video-group primary
Description
This command configures the primary video group ISA. Only one primary can be configured per video group when ad insertion is enabled. The maximum number of primaries per video-group for FCC and RD is 4.
Parameters
- mda-id
-
Specifies the slot and MDA number for the primary video group ISA.
Platforms
7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
primary-cf
primary-cf
Syntax
primary-cf cflash-id
Context
[Tree] (config>call-trace primary-cf)
Full Context
configure call-trace primary-cf
Description
This command specifies which compact-flash is used as the primary CF for call-trace operation.
Default
primary-cf cf1
Parameters
- cflash-id
-
Specifies the compact flash card to be used as the primary local storage location to save the generated call trace log files.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
primary-config
primary-config
Syntax
primary-config file-url
no primary-config
Context
[Tree] (bof primary-config)
Full Context
bof primary-config
Description
This command specifies the name and location of the primary configuration file.
The system attempts to use the configuration specified in primary-config. If the specified file cannot be located, the system automatically attempts to obtain the configuration from the location specified in secondary-config and then the tertiary-config.
If an error in the configuration file is encountered, the boot process aborts.
The no form of this command removes the primary-config configuration.
Parameters
- file-url
-
Specifies the primary configuration file location, expressed as a file URL.
Platforms
All
primary-dns
primary-dns
Syntax
primary-dns ip-address
no primary-dns
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-dns)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-dns)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-dns
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-dns
Description
This command configures the primary DNS address to be returned via DHCP on WLAN-GW ISA.
The no form of this command reverts to the default.
Parameters
- ip-address
-
Specifies the primary DNS address.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
primary-dns
Syntax
primary-dns ip-address
no primary-dns
Context
[Tree] (config>service>vprn>dns primary-dns)
Full Context
configure service vprn dns primary-dns
Description
This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.
The no form of this command removes the primary DNS server from the configuration.
Default
no primary-dns — No primary DNS server is configured.
Parameters
- ip-address
-
The IP or IPv6 address of the primary DNS server.
Platforms
All
primary-dns
Syntax
primary-dns ip-address
no primary-dns [ip-address]
Context
[Tree] (bof primary-dns)
Full Context
bof primary-dns
Description
This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.
The no form of this command removes the primary DNS server from the configuration.
Default
no primary-dns
Parameters
- ip-address
-
Specifies the IP or IPv6 address of the primary DNS server.
Platforms
All
primary-image
primary-image
Syntax
primary-image file-url
no primary image
Context
[Tree] (bof primary-image)
Full Context
bof primary-image
Description
This command specifies the primary directory location for runtime image file loading.
The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.
All runtime image files (*.tim files) must be located in the same directory.
The no form of this command removes the primary-image configuration.
Parameters
- file-url
-
Specifies the file-url can be either local (this CPM) or a remote FTP server.
Platforms
All
primary-ip-address
primary-ip-address
Syntax
primary-ip-address ipv4-address
no primary-ip-address
Context
[Tree] (config>router>bgp>orr>location primary-ip-address)
Full Context
configure router bgp optimal-route-reflection location primary-ip-address
Description
This command specifies the primary IP address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.
If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.
The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.
The no form of this command removes the primary IP address information.
Default
no primary-ip-address
Parameters
- ipv4-address
-
Specifies the primary IPv4 address of a location expressed in dotted decimal notation.
Platforms
All
primary-ipv6-address
primary-ipv6-address
Syntax
primary-ipv6-address ipv6-address
no primary-ipv6-address
Context
[Tree] (config>router>bgp>orr>location primary-ipv6-address)
Full Context
configure router bgp optimal-route-reflection location primary-ipv6-address
Description
This command specifies the primary IPv6 address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.
If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.
The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.
The no form of this command removes the primary IPv6 address information.
Default
no primary-ipv6-address
Parameters
- ipv6-address
-
Specifies the primary IPv6 address of a location expressed in dotted decimal notation.
Platforms
All
primary-location
primary-location
Syntax
primary-location file-url
no primary-location
Context
[Tree] (config>system>software-repository primary-location)
Full Context
configure system software-repository primary-location
Description
This command configures the primary location for the files in the software repository. See the software-repository command description for more information.
The no form of the command removes the primary location.
Parameters
- file-url
-
Specifies the primary location to be used to access the files in the software repository.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
primary-nbns
primary-nbns
Syntax
primary-nbns ip-address
no primary-nbns
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-nbns)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-nbns)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-nbns
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-nbns
Description
This command configures the primary NBNS address to be returned via DHCP on WLAN-GW ISA.
The no form of this command reverts to the default.
Parameters
- ip-address
-
Specifies the primary NBNS address.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
primary-next-hop
primary-next-hop
Syntax
[no] primary-next-hop
Context
[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp primary-next-hop)
Full Context
configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop
Description
Commands in this context configure the primary next hop of an NHG entry in a forwarding policy.
The no form of this command removes the primary next-hop context from an NHG entry in a forwarding policy.
Platforms
All
primary-p2mp-instance
primary-p2mp-instance
Syntax
[no] primary-p2mp-instance instance-name
Context
[Tree] (config>router>mpls>lsp primary-p2mp-instance)
Full Context
configure router mpls lsp primary-p2mp-instance
Description
This command creates the primary instance of a P2MP LSP. The primary instance of a P2MP LSP is modeled as a set of root-to-leaf (S2L) sub-LSPs. The root, for example a head-end node triggers signaling using one path message per S2L path. The leaf sub-LSP paths are merged at branching points.
This command is not supported on the 7450 ESS.
Parameters
- instance-name
-
Specifies a name that identifies the P2MP LSP instance. The instance name can be up to 32 characters long and must be unique.
Platforms
All
primary-path
primary-path
Syntax
primary-path
Context
[Tree] (config>mcast-mgmt>bw-plcy>t2-paths primary-path)
Full Context
configure mcast-management bandwidth-policy t2-paths primary-path
Description
Commands in this context configure primary path parameters.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
primary-ports
primary-ports
Syntax
primary-ports
Context
[Tree] (config>service>template>vpls-template>mac-move primary-ports)
[Tree] (config>service>vpls>mac-move primary-ports)
Full Context
configure service template vpls-template mac-move primary-ports
configure service vpls mac-move primary-ports
Description
Commands in this context define primary VPLS ports. VPLS ports that were declared as secondary prior to the execution of this command will be moved from secondary port-level to primary port-level. Changing a port to the tertiary level can only be done by first removing it from the secondary port-level.
Platforms
All
primary-tunnel-interface
primary-tunnel-interface
Syntax
primary-tunnel-interface ldp-p2mp p2mp-identifier sender ip-address
primary-tunnel-interface rsvp-p2mp lsp-name sender ip-address
no primary-tunnel-interface
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel primary-tunnel-interface)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle primary-tunnel-interface)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override primary-tunnel-interface)
Full Context
configure mcast-management multicast-info-policy bundle channel primary-tunnel-interface
configure mcast-management multicast-info-policy bundle primary-tunnel-interface
configure mcast-management multicast-info-policy bundle channel source-override primary-tunnel-interface
Description
This command allows the user to define a bundle in the multicast-info-policy and specify channels in the bundle that must be received from the primary tunnel interface associated with an RSVP P2MP LSP. The multicast info policy is applied to the base router instance.
The egress LER can accept multicast packets via two different methods. The regular RPF check on unlabeled IP multicast packets, which is based on routing table lookup. The static assignment which specifies the receiving of a multicast group <*,G> or a specific <S,G> from a primary tunnel-interface associated with an RSVP P2MP LSP.
One or more primary tunnel interfaces in the base router instance can be configured. That is, the user can specify to receive different multicast groups, <*,G> or specific <S,G>, from different P2MP LSPs. This assumes that there are static joins configured for the same multicast groups at the ingress LER to forward over a tunnel interface associated with the same P2MP LSP.
At any given time, packets of the same multicast group can be accepted from either the primary tunnel interface associated with a P2MP LSP or from a PIM interface. These are mutually exclusive options. As soon as a multicast group is configured against a primary tunnel interface in the multicast info policy, it is blocked from other PIM interfaces.
A multicast packet received on a tunnel interface associated with a P2MP LSP can be forwarded over a PIM or IGMP interface which can be an IES interface, a spoke SDP terminated IES interface, or a network interface.
The no form of this command removes the static RPF check.
Parameters
- lsp-name
-
Species a string of up to 32 characters identifying the LSP name as configured at the ingress LER.
- ip-address
-
Specifies a string of 15 characters representing the IP address of the ingress LER for the LSP.
- p2mp-id
-
Identifier used for signaling mLDP P2MP LSP (applies only to the 7750 SR).
Platforms
All
primary-url
primary-url
Syntax
primary-url url
no primary-url
Context
[Tree] (config>python>py-script primary-url)
Full Context
configure python python-script primary-url
Description
This command specifies the location of the primary Python script. The system supports three locations for each Python script. Users can store the script file on either a local CF card or an FTP server.
The no form of this command removes the URL.
Parameters
- url
-
Specifies the primary URL of the Python script up to 180 characters, either a local CF card url or a FTP server URL.
Platforms
All
prio-code-point
prio-code-point
Syntax
prio-code-point priority-code-point
no prio-code-point
Context
[Tree] (config>test-oam>build-packet>header>dot1q prio-code-point)
Full Context
configure test-oam build-packet header dot1q prio-code-point
Description
This command defines the priority code point to be used in the test Dot1Q header.
The no form of this command removes the priority code point value.
Default
prio-code-point 0 (BE)
Parameters
- priority-code-point
-
Specifies the priority code point to be used in the test Dot1Q header.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
prio-code-point
Syntax
prio-code-point priority-code-point
no prio-code-point
Context
[Tree] (debug>oam>build-packet>packet>field-override>header>dot1q prio-code-point)
Full Context
debug oam build-packet packet field-override header dot1q prio-code-point
Description
This command configures a Priority Code Point (PCP) for an IEEE 802.1Q packet header to be launched by the OAM find-egress tool.
The no form of this command removes the priority code point value.
Default
no override
Parameters
- priority-code-point
-
Specifies the priority code point to be used in the test Dot1Q header.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
priority
Syntax
priority level
Context
[Tree] (config>subscr-mgmt>sub-prof>ingress>policer-control-policy>priority-mbs-thresholds priority)
[Tree] (config>subscr-mgmt>sub-prof>egress>policer-control-policy>priority-mbs-thresholds priority)
Full Context
configure subscriber-mgmt sub-profile ingress policer-control-policy priority-mbs-thresholds priority
configure subscriber-mgmt sub-profile egress policer-control-policy priority-mbs-thresholds priority
Description
The priority level command contains the mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.
Each of the eight priority CLI nodes always exists and do not need to be created. While parameters exist for each priority level, the parameters are only applied when the priority level within a parent policer instance is currently supporting child policers.
Parameters
- level
-
Specifies the priority level override.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
priority priority source {python | diameter-gx | ludb | radius | diameter-nasreq | gtp | dhcp | local-address-assignment}
no priority priority
Context
[Tree] (config>subscr-mgmt>auth-orig priority)
Full Context
configure subscriber-mgmt authentication-origin priority
Description
This command allows the relative order of authentication priorities to be swapped between RADIUS and LUDB by configuring the RADIUS source priority to value 3. By moving RADIUS to the third position, LUDB, and all the origins below LUDB, are pushed down.The active order of priorities can be displayed in the output of the show subscriber-mgmt authentication-origin command.
The no form of this command deletes the priority value. To restore defaults, the priority configuration must be deleted.
Parameters
- priority
-
Specifies the authentication origin priority override.
- source
-
Specifies the source of authentication priority. Only radius can be configured. RADIUS as the authentication origin can be assigned priority 3 which places it above LUDB.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>vprn>sub-if>grp-if>srrp priority)
[Tree] (config>service>ies>sub-if>grp-if>srrp priority)
Full Context
configure service vprn subscriber-interface group-interface srrp priority
configure service ies subscriber-interface group-interface srrp priority
Description
This command overrides the default base priority for the SRRP instance. The SRRP instance priority is advertised by the SRRP instance to its neighbor router and is compared to the priority received from the neighbor router. The router with the best (highest) priority enters the master state while the other router enters the backup state. If the priority of each router is the same, the router with the lowest source IP address in the SRRP advertisement message assumes the master state.
The base priority of an SRRP instance can be managed by VRRP policies. A VRRP policy defines a set of connectivity or verification tests which, when they fail, may lower an SRRP instances base priority (creating an in-use priority for the instance). Every time an SRRP instances in-use priority changes when in master state, it sends an SRRP advertisement message with the new priority. If the dynamic priority drops to zero or receives an SRRP Advertisement message with a better priority, the SRRP instance transitions to the becoming backup state.
When the priority command is not specified, or the no priority command is executed, the system uses a default base priority of 100. The priority command may be executed at any time.
The no form of this command restores the default base priority to the SRRP instance. If a VRRP policy is associated with the SRRP instance, it will use the default base priority as the basis for any modifications to the SRRP instances in-use priority.
Default
priority 100
Parameters
- priority
-
Specifies a base priority for the SRRP instance to override the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
[no] priority level
Context
[Tree] (config>card>fp>ingress>access>queue-group>policer-control-override>priority-mbs-thresholds priority)
[Tree] (config>card>fp>ingress>network>queue-group>policer-control-override>priority-mbs-thresholds priority)
Full Context
configure card fp ingress access queue-group policer-control-override priority-mbs-thresholds priority
configure card fp ingress network queue-group policer-control-override priority-mbs-thresholds priority
Description
The priority level command contains the mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.
Each of the eight priority CLI nodes always exists and do not need to be created. While parameters exist for each priority level, the parameters are only applied when the priority level within a parent policer instance is currently supporting child policers.
Parameters
- level
-
Specifies the priority level.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority
Syntax
priority priority-value
no priority
Context
[Tree] (config>port>ethernet>eth-cfm>mep>ais-enable priority)
[Tree] (config>lag>eth-cfm>mep>ais-enable priority)
Full Context
configure port ethernet eth-cfm mep ais-enable priority
configure lag eth-cfm mep ais-enable priority
Description
This command specifies the priority of the AIS messages generated by the node.
The no form of the command reverts to the default values.
Parameters
- priority-value
-
Specifies the priority value of the AIS messages originated by the node.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority priority
no priority
Context
[Tree] (config>port>ethernet>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>lag>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>eth-tunnel>path>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>eth-ring>path>eth-cfm>mep>grace>eth-ed priority)
Full Context
configure port ethernet eth-cfm mep grace eth-ed priority
configure lag eth-cfm mep grace eth-ed priority
configure eth-tunnel path eth-cfm mep grace eth-ed priority
configure eth-ring path eth-cfm mep grace eth-ed priority
Description
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
Default
no priority
Parameters
- priority
-
Specifies the priority bit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
[no] priority level
Context
[Tree] (config>service>ipipe>sap>egress>policy-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>epipe>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>cpipe>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>epipe>sap>egress>policy-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>cpipe>sap>egress>policy-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>ipipe>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)
Full Context
configure service ipipe sap egress policer-control-override priority-mbs-thresholds priority
configure service epipe sap ingress policer-control-override priority-mbs-thresholds priority
configure service cpipe sap ingress policer-control-override priority-mbs-thresholds priority
configure service epipe sap egress policer-control-override priority-mbs-thresholds priority
configure service cpipe sap egress policer-control-override priority-mbs-thresholds priority
configure service ipipe sap ingress policer-control-override priority-mbs-thresholds priority
Description
The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.
This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.
Parameters
- level
-
The level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service ipipe sap ingress policer-control-override priority-mbs-thresholds priority
- configure service epipe sap egress policer-control-override priority-mbs-thresholds priority
- configure service epipe sap ingress policer-control-override priority-mbs-thresholds priority
- configure service ipipe sap egress policer-control-override priority-mbs-thresholds priority
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress policer-control-override priority-mbs-thresholds priority
- configure service cpipe sap ingress policer-control-override priority-mbs-thresholds priority
priority
Syntax
priority priority-value
no priority
Context
[Tree] (config>service>epipe>sap>eth-cfm>mep priority)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>aid-enable priority)
Full Context
configure service epipe sap eth-cfm mep priority
configure service epipe spoke-sdp eth-cfm aid-enable priority
Description
This command specifies the priority of AIS messages originated by the node.
Parameters
- priority-value
-
Specifies the priority value of the AIS messages originated by the node.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>ipipe>sap>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>epipe>sap>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)
Full Context
configure service ipipe sap eth-cfm mep grace eth-ed priority
configure service epipe sap eth-cfm mep grace eth-ed priority
configure service epipe spoke-sdp eth-cfm mep grace eth-ed priority
Description
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
Default
no priority
Parameters
- priority
-
Specifies the priority bit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority stp-priority
no priority [stp-priority]
Context
[Tree] (config>service>template>vpls-sap-template>stp priority)
[Tree] (config>service>vpls>stp priority)
[Tree] (config>service>template>vpls-template>stp priority)
Full Context
configure service template vpls-sap-template stp priority
configure service vpls stp priority
configure service template vpls-template stp priority
Description
The bridge-priority command is used to populate the priority portion of the bridge ID field within outbound BPDUs (the most significant 4 bits of the bridge ID). It is also used as part of the decision process when determining the best BPDU between messages received and sent. All values are truncated to multiples of 4096, conforming with IEEE 802.1t and 802.1D-2004.
The no form of this command returns the bridge priority to the default value.
Default
priority 4096
Parameters
- bridge-priority
-
Specifies the bridge priority for the STP instance
Platforms
All
priority
Syntax
priority stp-priority
no priority
Context
[Tree] (config>service>vpls>spoke-sdp>stp priority)
[Tree] (config>service>vpls>spoke-sdp priority)
[Tree] (config>service>vpls>sap>stp priority)
Full Context
configure service vpls spoke-sdp stp priority
configure service vpls spoke-sdp priority
configure service vpls sap stp priority
Description
This command configures the Nokia Spanning Tree Protocol (STP) priority for the SAP or spoke SDP.
STP priority is a configurable parameter associated with a SAP or spoke SDP. When configuration BPDUs are received, the priority is used in some circumstances as a tie breaking mechanism to determine whether the SAP or spoke SDP be designated or blocked.
In traditional STP implementations (802.1D-1998), this field is called the port priority and has a value of 0 to 255. This field is coupled with the port number (0 to 255 also) to create a 16 bit value. In the latest STP standard (802.1D-2004) only the upper 4 bits of the port priority field are used to encode the SAP or spoke SDP priority. The remaining 4 bits are used to extend the port ID field into a 12 bit virtual port number field. The virtual port number uniquely references a SAP or spoke SDP within the STP instance.
STP computes the actual priority by taking the input value and masking out the lower four bits. The result is the value that is stored in the SDP priority parameter. For instance, if a value of 0 is entered, masking out the lower 4 bits results in a parameter value of 0. If a value of 255 is entered, the result is 240.
The no form of this command returns the STP priority to the default value.
Default
priority 128
Parameters
- stp-priority
-
Specifies the STP priority value for the SAP or spoke SDP. 0 is the highest priority. The actual value used for STP priority (and stored in the configuration) is the result of masking out the lower 4 bits, therefore the actual value range is 0 to 240 in increments of 16.
Platforms
All
priority
Syntax
priority priority-value
no priority
Context
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>ais-enable priority)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>ais-enable priority)
Full Context
configure service vpls mesh-sdp eth-cfm mep ais-enable priority
configure service vpls spoke-sdp eth-cfm mep ais-enable priority
Description
This command specifies the priority of AIS messages originated by the node.
Parameters
- priority-value
-
Specifies the priority value of the AIS messages originated by the node
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>vpls>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>vpls>sap>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>grace>eth-ed priority)
Full Context
configure service vpls eth-cfm mep grace eth-ed priority
configure service vpls spoke-sdp eth-cfm mep grace eth-ed priority
configure service vpls sap eth-cfm mep grace eth-ed priority
configure service vpls mesh-sdp eth-cfm mep grace eth-ed priority
Description
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
Default
no priority
Parameters
- priority
-
Specifies the priority bit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
[no] priority level
Context
[Tree] (config>service>vpls>sap>egress>policy-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>vpls>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)
Full Context
configure service vpls sap egress policer-control-override priority-mbs-thresholds priority
configure service vpls sap ingress policer-control-override priority-mbs-thresholds priority
Description
The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.
This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.
The no form of this command sets the MBS contribution for the associated priority to its default value.
Parameters
- level
-
Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority
Syntax
priority base-priority
no priority
Context
[Tree] (config>service>ies>if>ipv6>vrrp priority)
Full Context
configure service ies interface ipv6 vrrp priority
Description
This command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.
This command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.
The no form of this command restores the default value of 100 to base-priority.
Default
priority 100
Parameters
- base-priority
-
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP Priority Control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Platforms
All
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>ies>if>sap>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)
Full Context
configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority
configure service ies interface sap eth-cfm mep grace eth-ed priority
configure service ies interface spoke-sdp eth-cfm mep grace eth-ed priority
Description
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
Default
no priority
Parameters
- priority
-
Specifies the priority bit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface sap eth-cfm mep grace eth-ed priority
- configure service ies interface spoke-sdp eth-cfm mep grace eth-ed priority
priority
Syntax
[no] priority level
Context
[Tree] (config>service>ies>if>sap>ingress>policer-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>ies>if>sap>egress>policer-ctrl-over>mbs-thrshlds priority)
Full Context
configure service ies interface sap ingress policer-control-override priority-mbs-thresholds priority
configure service ies interface sap egress policer-control-override priority-mbs-thresholds priority
Description
The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.
This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.
The no form of this command sets the MBS contribution for the associated priority to its default value.
Parameters
- level
-
Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority
Syntax
priority base-priority
no priority
Context
[Tree] (config>service>ies>if>vrrp priority)
Full Context
configure service ies interface vrrp priority
Description
The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.
The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.
The no form of this command restores the default value of 100 to base-priority.
Parameters
- base-priority
-
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP Priority Control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Platforms
All
priority
Syntax
priority {low | high}
no priority [{low | high}]
Context
[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel>forwarding-class priority)
[Tree] (config>service>vprn>static-route-entry>indirect>forwarding-class priority)
[Tree] (config>service>vprn>static-route-entry>next-hop>forwarding-class priority)
Full Context
configure service vprn static-route-entry ipsec-tunnel forwarding-class priority
configure service vprn static-route-entry indirect forwarding-class priority
configure service vprn static-route-entry next-hop forwarding-class priority
Description
This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.
Once a packet is enqueued into an ingress buffer, the significance of this parameter is lost.
Default
priority low
Parameters
- low
-
Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
- high
-
Setting the enqueuing parameter for a packet to high increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>vprn>if>sap>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed priority)
Full Context
configure service vprn interface sap eth-cfm mep grace eth-ed priority
configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed priority
configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority
Description
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
Default
no priority
Parameters
- priority
-
Specifies the priority bit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed priority
- configure service vprn interface sap eth-cfm mep grace eth-ed priority
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority
priority
Syntax
[no] priority level
Context
[Tree] (config>service>vprn>if>sap>egress>policer-ctrl-over>mbs-thrshlds priority)
[Tree] (config>service>vprn>if>sap>ingress>policer-ctrl-over>mbs-thrshlds priority)
Full Context
configure service vprn interface sap egress policer-control-override priority-mbs-thresholds priority
configure service vprn interface sap ingress policer-control-override priority-mbs-thresholds priority
Description
The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.
This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.
The no form of this command sets the MBS contribution for the associated priority to its default value.
Parameters
- level
-
Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>vprn>if>ipv6>vrrp priority)
[Tree] (config>service>vprn>if>vrrp priority)
Full Context
configure service vprn interface ipv6 vrrp priority
configure service vprn interface vrrp priority
Description
The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.
The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.
The no form of this command restores the default value of 100 to base-priority.
Parameters
- base-priority
-
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP priority control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Platforms
All
priority
Syntax
priority number
no priority
Context
[Tree] (config>service>vprn>isis>if>level priority)
Full Context
configure service vprn isis interface level priority
Description
This command configures the priority of the IS-IS router interface for designated router election on a multi-access network.
This priority is included in hello PDUs transmitted by the interface on a multi-access network. The router with the highest priority is the preferred designated router. The designated router is responsible for sending LSPs with regard to this network and the routers that are attached to it.
The no form of this command reverts to the default value.
Default
priority 64
Parameters
- number
-
Specifies the priority for this interface at this level.
Platforms
All
priority
Syntax
priority number
no priority
Context
[Tree] (config>service>vprn>ospf>area>if priority)
[Tree] (config>service>vprn>ospf3>area>if priority)
Full Context
configure service vprn ospf area interface priority
configure service vprn ospf3 area interface priority
Description
This command configures the priority of the OSPF interface that is used to elect the designated router (DR) on the subnet.
This parameter is only used if the interface is of type broadcast. The router with the highest priority interface becomes the DR. A router with priority 0 is not eligible to be the designated router or backup designated router.
The no form of this command resets the interface priority to the default value.
Default
priority 1
Parameters
- number
-
The interface priority expressed as a decimal integer. A value of 0 indicates the router is not eligible to be the Designated Router of Backup Designated Router on the interface subnet.
Platforms
All
priority
Syntax
priority dr-priority
no priority
Context
[Tree] (config>service>vprn>pim>if priority)
Full Context
configure service vprn pim interface priority
Description
This command sets the priority value to become the rendezvous point (RP) that is included in bootstrap messages sent by the router. The RP is sometimes called the bootstrap router. The priority command indicates whether the router is eligible to be a bootstrap router.
The no form of this command disqualifies the router to participate in the bootstrap election.
Default
priority 1 (The router is the least likely to become the designated router.)
Parameters
- dr-priority
-
Specifies the priority to become the designated router. The higher the value, the higher the priority.
Platforms
All
priority
Syntax
priority bootstrap-priority
Context
[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate priority)
[Tree] (config>service>vprn>pim>rp>bsr-candidate priority)
Full Context
configure service vprn pim rp ipv6 bsr-candidate priority
configure service vprn pim rp bsr-candidate priority
Description
This command defines the priority used to become the rendezvous point (RP). The higher the priority value the more likely that this router becomes the RP. If there is a tie, the router with the highest IP address is elected.
Parameters
- bootstrap-priority
-
The priority to become the bootstrap router.
Platforms
All
priority
Syntax
priority priority
no priority
Context
[Tree] (config>service>vprn>pim>rp>rp-candidate priority)
Full Context
configure service vprn pim rp rp-candidate priority
Description
This command defines the priority used to become the rendezvous point (RP). The higher the priority value, the more likely that this router will become the RP.
Use the no form of this command to revert to the default value.
Default
priority 192
Parameters
- priority
-
Specifies the priority to become the designated router. The higher the value the more likely the router will become the RP.
Platforms
All
priority
Syntax
priority priority-level
no priority
Context
[Tree] (config>router>ldp>lsp-bfd priority)
Full Context
configure router ldp lsp-bfd priority
Description
This command configures a priority value that is used to order prefix list processing if multiple prefix lists are configured.
The no form of this command restores the default priority value.
Default
priority 1
Parameters
- priority-level
-
Specifies the priority value of the prefix list.
Platforms
All
priority
Syntax
priority setup-priority hold-priority
no priority
Context
[Tree] (config>router>mpls>lsp-template priority)
[Tree] (config>router>mpls>lsp>secondary priority)
[Tree] (config>router>mpls>lsp>primary priority)
Full Context
configure router mpls lsp-template priority
configure router mpls lsp secondary priority
configure router mpls lsp primary priority
Description
This command enables the soft preemption procedures for this LSP path. The operator enables the soft preemption mechanism on a specific LSP name by explicitly configuring the setup and holding priorities for the primary path at the head-end node. The operator can similarly configure priority values for a secondary path for this LSP name. Different values could be used for the primary and for any of the secondary paths. In the absence of explicit user configuration, the setup priority is internally set to the default value of 7 and the holding priority is set to the default value of 0.
Valid user-entered values for these two parameters require that the holding priority be numerically lower than or equal to the setup priority, otherwise preemption loops can occur.
preemption is effected when a router preempting node processes a new RSVP session reservation and there is not enough available bandwidth on the RSVP interface, or the Class Type (CT) when Diff-Serv is enabled, to satisfy the bandwidth in the FlowSpec object while there exist other session reservations for LSP paths with a strictly lower holding priority (numerically higher holding priority value) than the setup priority of the new LSP reservation. If enough available bandwidth is freed on the link or CT to accommodate the new reservation by preempting one or more lower priority LSP paths, the preempting node allows temporary overbooking of the RSVP interface and honors the new reservation.
The preempting node will immediately set the 'Preemption pending’ flag (0x10) in the IPv4 Sub-Object in the RRO object in the Resv refresh for each of the preempted LSP paths. The IPv4 Sub-Object corresponds to the outgoing interface being used by the preempting and preempted LSP paths; however, the bandwidth value in the FlowSpec object is not changed. The Resv flag must also be set if the preempting node is a merge point for the primary LSP path and the backup bypass LSP or detour LSP and the backup LSP is activated.
When evaluating if enough available bandwidth will be freed, the preempting node considers the reservations in order from the lowest holding priority (numerically higher holding priority value) to the holding priority just below the setup priority of the new reservation. A new reservation cannot preempt a reservation which has a value of the holding priority equal to the new reservation setup priority.
When Diff-Serv is enabled on the preempting node and the MAM bandwidth allocation model is used, a new reservation can only preempt a reservation in the same Class Type (CT).
LSP paths which were not flagged at the head-end for soft preemption will be hard preempted. LSP paths with the default holding priority of 0 cannot be preempted. LSP paths with zero bandwidth do not preempt other LSP paths regardless of the values of the path setup priority and the path holding priority. They can also not be preempted.
When evaluating if enough available bandwidth will be freed, the preempting node considers the reservations in order from the lowest holding priority (numerically higher holding priority) to the holding priority just below the setup priority of the new reservation. There is no specific order in which the reservations in the same holding priority are considered.
The preempting node starts a preemption timer for each of the preempted LSP paths. While this timer is on, the node should continue to refresh the Path and Resv for the preempted LSP paths. When the preemption timer expires, the node tears down the reservation if the head-end node has not already done so.
A head-end node upon receipt of the Resv refresh message with the 'Preemption pending’ flag must immediately perform a make-before-break on the affected adaptive CSPF LSP. Both IGP metric and TE metric based CSPF LSPs are included. If an alternative path that excludes the flagged interface is not found, then the LSP is put on a retry in a similar way to the Global Revertive procedure at a head-end node. However, the number of retries and the retry timer are governed by the values of the retry-limit and retry-timer parameters: config>router>mpls>lsp>retry-limit; config>router>mpls>lsp>retry-timer.
MPLS will keep the address list of flagged interfaces for a maximum of 60 s (not user-configurable) from the time the first Resv message with the 'Preemption pending’ flag is received. This actually means that MPLS will request CSPF to find a path that excludes the flagged interfaces in the first few retries until success or until 60 s have elapsed. Subsequent retries after the 60 s will not exclude the flagged interfaces as it is assumed IGP has converged by then and the Unreserved Bandwidth sub-TLV for that priority, or TE Class, in the TE database will show the updated value taking into account the preempting LSP path reservation or a value of zero if overbooked.
If the LSP has a configured secondary standby which is operationally UP, the router will switch the path of the LSP to it and then start the MBB. If no standby path is available and a secondary non-standby is configured, the router will start the MBB and signal the path of the secondary. The LSP path will be switched to either the secondary or the new primary, whichever comes up first.
The no form of this command reverts the LSP path priority to the default values and results in setting the setup priority to 7, in setting the hold priority to 0, and in clearing the 'soft preemption desired’ flag in the RRO in the Resv refresh message.
Default
no priority
Parameters
- setup-priority
-
Specifies the priority of the reservation for this session at setup time.
- holding-priority
-
Specifies the priority of the reservation for this session at preemption action.
Platforms
All
priority
Syntax
priority value
no priority
Context
[Tree] (config>app-assure>aarp priority)
Full Context
configure application-assurance aarp priority
Description
This command defines the priority for the AARP instance. The priority value is used to determine the master/backup upon initialization or re-balance.
The no form of this command reverts to the default value.
Default
priority 100
Parameters
- value
-
Specifies an integer that defines the priority of an AARP instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
priority priority-level
no priority
Context
[Tree] (config>app-assure>group>policy>aqp>entry>action>remark priority)
Full Context
configure application-assurance group policy app-qos-policy entry action remark priority
Description
This command configures remark discard priority action on flows matching this AQP entry. When enabled, all packets for all flows matching this AQP entry will be remarked to the configured discard priority.
Default
no priority
Parameters
- priority-level
-
Specifies the priority to apply to a packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
priority priority
no priority
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>tunnel-group priority)
Full Context
configure redundancy multi-chassis peer mc-ipsec tunnel-group priority
Description
This command specifies the local priority of the tunnel-group, this is used to elect master, higher number win. If priority are same, then the peer has more active ISA win; and priority and the number of active ISA are same, then the peer with higher IP address win.
The no form of this command removes the priority value from the configuration.
Default
priority 100
Parameters
- priority
-
Specifies the priority of this tunnel-group.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
priority dr-priority
no priority
Context
[Tree] (config>router>pim>interface priority)
Full Context
configure router pim interface priority
Description
This command sets the priority value to elect the designated router (DR). The DR election priority is a 32-bit unsigned number and the numerically larger priority is always preferred.
The no form of this command reverts to the default value.
Default
priority 1
Parameters
- priority
-
Specifies the priority to become the designated router. The higher the value, the higher the priority.
Platforms
All
priority
Syntax
priority priority
no priority
Context
[Tree] (config>router>pim>rp>ipv6>rp-candidate priority)
[Tree] (config>router>pim>rp>rp-candidate priority)
Full Context
configure router pim rp ipv6 rp-candidate priority
configure router pim rp rp-candidate priority
Description
This command configures the Candidate-RP priority for becoming a rendezvous point (RP). This value is used to elect RP for a group range.
The no form of this command reverts to the default value.
Default
priority 192
Parameters
- priority
-
Specifies the priority to become a rendezvous point (RP). A value of 0 is considered as the highest priority.
Platforms
All
priority
Syntax
priority priority
no priority
Context
[Tree] (config>oam-pm>session>ethernet priority)
Full Context
configure oam-pm session ethernet priority
Description
This command defines the CoS priority across all tests configured under this session. This CoS value is exposed to the various QoS policies the frame passes through and does not necessarily map directly to the CoS value on the wire.
The no form of this command removes changes the priority to the default value.
Default
priority 0
Parameters
- priority
-
Specifies the CoS value.
Platforms
All
priority
Syntax
priority level
Context
[Tree] (config>qos>plcr-ctrl-plcy>root>priority-mbs-thresholds priority)
Full Context
configure qos policer-control-policy root priority-mbs-thresholds priority
Description
The priority level command contains the mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.
Each of the eight priority CLI nodes always exists and do not need to be created. While parameters exist for each priority level, the parameters are only applied when the priority level within a parent policer instance is currently supporting child policers.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority
Syntax
priority [priority]
no priority
Context
[Tree] (config>filter>redirect-policy>dest priority)
Full Context
configure filter redirect-policy destination priority
Description
Redirect policies can contain multiple destinations. Each destination is assigned an initial or base priority which describes its relative importance within the policy.
Default
priority 100
Parameters
- priority
-
Specifies the priority, expressed as a decimal integer, used to weigh the destination’s relative importance within the policy.
Platforms
All
priority
Syntax
priority {low | high}
no priority [{low | high}]
Context
[Tree] (config>router>static-route-entry>next-hop>forwarding-class priority)
[Tree] (config>router>static-route-entry>indirect>forwarding-class priority)
Full Context
configure router static-route-entry next-hop forwarding-class priority
configure router static-route-entry indirect forwarding-class priority
Description
This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.
Once a packet is enqueued into an ingress buffer, the significance of this parameter is lost.
Default
priority low
Parameters
- low
-
Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
- high
-
Setting the enqueuing parameter for a packet to high increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority priority
no priority
Context
[Tree] (config>router>if>eth-cfm>mep>grace>eth-ed priority)
Full Context
configure router interface eth-cfm mep grace eth-ed priority
Description
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
Default
no priority
Parameters
- priority
-
Specifies the priority bit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority
Syntax
priority priority
no priority
Context
[Tree] (config>router>fad>flex-algo priority)
Full Context
configure router flexible-algorithm-definitions flex-algo priority
Description
This command configures the priority of the FAD. This priority is used as a tie-breaker when the router has received multiple FADs for the same flexible algorithm.
Every router that is configured to participate in a particular flexible algorithm uses the same tie-breaker logic to select the winning FAD. This allows for consistent FAD definition selection in cases where routers advertise different definitions for a specific flexible algorithm. The following rules apply to the breaker mechanism.
-
From the advertisements of the FAD in the area (including both locally generated advertisements and received advertisements), select the one with the highest priority value.
-
If there are multiple advertisements of the FAD with the same highest priority, select the one that is originated from the router with either the highest system ID or router ID.
The no form of this command sets the priority to the default value.
Default
priority 100
Parameters
- priority
-
Configures the priority of this FAD.
Platforms
All
priority
Syntax
priority priority
no priority
Context
[Tree] (config>router>if>ipv6>vrrp priority)
[Tree] (config>router>if>vrrp priority)
Full Context
configure router interface ipv6 vrrp priority
configure router interface vrrp priority
Description
This command configures the base router priority for the virtual router instance used in the master election process.
The priority is the most important parameter set on a non-owner virtual router instance. The priority defines a virtual router’s selection order in the master election process. Together, the priority value and the preempt mode allow the virtual router with the best priority to become the master virtual router.
The base-priority is used to derive the in-use priority of the virtual router instance as modified by any optional VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis.
The priority command is only available in the non-owner vrrp nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed.
For non-owner virtual router instances, the default base priority value is 100.
The no form of the command reverts to the default value.
Default
priority 100
Parameters
- priority
-
The base priority used by the virtual router instance expressed as a decimal integer. If no VRRP priority control policy is defined, the base-priority is the in-use priority for the virtual router instance.
Platforms
All
priority
Syntax
priority priority-level [{delta | explicit}]
no priority
Context
[Tree] (config>vrrp>policy>priority-event>lag-port-down>weight-down priority)
[Tree] (config>vrrp>policy>priority-event>route-unknown priority)
[Tree] (config>vrrp>policy>priority-event>host-unreachable priority)
[Tree] (config>vrrp>policy>priority-event>port-down priority)
[Tree] (config>vrrp>policy>priority-event>lag-port-down>number-down priority)
Full Context
configure vrrp policy priority-event lag-port-down weight-down priority
configure vrrp policy priority-event route-unknown priority
configure vrrp policy priority-event host-unreachable priority
configure vrrp policy priority-event port-down priority
configure vrrp policy priority-event lag-port-down number-down priority
Description
This command controls the effect the set event has on the virtual router instance in-use priority.
When the event is set, the priority-level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keywords are specified.
Multiple set events in the same policy have interaction constraints:
-
If any set events have an explicit priority value, all the delta priority values are ignored.
-
The set event with the lowest explicit priority value defines the in-use priority that are used by all virtual router instances associated with the policy.
-
If no set events have an explicit priority value, all the set events delta priority values are added and subtracted from the base priority value defined on each virtual router instance associated with the policy.
-
If the delta priorities sum exceeds the delta-in-use-limit parameter, then the delta-in-use-limit parameter is used as the value subtracted from the base priority value defined on each virtual router instance associated with the policy.
If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, therefore, there is no impact on the in-use priority.
The no form of the command configures the set event to subtract 0 from the base priority (no effect).
Default
no priority
Parameters
- priority-level
-
The priority level adjustment value expressed as a decimal integer.
- delta
-
Configures what effect the priority-level will have on the base priority value. The default base priority value is delta.
When delta is specified, the priority-level value is subtracted from the associated virtual router instance’s base priority when the event is set and no explicit events are set. The sum of the priority event priority-level values on all set delta priority events are subtracted from the virtual router base priority to derive the virtual router instance in-use priority value. If the delta priority event is cleared, the priority-level is no longer used in the in-use priority calculation.
- explicit
-
Configures what effect the priority-level will have on the base priority value.
When explicit is specified, the priority-level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority-level. The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy.
Platforms
All
priority
Syntax
priority priority-level explicit
no priority
Context
[Tree] (config>vrrp>policy>priority-event>mc-ipsec-non-forwarding priority)
Full Context
configure vrrp policy priority-event mc-ipsec-non-forwarding priority
Description
This command controls the effect the set event has on the virtual router instance in-use priority.
When the event is set, the priority-level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keywords are specified.
Multiple set events in the same policy have interaction constraints:
-
If any set events have an explicit priority value, all the delta priority values are ignored.
-
The set event with the lowest explicit priority value defines the in-use priority that are used by all virtual router instances associated with the policy.
-
If no set events have an explicit priority value, all the set events delta priority values are added and subtracted from the base priority value defined on each virtual router instance associated with the policy.
-
If the delta priorities sum exceeds the delta-in-use-limit parameter, then the delta-in-use-limit parameter is used as the value subtracted from the base priority value defined on each virtual router instance associated with the policy.
If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, therefore, there is no impact on the in-use priority.
The no form of the command configures the set event to subtract 0 from the base priority (no effect).
Default
no priority
Parameters
- priority-level
-
The priority level adjustment value expressed as a decimal integer.
- explicit
-
When explicit is specified, the priority-level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority-level. The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority
Syntax
priority bridge-priority
no priority
Context
[Tree] (config>service>pw-template>stp priority)
Full Context
configure service pw-template stp priority
Description
The bridge-priority command is used to populate the priority portion of the bridge ID field within outbound BPDUs (the most significant 4 bits of the bridge ID). It is also used as part of the decision process when determining the best BPDU between messages received and sent. All values will be truncated to multiples of 4096, conforming with IEEE 802.1t and 802.1D-2004.
The no form of this command returns the bridge priority to the default value.
Default
priority 4096
Parameters
- bridge-priority
-
Specifies the bridge priority for the STP instance.
Platforms
All
priority
Syntax
priority number
no priority
Context
[Tree] (config>router>isis>if>level priority)
Full Context
configure router isis interface level priority
Description
This command configures the priority of the IS-IS router interface for designated router election on a multi-access network.
This priority is included in hello PDUs transmitted by the interface on a multi-access network. The router with the highest priority is the preferred designated router. The designated router is responsible for sending LSPs with regard to this network and the routers that are attached to it.
The no form of this command reverts to the default value.
Default
priority 64
Parameters
- number
-
Specifies the priority for this interface at this level.
Platforms
All
priority
Syntax
priority number
no priority
Context
[Tree] (config>router>ospf3>area>interface priority)
[Tree] (config>router>ospf>area>interface priority)
Full Context
configure router ospf3 area interface priority
configure router ospf area interface priority
Description
This command configures the priority of the OSPF interface that is used in an election of the designated router on the subnet.
This parameter is only used if the interface is of type broadcast. The router with the highest priority interface becomes the designated router. A router with priority 0 is not eligible to be Designated Router or Backup Designated Router.
The no form of this command reverts the interface priority to the default value.
Default
priority 1
Parameters
- number
-
Specifies the interface priority expressed as a decimal integer. A value of 0 indicates the router is not eligible to be the Designated Router or Backup Designated Router on the interface subnet.
Platforms
All
priority
Syntax
priority [value]
no priority
Context
[Tree] (config>redundancy>multi-chassis>ipsec-domain priority)
Full Context
configure redundancy multi-chassis ipsec-domain priority
Description
This command configures the priority for the tunnel group in the IPsec domain. The node with the higher priority is more likely to be elected as active within the domain.
The no form of this command reverts to the default value.
Default
priority 100
Parameters
- value
-
Specifies the IPsec domain tunnel group priority.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority-event
priority-event
Syntax
[no] priority-event
Context
[Tree] (config>vrrp>policy priority-event)
Full Context
configure vrrp policy priority-event
Description
This command creates the context to configure VRRP priority control events used to define criteria to modify the VRRP in-use priority.
A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance.
Up to 32 priority control events can be configured within the priority-event node.
The no form of the command clears any configured priority events.
Platforms
All
priority-marking
priority-marking
Syntax
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
no priority-marking
Context
[Tree] (config>service>vprn>gsmp>group>neighbor priority-marking)
[Tree] (config>service>vpls>gsmp>group>neighbor priority-marking)
Full Context
configure service vprn gsmp group neighbor priority-marking
configure service vpls gsmp group neighbor priority-marking
Description
This command configures the type of priority marking to be used.
The no form of this command reverts to the default.
Parameters
- dscp-name
-
Specifies the DSCP code-point to be used.
- ip-prec-value
-
Specifies the precedence value to be used.
Platforms
All
priority-mbs-thresholds
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>subscr-mgmt>sub-prof>ingress>policer-control-policy priority-mbs-thresholds)
[Tree] (config>subscr-mgmt>sub-prof>egress>policer-control-policy priority-mbs-thresholds)
Full Context
configure subscriber-mgmt sub-profile ingress policer-control-policy priority-mbs-thresholds
configure subscriber-mgmt sub-profile egress policer-control-policy priority-mbs-thresholds
Description
The priority-mbs-thresholds command contains the root arbiter parent policer’s min-thresh-separation command and each priority level’s mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority sensitive rate-based discards within the root arbiter’s parent policer.
The priority-mbs-thresholds CLI node always exists and does not need to be created.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>card>fp>ingress>access>queue-group>policer-control-override priority-mbs-thresholds)
[Tree] (config>card>fp>ingress>network>queue-group>policer-control-override priority-mbs-thresholds)
Full Context
configure card fp ingress access queue-group policer-control-override priority-mbs-thresholds
configure card fp ingress network queue-group policer-control-override priority-mbs-thresholds
Description
This command contains the root arbiter parent policer’s min-thresh-separation command and each priority level’s mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority sensitive rate-based discards within the root arbiter’s parent policer.
The priority-mbs-thresholds CLI node always exists and does not need to be created.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>service>epipe>sap>egress>policer-control-override priority-mbs-thresholds)
[Tree] (config>service>cpipe>sap>egress>policer-control-override priority-mbs-thresholds)
[Tree] (config>service>ipipe>sap>egress>policer-control-override priority-mbs-thresholds)
[Tree] (config>service>cpipe>sap>ingress>policer-control-override priority-mbs-thresholds)
[Tree] (config>service>ipipe>sap>ingress>policer-control-override priority-mbs-thresholds)
[Tree] (config>service>epipe>sap>ingress>policer-control-override priority-mbs-thresholds)
Full Context
configure service epipe sap egress policer-control-override priority-mbs-thresholds
configure service cpipe sap egress policer-control-override priority-mbs-thresholds
configure service ipipe sap egress policer-control-override priority-mbs-thresholds
configure service cpipe sap ingress policer-control-override priority-mbs-thresholds
configure service ipipe sap ingress policer-control-override priority-mbs-thresholds
configure service epipe sap ingress policer-control-override priority-mbs-thresholds
Description
This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service epipe sap egress policer-control-override priority-mbs-thresholds
- configure service epipe sap ingress policer-control-override priority-mbs-thresholds
- configure service ipipe sap egress policer-control-override priority-mbs-thresholds
- configure service ipipe sap ingress policer-control-override priority-mbs-thresholds
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress policer-control-override priority-mbs-thresholds
- configure service cpipe sap egress policer-control-override priority-mbs-thresholds
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>service>vpls>sap>egress>policer-ctrl-over priority-mbs-thresholds)
[Tree] (config>service>vpls>sap>ingress>policer-ctrl-over priority-mbs-thresholds)
Full Context
configure service vpls sap egress policer-control-override priority-mbs-thresholds
configure service vpls sap ingress policer-control-override priority-mbs-thresholds
Description
This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>service>ies>if>sap>egress>policer-ctrl-over priority-mbs-thresholds)
[Tree] (config>service>ies>if>sap>ingress>policer-ctrl-over priority-mbs-thresholds)
Full Context
configure service ies interface sap egress policer-control-override priority-mbs-thresholds
configure service ies interface sap ingress policer-control-override priority-mbs-thresholds
Description
This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>service>vprn>if>sap>egress>policer-ctrl-over priority-mbs-thresholds)
[Tree] (config>service>vprn>if>sap>ingress>policer-ctrl-over priority-mbs-thresholds)
Full Context
configure service vprn interface sap egress policer-control-override priority-mbs-thresholds
configure service vprn interface sap ingress policer-control-override priority-mbs-thresholds
Description
This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority-mbs-thresholds
Syntax
priority-mbs-thresholds
Context
[Tree] (config>qos>plcr-ctrl-plcy>root priority-mbs-thresholds)
Full Context
configure qos policer-control-policy root priority-mbs-thresholds
Description
The priority-mbs-thresholds command contains the root arbiter parent policer’s min-thresh-separation command and each priority level’s mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority-sensitive rate-based discards within the root arbiter’s parent policer.
The priority-mbs-thresholds CLI node always exists and does not need to be created.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
priority-sessions
priority-sessions
Syntax
[no] priority-sessions
Context
[Tree] (config>service>nat>up-nat-policy priority-sessions)
[Tree] (config>service>nat>firewall-policy priority-sessions)
[Tree] (config>service>nat>nat-policy priority-sessions)
Full Context
configure service nat up-nat-policy priority-sessions
configure service nat firewall-policy priority-sessions
configure service nat nat-policy priority-sessions
Description
This command configures the prioritized sessions of this NAT or residential firewall policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat nat-policy priority-sessions
- configure service nat up-nat-policy priority-sessions
7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat firewall-policy priority-sessions
priority1
priority1
Syntax
priority1 priority-value
no priority1
Context
[Tree] (config>system>ptp priority1)
Full Context
configure system ptp priority1
Description
This command configures the priority1 value of the local clock. This parameter is only used when the profile is set to ieee1588-2008. This value is used by the Best Master Clock Algorithm to determine which clock should provide timing for the network.
This value is used for the value to advertise in the Announce messages and for the local clock value in data set comparisons.
The no form of the command reverts to the default configuration.
Default
priority1 128
Parameters
- priority-value
-
Specifies the value of the priority1 field.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priority2
priority2
Syntax
priority2 priority-value
no priority2
Context
[Tree] (config>system>ptp priority2)
Full Context
configure system ptp priority2
Description
This command configures the priority2 value of the local clock. This parameter is only used when the profile is set to ieee1588-2008, g8275dot1-2014, or g8275dot2-2016. The parameter is ignored when any other profile is selected.
This value is used by the Best timeTransmitter Clock algorithm to determine which clock should provide timing for the network.
This value is used for the value to advertise in the Announce messages and for local clock value in data set comparisons.
The no form of the command reverts to the default configuration.
Default
priority2 128
Parameters
- priority-value
-
Specifies the value of the priority2 field.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
priv-lvl
priv-lvl
Syntax
priv-lvl priv-lvl user-profile-name
no priv-lvl priv-lvl
Context
[Tree] (config>service>vprn>aaa>remote-servers>tacplus>priv-lvl-map priv-lvl)
Full Context
configure service vprn aaa remote-servers tacplus priv-lvl-map priv-lvl
Description
This command maps a specific TACACS+ priv-lvl to a locally configured profile for authorization. This mapping is used when the use-priv-lvl option is specified for TACPLUS authorization.
Parameters
- priv-lvl
-
Specifies the privilege level used when sending a TACACS+ ENABLE request.
- user-profile-name
-
Specifies the user profile for this mapping.
Platforms
All
priv-lvl
Syntax
priv-lvl priv-lvl user-profile-name
no priv-lvl priv-lvl
Context
[Tree] (config>system>security>tacplus>priv-lvl-map priv-lvl)
Full Context
configure system security tacplus priv-lvl-map priv-lvl
Description
This command maps a specific TACACS+ priv-lvl to a locally configured profile for authorization. This mapping is used when the use-priv-lvl option is specified for TACPLUS authorization.
Parameters
- priv-lvl
-
Specifies the privilege level used when sending a TACACS+ ENABLE request.
- user-profile-name
-
Specifies the user profile for this mapping.
Platforms
All
priv-lvl-map
priv-lvl-map
Syntax
[no] priv-lvl-map
Context
[Tree] (config>service>vprn>aaa>remote-servers>tacplus priv-lvl-map)
Full Context
configure service vprn aaa remote-servers tacplus priv-lvl-map
Description
Commands in this context specify a series of mappings between TACACS+ priv-lvl and locally configured profiles for authorization. These mappings are used when the use-priv-lvl option is specified for tacplus authorization.
The no form of this command reverts to the default.
Default
priv-lvl-map
Platforms
All
priv-lvl-map
Syntax
[no] priv-lvl-map
Context
[Tree] (config>system>security>tacplus priv-lvl-map)
Full Context
configure system security tacplus priv-lvl-map
Description
Commands in this context specify a series of mappings between TACACS+ priv-lvl and locally configured profiles for authorization. These mappings are used when the use-priv-lvl option is specified for tacplus authorization.
The no form of this command reverts to the default.
Default
priv-lvl-map
Platforms
All
private-interface
private-interface
Syntax
private-interface ip-int-name
no private-interface
Context
[Tree] (config>ipsec>client-db>client private-interface)
Full Context
configure ipsec client-db client private-interface
Description
This command specifies the private interface name that is used for tunnel setup.
The no form of this command reverts to the default.
Default
no private-interface
Parameters
- ip-int-name
-
Specifies the name of the private interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
private-ki
private-ki
Syntax
private-ki hex-string
no private-ki
Context
[Tree] (config>li>x-interfaces>lics>lic>authentication private-ki)
Full Context
configure li x-interfaces lics lic authentication private-ki
Description
This command configures the private key for the X1 and X2 interfaces.
The no form of this command reverts to the default.
Parameters
- hex-string
-
Specifies the password. Must contain exactly 32 hex nibbles.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
private-retail-subnets
private-retail-subnets
Syntax
[no] private-retail-subnets
Context
[Tree] (config>service>vprn>sub-if private-retail-subnets)
Full Context
configure service vprn subscriber-interface private-retail-subnets
Description
This command controls the export of retail subnets and prefixes to the wholesale forwarding service. When this attribute is configured, subnets and prefixes configured on the retail subscriber interface are no longer exported to the associated wholesale VPRN and remain private to the retail VPRN. This is useful in a IPoE or PPPoE business service context, as it allows retail services to use overlapping IP address spaces even if those services are associated with the same wholesale service. IPoE and PPPoE sessions are actually terminated in the retail service although their traffic transits on a SAP belonging to the wholesale service.
Configuring private retail subnets is not supported for IPv4 static hosts and ARP hosts. If PPPoE sessions need to coexist with IPv4 static hosts or ARP hosts, then this attribute should not be configured on the retail subscriber interface.
This command fails if the subscriber interface is not associated with a wholesale service.
If the retail VPRN is of the type hub, this attribute is mandatory. In this case, private retail subnets are enabled by default and cannot be unconfigured.
The no form of this command disables overlapping IP addresses between different retailers referring to this interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
private-service
private-service
Syntax
private-service service-id
private-service name service-name
no private-service
Context
[Tree] (config>ipsec>client-db>client private-service)
Full Context
configure ipsec client-db client private-service
Description
This command specifies the private service ID that is used for tunnel setup.
The no form of this command reverts to the default.
Default
no private-service
Parameters
- service-id
-
Specifies the service ID of the tunnel delivery service.
This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The private-service name service-name variant can be used in all configuration modes.
- name service-name
-
Identifies the service, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
private-tcp-mss-adjust
private-tcp-mss-adjust
Syntax
private-tcp-mss-adjust octets
private-tcp-mss-adjust default
no private-tcp-mss-adjust
Context
[Tree] (config>service>vprn>l2tp>group>l2tpv3 private-tcp-mss-adjust)
[Tree] (config>service>vprn>l2tp>group>tunnel>l2tpv3 private-tcp-mss-adjust)
[Tree] (config>router>l2tp>group>tunnel>l2tpv3 private-tcp-mss-adjust)
[Tree] (config>service>vprn>l2tp>l2tpv3 private-tcp-mss-adjust)
[Tree] (config>router>l2tp>group>l2tpv3 private-tcp-mss-adjust)
Full Context
configure service vprn l2tp group l2tpv3 private-tcp-mss-adjust
configure service vprn l2tp group tunnel l2tpv3 private-tcp-mss-adjust
configure router l2tp group tunnel l2tpv3 private-tcp-mss-adjust
configure service vprn l2tp l2tpv3 private-tcp-mss-adjust
configure router l2tp group l2tpv3 private-tcp-mss-adjust
Description
This command enables TCP MSS adjust for L2TPv3 tunnels on the private side of the group or tunnel level. When this command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the private side.
Note that this command can be overridden by the corresponding configuration on the group or tunnel level.
With the default parameter, the system uses the upper-level configuration. With the non-default parameter, the system uses this configuration instead of the upper level configuration.
The no form of this command disables TCP MSS adjust on the private side.
Default
no private-tcp-mss-adjust
Parameters
- octets
-
Specifies the new TCP MSS value in octets.
- default
-
Specifies to use the upper-level configuration
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
private-tcp-mss-adjust
Syntax
private-tcp-mss-adjust bytes
private-tcp-mss-adjust octets
no private-tcp-mss-adjust
Context
[Tree] (config>router>if>ipsec>ipsec-tunnel private-tcp-mss-adjust)
[Tree] (config>ipsec>tnl-temp private-tcp-mss-adjust)
[Tree] (config>service>ies>if>sap>ip-tunnel private-tcp-mss-adjust)
[Tree] (config>service>vprn>if>sap>ipsec-tun private-tcp-mss-adjust)
[Tree] (config>service>vprn>if>sap>ip-tunnel private-tcp-mss-adjust)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel private-tcp-mss-adjust)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel private-tcp-mss-adjust)
Full Context
configure router interface ipsec ipsec-tunnel private-tcp-mss-adjust
configure ipsec tunnel-template private-tcp-mss-adjust
configure service ies interface sap ip-tunnel private-tcp-mss-adjust
configure service vprn interface sap ipsec-tunnel private-tcp-mss-adjust
configure service vprn interface sap ip-tunnel private-tcp-mss-adjust
configure service vprn interface ipsec ipsec-tunnel private-tcp-mss-adjust
configure service ies interface ipsec ipsec-tunnel private-tcp-mss-adjust
Description
This command enables TCP MSS to adjust for L2TPv3 tunnels, IPsec, or IP tunnels on the private side. When the command is configured, the system updates the TCP MSS option to the value of the received TCP SYN packet on the private side.
The no form of this command disables TCP MSS adjust on the private side.
Default
no private-tcp-mcc-adjust
Parameters
- bytes
-
Specifies the new TCP MSS value in bytes.
- octets
-
Specifies the new TCP MSS value in octets.
Platforms
VSR
- configure router interface ipsec ipsec-tunnel private-tcp-mss-adjust
- configure service ies interface ipsec ipsec-tunnel private-tcp-mss-adjust
- configure service vprn interface ipsec ipsec-tunnel private-tcp-mss-adjust
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure ipsec tunnel-template private-tcp-mss-adjust
- configure service ies interface sap ip-tunnel private-tcp-mss-adjust
- configure service vprn interface sap ipsec-tunnel private-tcp-mss-adjust
- configure service vprn interface sap ip-tunnel private-tcp-mss-adjust
probe-count
probe-count
Syntax
probe-count probes-per-hop
no probe-count
Context
[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy probe-count)
Full Context
configure saa test type-multi-line lsp-trace sr-policy probe-count
Description
This command configures the number of probes per hop.
The no form of this command reverts to the default value.
Default
probe-count 1
Parameters
- probes-per-hop
-
Specifies the probes-per-hop count, expressed as number of packets.
Platforms
All
probe-fail-enable
probe-fail-enable
Syntax
[no] probe-fail-enable
Context
[Tree] (config>saa>test>trap-gen probe-fail-enable)
Full Context
configure saa test trap-gen probe-fail-enable
Description
This command enables the generation of an SNMP trap when the consecutive probe failure threshold (configured using the probe-fail-threshold command) is reached during the execution of the SAA ping test. This command is not applicable to SAA trace route tests.
The no form of this command disables the generation of an SNMP trap.
Platforms
All
probe-fail-threshold
probe-fail-threshold
Syntax
probe-fail-threshold threshold
no probe-fail-threshold
Context
[Tree] (config>saa>test>trap-gen probe-fail-threshold)
Full Context
configure saa test trap-gen probe-fail-threshold
Description
This command configures the threshold for trap generation after ping probe failure.
This command has no effect when probe-fail-enable is disabled. This command is not applicable to SAA trace route tests.
The no form of this command returns the threshold value to the default.
Default
probe-fail-threshold 1
Parameters
- threshold
-
Specifies the number of consecutive ping probe failures required to generate a trap.
Platforms
All
probe-history
probe-history
Syntax
probe-history {keep | drop | auto}
Context
[Tree] (config>saa>test probe-history)
Full Context
configure saa test probe-history
Description
Specifies history probe behavior. Defaults are associated with various configured parameters within the SAA test. Auto (keep) is used for test with probe counts of 100 or less, and intervals of 1 second and above. Auto (drop) only maintains summary information for tests marked as continuous with file functions, probe counts more than 100 and intervals of less than 1 second. SAA tests that are not continuous with a write to file defaults to Auto (keep). The operator is free to change the default behaviors for each type. Each test that maintains per probe history consumes more system memory. When per probe entries are required, the probe history is available at the completion of the test.
Default
probe-history auto
Parameters
- auto
-
An auto selector that determines the storage of the history information.
- drop
-
Stores summarized min/max/avg data not per probe information for test runs. This may be configured for all tests to conserve memory.
- keep
-
Stores per probe information for tests. This consumes significantly more memory than summary information and should only be used if necessary.
Platforms
All
process-arp-probes
process-arp-probes
Syntax
[no] process-arp-probes
Context
[Tree] (config>service>vpls>proxy-arp process-arp-probes)
Full Context
configure service vpls proxy-arp process-arp-probes
Description
This command enables router proxy ARP function replies to Duplicate Address Detection (DAD) ARP probes upon a successful proxy ARP table lookup.
The no form of this command disables the router from replying to DAD ARP probes.
Default
process-arp-probes
Platforms
All
process-cpm-traffic-on-sap-down
process-cpm-traffic-on-sap-down
Syntax
[no] process-cpm-traffic-on-sap-down
Context
[Tree] (config>service>vpls>sap process-cpm-traffic-on-sap-down)
Full Context
configure service vpls sap process-cpm-traffic-on-sap-down
Description
This command is applicable to simple SAPs configured on LAGs that are not part of any "endpoint” configurations or complicated resiliency schemes like MC-LAG with inter-chassis-backup (ICB) configurations. When configured, a simple LAG SAP is not removed from the forwarding plane and flooded traffic (unknown unicast, broadcast and multicast) is dropped on egress. This allows applicable control traffic that is extracted at the egress interface to be processed by the CPM. This command will not prevent a VPLS service from entering an operationally down state if it is the last active connection to enter a nonoperational state. By default, without this command, when a SAP on a LAG enters a nonoperational state, it is removed from the forwarding plane and no forwarding occurs to the egress.
The no form of this command removes a SAP over a LAG that is not operational from the forwarding process.
Default
no process-cpm-traffic-on-sap-down
Platforms
All
process-dad-neighbor-solicitations
process-dad-neighbor-solicitations
Syntax
[no] process-dad-neighbor-solicitations
Context
[Tree] (config>service>vpls>proxy-nd process-dad-neighbor-solicitations)
Full Context
configure service vpls proxy-nd process-dad-neighbor-solicitations
Description
This command enables the router proxy ND replies to Duplicate Address Detection (DAD) neighbor solicitations upon a successful proxy ND table lookup.
The no form of this command disables the router from replying to DAD neighbor solicitations.
Default
process-dad-neighbor-solicitations
Platforms
All
profile
profile
Syntax
profile profile-name [create]
no profile profile-name
Context
[Tree] (config app-assure group url-filter web-service profile)
Full Context
configure application-assurance group url-filter web-service profile
Description
This command configures the category profiles of the web service.
The no form of this command removes the category profiles configuration.
Parameters
- profile-name
-
Specifies the name of the category profile, up to 256 characters.
- create
-
Keyword that specifies to create a category profile.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
profile
Syntax
[no] profile user-profile-name
Context
[Tree] (config system security profile)
Full Context
configure system security profile
Description
This command creates a context to create user profiles for command authorization and other functions associated with a user.
Profiles can be used to deny or permit user access to entire command branches or to specific commands.
Once the profiles are created, the user command assigns users to one or more profiles. You can define up to 16 user profiles but a maximum of 8 profiles can be assigned to a user.
The no form of this command deletes a user profile.
Parameters
- user-profile-name
-
Specifies the user profile name entered as a character string. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.
Platforms
All
profile
Syntax
profile {in | out}
no profile
Context
[Tree] (config saa test type-multi-line lsp-ping sr-policy profile)
[Tree] (config saa test type-multi-line lsp-ping profile)
[Tree] (config saa test type-multi-line lsp-trace sr-policy profile)
Full Context
configure saa test type-multi-line lsp-ping sr-policy profile
configure saa test type-multi-line lsp-ping profile
configure saa test type-multi-line lsp-trace sr-policy profile
Description
This command configures the profile state of the MPLS echo request packet.
The no form of this command reverts to the default value.
Default
profile out
Parameters
- in
-
Specifies "in” as the profile state of the MPLS echo request packet.
- out
-
Specifies "out” as the profile state of the MPLS echo request packet.
Platforms
All
profile
Syntax
profile {in | out}
no profile
Context
[Tree] (config>oam-pm>session>ip profile)
Full Context
configure oam-pm session ip profile
Description
This command defines whether the TWAMP Light PDU packet should be treated as in-profile or out-of-profile. The default has been selected because the forwarding class defaults to best effort.
The no form of this command restores the default value.
Default
profile out
Parameters
- in
-
Specifies that the TWAMP Light PDU packet is sent as in-profile.
- out
-
Specifies that the TWAMP Light PDU packet is sent as out-of-profile.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
profile
Syntax
profile {in | out}
no profile
Context
[Tree] (config>oam-pm>session>mpls profile)
Full Context
configure oam-pm session mpls profile
Description
This command defines whether the DM PDU packet should be treated as in profile or out-of-profile.
The no form of this command reverts the default value.
Default
profile out
Parameters
- in
-
Marks the PDU in profile.
- out
-
Marks the PDU out of profile.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
profile
Syntax
profile {in | out}
no profile
Context
[Tree] (config qos sap-ingress fc profile)
Full Context
configure qos sap-ingress fc profile
Description
This command places a forwarding class or subclass into a color aware profile mode. Normally, packets associated with a class are considered in-profile or out-of-profile solely based on the dynamic rate of the ingress queue relative to its CIR. Explicitly defining a class as in-profile or out-of-profile overrides this function by handling each packet with the defined profile state.
The profile command may only be executed when the forwarding class or the parent forwarding class (for a subclass) is mapped to a queue that has been enabled to support color aware profile packets. The queue may only be configured for profile-mode at the time the queue is created in the SAP ingress QoS policy.
A queue operating in profile-mode may support in-profile, out-of-profile, and non-profiled packets simultaneously. However, the high- and low-priority classification actions are ignored when the queue is in profile-mode.
The no form of this command removes an explicit in-profile or out-of-profile configuration on a forwarding class or subclass.
Default
no profile — The default profile state of a forwarding class or subclass is not to treat ingress packets as color aware. An explicit definition for in-profile or out-of-profile must be specified on the forwarding class or subclass.
Parameters
- in
-
The in keyword is mutually exclusive to the out keyword. When the profile in command is executed, all packets associated with the class will be handled as in-profile. Packets explicitly handled as in-profile or out-of-profile still flow through the ingress service queue associated with the class to preserve order within flows. In-profile packets will count against the CIR of the queue, diminishing the amount of CIR available to other classes using the queue that are not configured with an explicit profile.
- out
-
The out keyword is mutually exclusive to the in keyword. When the profile out command is executed, all packets associated with the class will be handled as out-of-profile. Packets explicitly handled as in-profile or out-of-profile still flow through the ingress service queue associated with the class to preserve order within flows. Out-of-profile packets will not count against the CIR of the queue, allowing other classes using the queue that are not configured with an explicit profile to be measured against the full CIR.
Platforms
All
profile
Syntax
profile {g8265dot1-2010 | ieee1588-2008 | g8275dot1-2014 | g8275dot2-2016}
Context
[Tree] (config system ptp profile)
Full Context
configure system ptp profile
Description
This command configures the profile for the internal PTP clock, which defines the Best timeTransmitter Clock Algorithm (BTCA) behavior.
The profile setting for the clock cannot be changed unless PTP is shutdown.
The clock-type is restricted based on the PTP profile setting.
-
If the profile is ieee1588-2008, the clock-type is not restricted.
-
If the profile is g8265dot1-2010, the clock type may only be ordinary slave or ordinary master; boundary clock is not allowed.
-
If the profile is g8275dot1-2014 or g8275dot2-2016, the clock-type may only be boundary clock or ordinary slave; ordinary master is not allowed.
When the profile is changed, the domain changes to the default value for the new profile. Any command parameters that are set to default for the original profile are changed to the default for the new profile. This applies to the following:
-
log-anno-interval set for the clock
-
log-sync-interval set for a peer or a port
-
log-delay-interval set for a port
Non-default parameter values for the original profile remain unchanged.
Default
profile g8265dot1-2010
Parameters
- g8265dot1-2010
-
Conforms to the ITU-T G.8265.1 specification.
- ieee1588-2008
-
Conforms to the 2008 version of the IEEE1588 standard.
- g8275dot1-2014
-
Conforms to the ITU-T G.8275.1 specification.
- g8275dot2-2016
-
Conforms to the ITU-T G.8275.2 specification.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
profile
Syntax
profile {g8265dot1-2010 | g8275dot1-2014 | g8275dot2-2016 | ieee1588-2008}
Context
[Tree] (config>system>ptp>alternate-profile profile)
Full Context
configure system ptp alternate-profile profile
Description
This command configures the standard profile that is used as the basis for the alternate profile.
The profile setting controls the content of PTP messages sent on ports and peers using this alternate profile.
Modification of this setting is allowed only when the alternate profile is shut down.
Default
profile g8275dot1-2014
Parameters
- g8265dot1-2010
-
Keyword to conform to the ITU-T G.8265.1 specification.
- g8275dot1-2014
-
Keyword to conform to the ITU-T G.8275.1 specification.
- g8275dot2-2016
-
Keyword to conform to the ITU-T G.8275.2 specification.
- ieee1588-2008
-
Keyword to conform to the 2008 version of the IEEE1588 standard.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
profile
Syntax
profile name [create]
no profile name
Context
[Tree] (config system network-element-discovery profile)
Full Context
configure system network-element-discovery profile
Description
This command configures a profile to be used by IGP to advertise the network element information to its neighbors.
The no form of this command deletes the specified profile.
Parameters
- name
-
Specifies the name of the profile, up to 32 characters.
Platforms
All
profile
Syntax
profile user-profile-name
no profile
Context
[Tree] (config system security user-template profile)
Full Context
configure system security user-template profile
Description
This command configures the command authorization profile to associate with a user template. See the user-template command for more details.
Parameters
- user-profile-name
-
The user profile name entered as a character string. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.
Platforms
All
profile
Syntax
profile quality-of-service-profile
Context
[Tree] (config>test-oam>link-meas>template>twl profile)
Full Context
configure test-oam link-measurement measurement-template twamp-light profile
Description
This command configures the QoS profile. The profile indicator determines if the packet is treated as in or out of profile as it moves through the local node.
Default
profile in
Parameters
- quality-of-service-profile
-
Specifies the QoS profile used when launching the link measurement test belonging to the specified template.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
profile
Syntax
profile cert-update-profile
Context
[Tree] (config system security pki cert-auto-upd cert profile)
Full Context
configure system security pki certificate-auto-update cert profile
Description
This command configures a certificate-update-profile to reference the update behavior.
Parameters
- cert-update-profile
-
Specifies the certificate profile name, up to 32 characters.
Platforms
All
profile-capped
profile-capped
Syntax
[no] profile-capped
Context
[Tree] (config>qos>sap-ingress>policer profile-capped)
[Tree] (config>qos>qgrps>egr>queue-group profile-capped)
[Tree] (config>qos>qgrps>ingress>queue-group profile-capped)
[Tree] (config>qos>sap-egress>policer profile-capped)
Full Context
configure qos sap-ingress policer profile-capped
configure qos queue-group-templates egress queue-group profile-capped
configure qos queue-group-templates ingress queue-group profile-capped
configure qos sap-egress policer profile-capped
Description
Profile-capped mode enforces an overall in-profile burst limit to the CIR bucket for ingress undefined, ingress explicit in-profile, egress soft-in-profile, and egress explicit in-profile packets. The default behavior when profile-capped mode is not enabled is to ignore the CIR output state when an explicit in-profile packet is handled by an ingress or egress policer.
The profile-capped mode makes two changes:
-
At egress, soft-in-profile packets (packets received from ingress as in-profile) are treated the same as explicit in-profile (unless explicitly reclassified as out-of-profile) and have an initial policer state of in-profile.
-
At both ingress and egress, any packet output from the policer with a non-conforming CIR state are treated as out-of-profile (out-of-profile state is ignored for initial in-profile packets when profile-capped mode is not enabled).
Default
no profile-capped
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos sap-egress policer profile-capped
- configure qos sap-ingress policer profile-capped
All
- configure qos queue-group-templates egress queue-group profile-capped
- configure qos queue-group-templates ingress queue-group profile-capped
profile-capped
Syntax
[no] profile-capped
Context
[Tree] (config>qos>qgrps>egr>qgrp>policer profile-capped)
[Tree] (config>qos>qgrps>ing>qgrp>policer profile-capped)
Full Context
configure qos queue-group-templates egress queue-group policer profile-capped
configure qos queue-group-templates ingress queue-group policer profile-capped
Description
This command enables a limit on the profile.
Default
no profile-capped
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
profile-out-preserve
profile-out-preserve
Syntax
[no] profile-out-preserve
Context
[Tree] (config>qos>sap-egress>policer profile-out-preserve)
Full Context
configure qos sap-egress policer profile-out-preserve
Description
This command specifies whether to preserve the color of offered out-of-profile traffic at sap-egress policer (profile of the packet can change based on egress CIR state).
When enabled, traffic determined as out-of-profile at ingress policer will be treated as out-of-profile at sap-egress policer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
profile-preferred
profile-preferred
Syntax
profile-preferred
no profile-preferred
Context
[Tree] (config>qos>plcr-ctrl-plcy>root profile-preferred)
Full Context
configure qos policer-control-policy root profile-preferred
Description
The profile-preferred command ensures that the root policer provides a preference to consume its PIR bucket tokens at a given priority level to packets that have their profile state set to in-profile by the output of the child policer CIR bucket.
Default
no profile-preferred
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
profiled-traffic-only
profiled-traffic-only
Syntax
[no] profiled-traffic-only
Context
[Tree] (config subscr-mgmt msap-policy sub-sla-mgmt single-sub profiled-traffic-only)
Full Context
configure subscriber-mgmt msap-policy sub-sla-mgmt single-sub-parameters profiled-traffic-only
Description
This command specifies whether only profiled traffic is applicable for an MSAP. When enabled, all queues are deleted.
The no form of this command reverts to the default setting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
profiled-traffic-only
Syntax
[no] profiled-traffic-only
Context
[Tree] (config service ies if sap sub-sla-mgmt single-sub profiled-traffic-only)
[Tree] (config service vpls sap sub-sla-mgmt single-sub-parameters profiled-traffic-only)
[Tree] (config service ies sub-if grp-if sap sub-sla-mgmt single-sub profiled-traffic-only)
[Tree] (config service vprn sub-if grp-if sap sub-sla-mgmt single-sub profiled-traffic-only)
[Tree] (config service vprn if sap sub-sla-mgmt single-sub profiled-traffic-only)
Full Context
configure service ies interface sap sub-sla-mgmt single-sub profiled-traffic-only
configure service vpls sap sub-sla-mgmt single-sub-parameters profiled-traffic-only
configure service ies subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters profiled-traffic-only
configure service vprn subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters profiled-traffic-only
configure service vprn interface sap sub-sla-mgmt single-sub profiled-traffic-only
Description
This command specifies whether only profiled traffic is applicable for this SAP. The profiled traffic refers to single subscriber traffic on a dedicated SAP (in the VLAN-per-subscriber model). When enabled, subscriber queues are instantiated through the QOS policy defined in the sla-profile and the associated SAP queues are deleted. This can increase subscriber scaling by reducing the number of queues instantiated per subscriber (in the VLAN-per-subscriber model). In order for this to be achieved, any configured multi-sub-sap limit must be removed (leaving the default of 1).
The no form of this command disables the command.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
progress-indicator
progress-indicator
Syntax
progress-indicator
Context
[Tree] (config>system>management-interface>cli>md-cli>environment progress-indicator)
Full Context
configure system management-interface cli md-cli environment progress-indicator
Description
Commands in this context configure progress indicator parameters.
Platforms
All
promiscuous-mode
promiscuous-mode
Syntax
[no] promiscuous-mode
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw promiscuous-mode)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw promiscuous-mode)
Full Context
configure service ies subscriber-interface group-interface wlan-gw promiscuous-mode
configure service vprn subscriber-interface group-interface wlan-gw promiscuous-mode
Description
When promiscuous mode is enabled, the router accepts all traffic, including traffic that is not destined for a WLAN gateway group interface MAC or virtual MAC address for ESM processing.
The no form of this command causes the router to only accept traffic that is destined for a WLAN gateway group interface MAC or virtual MAC address for ESM processing.
Default
no promiscuous-mode
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
prompt
prompt
Syntax
prompt
Context
[Tree] (config>system>management-interface>cli>md-cli>environment prompt)
Full Context
configure system management-interface cli md-cli environment prompt
Description
Commands in this context configure prompt parameters.
Platforms
All
propagate-admin-group
propagate-admin-group
Syntax
[no] propagate-admin-group
Context
[Tree] (config>router>mpls>lsp>fast-reroute propagate-admin-group)
[Tree] (config>router>mpls>lsp-template>fast-reroute propagate-admin-group)
Full Context
configure router mpls lsp fast-reroute propagate-admin-group
configure router mpls lsp-template fast-reroute propagate-admin-group
Description
The command enables the signaling of the primary LSP path admin-group constraints in the FRR object at the ingress.
When this command is executed, the admin-group constraints configured in the context of the P2P LSP primary path, or the ones configured in the context of the LSP and inherited by the primary path, are copied into the FAST_REROUTE object. The admin-group constraints are copied into the 'include-any’ or 'exclude-any’ fields.
The ingress LER thus propagates these constraints to the downstream nodes during the signaling of the LSP to allow them to include the admin-group constraints in the selection of the FRR backup LSP for protecting the LSP primary path.
The ingress LER inserts the FAST_REROUTE object by default in a primary LSP path message. If the user disables the object using the following command, the admin-group constraints will not be propagated: config>router>mpls>no frr-object.
Note that the same admin-group constraints can be copied into the Session Attribute object. They are intended for the use of an LSR, typically an ABR, to expand the ERO of an inter-area LSP path. They are also used by any LSR node in the path of a CSPF or non-CSPF LSP to check the admin-group constraints against the ERO regardless if the hop is strict or loose. These are governed strictly by the command:
config>router>mpls>lsp>propagate-admin-group
In other words, the user may decide to copy the primary path admin-group constraints into the FAST_REROUTE object only, or into the Session Attribute object only, or into both. Note, however, that the PLR rules for processing the admin-group constraints can make use of either of the two object admin-group constraints.
This feature is supported with the following LSP types and in both intra-area and inter-area TE where applicable:
-
Primary path of a RSVP P2P LSP.
-
S2L path of an RSVP P2MP LSP instance
-
LSP template for an S2L path of an RSVP P2MP LSP instance.
The no form of this command disables the signaling of administrative group constraints in the FRR object.
Default
no propagate-admin-group
Platforms
All
propagate-admin-group
Syntax
[no] propagate-admin-group
Context
[Tree] (config>router>mpls>lsp-template propagate-admin-group)
[Tree] (config>router>mpls>lsp propagate-admin-group)
Full Context
configure router mpls lsp-template propagate-admin-group
configure router mpls lsp propagate-admin-group
Description
This command enables propagation of session attribute object with resource affinity (C-type 1) in PATH message. If an LSR receives a session attribute with resource affinity, then it will check the compatibility of admin-groups received in PATH message against configured admin-groups on the egress interface of LSP.
To support admin-group for inter-area LSP, the ingress node must configure propagating admin-groups within the session attribute object. If a PATH message is received by an LSR node that has the cspf-on-loose-hop option enabled and the message includes admin-groups, then the ERO expansion by CSPF to calculate the path to the next loose hop includes the admin-group constraints received from ingress node.
If this option is disabled, then the session attribute object without resource affinity (C-Type 7) is propagated in PATH message and CSPF at the LSR node does not include admin-group constraints.
This admin group propagation is supported with a P2P LSP, a P2MP LSP instance, and an LSP template.
The user can change the value of the propagate-admin-group option on the fly. A RSVP P2P LSP performs a Make-Before-Break (MBB) on changing the configuration. A S2L path of an RSVP P2MP LSP performs a Break-Before-Make on changing the configuration.
The no form of this command reverts to the default value.
Default
no propagate-admin-group
Platforms
All
propagate-hold-time
propagate-hold-time
Syntax
propagate-hold-time second
no propagate-hold-time
Context
[Tree] (config>eth-cfm>redundancy>mc-lag propagate-hold-time)
Full Context
configure eth-cfm redundancy mc-lag propagate-hold-time
Description
This command configures the delay, in seconds, that fault propagation is delayed because of port or MC-LAG state changes. This provides the amount of time for system stabilization during a port state changes that may be protected by MC-LAG. This command requires the standby-mep-shutdown command in order to take effect.
The no form of the command reverts to the default.
Default
propagate-hold-time 1
Parameters
- seconds
-
Specifies the amount of time in seconds. Zero means no delay.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
propagate-mac-flush
propagate-mac-flush
Syntax
[no] propagate-mac-flush
Context
[Tree] (config>service>vpls propagate-mac-flush)
Full Context
configure service vpls propagate-mac-flush
Description
This command enabled propagation of mac-flush messages received from the specified T-LDP on all spoke and mesh-SDPs within the context of the VPLS service. The propagation will follow split-horizon principles and any data-path blocking in order to avoid looping of these messages.
Default
no propagate-mac-flush
Platforms
All
propagate-mac-flush-from-bvpls
propagate-mac-flush-from-bvpls
Syntax
[no] propagate-mac-flush-from-bvpls
Context
[Tree] (config>service>vpls>pbb propagate-mac-flush-from-bvpls)
Full Context
configure service vpls pbb propagate-mac-flush-from-bvpls
Description
This command enables the propagation in the local PBB of any regular LDP MAC Flush received in the related B-VPLS. If an LDP MAC flush-all-but-mine is received in the B-VPLS context, the command controls also whether a flush is performed for all the customer MACs in the associated FDB. The command does not have any effect on a PBB MAC Flush (LDP MAC flush with PBB TLV) received in the related B-VPLS context.
The no form of this command disables the propagation of LDP MAC Flush i from the related B-VPLS.
Default
no propagate-mac-flush-from-bvpls
Platforms
All
propagate-metric
propagate-metric
Syntax
[no] propagate-metric
Context
[Tree] (config>service>vprn>rip propagate-metric)
Full Context
configure service vprn rip propagate-metric
Description
This command enables the BGP MED to be used to configure the RIP metric at the BGP to RIP transition on egress routers. BGP always configures the BGP MED to the RIP metric at the ingress router. When propagate-metric is configured, the RIP metric at egress routers is configured as the BGP MED attribute added to the optional value configured with the metric-out command.
The no version of this command sets the RIP metric to the optional value configured with the metric-out command plus 1.
Default
no propagate-metric
Platforms
All
propagate-pmtu-v4
propagate-pmtu-v4
Syntax
[no] propagate-pmtu-v4
Context
[Tree] (config>service>vprn>if>sap>ipsec-tunnel propagate-pmtu-v4)
[Tree] (config>ipsec>tnl-temp propagate-pmtu-v4)
[Tree] (config>service>ies>if>sap>ip-tunnel propagate-pmtu-v4)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel propagate-pmtu-v4)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel propagate-pmtu-v4)
[Tree] (config>router>if>ipsec>ipsec-tunnel propagate-pmtu-v4)
[Tree] (config>service>vprn>if>sap>ip-tunnel propagate-pmtu-v4)
Full Context
configure service vprn interface sap ipsec-tunnel propagate-pmtu-v4
configure ipsec tunnel-template propagate-pmtu-v4
configure service ies interface sap ip-tunnel propagate-pmtu-v4
configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v4
configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v4
configure router interface ipsec ipsec-tunnel propagate-pmtu-v4
configure service vprn interface sap ip-tunnel propagate-pmtu-v4
Description
This command enables the system to propagate the path MTU learned from public side to private side (IPv4 hosts).
The no form of this command prevents the learned path MTU propagation.
Default
propagate-pmtu-v4
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ipsec-tunnel propagate-pmtu-v4
- configure service ies interface sap ip-tunnel propagate-pmtu-v4
- configure service vprn interface sap ip-tunnel propagate-pmtu-v4
- configure ipsec tunnel-template propagate-pmtu-v4
VSR
- configure router interface ipsec ipsec-tunnel propagate-pmtu-v4
- configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v4
- configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v4
propagate-pmtu-v6
propagate-pmtu-v6
Syntax
[no] propagate-pmtu-v6
Context
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel propagate-pmtu-v6)
[Tree] (config>ipsec>tnl-temp propagate-pmtu-v6)
[Tree] (config>service>ies>if>sap>ip-tunnel propagate-pmtu-v6)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel propagate-pmtu-v6)
[Tree] (config>service>vprn>if>sap>ipsec-tunnel propagate-pmtu-v6)
[Tree] (config>service>vprn>if>sap>ip-tunnel propagate-pmtu-v6)
[Tree] (config>router>if>ipsec>ipsec-tunnel propagate-pmtu-v6)
Full Context
configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v6
configure ipsec tunnel-template propagate-pmtu-v6
configure service ies interface sap ip-tunnel propagate-pmtu-v6
configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v6
configure service vprn interface sap ipsec-tunnel propagate-pmtu-v6
configure service vprn interface sap ip-tunnel propagate-pmtu-v6
configure router interface ipsec ipsec-tunnel propagate-pmtu-v6
Description
This command enables the system to propagate the path MTU learned from public side to private side (IPv6 hosts).
The no form of this command prevents the learned path MTU propagation.
Default
propagate-pmtu-v6
Platforms
VSR
- configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v6
- configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v6
- configure router interface ipsec ipsec-tunnel propagate-pmtu-v6
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ip-tunnel propagate-pmtu-v6
- configure service ies interface sap ip-tunnel propagate-pmtu-v6
- configure service vprn interface sap ipsec-tunnel propagate-pmtu-v6
- configure ipsec tunnel-template propagate-pmtu-v6
propagate-topology-change
propagate-topology-change
Syntax
[no] propagate-topology-change
Context
[Tree] (config>eth-ring>sub-ring>interconnect propagate-topology-change)
Full Context
configure eth-ring sub-ring interconnect propagate-topology-change
Description
This command configures the G.8032 sub-ring to propagate topology changes. From the sub-ring to the major ring as specified in the G.8032 interconnection flush logic. This command is only valid on the sub-ring and on the interconnection node. Since this command is only valid on a Sub-ring, a virtual link or non-virtual link must be specified to configure this command. The command is blocked on major rings (when both path a and b are specified on a ring).
The no form of this command reverts propagate to the default value.
Default
no propagate-topology-change
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
protect-circuit
protect-circuit
Syntax
protect-circuit port-id
no protect-circuit
Context
[Tree] (config>port>aps protect-circuit)
Full Context
configure port aps protect-circuit
Description
This command configures a physical port that will act as the protection circuit for this APS group. The protect circuit port must contain only the default configuration and cannot belong to another APS group. The protect circuit port must be of the same type as the working circuit for the APS group, for the port to be added to an APS group port. If that’s not the case, the command will return an error.
A protection circuit can only be added if the working circuit already exists; the protection circuit must be removed from the configuration before the working circuit is removed.
When a port is a protect-circuit of an APS group, the configuration options available in the config>port port-id>sonet-sdh context is not allowed for that port unless it is part of the noted exceptions. The exception list includes these SONET/SDH commands:
-
clock-source
-
[no] loopback
-
[no] report-alarm
-
section-trace
-
[no] threshold
When is port configured as a protection circuit of an APS group, the configurations described above and all service configurations related to APS port are operationally inherited by the protect circuit. If the protect circuit cannot inherit the configurations (due to resource limitations), the configuration attempt fails and an error is returned to the user.
The protect circuit must be shutdown before it can be removed from the APS group port. The inherited configuration for the circuit and APS operational commands for that circuit are not preserved when the circuit is removed from the APS group.
The no form of this command removes the protect-circuit.
Parameters
- port-id
-
Specifies the physical port that will act as the protection circuit for this APS group in the following format.
port-id
slot/mda/port
eth-sat-id
esat-id/slot/port
esat
keyword
id
1 to 20
pxc-id
pxc-id.sub-port
pxc
keyword
id
1 to 64
sub-port
a, b
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
protect-tp-path
protect-tp-path
Syntax
[no] protect-tp-path
Context
[Tree] (config>router>mpls>lsp protect-tp-path)
Full Context
configure router mpls lsp protect-tp-path
Description
This command creates or edits the protect path for an MPLS-TP LSP. At least one working path must exist before a protect path can be created for an MPLS-TP LSP. If MPLS-TP linear protection is also configured, then this is the path that is used as the default protect path for the LSP. The protect path must be deleted before the working path. Only one protect path can be created for each MPLS-TP LSP.
The following commands are applicable to the working-tp-path: lsp-num, in-label, out-label, mep, shutdown.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
protecting-nexthop-id
protecting-nexthop-id
Syntax
protecting-nexthop-id next-hop-index
no protecting-nexthop-id
Context
[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id protecting-nexthop-id)
Full Context
configure router p2mp-sr-tree replication-segment next-hop-id protecting-nexthop-id
Description
This command provides the ID of the protection next-hop used for FRR.
The protection next-hop outgoing SID is pushed on top of the next-hop SID list.
The no form of this command removes the protection next-hop.
Parameters
- next-hop-index
-
Specifies the ID of the protection next-hop.
Platforms
All
protection
protection
Syntax
protection none
protection hmac-sha256 key key [hash | hash2 | custom]
no protection
Context
[Tree] (config>python>py-script protection)
Full Context
configure python python-script protection
Description
This command specifies the format of the Python script file(s) in this python-script. Unintentional changing of Python script file could be prevented by using protected format.
The no form of this command equals to protection none.
Parameters
- none
-
Indicates the Python script is stored in plain text, without any mechanism in place to ensure the integrity nor the confidentiality of the content of the Python script.
- hmac-sha256
-
Indicates the first line of the Python script must consist of the hash value obtained by hashing the rest of the Python script using the hmac-sha256 hashing algorithm.
- key
-
The specified key along with original Python script file content are used to compute the hash. The computed hash will be compared to the hash in the Python script file. If there is no match, then system will fail to load the script.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the key entered is a customized hashing scheme.
Platforms
All
protection
Syntax
protection protection
no protection
Context
[Tree] (config>router>segment-routing>srv6>inst>loc>func>end-x protection)
[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func>ua protection)
Full Context
configure router segment-routing segment-routing-v6 base-routing-instance locator function end-x protection
configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua protection
Description
This command configures the protection type of the SID.
The no form of this command reverts to the default value of protected.
Default
protection protected
Parameters
- protection
-
Specifies whether the adjacency SID is protected.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
protection-template
protection-template
Syntax
protection-template name
no protection-template
Context
[Tree] (config>router>mpls>mpls-tp protection-template)
Full Context
configure router mpls mpls-tp protection-template
Description
Protection templates are used to define generally applicable protection parameters for MPLS-TP tunnels. Only linear protection is supported, and so the application of a named template to an MPLS-TP LSP implies that linear protection is used. A protection template is applied under the MEP context of the protect-path of an MPLS-TP LSP.
The protection-template command creates or edits a named protection template.
Default
no protection-template
Parameters
- name
-
Specifies the protection template name as a text string of up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
protection-template
Syntax
protection-template name
no protection-template
Context
[Tree] (config>router>mpls>lsp>protect-tp-path>mep protection-template)
Full Context
configure router mpls lsp protect-tp-path mep protection-template
Description
This command applies a protection template name to an MPLS-TP LSP that the protect path is configured under. If the template is applied, then MPLS-TP 1:1 linear protection is enabled on the LSP, using the parameters specified in the named template.
A named protection template can only be applied to the protect path context of an MPLS-TP LSP.
The no form of this command removes the template and thus disables mpls-tp linear protection on the LSP.
Default
no protection-template
Parameters
- name
-
Specifies at text string for the template up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
protection-type
protection-type
Syntax
protection-type {g8031-1to1 | loadsharing}
Context
[Tree] (config>eth-tunnel protection-type)
Full Context
configure eth-tunnel protection-type
Description
This command configures the model used for determining which members are actively receiving and transmitting data.
When the value is set to "g8031-1to1 (1)”, as per the G.8031 specification, only two members are allowed, and only one of them can be active at one point in time.
When the value is set to "loadsharing (2)”, multiple members can be active at one point in time.
Default
protection-type g8031-1to1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
protection-type
Syntax
protection-type {link | node}
no protection-type
Context
[Tree] (config>router>route-next-hop-policy>template protection-type)
Full Context
configure router route-next-hop-policy template protection-type
Description
This command configures the protection type constraint into the route next-hop policy template.
The user can select if link protection or node protection is preferred in the selection of an LFA next-hop for all IP prefixes and LDP FEC prefixes to which a route next-hop policy template is applied. The default in SR OS implementation is node protection. The implementation will fall back to the other type if no LFA next-hop of the preferred type is found.
When the route next-hop policy template is applied to an IP interface, all prefixes using this interface as a primary next-hop will follow the protection type preference specified in the template.
The no form deletes the protection type constraint from the route next-hop policy template.
Default
protection-type node
Parameters
- {link | node}
-
Specifies the two possible values for the protection type.
Platforms
All
proto-version
proto-version
Syntax
proto-version {v070 | latest}
Context
[Tree] (config>system>grpc>gnmi proto-version)
Full Context
configure system grpc gnmi proto-version
Description
This command sets the gnmi.proto version that the GRPC server should use for all gNMI RPCs.
Default
proto-version latest
Parameters
- v070
-
Specifies to use v0.7.0 for gNMI RPCs. Only use this option for backward compatibility with legacy collectors.
- latest
-
Specifies to use the latest gnmi.proto version for gNMI RPCs. The latest version is v0.8.0.
Platforms
All
protocol
protocol
Syntax
protocol protocol profile-name profile-name
Context
[Tree] (config>system>security>pki>cert-upd-prof protocol)
Full Context
configure system security pki certificate-update-profile protocol
Description
This command configures the protocol to update the certificate.
Default
protocol cmpv2
Parameters
- protocol
-
Specifies the protocol type.
- profile-name
-
Specifies the name of the CA or EST profile to be used for the certificate update.
Platforms
All
protocol
Syntax
protocol protocol-id
no protocol
Context
[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry>match protocol)
Full Context
configure subscriber-mgmt isa-service-chaining vas-filter entry match protocol
Description
This command configures the protocol ID to be matched in this entry of the VAS filter.
The no form of this command removes the protocol ID from the match criterium in the entry.
Parameters
- protocol-id
-
Specifies the protocol to match.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
protocol protocol-name
Context
[Tree] (config>app-assure protocol)
Full Context
configure application-assurance protocol
Description
This command configures the shutdown of protocols system-wide.
Parameters
- protocol-name
-
A string of up to 32 characters identifying a predefined protocol.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
protocol {eq | neq} protocol-name
no protocol
Context
[Tree] (config>app-assure>group>policy>app-filter>entry protocol)
Full Context
configure application-assurance group policy app-filter entry protocol
Description
This command configures protocol signature in the application definition.
The no form of this command restores the default (removes protocol from match application defined by this app-filter entry).
Default
no protocol
Parameters
- eq
-
Specifies that the value configured and the value in the flow are equal.
- neq
-
Specifies that the value configured differs from the value in the flow.
- protocol-name
-
A string of up to 32 characters identifying a predefined protocol.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
protocol protocol-name export-using export-method
no protocol protocol-name
Context
[Tree] (config>app-assure>group>statistics>aa-sub protocol)
Full Context
configure application-assurance group statistics aa-sub protocol
Description
This command configures aa-sub accounting statistics for export of protocols of a given AA ISA group/partition.
The no form of this command removes the protocol name.
Parameters
- protocol-name
-
Specifies an existing protocol name up to 32 characters in length.
- export-using export-method
-
Specifies that the method of stats export to be used. Accounting-policy is the only option for protocol statistics.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
protocol
Context
[Tree] (config>app-assure>group>statistics protocol)
Full Context
configure application-assurance group statistics protocol
Description
Commands in this context configure accounting and statistics collection parameters per-system for protocols of application assurance for a given AA ISA group/partition.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
protocol ipsec-protocol
no protocol
Context
[Tree] (config>ipsec>static-sa protocol)
Full Context
configure ipsec static-sa protocol
Description
This command configures the security protocol to use for an IPsec manual SA. The no statement resets to the default value.
Default
protocol esp
Parameters
- ipsec-protocol
-
Identifies the IPsec protocol used with this static SA.
Platforms
All
protocol
Syntax
protocol any
protocol protocol-id port opaque
protocol protocol-id port any
protocol protocol-id port from begin-port-id to end-port-id
no protocol
Context
[Tree] (config>ipsec>ts-list>remote>entry protocol)
[Tree] (config>ipsec>ts-list>local>entry protocol)
Full Context
configure ipsec ts-list remote entry protocol
configure ipsec ts-list local entry protocol
Description
This command specifies the protocol and port range in the IKEv2 traffic selector.
The SR OS supports OPAQUE ports and port ranges for the following protocols:
-
TCP
-
UDP
-
SCTP
-
ICMP
-
ICMPv6
-
MIPv6
For ICMP and ICMPv6, the port value takes the form icmp-type/icmp-code. For MIPv6, the port value is the mobility header type. For other protocols, only the port any configuration can be used.
Default
no protocol
Parameters
- protocol-id
-
Specifies the protocol ID. The value can be a number, a protocol name, or any.
- begin-port-id
-
Specifies the beginning of the port range.
- end-port-id
-
Specifies the end of the port range
- opaque
-
Specifies OPAQUE ports.
- any
-
Specifies any port.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
[no] protocol {number | any}
Context
[Tree] (config>service>nat>firewall-policy>unknown-protocols protocol)
Full Context
configure service nat firewall-policy unknown-protocols protocol
Description
This command configures the protocol numbers that are allowed to create unknown flows.
Protocol or IPv6 extension header values that are explicitly supported by SR OS can be configured but will not be treated as unknown protocols.
The no form of the command removes the allowance for the specified protocol to create unknown flows.
Parameters
- any
-
Specifies that unknown flows can be created by any protocol.
- number
-
Specifies the IANA number of a protocol that needs to be allowed to create unknown flows.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol
Syntax
[no] protocol protocol-id
Context
[Tree] (config>filter>match-list>protocol-list protocol)
Full Context
configure filter match-list protocol-list protocol
Description
This command adds a protocol to the match protocol list.
The no form of this command removes the protocol from the protocol-list.
Parameters
- protocol-id
-
protocol-number, protocol-name
- protocol-number
-
Specifies the protocol number value to be added or removed from the protocol list. The value can be expressed as a decimal integer, or in hexadecimal or binary format.
- protocol-name
-
Specifies the protocol name to be added or removed from the protocol list.
Platforms
All
protocol
Syntax
protocol protocol
no protocol [protocol]
Context
[Tree] (config>vrrp>policy>priority-event>route-unknown protocol)
Full Context
configure vrrp policy priority-event route-unknown protocol
Description
This command adds one or more route sources to match the route unknown IP route prefix for a route unknown priority control event.
If the route source does not match one of the defined protocols, the match is considered unsuccessful and the route-unknown event transitions to the set state.
The protocol command is optional. If the protocol command is not executed, the comparison between the RTM prefix return and the route-unknown IP route prefix will not include the source of the prefix. The protocol command cannot be executed without at least one associated route source parameter. All parameters are reset each time the protocol command is executed and only the explicitly defined protocols are allowed to match.
The no form of the command removes protocol route source as a match criteria for returned RTM route prefixes.
To remove specific existing route source match criteria, execute the protocol command and include only the specific route source criteria. Any unspecified route source criteria is removed.
Default
no protocol — No route source for the route unknown priority event is defined.
Parameters
- protocol
-
Explicitly defined protocols
Platforms
All
protocol
Syntax
protocol protocol-id
no protocol
Context
[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry protocol)
Full Context
configure system security management-access-filter ip-filter entry protocol
Description
This command configures an IP protocol type to be used as a management access filter match criterion.
The protocol type, such as TCP, UDP, and OSPF, is identified by its respective protocol number. Well-known protocol numbers include ICMP (1), TCP (6), and UDP (17).
The no form the command removes the protocol from the match criteria.
Parameters
- protocol
-
Specifies the protocol number for the match criterion.
Platforms
All
protocol
Syntax
[no] protocol name [create]
Context
[Tree] (config>sys>security>dist-cpu-protection>policy protocol)
Full Context
configure system security dist-cpu-protection policy protocol
Description
This command creates the protocol for control in the policy.
Explanatory notes for some of the protocols:
-
bfd-cpm: includes all bfd handled on the CPM including cpm-np type, single hop and multi-hop, and MPLS-TP CC and CV bfd
-
dhcp: includes dhcp for IPv4 and IPv6
-
eth-cfm: 802.1ag and includes Y.1731. Eth-cfm packets on port and LAG based facility MEPs are not included (but packets on Tunnel MEPs are).
-
icmp: includes IPv4 and IPv6 ICMP (including RS/RA/Redirect) except NS/NA Neighbor Discovery packets which are classified as a separate protocol "ndis”
-
icmp-ping-check: includes those packets associated with ping-template functions
-
isis: includes isis used for SPBM
-
ldp: includes ldp and t-ldp
-
mpls-ttl: MPLS packets that are extracted due to an expired mpls ttl field
-
ndis: IPv6 NS/NA Neighbor Discovery (not including RS/RA/Redirect which are classified as part of the protocol "icmp”)
-
ospf: includes all OSPFv2 and OSPFv3 packets
-
pppoe-pppoa: includes PADx, LCP, PAP/CHAP and NCPs
-
vrrp: includes VRRP and SRRP packets
-
multi-chassis: includes SR OS Multi-Chassis UDP port 1025 packets
-
multi-chassis-sync: includes SR OS Multi-Chassis Sync TCP port 45067 packets
-
all-unspecified: a special "protocol”. When configured, this treats all extracted control packets that are not explicitly created in the dist-cpu-protection policy as a single aggregate flow (or "virtual protocol”). It lumps together "all the rest of the control traffic” to allow it to be rate limited as one flow. It includes all control traffic of all protocols that are extracted and sent to the CPM (even protocols that cannot be explicitly configured with the distributed CPU protection feature). Control packets that are both forwarded and copied for extraction are not included. If a user later explicitly configures a protocol, that protocol is suddenly no longer part of the "all-unspecified” flow. The "all-unspecified” protocol must be explicitly configured in order to operate.
"no protocol x” means packets of protocol x are not monitored and not enforced (although they do count in the fp protocol queue) on the objects to which this dist-cpu-protection policy is assigned, although the packets will be treated as part of the all-unspecified protocol if the all-unspecified protocol is created in the policy.
Parameters
- names
-
Signifies the protocol name.
Platforms
All
protocol
Syntax
protocol protocol [all | { instance instance}]
protocol protocol2 [protocol2 (up to 5 max)]
no protocol
Context
[Tree] (config>router>policy-options>policy-statement>entry>from protocol)
Full Context
configure router policy-options policy-statement entry from protocol
Description
This command configures a routing protocol as a match criterion for a route policy statement entry. This command is used for both import and export policies depending how it is used.
The protocol direct-interface route type matches the specific direct interface host IPv4 /32 and IPv6 /128 routes. The protocol direct route type matches direct routes and does not match the specific /32 or /128 interface route itself.
The instance command cannot be used if multiple protocol names are specified for the protocol2 parameter.
The no form of this command removes the protocol match criterion.
Default
no protocol
Parameters
- protocol
-
Specifies the protocol name for the match criterion.
- instance
-
Specifies the OSPF, OSPFv3, or IS-IS protocol instance.
- protocol2
-
Specifies up to five protocol names to match on.
- all
-
Keyword that specifies to match on any OSPF, OSPFv3, or IS-IS protocol instance.
Platforms
All
protocol
Syntax
protocol protocol [all | instance instance]
protocol bgp bgp-label
no protocol
Context
[Tree] (config>router>policy-options>policy-statement>entry>to protocol)
Full Context
configure router policy-options policy-statement entry to protocol
Description
This command configures a routing protocol as a match criterion for a route policy statement entry. This command is used for both import and export policies depending how it is used.
The no form of this command removes the protocol match criterion.
Default
no protocol
Parameters
- protocol
-
Specifies the protocol name to match on.
- instance
-
Specifies the OSPF, OSPFv3, or IS-IS instance.
- all
-
Keyword that specifies to match on any OSPF, OSPFv3, or IS-IS protocol instance.
Platforms
All
protocol
Syntax
protocol protocol
Context
[Tree] (config>anysec>tnl-enc>enc-grp>peer-tnl-attrs protocol)
Full Context
configure anysec tunnel-encryption encryption-group peer-tunnel-attributes protocol
Description
This command configures a routing protocol as a match criterion for the outgoing tunnel.
Default
protocol sr-isis
Parameters
- protocol
-
Specifies the protocol name.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
protocol
Syntax
protocol protocol
Context
[Tree] (config>anysec>tnl-enc>sec-term-pol protocol)
Full Context
configure anysec tunnel-encryption security-termination-policy protocol
Description
This command configures a routing protocol that is used to advertise the node SID of the incoming tunnel.
Default
protocol sr-isis
Parameters
- protocol
-
Specifies the protocol name to match on.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
protocol-configuration-options
protocol-configuration-options
Syntax
protocol-configuration-options {apco | pco}
no protocol-configuration-options
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile protocol-configuration-options)
Full Context
configure subscriber-mgmt gtp peer-profile protocol-configuration-options
Description
This command configures the Information Element to use for the Protocol Configuration Options.
The no form of this command reverts to the default value.
Default
protocol-configuration-options pco
Parameters
- apco
-
Specifies that the system uses the Protocol Configuration Options Information Element.
- pco
-
Specifies that the system uses the Additional Protocol Configuration Options Information Element.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
protocol-list
protocol-list
Syntax
protocol-list protocol-list-name [create]
no protocol-list protocol-list-name
Context
[Tree] (config>filter>match-list protocol-list)
Full Context
configure filter match-list protocol-list
Description
This command creates a list of IP protocols that can be used in line card IP and IPv6 filters.
The no form of this command removes the IP protocol list.
Default
no protocol-list
Parameters
- protocol-list-name
-
Specifies the name of the protocol list.
- create
-
This keyword is required to create the protocol list. After it is created, the protocol list can be enabled with or without the create keyword.
Platforms
All
protocol-port
protocol-port
Syntax
[no] protocol-port
Context
[Tree] (config>cflowd>collector>aggregation protocol-port)
Full Context
configure cflowd collector aggregation protocol-port
Description
This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number.
The no form of this command removes this type of aggregation from the collector configuration.
Platforms
All
protocol-protection
protocol-protection
Syntax
protocol-protection [allow-sham-links] [block-pim-tunneled]
no protocol-protection
Context
[Tree] (config>sys>security>cpu-protection protocol-protection)
Full Context
configure system security cpu-protection protocol-protection
Description
This command causes the network processor on the CPM to discard all packets received for protocols that are not configured on the particular interface. This helps mitigate DoS attacks by filtering invalid control traffic before it hits the CPU. For example, if an interface does not have IS-IS configured, then protocol protection will discard any IS-IS packets received on that interface.
Default
no protocol-protection
Parameters
- allow-sham-links
-
Allows sham links. As OSPF sham links form an adjacency over the MPLS-VPRN backbone network, when protocol-protection is enabled, the tunneled OSPF packets to be received over the backbone network must be explicitly allowed.
- block-pim-tunneled
-
Blocks extraction and processing of PIM packets arriving at the SR OS node inside a tunnel (for example, MPLS or GRE) on a network interface. With protocol-protection enabled and tunneled pim blocked, PIM in an mVPN on the egress DR will not switch traffic from the (*,G) to the (S,G) tree.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
protocol-version
protocol-version
Syntax
protocol-version TLS version
no protocol-version
Context
[Tree] (config>system>security>tls>client-tls-profile protocol-version)
Full Context
configure system security tls client-tls-profile protocol-version
Description
This command configures the TLS version to be negotiated between the client and server.
When configured, the client adds the specified version as a supported version in its Hello message to the server. If tls-version-all is specified, the client adds both TLS 1.2 and TLS 1.3 as supported versions in its Hello message.
The no form of this command reverts to the default TLS version.
Default
protocol-version tls-version12
Parameters
- TLS version
-
Specifies the TLS version to include in the client Hello message.
- Values
-
tls-version12, tls-version13, tls-version-all
Platforms
All
protocol-version
Syntax
protocol-version TLS version
no protocol-version
Context
[Tree] (config>system>security>tls>server-tls-profile protocol-version)
Full Context
configure system security tls server-tls-profile protocol-version
Description
This command configures the TLS version to be negotiated between the server and client.
When configured, the server adds the specified version as a supported version in its Hello message to the client. If tls-version-all is specified, the server adds both TLS 1.2 and TLS 1.3 as supported versions in its Hello message.
The no form of this command reverts to the default TLS version.
Default
protocol-version tls-version12
Parameters
- TLS version
-
Specifies the TLS version to include in the server Hello message.
- Values
-
tls-version12, tls-version13, tls-version-all
Platforms
All
provider-tunnel
provider-tunnel
Syntax
[no] provider-tunnel
Context
[Tree] (config>service>vpls provider-tunnel)
Full Context
configure service vpls provider-tunnel
Description
Commands in this context configure the use of a P2MP LSP to forward Broadcast, Unknown unicast, and Multicast (BUM) packets of a VPLS or B-VPLS instance. The P2MP LSP is referred to as the Provider Multicast Service Interface (PMSI).
Platforms
All
provider-tunnel
Syntax
provider-tunnel
Context
[Tree] (config>service>vprn>mvpn provider-tunnel)
Full Context
configure service vprn mvpn provider-tunnel
Description
This command enables context to configure tunnel parameters for the MVPN.
Platforms
All
provider-tunnel
Syntax
provider-tunnel
Context
[Tree] (config>router>gtm provider-tunnel)
Full Context
configure router gtm provider-tunnel
Description
This command enables context to configure tunnel parameters for the GTM.
Platforms
All
proxy-arp
proxy-arp
Syntax
[no] proxy-arp
Context
[Tree] (config>service>vpls proxy-arp)
Full Context
configure service vpls proxy-arp
Description
Commands in this context configure the proxy-ARP parameters in a VPLS service.
Default
no proxy-arp
Platforms
All
proxy-arp
Syntax
[no] proxy-arp [mac [ieee-address]] [ ip [ipaddr] all]]
Context
[Tree] (debug>service>id proxy-arp)
Full Context
debug service id proxy-arp
Description
This command enables the debug of the proxy-arp function for a specified service. Alternatively, the debug can be enabled only for certain entries given by their IP or MAC addresses.
Platforms
All
proxy-arp
Syntax
[no] proxy-arp
Context
[Tree] (config>service>vprn>nw-if proxy-arp)
Full Context
configure service vprn nw-if proxy-arp
Description
This command enables proxy ARP on the interface.
Default
no proxy-arp
proxy-arp-nd
proxy-arp-nd
Syntax
proxy-arp-nd
Context
[Tree] (config>service proxy-arp-nd)
Full Context
configure service proxy-arp-nd
Description
Commands in this context configure the service-level proxy-arp-nd commands.
Platforms
All
proxy-arp-policy
proxy-arp-policy
Syntax
[no] proxy-arp-policy policy-name [policy-name]
Context
[Tree] (config>service>vprn>if proxy-arp-policy)
[Tree] (config>service>vprn>sub-if>grp-if proxy-arp-policy)
[Tree] (config>service>ies>sub-if>grp-if proxy-arp-policy)
[Tree] (config>service>ies>if proxy-arp-policy)
Full Context
configure service vprn interface proxy-arp-policy
configure service vprn subscriber-interface group-interface proxy-arp-policy
configure service ies subscriber-interface group-interface proxy-arp-policy
configure service ies interface proxy-arp-policy
Description
This command specifies an existing policy-statement to analyze match and action criteria that controls the flow of routing information to and from a given protocol, set of protocols, or a neighbor.
The no form of this command disables the proxy ARP capability.
Parameters
- policy-name
-
Specifies the export route policy name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
The specified name must already be defined.
Platforms
All
- configure service vprn interface proxy-arp-policy
- configure service ies interface proxy-arp-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface proxy-arp-policy
- configure service vprn subscriber-interface group-interface proxy-arp-policy
proxy-arp-policy
Syntax
proxy-arp-policy policy-name [policy-name]
no proxy-arp-policy
Context
[Tree] (config>subscr-mgmt>git>ipv4 proxy-arp-policy)
Full Context
configure subscriber-mgmt group-interface-template ipv4 proxy-arp-policy
Description
This command configures a proxy ARP policy for the interface.
The no form of this command disables the proxy ARP capability.
Default
no proxy-arp-policy
Parameters
- policy-name
-
Specifies the export route policy name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. A maximum of five policy names can be specified.
Note:The specified policy name must already be defined.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
proxy-arp-policy
Syntax
proxy-arp-policy policy-name [policy-name]
no proxy-arp-policy
Context
[Tree] (config>router>if proxy-arp-policy)
Full Context
configure router interface proxy-arp-policy
Description
This command enables and configure proxy ARP on the interface and specifies an existing policy-statement to analyze match and action criteria that controls the flow of routing information to and from a given protocol, set of protocols, or a specific neighbor. The policy-name is configured in the config>router>policy-options context.
Use proxy ARP so the router responds to ARP requests on behalf of another device. Static ARP is used when a router needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the router configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Default
no proxy-arp-policy
Parameters
- policy-name
-
Specifies the export route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. A maximum of five policy names can be specified in a single statement. The specified policy names must already be defined.
Platforms
All
proxy-authentication
proxy-authentication
Syntax
[no] proxy-authentication
Context
[Tree] (config>router>l2tp>group>tunnel>ppp proxy-authentication)
[Tree] (config>service>vprn>l2tp>group>ppp proxy-authentication)
[Tree] (config>router>l2tp>group>ppp proxy-authentication)
[Tree] (config>service>vprn>l2tp>group>tunnel>ppp proxy-authentication)
Full Context
configure router l2tp group tunnel ppp proxy-authentication
configure service vprn l2tp group ppp proxy-authentication
configure router l2tp group ppp proxy-authentication
configure service vprn l2tp group tunnel ppp proxy-authentication
Description
This command configures the use of the authentication AVPs received from the LAC.
Default
no proxy-authentication
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
proxy-lcp
proxy-lcp
Syntax
[no] proxy-lcp
Context
[Tree] (config>router>l2tp>group>ppp proxy-lcp)
[Tree] (config>service>vprn>l2tp>group>tunnel>ppp proxy-lcp)
[Tree] (config>router>l2tp>group>tunnel>ppp proxy-lcp)
[Tree] (config>service>vprn>l2tp>group>ppp proxy-lcp)
Full Context
configure router l2tp group ppp proxy-lcp
configure service vprn l2tp group tunnel ppp proxy-lcp
configure router l2tp group tunnel ppp proxy-lcp
configure service vprn l2tp group ppp proxy-lcp
Description
This command configures the use of the proxy LCP AVPs received from the LAC.
Default
no proxy-lcp
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
proxy-nd
proxy-nd
Syntax
[no] proxy-nd
Context
[Tree] (config>service>vpls proxy-nd)
Full Context
configure service vpls proxy-nd
Description
Commands in this context configure the proxy-ND parameters in a VPLS service.
Default
no proxy-nd
Platforms
All
proxy-nd
Syntax
[no] proxy-nd [mac [ieee-address]] [ ip [ipaddr] all]]
Context
[Tree] (debug>service>id proxy-nd)
Full Context
debug service id proxy-nd
Description
This command enables the debug of the proxy-nd function for a specified service. Alternatively, the debug can be enabled only for certain entries given by their IPv6 or MAC addresses.
Platforms
All
proxy-nd-policy
proxy-nd-policy
Syntax
proxy-nd-policy policy-name [policy-name]
no proxy-nd-policy
Context
[Tree] (config>service>ies>if>ipv6 proxy-nd-policy)
Full Context
configure service ies interface ipv6 proxy-nd-policy
Description
This command configures a proxy neighbor discovery policy for the interface. This policy determines networks and sources for which proxy ND is attempted, when local proxy neighbor discovery is enabled.
The no form of this command reverts to the default value.
Parameters
- policy-name
-
Specifies up to five the export route policy names. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
The specified name(s) must already be defined.
Up to 5 policy-names can be specified in a single statement.
Platforms
All
proxy-nd-policy
Syntax
proxy-nd-policy policy-name [policy-name]
no proxy-nd-policy
Context
[Tree] (config>service>vprn>if>ipv6 proxy-nd-policy)
Full Context
configure service vprn interface ipv6 proxy-nd-policy
Description
This command configures a proxy neighbor discovery policy for the interface.
Parameters
- policy-name
-
Specifies up to five existing policy names.
Platforms
All
proxy-nd-policy
Syntax
proxy-nd-policy policy-name [policy-name]
no proxy-nd-policy
Context
[Tree] (config>router>if>ipv6 proxy-nd-policy)
Full Context
configure router interface ipv6 proxy-nd-policy
Description
This command configure a proxy neighbor discovery policy for the interface.
Parameters
- policy-name
-
The neighbor discovery policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. A maximum of five policy names can be specified in a single statement. The specified policy names must already be defined.
Platforms
All
proxy-server
proxy-server
Syntax
proxy-server
Context
[Tree] (config>service>vpls>sap>dhcp proxy-server)
[Tree] (config>service>ies>if>dhcp proxy-server)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp proxy-server)
[Tree] (config>service>ies>sub-if>grp-if>dhcp proxy-server)
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp proxy-server)
Full Context
configure service vpls sap dhcp proxy-server
configure service ies interface dhcp proxy-server
configure service vprn subscriber-interface group-interface dhcp proxy-server
configure service ies subscriber-interface group-interface dhcp proxy-server
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server
Description
Commands in this context configure DHCP proxy server parameters.
Platforms
All
- configure service vpls sap dhcp proxy-server
- configure service ies interface dhcp proxy-server
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface dhcp proxy-server
- configure service ies subscriber-interface group-interface dhcp proxy-server
- configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server
proxy-server
Syntax
[no] proxy-server
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 proxy-server)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server
Description
This command allows access to the DHCP6 proxy server context. Within this context, DHCP6 proxy server parameters of the group interface can be configured.
Default
no proxy-server
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
proxy-server
Syntax
[no] proxy-server
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 proxy-server)
Full Context
configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server
Description
This command allows access to the DHCP6 proxy server context. Within this context, DHCP6 proxy server parameters of the group interface can be configured
Default
no proxy-server
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ps-information
ps-information
Syntax
[no] ps-information
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp ps-information)
Full Context
configure subscriber-mgmt diameter-application-policy gy include-avp ps-information
Description
This command includes the following AVPs in Diameter DCCA CCR messages encapsulated in [3GPP-873] Service-Information or [3GPP-874] PS-Information grouped AVPs:
-
[8] Framed-IP-Address
-
[30] Called-Station-Id
-
[97] Framed-IPv6-Prefix
-
[123] Delegated-IPv6-Prefix
-
[6527-99] Alc-IPv6-Address
-
[10415-1] 3GPP-IMSI
-
[10415-2] 3GPP-Charging-Id
-
[10415-5] 3GPP-GPRS-Negotiated-QoS-Profile
-
[10415-7] 3GPP-GGSN-Address
-
[10415-10] GGSN-NSAPI
-
[10415-11] 3GPP-Session-Stop-Indicator
-
[10415-12] 3GPP-Selection-Mode
-
[10415-13] 3GPP-Charging-Characteristics
-
[10415-16] 3GPP-GGSN-IPv6-Address
-
[10415-21] 3GPP-RAT-Type
-
[10415-847] GGSN-Address
-
[10415-1004] Charging-Rule-Base-Name
-
[10415-1247] PDP-Context-Type
The AVPs are included when configured in the include-avp context.
By default, these AVPs are included at the command level.
The no form of this command resets to the default setting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
psi-payload
psi-payload
Syntax
psi-payload
Context
[Tree] (config>port>otu psi-payload)
Full Context
configure port otu psi-payload
Description
Commands in this context configure payload structure identifier payload parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
psid-offset
psid-offset
Syntax
psid-offset psid-offset-length
no psid-offset
Context
[Tree] (config>service>nat>map-domain>mapping-rule psid-offset)
Full Context
configure service nat map-domain mapping-rule psid-offset
Description
This command configures the length of the high order bits in the protocol port field whose aggregate value should always be greater than 0. This automatically excludes certain ports (such as well-known ports) from the translation.
It is a function of the CE to make sure that the psid-offset bits are always greater than 0. The VSR does not check whether those bits are 0.
Default
psid-offset 6
Parameters
- psid-offset-length
-
Specifies the length of the psid-offset bits in the protocol port field.
Platforms
VSR
psnp-authentication
psnp-authentication
Syntax
[no] psnp-authentication
Context
[Tree] (config>service>vprn>isis psnp-authentication)
[Tree] (config>service>vprn>isis>level psnp-authentication)
Full Context
configure service vprn isis psnp-authentication
configure service vprn isis level psnp-authentication
Description
This command enables authentication of individual ISIS packets of partial sequence number PDU (PSNP) type.
The no form of this command suppresses authentication of PSNP packets.
Platforms
All
psnp-authentication
Syntax
[no] psnp-authentication
Context
[Tree] (config>router>isis>level psnp-authentication)
[Tree] (config>router>isis psnp-authentication)
Full Context
configure router isis level psnp-authentication
configure router isis psnp-authentication
Description
This command enables authentication of individual IS-IS packets of partial sequence number PDU (PSNP) type.
The no form of this command suppresses authentication of PSNP packets.
Default
psnp-authentication
Platforms
All
ptp
ptp
Syntax
[no] ptp
Context
[Tree] (config>service>vprn ptp)
Full Context
configure service vprn ptp
Description
Commands in this context configure PTP parameters for the VPRN service.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp
Syntax
ptp
Context
[Tree] (config>system ptp)
Full Context
configure system ptp
Description
Commands in this context configure parameters for IEEE 1588-2008, Precision Time Protocol.
This command is only available on the control assemblies that support 1588.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp
Syntax
ptp
Context
[Tree] (config>system>sync-if-timing ptp)
Full Context
configure system sync-if-timing ptp
Description
Commands in this context configure parameters for system timing via IEEE 1588-2008, Precision Time Protocol.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp-asymmetry
ptp-asymmetry
Syntax
ptp-asymmetry nanoseconds
no ptp-asymmetry
Context
[Tree] (config>port>ethernet ptp-asymmetry)
Full Context
configure port ethernet ptp-asymmetry
Description
This command configures the PTP asymmetry delay on an Ethernet port. The command is used to correct for known asymmetry as part of time of day or phase recovery using PTP packets on both local and downstream PTP clocks.
Default
no ptp-asymmetry
Parameters
- nanoseconds
-
Specifies the value, in nanoseconds, that the forward path delay varies from the mean path delay; the value can be a negative number.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp-hw-assist
ptp-hw-assist
Syntax
[no] ptp-hw-assist
Context
[Tree] (config>service>ies>if ptp-hw-assist)
Full Context
configure service ies interface ptp-hw-assist
Description
This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.
Only one interface per physical port can have ptp-hw-assist enabled.
no ptp-hw-assist
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp-hw-assist
Syntax
[no] ptp-hw-assist
Context
[Tree] (config>service>vprn>if ptp-hw-assist)
Full Context
configure service vprn interface ptp-hw-assist
Description
This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.
If the SAP configuration of the interface is removed, the ptp-hw-assist configuration will be removed.
If the IPv4 address configuration of the interface is removed, the ptp-hw-assist configuration will be removed.
Only one interface per physical port can have ptp-hw-assist enabled.
Default
no ptp-hw-assist
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp-hw-assist
Syntax
[no] ptp-hw-assist
Context
[Tree] (config>router>if ptp-hw-assist)
Full Context
configure router interface ptp-hw-assist
Description
This command configures the 1588 port based timestamping assist function for the interface. Various checks are performed to ensure that this feature can be enabled. If a check fails:
-
The command is blocked/rejected with an appropriate error message.
-
If the SAP configuration of the interface is removed, the ptp-hw-assist configuration will be removed.
-
If the IPv4 address configuration of the interface is removed, the ptp-hw-assist configuration will be removed.
The port will validate the destination IP address on received 1588 messages. If the 1588 messages are sent to a loopback address within the node rather than the address of the interface, then the loopback address must be configured in the config>system>security>source-address application ptp context.
Default
no ptp-hw-assist
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp-tc
ptp-tc
Syntax
[no] ptp-tc
Context
[Tree] (config>system>satellite>eth-sat ptp-tc)
Full Context
configure system satellite eth-sat ptp-tc
Description
This command enables the ethernet satellite IEEE1588 transparent clock function. This function works with the SR OS host router configured as a PTP ordinary clock or boundary clock. This provides increased accuracy on the PTP event messages transiting the satellite. When a IEEE1588 event message transits the ethernet satellite, the correction field of the message is updated with the residence time of that message. This is used in PTP time calculations. All ports of the satellite are enabled for this capability with the one setting. This feature must be enabled to allow the assignment of one of the satellite’s client ports as a PTP port under config>system>ptp>port. This feature is only valid when using PTP over Ethernet encapsulation; it is not valid for PTP over IP encapsulation.
To enable this command, the satellite must have first been configured to support the feature using the config>system>satellite>eth-sat>feature transparent-clock-eth and must have been enabled for synchronous ethernet with config>system>satellite>eth-sat>sync-e.
All host ports connecting to this satellite must support 1588 port-based timestamping.
The no version of this command disables the specific satellite functionality.
Default
no ptp-tc
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptsf
ptsf
Syntax
ptsf
Context
[Tree] (config>system>ptp ptsf)
Full Context
configure system ptp ptsf
Description
Commands in this context configure PTSF-unusable configuration.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
public-key-authentication
public-key-authentication
Syntax
[no] public-key-authentication
Context
[Tree] (config>system>security>ldap public-key-authentication)
Full Context
configure system security ldap public-key-authentication
Description
This command enables public key retrieval from the LDAP server. If disabled (no public-key-authentication), password authentication is attempted via LDAP.
Default
no public-key-authentication
Platforms
All
public-key-min-bits
public-key-min-bits
Syntax
public-key-min-bits bits
no public-key-min-bits
Context
[Tree] (config>service>ies>if>ipv6>secure-nd public-key-min-bits)
Full Context
configure service ies interface ipv6 secure-nd public-key-min-bits
Description
This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).
Parameters
- bits
-
Specifies the number of bits.
Platforms
All
public-key-min-bits
Syntax
public-key-min-bits bits
[no] public-key-min-bits
Context
[Tree] (config>service>vprn>if>secure-nd public-key-min-bits)
Full Context
configure service vprn interface secure-nd public-key-min-bits
Description
This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).
Parameters
- bits
-
Specifies the number of bits.
public-key-min-bits
Syntax
public-key-min-bits bits
no public-key-min-bits
Context
[Tree] (config>router>if>ipv6>secure-nd public-key-min-bits)
Full Context
configure router interface ipv6 secure-nd public-key-min-bits
Description
This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).
Parameters
- bits
-
Specifies the number of bits.
Platforms
All
public-key-only
public-key-only
Syntax
[no] public-key-only
Context
[Tree] (config>system>security>ssh>auth-method>server public-key-only)
Full Context
configure system security ssh authentication-method server public-key-only
Description
This command configures the SSH server to accept only the public-key authentication method.
The no form of this command configures the SSH server to accept public-key or password client authentication. If interactive-authentication is enabled in the configure system security aaa remote-servers radius or configure system security aaa remote-servers tacplus contexts, the SSH server also accepts interactive keyboard authentication.
Default
no public-key-only
Platforms
All
public-key-only
Syntax
public-key-only {false|true|system}
Context
[Tree] (config>system>security>user>ssh-auth-method>server public-key-only)
Full Context
configure system security user ssh-authentication-method server public-key-only
Description
This command configures the accepted SSH authentication method for the user connection.
Default
system
Parameters
- false
-
Specifies the use of public-key only, or public-key and password for client authentication. If interactive-authentication is enabled in the configure system security aaa remote-servers radius or configure system security aaa remote-servers tacplus contexts, the SSH server also accepts interactive keyboard authentication.
- true
-
Specifies the use of public-key authentication only.
- system
-
Specifies the use of the SSH authentication method configured at the system level.
Platforms
All
public-keys
public-keys
Syntax
public-keys
Context
[Tree] (config>system>security>user public-keys)
Full Context
configure system security user public-keys
Description
This command allows the user to enter the context to configure public keys for SSH.
Platforms
All
public-tcp-mss-adjust
public-tcp-mss-adjust
Syntax
public-tcp-mss-adjust octets
public-tcp-mss-adjust default
no public-tcp-mss-adjust
Context
[Tree] (config>router>l2tp>group>l2tpv3 public-tcp-mss-adjust)
[Tree] (config>service>vprn>l2tp>l2tpv3 public-tcp-mss-adjust)
[Tree] (config>service>vprn>l2tp>group>l2tpv3 public-tcp-mss-adjust)
[Tree] (config>service>vprn>l2tp>group>tunnel>l2tpv3 public-tcp-mss-adjust)
Full Context
configure router l2tp group l2tpv3 public-tcp-mss-adjust
configure service vprn l2tp l2tpv3 public-tcp-mss-adjust
configure service vprn l2tp group l2tpv3 public-tcp-mss-adjust
configure service vprn l2tp group tunnel l2tpv3 public-tcp-mss-adjust
Description
This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the group or tunnel level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.
Note that this command can be overridden by the corresponding configuration on the group or tunnel level.
With the default parameter, the system uses the upper level configuration. With the non-default parameter, the system uses this configuration instead of the upper level configuration.
The no form of this command disables TCP MSS adjust on the public side.
Default
no public-tcp-mss-adjust
Parameters
- octets
-
Specifies the new TCP MSS value in octets
- default
-
Specifies to use the upper-level configuration
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
public-tcp-mss-adjust
Syntax
public-tcp-mss-adjust bytes
public-tcp-mss-adjust octets
public-tcp-mss-adjust auto
no public-tcp-mss-adjust
Context
[Tree] (config>ipsec>tnl-temp public-tcp-mss-adjust)
[Tree] (config>service>vprn>if>ip-tunnel public-tcp-mss-adjust)
[Tree] (config>service>vprn>if>sap>ipsec-tun public-tcp-mss-adjust)
[Tree] (config>service>ies>if>sap>ip-tunnel public-tcp-mss-adjust)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel public-tcp-mss-adjust)
[Tree] (config>router>if>ipsec>ipsec-tunnel public-tcp-mss-adjust)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel public-tcp-mss-adjust)
Full Context
configure ipsec tunnel-template public-tcp-mss-adjust
configure service vprn interface ip-tunnel public-tcp-mss-adjust
configure service vprn interface sap ipsec-tunnel public-tcp-mss-adjust
configure service ies interface sap ip-tunnel public-tcp-mss-adjust
configure service vprn interface ipsec ipsec-tunnel public-tcp-mss-adjust
configure router interface ipsec ipsec-tunnel public-tcp-mss-adjust
configure service ies interface ipsec ipsec-tunnel public-tcp-mss-adjust
Description
This command enables the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet.
If the auto parameter is specified, the system derives the new MSS value based on the public MTU and IPsec overhead.
The no form of this command disables TCP MSS adjust on the public side.
Default
no public-tcp-mss-adjust
Parameters
- auto
-
Derive the new MSS value based on the public MTU and IPsec overhead.
- bytes
-
Specifies the new TCP MSS value in bytes.
- octets
-
Specifies the new TCP MSS value in octets
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure ipsec tunnel-template public-tcp-mss-adjust
- configure service vprn interface sap ipsec-tunnel public-tcp-mss-adjust
- configure service ies interface sap ip-tunnel public-tcp-mss-adjust
VSR
- configure service ies interface ipsec ipsec-tunnel public-tcp-mss-adjust
- configure service vprn interface ipsec ipsec-tunnel public-tcp-mss-adjust
- configure router interface ipsec ipsec-tunnel public-tcp-mss-adjust
purge-timeout
purge-timeout
Syntax
purge-timeout seconds
no purge-timeout
Context
[Tree] (config>system>grpc>rib-api purge-timeout)
Full Context
configure system grpc rib-api purge-timeout
Description
This command configures the purge timeout associated with the RibApi gRPC service.
If a gRPC client used the RibApi gRPC service to program RIB entries into the router, and then the TCP connection drops for any reason, the associated RIB entries are immediately marked as stale and a timer with the purge-timeout value is started. Upon timer expiration, all of the stale entries are removed. While the timer is running, the stale entries remain valid and usable for forwarding but are less preferred than any non-stale entry. The purge-timeout gives an opportunity for the disconnected client, or some other client, to re-program the necessary RIB entries so that forwarding can continue uninterrupted.
The no form of this command resets to the default value of 0. Entries are immediately deleted when the TCP connection drops.
Default
no purge-timeout
Parameters
- seconds
-
Specifies the number of seconds until the stale entries are purged.
Platforms
All
purge-timer
purge-timer
Syntax
purge-timer minutes
no purge-timer
Context
[Tree] (config>router>bgp purge-timer)
Full Context
configure router bgp purge-timer
Description
When the system sends a VPN-IP Route-Refresh to a peer it sets all the VPN-IP routes received from that peer (in the RIB-IN) to stale and starts the purge-timer. If the routes are not updated (refreshed) before the purge-timer has expired then the routes are removed.
The BGP purge timer configures the time before stale routes are purged.
The no form of this command reverts to the default.
Default
purge-timer 10
Parameters
- minutes
-
Specifies the maximum time before stale routes are purged.
Platforms
All
push
push
Syntax
push {label | implicit-null-label} nexthop ip-address
no push {out-label | implicit-null-label}
Context
[Tree] (config>router>mpls>static-lsp push)
Full Context
configure router mpls static-lsp push
Description
This command specifies the label to be pushed on the label stack and the next hop IP address for the static LSP.
The no form of this command removes the association of the label to push for the static LSP.
Parameters
- implicit-null-label
-
Specifies the use of the implicit label value for the push operation.
- label
-
The label to push on the label stack. Label values 16 through 1,048,575 are defined as follows:
-
label values 16 through 31 are reserved
-
label values 32 through 1,023 are available for static assignment
-
label values 1,024 through 2,047 are reserved for future use
-
label values 2,048 through 18,431 are statically assigned for services
-
label values 28,672 through 131,071 are dynamically assigned for both MPLS and services
-
label values 131,072 through 1,048,575 are reserved for future use
-
- nexthop ip-address
-
Specifies the IP address of the next hop towards the LSP egress router. If an ARP entry for the next hop exists, then the static LSP is marked operational. If ARP entry does not exist, software sets the operational status of the static LSP to down and continues to ARP for the configured nexthop. Software continuously tries to ARP for the configured nexthop at a fixed interval.
Platforms
All
pushed-labels
pushed-labels
Syntax
pushed-labels label [label]
no pushed-labels
Context
[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>bkup pushed-labels)
[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>pri pushed-labels)
Full Context
configure router mpls forwarding-policies forwarding-policy next-hop-group backup-next-hop pushed-labels
configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop pushed-labels
Description
This command configures the pushed label stack for the primary or backup next hop of a next-hop group of an MPLS forwarding policy.
The no form of this command removes the pushed label stack.
Parameters
- label
-
Specifies the label value; up to a maximum of 10 labels.
Platforms
All
pw-cap-list
pw-cap-list
Syntax
pw-cap-list {ethernet | ethernet-vlan} [{ ethernet | ethernet-vlan}]
no pw-cap-list
Context
[Tree] (config>service>vprn>l2tp>group>l2tpv3 pw-cap-list)
Full Context
configure service vprn l2tp group l2tpv3 pw-cap-list
Description
This command configures the allowable pseudowire capability list that is advertised to the far end. An empty list results in both pseudowire capabilities being advertised. Up to two capabilities are allowed to be advertised.
The no form of this command removes the list and advertises both pseudowire capabilities to the far end.
Default
no pw-cap-list
Parameters
- ethernet
-
Specifies that the Ethernet pseudo-wire type is advertised.
- ethernet-vlan
-
Specifies that the Ethernet-VLAN pseudo-wire type is advertised.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pw-path-id
pw-path-id
Syntax
[no] pw-path-id
Context
[Tree] (config>service>vpls>spoke-sdp pw-path-id)
[Tree] (config>service>cpipe>spoke-sdp pw-path-id)
[Tree] (config>service>epipe>spoke-sdp pw-path-id)
[Tree] (config>service>vprn>if>spoke-sdp pw-path-id)
[Tree] (config>service>vprn>red-if>spoke-sdp pw-path-id)
[Tree] (config>service>ies>if>spoke-sdp pw-path-id)
Full Context
configure service vpls spoke-sdp pw-path-id
configure service cpipe spoke-sdp pw-path-id
configure service epipe spoke-sdp pw-path-id
configure service vprn interface spoke-sdp pw-path-id
configure service vprn redundant-interface spoke-sdp pw-path-id
configure service ies interface spoke-sdp pw-path-id
Description
Commands in this context configure an MPLS-TP Pseudowire Path Identifier for a spoke-sdp. All elements of the PW path ID must be configured in order to enable a spoke-sdp with a PW path ID.
For an IES or VPRN spoke-sdp, the pw-path-id is only valid for ethernet spoke-sdps.
The pw-path-id is only configurable if all of the following is true:
-
SDP signaling is off
-
control-word is enabled (control-word is disabled by default)
-
the service type is Epipe, VPLS, Cpipe, or IES/VPRN interface
-
mate SDP signaling is off for vc-switched services
The no form of this command deletes the PW path ID.
Default
no pw-path-id
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vpls spoke-sdp pw-path-id
- configure service epipe spoke-sdp pw-path-id
- configure service vprn interface spoke-sdp pw-path-id
- configure service cpipe spoke-sdp pw-path-id
- configure service ies interface spoke-sdp pw-path-id
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn redundant-interface spoke-sdp pw-path-id
pw-path-id
Syntax
[no] pw-path-id
Context
[Tree] (config>mirror>mirror-dest>spoke-sdp pw-path-id)
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp pw-path-id)
Full Context
configure mirror mirror-dest spoke-sdp pw-path-id
configure mirror mirror-dest remote-source spoke-sdp pw-path-id
Description
Commands in this context configure an MPLS-TP Pseudowire Path Identifier for a spoke SDP. All elements of the PW path ID must be configured in order to enable a spoke SDP with a PW path ID.
For an IES or VPRN spoke SDP, the pw-path-id is only valid for Ethernet spoke SDPs.
The pw-path-id is only configurable if all of the following is true:
-
SDP signaling is off
-
control-word is enabled (control-word is disabled by default)
-
the service type is Epipe, Cpipe, Apipe, IES, VPLS, or VPRN interface
-
mate SDP signaling is off for VC-switched services
The no form of this command deletes the PW path ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pw-port
pw-port
Syntax
pw-port pw-port-id [pw-headend]
no pw-port
Context
[Tree] (config>service>system>bgp-evpn>eth-seg pw-port)
Full Context
configure service system bgp-evpn ethernet-segment pw-port
Description
This command configures a PW port associated to the Ethernet Segment. When the Ethernet Segment is configured as all-active, only a LAG or a PW port can be associated to the Ethernet Segment. When the Ethernet Segment is configured as single-active, then a LAG, port or SDP can be associated to the Ethernet Segment, but not a PW port unless the pw-headend parameter is configured. In either case, only one of the four objects can be configured in the Ethernet Segment. A specified PW port can be part of only one Ethernet Segment.
The no version of this command removes the PW port from the Ethernet Segment.
Default
no pw-port
Parameters
- pw-port-id
-
Specifies the PW port identifier.
- pw-headend
-
Keyword used to specify multihoming procedures are run in the PW port stitching Epipe and the routes advertised in the context of the stitching Epipe contain the ESI of the Ethernet Segment.
Platforms
All
pw-port
Syntax
pw-port id [create]
no pw-port id
Context
[Tree] (config pw-port)
Full Context
configure pw-port
Description
This command creates a PW port that can be bound to a physical port or associated with an FPE (anchored PW port). A PW port's purpose is to provide, through a PW SAP, access level (or SAP level) capability to customer traffic that is tunneled to the SR OS node through an IP/MPLS network.
The no form of this command removes the pw-port ID.
Default
no pw-port
Parameters
- id
-
Specifies the ID of the PW port.
- create
-
Keyword required to create the configuration context.
Platforms
All
pw-port
Syntax
pw-port pw-port-id [vc-id vc-id] [ create]
no pw-port pw-port-id
Context
[Tree] (config>service>sdp>binding pw-port)
Full Context
configure service sdp binding pw-port
Description
This command creates a pseudowire port.
The no form of the command removes the pseudowire port ID from the configuration.
Parameters
- pw-port-id
-
Specifies a unique identifier of the pseudowire port.
- vc-id
-
Specifies a virtual circuit identifier signaled to the peer.
- create
-
This keyword is required when a new pseudowire is being created.
Platforms
All
pw-port
Syntax
pw-port pw-port-id [fpe fpe-id] [ create]
no pw-port
Context
[Tree] (config>service>epipe pw-port)
Full Context
configure service epipe pw-port
Description
This command is used to associate the PW-port with the PXC ports or PXC based LAGs referenced in the FPE. That is, the PW-port becomes anchored by the PXC. This enables an external PW that is mapped to the anchored PW-port to be seamlessly rerouted between the I/O ports without interruption of service on the PW-port. This mapping between the external PW (spoke SDP) and the PXC based PXC-port is performed via an Epipe operating in vc-switching mode (creation time parameter).
Default
no pw-port
Parameters
- pw-port-id
-
Specifies the PW-port associated with this service.
- fpe fpe-id
-
Specifies the FPE object which contains the PXC-based ports or PXC-based LAGs.
Platforms
All
pw-port
Syntax
pw-port pw-port-id [fpe fpe-id] [create]
no pw-port
Context
[Tree] (config>service>epipe pw-port)
Full Context
configure service epipe pw-port
Description
This command is only applicable for VSR configurations. This command associates a Flex PW port with any of the following constructs:
-
an MPLS-based spoke SDP (PW)
-
L2oGRE tunnel using IPv4 or IPv6 transport
With this configuration, a PW that is terminated on a Flex PW port can be seamlessly rerouted between I/O ports.
The payload from the PW is extracted from the Flex PW port and processed in accordance with the configured application (a capture SAP in ESM, a PW SAP for business services, and so on). The Epipe that associates the Flex PW port with the spoke SDP or with the tunnel is a regular Epipe service (not of type vc-switching).
This command must be configured before a spoke SDP is added to the Epipe.
The no form of this command removes the pw-port-id from the configuration.
Parameters
- pw-port-id
-
Specifies the PW port associated with the PW.
- fpe-id
-
Specifies the FPE object.
- create
-
Keyword required to create the configuration context.
Platforms
All
pw-port-extension
pw-port-extension
Syntax
[no] pw-port-extension
Context
[Tree] (config>fwd-path-ext>fpe pw-port-extension)
Full Context
configure fwd-path-ext fpe pw-port-extension
Description
Commands in this context configure the type of the cross-connect required to terminate an external tunnel to an anchored PW port. The system automatically builds the internal infrastructure required to perform the tunnel termination on a PW port.
PW ports support the following types of tunnels:
-
GRE/MPLS PW with SDP of type MPLS or GRE
-
L2oGRE bridged Ethernet over GRE, where GRE protocol number is 0x6558
The no form of this command removes the cross-connect type from the configuration.
Default
no pw-port-extension
Platforms
All
pw-port-list
pw-port-list
Syntax
pw-port-list
Context
[Tree] (config>service>system pw-port-list)
Full Context
configure service system pw-port-list
Description
Commands in this context configure a port list to bind to Flex PW ports.
Platforms
VSR
pw-routing
pw-routing
Syntax
pw-routing
Context
[Tree] (config>service pw-routing)
Full Context
configure service pw-routing
Description
Commands in this context configure dynamic multi-segment pseudowire (MS-PW) routing. Pseudowire routing must be configured on each node that will be a T-PE or an S-PE.
Platforms
All
pw-sap-secondary-shaper
pw-sap-secondary-shaper
Syntax
pw-sap-secondary-shaper pw-sap-sec-shaper-name
no pw-sap-secondary-shaper
Context
[Tree] (config>service>sdp>binding>pw-port>egress>shaper pw-sap-secondary-shaper)
Full Context
configure service sdp binding pw-port egress shaper pw-sap-secondary-shaper
Description
This command configures a default secondary shaper applicable to pw-saps under normal interfaces.
The no form of the command removes the shaper name from the configuration.
Platforms
All
pw-status-signaling
pw-status-signaling
Syntax
[no] pw-status-signaling
Context
[Tree] (config>service>epipe>spoke-sdp pw-status-signaling)
Full Context
configure service epipe spoke-sdp pw-status-signaling
Description
This command enables pseudowire status signaling for this spoke SDP binding.
The no form of this command disables the status signaling.
Default
pw-status-signaling
Platforms
All
pw-status-signaling
Syntax
[no] pw-status-signaling
Context
[Tree] (config>service>vpls>spoke-sdp pw-status-signaling)
Full Context
configure service vpls spoke-sdp pw-status-signaling
Description
This command specifies the type of signaling used by this multi-segment pseudowire provider-edge for this service.
When no pw-status-signaling is enabled, a 7450 ESS, 7750 SR, and 7950 XRS will not include the pseudowire status TLV in the initial label mapping message of the pseudowire used for a spoke-SDP. This will force both 7450 ESS, 7750 SR, and 7950 XRS PEs to use the pseudowire label withdrawal method for signaling pseudowire status.
If pw-status-signaling is configured, the node will include the use of the pseudowire status TLV in the initial label mapping message for the pseudowire.
Platforms
All
pw-template
pw-template
Syntax
pw-template policy-id [use-provisioned-sdp | [ prefer-provisioned-sdp] [auto-gre-sdp] ][create] [ name name]
no pw-template policy-id
Context
[Tree] (config>service pw-template)
Full Context
configure service pw-template
Description
This command configures an SDP template.
Parameters
- policy-id
-
Specifies a number that uniquely identifies a template for the creation of an SDP.
- use-provisioned-sdp
-
Specifies whether to use an already provisioned SDP. When specified, the tunnel manager is consulted for an existing active SDP (with a matching far-end address), and the SDP with the lowest metric is chosen. If there are multiple SDPs with the same metric, then the highest SDP identifier that is oper-up is chosen. The choice of SDP can be configured by applying sdp-include/exclude in the PW template together with an sdp-group in the provisioned SDPs. This option, and the auto-gre-sdp option, are mutually exclusive.
- prefer-provisioned-sdp
-
Specifies that if an existing matching SDP that conforms to any restrictions defined in the pw-template is found (for example, sdp-include/exclude group), then it will be used, following the same logic as for the use-provisioned-sdp parameter. Otherwise, the command will automatically create an SDP in the same manner as if the user did not specify any option. This option and the use-provisioned-sdp option are mutually exclusive.
- auto-gre-sdp
-
Specifies that an SDP should automatically be created using a GRE tunnel. This option and the use-provisioned-sdp option are mutually exclusive. The PW template parameters hash-label, entropy-label and sdp-include/exclude are ignored when an GRE SDP is auto-created.
- auto-mpls-sdp
-
Specifies that an SDP should automatically be created using an MPLS tunnel. This is the default.
- create
-
This keyword is required when first creating the configuration context. Once the context is created, it is possible to navigate into the context without the create keyword.
- name name
-
A name of the operator’s choice, up to 64 characters. The name is saved as part of the configuration.
If a name is not specified at creation time, then SR OS assigns a string version of the policy-id as the name.
Platforms
All
pw-template-bind
pw-template-bind
Syntax
pw-template-bind policy-id
no pw-template-bind
Context
[Tree] (config>service>epipe>spoke-sdp-fec pw-template-bind)
Full Context
configure service epipe spoke-sdp-fec pw-template-bind
Description
This command binds includes the parameters included in a specific PW template to a spoke SDP.
The no form of this command removes the values from the configuration.
Parameters
- policy-id
-
Specifies the existing policy ID.
Platforms
All
pw-template-binding
pw-template-binding
Syntax
pw-template-binding policy-id [import-rt { ext-community [ext-community]}] [endpoint endpoint-name]
no pw-template-binding policy-id
Context
[Tree] (config>service>epipe>bgp pw-template-binding)
Full Context
configure service epipe bgp pw-template-binding
Description
This command binds the advertisements received with the route targets (RT) that match the configured list (either the generic or the specified import) to a specific pw-template. If the RT list is not present, or if multiple matches are found, the numerically lowest pw-template is used.
The pw-template-binding applies to BGP-VPWS when enabled in the Epipe.
For BGP VPWS, the following additional rules govern the use of pseudowire-template:
-
On transmission, the settings for the L2-Info extended community in the BGP updates are derived from the pseudowire template attributes. If multiple pseudowire template bindings (with or without import-rt) are specified for the same VPWS instance the first pw-template entry will be used for the information in the BGP update sent.
-
On reception, the values of the parameters in the L2-Info extended community of the BGP updates are compared with the settings from the corresponding pseudowire template bindings. The following steps are used to determine the local pw-template:
-
The RT values are matched to determine the pw-template. The route targets configured for each pw-template-binding are compared to the route targets within the BGP update. The PW template corresponding to pw-template-binding with the first matching route target is used to for the SDP. The matching is performed from the lowest PW template binding identifier to the highest.
-
If no pw-template-binding matches are found from the previous step, the first (numerically lowest) configured pw-template entry without any route-target configured will be used.
-
If the value used for Layer 2 MTU (unless the value zero is received), or control word does not match, the pseudowire is created but with the operationally down state.
If the value used for the S (sequenced delivery) flags is not zero the pseudowire is not created.
The tools perform commands can be used to control the application of changes in pw-template for BGP-VPWS.
The no form of this command removes the values from the configuration.
Parameters
- policy-id
-
Specifies an existing policy ID.
- import-rt ext-comm
-
Specifies the communities, up to five, allowed to be accepted from remote PE neighbors. An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin.
- endpoint-name
-
Specifies the name of the endpoint the BGP PW template is associated with, up to 32 characters. When the configured endpoint is associated to the pw-template-binding of a BGP VPWS service, EVPN MPLS can also be configured and associated to the same endpoint in the same Epipe service. Modifying this element causes the parent element to be recreated automatically in order for the new value to take effect.
Platforms
All
pw-template-binding
Syntax
pw-template-binding policy-id [split-horizon-group group-name] [import-rt {ext-community}]
no pw-template-bind policy-id
Context
[Tree] (config>service>vpls>bgp pw-template-binding)
[Tree] (config>service>vpls>bgp-ad pw-template-binding)
Full Context
configure service vpls bgp pw-template-binding
configure service vpls bgp-ad pw-template-binding
Description
This command binds the advertisements received with the route target (RT) that matches the configured list (either the generic or the specified import) to a specific PW template. If the RT list is not present the pw-template is used for all of them.
The pw-template-binding applies to both BGP-AD and BGP-VPLS if these features are enabled in the VPLS.
For BGP VPLS the following additional rules govern the use of pseudowire-template.
-
On transmission, the settings for the L2-Info extended community in the BGP update are derived from the pseudowire template attributes. If multiple pseudowire template bindings (with or without import-rt) are specified, the first pw-template entry will be used for the information in the BGP update sent.
-
On reception, the values of the parameters in the L2-Info extended community of the BGP update are compared with the settings from the corresponding pw-template. The following steps are used to determine the local pw-template.
-
The RT values are matched to determine the pw-template. The route targets configured for each pw-template-binding are compared to the route targets within the BGP update. The PW template corresponding to pw-template-binding with the first matching route target is used to for the SDP. The matching is performed from the lowest PW template binding identifier to the highest
-
If no pw-templates matches are found from the previous step, the first (numerically lowest) configured pw-template entry without any route-target configured will be used.
-
If the values used for Layer 2 MTU (unless the value zero is received) or control word flag do not match, the pseudowire is created but with the operationally down state.
If the value used for the S (sequenced delivery) flags is not zero, the pseudowire is not created.
The tools perform commands can be used to control the application of changes in pw-template for both BGP-AD and BGP-VPLS.
The no form of this command removes the values from the configuration.
Parameters
- policy-id
-
Specifies an existing policy ID
- group-name
-
The specified group-name overrides the split horizon group template settings
- import-rt ext-comm
-
Specifies communities allowed to be accepted from remote PE neighbors. An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers. A maximum of five import-rt ext-com can be specified.
Platforms
All
pw-template-id-range
pw-template-id-range
Syntax
pw-template-id-range start pw-template-id end pw-template-id
no pw-template-id-range
Context
[Tree] (config>service>md-auto-id pw-template-id-range)
Full Context
configure service md-auto-id pw-template-id-range
Description
This command specifies the range of IDs used by SR OS to automatically assign an ID to PW templates that are created in model-driven interfaces without an ID explicitly specified by the user or client.
A PW template created with an explicitly-specified ID cannot use an ID in this range. In the classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD-CLI interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.
The no form of this command removes the range values.
See the config>service md-auto-id command for further details.
Default
no pw-template-id-range
Parameters
- start pw-template-id
-
Specifies the lower value of the ID range. The value must be less than or equal to the end value.
- end pw-template-id
-
Specifies the upper value of the ID range. The value must be greater than or equal to the start value.
Platforms
All
pw-type
pw-type
Syntax
pw-type ethernet-vlan vlan-id
pw-type ethernet
no pw-type
Context
[Tree] (config>service>vpls>sap>l2tpv3-session pw-type)
[Tree] (config>service>epipe>sap>l2tpv3-session pw-type)
Full Context
configure service vpls sap l2tpv3-session pw-type
configure service epipe sap l2tpv3-session pw-type
Description
This command specifies the PW-type for the associated L2TPv3 session.
The support types are either Ethernet or Ethernet-VLAN. If Ethernet-VLAN is configured, a VLAN value must be specified as well.
The no form of this command deletes the PW-type configuration.
Parameters
- vlan-id
-
Specifies the VLAN-ID.
Platforms
All
pwc
pwc
Syntax
pwc [previous]
Context
[Tree] (pwc)
Full Context
pwc
Description
This command displays the present or previous working context of the CLI session. The pwc command provides a user who is in the process of dynamically configuring a chassis a way to display the current or previous working context of the CLI session. The pwc command displays a list of the CLI nodes that hierarchically define the current context of the CLI instance of the user.
The following example is from a 7750 SR:
A:ALA-1>config>router>bgp>group# pwc
-----------------------------------------------
Present Working Context :
-----------------------------------------------
<root>
configure
router Base
bgp
group test
ospf
area 1
-----------------------------------------------
A:ALA-1>config>router>bgp>group#
When the previous keyword is specified, the previous context displays. This is the context entered by the CLI parser upon execution of the exit command. The current context of the CLI is not affected by the pwc command.
The following example is from a 7450 ESS:
*A:ALA-1>config>router>ospf>area>if# pwc previous
---------------------------------------------------------
Previous Working Context :
---------------------------------------------------------
<root>
configure
router "Base"
ospf
area "0.0.0.0"
---------------------------------------------------------
*A:ALA-1config>router>ospf>area>if#
Parameters
- previous
-
Displays the previous present working context.
Platforms
All
pxc
pxc
Syntax
pxc pxc-id [create]
no pxc pxc-id
Context
[Tree] (config>port-xc pxc)
Full Context
configure port-xc pxc
Description
This command creates a port cross-connect (PXC) object. Referencing an Ethernet port within the PXC object will automatically configure this Ethernet port as a loopback port. The node will automatically create two PXC sub-ports under this Ethernet port. The configuration of PXC sub-ports can be accessed through the CLI.
Parameters
- pxc-id
-
Specifies the port cross-connect identifier.
Platforms
All
pxc-pxc-id.sub-port-id
pxc-pxc-id.sub-port-id
Syntax
pxc-pxc-id.sub-port-id
Context
[Tree] (config>port pxc-pxc-id.sub-port-id)
Full Context
configure port pxc-pxc-id.sub-port-id
Description
This command enables access to PXC sub-port level parameters. The PXC sub-ports are automatically created once the external Ethernet port is configured inside of an PXC object. The PXC sub-ports are by default administratively disabled (shutdown). In order for PXC sub-ports to became operational, both, the underlying external Ethernet port and the PXC object must be operationally up.
Parameters
- pxc-id
-
Specifies the unique identifier of this PXC.
- sub-port-id
-
When this the pxc-id is configured, two logical sub-ports are automatically created. These logical sub-ports are used to create two paths within the loop; one upstream path, and one downstream path. These sub-ports are destroyed when either this PXC row is destroyed, this object is de-provisioned.
Platforms
All
python
python
Syntax
python
Context
[Tree] (config python)
Full Context
configure python
Description
Commands in this context configure Python parameters.
Platforms
All
python
Syntax
[no] python
Context
[Tree] (config>redundancy>multi-chassis>peer>sync python)
Full Context
configure redundancy multi-chassis peer sync python
Description
This command enables syncing of python-policy cached entries to the peer.
Use the mcs-peer command in the Python policy to enable syncing for a specific Python policy.
The no form of this command reverts to the default.
Default
no python
Platforms
All
python-policy
python-policy
Syntax
python-policy python-name
no python-policy
Context
[Tree] (config>service>vprn>if>dhcp python-policy)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp python-policy)
[Tree] (config>service>vprn>sub-if python-policy)
[Tree] (config>service>ies>if>ipv6>dhcp6-relay python-policy)
[Tree] (config>service>ies>sub-if>ipv6>dhcp6 python-policy)
[Tree] (config>service>ies>sub-if>grp-if>dhcp python-policy)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy python-policy)
[Tree] (config>service>ies>sub-if>dhcp python-policy)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server python-policy)
[Tree] (config>service>vprn>sub-if>dhcp python-policy)
[Tree] (config>service>ies>if>dhcp python-policy)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6 python-policy)
[Tree] (config>service>vprn>if>ipv6>dhcp6-relay python-policy)
Full Context
configure service vprn interface dhcp python-policy
configure service vprn subscriber-interface group-interface dhcp python-policy
configure service vprn subscriber-interface python-policy
configure service ies interface ipv6 dhcp6-relay python-policy
configure service ies subscriber-interface ipv6 dhcp6 python-policy
configure service ies subscriber-interface group-interface dhcp python-policy
configure service vprn subscriber-interface ipv6 dhcp6 proxy python-policy
configure service ies subscriber-interface dhcp python-policy
configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server python-policy
configure service vprn subscriber-interface dhcp python-policy
configure service ies interface dhcp python-policy
configure service vprn subscriber-interface ipv6 dhcp6 python-policy
configure service vprn interface ipv6 dhcp6-relay python-policy
Description
This command specifies the Python policy to be used for DHCPv6 relay.
The no form of this command reverts to the default.
Parameters
- python-name
-
Specifies the name of an existing python script, up to 32 characters.
Platforms
All
- configure service vprn interface ipv6 dhcp6-relay python-policy
- configure service ies interface ipv6 dhcp6-relay python-policy
- configure service ies interface dhcp python-policy
- configure service vprn interface dhcp python-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface ipv6 dhcp6 python-policy
- configure service ies subscriber-interface ipv6 dhcp6 python-policy
- configure service ies subscriber-interface dhcp python-policy
- configure service vprn subscriber-interface dhcp python-policy
- configure service ies subscriber-interface group-interface dhcp python-policy
- configure service vprn subscriber-interface group-interface dhcp python-policy
- configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server python-policy
- configure service vprn subscriber-interface python-policy
python-policy
Syntax
python-policy policy-name
no python-policy
Context
[Tree] (config>service>ies>sub-if>grp-if>pppoe python-policy)
[Tree] (config>service>vprn>sub-if>grp-if>pppoe python-policy)
Full Context
configure service ies subscriber-interface group-interface pppoe python-policy
configure service vprn subscriber-interface group-interface pppoe python-policy
Description
This command specifies the Python policy for PPPoE packets sent/received on the group interface.
The no form of this command removes the policy name from the configuration.
Parameters
- policy-name
-
Specifies an existing Python policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile python-policy)
Full Context
configure subscriber-mgmt gtp peer-profile python-policy
Description
This command specifies the Python policy for MGW profile packets sent/received on the group interface.
The no form of this command removes the policy name from the configuration.
Default
no python-policy
Parameters
- name
-
Specifies an existing Python policy name up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy [policy-name]
no python-policy
Context
[Tree] (config>aaa>diam>node python-policy)
Full Context
configure aaa diameter node python-policy
Description
This command specified the python-policy for Diameter messages received or transmitted.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies the name of the Python policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy name [create] [wlan-gw-group wlan-gw-group-id] [nat-group nat-group-id]
no python-policy name
Context
[Tree] (config>python python-policy)
Full Context
configure python python-policy
Description
This command creates a new Python policy or enables an existing Python policy configuration context.
There are two types of Python policies: centralized and distributed. A centralized Python policy runs on a CPM, while a distributed Python policy runs on an ISA. With the distributed Python policy, a wlan-gw-group wlan-gw-group-id or a nat-group nat-group-id command must specified.
The no form of this command removes the Python policy from the configuration.
Parameters
- name
-
Specifies the Python policy name up to 32 characters.
- create
-
This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.
- wlan-gw-group wlan-gw-group-id
-
Specifies the ID of the WLAN GW group that the distributed python-policy installs.
- nat-group nat-group-id
-
Specifies the ID of the NAT group that the distributed python-policy installs.
Platforms
All
python-policy
Syntax
python-policy policy-name
no python-policy
Context
[Tree] (config>aaa>isa-radius-policy python-policy)
Full Context
configure aaa isa-radius-policy python-policy
Description
This command specifies the Python policy for the ISA RADIUS proxy server. This is the python policy for RADIUS packets to/from the client.
The no form of this command removes the Python policy from the configuration.
Parameters
- name
-
Specifies the Python policy name, up to 32 characters
- create
-
This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv4>dhcp4 python-policy)
[Tree] (config>service>vprn>sub-if>grp-if>ipv4>dhcp4 python-policy)
Full Context
configure service ies subscriber-interface group-interface ipv4 dhcp4 python-policy
configure service vprn subscriber-interface group-interface ipv4 dhcp4 python-policy
Description
This command specified the Python policy for DHCPv4 packets sent/received on the group interface.
The no form of this command removes the policy name from the configuration.
Parameters
- name
-
Specifies an existing Python policy name, up to 32 characters.
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 python-policy)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 python-policy)
Full Context
configure service ies subscriber-interface group-interface ipv6 dhcp6 python-policy
configure service vprn subscriber-interface group-interface ipv6 dhcp6 python-policy
Description
This command specified the Python policy for DHCPv6 packets sent/received on the group interface.
The no form of this command removes the policy name from the configuration.
Parameters
- name
-
Specifies an existing Python policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>aaa>radius-srv-plcy python-policy)
Full Context
configure aaa radius-server-policy python-policy
Description
This command specifies the Python policy for RADIUS packets to/from the RADIUS servers defined in the specified radius-server-policy.
The no form of this command removes the policy name from the configuration.
Parameters
- name
-
Specifies the name of the Python policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>router>radius-proxy>server python-policy)
[Tree] (config>service>vprn>radius-proxy>server python-policy)
Full Context
configure router radius-proxy server python-policy
configure service vprn radius-proxy server python-policy
Description
This command specifies the Python policy for RADIUS packets sent/received on the client side of the RADIUS proxy server.
This command supports RADIUS proxy on both CPMs and ISAs.
The no form of this command removes the policy name from the configuration.
Parameters
- name
-
Specifies the name of the Python policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>subscr-mgmt>pppoe-client-policy python-policy)
Full Context
configure subscriber-mgmt pppoe-client-policy python-policy
Description
This command applies a Python policy to all messages sent and received by the PPPoE client.
The no form of this command removes the associated Python policy from the PPPoE client.
Parameters
- name
-
The name of a preconfigured Python policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy
Syntax
python-policy name
no python-policy
Context
[Tree] (config>service>vprn>if>ipv6 python-policy)
Full Context
configure service vprn interface ipv6 python-policy
Description
This command specifies a python policy. Python policies are configured in the config>python> python-policy name context.
Parameters
- name
-
Specifies the name of an existing python script, up to 32 characters in length.
Platforms
All
python-policy
Syntax
python-policy python-policy-name
no python-policy
Context
[Tree] (config>router>if>dhcp python-policy)
Full Context
configure router interface dhcp python-policy
Description
This command specifies a python policy. Python policies are configured in the config>python>python-policy name context.
Default
no python-policy
Parameters
- python-policy-name
-
Specifies the name of an existing python script, up to 32 characters in length.
Platforms
All
python-policy
Syntax
python-policy policy-name
no python-policy
Context
[Tree] (config>log>log-id python-policy)
Full Context
configure log log-id python-policy
Description
This command associates the Python script with the events sent to this log ID. The Python policy can be associated with the log only if the destination in the log ID is set to syslog.
For information about Python policy configuration, refer to the Python Script Support for ESM in the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide.
The no form of this command disables Python processing of the events in this log ID.
Default
no python-policy
Parameters
- policy-name
-
Specifies a Python policy name, up to 32 characters.
Platforms
All
python-policy-cache
python-policy-cache
Syntax
python-policy-cache
Context
[Tree] (config>system>persistence python-policy-cache)
Full Context
configure system persistence python-policy-cache
Description
This command configures Python policy cache persistency parameters.
Platforms
All
python-script
python-script
Syntax
python-script name [create]
no python-script name
Context
[Tree] (config>python python-script)
Full Context
configure python python-script
Description
Commands in this context configure Python scripts to modify messages of different protocols.
The no form of this command removes the Python script name from the configuration.
Parameters
- name
-
Specifies the name of this Python script policy.
- create
-
This keyword is required when first creating the Python script. Once the context is created, it is possible to navigate into the context without the create keyword.
Platforms
All
python-script
Syntax
python-script script-name
Context
[Tree] (debug>python python-script)
Full Context
debug python python-script
Description
Commands in this context debug the specified Python script.
Parameters
- policy-name
-
Specifies the Python script name, up to 32 characters.
Platforms
All