system commands
configure
— system
— alarm-contact-in-power boolean
— alarm-contact-input number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— clear-message string
— description string
— normal-state keyword
— trigger-message string
— alarms
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— max-cleared number
— allow-boot-license-violations boolean
— apply-groups reference
— apply-groups-exclude reference
— bluetooth
— admin-state keyword
— advertising-timeout number
— apply-groups reference
— apply-groups-exclude reference
— device string
— apply-groups reference
— apply-groups-exclude reference
— description string
— module string
— apply-groups reference
— apply-groups-exclude reference
— provisioned-identifier string
— pairing-button boolean
— passkey string
— power-mode keyword
— boot-bad-exec string
— boot-good-exec string
— central-frequency-clock
— apply-groups reference
— apply-groups-exclude reference
— bits
— input
— admin-state keyword
— interface-type keyword
— output
— admin-state keyword
— line-length keyword
— ql-minimum keyword
— source keyword
— squelch boolean
— ql-override keyword
— ssm-bit number
— gnss
— admin-state keyword
— ql-override keyword
— ptp
— admin-state keyword
— ql-override keyword
— ql-minimum keyword
— ql-selection boolean
— ref-order
— fifth keyword
— first keyword
— fourth keyword
— second keyword
— sixth keyword
— third keyword
— ref1
— admin-state keyword
— ql-override keyword
— source-port string
— ref2
— admin-state keyword
— ql-override keyword
— source-port string
— revert boolean
— synce
— admin-state keyword
— ql-override keyword
— wait-to-restore number
— clli-code string
— congestion-management boolean
— contact string
— coordinates string
— cpm-http-redirect
— apply-groups reference
— apply-groups-exclude reference
— optimized-mode boolean
— cron
— apply-groups reference
— apply-groups-exclude reference
— schedule string owner string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— count number
— day-of-month number
— description string
— end-time
— date-and-time string
— day keyword
— time string
— hour number
— interval number
— minute number
— month (keyword | number)
— script-policy
— name string
— owner string
— type keyword
— weekday (keyword | number)
— dhcp6
— adv-noaddrs-global keyword
— apply-groups reference
— apply-groups-exclude reference
— dns
— address-pref keyword
— apply-groups reference
— apply-groups-exclude reference
— dnssec
— ad-validation keyword
— efm-oam
— apply-groups reference
— apply-groups-exclude reference
— dying-gasp-tx-on-reset boolean
— grace-tx boolean
— eth-cfm
— apply-groups reference
— apply-groups-exclude reference
— grace boolean
— md-auto-id
— ma-index-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— md-index-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— named-display boolean
— redundancy
— apply-groups reference
— apply-groups-exclude reference
— mc-lag
— propagate-hold-time (number | keyword)
— standby-mep boolean
— sender-id
— local-name string
— type keyword
— slm
— apply-groups reference
— apply-groups-exclude reference
— inactivity-timer number
— fan-control
— apply-groups reference
— apply-groups-exclude reference
— cooling-profile keyword
— grpc
— admin-state keyword
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— delay-on-boot number
— gnmi
— admin-state keyword
— auto-config-save boolean
— proto-version keyword
— gnoi
— cert-mgmt
— admin-state keyword
— file
— admin-state keyword
— system
— admin-state keyword
— listening-port number
— max-msg-size number
— md-cli
— admin-state keyword
— rib-api
— admin-state keyword
— purge-timeout number
— tcp-keepalive
— admin-state keyword
— idle-time number
— interval number
— retries number
— tls-server-profile reference
— grpc-tunnel
— apply-groups reference
— apply-groups-exclude reference
— delay-on-boot number
— destination-group string
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
— apply-groups reference
— apply-groups-exclude reference
— local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— originated-qos-marking keyword
— router-instance string
— tcp-keepalive
— admin-state keyword
— idle-time number
— interval number
— retries number
— tls-client-profile reference
— tunnel string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination-group reference
— handler string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— port number
— target-type
— custom-type string
— grpc-server
— ssh-server
— target-name
— custom-string string
— node-name
— user-agent
— icmp-vse boolean
— ip
— allow-qinq-network-interface boolean
— apply-groups reference
— apply-groups-exclude reference
— enforce-unique-if-index boolean
— forward-6in4 boolean
— forward-ip-over-gre boolean
— ipv6-eh keyword
— mpls
— label-stack-statistics-count number
— l2tp
— apply-groups reference
— apply-groups-exclude reference
— non-multi-chassis-tunnel-id-range
— end number
— start number
— lacp
— apply-groups reference
— apply-groups-exclude reference
— system-priority number
— lldp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— message-fast-tx number
— message-fast-tx-init number
— notification-interval number
— reinit-delay number
— tx-credit-max number
— tx-hold-multiplier number
— tx-interval number
— load-balancing
— apply-groups reference
— apply-groups-exclude reference
— l2tp-load-balancing boolean
— l4-load-balancing boolean
— lsr-load-balancing keyword
— mc-enh-load-balancing boolean
— service-id-lag-hashing boolean
— system-ip-load-balancing boolean
— location string
— login-control
— apply-groups reference
— apply-groups-exclude reference
— exponential-backoff boolean
— ftp
— inbound-max-sessions number
— idle-timeout (keyword | number)
— login-banner boolean
— login-scripts
— global-script string
— per-user-script
— file-name string
— user-directory string
— motd
— text string
— url string
— pre-login-message
— message string
— name boolean
— ssh
— graceful-shutdown boolean
— inbound-max-sessions number
— outbound-max-sessions number
— ttl-security number
— telnet
— graceful-shutdown boolean
— inbound-max-sessions number
— outbound-max-sessions number
— ttl-security number
— management-interface
— apply-groups reference
— apply-groups-exclude reference
— cli
— apply-groups reference
— apply-groups-exclude reference
— classic-cli
— allow-immediate boolean
— rollback
— apply-groups reference
— apply-groups-exclude reference
— local-checkpoints number
— location string
— remote-checkpoints number
— rescue
— location string
— cli-engine keyword
— md-cli
— apply-groups reference
— apply-groups-exclude reference
— auto-config-save boolean
— environment
— command-alias
— alias string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— cli-command string
— description string
— mount-point (keyword | string)
— python-script reference
— command-completion
— enter boolean
— space boolean
— tab boolean
— console
— length number
— width number
— info-output
— always-display
— admin-state boolean
— message-severity-level
— cli keyword
— more boolean
— progress-indicator
— admin-state keyword
— delay number
— type keyword
— prompt
— context boolean
— newline boolean
— timestamp boolean
— uncommitted-changes-indicator boolean
— python
— memory-reservation number
— minimum-available-memory number
— timeout number
— time-display keyword
— time-format keyword
— commit-history number
— configuration-mode keyword
— configuration-save
— apply-groups reference
— apply-groups-exclude reference
— configuration-backups number
— incremental-saves boolean
— netconf
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— auto-config-save boolean
— capabilities
— candidate boolean
— delay-on-boot number
— port number
— operations
— apply-groups reference
— apply-groups-exclude reference
— global-timeouts
— asynchronous-execution (number | keyword)
— asynchronous-retention (number | keyword)
— synchronous-execution (number | keyword)
— remote-management
— admin-state keyword
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— client-tls-profile reference
— connection-timeout number
— delay-on-boot number
— device-label string
— device-name string
— hello-interval number
— manager string
— admin-state keyword
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— client-tls-profile reference
— connection-timeout number
— description string
— device-label string
— device-name string
— manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
— manager-port number
— router-instance string
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— source-port (number | keyword)
— router-instance string
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— source-port (number | keyword)
— schema-path string
— snmp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— engine-id string
— general-port number
— max-bulk-duration number
— packet-size number
— streaming
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— yang-modules
— apply-groups reference
— apply-groups-exclude reference
— nmda
— nmda-support boolean
— nokia-combined-modules boolean
— nokia-submodules boolean
— openconfig-modules boolean
— shared-model-management boolean
— name string
— network-element-discovery
— apply-groups reference
— apply-groups-exclude reference
— generate-traps boolean
— profile string
— apply-groups reference
— apply-groups-exclude reference
— neid string
— neip
— apply-groups reference
— apply-groups-exclude reference
— auto-generate
— ipv4
— vendor-id-value number
— ipv6
— vendor-id-value number
— ipv4 string
— ipv6 string
— platform-type string
— system-mac string
— vendor-id string
— ospf-dynamic-hostnames boolean
— persistence
— ancp
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— application-assurance
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— apply-groups reference
— apply-groups-exclude reference
— dhcp-server
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— nat-port-forwarding
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— options
— apply-groups reference
— apply-groups-exclude reference
— dhcp-leasetime-threshold number
— python-policy-cache
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— subscriber-mgmt
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— power-management power-zone number
— apply-groups reference
— apply-groups-exclude reference
— mode keyword
— power-safety-alert number
— power-safety-level number
— ptp
— admin-state keyword
— alternate-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— domain number
— log-announce-interval number
— profile keyword
— announce-receipt-timeout number
— apply-groups reference
— apply-groups-exclude reference
— clock-type keyword
— domain number
— local-priority number
— log-announce-interval number
— network-type keyword
— port reference
— address string
— admin-state keyword
— alternate-profile reference
— apply-groups reference
— apply-groups-exclude reference
— local-priority number
— log-delay-interval number
— log-sync-interval number
— master-only boolean
— priority1 number
— priority2 number
— profile keyword
— ptsf
— monitor-ptsf-unusable
— admin-state keyword
— router string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— peer (ipv4-address-no-zone | ipv6-address-no-zone)
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— local-priority number
— log-sync-interval number
— peer-limit number
— tx-while-sync-uncertain boolean
— script-control
— apply-groups reference
— apply-groups-exclude reference
— script string owner string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— location string
— script-policy string owner string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— expire-time (number | keyword)
— lifetime (number | keyword)
— lock-override boolean
— max-completed number
— python-lifetime number
— python-script
— name reference
— results string
— script
— name string
— owner string
— security
— aaa
— apply-groups reference
— apply-groups-exclude reference
— cli-session-group string
— apply-groups reference
— apply-groups-exclude reference
— combined-max-sessions number
— description string
— ssh-max-sessions number
— telnet-max-sessions number
— health-check (number | keyword)
— local-profiles
— apply-groups reference
— apply-groups-exclude reference
— profile string
— apply-groups reference
— apply-groups-exclude reference
— cli-session-group reference
— combined-max-sessions number
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— match string
— grpc
— rpc-authorization
— gnmi-capabilities keyword
— gnmi-get keyword
— gnmi-set keyword
— gnmi-subscribe keyword
— gnoi-cert-mgmt-cangenerate keyword
— gnoi-cert-mgmt-getcert keyword
— gnoi-cert-mgmt-install keyword
— gnoi-cert-mgmt-revoke keyword
— gnoi-cert-mgmt-rotate keyword
— gnoi-file-get keyword
— gnoi-file-put keyword
— gnoi-file-remove keyword
— gnoi-file-stat keyword
— gnoi-file-transfertoremote keyword
— gnoi-system-cancelreboot keyword
— gnoi-system-ping keyword
— gnoi-system-reboot keyword
— gnoi-system-rebootstatus keyword
— gnoi-system-setpackage keyword
— gnoi-system-switchcontrolprocessor keyword
— gnoi-system-time keyword
— gnoi-system-traceroute keyword
— md-cli-session keyword
— rib-api-getversion keyword
— rib-api-modify keyword
— li boolean
— netconf
— base-op-authorization
— action boolean
— cancel-commit boolean
— close-session boolean
— commit boolean
— copy-config boolean
— create-subscription boolean
— delete-config boolean
— discard-changes boolean
— edit-config boolean
— get boolean
— get-config boolean
— get-data boolean
— get-schema boolean
— kill-session boolean
— lock boolean
— validate boolean
— ssh-max-sessions number
— telnet-max-sessions number
— management-interface
— apply-groups reference
— apply-groups-exclude reference
— md-cli
— command-accounting-during-load boolean
— output-authorization
— md-interfaces boolean
— telemetry-data boolean
— remote-servers
— apply-groups reference
— apply-groups-exclude reference
— ldap
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— public-key-authentication boolean
— route-preference keyword
— server number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— port number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— bind-authentication
— password string
— root-dn string
— search
— base-dn string
— server-name string
— tls-profile reference
— server-retry number
— server-timeout number
— use-default-template boolean
— radius
— access-algorithm keyword
— accounting boolean
— accounting-port number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authorization boolean
— interactive-authentication boolean
— port number
— route-preference keyword
— server number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— authenticator keyword
— secret string
— tls-client-profile reference
— server-retry number
— server-timeout number
— use-default-template boolean
— tacplus
— accounting
— record-type keyword
— admin-control
— tacplus-map-to-priv-lvl number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authorization
— request-format
— access-operation-cmd keyword
— use-priv-lvl boolean
— interactive-authentication boolean
— priv-lvl-map
— apply-groups reference
— apply-groups-exclude reference
— priv-lvl number
— apply-groups reference
— apply-groups-exclude reference
— user-profile-name reference
— route-preference keyword
— server number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— port number
— secret string
— server-timeout number
— use-default-template boolean
— vprn-server
— apply-groups reference
— apply-groups-exclude reference
— inband reference
— outband reference
— vprn reference
— user-template keyword
— access
— console boolean
— ftp boolean
— grpc boolean
— li boolean
— netconf boolean
— apply-groups reference
— apply-groups-exclude reference
— console
— login-exec string
— home-directory (sat-url | cflash-without-slot-url)
— profile string
— restricted-to-home boolean
— save-when-restricted boolean
— apply-groups reference
— apply-groups-exclude reference
— cli-script
— apply-groups reference
— apply-groups-exclude reference
— authorization
— cron
— cli-user reference
— event-handler
— cli-user reference
— cpm-filter
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— ip-filter
— admin-state keyword
— entry number
— action
— accept
— default
— drop
— queue reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— dscp keyword
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— dst-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— fragment keyword
— icmp
— code number
— type number
— ip-option
— mask number
— type number
— multiple-option boolean
— option-present boolean
— port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— protocol (number | keyword)
— router-instance string
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— src-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— tcp-flags
— ack boolean
— syn boolean
— ipv6-filter
— admin-state keyword
— entry number
— action
— accept
— default
— drop
— queue reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— dscp keyword
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— dst-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— extension-header
— hop-by-hop boolean
— flow-label number
— fragment keyword
— icmp
— code number
— type number
— next-header (number | keyword)
— port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— router-instance string
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— tcp-flags
— ack boolean
— syn boolean
— mac-filter
— admin-state keyword
— entry number
— action
— accept
— default
— drop
— queue reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— cfm-opcode
— eq number
— gt number
— lt number
— range
— end number
— start number
— dst-mac
— address string
— mask string
— etype string
— frame-type keyword
— llc-dsap
— dsap number
— mask number
— llc-ssap
— mask number
— ssap number
— service reference
— src-mac
— address string
— mask string
— cpm-queue
— apply-groups reference
— apply-groups-exclude reference
— queue number
— apply-groups reference
— apply-groups-exclude reference
— cbs number
— mbs number
— rate
— cir (number | keyword)
— pir (number | keyword)
— cpu-protection
— apply-groups reference
— apply-groups-exclude reference
— ip-src-monitoring
— included-protocols
— dhcp boolean
— gtp boolean
— icmp boolean
— igmp boolean
— link-specific-rate (number | keyword)
— policy number
— alarm boolean
— apply-groups reference
— apply-groups-exclude reference
— description string
— eth-cfm
— entry number
— apply-groups reference
— apply-groups-exclude reference
— level start number end number
— opcode start number end number
— pir (number | keyword)
— out-profile-rate
— log-events boolean
— pir (number | keyword)
— overall-rate (number | keyword)
— per-source-parameters
— ip-src-monitoring
— limit-dhcp-ci-addr-zero boolean
— per-source-rate (number | keyword)
— port-overall-rate
— action-low-priority boolean
— pir (number | keyword)
— protocol-protection
— allow-sham-links boolean
— block-pim-tunneled boolean
— dist-cpu-protection
— apply-groups reference
— apply-groups-exclude reference
— policy string
— apply-groups reference
— apply-groups-exclude reference
— description string
— local-monitoring-policer string
— apply-groups reference
— apply-groups-exclude reference
— description string
— exceed-action keyword
— log-events keyword
— rate
— kbps
— limit (keyword | number)
— mbs number
— packets
— initial-delay number
— limit (keyword | number)
— within number
— protocol keyword
— apply-groups reference
— apply-groups-exclude reference
— dynamic-parameters
— detection-time number
— exceed-action
— action keyword
— hold-down (keyword | number)
— log-events keyword
— rate
— kbps
— limit (keyword | number)
— mbs number
— packets
— initial-delay number
— limit (keyword | number)
— within number
— enforcement
— dynamic
— mon-policer-name reference
— dynamic-local-mon-bypass
— static
— policer-name reference
— static-policer string
— apply-groups reference
— apply-groups-exclude reference
— description string
— detection-time number
— exceed-action
— action keyword
— hold-down (keyword | number)
— log-events keyword
— rate
— kbps
— limit (keyword | number)
— mbs number
— packets
— initial-delay number
— limit (keyword | number)
— within number
— type keyword
— dot1x
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— radius-policy string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— retry number
— server number
— accounting-port number
— address string
— apply-groups reference
— apply-groups-exclude reference
— authentication-port number
— secret string
— type keyword
— source-address string
— timeout number
— ftp-server boolean
— hash-control
— apply-groups reference
— apply-groups-exclude reference
— management-interface
— classic-cli
— read-algorithm keyword
— write-algorithm keyword
— grpc
— hash-algorithm keyword
— md-cli
— hash-algorithm keyword
— netconf
— hash-algorithm keyword
— keychains
— keychain string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— bidirectional
— entry number
— admin-state keyword
— algorithm keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-key string
— begin-time string
— option keyword
— tolerance (number | keyword)
— description string
— receive
— entry number
— admin-state keyword
— algorithm keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-key string
— begin-time string
— end-time string
— tolerance (number | keyword)
— send
— entry number
— admin-state keyword
— algorithm keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-key string
— begin-time string
— tcp-option-number
— receive keyword
— send keyword
— management
— allow-ftp boolean
— allow-grpc boolean
— allow-netconf boolean
— allow-ssh boolean
— allow-telnet boolean
— allow-telnet6 boolean
— apply-groups reference
— apply-groups-exclude reference
— management-access-filter
— apply-groups reference
— apply-groups-exclude reference
— ip-filter
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— log-events boolean
— match
— dst-port
— mask number
— port number
— mgmt-port
— cpm
— lag string
— port-id string
— protocol (number | keyword)
— router-instance string
— src-ip
— address (ipv4-prefix | ipv4-address)
— ip-prefix-list reference
— mask string
— src-port
— mask number
— port number
— ipv6-filter
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— log-events boolean
— match
— dst-port
— mask number
— port number
— flow-label number
— mgmt-port
— cpm
— lag string
— port-id string
— next-header (number | keyword)
— router-instance string
— src-ip
— address (ipv6-prefix | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-port
— mask number
— port number
— mac-filter
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— log-events boolean
— match
— cfm-opcode
— eq number
— gt number
— lt number
— range
— end number
— start number
— dot1p
— mask number
— priority number
— dst-mac
— address string
— mask string
— etype string
— frame-type keyword
— llc-dsap
— dsap number
— mask number
— llc-ssap
— mask number
— ssap number
— service string
— snap-oui keyword
— snap-pid number
— src-mac
— address string
— mask string
— per-peer-queuing boolean
— pki
— apply-groups reference
— apply-groups-exclude reference
— ca-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— auto-crl-update
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— crl-urls
— url-entry number
— apply-groups reference
— apply-groups-exclude reference
— transmission-profile reference
— url http-url-path-loose
— periodic-update-interval number
— pre-update-time number
— retry-interval number
— schedule-type keyword
— cert-file string
— cmpv2
— accept-unprotected-message
— error-message boolean
— pkiconf-message boolean
— always-set-sender-for-ir boolean
— http
— response-timeout number
— version keyword
— key-list
— key string
— apply-groups reference
— apply-groups-exclude reference
— password string
— recipient-subject string
— response-signing-cert string
— response-signing-use-extracert
— same-recipient-nonce-for-poll-request boolean
— signing-cert-subject string
— url
— service-name string
— transmission-profile reference
— url-string http-optional-url-loose
— use-ca-subject
— crl-file string
— description string
— ocsp
— responder-url http-optional-url-loose
— service-name string
— transmission-profile reference
— revocation-check keyword
— certificate-auto-update string
— apply-groups reference
— apply-groups-exclude reference
— key-file-name string
— profile reference
— certificate-display-format keyword
— certificate-expiration-warning
— hours number
— repeat-hours number
— certificate-update-profile string
— after-issue number
— apply-groups reference
— apply-groups-exclude reference
— before-expiry number
— cmpv2
— ca-profile reference
— dsa
— key-size number
— ecdsa
— curve keyword
— est
— est-profile reference
— hash-algorithm keyword
— retry-interval number
— rsa
— key-size number
— same-as-existing-key
— common-name-list string
— apply-groups reference
— apply-groups-exclude reference
— common-name number
— apply-groups reference
— apply-groups-exclude reference
— cn-type keyword
— cn-value string
— crl-expiration-warning
— hours number
— repeat-hours number
— est-profile string
— apply-groups reference
— apply-groups-exclude reference
— check-id-kp-cmcra-only boolean
— client-tls-profile string
— http-authentication
— password string
— username string
— server
— fqdn string
— ipv4 string
— ipv6 (ipv4-address-no-zone | ipv6-address-no-zone)
— port number
— transmission-profile string
— imported-format keyword
— maximum-cert-chain-depth number
— python-script
— apply-groups reference
— apply-groups-exclude reference
— authorization
— cron
— cli-user reference
— event-handler
— cli-user reference
— snmp
— access string context string security-model keyword security-level keyword
— apply-groups reference
— apply-groups-exclude reference
— notify string
— prefix-match keyword
— read string
— write string
— apply-groups reference
— apply-groups-exclude reference
— attempts
— apply-groups reference
— apply-groups-exclude reference
— count number
— lockout number
— time number
— community string
— access-permissions keyword
— apply-groups reference
— apply-groups-exclude reference
— source-access-list reference
— version keyword
— source-access-list string
— apply-groups reference
— apply-groups-exclude reference
— source-host string
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— usm-community string
— apply-groups reference
— apply-groups-exclude reference
— group string
— source-access-list reference
— view string subtree string
— apply-groups reference
— apply-groups-exclude reference
— mask string
— type keyword
— source-address
— ipv4 keyword
— address string
— apply-groups reference
— apply-groups-exclude reference
— interface-name string
— ipv6 keyword
— address string
— apply-groups reference
— apply-groups-exclude reference
— ssh
— apply-groups reference
— apply-groups-exclude reference
— authentication-method
— server
— public-key-only boolean
— client-cipher-list-v2
— apply-groups reference
— apply-groups-exclude reference
— cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-kex-list-v2
— kex number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-mac-list-v2
— mac number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— key-re-exchange
— client
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— mbytes (number | keyword)
— minutes (number | keyword)
— server
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— mbytes (number | keyword)
— minutes (number | keyword)
— permit-empty-passwords boolean
— preserve-key boolean
— server-admin-state keyword
— server-cipher-list-v2
— apply-groups reference
— apply-groups-exclude reference
— cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-kex-list-v2
— kex number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-mac-list-v2
— mac number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— system-passwords
— admin-password string
— apply-groups reference
— apply-groups-exclude reference
— tech-support
— apply-groups reference
— apply-groups-exclude reference
— ts-location (ts-sat-url | cflash-url | string)
— telnet-server boolean
— telnet6-server boolean
— tls
— apply-groups reference
— apply-groups-exclude reference
— cert-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— entry number
— apply-groups reference
— apply-groups-exclude reference
— certificate-file string
— key-file string
— send-chain
— ca-profile reference
— client-cipher-list string
— apply-groups reference
— apply-groups-exclude reference
— tls12-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— tls13-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-group-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-group number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-signature-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-signature number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-tls-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— cert-profile reference
— cipher-list reference
— group-list reference
— protocol-version keyword
— signature-list reference
— status-verify
— default-result keyword
— trust-anchor-profile reference
— server-cipher-list string
— apply-groups reference
— apply-groups-exclude reference
— tls12-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— tls13-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-group-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-group number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-signature-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-signature number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-tls-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authenticate-client
— common-name-list reference
— trust-anchor-profile reference
— cert-profile reference
— cipher-list reference
— group-list reference
— protocol-version keyword
— signature-list reference
— status-verify
— default-result keyword
— tls-re-negotiate-timer number
— trust-anchor-profile string
— apply-groups reference
— apply-groups-exclude reference
— trust-anchor reference
— user-params
— apply-groups reference
— apply-groups-exclude reference
— attempts
— count number
— lockout number
— time number
— authentication-order
— exit-on-reject boolean
— order keyword
— local-user
— password
— aging number
— apply-groups reference
— apply-groups-exclude reference
— complexity-rules
— allow-user-name boolean
— credits
— lowercase number
— numeric number
— special-character number
— uppercase number
— minimum-classes number
— minimum-length number
— repeated-characters number
— required
— lowercase number
— numeric number
— special-character number
— uppercase number
— hashing keyword
— history-size number
— minimum-age number
— minimum-change number
— user string
— access
— console boolean
— ftp boolean
— grpc boolean
— li boolean
— netconf boolean
— snmp boolean
— apply-groups reference
— apply-groups-exclude reference
— cli-engine keyword
— console
— cannot-change-password boolean
— login-exec (sat-url | cflash-url | ftp-tftp-url | filename)
— member reference
— new-password-at-login boolean
— home-directory (sat-url | cflash-without-slot-url)
— password string
— public-keys
— ecdsa
— ecdsa-key number
— apply-groups reference
— apply-groups-exclude reference
— description string
— key-value string
— rsa
— rsa-key number
— apply-groups reference
— apply-groups-exclude reference
— description string
— key-value string
— restricted-to-home boolean
— save-when-restricted boolean
— snmp
— apply-groups reference
— apply-groups-exclude reference
— authentication
— authentication-key string
— authentication-protocol keyword
— privacy
— privacy-key string
— privacy-protocol keyword
— group string
— ssh-authentication-method
— server
— public-key-only keyword
— vprn-network-exceptions
— count number
— window number
— selective-fib boolean
— software-repository string
— apply-groups reference
— apply-groups-exclude reference
— description string
— primary-location string
— secondary-location string
— tertiary-location string
— switch-fabric
— apply-groups reference
— apply-groups-exclude reference
— failure-recovery
— admin-state keyword
— sfm-loss-threshold number
— telemetry
— apply-groups reference
— apply-groups-exclude reference
— destination-group string
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
— apply-groups reference
— apply-groups-exclude reference
— router-instance string
— tcp-keepalive
— admin-state keyword
— idle-time number
— interval number
— retries number
— tls-client-profile reference
— notification-bundling
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— max-msg-count number
— max-time-granularity number
— persistent-subscriptions
— delay-on-boot number
— subscription string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination-group reference
— encoding keyword
— local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— mode keyword
— originated-qos-marking keyword
— sample-interval number
— sensor-group reference
— sensor-groups
— sensor-group string
— apply-groups reference
— apply-groups-exclude reference
— description string
— path string
— thresholds
— cflash-cap-alarm-percent string
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— cflash-cap-warn-percent string
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— kb-memory-use-alarm
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— kb-memory-use-warn
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— rmon
— alarm number
— apply-groups reference
— apply-groups-exclude reference
— falling-event number
— falling-threshold number
— interval number
— owner string
— rising-event number
— rising-threshold number
— sample-type keyword
— startup-alarm keyword
— variable-oid string
— event number
— apply-groups reference
— apply-groups-exclude reference
— description string
— event-type keyword
— owner string
— time
— apply-groups reference
— apply-groups-exclude reference
— dst-zone string
— apply-groups reference
— apply-groups-exclude reference
— end
— day keyword
— hours-minutes string
— month keyword
— week keyword
— offset number
— start
— day keyword
— hours-minutes string
— month keyword
— week keyword
— ntp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-check boolean
— authentication-key number
— apply-groups reference
— apply-groups-exclude reference
— key string
— type keyword
— authentication-keychain reference
— broadcast reference interface-name string
— apply-groups reference
— apply-groups-exclude reference
— authentication-keychain reference
— key-id reference
— ttl number
— version number
— broadcast-client string interface-name string
— apply-groups reference
— apply-groups-exclude reference
— authenticate boolean
— multicast
— apply-groups reference
— apply-groups-exclude reference
— authentication-keychain reference
— key-id reference
— version number
— multicast-client
— apply-groups reference
— apply-groups-exclude reference
— authenticate boolean
— ntp-server
— authenticate boolean
— peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string
— apply-groups reference
— apply-groups-exclude reference
— authentication-keychain reference
— key-id reference
— prefer boolean
— version number
— server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string
— apply-groups reference
— apply-groups-exclude reference
— authentication-keychain reference
— key-id reference
— prefer boolean
— version number
— prefer-local-time boolean
— sntp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— server (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— interval number
— prefer boolean
— version number
— sntp-state keyword
— zone
— non-standard
— name string
— offset string
— standard
— name keyword
— transmission-profile string
— apply-groups reference
— apply-groups-exclude reference
— http-version keyword
— ipv4-source-address string
— ipv6-source-address string
— redirection number
— retry number
— router-instance string
— timeout number
— usb keyword
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
system command descriptions
system
alarm-contact-in-power boolean
Synopsis | Power the output pin on the CPM alarm interface port | |
Context | configure system alarm-contact-in-power boolean | |
Tree | alarm-contact-in-power | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
alarm-contact-input [input-pin-number] number
Synopsis | Enter the alarm-contact-input list instance | |
Context | configure system alarm-contact-input number | |
Tree | alarm-contact-input | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
[input-pin-number] number
Synopsis | Alarm contact input pin | |
Context | configure system alarm-contact-input number | |
Tree | alarm-contact-input | |
Range | 1 to 4 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
admin-state keyword
Synopsis | Administrative state of the alarm contact input | |
Context | configure system alarm-contact-input number admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
clear-message string
Synopsis | Text message sent in the log event when an alarm clears | |
Context | configure system alarm-contact-input number clear-message string | |
Tree | clear-message | |
Description | This command configures a text message to be included in the log event that is sent when the system clears an alarm. The system generates the default "Alarm Input Cleared" message if no message is configured. The clear-message string is included in the log event when the pin changes to the normal state. | |
String Length | 1 to 80 | |
Default | Alarm Input Cleared | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
description string
Synopsis | Text description | |
Context | configure system alarm-contact-input number description string | |
Tree | description | |
String Length | 1 to 160 | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
normal-state keyword
Synopsis | Normal state associated with the alarm contact input | |
Context | configure system alarm-contact-input number normal-state keyword | |
Tree | normal-state | |
Options | ||
Default | open | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
trigger-message string
Synopsis | Text message sent in the log event when input changes | |
Context | configure system alarm-contact-input number trigger-message string | |
Tree | trigger-message | |
Description | This command configures a text message to be included in the log event that is sent when the system generates an alarm. The system generates the default message "Alarm Input Triggered" if no message is configured. This command's message string is included in the log event when the pin changes from the normal state. | |
String Length | 1 to 80 | |
Default | Alarm Input Triggered | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-a |
alarms
admin-state keyword
Synopsis | Administrative state of the system alarm | |
Context | configure system alarms admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R4 | |
Platforms | All |
max-cleared number
Synopsis | Maximum number of cleared alarms | |
Context | configure system alarms max-cleared number | |
Tree | max-cleared | |
Range | 0 to 500 | |
Default | 500 | |
Introduced | 16.0.R4 | |
Platforms |
All |
allow-boot-license-violations boolean
Synopsis | Allow boot license violations in boot-up configuration | |
Context | configure system allow-boot-license-violations boolean | |
Tree | allow-boot-license-violations | |
Default | true | |
Introduced | 16.0.R4 | |
Platforms | All |
bluetooth
admin-state keyword
Synopsis | Administrative state of the Bluetooth module | |
Context | configure system bluetooth admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.2.R1 | |
Platforms | 7750 SR-1, 7750 SR-s, 7950 XRS-20e |
advertising-timeout number
Synopsis | Bluetooth advertising timeout | |
Context | configure system bluetooth advertising-timeout number | |
Tree | advertising-timeout | |
Range | 30 to 3600 | |
Units | seconds | |
Introduced | 16.0.R1 | |
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
device [mac-address] string
[mac-address] string
description string
Synopsis | Text description | |
Context | configure system bluetooth device string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1, 7750 SR-s, 7950 XRS-20e |
module [cpm-slot] string
[cpm-slot] string
provisioned-identifier string
Synopsis | Bluetooth module ID | |
Context | configure system bluetooth module string provisioned-identifier string | |
Tree | provisioned-identifier | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1, 7750 SR-s, 7950 XRS-20e |
pairing-button boolean
Synopsis | Enable the pairing button | |
Context | configure system bluetooth pairing-button boolean | |
Tree | pairing-button | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1, 7750 SR-s, 7950 XRS-20e |
passkey string
power-mode keyword
Synopsis | Bluetooth module power mode | |
Context | configure system bluetooth power-mode keyword | |
Tree | power-mode | |
Options | ||
Default | automatic | |
Introduced | 20.2.R1 | |
Platforms | 7750 SR-1, 7750 SR-s, 7950 XRS-20e |
boot-bad-exec string
Synopsis | CLI script file to execute following a failed boot-up | |
Context | configure system boot-bad-exec string | |
Tree | boot-bad-exec | |
Description | This command configures the name of the CLI script file to be run following the failure of a boot-up configuration. Note: This command has no effect in model-driven mode. | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
boot-good-exec string
Synopsis | CLI script file to execute following successful boot-up | |
Context | configure system boot-good-exec string | |
Tree | boot-good-exec | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
central-frequency-clock
Synopsis | Enter the central-frequency-clock context | |
Context | configure system central-frequency-clock | |
Tree | central-frequency-clock | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
bits
Synopsis | Enter the bits context | |
Context | configure system central-frequency-clock bits | |
Tree | bits | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
input
Synopsis | Enter the input context | |
Context | configure system central-frequency-clock bits input | |
Tree | input | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the BITS input timing reference | |
Context | configure system central-frequency-clock bits input admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
interface-type keyword
Synopsis | Interface type of the BITS timing reference | |
Context | configure system central-frequency-clock bits interface-type keyword | |
Tree | interface-type | |
Options | ||
Default | ds1-esf | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
output
Synopsis | Enter the output context | |
Context | configure system central-frequency-clock bits output | |
Tree | output | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of BITS output timing reference | |
Context | configure system central-frequency-clock bits output admin-state keyword | |
Tree | admin-state | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
line-length keyword
Synopsis | Line length for the BITS output timing reference | |
Context | configure system central-frequency-clock bits output line-length keyword | |
Tree | line-length | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-minimum keyword
Synopsis | Minimum signal quality level for BITSout port | |
Context | configure system central-frequency-clock bits output ql-minimum keyword | |
Tree | ql-minimum | |
Options | ||
Default | unused | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
source keyword
squelch boolean
ql-override keyword
Synopsis | Override for the quality level of the timing reference | |
Context | configure system central-frequency-clock bits ql-override keyword | |
Tree | ql-override | |
Options | ||
Default | unused | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ssm-bit number
Synopsis | Sa bit to convey SSM information | |
Context | configure system central-frequency-clock bits ssm-bit number | |
Tree | ssm-bit | |
Range | 4 to 8 | |
Default | 8 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
gnss
Synopsis | Enter the gnss context | |
Context | configure system central-frequency-clock gnss | |
Tree | gnss | |
Introduced | 22.10.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se |
admin-state keyword
Synopsis | Administrative state of the gnss timing reference | |
Context | configure system central-frequency-clock gnss admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 22.10.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se |
ql-override keyword
Synopsis | Quality level override for a timing reference | |
Context | configure system central-frequency-clock gnss ql-override keyword | |
Tree | ql-override | |
Options | ||
Default | unused | |
Introduced | 22.10.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se |
ptp
Synopsis | Enter the ptp context | |
Context | configure system central-frequency-clock ptp | |
Tree | ptp | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the PTP timing reference | |
Context | configure system central-frequency-clock ptp admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-override keyword
Synopsis | Quality level of a timing reference that overrides any value provided by the reference's SSM process | |
Context | configure system central-frequency-clock ptp ql-override keyword | |
Tree | ql-override | |
Options | ||
Default | unused | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-minimum keyword
Synopsis | Minimum signal quality level for system timing module | |
Context | configure system central-frequency-clock ql-minimum keyword | |
Tree | ql-minimum | |
Options | ||
Default | unused | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-selection boolean
Synopsis | Consider quality level in system and BITS output timing | |
Context | configure system central-frequency-clock ql-selection boolean | |
Tree | ql-selection | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ref-order
Synopsis | Enter the ref-order context | |
Context | configure system central-frequency-clock ref-order | |
Tree | ref-order | |
Description | Commands in this context specify the priority order of the synchronous equipment timing subsystem. If a reference source is disabled, this command defines the next reference source for the clock. If all reference sources are disabled, clocking is derived from a local oscillator. If a timing reference is linked to a source port that is operationally down, the port is no longer a qualified, valid reference. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
fifth keyword
Synopsis | Fifth preferred timing reference source | |
Context | configure system central-frequency-clock ref-order fifth keyword | |
Tree | fifth | |
Options | ||
Introduced | 19.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
first keyword
Synopsis | First preferred timing reference source | |
Context | configure system central-frequency-clock ref-order first keyword | |
Tree | first | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
fourth keyword
Synopsis | Fourth preferred timing reference source | |
Context | configure system central-frequency-clock ref-order fourth keyword | |
Tree | fourth | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
second keyword
Synopsis | Second preferred timing reference source | |
Context | configure system central-frequency-clock ref-order second keyword | |
Tree | second | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
sixth keyword
Synopsis | Sixth preferred timing reference source | |
Context | configure system central-frequency-clock ref-order sixth keyword | |
Tree | sixth | |
Options | ||
Introduced | 22.10.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se |
third keyword
Synopsis | Third preferred timing reference source | |
Context | configure system central-frequency-clock ref-order third keyword | |
Tree | third | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ref1
Synopsis | Enter the ref1 context | |
Context | configure system central-frequency-clock ref1 | |
Tree | ref1 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the first timing reference | |
Context | configure system central-frequency-clock ref1 admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-override keyword
Synopsis | Quality level override of a timing reference | |
Context | configure system central-frequency-clock ref1 ql-override keyword | |
Tree | ql-override | |
Options | ||
Default | unused | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
source-port string
Synopsis | Source port for the first timing reference | |
Context | configure system central-frequency-clock ref1 source-port string | |
Tree | source-port | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ref2
Synopsis | Enter the ref2 context | |
Context | configure system central-frequency-clock ref2 | |
Tree | ref2 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the second timing reference | |
Context | configure system central-frequency-clock ref2 admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-override keyword
Synopsis | Quality level override of a timing reference | |
Context | configure system central-frequency-clock ref2 ql-override keyword | |
Tree | ql-override | |
Options | ||
Default | unused | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
source-port string
Synopsis | Source port for the second timing reference | |
Context | configure system central-frequency-clock ref2 source-port string | |
Tree | source-port | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
revert boolean
Synopsis | Revert to higher-priority reference source | |
Context | configure system central-frequency-clock revert boolean | |
Tree | revert | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
synce
Synopsis | Enter the synce context | |
Context | configure system central-frequency-clock synce | |
Tree | synce | |
Introduced | 19.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the SyncE timing reference | |
Context | configure system central-frequency-clock synce admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 19.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ql-override keyword
Synopsis | Override the quality level of a timing reference | |
Context | configure system central-frequency-clock synce ql-override keyword | |
Tree | ql-override | |
Options | ||
Default | unused | |
Introduced | 19.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
wait-to-restore number
Synopsis | Time to re-validate a previously failed input reference | |
Context | configure system central-frequency-clock wait-to-restore number | |
Tree | wait-to-restore | |
Range | 1 to 12 | |
Units | minutes | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
clli-code string
congestion-management boolean
Synopsis | Enable Virtual Service Router congestion management | |
Context | configure system congestion-management boolean | |
Tree | congestion-management | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | VSR |
contact string
coordinates string
Synopsis | GPS coordinates for the system location | |
Context | configure system coordinates string | |
Tree | coordinates | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
cpm-http-redirect
Synopsis | Enter the cpm-http-redirect context | |
Context | configure system cpm-http-redirect | |
Tree | cpm-http-redirect | |
Introduced | 16.0.R4 | |
Platforms | All |
optimized-mode boolean
Synopsis | Enable optimized mode for CPM HTTP redirect messages | |
Context | configure system cpm-http-redirect optimized-mode boolean | |
Tree | optimized-mode | |
Default | true | |
Introduced | 16.0.R4 | |
Platforms | All |
cron
schedule [schedule-name] string owner string
[schedule-name] string
owner string
admin-state keyword
Synopsis | Administrative state of the CRON schedule | |
Context | configure system cron schedule string owner string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
count number
day-of-month number
Synopsis | Days in a month when a schedule runs | |
Context | configure system cron schedule string owner string day-of-month number | |
Tree | day-of-month | |
Range | -31 to -1 | 1 to 31 | |
Max. Instances | 62 | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system cron schedule string owner string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
end-time
date-and-time string
Synopsis | Date and time to stop triggering the schedule | |
Context | configure system cron schedule string owner string end-time date-and-time string | |
Tree | date-and-time | |
Notes | The following elements are part of a choice: date-and-time or (day and time). | |
Introduced | 16.0.R1 | |
Platforms | All |
day keyword
time string
hour number
interval number
minute number
month (keyword | number)
script-policy
Synopsis | Enter the script-policy context | |
Context | configure system cron schedule string owner string script-policy | |
Tree | script-policy | |
Introduced | 16.0.R1 | |
Platforms | All |
name string
owner string
type keyword
weekday (keyword | number)
dhcp6
adv-noaddrs-global keyword
Synopsis | Applications to send NoAddrsAvail in Advertise messages | |
Context | configure system dhcp6 adv-noaddrs-global keyword | |
Tree | adv-noaddrs-global | |
Options | ||
Max. Instances | 2 | |
Introduced | 16.0.R4 | |
Platforms | All |
dns
address-pref keyword
Synopsis | Preference in DNS address resolving order | |
Context | configure system dns address-pref keyword | |
Tree | address-pref | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
All |
dnssec
ad-validation keyword
Synopsis | Validation of AD-bit presence in DNS server responses | |
Context | configure system dns dnssec ad-validation keyword | |
Tree | ad-validation | |
Options | fall-through – Allow non-DNSSEC responses to fall-through to permit resolution in case of validation failure drop – Drop non-DNSSEC responses in case of validation failure | |
Introduced | 16.0.R1 | |
Platforms | All |
efm-oam
dying-gasp-tx-on-reset boolean
Synopsis | Generate Information OAM PDU on soft reset notification | |
Context | configure system efm-oam dying-gasp-tx-on-reset boolean | |
Tree | dying-gasp-tx-on-reset | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
grace-tx boolean
Synopsis | Send Grace TLVs for soft reset graceful recovery events | |
Context | configure system efm-oam grace-tx boolean | |
Tree | grace-tx | |
Description | When configured to true, the system sends the Nokia Vendor specific Grace TLV in the information PDU after an ISSU or a soft reset. The Grace TLV informs a remote peer to ignore the negotiated interval and multiplier and instead use the new timeout interval. By default, the command is disabled at the system level and enabled at the port level. Both the system and port level must be enabled to support grace on a specific port. When configured to true, the EFM-OAM protocol does not enter a non-operational state when both nodes acknowledge the grace function. This feature minimizes service interruption by giving the restarting router time to become operationally and administratively up within the grace period. The peer receiving the Grace TLV must be able to parse and process the vendor-specific messaging. Do not configure grace if the Nokia Vendor Specific Grace TLV is not supported on the remote peer. When configured to false, the Nokia Vendor Specific Grace TLV is not sent. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
eth-cfm
grace boolean
md-auto-id
Synopsis | Enter the md-auto-id context | |
Context | configure system eth-cfm md-auto-id | |
Tree | md-auto-id | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ma-index-range
Synopsis | Enable the ma-index-range context | |
Context | configure system eth-cfm md-auto-id ma-index-range | |
Tree | ma-index-range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Upper bound of the range | |
Context | configure system eth-cfm md-auto-id ma-index-range end number | |
Tree | end | |
Range | 1 to 4294967295 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
start number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Lower bound of the range | |
Context | configure system eth-cfm md-auto-id ma-index-range start number | |
Tree | start | |
Range | 1 to 4294967295 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
md-index-range
Synopsis | Enable the md-index-range context | |
Context | configure system eth-cfm md-auto-id md-index-range | |
Tree | md-index-range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Upper bound of the range | |
Context | configure system eth-cfm md-auto-id md-index-range end number | |
Tree | end | |
Range | 1 to 4294967295 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
start number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Lower bound of the range | |
Context | configure system eth-cfm md-auto-id md-index-range start number | |
Tree | start | |
Range | 1 to 4294967295 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
named-display boolean
Synopsis | Enable administrative name display in CLI show outputs | |
Context | configure system eth-cfm named-display boolean | |
Tree | named-display | |
Description | When configured to true, the system displays the administrative names for domains, associations, and bridge-identifiers in show eth-cfm command outputs in addition to the numerical maintenance domain (MD) index, maintenance association (MA) index, and bridge ID values. The administrative names are displayed underneath the numerical values, each on a separate row. When configured to false, the system only displays the numerical MD index, MA index, and bridge ID values in show eth-cfm command outputs. | |
Default | false | |
Introduced | 23.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
redundancy
Synopsis | Enter the redundancy context | |
Context | configure system eth-cfm redundancy | |
Tree | redundancy | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mc-lag
Synopsis | Enter the mc-lag context | |
Context | configure system eth-cfm redundancy mc-lag | |
Tree | mc-lag | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
propagate-hold-time (number | keyword)
Synopsis | Delay timer value for the fault propagation | |
Context | configure system eth-cfm redundancy mc-lag propagate-hold-time (number | keyword) | |
Tree | propagate-hold-time | |
Range | 1 to 60 | |
Units | seconds | |
Options | ||
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
standby-mep boolean
Synopsis | Allow standby MC-LAG MEPs to act administratively down | |
Context | configure system eth-cfm redundancy mc-lag standby-mep boolean | |
Tree | standby-mep | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
sender-id
local-name string
Synopsis | Local name used in CFM PDUs | |
Context | configure system eth-cfm sender-id local-name string | |
Tree | local-name | |
String Length | 1 to 45 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
type keyword
slm
inactivity-timer number
Synopsis | SLR inactivity timer to maintain the stale test data | |
Context | configure system eth-cfm slm inactivity-timer number | |
Tree | inactivity-timer | |
Range | 10 to 100 | |
Units | seconds | |
Default | 100 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
fan-control
Synopsis | Enter the fan-control context | |
Context | configure system fan-control | |
Tree | fan-control | |
Description | Commands in this context configure the speed of the router fans. Caution: Only use commands in this context with authorized direction from Nokia technical support. | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se |
cooling-profile keyword
Synopsis | Cooling profile used to determine fan speeds | |
Context | configure system fan-control cooling-profile keyword | |
Tree | cooling-profile | |
Description | This command configures the cooling profile used to determine the fan speed. Nokia recommends that the default setting be used unless aggressive cooling is explicitly required. | |
Options | ||
Default | default | |
Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se |
grpc
admin-state keyword
Synopsis | Administrative state of the gRPC server | |
Context | configure system grpc admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
allow-unsecure-connection
Synopsis | Allow connection without secured transport protocol | |
Context | configure system grpc allow-unsecure-connection | |
Tree | allow-unsecure-connection | |
Description | When configured, the system allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information. | |
Notes | The following elements are part of a choice: allow-unsecure-connection or tls-server-profile. | |
Introduced | 16.0.R1 | |
Platforms | All |
delay-on-boot number
Synopsis | Delay for gRPC connections after system boot | |
Context | configure system grpc delay-on-boot number | |
Tree | delay-on-boot | |
Description | This command configures the delay timer for gRPC connections. When the timer expires, gRPC becomes operational and connections are accepted. This delay prevents automation from managing the system while it is still converging. When no delay is configured, connections are accepted after the system boots and gRPC becomes operational. | |
Range | 1 to 3600 | |
Units | seconds | |
Introduced | 23.10.R1 | |
Platforms |
All |
gnmi
admin-state keyword
Synopsis | Administrative state of the gNMI service | |
Context | configure system grpc gnmi admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
auto-config-save boolean
Synopsis | Automatically save configuration as part of commit | |
Context | configure system grpc gnmi auto-config-save boolean | |
Tree | auto-config-save | |
Description | When configured to true, the system automatically writes the running configuration to the save configuration file as part of a successful commit operation. | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
proto-version keyword
Synopsis | gnmi.proto version | |
Context | configure system grpc gnmi proto-version keyword | |
Tree | proto-version | |
Description | This command sets the gnmi.proto version that the GRPC server should use for all gNMI RPCs. Only use options other than latest for backward compatibility with legacy collectors. | |
Options | latest – Latest supported version v070 – gNMI version 0.7.0 | |
Default | latest | |
Introduced | 23.3.R1 | |
Platforms | All |
gnoi
cert-mgmt
admin-state keyword
Synopsis | Administrative state of gNOI CertificateManagement | |
Context | configure system grpc gnoi cert-mgmt admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 19.10.R1 | |
Platforms | All |
file
admin-state keyword
Synopsis | Administrative state of the gNOI File service | |
Context | configure system grpc gnoi file admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 21.2.R1 | |
Platforms | All |
system
admin-state keyword
Synopsis | Administrative state of the gNOI System service | |
Context | configure system grpc gnoi system admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.5.R1 | |
Platforms | All |
listening-port number
Synopsis | Listening port for the gRPC server | |
Context | configure system grpc listening-port number | |
Tree | listening-port | |
Range | 1024 to 49151 | 57400 | |
Default | 57400 | |
Introduced | 23.7.R1 | |
Platforms | All |
max-msg-size number
Synopsis | Maximum size of received message | |
Context | configure system grpc max-msg-size number | |
Tree | max-msg-size | |
Range | 1 to 1024 | |
Units | megabytes | |
Default | 512 | |
Introduced | 16.0.R1 | |
Platforms | All |
md-cli
admin-state keyword
Synopsis | Administrative state of the MD-CLI service | |
Context | configure system grpc md-cli admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.5.R1 | |
Platforms | All |
rib-api
admin-state keyword
Synopsis | Administrative state of the RIB API service | |
Context | configure system grpc rib-api admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R4 | |
Platforms | All |
purge-timeout number
Synopsis | Time until stale entries are purged | |
Context | configure system grpc rib-api purge-timeout number | |
Tree | purge-timeout | |
Range | 1 to 100000 | |
Units | seconds | |
Introduced | 16.0.R4 | |
Platforms |
All |
tcp-keepalive
Synopsis | Enter the tcp-keepalive context | |
Context | configure system grpc tcp-keepalive | |
Tree | tcp-keepalive | |
Introduced | 16.0.R4 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the TCP keepalive algorithm | |
Context | configure system grpc tcp-keepalive admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R4 | |
Platforms | All |
idle-time number
Synopsis | Time until the first TCP keepalive probe is sent | |
Context | configure system grpc tcp-keepalive idle-time number | |
Tree | idle-time | |
Description | This command configures the amount of time the connection must be idle before TCP keepalives are sent. | |
Range | 1 to 100000 | |
Units | seconds | |
Default | 600 | |
Introduced | 16.0.R4 | |
Platforms | All |
interval number
Synopsis | Time between TCP keep-alive probes | |
Context | configure system grpc tcp-keepalive interval number | |
Tree | interval | |
Range | 1 to 100000 | |
Units | seconds | |
Default | 15 | |
Introduced | 16.0.R4 | |
Platforms | All |
retries number
Synopsis | Number of probe retries before closing the connection | |
Context | configure system grpc tcp-keepalive retries number | |
Tree | retries | |
Description | This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group. | |
Range | 3 to 100 | |
Default | 4 | |
Introduced | 16.0.R4 | |
Platforms |
All |
tls-server-profile reference
Synopsis | Preferred TLS server profile | |
Context | configure system grpc tls-server-profile reference | |
Tree | tls-server-profile | |
Reference | configure system security tls server-tls-profile string | |
Notes | The following elements are part of a choice: allow-unsecure-connection or tls-server-profile. | |
Introduced | 16.0.R1 | |
Platforms | All |
grpc-tunnel
Synopsis | Enter the grpc-tunnel context | |
Context | configure system grpc-tunnel | |
Tree | grpc-tunnel | |
Introduced | 22.2.R1 | |
Platforms | All |
delay-on-boot number
Synopsis | Delay for gRPC tunnels after system boot | |
Context | configure system grpc-tunnel delay-on-boot number | |
Tree | delay-on-boot | |
Description | This command configures the delay timer for gRPC tunnels. When the timer expires, gRPC tunnels become operational and connections are accepted. This delay prevents the system from trying to initiate gRPC tunnels while it is still converging. When no delay is configured, gRPC tunnels are initiated after the system boots and gRPC becomes operational. | |
Range | 1 to 3600 | |
Units | seconds | |
Introduced | 23.10.R1 | |
Platforms |
All |
destination-group [name] string
Synopsis | Enter the destination-group list instance | |
Context | configure system grpc-tunnel destination-group string | |
Tree | destination-group | |
Description | Commands in this context configure parameters for destination groups. | |
Max. Instances | 4 | |
Introduced | 22.2.R1 | |
Platforms | All |
[name] string
Synopsis | Destination group name | |
Context | configure system grpc-tunnel destination-group string | |
Tree | destination-group | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
allow-unsecure-connection
Synopsis | Allow unsecured operation of gRPC connections | |
Context | configure system grpc-tunnel destination-group string allow-unsecure-connection | |
Tree | allow-unsecure-connection | |
Description | This command allows a gRPC tunnel to run without a secured transport protocol. Data is transferred in unencrypted form. | |
Notes | The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. | |
Introduced | 22.2.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system grpc-tunnel destination-group string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 22.2.R1 | |
Platforms | All |
destination [address] (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
Synopsis | Enter the destination list instance | |
Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
Tree | destination | |
Max. Instances | 4 | |
Notes | This element is ordered by the user. | |
Introduced | 22.2.R1 | |
Platforms | All |
[address] (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
Synopsis | Address of the destination within the destination group | |
Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
Tree | destination | |
String Length | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
port number
Synopsis | TCP port number for the destination | |
Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
Tree | destination | |
Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Local IP address of packets sent from the source | |
Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number local-source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | local-source-address | |
Introduced | 22.2.R1 | |
Platforms | All |
originated-qos-marking keyword
Synopsis | QoS marking used for gRPC tunnel packets | |
Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number originated-qos-marking keyword | |
Tree | originated-qos-marking | |
Options | ||
Introduced | 22.2.R1 | |
Platforms |
All |
router-instance string
Synopsis | Router instance for the destination group | |
Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number router-instance string | |
Tree | router-instance | |
Introduced | 22.2.R1 | |
Platforms | All |
tcp-keepalive
Synopsis | Enter the tcp-keepalive context | |
Context | configure system grpc-tunnel destination-group string tcp-keepalive | |
Tree | tcp-keepalive | |
Introduced | 22.2.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the TCP keepalive algorithm | |
Context | configure system grpc-tunnel destination-group string tcp-keepalive admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 22.2.R1 | |
Platforms | All |
idle-time number
Synopsis | Time until the first TCP keepalive probe is sent | |
Context | configure system grpc-tunnel destination-group string tcp-keepalive idle-time number | |
Tree | idle-time | |
Description | This command configures the amount of time the connection must be idle before TCP keepalives are sent. | |
Range | 1 to 100000 | |
Units | seconds | |
Default | 600 | |
Introduced | 22.2.R1 | |
Platforms | All |
interval number
Synopsis | Time between TCP keep-alive probes | |
Context | configure system grpc-tunnel destination-group string tcp-keepalive interval number | |
Tree | interval | |
Range | 1 to 100000 | |
Units | seconds | |
Default | 15 | |
Introduced | 22.2.R1 | |
Platforms | All |
retries number
Synopsis | Number of probe retries before closing the connection | |
Context | configure system grpc-tunnel destination-group string tcp-keepalive retries number | |
Tree | retries | |
Description | This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group. | |
Range | 3 to 100 | |
Default | 4 | |
Introduced | 22.2.R1 | |
Platforms |
All |
tls-client-profile reference
Synopsis | TLS client profile assigned to the destination group | |
Context | configure system grpc-tunnel destination-group string tls-client-profile reference | |
Tree | tls-client-profile | |
Reference | configure system security tls client-tls-profile string | |
Notes | The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. | |
Introduced | 22.2.R1 | |
Platforms | All |
tunnel [name] string
Synopsis | Enter the tunnel list instance | |
Context | configure system grpc-tunnel tunnel string | |
Tree | tunnel | |
Description | Commands in this context configure gRPC-tunnel-related parameters. | |
Max. Instances | 4 | |
Introduced | 22.2.R1 | |
Platforms | All |
[name] string
Synopsis | Tunnel name | |
Context | configure system grpc-tunnel tunnel string | |
Tree | tunnel | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the tunnel | |
Context | configure system grpc-tunnel tunnel string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 22.2.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system grpc-tunnel tunnel string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 22.2.R1 | |
Platforms | All |
destination-group reference
Synopsis | Destination group used in the tunnel | |
Context | configure system grpc-tunnel tunnel string destination-group reference | |
Tree | destination-group | |
Reference | configure system grpc-tunnel destination-group string | |
Introduced | 22.2.R1 | |
Platforms | All |
handler [name] string
Synopsis | Enter the handler list instance | |
Context | configure system grpc-tunnel tunnel string handler string | |
Tree | handler | |
Description | Commands in this context configure handler parameters for this instance. Multiple handlers can be created for any tunnel. | |
Max. Instances | 8 | |
Introduced | 22.2.R1 | |
Platforms | All |
[name] string
Synopsis | Handler name | |
Context | configure system grpc-tunnel tunnel string handler string | |
Tree | handler | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the handler | |
Context | configure system grpc-tunnel tunnel string handler string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 22.2.R1 | |
Platforms | All |
port number
target-type
Synopsis | Enter the target-type context | |
Context | configure system grpc-tunnel tunnel string handler string target-type | |
Tree | target-type | |
Introduced | 22.2.R1 | |
Platforms | All |
custom-type string
Synopsis | Custom string for target type | |
Context | configure system grpc-tunnel tunnel string handler string target-type custom-type string | |
Tree | custom-type | |
Description | This command configures a custom string for the target type. This string can correspond to specific values used by the gRPC tunnel protocol, such as GNMI_GNOI or SSH. If a custom string is defined, the gRPC tunnel client must specify the string to request a session for that handler. The string must be unique within a tunnel. | |
String Length | 1 to 64 | |
Notes | The following elements are part of a choice: custom-type, grpc-server, or ssh-server. | |
Introduced | 22.2.R1 | |
Platforms | All |
grpc-server
Synopsis | Target type set to GNMI_GNOI | |
Context | configure system grpc-tunnel tunnel string handler string target-type grpc-server | |
Tree | grpc-server | |
Description | When configured, this command assigns the gRPC server as a handler for all tunnels sessions. At the gRPC tunnel protocol level, this corresponds to a value of GNMI_GNOI. | |
Notes | The following elements are part of a choice: custom-type, grpc-server, or ssh-server. | |
Introduced | 22.2.R1 | |
Platforms | All |
ssh-server
Synopsis | Target type is SSH | |
Context | configure system grpc-tunnel tunnel string handler string target-type ssh-server | |
Tree | ssh-server | |
Description | When configured, this command assigns the SSH server as a handler for all tunnels sessions. At the gRPC tunnel protocol level, this corresponds to a value of SSH. | |
Notes | The following elements are part of a choice: custom-type, grpc-server, or ssh-server. | |
Introduced | 22.2.R1 | |
Platforms | All |
target-name
Synopsis | Enter the target-name context | |
Context | configure system grpc-tunnel tunnel string target-name | |
Tree | target-name | |
Introduced | 22.2.R1 | |
Platforms | All |
custom-string string
Synopsis | Custom target name | |
Context | configure system grpc-tunnel tunnel string target-name custom-string string | |
Tree | custom-string | |
String Length | 1 to 64 | |
Notes | The following elements are part of a choice: custom-string, node-name, or user-agent. | |
Introduced | 22.2.R1 | |
Platforms | All |
node-name
Synopsis | Set the node name as target name | |
Context | configure system grpc-tunnel tunnel string target-name node-name | |
Tree | node-name | |
Description | When configured, this command uses the node name as the target name. The node name is configured by the configure system name command. | |
Notes | The following elements are part of a choice: custom-string, node-name, or user-agent. | |
Introduced | 22.2.R1 | |
Platforms | All |
user-agent
Synopsis | Set the user agent as the target name | |
Context | configure system grpc-tunnel tunnel string target-name user-agent | |
Tree | user-agent | |
Description | When configured, this command uses the user agent as the target name. The agent is a string consisting of node-name:vendor:model:software-version. | |
Notes | The following elements are part of a choice: custom-string, node-name, or user-agent. | |
Introduced | 22.2.R1 | |
Platforms | All |
icmp-vse boolean
ip
allow-qinq-network-interface boolean
Synopsis | Allow QinQ encapsulation for network interfaces | |
Context | configure system ip allow-qinq-network-interface boolean | |
Tree | allow-qinq-network-interface | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
enforce-unique-if-index boolean
Synopsis | Force creation of globally unique IP interface indexes | |
Context | configure system ip enforce-unique-if-index boolean | |
Tree | enforce-unique-if-index | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
forward-6in4 boolean
Synopsis | Allow forwarding of IPv6 over IPv4 to system IP address | |
Context | configure system ip forward-6in4 boolean | |
Tree | forward-6in4 | |
Default | false | |
Introduced | 19.10.R1 | |
Platforms | All |
forward-ip-over-gre boolean
Synopsis | Allow forwarding of IP over GRE to system IP address | |
Context | configure system ip forward-ip-over-gre boolean | |
Tree | forward-ip-over-gre | |
Default | false | |
Introduced | 19.10.R1 | |
Platforms | All |
ipv6-eh keyword
mpls
label-stack-statistics-count number
Synopsis | Collect traffic statistics on labels of the MPLS stack | |
Context | configure system ip mpls label-stack-statistics-count number | |
Tree | label-stack-statistics-count | |
Range | 1 to 2 | |
Default | 1 | |
Introduced | 19.10.R3 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
l2tp
non-multi-chassis-tunnel-id-range
Synopsis | Enter the non-multi-chassis-tunnel-id-range context | |
Context | configure system l2tp non-multi-chassis-tunnel-id-range | |
Tree | non-multi-chassis-tunnel-id-range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of the range | |
Context | configure system l2tp non-multi-chassis-tunnel-id-range end number | |
Tree | end | |
Range | 0 to 16383 | |
Default | 16383 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of the range | |
Context | configure system l2tp non-multi-chassis-tunnel-id-range start number | |
Tree | start | |
Range | 0 to 16383 | |
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
lacp
system-priority number
Synopsis | LACP system priority on aggregated Ethernet interfaces | |
Context | configure system lacp system-priority number | |
Tree | system-priority | |
Range | 1 to 65535 | |
Default | 32768 | |
Introduced | 16.0.R1 | |
Platforms |
All |
lldp
admin-state keyword
Synopsis | Administrative state of LLDP | |
Context | configure system lldp admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
message-fast-tx number
Synopsis | Interval at which LLDP frames are transmitted | |
Context | configure system lldp message-fast-tx number | |
Tree | message-fast-tx | |
Description | This command configures the interval at which LLDP frames are transmitted on behalf of the LLDP during a fast transmission period. | |
Range | 1 to 3600 | |
Units | seconds | |
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
message-fast-tx-init number
Synopsis | PDUs to transmit during the fast transmission period | |
Context | configure system lldp message-fast-tx-init number | |
Tree | message-fast-tx-init | |
Range | 1 to 8 | |
Default | 4 | |
Introduced | 16.0.R1 | |
Platforms |
All |
notification-interval number
Synopsis | Minimum interval between change notifications | |
Context | configure system lldp notification-interval number | |
Tree | notification-interval | |
Range | 5 to 3600 | |
Units | seconds | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms | All |
reinit-delay number
Synopsis | Time required before re-initializing LLDP on a port | |
Context | configure system lldp reinit-delay number | |
Tree | reinit-delay | |
Range | 1 to 10 | |
Units | seconds | |
Default | 2 | |
Introduced | 16.0.R1 | |
Platforms | All |
tx-credit-max number
Synopsis | Maximum consecutive LLDPDUs that can be transmitted | |
Context | configure system lldp tx-credit-max number | |
Tree | tx-credit-max | |
Range | 1 to 100 | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms |
All |
tx-hold-multiplier number
Synopsis | Transmit interval multiplier | |
Context | configure system lldp tx-hold-multiplier number | |
Tree | tx-hold-multiplier | |
Range | 2 to 10 | |
Default | 4 | |
Introduced | 16.0.R1 | |
Platforms |
All |
tx-interval number
Synopsis | LLDP transmit interval | |
Context | configure system lldp tx-interval number | |
Tree | tx-interval | |
Range | 5 to 32768 | |
Units | seconds | |
Default | 30 | |
Introduced | 16.0.R1 | |
Platforms | All |
load-balancing
Synopsis | Enter the load-balancing context | |
Context | configure system load-balancing | |
Tree | load-balancing | |
Introduced | 16.0.R1 | |
Platforms | All |
l2tp-load-balancing boolean
Synopsis | Include L2TP header information for load balancing | |
Context | configure system load-balancing l2tp-load-balancing boolean | |
Tree | l2tp-load-balancing | |
Default | false | |
Introduced | 16.0.R4 | |
Platforms | All |
l4-load-balancing boolean
Synopsis | Use load balancing based on Layer 4 fields | |
Context | configure system load-balancing l4-load-balancing boolean | |
Tree | l4-load-balancing | |
Introduced | 16.0.R1 | |
Platforms | All |
lsr-load-balancing keyword
Synopsis | Algorithm for system-wide LSR load balancing | |
Context | configure system load-balancing lsr-load-balancing keyword | |
Tree | lsr-load-balancing | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
mc-enh-load-balancing boolean
Synopsis | Enable enhanced egress multicast load balancing | |
Context | configure system load-balancing mc-enh-load-balancing boolean | |
Tree | mc-enh-load-balancing | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
service-id-lag-hashing boolean
Synopsis | Enable enhanced VLL LAG service ID hashing | |
Context | configure system load-balancing service-id-lag-hashing boolean | |
Tree | service-id-lag-hashing | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
system-ip-load-balancing boolean
Synopsis | Use system IP address for ECMP and LAG load balancing | |
Context | configure system load-balancing system-ip-load-balancing boolean | |
Tree | system-ip-load-balancing | |
Introduced | 16.0.R1 | |
Platforms | All |
location string
login-control
Synopsis | Enter the login-control context | |
Context | configure system login-control | |
Tree | login-control | |
Introduced | 16.0.R1 | |
Platforms | All |
exponential-backoff boolean
Synopsis | Enable exponential-backoff of the login prompt | |
Context | configure system login-control exponential-backoff boolean | |
Tree | exponential-backoff | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
ftp
Synopsis | Enter the ftp context | |
Context | configure system login-control ftp | |
Tree | ftp | |
Introduced | 16.0.R1 | |
Platforms | All |
inbound-max-sessions number
Synopsis | Maximum number of concurrent inbound FTP sessions | |
Context | configure system login-control ftp inbound-max-sessions number | |
Tree | inbound-max-sessions | |
Range | 0 to 5 | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms |
All |
idle-timeout (keyword | number)
Synopsis | Idle timeout for FTP, console, or Telnet sessions | |
Context | configure system login-control idle-timeout (keyword | number) | |
Tree | idle-timeout | |
Range | 1 to 1440 | |
Units | minutes | |
Options | ||
Default | 30 | |
Introduced | 16.0.R1 | |
Platforms | All |
login-banner boolean
Synopsis | Display login banner | |
Context | configure system login-control login-banner boolean | |
Tree | login-banner | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
login-scripts
Synopsis | Enter the login-scripts context | |
Context | configure system login-control login-scripts | |
Tree | login-scripts | |
Introduced | 16.0.R1 | |
Platforms | All |
global-script string
Synopsis | URL of the global CLI login script | |
Context | configure system login-control login-scripts global-script string | |
Tree | global-script | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
per-user-script
Synopsis | Enter the per-user-script context | |
Context | configure system login-control login-scripts per-user-script | |
Tree | per-user-script | |
Introduced | 16.0.R1 | |
Platforms | All |
file-name string
Synopsis | File name of the per-user login script | |
Context | configure system login-control login-scripts per-user-script file-name string | |
Tree | file-name | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
user-directory string
Synopsis | Directory name of user-defined login script | |
Context | configure system login-control login-scripts per-user-script user-directory string | |
Tree | user-directory | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
motd
Synopsis | Enter the motd context | |
Context | configure system login-control motd | |
Tree | motd | |
Introduced | 16.0.R1 | |
Platforms | All |
text string
Synopsis | Message of the day displayed after console login | |
Context | configure system login-control motd text string | |
Tree | text | |
String Length | 1 to 900 | |
Notes | The following elements are part of a choice: text or url. | |
Introduced | 16.0.R1 | |
Platforms | All |
url string
Synopsis | URL of the location of message of the day | |
Context | configure system login-control motd url string | |
Tree | url | |
String Length | 1 to 180 | |
Notes | The following elements are part of a choice: text or url. | |
Introduced | 16.0.R1 | |
Platforms | All |
pre-login-message
Synopsis | Enter the pre-login-message context | |
Context | configure system login-control pre-login-message | |
Tree | pre-login-message | |
Description | Commands in this context configure a message to display before logging in to the router using Telnet, SSH, or the console port. Only one message can be configured. If a new pre-login message is configured, the new message overwrites the previous message. Note: The pre-login message is displayed on both active and standby systems. | |
Introduced | 16.0.R1 | |
Platforms | All |
message string
Synopsis | Message displayed before the login prompt | |
Context | configure system login-control pre-login-message message string | |
Tree | message | |
Description | This command configures the pre-login message. Any printable, 7-bit ASCII characters can be used. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Some special characters can be used to format the message text. Use the newline (\n) character to create multiline messages. A newline (\n) character in the message moves to the beginning of the next line by sending ASCII/UTF-8 characters 0xA (LF) and 0xD (CR) to the client terminal. A carriage return (\r) character in the message sends the ASCII/UTF-8 character 0xD (CR) to the client terminal. | |
String Length | 1 to 900 | |
Introduced | 16.0.R1 | |
Platforms | All |
name boolean
Synopsis | Display the system name before the pre-login message | |
Context | configure system login-control pre-login-message name boolean | |
Tree | name | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
ssh
Synopsis | Enter the ssh context | |
Context | configure system login-control ssh | |
Tree | ssh | |
Introduced | 16.0.R1 | |
Platforms | All |
graceful-shutdown boolean
Synopsis | Allow graceful shutdown of SSH sessions | |
Context | configure system login-control ssh graceful-shutdown boolean | |
Tree | graceful-shutdown | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
inbound-max-sessions number
Synopsis | Maximum number of concurrent inbound sessions | |
Context | configure system login-control ssh inbound-max-sessions number | |
Tree | inbound-max-sessions | |
Range | 0 to 50 | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms |
All |
outbound-max-sessions number
Synopsis | Maximum number of concurrent outbound sessions | |
Context | configure system login-control ssh outbound-max-sessions number | |
Tree | outbound-max-sessions | |
Range | 0 to 15 | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms |
All |
ttl-security number
Synopsis | Minimum TTL value for incoming packets | |
Context | configure system login-control ssh ttl-security number | |
Tree | ttl-security | |
Range | 1 to 255 | |
Introduced | 16.0.R1 | |
Platforms | All |
telnet
Synopsis | Enter the telnet context | |
Context | configure system login-control telnet | |
Tree | telnet | |
Introduced | 16.0.R1 | |
Platforms | All |
graceful-shutdown boolean
Synopsis | Allow graceful shutdown of Telnet sessions | |
Context | configure system login-control telnet graceful-shutdown boolean | |
Tree | graceful-shutdown | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
inbound-max-sessions number
Synopsis | Maximum number of concurrent inbound sessions | |
Context | configure system login-control telnet inbound-max-sessions number | |
Tree | inbound-max-sessions | |
Range | 0 to 50 | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms |
All |
outbound-max-sessions number
Synopsis | Maximum number of concurrent outbound sessions | |
Context | configure system login-control telnet outbound-max-sessions number | |
Tree | outbound-max-sessions | |
Range | 0 to 15 | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms |
All |
ttl-security number
Synopsis | Minimum TTL value for incoming packets | |
Context | configure system login-control telnet ttl-security number | |
Tree | ttl-security | |
Range | 1 to 255 | |
Introduced | 16.0.R1 | |
Platforms | All |
management-interface
Synopsis | Enter the management-interface context | |
Context | configure system management-interface | |
Tree | management-interface | |
Introduced | 16.0.R1 | |
Platforms | All |
cli
Synopsis | Enter the cli context | |
Context | configure system management-interface cli | |
Tree | cli | |
Description | Commands in this context configure the CLI management interfaces. | |
Introduced | 16.0.R1 | |
Platforms | All |
classic-cli
Synopsis | Enter the classic-cli context | |
Context | configure system management-interface cli classic-cli | |
Tree | classic-cli | |
Description | Commands in this context configure the classic CLI management interface. | |
Introduced | 16.0.R1 | |
Platforms | All |
allow-immediate boolean
Synopsis | Allow writable access in classic CLI configure branch | |
Context | configure system management-interface cli classic-cli allow-immediate boolean | |
Tree | allow-immediate | |
Description | When configured to true, this command enables write access in the classic CLI configuration branch without having to use the classic CLI candidate edit functionality. When configured to false, this command blocks write access and configuration changes in the classic CLI configuration branch, and the classic CLI configuration branch is read-only. This enforces using the classic CLI candidate edit functionality, including candidate commit, to modify the router configuration, instead of allowing immediate line-by-line configuration changes. | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
rollback
Synopsis | Enter the rollback context | |
Context | configure system management-interface cli classic-cli rollback | |
Tree | rollback | |
Description | Commands in this context control classic CLI configuration rollback functionality, such as the maximum number of rollback checkpoints the system maintains. Configuration rollback allows the operator to revert to previous router configuration states while minimizing impacts to services. | |
Introduced | 16.0.R1 | |
Platforms | All |
local-checkpoints number
Synopsis | Maximum number of rollback files on local storage | |
Context | configure system management-interface cli classic-cli rollback local-checkpoints number | |
Tree | local-checkpoints | |
Range | 1 to 50 | |
Default | 10 | |
Introduced | 16.0.R1 | |
Platforms |
All |
location string
Synopsis | Path and filename prefix for rollback checkpoint files | |
Context | configure system management-interface cli classic-cli rollback location string | |
Tree | location | |
Description | This command configures the local (for example, compact flash) or remote location and name of the classic CLI rollback checkpoint files. The filename must not contain a suffix. The suffixes for rollback checkpoint files are, for example, .rb, .rb.1, .rb.2, and so on. The suffixes are automatically appended to rollback checkpoint files. | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
remote-checkpoints number
Synopsis | Maximum rollback files saved at a remote location | |
Context | configure system management-interface cli classic-cli rollback remote-checkpoints number | |
Tree | remote-checkpoints | |
Range | 1 to 200 | |
Default | 10 | |
Introduced | 16.0.R1 | |
Platforms |
All |
rescue
Synopsis | Enter the rescue context | |
Context | configure system management-interface cli classic-cli rollback rescue | |
Tree | rescue | |
Introduced | 16.0.R1 | |
Platforms | All |
location string
Synopsis | Location of the rescue configuration file | |
Context | configure system management-interface cli classic-cli rollback rescue location string | |
Tree | location | |
Description | This command configures the local or remote location and filename of the classic CLI rescue configuration file. The suffix (.rc) is automatically appended to the filename when a rescue configuration file is saved. Trivial FTP (TFTP) is not supported for remote locations. | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
cli-engine keyword
Synopsis | System-wide CLI engine access | |
Context | configure system management-interface cli cli-engine keyword | |
Tree | cli-engine | |
Description | This command configures the system-wide CLI engine. The operator can configure one or both engines. For the configuration to take effect, exit the running CLI session and start a new session after committing the new value. | |
Options | ||
Max. Instances | 2 | |
Notes | This element is ordered by the user. | |
Introduced | 16.0.R1 | |
Platforms | All |
md-cli
Synopsis | Enter the md-cli context | |
Context | configure system management-interface cli md-cli | |
Tree | md-cli | |
Description | Commands in this context configure the MD-CLI management interface. | |
Introduced | 16.0.R1 | |
Platforms | All |
auto-config-save boolean
Synopsis | Automatically save configuration as part of commit | |
Context | configure system management-interface cli md-cli auto-config-save boolean | |
Tree | auto-config-save | |
Description | When configured to true, the system automatically writes the running configuration to the save configuration file as part of a successful commit operation. | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
environment
Synopsis | Enter the environment context | |
Context | configure system management-interface cli md-cli environment | |
Tree | environment | |
Introduced | 16.0.R1 | |
Platforms | All |
command-alias
Synopsis | Enter the command-alias context | |
Context | configure system management-interface cli md-cli environment command-alias | |
Tree | command-alias | |
Introduced | 21.7.R1 | |
Platforms | All |
alias [alias-name] string
Synopsis | Enter the alias list instance | |
Context | configure system management-interface cli md-cli environment command-alias alias string | |
Tree | alias | |
Description | Commands in this context create aliases to existing MD-CLI commands or to Python applications. Aliases may be mounted for use globally or for selected context paths. Arguments and output modifiers may be provided to aliases at configuration or run time. | |
Introduced | 21.7.R1 | |
Platforms | All |
[alias-name] string
Synopsis | Alias name | |
Context | configure system management-interface cli md-cli environment command-alias alias string | |
Tree | alias | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 21.7.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the alias | |
Context | configure system management-interface cli md-cli environment command-alias alias string admin-state keyword | |
Tree | admin-state | |
Description | This command controls the administrative state of the MD-CLI alias. MD-CLI aliases that are administratively disabled cannot be executed, are not displayed in command completion, and do not appear in ? help. | |
Options | ||
Default | disable | |
Introduced | 21.10.R1 | |
Platforms | All |
cli-command string
Synopsis | CLI command to run when executing the alias | |
Context | configure system management-interface cli md-cli environment command-alias alias string cli-command string | |
Tree | cli-command | |
String Length | 1 to 255 | |
Notes | The following elements are part of a mandatory choice: cli-command or python-script. | |
Introduced | 21.7.R1 | |
Platforms | All |
description string
Synopsis | Alias description | |
Context | configure system management-interface cli md-cli environment command-alias alias string description string | |
Tree | description | |
String Length | 1 to 110 | |
Introduced | 21.7.R1 | |
Platforms | All |
mount-point [path] (keyword | string)
Synopsis | Add a list entry for mount-point | |
Context | configure system management-interface cli md-cli environment command-alias alias string mount-point (keyword | string) | |
Tree | mount-point | |
Min. Instances | 1 | |
Introduced | 21.7.R1 | |
Platforms | All |
[path] (keyword | string)
Synopsis | Mount point where the alias is available | |
Context | configure system management-interface cli md-cli environment command-alias alias string mount-point (keyword | string) | |
Tree | mount-point | |
String Length | 1 to 255 | |
Options | ||
Notes | This element is part of a list key. | |
Introduced | 21.7.R1 | |
Platforms | All |
python-script reference
Synopsis | Python script to run when executing the alias | |
Context | configure system management-interface cli md-cli environment command-alias alias string python-script reference | |
Tree | python-script | |
Reference | configure python python-script string | |
Notes | The following elements are part of a mandatory choice: cli-command or python-script. | |
Introduced | 21.7.R1 | |
Platforms | All |
command-completion
Synopsis | Enter the command-completion context | |
Context | configure system management-interface cli md-cli environment command-completion | |
Tree | command-completion | |
Introduced | 16.0.R1 | |
Platforms | All |
enter boolean
Synopsis | Complete the command when the Enter key is pressed | |
Context | configure system management-interface cli md-cli environment command-completion enter boolean | |
Tree | enter | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
space boolean
Synopsis | Complete the command when the Space key is pressed | |
Context | configure system management-interface cli md-cli environment command-completion space boolean | |
Tree | space | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
tab boolean
Synopsis | Complete the command when the Tab key is pressed | |
Context | configure system management-interface cli md-cli environment command-completion tab boolean | |
Tree | tab | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
console
Synopsis | Enter the console context | |
Context | configure system management-interface cli md-cli environment console | |
Tree | console | |
Introduced | 16.0.R1 | |
Platforms | All |
length number
Synopsis | Number of lines displayed on the console | |
Context | configure system management-interface cli md-cli environment console length number | |
Tree | length | |
Range | 24 to 512 | |
Default | 24 | |
Introduced | 16.0.R1 | |
Platforms |
All |
width number
Synopsis | Number of columns displayed on the console | |
Context | configure system management-interface cli md-cli environment console width number | |
Tree | width | |
Range | 80 to 512 | |
Default | 80 | |
Introduced | 16.0.R1 | |
Platforms |
All |
info-output
Synopsis | Enter the info-output context | |
Context | configure system management-interface cli md-cli environment info-output | |
Tree | info-output | |
Introduced | 22.2.R1 | |
Platforms | All |
always-display
Synopsis | Enter the always-display context | |
Context | configure system management-interface cli md-cli environment info-output always-display | |
Tree | always-display | |
Description | Commands in this context specify elements that are always displayed in the info output, regardless of whether the detail option is used. | |
Introduced | 22.2.R1 | |
Platforms | All |
admin-state boolean
Synopsis | Always display admin-state elements | |
Context | configure system management-interface cli md-cli environment info-output always-display admin-state boolean | |
Tree | admin-state | |
Description | When configured to true, the values of the admin-state elements in info output (without the detail option) are always displayed, even if they are the default values. | |
Default | false | |
Introduced | 22.2.R1 | |
Platforms | All |
message-severity-level
Synopsis | Enter the message-severity-level context | |
Context | configure system management-interface cli md-cli environment message-severity-level | |
Tree | message-severity-level | |
Introduced | 16.0.R1 | |
Platforms | All |
cli keyword
Synopsis | Message severity threshold for CLI messages | |
Context | configure system management-interface cli md-cli environment message-severity-level cli keyword | |
Tree | cli | |
Options | ||
Default | info | |
Introduced | 16.0.R1 | |
Platforms | All |
more boolean
Synopsis | Activate the pager when output is longer than a screen | |
Context | configure system management-interface cli md-cli environment more boolean | |
Tree | more | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
progress-indicator
Synopsis | Enter the progress-indicator context | |
Context | configure system management-interface cli md-cli environment progress-indicator | |
Tree | progress-indicator | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the progress indicator | |
Context | configure system management-interface cli md-cli environment progress-indicator admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
delay number
Synopsis | Delay before the progress indicator is displayed | |
Context | configure system management-interface cli md-cli environment progress-indicator delay number | |
Tree | delay | |
Range | 0 to 10000 | |
Units | milliseconds | |
Default | 1000 | |
Introduced | 16.0.R1 | |
Platforms | All |
type keyword
Synopsis | Progress indicator output style | |
Context | configure system management-interface cli md-cli environment progress-indicator type keyword | |
Tree | type | |
Options | ||
Default | dots | |
Introduced | 16.0.R1 | |
Platforms | All |
prompt
Synopsis | Enter the prompt context | |
Context | configure system management-interface cli md-cli environment prompt | |
Tree | prompt | |
Introduced | 16.0.R1 | |
Platforms | All |
context boolean
Synopsis | Show the current command context in the prompt | |
Context | configure system management-interface cli md-cli environment prompt context boolean | |
Tree | context | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
newline boolean
Synopsis | Add a new line before every prompt line | |
Context | configure system management-interface cli md-cli environment prompt newline boolean | |
Tree | newline | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
timestamp boolean
Synopsis | Show the timestamp before the first prompt line | |
Context | configure system management-interface cli md-cli environment prompt timestamp boolean | |
Tree | timestamp | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
uncommitted-changes-indicator boolean
Synopsis | Show an asterisk (*) when uncommitted changes exist | |
Context | configure system management-interface cli md-cli environment prompt uncommitted-changes-indicator boolean | |
Tree | uncommitted-changes-indicator | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
python
Synopsis | Enter the python context | |
Context | configure system management-interface cli md-cli environment python | |
Tree | python | |
Description | Commands in this context customize Python settings used with the Python 3 interpreter in MD-CLI applications such as pyexec, command aliases, EHS, and CRON. | |
Introduced | 21.10.R1 | |
Platforms | All |
memory-reservation number
Synopsis | Memory reserved per Python interpreter | |
Context | configure system management-interface cli md-cli environment python memory-reservation number | |
Tree | memory-reservation | |
Range | 1 to 500 | |
Units | megabytes | |
Introduced | 21.10.R1 | |
Platforms |
All |
minimum-available-memory number
Synopsis | Minimum memory requirement to run a Python interpreter | |
Context | configure system management-interface cli md-cli environment python minimum-available-memory number | |
Tree | minimum-available-memory | |
Range | 5 to 50 | |
Units | percent | |
Introduced | 21.10.R1 | |
Platforms |
All |
timeout number
Synopsis | Maximum run time before a Python application is stopped | |
Context | configure system management-interface cli md-cli environment python timeout number | |
Tree | timeout | |
Range | 30 to 86400 | |
Units | seconds | |
Default | 3600 | |
Introduced | 21.10.R1 | |
Platforms | All |
time-display keyword
Synopsis | Time zone to display time | |
Context | configure system management-interface cli md-cli environment time-display keyword | |
Tree | time-display | |
Description | This command configures the time zone for a timestamp displayed in outputs, such as event logs and show commands for the current CLI session. In event logs, the selected time is used to control the timestamps in the CLI output of show log log-id and in YANG state in the /state/log/log-id branch (for logs such as session, cli, memory, SNMP, and NETCONF). Also see the configure log log-id time-format command. | |
Options | ||
Default | local | |
Introduced | 16.0.R1 | |
Platforms | All |
time-format keyword
Synopsis | Format to display the date and time | |
Context | configure system management-interface cli md-cli environment time-format keyword | |
Tree | time-format | |
Description | This command specifies the format of the time display in the prompt, configuration, state, and certain show command output in the current CLI session. | |
Options | ||
Default | rfc-3339 | |
Introduced | 20.5.R1 | |
Platforms | All |
commit-history number
Synopsis | Number of commit history IDs to store | |
Context | configure system management-interface commit-history number | |
Tree | commit-history | |
Description | This command sets the number of IDs to store in the commit history. Setting the value to 0 disables the commit history. | |
Range | 0 to 200 | |
Default | 50 | |
Introduced | 21.10.R1 | |
Platforms |
All |
configuration-mode keyword
Synopsis | Management interfaces allowed to edit the configuration | |
Context | configure system management-interface configuration-mode keyword | |
Tree | configuration-mode | |
Description | This command controls which of the classic or model-driven management interfaces can modify the configuration of the router. Any management interface can be used in any configuration mode (to gather state information or perform operations, for example), but only specific management interfaces (CLI, NETCONF, and so on) are allowed to edit the configuration of the router in different modes. For example, only classic CLI and SNMP can be used to edit the configuration when in classic mode. | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
configuration-save
Synopsis | Enter the configuration-save context | |
Context | configure system management-interface configuration-save | |
Tree | configuration-save | |
Description | Commands in this context configure the attributes for saved configuration files. | |
Introduced | 16.0.R1 | |
Platforms | All |
configuration-backups number
Synopsis | Maximum number of configuration versions maintained | |
Context | configure system management-interface configuration-save configuration-backups number | |
Tree | configuration-backups | |
Description | This command configures the maximum number of saved configuration file versions the router maintains. When the configuration is saved, configuration file names are appended with a numeric extension. Each subsequent configuration save creates a new configuration file version with an incremented numeric extension until the maximum count is reached, after which the next configuration save overwrites the oldest file version. Each persistent index file is updated at the same time as the associated configuration file. The system synchronizes the active and standby CPM for all configurations and their associated persistent index files. | |
Range | 1 to 200 | |
Default | 50 | |
Introduced | 16.0.R1 | |
Platforms |
All |
incremental-saves boolean
Synopsis | Use incremental saved configuration files | |
Context | configure system management-interface configuration-save incremental-saves boolean | |
Tree | incremental-saves | |
Description | When configured to true, the system saves each commit to the configure configuration region in a separate incremental saved configuration file, which allows for faster commits, instead of saving a complete saved configuration file each time. | |
Default | true | |
Introduced | 22.7.R1 | |
Platforms | All |
netconf
Synopsis | Enter the netconf context | |
Context | configure system management-interface netconf | |
Tree | netconf | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of NETCONF | |
Context | configure system management-interface netconf admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
auto-config-save boolean
Synopsis | Automatically save configuration as part of commit | |
Context | configure system management-interface netconf auto-config-save boolean | |
Tree | auto-config-save | |
Description | When configured to true, the system automatically writes the running configuration to the save configuration file as part of a successful commit operation. | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
capabilities
Synopsis | Enter the capabilities context | |
Context | configure system management-interface netconf capabilities | |
Tree | capabilities | |
Description | Commands in this context configure explicit capabilities for the NETCONF server. | |
Introduced | 16.0.R1 | |
Platforms | All |
candidate boolean
Synopsis | Allow the NETCONF server to access candidate datastore | |
Context | configure system management-interface netconf capabilities candidate boolean | |
Tree | candidate | |
Description | When configured to true, this command allows the SR OS NETCONF server to access the candidate configuration datastore. Configuring this command to true also enables using commit and discard-changes. When configure system management-interface configuration-mode is set to classic, the candidate capability is disabled, even if this command is configured to true. When configured to false, this command disables the SR OS NETCONF server from accessing the candidate datastore. If the candidate is disabled, requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session, the candidate capability is not advertised in the SR OS NETCONF Hello message. | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
delay-on-boot number
Synopsis | Delay for NETCONF connections after system boot | |
Context | configure system management-interface netconf delay-on-boot number | |
Tree | delay-on-boot | |
Description | This command configures the delay timer for NETCONF connections. When the timer expires, NETCONF becomes operational and connections are accepted. This delay prevents automation from managing the system while it is still converging. When no delay is configured, connections are accepted after the system boots and NETCONF becomes operational. | |
Range | 1 to 3600 | |
Units | seconds | |
Introduced | 23.10.R1 | |
Platforms |
All |
port number
Synopsis | Port on which NETCONF server listens for connections | |
Context | configure system management-interface netconf port number | |
Tree | port | |
Description | This command specifies the port on which the SR OS NETCONF server listens for new connections. One port can be configured for NETCONF management. The configured port applies to both non-VPRN and VPRN management. New NETCONF connections are able to use the configured port. For NETCONF connections not using VPRN management, active NETCONF connections are not disconnected if the connection port changes. For NETCONF connections using VPRN management, active NETCONF connections are disconnected if the connection port changes. | |
Range | 22 | 830 | |
Default | 830 | |
Introduced | 19.10.R1 | |
Platforms |
All |
operations
Synopsis | Enter the operations context | |
Context | configure system management-interface operations | |
Tree | operations | |
Description | Commands in this context configure parameters associated with operational commands in model-driven interfaces. | |
Introduced | 21.5.R1 | |
Platforms | All |
global-timeouts
Synopsis | Enter the global-timeouts context | |
Context | configure system management-interface operations global-timeouts | |
Tree | global-timeouts | |
Description | Commands in this context configure system timeout parameters for operational commands. Timeout parameters provide default system-level control for various types of operational commands in model-driven interfaces. The timeout values are used when specific execution and retention timeouts are not requested for a specific operation. | |
Introduced | 21.5.R1 | |
Platforms | All |
asynchronous-execution (number | keyword)
Synopsis | Timeout for asynchronous operation execution | |
Context | configure system management-interface operations global-timeouts asynchronous-execution (number | keyword) | |
Tree | asynchronous-execution | |
Description | This command configures the period of time that operations launched as “asynchronous” are allowed to execute before being automatically stopped by the SR OS. An asynchronous operation is not deleted from the system when it is stopped. See the asynchronous-retention command. If a specific execution timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies. Note: This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter). | |
Range | 1 to 604800 | |
Units | seconds | |
Options | ||
Default | 3600 | |
Introduced | 21.5.R1 | |
Platforms | All |
asynchronous-retention (number | keyword)
Synopsis | Timeout for asynchronous operation data retention | |
Context | configure system management-interface operations global-timeouts asynchronous-retention (number | keyword) | |
Tree | asynchronous-retention | |
Description | This command configures the period of time that data related to operations launched as “asynchronous” is retained in the system. After the retention timeout expires, all information related to the operation is deleted, including any status information and result data. If a specific retention timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies. | |
Range | 1 to 604800 | |
Units | seconds | |
Options | ||
Default | 86400 | |
Introduced | 21.5.R1 | |
Platforms | All |
synchronous-execution (number | keyword)
Synopsis | Timeout for synchronous operation execution | |
Context | configure system management-interface operations global-timeouts synchronous-execution (number | keyword) | |
Tree | synchronous-execution | |
Description | This command configures the period of time that operations launched as “'synchronous” (the default method for all operations) are allowed to execute before they are automatically stopped, and their associated data is deleted. If a specific execution timeout is not included in the request for a particular synchronous operation, this system-level timeout applies. Note: This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter). Caution: If this command is set with a specific time value, MD-CLI operations are subject to the timeout and are interrupted if they execute longer than the time value. This situation can arise because the timeout also applies to operations requested in the MD-CLI interface (for example, ping, file dir, and so on). | |
Range | 1 to 604800 | |
Units | seconds | |
Options | ||
Default | never | |
Introduced | 21.5.R1 | |
Platforms | All |
remote-management
Synopsis | Enter the remote-management context | |
Context | configure system management-interface remote-management | |
Tree | remote-management | |
Description | Commands in this context configure the SR OS node to use the remote management service. Configuring remote management enables the SR OS node to report itself to a remote manager service running on a remote server, so that it is included in the dynamic list of available nodes. The manager service streamlines the management of multiple SR OS nodes running different SR OS versions using the same client application providing a similar shell to the MD-CLI. | |
Introduced | 20.5.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of remote management registration | |
Context | configure system management-interface remote-management admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.5.R1 | |
Platforms | All |
allow-unsecure-connection
Synopsis | Allow connection without secured transport protocol | |
Context | configure system management-interface remote-management allow-unsecure-connection | |
Tree | allow-unsecure-connection | |
Description | When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information. | |
Notes | The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. | |
Introduced | 20.5.R1 | |
Platforms | All |
client-tls-profile reference
Synopsis | TLS client profile name | |
Context | configure system management-interface remote-management client-tls-profile reference | |
Tree | client-tls-profile | |
Description | This command specifies the client TLS profile to all remote managers. | |
Reference | configure system security tls client-tls-profile string | |
Notes | The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. | |
Introduced | 20.5.R1 | |
Platforms | All |
connection-timeout number
Synopsis | Time without a response before manager declared down | |
Context | configure system management-interface remote-management connection-timeout number | |
Tree | connection-timeout | |
Range | 1 to 3600 | |
Units | seconds | |
Default | 60 | |
Introduced | 20.5.R1 | |
Platforms | All |
delay-on-boot number
Synopsis | Delay for remote management after system boot | |
Context | configure system management-interface remote-management delay-on-boot number | |
Tree | delay-on-boot | |
Description | This command configures the delay timer for remote management connections over gRPC. When the timer expires, remote management becomes operational and connections are accepted. This delay prevents automation from managing the system while it is still converging. When no delay is configured, remote management connections are accepted after the system boots and gRPC becomes operational. | |
Range | 1 to 3600 | |
Units | seconds | |
Introduced | 23.10.R1 | |
Platforms |
All |
device-label string
Synopsis | Device label supplied to the remote manager | |
Context | configure system management-interface remote-management device-label string | |
Tree | device-label | |
Description | This command specifies a metadata label that is supplied to the manager. This label is used to group devices or network nodes with a common purpose or goal. | |
String Length | 1 to 64 | |
Introduced | 20.5.R1 | |
Platforms | All |
device-name string
Synopsis | Device name supplied to the remote manager | |
Context | configure system management-interface remote-management device-name string | |
Tree | device-name | |
Description | This command specifies a device name that is supplied to the manager. The name identifies a specific SR OS node in the network. When unconfigured, the default system name is used. | |
String Length | 1 to 64 | |
Introduced | 20.5.R1 | |
Platforms | All |
hello-interval number
Synopsis | Time between hello messages from SR OS node to manager | |
Context | configure system management-interface remote-management hello-interval number | |
Tree | hello-interval | |
Range | 10 to 216000 | |
Units | seconds | |
Default | 600 | |
Introduced | 20.5.R1 | |
Platforms | All |
manager [manager-name] string
Synopsis | Enter the manager list instance | |
Context | configure system management-interface remote-management manager string | |
Tree | manager | |
Description | Commands in this context configure options for a specific manager. Commands configured in this context take precedence over command values specified directly in the configure management-interface remote-management context. If a command is not configured in this context, the command setting is inherited from the higher level context. | |
Max. Instances | 2 | |
Introduced | 20.5.R1 | |
Platforms | All |
[manager-name] string
Synopsis | Remote management manager name | |
Context | configure system management-interface remote-management manager string | |
Tree | manager | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of remote management registration | |
Context | configure system management-interface remote-management manager string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.5.R1 | |
Platforms | All |
allow-unsecure-connection
Synopsis | Allow connection without secured transport protocol | |
Context | configure system management-interface remote-management manager string allow-unsecure-connection | |
Tree | allow-unsecure-connection | |
Description | When configured, the system allows an unsecured connection to the remote managers; the TCP connection is not encrypted. This includes username and password information. | |
Notes | The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. | |
Introduced | 20.5.R1 | |
Platforms | All |
client-tls-profile reference
Synopsis | TLS client profile name assigned to the remote manager | |
Context | configure system management-interface remote-management manager string client-tls-profile reference | |
Tree | client-tls-profile | |
Reference | configure system security tls client-tls-profile string | |
Notes | The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. | |
Introduced | 20.5.R1 | |
Platforms | All |
connection-timeout number
Synopsis | Time without response before manager is declared down | |
Context | configure system management-interface remote-management manager string connection-timeout number | |
Tree | connection-timeout | |
Range | 1 to 3600 | |
Units | seconds | |
Introduced | 20.5.R1 | |
Platforms |
All |
description string
Synopsis | Text description | |
Context | configure system management-interface remote-management manager string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.5.R1 | |
Platforms | All |
device-label string
Synopsis | Device label supplied to the remote manager | |
Context | configure system management-interface remote-management manager string device-label string | |
Tree | device-label | |
Description | This command specifies a metadata label that is supplied to the manager. This label is used to group devices or network nodes with a common purpose or goal. | |
String Length | 1 to 64 | |
Introduced | 20.5.R1 | |
Platforms | All |
device-name string
Synopsis | Device name supplied to the remote manager | |
Context | configure system management-interface remote-management manager string device-name string | |
Tree | device-name | |
Description | This command specifies a device name that is supplied to the manager. The name identifies a specific SR OS node in the network. When unconfigured, the default system name is used. | |
String Length | 1 to 64 | |
Introduced | 20.5.R1 | |
Platforms | All |
manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
Synopsis | Destination IP address of the manager | |
Context | configure system management-interface remote-management manager string manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) | |
Tree | manager-address | |
String Length | 1 to 255 | |
Introduced | 20.5.R1 | |
Platforms | All |
manager-port number
Synopsis | Destination TCP port for gRPC connections to manager | |
Context | configure system management-interface remote-management manager string manager-port number | |
Tree | manager-port | |
Range | 1 to 65535 | |
Default | 57400 | |
Introduced | 20.5.R1 | |
Platforms |
All |
router-instance string
Synopsis | Reference to a router or VPRN service name | |
Context | configure system management-interface remote-management manager string router-instance string | |
Tree | router-instance | |
Introduced | 20.5.R1 | |
Platforms | All |
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Source IP address for connection to the manager | |
Context | configure system management-interface remote-management manager string source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | source-address | |
Introduced | 20.5.R1 | |
Platforms | All |
source-port (number | keyword)
Synopsis | Source TCP destination port number | |
Context | configure system management-interface remote-management manager string source-port (number | keyword) | |
Tree | source-port | |
Range | 1 to 65535 | |
Options | ||
Introduced | 20.5.R1 | |
Platforms | All |
router-instance string
Synopsis | Router name or VPRN service name | |
Context | configure system management-interface remote-management router-instance string | |
Tree | router-instance | |
Default | management | |
Introduced | 20.5.R1 | |
Platforms | All |
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Source IP address for connection to the manager | |
Context | configure system management-interface remote-management source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | source-address | |
Introduced | 20.5.R1 | |
Platforms | All |
source-port (number | keyword)
Synopsis | Source TCP port number to connection to the manager | |
Context | configure system management-interface remote-management source-port (number | keyword) | |
Tree | source-port | |
Range | 1 to 65535 | |
Options | ||
Default | grpc-default | |
Introduced | 20.5.R1 | |
Platforms | All |
schema-path string
Synopsis | Schema path URL | |
Context | configure system management-interface schema-path string | |
Tree | schema-path | |
Description | This command specifies the schema path where the SR OS YANG modules can be placed by the user before using a <get-schema> request. Nokia recommends that the URL string not exceed 135 characters for the <get-schema> request to work correctly with all schema files. If this command is not configured, the software upgrade process manages the YANG schema files to ensure the schema files are synchronized with the software image on both the primary and standby CPM. | |
String Length | 1 to 180 | |
Introduced | 16.0.R4 | |
Platforms | All |
snmp
Synopsis | Enter the snmp context | |
Context | configure system management-interface snmp | |
Tree | snmp | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the SNMP agent | |
Context | configure system management-interface snmp admin-state keyword | |
Tree | admin-state | |
Description | This command administratively enables or disables SNMP agent operations. Disabling SNMP does not prevent the agent from sending SNMP notifications to configured SNMP trap destinations. In classic and mixed configuration mode, the agent is administratively disabled in the event of a reboot when the processing of the configuration file fails to complete or when an SNMP persistent index file fails while the bof system persistent-indices command is set to true. This prevents an SNMP-based management system from accessing and possibly synchronizing with a partially booted or incomplete network element. This auto-disable behavior is not applicable to model-driven configuration mode. | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
engine-id string
Synopsis | SNMP engine ID that identifies the SNMPv3 node | |
Context | configure system management-interface snmp engine-id string | |
Tree | engine-id | |
Description | This command sets the SNMP engine ID that uniquely identifies the SNMPv3 node. If unconfigured, the system uses an engine ID based on the information from the system backplane. If the SNMP engine ID is changed, the current configuration must be saved and a reboot must be executed. Otherwise, the previously configured SNMP communities and logger trap-target notify communities will not be valid for the new engine ID. Note: Changing the SNMP engine ID invalidates all SNMPv3 MD5 and SHA security digest keys, which may render the node unmanageable. When replacing a chassis, configure the new router to use the same engine ID as the previous router. This preserves SNMPv3 security keys and allows management stations to use their existing authentication keys for the new router. Ensure that the engine ID of each router is unique. A management domain can only maintain one instance of a specific engine ID. | |
String Length | 10 to 64 | |
Introduced | 16.0.R1 | |
Platforms | All |
general-port number
Synopsis | Port number used to send general SNMP messages | |
Context | configure system management-interface snmp general-port number | |
Tree | general-port | |
Description | This command configures the port number used to receive SNMP request messages and send replies. For the port used for SNMP notifications, configure the configure log snmp-trap-group trap-target port command. | |
Range | 0 | 1 to 65535 | |
Default | 161 | |
Introduced | 16.0.R1 | |
Platforms |
All |
max-bulk-duration number
Synopsis | Maximum process duration before responses are returned | |
Context | configure system management-interface snmp max-bulk-duration number | |
Tree | max-bulk-duration | |
Description | This command sets the maximum duration to process an SNMP request before bulk responses are returned to avoid a timeout on the management system when a lot of information is returned in the response. | |
Range | 100 to 5000 | |
Units | milliseconds | |
Introduced | 23.3.R1 | |
Platforms |
All |
packet-size number
Synopsis | Maximum SNMP packet size generated by the node | |
Context | configure system management-interface snmp packet-size number | |
Tree | packet-size | |
Range | 484 to 9216 | |
Default | 1500 | |
Introduced | 16.0.R1 | |
Platforms |
All |
streaming
Synopsis | Enter the streaming context | |
Context | configure system management-interface snmp streaming | |
Tree | streaming | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of SNMP streaming | |
Context | configure system management-interface snmp streaming admin-state keyword | |
Tree | admin-state | |
Description | This command enables or disables the proprietary SNMP request and response bundling as well as the TCP-based transport mechanism for optimizing network management of the router nodes. In higher latency networks, synchronizing router MIBs from network management using streaming takes less time than synchronizing using classic SNMP UDP requests. Streaming operates on TCP port 1491 and runs over IPv4 or IPv6. | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
yang-modules
Synopsis | Enter the yang-modules context | |
Context | configure system management-interface yang-modules | |
Tree | yang-modules | |
Description | Commands in this context determine the system support of the Nokia YANG models. The settings affect the data sent in a NETCONF <hello>, data populated in the RFC 6022 /netconf-state/schemas list, data returned in a <get-schema> request, and data populated in the RFC 8525 /yang-library. See "NETCONF monitoring" and "YANG library" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for more information. | |
Introduced | 16.0.R1 | |
Platforms | All |
nmda
Synopsis | Enter the nmda context | |
Context | configure system management-interface yang-modules nmda | |
Tree | nmda | |
Description | Commands in this context configure the attributes for the Network Management Datastores Architecture (NMDA). | |
Introduced | 21.7.R1 | |
Platforms | All |
nmda-support boolean
Synopsis | Advertise NMDA support over NETCONF | |
Context | configure system management-interface yang-modules nmda nmda-support boolean | |
Tree | nmda-support | |
Description | When configured to true, this command enables the advertisement of NMDA support over NETCONF through the use of YANG library 1.1. When configured to false, this command disables NMDA advertisement over NETCONF and YANG library 1.0 is used. | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
nokia-combined-modules boolean
Synopsis | Support access to combined Nokia YANG models | |
Context | configure system management-interface yang-modules nokia-combined-modules boolean | |
Tree | nokia-combined-modules | |
Description | When configured to true, the system supports the combined Nokia YANG files for both configuration and state data in the NETCONF server. When the system is operating in classic configuration mode, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF result in errors, even if this command is set to true. When configured to false, access to the combined Nokia YANG files is not supported. This command and the nokia-submodules command cannot both be set to true at the same time. | |
Introduced | 16.0.R4 | |
Platforms | All |
nokia-submodules boolean
Synopsis | Support submodule-based packaging of Nokia YANG models | |
Context | configure system management-interface yang-modules nokia-submodules boolean | |
Tree | nokia-submodules | |
Description | When configured to true, the system supports the alternative submodule-based packaging of the Nokia YANG files for both configuration and state data in the NETCONF server. When the system is operating in classic configuration mode, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF result in errors, even if this command is set to true. When configured to false, access to the submodule-based packaging of the Nokia YANG files is not supported. This command and the nokia-combined-modules command cannot both be set to true at the same time. | |
Introduced | 21.2.R1 | |
Platforms | All |
openconfig-modules boolean
Synopsis | Support access to OpenConfig YANG models | |
Context | configure system management-interface yang-modules openconfig-modules boolean | |
Tree | openconfig-modules | |
Description | When configured to true, this command allows access to OpenConfig YANG models in all model-driven interfaces. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
shared-model-management boolean
Synopsis | Allow multiple models to configure the same elements | |
Context | configure system management-interface yang-modules shared-model-management boolean | |
Tree | shared-model-management | |
Description | When configured to true, the router allows Nokia and third-party models to configure the same elements in model-driven interfaces. When configured to false, only one model can be used to configure the same element. | |
Default | true | |
Introduced | 23.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
name string
network-element-discovery
Synopsis | Enter the network-element-discovery context | |
Context | configure system network-element-discovery | |
Tree | network-element-discovery | |
Introduced | 19.5.R1 | |
Platforms | All |
generate-traps boolean
Synopsis | Generate NE discovery traps | |
Context | configure system network-element-discovery generate-traps boolean | |
Tree | generate-traps | |
Default | false | |
Introduced | 19.5.R1 | |
Platforms | All |
profile [name] string
Synopsis | Enter the profile list instance | |
Context | configure system network-element-discovery profile string | |
Tree | profile | |
Max. Instances | 1 | |
Introduced | 19.5.R1 | |
Platforms | All |
[name] string
Synopsis | Profile name | |
Context | configure system network-element-discovery profile string | |
Tree | profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 19.5.R1 | |
Platforms | All |
neid string
Synopsis | Network element ID of the advertised node | |
Context | configure system network-element-discovery profile string neid string | |
Tree | neid | |
String Length | 7 to 8 | |
Introduced | 19.5.R1 | |
Platforms | All |
neip
Synopsis | Enter the neip context | |
Context | configure system network-element-discovery profile string neip | |
Tree | neip | |
Introduced | 19.5.R1 | |
Platforms | All |
auto-generate
Synopsis | Enter the auto-generate context | |
Context | configure system network-element-discovery profile string neip auto-generate | |
Tree | auto-generate | |
Introduced | 21.2.R1 | |
Platforms | All |
ipv4
Synopsis | Enable the ipv4 context | |
Context | configure system network-element-discovery profile string neip auto-generate ipv4 | |
Tree | ipv4 | |
Introduced | 21.2.R1 | |
Platforms | All |
vendor-id-value number
Synopsis | Most significant byte if the NE IPv4 address | |
Context | configure system network-element-discovery profile string neip auto-generate ipv4 vendor-id-value number | |
Tree | vendor-id-value | |
Range | 1 to 255 | |
Default | 140 | |
Introduced | 21.2.R1 | |
Platforms |
All |
ipv6
Synopsis | Enable the ipv6 context | |
Context | configure system network-element-discovery profile string neip auto-generate ipv6 | |
Tree | ipv6 | |
Introduced | 21.2.R1 | |
Platforms | All |
vendor-id-value number
Synopsis | Most significant byte of the NE IPv6 address | |
Context | configure system network-element-discovery profile string neip auto-generate ipv6 vendor-id-value number | |
Tree | vendor-id-value | |
Range | 1 to 255 | |
Default | 140 | |
Introduced | 21.2.R1 | |
Platforms |
All |
ipv4 string
ipv6 string
platform-type string
Synopsis | Platform name and chassis type to be advertised | |
Context | configure system network-element-discovery profile string platform-type string | |
Tree | platform-type | |
String Length | 1 to 255 | |
Introduced | 19.5.R1 | |
Platforms | All |
system-mac string
Synopsis | MAC address of the advertised node | |
Context | configure system network-element-discovery profile string system-mac string | |
Tree | system-mac | |
Introduced | 19.5.R1 | |
Platforms | All |
vendor-id string
Synopsis | Vendor ID to be advertised | |
Context | configure system network-element-discovery profile string vendor-id string | |
Tree | vendor-id | |
String Length | 1 to 255 | |
Default | Nokia | |
Introduced | 19.5.R1 | |
Platforms |
All |
ospf-dynamic-hostnames boolean
Synopsis | Process received OSPF dynamic hostname information | |
Context | configure system ospf-dynamic-hostnames boolean | |
Tree | ospf-dynamic-hostnames | |
Description | When configured to true, OSPF dynamic hostnames are enabled. The router receiving the new dynamic hostname within the OSPF Router Information (RI) LSA is instructed to process the received dynamic hostname information. When configured to false, dynamic hostname information is not processed. | |
Default | false | |
Introduced | 20.2.R1 | |
Platforms | All |
persistence
Synopsis | Enter the persistence context | |
Context | configure system persistence | |
Tree | persistence | |
Description | Commands in this context configure persistence on the system. The persistence feature enables the system to retain state information learned through DHCP snooping across reboots. This information includes data such as the IP address and MAC binding information, lease-length information, and ingress SAP information (required for VPLS snooping to identify the ingress interface). If persistence is enabled when there are no DHCP relay or snooping commands enabled, the system creates an empty file. | |
Introduced | 16.0.R1 | |
Platforms | All |
ancp
Synopsis | Enter the ancp context | |
Context | configure system persistence ancp | |
Tree | ancp | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system persistence ancp description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
location keyword
Synopsis | CPM flash card where the information is stored | |
Context | configure system persistence ancp location keyword | |
Tree | location | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
application-assurance
Synopsis | Enter the application-assurance context | |
Context | configure system persistence application-assurance | |
Tree | application-assurance | |
Description | Commands in this context configure AA persistence on the system. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description string
Synopsis | Text description | |
Context | configure system persistence application-assurance description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
location keyword
Synopsis | CPM flash card where the information is stored | |
Context | configure system persistence application-assurance location keyword | |
Tree | location | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
dhcp-server
Synopsis | Enter the dhcp-server context | |
Context | configure system persistence dhcp-server | |
Tree | dhcp-server | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description string
Synopsis | Text description | |
Context | configure system persistence dhcp-server description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
location keyword
Synopsis | CPM flash card where the information is stored | |
Context | configure system persistence dhcp-server location keyword | |
Tree | location | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
nat-port-forwarding
Synopsis | Enter the nat-port-forwarding context | |
Context | configure system persistence nat-port-forwarding | |
Tree | nat-port-forwarding | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description string
Synopsis | Text description | |
Context | configure system persistence nat-port-forwarding description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
location keyword
Synopsis | CPM flash card where the information is stored | |
Context | configure system persistence nat-port-forwarding location keyword | |
Tree | location | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
options
Synopsis | Enter the options context | |
Context | configure system persistence options | |
Tree | options | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
dhcp-leasetime-threshold number
Synopsis | DHCP lease time limit to be eligible for persistence | |
Context | configure system persistence options dhcp-leasetime-threshold number | |
Tree | dhcp-leasetime-threshold | |
Range | 1 to 631152000 | |
Units | seconds | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
python-policy-cache
Synopsis | Enter the python-policy-cache context | |
Context | configure system persistence python-policy-cache | |
Tree | python-policy-cache | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system persistence python-policy-cache description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
location keyword
Synopsis | CPM flash card where the information is stored | |
Context | configure system persistence python-policy-cache location keyword | |
Tree | location | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
subscriber-mgmt
Synopsis | Enter the subscriber-mgmt context | |
Context | configure system persistence subscriber-mgmt | |
Tree | subscriber-mgmt | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
description string
Synopsis | Text description | |
Context | configure system persistence subscriber-mgmt description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
location keyword
Synopsis | CPM flash card where the information is stored | |
Context | configure system persistence subscriber-mgmt location keyword | |
Tree | location | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
power-management power-zone number
Synopsis | Enter the power-management list instance | |
Context | configure system power-management power-zone number | |
Tree | power-management | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
power-zone number
Synopsis | Power zone | |
Context | configure system power-management power-zone number | |
Tree | power-management | |
Range | 1 to 2 | |
MD-CLI Default | 1 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
mode keyword
Synopsis | Power capacity mode algorithm | |
Context | configure system power-management power-zone number mode keyword | |
Tree | mode | |
Options | ||
Default | basic | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
power-safety-alert number
Synopsis | Power capacity to trigger a safety alert event | |
Context | configure system power-management power-zone number power-safety-alert number | |
Tree | power-safety-alert | |
Range | 0 to 120000 | |
Units | watts | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
power-safety-level number
Synopsis | Minimum threshold to power off devices | |
Context | configure system power-management power-zone number power-safety-level number | |
Tree | power-safety-level | |
Range | 0 to 100 | |
Units | percent | |
Default | 100 | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
ptp
Synopsis | Enter the ptp context | |
Context | configure system ptp | |
Tree | ptp | |
Description | Commands in this context configure Precision Time Control (PTP) parameters based on IEEE 1588-2008, Precision Time Protocol. The context is only supported on control assemblies that support 1588. | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of PTP | |
Context | configure system ptp admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
alternate-profile [name] string
Synopsis | Enter the alternate-profile list instance | |
Context | configure system ptp alternate-profile string | |
Tree | alternate-profile | |
Description | Commands in this context create an alternate profile configuration for use in PTP messaging. The alternate profile can be used at the edge of a network to provide PTP time or frequency distribution outward to external PTP clocks. The alternate profile cannot be deleted if it is configured as the profile under a PTP port. | |
Max. Instances | 6 | |
Introduced | 22.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[name] string
Synopsis | Alternate profile name | |
Context | configure system ptp alternate-profile string | |
Tree | alternate-profile | |
Description | This command configures an alternate profile name. The strings "Primary" and "primary" cannot be used for the alternate-profile name. | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the alternate PTP profile | |
Context | configure system ptp alternate-profile string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 22.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
domain number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Alternate profile PTP domain number | |
Context | configure system ptp alternate-profile string domain number | |
Tree | domain | |
Range | 0 to 255 | |
Default | 24 | |
Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log-announce-interval number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | PTP announce message interval in log form | |
Context | configure system ptp alternate-profile string log-announce-interval number | |
Tree | log-announce-interval | |
Description | This command configures the announce message interval used for multicast messages within the alternate profile. For multicast messages used on PTP Ethernet ports, this command configures the message interval used for announce messages transmitted by the local node. This value has no impact on the interval used for the BTCA, which is controlled by the value defined for the primary profile. | |
Range | -3 to 4 | |
Default | -3 | |
Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
profile keyword
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Standard based profile used within an alternate profile | |
Context | configure system ptp alternate-profile string profile keyword | |
Tree | profile | |
Description | This command specifies the standard based profile that is used as the basis for the alternate profile. This setting controls the contents of PTP messages sent on ports and peers using this alternate profile. | |
Options | ||
Default | g8275dot1-2014 | |
Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
announce-receipt-timeout number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Expired intervals count before timeout event declared | |
Context | configure system ptp announce-receipt-timeout number | |
Tree | announce-receipt-timeout | |
Description | This command configures the number of Announce message intervals that must expire with no received Announce messages before declaring an ANNOUNCE_RECEIPT_TIMEOUT event. | |
Range | 2 to 10 | |
Default | 3 | |
Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
clock-type keyword
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Clock type | |
Context | configure system ptp clock-type keyword | |
Tree | clock-type | |
Options | ||
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
domain number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | PTP domain | |
Context | configure system ptp domain number | |
Tree | domain | |
Description | This command configures the PTP domain. The default and valid range of the domain depend on the configured PTP profile.
| |
Range | 0 to 255 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
local-priority number
Synopsis | PTP clock local priority | |
Context | configure system ptp local-priority number | |
Tree | local-priority | |
Description | This command configures the local priority used to choose between PTP timeTransmitters in the best timeTransmitter clock algorithm (BTCA). This setting applies when the PTP profile is either configured for G.8275.1 or G.8275.2 and is ignored for any other profile. For G.8275.1 or G.8275.2, this command configures the localPriority parameter associated with the local clock (ptp context). See G.8275.1 or G.8275.2 for detailed information. | |
Range | 1 to 255 | |
Default | 128 | |
Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log-announce-interval number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Announce message interval in log form | |
Context | configure system ptp log-announce-interval number | |
Tree | log-announce-interval | |
Description | This command configures the Announce message interval used for both unicast and multicast messages. For unicast messages, the Announce message interval is requested during unicast negotiation to any peer. This controls the Announce message rate sent from remote peers to the local node. It does not affect the announce message rate that may be sent from the local node to remote peers. Remote peers may request an Announce message rate within the acceptable grant range. For multicast messages used on PTP Ethernet ports, this command specifies the message interval used for Announce messages transmitted by the local node. This value also defines the interval between executions of the BTCA within the node. To minimize BTCA driven reconfigurations, IEEE recommends that the announce interval should be consistent across the entire 1588 network. | |
Range | -3 to 4 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
network-type keyword
Synopsis | PTP network type | |
Context | configure system ptp network-type keyword | |
Tree | network-type | |
Description | This command configures the codeset to be used for the encoding of QL values into PTP clockClass values and vice versa when the profile is configured for G.8265.1 or G.8275.2. This setting only applies to the range of values observed in the clockClass values transmitted out of the node in Announce messages. The router supports the reception of any valid value in Table 1/G.8265.1 and Table2/G.8275.2. | |
Options | ||
Default | sdh | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port [port-id] reference
Synopsis | Enter the port list instance | |
Context | configure system ptp port reference | |
Tree | port | |
Description | Commands in this context configure PTP over Ethernet on the physical port. The PTP process transmits and receives PTP messages through the port using Ethernet encapsulation (as opposed to UDP/IPv4 encapsulation). Frames are transmitted with no VLAN tags, even if the port is configured for dot1q or qinq modes for encap-type. The received frames from the external PTP clock must also be untagged. Two reserved multicast addresses are allocated for PTP messages (see Annex F IEEE Std 1588-2008). Either address can be configured for the PTP messages sent through the port. A PTP port cannot be created if the PTP profile is configured for G.8265.1. If the port supports 1588 port-based timestamping, Synchronous Ethernet must be enabled on the MDA when PTP over Ethernet is enabled. De-provisioning of the card or MDA containing the specified port is not permitted while the port is configured within PTP. Changing the encapsulation or the port type of the Ethernet port is not permitted when PTP Ethernet Multicast operation is configured on the port. To allocate an Ethernet satellite client port as a PTP port, the Ethernet satellite must first be enabled for the transparent clock function. For more information, see the configure satellite ethernet-satellite ptp-tc command. The SyncE/1588 ports of the CPM and CCMs can be specified as PTP ports. These use the ‘A/3’ and ‘B/3’ designation and both must be specified as two PTP ports if both are used. The active CPM sends and receives messages on both ports if they are specified and enabled. | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[port-id] reference
address string
Synopsis | Destination MAC address of the transmitted PTP messages | |
Context | configure system ptp port reference address string | |
Tree | address | |
Description | This command specifies the destination MAC address of the transmitted PTP messages. IEEE Std 1588-2008 Annex F defines two reserved addresses for 1588 messages, which include:
Both addresses are supported for reception, independent of the address configured by this command. | |
Default | 01:1B:19:00:00:00 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the PTP port | |
Context | configure system ptp port reference admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
alternate-profile reference
Synopsis | Alternate profile for the PTP port | |
Context | configure system ptp port reference alternate-profile reference | |
Tree | alternate-profile | |
Description | This command creates the alternate profile that is used in communications with the port or peer. If no alternate profile is specified, the primary profile is used. | |
Reference | configure system ptp alternate-profile string | |
Introduced | 22.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
local-priority number
Synopsis | PTP port local priority | |
Context | configure system ptp port reference local-priority number | |
Tree | local-priority | |
Description | This command configures the local priority used to choose between PTP timeTransmitters in the best timeTransmitter clock algorithm (BTCA). This setting applies when the PTP profile is either configured for G.8275.1 or G.8275.2 and is ignored for any other profile. For G.8275.1 or G.8275.2, this command configures the localPriority parameter associated with the Announce messages received from the external clocks (ptp port context). See G.8275.1 or G.8275.2 for detailed information. | |
Range | 1 to 255 | |
Default | 128 | |
Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log-delay-interval number
Synopsis | Minimum interval for Delay_Req messages in log form | |
Context | configure system ptp port reference log-delay-interval number | |
Tree | log-delay-interval | |
Description | This command configures the minimum interval used for multicast Delay_Req messages for the port. For ports in a slave state, the interval is used, unless the parent port indicates a longer interval. For a port in master state, the interval is advertised to external slave ports as the minimum acceptable interval for Delay_Req messages from the slave ports. The router supports the 1588 standard requirement for a port in slave state to check the logMessageInterval field of received multicast Delay_Resp messages. If the value of the logMessageInterval field of the messages is greater than the value configured locally for the generation of Delay_Req messages, the slave must use the longer interval for the generation of Delay_Req messages. The interval value is specified as the logarithm to the base 2. | |
Range | -6 to 0 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log-sync-interval number
Synopsis | Interval for transmission of Sync messages in log form | |
Context | configure system ptp port reference log-sync-interval number | |
Tree | log-sync-interval | |
Description | This command configures the interval used for Sync messages transmitted by the local node when the port is in master state. The interval value is specified as the logarithm to the base 2. | |
Range | -6 to 0 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
master-only boolean
Synopsis | Restrict the local port to master state | |
Context | configure system ptp port reference master-only boolean | |
Tree | master-only | |
Description | When configured to true, the local port is restricted to master state only, ensuring that the system does not obtain synchronization from attached external devices. This command is supported only when the PTP profile is set for G.8275.1 or G.8275.2. | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
priority1 number
Synopsis | Priority1 of the local clock | |
Context | configure system ptp priority1 number | |
Tree | priority1 | |
Description | This command configures the priority1 parameter of the local clock. The setting is used when the profile is configured for IEEE 1588-2008. This value is used by the Best Master Clock Algorithm to determine which clock should provide timing for the network and is advertised in Announce messages. | |
Range | 0 to 255 | |
Default | 128 | |
Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
priority2 number
Synopsis | Priority2 of the local clock | |
Context | configure system ptp priority2 number | |
Tree | priority2 | |
Description | This command configures the priority2 parameter of the local clock. The setting is used when the profile is configured for IEEE 1588-2008, G.8275.1, or G.8275.2. This value is used by the Best Master Clock algorithm to determine which clock should provide timing for the network and is advertised in Announce messages. | |
Range | 0 to 255 | |
Default | 128 | |
Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
profile keyword
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | PTP profile | |
Context | configure system ptp profile keyword | |
Tree | profile | |
Description | This command configures the profile to be used for the internal PTP clock. It defines the Best timeTransmitter Clock Algorithm (BTCA) behavior. Profile changes may affect the settings of other configuration elements, such as the clock type and default settings for the delay interval, announce interval, and the Sync interval. The following clock types are supported for the indicated profiles:
| |
Options | ||
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ptsf
monitor-ptsf-unusable
Synopsis | Enter the monitor-ptsf-unusable context | |
Context | configure system ptp ptsf monitor-ptsf-unusable | |
Tree | monitor-ptsf-unusable | |
Description | Commands in this context configure monitoring of neighbor clocks for the PTSF-unusable state (condition) when the profile is set to g8275dot1-2014. When administratively enabled, the local clock monitors the noise level of PTP event messages between external neighbor PTP ports and the local clock. If it detects a high variation in the network path between the external neighbor port and the local port, it considers the neighbor port unusable. Announce messages from the neighbor are discarded and excluded from the BTCA and the port cannot be selected as the parent clock. The unusable condition must be manually cleared. When administratively disabled, the monitor PTSF function of the PTP clock clears PTSF-unusable states from all neighbor PTP ports. If no PTP messages are received from a neighbor for 15 minutes, the neighbor information is purged and the PTSF-unusable state is cleared. | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of PTSF unusable monitoring | |
Context | configure system ptp ptsf monitor-ptsf-unusable admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
router [router-instance] string
[router-instance] string
admin-state keyword
Synopsis | Administrative state of PTP on the router instance | |
Context | configure system ptp router string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
peer [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
admin-state keyword
Synopsis | Administrative state of the PTP peer | |
Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
local-priority number
Synopsis | PTP peer local priority | |
Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) local-priority number | |
Tree | local-priority | |
Description | This command configures the local priority for the peer, which is used to choose between PTP timeTransmitters in the best timeTransmitter clock algorithm (BTCA). This setting applies when the PTP profile is configured for G.8265.1, G.8275.1, or G.8275.2 and is ignored for any other profile. For G.8265.1, this command configures the priority used to choose between timeTransmitter clocks with the same quality (see G.8265.1 for more details). For G.8275.1 or G.8275.2, this command configures the localPriority parameter associated with the Announce messages received from the external clocks (ptp router peer context). See G.8275.1 or G.8275.2 for detailed information. | |
Range | 1 to 255 | |
Default | 128 | |
Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log-sync-interval number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | PTP peer interval for Sync messages in log form | |
Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) log-sync-interval number | |
Tree | log-sync-interval | |
Description | This command configures the message interval used for Sync and Delay_Resp messages that are requested during unicast negotiation to the peer. The setting controls messages sent from remote peers to the local node but the packet rate from the local node to remote peers is not affected. Remote peers may request a packet rate within the acceptable range. The interval value is specified as the logarithm to the base 2. | |
Range | -6 to 0 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
peer-limit number
Synopsis | Number of discovered peers allowed for routing instance | |
Context | configure system ptp router string peer-limit number | |
Tree | peer-limit | |
Description | This command specifies the maximum number of discovered peers permitted within the routing instance. This ensures that a routing instance does not consume all the possible discovered peers and prevents the routing instance from blocking discovered peers in other routing instances. The sum of all peer limit values for all routing instances cannot exceed the maximum number of discovered peers supported by the system. | |
Range | 0 to 512 | |
Introduced | 21.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tx-while-sync-uncertain boolean
Synopsis | Send Announce messages while clock is unsynchronized | |
Context | configure system ptp tx-while-sync-uncertain boolean | |
Tree | tx-while-sync-uncertain | |
Description | When configured to true, the local PTP clock transmits Announce messages to downstream clocks to indicate it has not yet stabilized on the recovered synchronization source (upstream clocks or GM clock). While the PTP clock is unsynchronized, the SyncUncertain state is true. When configured to false, the local PTP clock does not send Announce messages to downstream clocks to indicate it is not synchronized to a valid timing source. If the SyncUncertain state of the clock is true while this command is configured to false, unicast negotiation grant requests are not granted and current grants are canceled. | |
Default | true | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
script-control
Synopsis | Enter the script-control context | |
Context | configure system script-control | |
Tree | script-control | |
Introduced | 16.0.R1 | |
Platforms | All |
script [script-name] string owner string
Synopsis | Enter the script list instance | |
Context | configure system script-control script string owner string | |
Tree | script | |
Max. Instances | 1500 | |
Introduced | 16.0.R1 | |
Platforms | All |
[script-name] string
Synopsis | Script name | |
Context | configure system script-control script string owner string | |
Tree | script | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
owner string
Synopsis | Script owner | |
Context | configure system script-control script string owner string | |
Tree | script | |
Description | This command configures the owner to be associated with the script. The owner is optional and "TiMOS CLI" is used if an owner is not specified. The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized. | |
String Length | 1 to 32 | |
MD-CLI Default | TiMOS CLI | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the script | |
Context | configure system script-control script string owner string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system script-control script string owner string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
location string
script-policy [policy-name] string owner string
Synopsis | Enter the script-policy list instance | |
Context | configure system script-control script-policy string owner string | |
Tree | script-policy | |
Max. Instances | 1500 | |
Introduced | 16.0.R1 | |
Platforms | All |
[policy-name] string
Synopsis | Script policy name | |
Context | configure system script-control script-policy string owner string | |
Tree | script-policy | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
owner string
Synopsis | Script policy owner | |
Context | configure system script-control script-policy string owner string | |
Tree | script-policy | |
Description | This command configures the owner to be associated with the script policy. The owner is optional and "TiMOS CLI" is used if an owner is not specified. The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized. | |
String Length | 1 to 32 | |
MD-CLI Default | TiMOS CLI | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the script policy | |
Context | configure system script-control script-policy string owner string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
expire-time (number | keyword)
Synopsis | Maximum amount of time to keep a run history status | |
Context | configure system script-control script-policy string owner string expire-time (number | keyword) | |
Tree | expire-time | |
Range | 0 to 21474836 | |
Units | seconds | |
Options | ||
Default | 3600 | |
Introduced | 16.0.R1 | |
Platforms |
All |
lifetime (number | keyword)
Synopsis | Maximum amount of time the script may run | |
Context | configure system script-control script-policy string owner string lifetime (number | keyword) | |
Tree | lifetime | |
Range | 0 to 21474836 | |
Units | seconds | |
Options | ||
Default | 3600 | |
Notes |
The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). | |
Introduced | 16.0.R1 | |
Platforms | All |
lock-override boolean
Synopsis | Allow EHS/CRON script to break database explicit lock | |
Context | configure system script-control script-policy string owner string lock-override boolean | |
Tree | lock-override | |
Default | false | |
Introduced | 19.10.R1 | |
Platforms | All |
max-completed number
Synopsis | Maximum number of script history status entries kept | |
Context | configure system script-control script-policy string owner string max-completed number | |
Tree | max-completed | |
Range | 1 to 1500 | |
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms |
All |
python-lifetime number
Synopsis | Maximum time the Python application can run | |
Context | configure system script-control script-policy string owner string python-lifetime number | |
Tree | python-lifetime | |
Range | 30 to 86400 | |
Units | seconds | |
Notes |
The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). | |
Introduced | 21.10.R1 | |
Platforms | All |
python-script
Synopsis | Enter the python-script context | |
Context | configure system script-control script-policy string owner string python-script | |
Tree | python-script | |
Notes | The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). | |
Introduced | 21.10.R1 | |
Platforms | All |
name reference
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Python application name | |
Context | configure system script-control script-policy string owner string python-script name reference | |
Tree | name | |
Reference | configure python python-script string | |
Introduced | 21.10.R1 | |
Platforms | All |
results string
Synopsis | Location to receive CLI output of a script run | |
Context | configure system script-control script-policy string owner string results string | |
Tree | results | |
String Length | 1 to 255 | |
Introduced | 16.0.R1 | |
Platforms | All |
script
Synopsis | Enter the script context | |
Context | configure system script-control script-policy string owner string script | |
Tree | script | |
Notes | The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). | |
Introduced | 16.0.R1 | |
Platforms | All |
name string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Script name | |
Context | configure system script-control script-policy string owner string script name string | |
Tree | name | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
owner string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Script owner | |
Context | configure system script-control script-policy string owner string script owner string | |
Tree | owner | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
security
Synopsis | Enter the security context | |
Context | configure system security | |
Tree | security | |
Description | Commands in this context configure central security settings such as DDoS protection, users, authorization profiles, and certificates. Access to these commands should be restricted to highly trusted users and device administrators. | |
Introduced | 16.0.R1 | |
Platforms | All |
aaa
cli-session-group [cli-session-group-name] string
Synopsis | Enter the cli-session-group list instance | |
Context | configure system security aaa cli-session-group string | |
Tree | cli-session-group | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[cli-session-group-name] string
Synopsis | CLI session group name | |
Context | configure system security aaa cli-session-group string | |
Tree | cli-session-group | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R2 | |
Platforms | All |
combined-max-sessions number
Synopsis | Maximum number of concurrent SSH and Telnet sessions | |
Context | configure system security aaa cli-session-group string combined-max-sessions number | |
Tree | combined-max-sessions | |
Range | 0 to 50 | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security aaa cli-session-group string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
ssh-max-sessions number
Synopsis | Maximum number of concurrent SSH sessions | |
Context | configure system security aaa cli-session-group string ssh-max-sessions number | |
Tree | ssh-max-sessions | |
Range | 0 to 50 | |
Introduced | 16.0.R1 | |
Platforms | All |
telnet-max-sessions number
Synopsis | Maximum number of concurrent Telnet sessions | |
Context | configure system security aaa cli-session-group string telnet-max-sessions number | |
Tree | telnet-max-sessions | |
Range | 0 to 50 | |
Introduced | 16.0.R1 | |
Platforms | All |
health-check (number | keyword)
Synopsis | Polling interval of RADIUS, TACACS+, and LDAP servers | |
Context | configure system security aaa health-check (number | keyword) | |
Tree | health-check | |
Range | 6 to 1500 | |
Units | seconds | |
Options | ||
Default | 30 | |
Introduced | 16.0.R1 | |
Platforms | All |
local-profiles
Synopsis | Enter the local-profiles context | |
Context | configure system security aaa local-profiles | |
Tree | local-profiles | |
Introduced | 16.0.R1 | |
Platforms | All |
profile [user-profile-name] string
[user-profile-name] string
cli-session-group reference
Synopsis | CLI session group to which the profile belongs | |
Context | configure system security aaa local-profiles profile string cli-session-group reference | |
Tree | cli-session-group | |
Reference | configure system security aaa cli-session-group string | |
Introduced | 16.0.R1 | |
Platforms | All |
combined-max-sessions number
Synopsis | Maximum number of concurrent SSH and Telnet sessions | |
Context | configure system security aaa local-profiles profile string combined-max-sessions number | |
Tree | combined-max-sessions | |
Range | 0 to 50 | |
Introduced | 16.0.R1 | |
Platforms | All |
default-action keyword
Synopsis | Action for non-matching entry | |
Context | configure system security aaa local-profiles profile string default-action keyword | |
Tree | default-action | |
Options | ||
Default | none | |
Introduced | 16.0.R1 | |
Platforms |
All |
entry [entry-id] number
[entry-id] number
action keyword
description string
Synopsis | Text description | |
Context | configure system security aaa local-profiles profile string entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
match string
grpc
rpc-authorization
Synopsis | Enter the rpc-authorization context | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization | |
Tree | rpc-authorization | |
Description | Commands in this context control the authorization of each RPC in gRPC interfaces. | |
Introduced | 16.0.R1 | |
Platforms | All |
gnmi-capabilities keyword
Synopsis | gNMI Capabilities RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-capabilities keyword | |
Tree | gnmi-capabilities | |
Options | ||
Default | permit | |
Introduced | 16.0.R1 | |
Platforms | All |
gnmi-get keyword
Synopsis | gNMI Get RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-get keyword | |
Tree | gnmi-get | |
Options | ||
Default | permit | |
Introduced | 16.0.R1 | |
Platforms | All |
gnmi-set keyword
Synopsis | gNMI Set RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-set keyword | |
Tree | gnmi-set | |
Options | ||
Default | permit | |
Introduced | 16.0.R1 | |
Platforms | All |
gnmi-subscribe keyword
Synopsis | gNMI Subscribe RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-subscribe keyword | |
Tree | gnmi-subscribe | |
Options | ||
Default | permit | |
Introduced | 16.0.R1 | |
Platforms | All |
gnoi-cert-mgmt-cangenerate keyword
Synopsis | gNOI CanGenerateCSR RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-cangenerate keyword | |
Tree | gnoi-cert-mgmt-cangenerate | |
Options | ||
Default | deny | |
Introduced | 19.10.R1 | |
Platforms | All |
gnoi-cert-mgmt-getcert keyword
Synopsis | gNOI GetCertificates RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-getcert keyword | |
Tree | gnoi-cert-mgmt-getcert | |
Options | ||
Default | deny | |
Introduced | 19.10.R1 | |
Platforms | All |
gnoi-cert-mgmt-install keyword
Synopsis | gNOI Install RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-install keyword | |
Tree | gnoi-cert-mgmt-install | |
Options | ||
Default | deny | |
Introduced | 19.10.R1 | |
Platforms | All |
gnoi-cert-mgmt-revoke keyword
Synopsis | gNOI RevokeCertificates RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-revoke keyword | |
Tree | gnoi-cert-mgmt-revoke | |
Options | ||
Default | deny | |
Introduced | 20.2.R1 | |
Platforms | All |
gnoi-cert-mgmt-rotate keyword
Synopsis | gNOI Rotate RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-rotate keyword | |
Tree | gnoi-cert-mgmt-rotate | |
Options | ||
Default | deny | |
Introduced | 19.10.R1 | |
Platforms | All |
gnoi-file-get keyword
Synopsis | gNOI File Get RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-get keyword | |
Tree | gnoi-file-get | |
Options | ||
Default | permit | |
Introduced | 21.2.R1 | |
Platforms | All |
gnoi-file-put keyword
Synopsis | gNOI File Put RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-put keyword | |
Tree | gnoi-file-put | |
Options | ||
Default | permit | |
Introduced | 21.2.R1 | |
Platforms | All |
gnoi-file-remove keyword
Synopsis | gNOI File Remove RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-remove keyword | |
Tree | gnoi-file-remove | |
Options | ||
Default | permit | |
Introduced | 21.2.R1 | |
Platforms | All |
gnoi-file-stat keyword
Synopsis | gNOI File Stat RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-stat keyword | |
Tree | gnoi-file-stat | |
Options | ||
Default | permit | |
Introduced | 21.2.R1 | |
Platforms | All |
gnoi-file-transfertoremote keyword
Synopsis | gNOI File TransferToRemote RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-transfertoremote keyword | |
Tree | gnoi-file-transfertoremote | |
Options | ||
Default | permit | |
Introduced | 21.7.R1 | |
Platforms | All |
gnoi-system-cancelreboot keyword
Synopsis | gNOI System CancelReboot RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-cancelreboot keyword | |
Tree | gnoi-system-cancelreboot | |
Options | ||
Default | deny | |
Introduced | 20.5.R1 | |
Platforms | All |
gnoi-system-ping keyword
Synopsis | gNOI System Ping RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-ping keyword | |
Tree | gnoi-system-ping | |
Options | ||
Default | permit | |
Introduced | 21.7.R1 | |
Platforms | All |
gnoi-system-reboot keyword
Synopsis | gNOI System Reboot RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-reboot keyword | |
Tree | gnoi-system-reboot | |
Options | ||
Default | deny | |
Introduced | 20.5.R1 | |
Platforms | All |
gnoi-system-rebootstatus keyword
Synopsis | gNOI System RebootStatus RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-rebootstatus keyword | |
Tree | gnoi-system-rebootstatus | |
Options | ||
Default | deny | |
Introduced | 20.5.R1 | |
Platforms | All |
gnoi-system-setpackage keyword
Synopsis | gNOI System SetPackage RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-setpackage keyword | |
Tree | gnoi-system-setpackage | |
Options | ||
Default | deny | |
Introduced | 20.5.R1 | |
Platforms | All |
gnoi-system-switchcontrolprocessor keyword
Synopsis | gNOI System SwitchControlProcessor RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-switchcontrolprocessor keyword | |
Tree | gnoi-system-switchcontrolprocessor | |
Options | ||
Default | deny | |
Introduced | 20.5.R1 | |
Platforms | All |
gnoi-system-time keyword
Synopsis | gNOI System Time RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-time keyword | |
Tree | gnoi-system-time | |
Options | ||
Default | permit | |
Introduced | 21.7.R1 | |
Platforms | All |
gnoi-system-traceroute keyword
Synopsis | gNOI System Traceroute RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-traceroute keyword | |
Tree | gnoi-system-traceroute | |
Options | ||
Default | permit | |
Introduced | 21.7.R1 | |
Platforms | All |
md-cli-session keyword
Synopsis | gNOI MdCli Session RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization md-cli-session keyword | |
Tree | md-cli-session | |
Options | ||
Default | permit | |
Introduced | 20.5.R1 | |
Platforms | All |
rib-api-getversion keyword
Synopsis | RibApi GetVersion RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization rib-api-getversion keyword | |
Tree | rib-api-getversion | |
Options | ||
Default | permit | |
Introduced | 16.0.R4 | |
Platforms | All |
rib-api-modify keyword
Synopsis | RibApi Modify RPC authorization | |
Context | configure system security aaa local-profiles profile string grpc rpc-authorization rib-api-modify keyword | |
Tree | rib-api-modify | |
Options | ||
Default | permit | |
Introduced | 16.0.R4 | |
Platforms | All |
li boolean
netconf
base-op-authorization
Synopsis | Enter the base-op-authorization context | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization | |
Tree | base-op-authorization | |
Description | Commands in this context configure the permission to use NETCONF operations at the base operation level for the specified profile. The NETCONF operations are authorized by default in the built-in system-generated administrative profile. | |
Introduced | 16.0.R1 | |
Platforms | All |
action boolean
Synopsis | Allow NETCONF action operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization action boolean | |
Tree | action | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
cancel-commit boolean
Synopsis | Allow NETCONF cancel-commit operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization cancel-commit boolean | |
Tree | cancel-commit | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
close-session boolean
Synopsis | Allow NETCONF close-session operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization close-session boolean | |
Tree | close-session | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
commit boolean
Synopsis | Allow NETCONF commit operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization commit boolean | |
Tree | commit | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
copy-config boolean
Synopsis | Allow NETCONF copy-config operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization copy-config boolean | |
Tree | copy-config | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
create-subscription boolean
Synopsis | Allow NETCONF create-subscription operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization create-subscription boolean | |
Tree | create-subscription | |
Description | When configured to true, this command enables the NETCONF create-subscription operation in the default profile. The base-op-authorization create-subscription configuration is not pre-emptive, which means that it is checked only at the time of the initial subscription. Configuration changes to base-op-authorization do not cancel any in-progress subscriptions and operators who successfully subscribed continue to receive messages. When configured to false, this command disables the NETCONF create-subscription operation in the default profile. The operation is enabled by default in the built-in system-generated administrative profile. | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
delete-config boolean
Synopsis | Allow NETCONF delete-config operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization delete-config boolean | |
Tree | delete-config | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
discard-changes boolean
Synopsis | Allow NETCONF discard-changes operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization discard-changes boolean | |
Tree | discard-changes | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
edit-config boolean
Synopsis | Allow NETCONF edit-config operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization edit-config boolean | |
Tree | edit-config | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
get boolean
Synopsis | Allow NETCONF get operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization get boolean | |
Tree | get | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
get-config boolean
Synopsis | Allow NETCONF get-config operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization get-config boolean | |
Tree | get-config | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
get-data boolean
Synopsis | Allow NETCONF get-data operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization get-data boolean | |
Tree | get-data | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
get-schema boolean
Synopsis | Allow NETCONF get-schema operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization get-schema boolean | |
Tree | get-schema | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
kill-session boolean
Synopsis | Allow NETCONF kill-session operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization kill-session boolean | |
Tree | kill-session | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
lock boolean
Synopsis | Allow NETCONF lock and unlock operations | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization lock boolean | |
Tree | lock | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
validate boolean
Synopsis | Allow NETCONF validate operation | |
Context | configure system security aaa local-profiles profile string netconf base-op-authorization validate boolean | |
Tree | validate | |
Default | false | |
Introduced | 21.7.R1 | |
Platforms | All |
ssh-max-sessions number
Synopsis | Maximum number of concurrent SSH sessions | |
Context | configure system security aaa local-profiles profile string ssh-max-sessions number | |
Tree | ssh-max-sessions | |
Range | 0 to 50 | |
Introduced | 16.0.R1 | |
Platforms | All |
telnet-max-sessions number
Synopsis | Maximum number of concurrent Telnet sessions | |
Context | configure system security aaa local-profiles profile string telnet-max-sessions number | |
Tree | telnet-max-sessions | |
Range | 0 to 50 | |
Introduced | 16.0.R1 | |
Platforms | All |
management-interface
Synopsis | Enter the management-interface context | |
Context | configure system security aaa management-interface | |
Tree | management-interface | |
Introduced | 20.10.R1 | |
Platforms | All |
md-cli
command-accounting-during-load boolean
Synopsis | Perform file command accounting for load or rollback | |
Context | configure system security aaa management-interface md-cli command-accounting-during-load boolean | |
Tree | command-accounting-during-load | |
Default | true | |
Introduced | 20.10.R1 | |
Platforms | All |
output-authorization
Synopsis | Enter the output-authorization context | |
Context | configure system security aaa management-interface output-authorization | |
Tree | output-authorization | |
Description | Commands in this context configure output authorization for model-driven interfaces and telemetry. When output authorization is performed, commands that display configuration or state output must authorize every element in the output. If a remote AAA server is configured, there may be delays in displaying output while the output is authorized. The remote AAA server may receive a large volume of authorization requests when substantial output displays are needed, such as for system configuration details. Input to edit the configuration is always authorized, and is not affected by commands in this context. | |
Introduced | 20.10.R1 | |
Platforms | All |
md-interfaces boolean
Synopsis | Authorize output in model-driven interfaces | |
Context | configure system security aaa management-interface output-authorization md-interfaces boolean | |
Tree | md-interfaces | |
Description | When configured to true, output is authorized for the following:
| |
Default | true | |
Introduced | 20.10.R1 | |
Platforms | All |
telemetry-data boolean
Synopsis | Authorize telemetry data in gNMI Subscribe RPC response | |
Context | configure system security aaa management-interface output-authorization telemetry-data boolean | |
Tree | telemetry-data | |
Default | false | |
Introduced | 20.10.R1 | |
Platforms | All |
remote-servers
Synopsis | Enter the remote-servers context | |
Context | configure system security aaa remote-servers | |
Tree | remote-servers | |
Introduced | 16.0.R1 | |
Platforms | All |
ldap
admin-state keyword
Synopsis | Administrative state of the LDAP operation protocol | |
Context | configure system security aaa remote-servers ldap admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
public-key-authentication boolean
Synopsis | Allow SSH public key authentication from LDAP server | |
Context | configure system security aaa remote-servers ldap public-key-authentication boolean | |
Tree | public-key-authentication | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
route-preference keyword
Synopsis | Route preference to reach the AAA server | |
Context | configure system security aaa remote-servers ldap route-preference keyword | |
Tree | route-preference | |
Description | This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance. | |
Options | ||
Default | both | |
Introduced | 21.5.R1 | |
Platforms | All |
server [index] number
[index] number
address [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
port number
admin-state keyword
Synopsis | Administrative state of the LDAP server | |
Context | configure system security aaa remote-servers ldap server number admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
bind-authentication
Synopsis | Enter the bind-authentication context | |
Context | configure system security aaa remote-servers ldap server number bind-authentication | |
Tree | bind-authentication | |
Introduced | 16.0.R1 | |
Platforms | All |
password string
Synopsis | Password used for authentication with the LDAP server | |
Context | configure system security aaa remote-servers ldap server number bind-authentication password string | |
Tree | password | |
String Length | 1 to 199 | |
Introduced | 16.0.R1 | |
Platforms | All |
root-dn string
Synopsis | Root domain used for authentication with LDAP server | |
Context | configure system security aaa remote-servers ldap server number bind-authentication root-dn string | |
Tree | root-dn | |
String Length | 1 to 512 | |
Introduced | 16.0.R1 | |
Platforms | All |
search
base-dn string
server-name string
Synopsis | LDAP server name | |
Context | configure system security aaa remote-servers ldap server number server-name string | |
Tree | server-name | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
tls-profile reference
Synopsis | TLS client profile used to encrypt the LDAP connection | |
Context | configure system security aaa remote-servers ldap server number tls-profile reference | |
Tree | tls-profile | |
Reference | configure system security tls client-tls-profile string | |
Introduced | 16.0.R1 | |
Platforms | All |
server-retry number
Synopsis | Number of attempts to retry contacting the LDAP server | |
Context | configure system security aaa remote-servers ldap server-retry number | |
Tree | server-retry | |
Range | 1 to 10 | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms |
All |
server-timeout number
Synopsis | Timeout for a response from the LDAP server | |
Context | configure system security aaa remote-servers ldap server-timeout number | |
Tree | server-timeout | |
Range | 1 to 90 | |
Units | seconds | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms | All |
use-default-template boolean
Synopsis | Apply the default template to LDAP | |
Context | configure system security aaa remote-servers ldap use-default-template boolean | |
Tree | use-default-template | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
radius
access-algorithm keyword
Synopsis | Algorithm used to access the set of RADIUS servers | |
Context | configure system security aaa remote-servers radius access-algorithm keyword | |
Tree | access-algorithm | |
Options | ||
Default | direct | |
Introduced | 16.0.R1 | |
Platforms | All |
accounting boolean
Synopsis | Enable RADIUS command accounting | |
Context | configure system security aaa remote-servers radius accounting boolean | |
Tree | accounting | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
accounting-port number
Synopsis | Port number on RADIUS server for accounting requests | |
Context | configure system security aaa remote-servers radius accounting-port number | |
Tree | accounting-port | |
Range | 1 to 65535 | |
Default | 1813 | |
Introduced | 16.0.R1 | |
Platforms |
All |
admin-state keyword
Synopsis | Administrative state of the authentication server | |
Context | configure system security aaa remote-servers radius admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
authorization boolean
Synopsis | Enable RADIUS authorization | |
Context | configure system security aaa remote-servers radius authorization boolean | |
Tree | authorization | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
interactive-authentication boolean
Synopsis | Enable RADIUS interactive authentication | |
Context | configure system security aaa remote-servers radius interactive-authentication boolean | |
Tree | interactive-authentication | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
port number
route-preference keyword
Synopsis | Route preference to reach the AAA server | |
Context | configure system security aaa remote-servers radius route-preference keyword | |
Tree | route-preference | |
Description | This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance. | |
Options | ||
Default | both | |
Introduced | 21.5.R1 | |
Platforms | All |
server [index] number
[index] number
address (ipv4-address-no-zone | ipv6-address-no-zone)
authenticator keyword
Synopsis | Authenticator hash algorithm for the RADIUS server | |
Context | configure system security aaa remote-servers radius server number authenticator keyword | |
Tree | authenticator | |
Description | This command specifies the hash algorithm used to authenticate RADIUS Access-Request, Access-Accept, Access-Reject, Access-Challenge, Accounting-Request, and Accounting-Response packets. | |
Options | ||
Default | md5 | |
Introduced | 22.10.R1 | |
Platforms | All |
secret string
tls-client-profile reference
Synopsis | TLS client profile for the RADIUS server | |
Context | configure system security aaa remote-servers radius server number tls-client-profile reference | |
Tree | tls-client-profile | |
Description | This command specifies the TLS client profile used to encrypt RADIUS communication. When configured, RADIUS messages are sent using TLS. | |
Reference | configure system security tls client-tls-profile string | |
Introduced | 21.10.R1 | |
Platforms | All |
server-retry number
Synopsis | Number of attempts to retry contacting RADIUS server | |
Context | configure system security aaa remote-servers radius server-retry number | |
Tree | server-retry | |
Range | 1 to 10 | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms |
All |
server-timeout number
Synopsis | Time to wait for a response from the RADIUS server | |
Context | configure system security aaa remote-servers radius server-timeout number | |
Tree | server-timeout | |
Range | 1 to 90 | |
Units | seconds | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms | All |
use-default-template boolean
Synopsis | Apply the RADIUS default user template to RADIUS user | |
Context | configure system security aaa remote-servers radius use-default-template boolean | |
Tree | use-default-template | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
tacplus
accounting
Synopsis | Enable the accounting context | |
Context | configure system security aaa remote-servers tacplus accounting | |
Tree | accounting | |
Introduced | 16.0.R1 | |
Platforms | All |
record-type keyword
Synopsis | Type of accounting record packet sent to TACACS+ server | |
Context | configure system security aaa remote-servers tacplus accounting record-type keyword | |
Tree | record-type | |
Options | ||
Default | stop-only | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-control
Synopsis | Enter the admin-control context | |
Context | configure system security aaa remote-servers tacplus admin-control | |
Tree | admin-control | |
Introduced | 16.0.R1 | |
Platforms | All |
tacplus-map-to-priv-lvl number
Synopsis | Interactive authentication from node to TACACS+ server | |
Context | configure system security aaa remote-servers tacplus admin-control tacplus-map-to-priv-lvl number | |
Tree | tacplus-map-to-priv-lvl | |
Range | 0 to 15 | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the TACACS+ protocol | |
Context | configure system security aaa remote-servers tacplus admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
authorization
Synopsis | Enable the authorization context | |
Context | configure system security aaa remote-servers tacplus authorization | |
Tree | authorization | |
Introduced | 16.0.R1 | |
Platforms | All |
request-format
Synopsis | Enter the request-format context | |
Context | configure system security aaa remote-servers tacplus authorization request-format | |
Tree | request-format | |
Description | Commands in this context configure access operations that are sent to the TACACS+ server during authorization. | |
Introduced | 21.10.R3 | |
Platforms | All |
access-operation-cmd keyword
Synopsis | Access operations sent in authorization requests | |
Context | configure system security aaa remote-servers tacplus authorization request-format access-operation-cmd keyword | |
Tree | access-operation-cmd | |
Description | This command sends an operation argument in authorization requests. In model-driven interfaces, this command configures the system to send the operation in the cmd argument, and the path in the cmd-args argument, in TACACS+ authorization requests. This command does not apply to authorization requests in classic interfaces. | |
Options | ||
Max. Instances | 1 | |
Introduced | 21.10.R3 | |
Platforms | All |
use-priv-lvl boolean
Synopsis | Allow privilege level mapping | |
Context | configure system security aaa remote-servers tacplus authorization use-priv-lvl boolean | |
Tree | use-priv-lvl | |
Description | When configured to true, this command automatically performs a single authorization request to the TACACS+ server for cmd* (all commands) immediately after login, and then uses the local profile associated (via the priv-lvl-map) with the priv-lvl returned by the TACACS+ server for all subsequent authorization (except enable-admin). After the initial authorization for cmd*, no further authorization requests are sent to the TACACS+ server (except enable-admin). When configured to false, each command is sent to the TACACS+ server for authorization (this is true regardless of whether the tacplus use-default-template setting is enabled). | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
interactive-authentication boolean
Synopsis | Allows TACACS+ interactive authentication | |
Context | configure system security aaa remote-servers tacplus interactive-authentication boolean | |
Tree | interactive-authentication | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
priv-lvl-map
Synopsis | Enter the priv-lvl-map context | |
Context | configure system security aaa remote-servers tacplus priv-lvl-map | |
Tree | priv-lvl-map | |
Introduced | 16.0.R1 | |
Platforms | All |
priv-lvl [level] number
Synopsis | Enter the priv-lvl list instance | |
Context | configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number | |
Tree | priv-lvl | |
Introduced | 16.0.R1 | |
Platforms | All |
[level] number
Synopsis | Privilege level for the mapping | |
Context | configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number | |
Tree | priv-lvl | |
Range | 0 to 15 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
user-profile-name reference
Synopsis | User profile for the mapping | |
Context | configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number user-profile-name reference | |
Tree | user-profile-name | |
Reference | configure system security aaa local-profiles profile string | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
route-preference keyword
Synopsis | Route preference to reach the AAA server | |
Context | configure system security aaa remote-servers tacplus route-preference keyword | |
Tree | route-preference | |
Description | This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance. | |
Options | ||
Default | both | |
Introduced | 21.5.R1 | |
Platforms | All |
server [index] number
[index] number
address (ipv4-address-no-zone | ipv6-address-no-zone)
port number
secret string
server-timeout number
Synopsis | Time to wait for a response from the TACACS+ server | |
Context | configure system security aaa remote-servers tacplus server-timeout number | |
Tree | server-timeout | |
Range | 1 to 90 | |
Units | seconds | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms | All |
use-default-template boolean
Synopsis | Apply TACACS+ default user-template to TACACS+ user | |
Context | configure system security aaa remote-servers tacplus use-default-template boolean | |
Tree | use-default-template | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
vprn-server
Synopsis | Enter the vprn-server context | |
Context | configure system security aaa remote-servers vprn-server | |
Tree | vprn-server | |
Introduced | 22.2.R1 | |
Platforms | All |
inband reference
Synopsis | VPRN service used for AAA by in-band sessions | |
Context | configure system security aaa remote-servers vprn-server inband reference | |
Tree | inband | |
Description | This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in the Base routing instance. | |
Reference | ||
Introduced | 22.2.R1 | |
Platforms | All |
outband reference
Synopsis | VPRN service used for AAA by out-of-band sessions | |
Context | configure system security aaa remote-servers vprn-server outband reference | |
Tree | outband | |
Description | This command configures TACACS+ and RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions on the console or out-of-band (OOB) Ethernet ports. | |
Reference | ||
Introduced | 22.2.R1 | |
Platforms | All |
vprn reference
Synopsis | VPRN used for AAA in VPRNs without a AAA server | |
Context | configure system security aaa remote-servers vprn-server vprn reference | |
Tree | vprn | |
Description | This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in VPRNs without a AAA server configured. | |
Reference | ||
Introduced | 22.2.R1 | |
Platforms | All |
user-template [user-template-name] keyword
Synopsis | Enter the user-template list instance | |
Context | configure system security aaa user-template keyword | |
Tree | user-template | |
Introduced | 16.0.R1 | |
Platforms | All |
[user-template-name] keyword
Synopsis | Default user template applied to the system user | |
Context | configure system security aaa user-template keyword | |
Tree | user-template | |
Options | ||
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
access
console boolean
ftp boolean
grpc boolean
li boolean
netconf boolean
console
login-exec string
Synopsis | File to execute for a successful user login via console | |
Context | configure system security aaa user-template keyword console login-exec string | |
Tree | login-exec | |
String Length | 1 to 200 | |
Introduced | 16.0.R1 | |
Platforms | All |
home-directory (sat-url | cflash-without-slot-url)
Synopsis | User local home directory based on the template | |
Context | configure system security aaa user-template keyword home-directory (sat-url | cflash-without-slot-url) | |
Tree | home-directory | |
Description | This command configures the home directory of the user for file access. Files can be accessed locally by CLI file commands and output modifiers such as > (file redirect), or remotely via FTP and SCP. If the home directory does not exist, a warning message is displayed when the user logs in. When restricted-to-home is configured, file access is denied unless the home-directory is configured and the directory is created by an administrator. | |
String Length | 1 to 200 | |
Introduced | 16.0.R1 | |
Platforms | All |
profile string
restricted-to-home boolean
Synopsis | Restrict file access to the home directory of the user | |
Context | configure system security aaa user-template keyword restricted-to-home boolean | |
Tree | restricted-to-home | |
Description | When configured to true, the router denies the user from accessing files outside of their home directory. Files can be accessed locally by CLI file commands and output modifiers such as > (file redirect), or remotely via FTP and SCP. The system denies all configuration save operations (such as admin save) via any management interface (such as CLI and NETCONF) unless save-when-restricted is enabled. File access is denied unless a home directory is configured and the directory is created by an administrator. When configured to false, the router permits the user to access all files on the system. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
save-when-restricted boolean
Synopsis | Save configurations when the user is restricted to home | |
Context | configure system security aaa user-template keyword save-when-restricted boolean | |
Tree | save-when-restricted | |
Description | When configured to true, the system permits configuration save operations for all configuration regions (such as bof and configure) via any management interface (such as CLI and NETCONF) even if restricted-to-home is enabled. The configuration for each region can be saved with admin save CLI commands or when committed over NETCONF and gRPC. When configured to false, the system denies saving the configuration when restricted-to-home is enabled, unless the home directory of the user includes the location of the saved configuration file. | |
Default | false | |
Introduced | 22.10.R1 | |
Platforms | All |
cli-script
Synopsis | Enter the cli-script context | |
Context | configure system security cli-script | |
Tree | cli-script | |
Introduced | 16.0.R1 | |
Platforms | All |
authorization
Synopsis | Enter the authorization context | |
Context | configure system security cli-script authorization | |
Tree | authorization | |
Introduced | 16.0.R1 | |
Platforms | All |
cron
Synopsis | Enter the cron context | |
Context | configure system security cli-script authorization cron | |
Tree | cron | |
Description | Commands in this context configure authorization for the cron job scheduler. | |
Introduced | 16.0.R1 | |
Platforms | All |
cli-user reference
Synopsis | User profile name for CLI command script authorization | |
Context | configure system security cli-script authorization cron cli-user reference | |
Tree | cli-user | |
Reference | configure system security user-params local-user user string | |
Introduced | 16.0.R1 | |
Platforms | All |
event-handler
Synopsis | Enter the event-handler context | |
Context | configure system security cli-script authorization event-handler | |
Tree | event-handler | |
Description | Commands in this context configure authorization for the Event Handling System (EHS). EHS allows user-controlled programmatic exception handling by allowing a CLI script to be executed upon the detection of a log event. | |
Introduced | 16.0.R1 | |
Platforms | All |
cli-user reference
Synopsis | User profile name for CLI command script authorization | |
Context | configure system security cli-script authorization event-handler cli-user reference | |
Tree | cli-user | |
Reference | configure system security user-params local-user user string | |
Introduced | 16.0.R1 | |
Platforms | All |
cpm-filter
Synopsis | Enter the cpm-filter context | |
Context | configure system security cpm-filter | |
Tree | cpm-filter | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
default-action keyword
Synopsis | Action for packets that do not match any filter entries | |
Context | configure system security cpm-filter default-action keyword | |
Tree | default-action | |
Options | ||
Default | accept | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ip-filter
Synopsis | Enter the ip-filter context | |
Context | configure system security cpm-filter ip-filter | |
Tree | ip-filter | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the CPM filter | |
Context | configure system security cpm-filter ip-filter admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
entry [entry-id] number
[entry-id] number
action
accept
default
Synopsis | Use default action for matching packets | |
Context | configure system security cpm-filter ip-filter entry number action default | |
Tree | default | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
queue reference
Synopsis | Forward matching packets to the CPM hardware queue | |
Context | configure system security cpm-filter ip-filter entry number action queue reference | |
Tree | queue | |
Reference | ||
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
description string
Synopsis | Text description | |
Context | configure system security cpm-filter ip-filter entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log reference
match
Synopsis | Enter the match context | |
Context | configure system security cpm-filter ip-filter entry number match | |
Tree | match | |
Description | Commands in this context specify match criteria for the entry. When the match criteria have been satisfied, the action associated with the entry is executed. If more than one match criterion is configured, all criteria must be met before the action associated with the entry is executed. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dscp keyword
dst-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
Synopsis | IPv4 address used as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match dst-ip address (ipv4-prefix-with-host-bits | ipv4-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ip-prefix-list reference
Synopsis | IPv4 address prefix list used as match criterion | |
Context | configure system security cpm-filter ip-filter entry number match dst-ip ip-prefix-list reference | |
Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask string
Synopsis | IPv4 address mask used as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match dst-ip mask string | |
Tree | mask | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dst-port
Synopsis | Enter the dst-port context | |
Context | configure system security cpm-filter ip-filter entry number match dst-port | |
Tree | dst-port | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
eq number
Synopsis | Port number as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match dst-port eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Port mask as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match dst-port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port-list reference
Synopsis | Port list as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match dst-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter ip-filter entry number match dst-port range | |
Tree | range | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
start number
fragment keyword
Synopsis | Match criterion based on presence of fragmented packets | |
Context | configure system security cpm-filter ip-filter entry number match fragment keyword | |
Tree | fragment | |
Description | This command specifies the match criterion based on the existence or absence of fragmented IP packets. Matching on fragmented IPv4 packets occurs when all packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value. For IPv6, the existence of the IPv6 Fragmentation Extension Header results in a fragmented packet match. Matching on non-fragmented IPv4 packets occurs when all packets have the MF bit set to zero and the Fragment Offset field is also set to zero. For IPv6, the absence of an IPv6 Fragmentation Extension Header results in a non-fragmented packet match. | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
icmp
code number
type number
ip-option
mask number
type number
multiple-option boolean
Synopsis | Match on packets containing multiple option fields | |
Context | configure system security cpm-filter ip-filter entry number match multiple-option boolean | |
Tree | multiple-option | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
option-present boolean
Synopsis | Match on packets with option field present | |
Context | configure system security cpm-filter ip-filter entry number match option-present boolean | |
Tree | option-present | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port
eq number
Synopsis | Port number as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match port eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Port mask as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port-list reference
Synopsis | Port list as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter ip-filter entry number match port range | |
Tree | range | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
start number
protocol (number | keyword)
router-instance string
Synopsis | Router instance as the match criteria | |
Context | configure system security cpm-filter ip-filter entry number match router-instance string | |
Tree | router-instance | |
String Length | 1 to 64 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
src-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
Synopsis | IPv4 address used as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match src-ip address (ipv4-prefix-with-host-bits | ipv4-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ip-prefix-list reference
Synopsis | IPv4 address prefix list used as match criterion | |
Context | configure system security cpm-filter ip-filter entry number match src-ip ip-prefix-list reference | |
Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask string
Synopsis | IPv4 address mask used as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match src-ip mask string | |
Tree | mask | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
src-port
Synopsis | Enter the src-port context | |
Context | configure system security cpm-filter ip-filter entry number match src-port | |
Tree | src-port | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
eq number
Synopsis | Port number as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match src-port eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Port mask as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match src-port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port-list reference
Synopsis | Port list as the match criterion | |
Context | configure system security cpm-filter ip-filter entry number match src-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter ip-filter entry number match src-port range | |
Tree | range | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
start number
tcp-flags
ack boolean
syn boolean
ipv6-filter
Synopsis | Enter the ipv6-filter context | |
Context | configure system security cpm-filter ipv6-filter | |
Tree | ipv6-filter | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the CPM filter | |
Context | configure system security cpm-filter ipv6-filter admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure system security cpm-filter ipv6-filter entry number | |
Tree | entry | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[entry-id] number
Synopsis | Filter entry ID | |
Context | configure system security cpm-filter ipv6-filter entry number | |
Tree | entry | |
Range | 1 to 131072 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
action
Synopsis | Enter the action context | |
Context | configure system security cpm-filter ipv6-filter entry number action | |
Tree | action | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
accept
Synopsis | Forward matching packets | |
Context | configure system security cpm-filter ipv6-filter entry number action accept | |
Tree | accept | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
default
Synopsis | Use default action for matching packets | |
Context | configure system security cpm-filter ipv6-filter entry number action default | |
Tree | default | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
Synopsis | Drop matching packets | |
Context | configure system security cpm-filter ipv6-filter entry number action drop | |
Tree | drop | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
queue reference
Synopsis | Forward matching packets to the CPM hardware queue | |
Context | configure system security cpm-filter ipv6-filter entry number action queue reference | |
Tree | queue | |
Reference | ||
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
description string
Synopsis | Text description | |
Context | configure system security cpm-filter ipv6-filter entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log reference
Synopsis | Log ID where matching packets are entered | |
Context | configure system security cpm-filter ipv6-filter entry number log reference | |
Tree | log | |
Reference | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
match
Synopsis | Enter the match context | |
Context | configure system security cpm-filter ipv6-filter entry number match | |
Tree | match | |
Description | Commands in this context specify match criteria for the entry. When the match criteria have been satisfied, the action associated with the entry is executed. If more than one match criterion is configured, all criteria must be met before the action associated with the entry is executed. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dscp keyword
Synopsis | DSCP used as the match criterion on the packet | |
Context | configure system security cpm-filter ipv6-filter entry number match dscp keyword | |
Tree | dscp | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dst-ip
Synopsis | Enter the dst-ip context | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-ip | |
Tree | dst-ip | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask string
Synopsis | IPv6 address mask used as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-ip mask string | |
Tree | mask | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dst-port
Synopsis | Enter the dst-port context | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port | |
Tree | dst-port | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
eq number
Synopsis | Port number as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Port mask as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port-list reference
Synopsis | Port list as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port range | |
Tree | range | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
Synopsis | Upper bound of the port number to match | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port range end number | |
Tree | end | |
Range | 0 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
start number
Synopsis | Lower bound of the port number to match | |
Context | configure system security cpm-filter ipv6-filter entry number match dst-port range start number | |
Tree | start | |
Range | 0 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
extension-header
Synopsis | Enter the extension-header context | |
Context | configure system security cpm-filter ipv6-filter entry number match extension-header | |
Tree | extension-header | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
hop-by-hop boolean
Synopsis | Match on existence of Hop-By-Hop Options Header | |
Context | configure system security cpm-filter ipv6-filter entry number match extension-header hop-by-hop boolean | |
Tree | hop-by-hop | |
Description | When configured to true, a match occurs when the Hop-by-Hop Options Extension Header is present. When configured to false, a match occurs when the Hop-by-Hop Options Extension Header is not present. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
flow-label number
Synopsis | Flow label in the IPv6 header as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match flow-label number | |
Tree | flow-label | |
Range | 0 to 1048575 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
fragment keyword
Synopsis | Match criterion based on presence of fragmented packets | |
Context | configure system security cpm-filter ipv6-filter entry number match fragment keyword | |
Tree | fragment | |
Description | This command specifies the match criterion based on the existence or absence of fragmented IP packets. Matching on fragmented IPv4 packets occurs when all packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value. For IPv6, the existence of the IPv6 Fragmentation Extension Header results in a fragmented packet match. Matching on non-fragmented IPv4 packets occurs when all packets have the MF bit set to zero and the Fragment Offset field is also set to zero. For IPv6, the absence of an IPv6 Fragmentation Extension Header results in a non-fragmented packet match. | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
icmp
Synopsis | Enter the icmp context | |
Context | configure system security cpm-filter ipv6-filter entry number match icmp | |
Tree | icmp | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
code number
Synopsis | ICMP code as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match icmp code number | |
Tree | code | |
Range | 0 to 255 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
type number
Synopsis | ICMP type as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match icmp type number | |
Tree | type | |
Range | 0 to 255 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
next-header (number | keyword)
Synopsis | IP protocol to match | |
Context | configure system security cpm-filter ipv6-filter entry number match next-header (number | keyword) | |
Tree | next-header | |
Range | 0 to 255 | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port
Synopsis | Enter the port context | |
Context | configure system security cpm-filter ipv6-filter entry number match port | |
Tree | port | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
eq number
Synopsis | Port number as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match port eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Port mask as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port-list reference
Synopsis | Port list as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter ipv6-filter entry number match port range | |
Tree | range | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
Synopsis | Upper bound of the port number to match | |
Context | configure system security cpm-filter ipv6-filter entry number match port range end number | |
Tree | end | |
Range | 0 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
start number
Synopsis | Lower bound of the port number to match | |
Context | configure system security cpm-filter ipv6-filter entry number match port range start number | |
Tree | start | |
Range | 0 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
router-instance string
Synopsis | Router instance as the match criteria | |
Context | configure system security cpm-filter ipv6-filter entry number match router-instance string | |
Tree | router-instance | |
String Length | 1 to 64 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
src-ip
Synopsis | Enter the src-ip context | |
Context | configure system security cpm-filter ipv6-filter entry number match src-ip | |
Tree | src-ip | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match src-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask string
Synopsis | IPv6 address mask used as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match src-ip mask string | |
Tree | mask | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
src-port
Synopsis | Enter the src-port context | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port | |
Tree | src-port | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
eq number
Synopsis | Port number as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Port mask as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
port-list reference
Synopsis | Port list as the match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port range | |
Tree | range | |
Notes | The following elements are part of a choice: (eq and mask), port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
Synopsis | Upper bound of the port number to match | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port range end number | |
Tree | end | |
Range | 0 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
start number
Synopsis | Lower bound of the port number to match | |
Context | configure system security cpm-filter ipv6-filter entry number match src-port range start number | |
Tree | start | |
Range | 0 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tcp-flags
Synopsis | Enter the tcp-flags context | |
Context | configure system security cpm-filter ipv6-filter entry number match tcp-flags | |
Tree | tcp-flags | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ack boolean
Synopsis | ACK bit in TCP header control bits as match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match tcp-flags ack boolean | |
Tree | ack | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
syn boolean
Synopsis | SYN bit in TCP header control bits as match criterion | |
Context | configure system security cpm-filter ipv6-filter entry number match tcp-flags syn boolean | |
Tree | syn | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mac-filter
Synopsis | Enter the mac-filter context | |
Context | configure system security cpm-filter mac-filter | |
Tree | mac-filter | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the CPM filter | |
Context | configure system security cpm-filter mac-filter admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure system security cpm-filter mac-filter entry number | |
Tree | entry | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[entry-id] number
Synopsis | Filter entry ID | |
Context | configure system security cpm-filter mac-filter entry number | |
Tree | entry | |
Range | 1 to 131072 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
action
Synopsis | Enter the action context | |
Context | configure system security cpm-filter mac-filter entry number action | |
Tree | action | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
accept
Synopsis | Forward matching packets | |
Context | configure system security cpm-filter mac-filter entry number action accept | |
Tree | accept | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
default
Synopsis | Use default action for matching packets | |
Context | configure system security cpm-filter mac-filter entry number action default | |
Tree | default | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
Synopsis | Drop matching packets | |
Context | configure system security cpm-filter mac-filter entry number action drop | |
Tree | drop | |
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
queue reference
Synopsis | Forward matching packets to the CPM hardware queue | |
Context | configure system security cpm-filter mac-filter entry number action queue reference | |
Tree | queue | |
Reference | ||
Notes | The following elements are part of a choice: accept, default, drop, or queue. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
description string
Synopsis | Text description | |
Context | configure system security cpm-filter mac-filter entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
log reference
Synopsis | Log ID where matching packets are entered | |
Context | configure system security cpm-filter mac-filter entry number log reference | |
Tree | log | |
Reference | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
match
Synopsis | Enter the match context | |
Context | configure system security cpm-filter mac-filter entry number match | |
Tree | match | |
Description | Commands in this context specify match criteria for the entry. When the match criteria have been satisfied, the action associated with the entry is executed. If more than one match criterion is configured, all criteria must be met before the action associated with the entry is executed. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
cfm-opcode
Synopsis | Enter the cfm-opcode context | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode | |
Tree | cfm-opcode | |
Description | Commands in this context specify match criteria based on the CFM opcode. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
eq number
Synopsis | Equal to comparison operator for the CFM opcode | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode eq number | |
Tree | eq | |
Range | 0 to 255 | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
gt number
Synopsis | Greater than comparison operator for the CFM opcode | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode gt number | |
Tree | gt | |
Range | 0 to 254 | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
lt number
Synopsis | Less than comparison operator for the CFM opcode | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode lt number | |
Tree | lt | |
Range | 1 to 255 | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
range
Synopsis | Enable the range context | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode range | |
Tree | range | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
end number
Synopsis | Upper bound of the Opcode range to match | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode range end number | |
Tree | end | |
Range | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
start number
Synopsis | Lower bound of the OpCode range to match | |
Context | configure system security cpm-filter mac-filter entry number match cfm-opcode range start number | |
Tree | start | |
Range | 0 to 254 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dst-mac
Synopsis | Enable the dst-mac context | |
Context | configure system security cpm-filter mac-filter entry number match dst-mac | |
Tree | dst-mac | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
address string
Synopsis | MAC address used as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match dst-mac address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask string
Synopsis | MAC address mask as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match dst-mac mask string | |
Tree | mask | |
Default | ff:ff:ff:ff:ff:ff | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
etype string
Synopsis | Ethernet type as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match etype string | |
Tree | etype | |
Description | This command specifies an Ethernet type II Ethertype value to be used as a MAC filter match criterion. The Ethernet type field is used by the Ethernet version-II frames and does not apply to IEEE 802.3 Ethernet frames. | |
String Length | 5 to 6 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
frame-type keyword
Synopsis | MAC frame type as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match frame-type keyword | |
Tree | frame-type | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
llc-dsap
Synopsis | Enable the llc-dsap context | |
Context | configure system security cpm-filter mac-filter entry number match llc-dsap | |
Tree | llc-dsap | |
Description | Commands in this context specify match criteria based on the Destination Service Access Point (DSAP). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
dsap number
Synopsis | 8-bit DSAP as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match llc-dsap dsap number | |
Tree | dsap | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Mask for DSAP value as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match llc-dsap mask number | |
Tree | mask | |
Range | 1 to 255 | |
Default | 255 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
llc-ssap
Synopsis | Enable the llc-ssap context | |
Context | configure system security cpm-filter mac-filter entry number match llc-ssap | |
Tree | llc-ssap | |
Description | Commands in this context specify match criteria based on the Source Service Access Point (SSAP). | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask number
Synopsis | Mask for SSAP value as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match llc-ssap mask number | |
Tree | mask | |
Range | 1 to 255 | |
Default | 255 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
ssap number
Synopsis | 8-bit SSAP as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match llc-ssap ssap number | |
Tree | ssap | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
service reference
Synopsis | Service ID used as the match condition | |
Context | configure system security cpm-filter mac-filter entry number match service reference | |
Tree | service | |
Reference | ||
Introduced | 16.0.R4 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
src-mac
Synopsis | Enable the src-mac context | |
Context | configure system security cpm-filter mac-filter entry number match src-mac | |
Tree | src-mac | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
address string
Synopsis | MAC address used as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match src-mac address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mask string
Synopsis | MAC address mask as the match criterion | |
Context | configure system security cpm-filter mac-filter entry number match src-mac mask string | |
Tree | mask | |
Default | ff:ff:ff:ff:ff:ff | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
cpm-queue
queue [queue-id] number
[queue-id] number
cbs number
Synopsis | Buffer size that can be drawn from queue buffer pool | |
Context | configure system security cpm-queue queue number cbs number | |
Tree | cbs | |
Description | This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the buffer pool of the queue. | |
Range | 0 to 131072 | |
Units | kilobps | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
mbs number
rate
cir (number | keyword)
pir (number | keyword)
cpu-protection
Synopsis | Enter the cpu-protection context | |
Context | configure system security cpu-protection | |
Tree | cpu-protection | |
Description | Commands in this context configure CPU protection policies. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
ip-src-monitoring
Synopsis | Enter the ip-src-monitoring context | |
Context | configure system security cpu-protection ip-src-monitoring | |
Tree | ip-src-monitoring | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
included-protocols
Synopsis | Enter the included-protocols context | |
Context | configure system security cpu-protection ip-src-monitoring included-protocols | |
Tree | included-protocols | |
Description | Commands in this context specify the protocols included in IP source monitoring. The protocol packets will be subject to the per-source-rate of CPU protection policies. This configuration applies system wide and applies to CPU protection globally. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
dhcp boolean
Synopsis | Include extracted DHCP packets for IP source monitoring | |
Context | configure system security cpu-protection ip-src-monitoring included-protocols dhcp boolean | |
Tree | dhcp | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
gtp boolean
Synopsis | Include extracted GTP packets for IP source monitoring | |
Context | configure system security cpu-protection ip-src-monitoring included-protocols gtp boolean | |
Tree | gtp | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
icmp boolean
Synopsis | Include extracted ICMP packets for IP source monitoring | |
Context | configure system security cpu-protection ip-src-monitoring included-protocols icmp boolean | |
Tree | icmp | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
igmp boolean
Synopsis | Include extracted IGMP packets for IP source monitoring | |
Context | configure system security cpu-protection ip-src-monitoring included-protocols igmp boolean | |
Tree | igmp | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
link-specific-rate (number | keyword)
Synopsis | Packet arrival rate limit for link level protocols | |
Context | configure system security cpu-protection link-specific-rate (number | keyword) | |
Tree | link-specific-rate | |
Description | This command configures a link-specific rate for CPU protection. The limit is applied to all ports within the system. The CPU receives no more than the configured packet rate for all link level protocols, such as LACP, from any one port. The measurement is cleared each second and is based on the ingress port. | |
Range | 1 to 65535 | |
Units | packets per second | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
policy [policy-id] number
Synopsis | Enter the policy list instance | |
Context | configure system security cpu-protection policy number | |
Tree | policy | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
[policy-id] number
Synopsis | Policy ID | |
Context | configure system security cpu-protection policy number | |
Tree | policy | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
alarm boolean
Synopsis | Generate an event when the rate is exceeded | |
Context | configure system security cpu-protection policy number alarm boolean | |
Tree | alarm | |
Description | When configured to true, an event is generated when the rate is exceeded. The event includes information about the offending source. Only one event is generated per monitor period. When configured to false, notifications are disabled. | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
description string
Synopsis | Text description | |
Context | configure system security cpu-protection policy number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
eth-cfm
Synopsis | Enter the eth-cfm context | |
Context | configure system security cpu-protection policy number eth-cfm | |
Tree | eth-cfm | |
Description | Commands in this context configure CPU policy entries that determine match criteria and overall arrival rate of the Ethernet Connectivity and Fault Management (ETH-CFM) packets at the CPU. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
entry [id] number
[id] number
level start number end number
Synopsis | Add a list entry for level | |
Context | configure system security cpu-protection policy number eth-cfm entry number level start number end number | |
Tree | level | |
Description | Commands in this context specify the range of domain levels for the match criterion. | |
Min. Instances | 1 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
start number
Synopsis | Lower bound of the level range | |
Context | configure system security cpu-protection policy number eth-cfm entry number level start number end number | |
Tree | level | |
Range | 0 to 7 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
end number
Synopsis | Upper bound of the level range | |
Context | configure system security cpu-protection policy number eth-cfm entry number level start number end number | |
Tree | level | |
Range | 0 to 7 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
opcode start number end number
Synopsis | Add a list entry for opcode | |
Context | configure system security cpu-protection policy number eth-cfm entry number opcode start number end number | |
Tree | opcode | |
Description | Commands in this context specify the range of operational codes (that identify the application) for the match criterion. | |
Min. Instances | 1 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
start number
Synopsis | Lower bound of the OpCode range | |
Context | configure system security cpu-protection policy number eth-cfm entry number opcode start number end number | |
Tree | opcode | |
Range | 0 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
end number
Synopsis | Upper bound of the OpCode range | |
Context | configure system security cpu-protection policy number eth-cfm entry number opcode start number end number | |
Tree | opcode | |
Range | 0 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
pir (number | keyword)
out-profile-rate
Synopsis | Enter the out-profile-rate context | |
Context | configure system security cpu-protection policy number out-profile-rate | |
Tree | out-profile-rate | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
log-events boolean
Synopsis | Generate a log event when the packet rate is exceeded | |
Context | configure system security cpu-protection policy number out-profile-rate log-events boolean | |
Tree | log-events | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
pir (number | keyword)
Synopsis | Packet arrival rate limit | |
Context | configure system security cpu-protection policy number out-profile-rate pir (number | keyword) | |
Tree | pir | |
Range | 1 to 65534 | |
Units | packets per second | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
overall-rate (number | keyword)
Synopsis | Packet arrival rate limit for all packets | |
Context | configure system security cpu-protection policy number overall-rate (number | keyword) | |
Tree | overall-rate | |
Range | 1 to 65534 | |
Units | packets per second | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
per-source-parameters
Synopsis | Enter the per-source-parameters context | |
Context | configure system security cpu-protection policy number per-source-parameters | |
Tree | per-source-parameters | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
ip-src-monitoring
Synopsis | Enter the ip-src-monitoring context | |
Context | configure system security cpu-protection policy number per-source-parameters ip-src-monitoring | |
Tree | ip-src-monitoring | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
limit-dhcp-ci-addr-zero boolean
Synopsis | Apply rate limiting to packets with client IP address 0 | |
Context | configure system security cpu-protection policy number per-source-parameters ip-src-monitoring limit-dhcp-ci-addr-zero boolean | |
Tree | limit-dhcp-ci-addr-zero | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
per-source-rate (number | keyword)
Synopsis | Per-source packet arrival rate limit | |
Context | configure system security cpu-protection policy number per-source-rate (number | keyword) | |
Tree | per-source-rate | |
Description | This command configures the per-source packet arrival rate limit. A source is defined as a unique combination of SAP and MAC source address or SAP and source IP address. The CPU receives no more than the specified packet rate from each source. The measurement is cleared every second. This configuration is applicable only if the policy is assigned to an interface (such as SAPs, subscriber interfaces, and spoke SDPs), and MAC monitoring or IP source monitoring is specified in the CPU protection configuration of the interface. | |
Range | 1 to 65534 | |
Units | packets per second | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
port-overall-rate
Synopsis | Enter the port-overall-rate context | |
Context | configure system security cpu-protection port-overall-rate | |
Tree | port-overall-rate | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
action-low-priority boolean
Synopsis | Mark packets that exceed the rate as low-priority | |
Context | configure system security cpu-protection port-overall-rate action-low-priority boolean | |
Tree | action-low-priority | |
Description | When configured to true, packets that exceed the per-port packet arrival rate limit are marked as low priority for preferential discard later (if there is congestion in the control plane) rather than discarded immediately. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
pir (number | keyword)
Synopsis | Per-port packet arrival rate limit | |
Context | configure system security cpu-protection port-overall-rate pir (number | keyword) | |
Tree | pir | |
Range | 1 to 65535 | |
Units | packets per second | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
protocol-protection
Synopsis | Enable the protocol-protection context | |
Context | configure system security cpu-protection protocol-protection | |
Tree | protocol-protection | |
Description | When enabled, the network processor on the CPM discards all packets received for protocols that are not configured on the interface. This action helps to mitigate DoS attacks by filtering invalid control traffic before it ingresses the CPU. For example, if IS-IS is not configured on an interface, protocol protection discards any IS-IS packets received on the interface. Commands in this context further define the action when the context is enabled. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
allow-sham-links boolean
Synopsis | Allow OSPF sham link traffic | |
Context | configure system security cpu-protection protocol-protection allow-sham-links boolean | |
Tree | allow-sham-links | |
Description | When configured to true, tunneled OSPF packets received over the backbone network must be explicitly allowed when OSPF sham links form an adjacency over the MPLS-VPRN backbone network. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
block-pim-tunneled boolean
Synopsis | Block extraction and processing of PIM packets | |
Context | configure system security cpu-protection protocol-protection block-pim-tunneled boolean | |
Tree | block-pim-tunneled | |
Description | When configured to true, PIM packets arriving at the SR OS node inside a tunnel (for example, MPLS or GRE) on a network interface are blocked and not processed. Traffic is not switched from the (*,G) to the (S,G) tree for PIM in an mVPN on the egress DR. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
dist-cpu-protection
Synopsis | Enter the dist-cpu-protection context | |
Context | configure system security dist-cpu-protection | |
Tree | dist-cpu-protection | |
Description | Commands in this context configure distributed CPU protection (DCP) attributes. | |
Introduced | 16.0.R1 | |
Platforms | All |
policy [policy-name] string
Synopsis | Enter the policy list instance | |
Context | configure system security dist-cpu-protection policy string | |
Tree | policy | |
Description | Commands in this context configure the attributes of DCP policies. These policies can be applied to objects such as SAPs, network interfaces or ports | |
Max. Instances | 130 | |
Introduced | 16.0.R1 | |
Platforms | All |
[policy-name] string
Synopsis | Policy name | |
Context | configure system security dist-cpu-protection policy string | |
Tree | policy | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security dist-cpu-protection policy string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
local-monitoring-policer [policer-name] string
Synopsis | Enter the local-monitoring-policer list instance | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string | |
Tree | local-monitoring-policer | |
Max. Instances | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
[policer-name] string
Synopsis | Local monitoring policer name | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string | |
Tree | local-monitoring-policer | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
exceed-action keyword
Synopsis | Action taken when policer rates are exceeded | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string exceed-action keyword | |
Tree | exceed-action | |
Description | This command specifies the action taken on the extracted control packets when the configured policer rates are exceeded. | |
Options | ||
Default | none | |
Introduced | 16.0.R1 | |
Platforms | All |
log-events keyword
Synopsis | Control of log events creation for status and activity | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string log-events keyword | |
Tree | log-events | |
Description | This command controls the creation of log events related to the status and activity of the local monitoring policer. | |
Options | ||
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
rate
Synopsis | Enter the rate context | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate | |
Tree | rate | |
Description | Commands in this context specify the rate and burst tolerance for the policer. The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. | |
Introduced | 16.0.R1 | |
Platforms | All |
kbps
Synopsis | Enter the kbps context | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps | |
Tree | kbps | |
Notes | The following elements are part of a choice: kbps or packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
limit (keyword | number)
Synopsis | Rate limit | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps limit (keyword | number) | |
Tree | limit | |
Range | 1 to 20000000 | |
Units | kilobps | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | All |
mbs number
Synopsis | Tolerance for the rate | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps mbs number | |
Tree | mbs | |
Range | 0 to 4194304 | |
Units | bytes | |
Introduced | 16.0.R1 | |
Platforms |
All |
packets
Synopsis | Enter the packets context | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets | |
Tree | packets | |
Notes | The following elements are part of a choice: kbps or packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
initial-delay number
Synopsis | Additional packets allowed in an initial burst | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets initial-delay number | |
Tree | initial-delay | |
Description | This command specifies the number of packets allowed in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the packets per interval limit. The typical setting would be a value equal to the number of received packets in several full handshakes or negotiations of the protocol. | |
Range | 0 to 255 | |
Units | packets | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | All |
limit (keyword | number)
Synopsis | Packets per interval limit | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets limit (keyword | number) | |
Tree | limit | |
Range | 0 to 8000 | |
Units | packets per interval | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | All |
within number
Synopsis | Measurement interval for packets rate | |
Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets within number | |
Tree | within | |
Range | 1 to 32767 | |
Units | seconds | |
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
protocol [protocol-name] keyword
[protocol-name] keyword
dynamic-parameters
Synopsis | Enter the dynamic-parameters context | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters | |
Tree | dynamic-parameters | |
Introduced | 16.0.R1 | |
Platforms | All |
detection-time number
Synopsis | Minimum time the dynamic policer remains allocated | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters detection-time number | |
Tree | detection-time | |
Range | 1 to 128000 | |
Units | seconds | |
Default | 30 | |
Introduced | 16.0.R1 | |
Platforms | All |
exceed-action
Synopsis | Enter the exceed-action context | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action | |
Tree | exceed-action | |
Description | Commands in this context specify the settings for the scenario when the configured policer rates are exceeded. | |
Introduced | 16.0.R1 | |
Platforms | All |
action keyword
Synopsis | Action taken on control packets when rates are exceeded | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action action keyword | |
Tree | action | |
Options | ||
Default | none | |
Introduced | 16.0.R1 | |
Platforms | All |
hold-down (keyword | number)
Synopsis | Hold down behavior | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action hold-down (keyword | number) | |
Tree | hold-down | |
Description | This command specifies the behavior when the system detects that an enforcement policer has marked or discarded one or more packets and there is no action specified for the scenario when the rates are exceeded. The hold time condition is cleared after the specified time has expired. The detection time (the minimum time that the policer remains allocated) begins after the hold down is complete. The hold down behavior is not applicable to a local monitoring policer. An indefinite hold down behavior must be cleared using the tools perform security dist-cpu-protection release-hold-down command. | |
Range | 1 to 10080 | |
Units | seconds | |
Options | ||
Default | none | |
Introduced | 16.0.R1 | |
Platforms | All |
log-events keyword
Synopsis | Control of log events creation for status and activity | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters log-events keyword | |
Tree | log-events | |
Description | This command controls the creation of log events related to the status and activity of the local monitoring policer. | |
Options | ||
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
rate
Synopsis | Enter the rate context | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate | |
Tree | rate | |
Description | Commands in this context specify the rate and burst tolerance for the policer. The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. | |
Introduced | 16.0.R1 | |
Platforms | All |
kbps
Synopsis | Enter the kbps context | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps | |
Tree | kbps | |
Notes | The following elements are part of a choice: kbps or packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
limit (keyword | number)
Synopsis | Rate limit | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps limit (keyword | number) | |
Tree | limit | |
Range | 1 to 20000000 | |
Units | kilobps | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | All |
mbs number
Synopsis | Tolerance for the rate | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps mbs number | |
Tree | mbs | |
Range | 0 to 4194304 | |
Units | bytes | |
Introduced | 16.0.R1 | |
Platforms |
All |
packets
Synopsis | Enter the packets context | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets | |
Tree | packets | |
Notes | The following elements are part of a choice: kbps or packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
initial-delay number
Synopsis | Additional packets allowed in an initial burst | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets initial-delay number | |
Tree | initial-delay | |
Description | This command specifies the number of packets allowed in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the packets per interval limit. The typical setting would be a value equal to the number of received packets in several full handshakes or negotiations of the protocol. | |
Range | 0 to 255 | |
Units | packets | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | All |
limit (keyword | number)
Synopsis | Packets per interval limit | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets limit (keyword | number) | |
Tree | limit | |
Range | 0 to 8000 | |
Units | packets per interval | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | All |
within number
Synopsis | Measurement interval for packets rate | |
Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets within number | |
Tree | within | |
Range | 1 to 32767 | |
Units | seconds | |
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
enforcement
Synopsis | Enter the enforcement context | |
Context | configure system security dist-cpu-protection policy string protocol keyword enforcement | |
Tree | enforcement | |
Introduced | 16.0.R1 | |
Platforms | All |
dynamic
Synopsis | Enter the dynamic context | |
Context | configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic | |
Tree | dynamic | |
Notes | The following elements are part of a choice: dynamic, dynamic-local-mon-bypass, shared, or static. | |
Introduced | 16.0.R1 | |
Platforms | All |
mon-policer-name reference
Synopsis | Dynamic enforcement policer for the protocol | |
Context | configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic mon-policer-name reference | |
Tree | mon-policer-name | |
Description | This command specifies the dynamic enforcement policer that is instantiated when the associated local monitoring policer is determined to be in a nonconforming state (at the end of a minimum monitoring time of 60 seconds to reduce thrashing). | |
Reference | configure system security dist-cpu-protection policy string local-monitoring-policer string | |
Introduced | 16.0.R1 | |
Platforms | All |
dynamic-local-mon-bypass
Synopsis | Do not include packets in the local monitoring function | |
Context | configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic-local-mon-bypass | |
Tree | dynamic-local-mon-bypass | |
Description | When configured, packets from the protocol are not included in the local monitoring function and the dynamic enforcement policer is not instantiated for the protocol. | |
Notes | The following elements are part of a choice: dynamic, dynamic-local-mon-bypass, shared, or static. | |
Introduced | 16.0.R1 | |
Platforms | All |
static
Synopsis | Enter the static context | |
Context | configure system security dist-cpu-protection policy string protocol keyword enforcement static | |
Tree | static | |
Notes | The following elements are part of a choice: dynamic, dynamic-local-mon-bypass, shared, or static. | |
Introduced | 16.0.R1 | |
Platforms | All |
policer-name reference
Synopsis | Static policer enforced by the protocol | |
Context | configure system security dist-cpu-protection policy string protocol keyword enforcement static policer-name reference | |
Tree | policer-name | |
Reference | configure system security dist-cpu-protection policy string static-policer string | |
Introduced | 16.0.R1 | |
Platforms | All |
static-policer [policer-name] string
Synopsis | Enter the static-policer list instance | |
Context | configure system security dist-cpu-protection policy string static-policer string | |
Tree | static-policer | |
Description | Commands in this context configure a static enforcement policer that can be referenced by one or more protocols in the policy. When a policer is referenced by a protocol, the policer is instantiated for each object (for example, a SAP or network interface) that is created and references the policer. If no policer resources are available on the associated card or FP, the object is not created. | |
Max. Instances | 18 | |
Introduced | 16.0.R1 | |
Platforms | All |
[policer-name] string
Synopsis | Static policer name | |
Context | configure system security dist-cpu-protection policy string static-policer string | |
Tree | static-policer | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security dist-cpu-protection policy string static-policer string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
detection-time number
Synopsis | Minimum time the dynamic policer remains allocated | |
Context | configure system security dist-cpu-protection policy string static-policer string detection-time number | |
Tree | detection-time | |
Range | 1 to 128000 | |
Units | seconds | |
Default | 30 | |
Introduced | 16.0.R1 | |
Platforms | All |
exceed-action
Synopsis | Enter the exceed-action context | |
Context | configure system security dist-cpu-protection policy string static-policer string exceed-action | |
Tree | exceed-action | |
Description | Commands in this context specify the settings for the scenario when the configured policer rates are exceeded. | |
Introduced | 16.0.R1 | |
Platforms | All |
action keyword
Synopsis | Action taken on control packets when rates are exceeded | |
Context | configure system security dist-cpu-protection policy string static-policer string exceed-action action keyword | |
Tree | action | |
Options | ||
Default | none | |
Introduced | 16.0.R1 | |
Platforms | All |
hold-down (keyword | number)
Synopsis | Hold down behavior | |
Context | configure system security dist-cpu-protection policy string static-policer string exceed-action hold-down (keyword | number) | |
Tree | hold-down | |
Description | This command specifies the behavior when the system detects that an enforcement policer has marked or discarded one or more packets and there is no action specified for the scenario when the rates are exceeded. The hold time condition is cleared after the specified time has expired. The detection time (the minimum time that the policer remains allocated) begins after the hold down is complete. The hold down behavior is not applicable to a local monitoring policer. An indefinite hold down behavior must be cleared using the tools perform security dist-cpu-protection release-hold-down command. | |
Range | 1 to 10080 | |
Units | seconds | |
Options | ||
Default | none | |
Introduced | 16.0.R1 | |
Platforms | All |
log-events keyword
Synopsis | Control of log events creation for status and activity | |
Context | configure system security dist-cpu-protection policy string static-policer string log-events keyword | |
Tree | log-events | |
Description | This command controls the creation of log events related to the status and activity of the local monitoring policer. | |
Options | ||
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
rate
Synopsis | Enter the rate context | |
Context | configure system security dist-cpu-protection policy string static-policer string rate | |
Tree | rate | |
Description | Commands in this context specify the rate and burst tolerance for the policer. The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. | |
Introduced | 16.0.R1 | |
Platforms | All |
kbps
Synopsis | Enter the kbps context | |
Context | configure system security dist-cpu-protection policy string static-policer string rate kbps | |
Tree | kbps | |
Notes | The following elements are part of a choice: kbps or packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
limit (keyword | number)
Synopsis | Rate limit | |
Context | configure system security dist-cpu-protection policy string static-policer string rate kbps limit (keyword | number) | |
Tree | limit | |
Range | 1 to 20000000 | |
Units | kilobps | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | All |
mbs number
Synopsis | Tolerance for the rate | |
Context | configure system security dist-cpu-protection policy string static-policer string rate kbps mbs number | |
Tree | mbs | |
Range | 0 to 4194304 | |
Units | bytes | |
Introduced | 16.0.R1 | |
Platforms |
All |
packets
Synopsis | Enter the packets context | |
Context | configure system security dist-cpu-protection policy string static-policer string rate packets | |
Tree | packets | |
Notes | The following elements are part of a choice: kbps or packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
initial-delay number
Synopsis | Additional packets allowed in an initial burst | |
Context | configure system security dist-cpu-protection policy string static-policer string rate packets initial-delay number | |
Tree | initial-delay | |
Description | This command specifies the number of packets allowed in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the packets per interval limit. The typical setting would be a value equal to the number of received packets in several full handshakes or negotiations of the protocol. | |
Range | 0 to 255 | |
Units | packets | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | All |
limit (keyword | number)
Synopsis | Packets per interval limit | |
Context | configure system security dist-cpu-protection policy string static-policer string rate packets limit (keyword | number) | |
Tree | limit | |
Range | 0 to 8000 | |
Units | packets per interval | |
Options | ||
Default | max | |
Introduced | 16.0.R1 | |
Platforms | All |
within number
Synopsis | Measurement interval for packets rate | |
Context | configure system security dist-cpu-protection policy string static-policer string rate packets within number | |
Tree | within | |
Range | 1 to 32767 | |
Units | seconds | |
Default | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
type keyword
dot1x
admin-state keyword
Synopsis | Administrative state of 802.1x network access control | |
Context | configure system security dot1x admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
radius-policy [policy-name] string
Synopsis | Enter the radius-policy list instance | |
Context | configure system security dot1x radius-policy string | |
Tree | radius-policy | |
Introduced | 16.0.R1 | |
Platforms | All |
[policy-name] string
Synopsis | RADIUS server policy name for 802.1X authentication | |
Context | configure system security dot1x radius-policy string | |
Tree | radius-policy | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the server for authentication | |
Context | configure system security dot1x radius-policy string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
retry number
server [server-index] number
[server-index] number
accounting-port number
Synopsis | UDP port to contact the RADIUS server for accounting | |
Context | configure system security dot1x radius-policy string server number accounting-port number | |
Tree | accounting-port | |
Range | 1 to 65535 | |
Default | 1813 | |
Introduced | 16.0.R1 | |
Platforms |
All |
address string
authentication-port number
Synopsis | UDP port to contact RADIUS server for authentication | |
Context | configure system security dot1x radius-policy string server number authentication-port number | |
Tree | authentication-port | |
Range | 1 to 65535 | |
Default | 1812 | |
Introduced | 16.0.R1 | |
Platforms |
All |
secret string
type keyword
source-address string
Synopsis | Source address of the RADIUS packet | |
Context | configure system security dot1x radius-policy string source-address string | |
Tree | source-address | |
Introduced | 16.0.R1 | |
Platforms | All |
timeout number
ftp-server boolean
Synopsis | Enable FTP servers running on the system | |
Context | configure system security ftp-server boolean | |
Tree | ftp-server | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
hash-control
Synopsis | Enter the hash-control context | |
Context | configure system security hash-control | |
Tree | hash-control | |
Introduced | 16.0.R4 | |
Platforms | All |
management-interface
Synopsis | Enter the management-interface context | |
Context | configure system security hash-control management-interface | |
Tree | management-interface | |
Description | Commands in this context configure encryption parameters for different management interfaces. | |
Introduced | 16.0.R4 | |
Platforms | All |
classic-cli
Synopsis | Enter the classic-cli context | |
Context | configure system security hash-control management-interface classic-cli | |
Tree | classic-cli | |
Introduced | 16.0.R4 | |
Platforms | All |
read-algorithm keyword
Synopsis | Input encryption algorithm for configuration secrets | |
Context | configure system security hash-control management-interface classic-cli read-algorithm keyword | |
Tree | read-algorithm | |
Description | This command specifies how encrypted configuration secrets are interpreted and which encryption types are accepted when secrets are input into the system or read from a configuration file (for example, at system bootup time). | |
Options | ||
Default | all-hash | |
Introduced | 16.0.R4 | |
Platforms | All |
write-algorithm keyword
Synopsis | Output encryption algorithm for configuration secrets | |
Context | configure system security hash-control management-interface classic-cli write-algorithm keyword | |
Tree | write-algorithm | |
Description | This command specifies the format of the output for encrypted configuration secrets (for example, in the saved configuration file, or in the output of the info or show commands). | |
Options | ||
Default | hash2 | |
Introduced | 16.0.R4 | |
Platforms | All |
grpc
Synopsis | Enter the grpc context | |
Context | configure system security hash-control management-interface grpc | |
Tree | grpc | |
Introduced | 16.0.R4 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Encryption algorithm for configuration secrets | |
Context | configure system security hash-control management-interface grpc hash-algorithm keyword | |
Tree | hash-algorithm | |
Description | This command specifies the format of the input and output for encrypted configuration secrets. | |
Options | ||
Default | hash2 | |
Introduced | 16.0.R4 | |
Platforms | All |
md-cli
Synopsis | Enter the md-cli context | |
Context | configure system security hash-control management-interface md-cli | |
Tree | md-cli | |
Introduced | 16.0.R4 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Encryption algorithm for configuration secrets | |
Context | configure system security hash-control management-interface md-cli hash-algorithm keyword | |
Tree | hash-algorithm | |
Description | This command specifies the format of the input and output for encrypted configuration secrets. | |
Options | ||
Default | hash2 | |
Introduced | 16.0.R4 | |
Platforms | All |
netconf
Synopsis | Enter the netconf context | |
Context | configure system security hash-control management-interface netconf | |
Tree | netconf | |
Introduced | 16.0.R4 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Encryption algorithm for configuration secrets | |
Context | configure system security hash-control management-interface netconf hash-algorithm keyword | |
Tree | hash-algorithm | |
Description | This command specifies the format of the input and output for encrypted configuration secrets. | |
Options | ||
Default | hash2 | |
Introduced | 16.0.R4 | |
Platforms | All |
keychains
keychain [keychain-name] string
[keychain-name] string
admin-state keyword
Synopsis | Administrative state of the keychain | |
Context | configure system security keychains keychain string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
bidirectional
Synopsis | Enter the bidirectional context | |
Context | configure system security keychains keychain string bidirectional | |
Tree | bidirectional | |
Introduced | 16.0.R1 | |
Platforms | All |
entry [keychain-entry-index] number
[keychain-entry-index] number
admin-state keyword
Synopsis | Administrative state of the keychain entry | |
Context | configure system security keychains keychain string bidirectional entry number admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
algorithm keyword
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Encryption algorithm used by the keychain key | |
Context | configure system security keychains keychain string bidirectional entry number algorithm keyword | |
Tree | algorithm | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
authentication-key string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Authentication key used by the encryption algorithm | |
Context | configure system security keychains keychain string bidirectional entry number authentication-key string | |
Tree | authentication-key | |
String Length | 1 to 54 | |
Introduced | 16.0.R1 | |
Platforms | All |
begin-time string
Synopsis | Calendar date and time to start using the key | |
Context | configure system security keychains keychain string bidirectional entry number begin-time string | |
Tree | begin-time | |
Introduced | 16.0.R1 | |
Platforms | All |
option keyword
tolerance (number | keyword)
description string
Synopsis | Text description | |
Context | configure system security keychains keychain string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
receive
entry [keychain-entry-index] number
[keychain-entry-index] number
admin-state keyword
Synopsis | Administrative state of the keychain entry | |
Context | configure system security keychains keychain string receive entry number admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
algorithm keyword
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Encryption algorithm used by the keychain key | |
Context | configure system security keychains keychain string receive entry number algorithm keyword | |
Tree | algorithm | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
authentication-key string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Authentication key used by the encryption algorithm | |
Context | configure system security keychains keychain string receive entry number authentication-key string | |
Tree | authentication-key | |
String Length | 1 to 54 | |
Introduced | 16.0.R1 | |
Platforms | All |
begin-time string
Synopsis | Calendar date and time to start using the key | |
Context | configure system security keychains keychain string receive entry number begin-time string | |
Tree | begin-time | |
Introduced | 16.0.R1 | |
Platforms | All |
end-time string
tolerance (number | keyword)
send
entry [keychain-entry-index] number
[keychain-entry-index] number
admin-state keyword
Synopsis | Administrative state of the keychain entry | |
Context | configure system security keychains keychain string send entry number admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
algorithm keyword
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Encryption algorithm used by the keychain key | |
Context | configure system security keychains keychain string send entry number algorithm keyword | |
Tree | algorithm | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
authentication-key string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Authentication key used by the encryption algorithm | |
Context | configure system security keychains keychain string send entry number authentication-key string | |
Tree | authentication-key | |
String Length | 1 to 54 | |
Introduced | 16.0.R1 | |
Platforms | All |
begin-time string
Synopsis | Calendar date and time to start using the key | |
Context | configure system security keychains keychain string send entry number begin-time string | |
Tree | begin-time | |
Introduced | 16.0.R1 | |
Platforms | All |
tcp-option-number
Synopsis | Enter the tcp-option-number context | |
Context | configure system security keychains keychain string tcp-option-number | |
Tree | tcp-option-number | |
Introduced | 16.0.R1 | |
Platforms | All |
receive keyword
send keyword
management
Synopsis | Enter the management context | |
Context | configure system security management | |
Tree | management | |
Description | Commands in this context control which management protocols can be used to access the SR OS router via the 'Base' and 'management' router instances. | |
Introduced | 16.0.R5 | |
Platforms | All |
allow-ftp boolean
Synopsis | Allow access to the FTP server | |
Context | configure system security management allow-ftp boolean | |
Tree | allow-ftp | |
Description | When configured to true, this command allows FTP access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, this command disallows access to the SR OS FTP server. | |
Default | true | |
Introduced | 16.0.R6 | |
Platforms | All |
allow-grpc boolean
Synopsis | Allow access to the gRPC server | |
Context | configure system security management allow-grpc boolean | |
Tree | allow-grpc | |
Description | When configured to true, the system allows access to the gRPC server via the 'Base' and 'management' router instances. | |
Default | true | |
Introduced | 19.5.R1 | |
Platforms | All |
allow-netconf boolean
Synopsis | Allow access to the NETCONF server | |
Context | configure system security management allow-netconf boolean | |
Tree | allow-netconf | |
Description | When configured to true, the system allows NETCONF server access to the SR OS router via the 'Base' and 'management' router instances. | |
Default | true | |
Introduced | 19.5.R1 | |
Platforms | All |
allow-ssh boolean
Synopsis | Allow access to the SSH server | |
Context | configure system security management allow-ssh boolean | |
Tree | allow-ssh | |
Description | When configured to true, this command allows SSH server access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, this command disallows SSH server access. | |
Default | true | |
Introduced | 16.0.R5 | |
Platforms | All |
allow-telnet boolean
Synopsis | Allow access to the IPv4 Telnet server | |
Context | configure system security management allow-telnet boolean | |
Tree | allow-telnet | |
Description | When configured to true, the system allows IPv4 Telnet server access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, access to the IPv4 Telnet server is not allowed. | |
Default | true | |
Introduced | 16.0.R5 | |
Platforms | All |
allow-telnet6 boolean
Synopsis | Allow access to the Telnet IPv6 server | |
Context | configure system security management allow-telnet6 boolean | |
Tree | allow-telnet6 | |
Description | When configured to true, the system allows IPv6 Telnet server access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, the system prevents access to the IPv6 Telnet server. | |
Default | true | |
Introduced | 16.0.R5 | |
Platforms | All |
management-access-filter
Synopsis | Enter the management-access-filter context | |
Context | configure system security management-access-filter | |
Tree | management-access-filter | |
Description | Commands in this context configure the attributes for management access filters. Management access filters control all traffic in and out of the CPM. The filters can be used to restrict management of the router by other nodes outside of specific networks (or sub-networks) or through designated ports. Management filters are enforced by the system software. | |
Introduced | 16.0.R4 | |
Platforms | All |
ip-filter
Synopsis | Enter the ip-filter context | |
Context | configure system security management-access-filter ip-filter | |
Tree | ip-filter | |
Introduced | 16.0.R4 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of management-access filters | |
Context | configure system security management-access-filter ip-filter admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R4 | |
Platforms | All |
default-action keyword
Synopsis | Default action for the management access filter | |
Context | configure system security management-access-filter ip-filter default-action keyword | |
Tree | default-action | |
Description | This command specifies the default action for management access in the absence of a specific management access filter match. | |
Options | ||
Default | ignore-match | |
Introduced | 16.0.R4 | |
Platforms |
All |
entry [entry-id] number
[entry-id] number
Synopsis | Entry ID to identify the match criteria and the action | |
Context | configure system security management-access-filter ip-filter entry number | |
Tree | entry | |
Description | This command specifies the entry ID to identify the match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries. | |
Range | 1 to 9999 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
action keyword
Synopsis | Action associated with the management access filter | |
Context | configure system security management-access-filter ip-filter entry number action keyword | |
Tree | action | |
Description | This command specifies the action associated with the management access filter match criteria entry. If the packet does not meet any of the match criteria, the configured default action is applied. | |
Options | ||
Default | ignore-match | |
Introduced | 16.0.R4 | |
Platforms |
All |
description string
Synopsis | Text description | |
Context | configure system security management-access-filter ip-filter entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R4 | |
Platforms | All |
log-events boolean
Synopsis | Enable match logging | |
Context | configure system security management-access-filter ip-filter entry number log-events boolean | |
Tree | log-events | |
Description | When configured to true, this command enables match logging. When enabled, matches on the entry cause the Security event mafEntryMatch to be raised. When configured to false, match logging is disabled. | |
Default | false | |
Introduced | 16.0.R4 | |
Platforms | All |
match
dst-port
mask number
port number
mgmt-port
cpm
lag string
port-id string
protocol (number | keyword)
router-instance string
Synopsis | Router instance as the match criterion | |
Context | configure system security management-access-filter ip-filter entry number match router-instance string | |
Tree | router-instance | |
Introduced | 16.0.R4 | |
Platforms | All |
src-ip
address (ipv4-prefix | ipv4-address)
Synopsis | IP address or IP prefix as the match criterion | |
Context | configure system security management-access-filter ip-filter entry number match src-ip address (ipv4-prefix | ipv4-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R4 | |
Platforms | All |
ip-prefix-list reference
Synopsis | IP prefix list as the match criterion | |
Context | configure system security management-access-filter ip-filter entry number match src-ip ip-prefix-list reference | |
Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 20.7.R1 | |
Platforms | All |
mask string
src-port
mask number
port number
ipv6-filter
Synopsis | Enter the ipv6-filter context | |
Context | configure system security management-access-filter ipv6-filter | |
Tree | ipv6-filter | |
Introduced | 16.0.R4 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of management-access filters | |
Context | configure system security management-access-filter ipv6-filter admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R4 | |
Platforms | All |
default-action keyword
Synopsis | Default action for the management access filter | |
Context | configure system security management-access-filter ipv6-filter default-action keyword | |
Tree | default-action | |
Description | This command specifies the default action for management access in the absence of a specific management access filter match. | |
Options | ||
Default | ignore-match | |
Introduced | 16.0.R4 | |
Platforms |
All |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure system security management-access-filter ipv6-filter entry number | |
Tree | entry | |
Introduced | 16.0.R4 | |
Platforms | All |
[entry-id] number
Synopsis | Entry ID to identify the match criteria and the action | |
Context | configure system security management-access-filter ipv6-filter entry number | |
Tree | entry | |
Description | This command specifies the entry ID to identify the match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries. | |
Range | 1 to 9999 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
action keyword
Synopsis | Action associated with the management access filter | |
Context | configure system security management-access-filter ipv6-filter entry number action keyword | |
Tree | action | |
Description | This command specifies the action associated with the management access filter match criteria entry. If the packet does not meet any of the match criteria, the configured default action is applied. | |
Options | ||
Default | ignore-match | |
Introduced | 16.0.R4 | |
Platforms |
All |
description string
Synopsis | Text description | |
Context | configure system security management-access-filter ipv6-filter entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R4 | |
Platforms | All |
log-events boolean
Synopsis | Enable match logging | |
Context | configure system security management-access-filter ipv6-filter entry number log-events boolean | |
Tree | log-events | |
Description | When configured to true, this command enables match logging. When enabled, matches on the entry cause the Security event mafEntryMatch to be raised. When configured to false, match logging is disabled. | |
Default | false | |
Introduced | 16.0.R4 | |
Platforms | All |
match
Synopsis | Enter the match context | |
Context | configure system security management-access-filter ipv6-filter entry number match | |
Tree | match | |
Description | Commands in this context specify match criteria for the entry. | |
Introduced | 16.0.R4 | |
Platforms | All |
dst-port
Synopsis | Enable the dst-port context | |
Context | configure system security management-access-filter ipv6-filter entry number match dst-port | |
Tree | dst-port | |
Description | Commands in this context specify match criteria based on the destination port. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask number
Synopsis | IP address mask as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match dst-port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Introduced | 16.0.R4 | |
Platforms |
All |
port number
Synopsis | TCP or UDP port number as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match dst-port port number | |
Tree | port | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
flow-label number
Synopsis | Flow identifier used to discriminate traffic flows | |
Context | configure system security management-access-filter ipv6-filter entry number match flow-label number | |
Tree | flow-label | |
Range | 0 to 1048575 | |
Introduced | 16.0.R4 | |
Platforms | All |
mgmt-port
Synopsis | Enter the mgmt-port context | |
Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port | |
Tree | mgmt-port | |
Description | Commands in this context specify match criteria based on the Ethernet port. | |
Introduced | 16.0.R4 | |
Platforms | All |
cpm
Synopsis | Match any traffic received on any Ethernet port | |
Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port cpm | |
Tree | cpm | |
Notes | The following elements are part of a choice: cpm, (lag and lag-id), or port-id. | |
Introduced | 16.0.R4 | |
Platforms | All |
lag string
Synopsis | LAG ID as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port lag string | |
Tree | lag | |
String Length | 1 to 27 | |
Notes | The following elements are part of a choice: cpm, (lag and lag-id), or port-id. | |
Introduced | 21.2.R1 | |
Platforms | All |
port-id string
Synopsis | Port ID as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port port-id string | |
Tree | port-id | |
Notes | The following elements are part of a choice: cpm, (lag and lag-id), or port-id. | |
Introduced | 16.0.R4 | |
Platforms | All |
next-header (number | keyword)
Synopsis | IP protocol to match | |
Context | configure system security management-access-filter ipv6-filter entry number match next-header (number | keyword) | |
Tree | next-header | |
Range | 0 to 255 | |
Options | ||
Introduced | 16.0.R4 | |
Platforms |
All |
router-instance string
Synopsis | Router instance as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match router-instance string | |
Tree | router-instance | |
Introduced | 16.0.R4 | |
Platforms | All |
src-ip
Synopsis | Enter the src-ip context | |
Context | configure system security management-access-filter ipv6-filter entry number match src-ip | |
Tree | src-ip | |
Description | Commands in this context specify match criteria based on the source port. | |
Introduced | 16.0.R4 | |
Platforms | All |
address (ipv6-prefix | ipv6-address)
Synopsis | IPv6 address or IPv6 prefix to match | |
Context | configure system security management-access-filter ipv6-filter entry number match src-ip address (ipv6-prefix | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R4 | |
Platforms | All |
ipv6-prefix-list reference
Synopsis | IPv6 prefix list as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match src-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 20.7.R1 | |
Platforms | All |
mask string
Synopsis | IP address mask as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match src-ip mask string | |
Tree | mask | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R4 | |
Platforms | All |
src-port
Synopsis | Enable the src-port context | |
Context | configure system security management-access-filter ipv6-filter entry number match src-port | |
Tree | src-port | |
Description | Commands in this context specify match criteria based on the source port. | |
Introduced | 21.7.R1 | |
Platforms | All |
mask number
Synopsis | IP address mask as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match src-port mask number | |
Tree | mask | |
Range | 1 to 65535 | |
Default | 65535 | |
Introduced | 21.7.R1 | |
Platforms |
All |
port number
Synopsis | TCP or UDP port number as the match criterion | |
Context | configure system security management-access-filter ipv6-filter entry number match src-port port number | |
Tree | port | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 21.7.R1 | |
Platforms | All |
mac-filter
Synopsis | Enter the mac-filter context | |
Context | configure system security management-access-filter mac-filter | |
Tree | mac-filter | |
Introduced | 16.0.R4 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of management access MAC filter | |
Context | configure system security management-access-filter mac-filter admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R4 | |
Platforms | All |
default-action keyword
Synopsis | Default action for the management access filter | |
Context | configure system security management-access-filter mac-filter default-action keyword | |
Tree | default-action | |
Description | This command specifies the default action for management access in the absence of a specific management access filter match. | |
Options | ||
Default | ignore-match | |
Introduced | 16.0.R4 | |
Platforms | All |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure system security management-access-filter mac-filter entry number | |
Tree | entry | |
Introduced | 16.0.R4 | |
Platforms | All |
[entry-id] number
Synopsis | Entry ID to identify the match criteria and the action | |
Context | configure system security management-access-filter mac-filter entry number | |
Tree | entry | |
Description | This command specifies the entry ID to identify the match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries. | |
Range | 1 to 9999 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
action keyword
Synopsis | Action associated with the management access filter | |
Context | configure system security management-access-filter mac-filter entry number action keyword | |
Tree | action | |
Description | This command specifies the action associated with the management access filter match criteria entry. If the packet does not meet any of the match criteria, the configured default action is applied. | |
Options | ||
Default | ignore-match | |
Introduced | 16.0.R4 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security management-access-filter mac-filter entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R4 | |
Platforms | All |
log-events boolean
Synopsis | Enable match logging | |
Context | configure system security management-access-filter mac-filter entry number log-events boolean | |
Tree | log-events | |
Description | When configured to true, this command enables match logging. When enabled, matches on the entry cause the Security event mafEntryMatch to be raised. When configured to false, match logging is disabled. | |
Default | false | |
Introduced | 16.0.R4 | |
Platforms | All |
match
Synopsis | Enter the match context | |
Context | configure system security management-access-filter mac-filter entry number match | |
Tree | match | |
Description | Commands in this context specify match criteria for the entry. | |
Introduced | 16.0.R4 | |
Platforms | All |
cfm-opcode
Synopsis | Enter the cfm-opcode context | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode | |
Tree | cfm-opcode | |
Description | Commands in this context specify match criteria based on the CFM opcode. | |
Introduced | 16.0.R4 | |
Platforms | All |
eq number
Synopsis | Equal to comparison operator for the CFM opcode | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode eq number | |
Tree | eq | |
Range | 0 to 255 | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R4 | |
Platforms | All |
gt number
Synopsis | Greater than comparison operator for the CFM opcode | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode gt number | |
Tree | gt | |
Range | 0 to 254 | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R4 | |
Platforms | All |
lt number
Synopsis | Less than comparison operator for the CFM opcode | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode lt number | |
Tree | lt | |
Range | 1 to 255 | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R4 | |
Platforms | All |
range
Synopsis | Enable the range context | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode range | |
Tree | range | |
Notes | The following elements are part of a choice: eq, gt, lt, or range. | |
Introduced | 16.0.R4 | |
Platforms | All |
end number
Synopsis | Upper bound of the range for the OpCode to match | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode range end number | |
Tree | end | |
Range | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
start number
Synopsis | Lower bound of the range for the OpCode to match | |
Context | configure system security management-access-filter mac-filter entry number match cfm-opcode range start number | |
Tree | start | |
Range | 0 to 254 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
dot1p
Synopsis | Enable the dot1p context | |
Context | configure system security management-access-filter mac-filter entry number match dot1p | |
Tree | dot1p | |
Description | Commands in this context specify match criteria based on the IEEE 802.1p value. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask number
Synopsis | 3-bit mask as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match dot1p mask number | |
Tree | mask | |
Range | 1 to 7 | |
Default | 7 | |
Introduced | 16.0.R4 | |
Platforms |
All |
priority number
Synopsis | IEEE 802.1p value as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match dot1p priority number | |
Tree | priority | |
Range | 0 to 7 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
dst-mac
Synopsis | Enable the dst-mac context | |
Context | configure system security management-access-filter mac-filter entry number match dst-mac | |
Tree | dst-mac | |
Description | Commands in this context specify match criteria based on the destination MAC. | |
Introduced | 16.0.R4 | |
Platforms | All |
address string
Synopsis | MAC address used as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match dst-mac address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask string
Synopsis | MAC address mask as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match dst-mac mask string | |
Tree | mask | |
Default | ff:ff:ff:ff:ff:ff | |
Introduced | 16.0.R4 | |
Platforms | All |
etype string
Synopsis | Ethernet type II Ethertype value as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match etype string | |
Tree | etype | |
Description | This command specifies an Ethernet type II Ethertype value to be used as a MAC filter match criterion. The Ethernet type field is used by the Ethernet version-II frames and does not apply to IEEE 802.3 Ethernet frames. | |
String Length | 5 to 6 | |
Introduced | 16.0.R4 | |
Platforms | All |
frame-type keyword
Synopsis | MAC frame type as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match frame-type keyword | |
Tree | frame-type | |
Options | ||
Default | 802dot3 | |
Introduced | 16.0.R4 | |
Platforms | All |
llc-dsap
Synopsis | Enable the llc-dsap context | |
Context | configure system security management-access-filter mac-filter entry number match llc-dsap | |
Tree | llc-dsap | |
Description | Commands in this context specify match criteria based on the Destination Service Access Point (DSAP). | |
Introduced | 16.0.R4 | |
Platforms | All |
dsap number
Synopsis | 8-bit DSAP as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match llc-dsap dsap number | |
Tree | dsap | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask number
Synopsis | Mask for DSAP value as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match llc-dsap mask number | |
Tree | mask | |
Range | 1 to 255 | |
Default | 255 | |
Introduced | 16.0.R4 | |
Platforms |
All |
llc-ssap
Synopsis | Enable the llc-ssap context | |
Context | configure system security management-access-filter mac-filter entry number match llc-ssap | |
Tree | llc-ssap | |
Description | Commands in this context specify match criteria based on the Source Service Access Point (SSAP). | |
Introduced | 16.0.R4 | |
Platforms | All |
mask number
Synopsis | Mask for SSAP value as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match llc-ssap mask number | |
Tree | mask | |
Range | 1 to 255 | |
Default | 255 | |
Introduced | 16.0.R4 | |
Platforms |
All |
ssap number
Synopsis | 8-bit SSAP as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match llc-ssap ssap number | |
Tree | ssap | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
service string
Synopsis | Service ID used as the match condition | |
Context | configure system security management-access-filter mac-filter entry number match service string | |
Tree | service | |
String Length | 1 to 64 | |
Introduced | 16.0.R4 | |
Platforms | All |
snap-oui keyword
Synopsis | IEEE 802.3 LLC SNAP Ethernet Frame OUI value for match | |
Context | configure system security management-access-filter mac-filter entry number match snap-oui keyword | |
Tree | snap-oui | |
Description | This command specifies the IEEE 802.3 LLC SNAP Ethernet Frame OUI value as the MAC filter match criterion. | |
Options | ||
Introduced | 16.0.R4 | |
Platforms |
All |
snap-pid number
Synopsis | IEEE 802.3 LLC SNAP Ethernet Frame PID as the match | |
Context | configure system security management-access-filter mac-filter entry number match snap-pid number | |
Tree | snap-pid | |
Description | This command specifies an IEEE 802.3 LLC SNAP Ethernet Frame PID value used as the MAC filter match criterion. The SNAP PID match criterion is independent of the OUI field within the SNAP header. Two packets with different 3-byte OUI fields but the same PID field match the same filter entry based on a SNAP PID match criterion. | |
Range | 0 to 65535 | |
Introduced | 16.0.R4 | |
Platforms | All |
src-mac
Synopsis | Enable the src-mac context | |
Context | configure system security management-access-filter mac-filter entry number match src-mac | |
Tree | src-mac | |
Description | Commands in this context specify match criteria based on the source MAC. | |
Introduced | 16.0.R4 | |
Platforms | All |
address string
Synopsis | MAC address used as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match src-mac address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask string
Synopsis | MAC address mask as the match criterion | |
Context | configure system security management-access-filter mac-filter entry number match src-mac mask string | |
Tree | mask | |
Default | ff:ff:ff:ff:ff:ff | |
Introduced | 16.0.R4 | |
Platforms | All |
per-peer-queuing boolean
Synopsis | Allow CPM hardware queuing per peer | |
Context | configure system security per-peer-queuing boolean | |
Tree | per-peer-queuing | |
Description | When configured to true, the router automatically allocates a separate CPM hardware queue for the peer when a peering session is established. When configured to false, a separate CPM hardware queue is not allowed. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
pki
ca-profile [ca-profile-name] string
Synopsis | Enter the ca-profile list instance | |
Context | configure system security pki ca-profile string | |
Tree | ca-profile | |
Max. Instances | 128 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ca-profile-name] string
Synopsis | CA profile name | |
Context | configure system security pki ca-profile string | |
Tree | ca-profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the CA profile | |
Context | configure system security pki ca-profile string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
auto-crl-update
Synopsis | Enable the auto-crl-update context | |
Context | configure system security pki ca-profile string auto-crl-update | |
Tree | auto-crl-update | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the automatic CRL update | |
Context | configure system security pki ca-profile string auto-crl-update admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
crl-urls
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Enter the crl-urls context | |
Context | configure system security pki ca-profile string auto-crl-update crl-urls | |
Tree | crl-urls | |
Introduced | 16.0.R1 | |
Platforms | All |
url-entry [entry-id] number
Synopsis | Enter the url-entry list instance | |
Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number | |
Tree | url-entry | |
Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
Synopsis | URL on this system | |
Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number | |
Tree | url-entry | |
Range | 1 to 8 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
transmission-profile reference
Synopsis | File transmission profile to update CRL | |
Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number transmission-profile reference | |
Tree | transmission-profile | |
Reference | configure system transmission-profile string | |
Introduced | 16.0.R4 | |
Platforms | All |
url http-url-path-loose
Synopsis | Location of updated CRL | |
Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number url http-url-path-loose | |
Tree | url | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
periodic-update-interval number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Interval between two consecutive CRL updates | |
Context | configure system security pki ca-profile string auto-crl-update periodic-update-interval number | |
Tree | periodic-update-interval | |
Range | 3600 to 31622400 | |
Units | seconds | |
Default | 86400 | |
Introduced | 16.0.R1 | |
Platforms | All |
pre-update-time number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Time prior to the next update time of the current CRL | |
Context | configure system security pki ca-profile string auto-crl-update pre-update-time number | |
Tree | pre-update-time | |
Range | 0 to 31622400 | |
Units | seconds | |
Default | 3600 | |
Introduced | 16.0.R1 | |
Platforms | All |
retry-interval number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Interval before retrying to update CRL | |
Context | configure system security pki ca-profile string auto-crl-update retry-interval number | |
Tree | retry-interval | |
Range | 0 to 31622400 | |
Units | seconds | |
Default | 3600 | |
Introduced | 16.0.R1 | |
Platforms | All |
schedule-type keyword
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Time scheduler type for an automated CRL update | |
Context | configure system security pki ca-profile string auto-crl-update schedule-type keyword | |
Tree | schedule-type | |
Options | ||
Default | next-update-based | |
Introduced | 16.0.R1 | |
Platforms |
All |
cert-file string
cmpv2
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Enter the cmpv2 context | |
Context | configure system security pki ca-profile string cmpv2 | |
Tree | cmpv2 | |
Description | Commands in this context configure CMPv2 options. | |
Introduced | 16.0.R1 | |
Platforms | All |
accept-unprotected-message
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Enter the accept-unprotected-message context | |
Context | configure system security pki ca-profile string cmpv2 accept-unprotected-message | |
Tree | accept-unprotected-message | |
Introduced | 16.0.R1 | |
Platforms | All |
error-message boolean
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Accept unprotected error messages | |
Context | configure system security pki ca-profile string cmpv2 accept-unprotected-message error-message boolean | |
Tree | error-message | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
pkiconf-message boolean
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Accept unprotected PKI confirmation messages | |
Context | configure system security pki ca-profile string cmpv2 accept-unprotected-message pkiconf-message boolean | |
Tree | pkiconf-message | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
always-set-sender-for-ir boolean
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Set subject name in CMPv2 header for all IR messages | |
Context | configure system security pki ca-profile string cmpv2 always-set-sender-for-ir boolean | |
Tree | always-set-sender-for-ir | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
http
response-timeout number
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | HTTP response timeout | |
Context | configure system security pki ca-profile string cmpv2 http response-timeout number | |
Tree | response-timeout | |
Range | 1 to 3600 | |
Units | seconds | |
Default | 30 | |
Introduced | 16.0.R1 | |
Platforms | All |
version keyword
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | HTTP version for CMPv2 messages | |
Context | configure system security pki ca-profile string cmpv2 http version keyword | |
Tree | version | |
Options | ||
Default | 1.1 | |
Introduced | 16.0.R1 | |
Platforms | All |
key-list
key [reference-number] string
[reference-number] string
password string
recipient-subject string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | DN attributes for recipient subject of CMPv2 requests | |
Context | configure system security pki ca-profile string cmpv2 recipient-subject string | |
Tree | recipient-subject | |
String Length | 1 to 256 | |
Notes | The following elements are part of a choice: recipient-subject or use-ca-subject. | |
Introduced | 22.10.R1 | |
Platforms | All |
response-signing-cert string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | File name of the certificate to verify CMPv2 responses | |
Context | configure system security pki ca-profile string cmpv2 response-signing-cert string | |
Tree | response-signing-cert | |
Description | This command specifies an imported certificate used to verify the CMP response message that they are protected by signature. When unconfigured, CA's certificate is used. | |
String Length | 1 to 95 | |
Notes | The following elements are part of a choice: response-signing-cert or response-signing-use-extracert. | |
Introduced | 16.0.R1 | |
Platforms | All |
response-signing-use-extracert
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Use extraCerts certificate to verify response signature | |
Context | configure system security pki ca-profile string cmpv2 response-signing-use-extracert | |
Tree | response-signing-use-extracert | |
Notes | The following elements are part of a choice: response-signing-cert or response-signing-use-extracert. | |
Introduced | 22.10.R1 | |
Platforms | All |
same-recipient-nonce-for-poll-request boolean
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Use same recipNonce as last CMPv2 response | |
Context | configure system security pki ca-profile string cmpv2 same-recipient-nonce-for-poll-request boolean | |
Tree | same-recipient-nonce-for-poll-request | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
signing-cert-subject string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Subject DN attributes to identify signing certificate | |
Context | configure system security pki ca-profile string cmpv2 signing-cert-subject string | |
Tree | signing-cert-subject | |
String Length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
url
service-name string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Administrative service name | |
Context | configure system security pki ca-profile string cmpv2 url service-name string | |
Tree | service-name | |
String Length | 1 to 64 | |
Notes | The following elements are part of a choice: service-name or transmission-profile. | |
Introduced | 16.0.R1 | |
Platforms | All |
transmission-profile reference
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Transmission profile for CMPv2 | |
Context | configure system security pki ca-profile string cmpv2 url transmission-profile reference | |
Tree | transmission-profile | |
Reference | configure system transmission-profile string | |
Notes | The following elements are part of a choice: service-name or transmission-profile. | |
Introduced | 23.3.R1 | |
Platforms | All |
url-string http-optional-url-loose
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | URL for CMPv2 | |
Context | configure system security pki ca-profile string cmpv2 url url-string http-optional-url-loose | |
Tree | url-string | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
use-ca-subject
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Use subject DN in CA certificate as CMPv2 request recipient | |
Context | configure system security pki ca-profile string cmpv2 use-ca-subject | |
Tree | use-ca-subject | |
Notes | The following elements are part of a choice: recipient-subject or use-ca-subject. | |
Introduced | 22.10.R1 | |
Platforms | All |
crl-file string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Certificate Revocation List (CRL) file name | |
Context | configure system security pki ca-profile string crl-file string | |
Tree | crl-file | |
String Length | 1 to 95 | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security pki ca-profile string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
ocsp
responder-url http-optional-url-loose
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | HTTP URL of the OCSP responder for the CA | |
Context | configure system security pki ca-profile string ocsp responder-url http-optional-url-loose | |
Tree | responder-url | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
service-name string
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Administrative service name | |
Context | configure system security pki ca-profile string ocsp service-name string | |
Tree | service-name | |
String Length | 1 to 64 | |
Introduced | 16.0.R1 | |
Platforms | All |
transmission-profile reference
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Transmission profile for the OCSP | |
Context | configure system security pki ca-profile string ocsp transmission-profile reference | |
Tree | transmission-profile | |
Reference | configure system transmission-profile string | |
Introduced | 16.0.R6 | |
Platforms | All |
revocation-check keyword
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
Synopsis | Revocation method to check status of CA certificates | |
Context | configure system security pki ca-profile string revocation-check keyword | |
Tree | revocation-check | |
Options | ||
Default | crl | |
Introduced | 16.0.R1 | |
Platforms | All |
certificate-auto-update [certificate-file-name] string
Synopsis | Enter the certificate-auto-update list instance | |
Context | configure system security pki certificate-auto-update string | |
Tree | certificate-auto-update | |
Description | Commands in this context configure automatic certificate update associations. | |
Max. Instances | 256 | |
Introduced | 22.10.R1 | |
Platforms | All |
[certificate-file-name] string
Synopsis | Certificate file name | |
Context | configure system security pki certificate-auto-update string | |
Tree | certificate-auto-update | |
String Length | 1 to 95 | |
Notes | This element is part of a list key. | |
Introduced | 22.10.R1 | |
Platforms | All |
key-file-name string
Synopsis | Imported key filename | |
Context | configure system security pki certificate-auto-update string key-file-name string | |
Tree | key-file-name | |
String Length | 1 to 95 | |
Introduced | 22.10.R1 | |
Platforms | All |
profile reference
Synopsis | Certificate update profile name | |
Context | configure system security pki certificate-auto-update string profile reference | |
Tree | profile | |
Reference | configure system security pki certificate-update-profile string | |
Introduced | 22.10.R1 | |
Platforms | All |
certificate-display-format keyword
Synopsis | Display format for Certificates and CRLs | |
Context | configure system security pki certificate-display-format keyword | |
Tree | certificate-display-format | |
Options | ||
Default | ascii | |
Introduced | 16.0.R1 | |
Platforms | All |
certificate-expiration-warning
Synopsis | Enter the certificate-expiration-warning context | |
Context | configure system security pki certificate-expiration-warning | |
Tree | certificate-expiration-warning | |
Introduced | 16.0.R1 | |
Platforms | All |
hours number
repeat-hours number
Synopsis | Time system repeats certificate expiration warning trap | |
Context | configure system security pki certificate-expiration-warning repeat-hours number | |
Tree | repeat-hours | |
Range | 0 to 8760 | |
Units | hours | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | All |
certificate-update-profile [name] string
Synopsis | Enter the certificate-update-profile list instance | |
Context | configure system security pki certificate-update-profile string | |
Tree | certificate-update-profile | |
Description | Commands in this context configure a certificate update profile that specifies the behavior of the automatic update certificate. | |
Max. Instances | 256 | |
Introduced | 22.10.R1 | |
Platforms | All |
[name] string
Synopsis | Certificate update profile name | |
Context | configure system security pki certificate-update-profile string | |
Tree | certificate-update-profile | |
Description | This command configures the certificate update profile name. | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.10.R1 | |
Platforms | All |
after-issue number
Synopsis | Time for scheduler updates after certificate issuance | |
Context | configure system security pki certificate-update-profile string after-issue number | |
Tree | after-issue | |
Description | This command configures the time for scheduler updates after the certificate issue time. | |
Range | 864000 to 157680000 | |
Units | seconds | |
Notes | The following elements are part of a choice: after-issue or before-expiry. | |
Introduced | 22.10.R1 | |
Platforms | All |
before-expiry number
Synopsis | Time scheduler updates before certificate expiry | |
Context | configure system security pki certificate-update-profile string before-expiry number | |
Tree | before-expiry | |
Description | This command configures the time that the scheduler updates before the certificate expiration time. | |
Range | 3600 to 157680000 | |
Units | seconds | |
Default | 86400 | |
Notes |
The following elements are part of a choice: after-issue or before-expiry. | |
Introduced | 22.10.R1 | |
Platforms | All |
cmpv2
ca-profile reference
Synopsis | CA profile name | |
Context | configure system security pki certificate-update-profile string cmpv2 ca-profile reference | |
Tree | ca-profile | |
Description | This command specifies the use of CMPv2 as the protocol to update the certificate. The CMPv2 configuration is derived from the referenced CA profile. | |
Reference | configure system security pki ca-profile string | |
Introduced | 22.10.R1 | |
Platforms | All |
dsa
key-size number
Synopsis | Length of the generated DSA key | |
Context | configure system security pki certificate-update-profile string dsa key-size number | |
Tree | key-size | |
Description | This command specifies that the newly generated key is an DSA key with the specified key length in bits. | |
Range | 512 to 8192 | |
Default | 2048 | |
Introduced | 22.10.R1 | |
Platforms |
All |
ecdsa
curve keyword
Synopsis | Elliptic curve to be used in ECDSA key generation | |
Context | configure system security pki certificate-update-profile string ecdsa curve keyword | |
Tree | curve | |
Description | This command specifies that the newly generated key is an ECDSA key with the specified curve. | |
Options | ||
Default | secp256r1 | |
Introduced | 22.10.R1 | |
Platforms | All |
est
est-profile reference
Synopsis | EST profile name | |
Context | configure system security pki certificate-update-profile string est est-profile reference | |
Tree | est-profile | |
Description | This command specifies the use of EST as the protocol to update the certificate. The EST configuration is derived from the referenced EST profile. | |
Reference | configure system security pki est-profile string | |
Introduced | 22.10.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm for a certificate request | |
Context | configure system security pki certificate-update-profile string hash-algorithm keyword | |
Tree | hash-algorithm | |
Description | This command specifies the hash algorithm used to generate a certificate request. | |
Options | ||
Default | sha256 | |
Introduced | 22.10.R1 | |
Platforms | All |
retry-interval number
Synopsis | Retry interval after a failed update | |
Context | configure system security pki certificate-update-profile string retry-interval number | |
Tree | retry-interval | |
Description | This command configures the retry interval after the update fails. | |
Range | 60 to 36000 | |
Units | seconds | |
Default | 3600 | |
Introduced | 22.10.R1 | |
Platforms | All |
rsa
key-size number
Synopsis | Length of the generated RSA key | |
Context | configure system security pki certificate-update-profile string rsa key-size number | |
Tree | key-size | |
Description | This command specifies that the newly generated key is a RSA key with the specified key length in bits. | |
Range | 512 to 8192 | |
Default | 2048 | |
Introduced | 22.10.R1 | |
Platforms |
All |
same-as-existing-key
Synopsis | Generate the new key to same type and key length | |
Context | configure system security pki certificate-update-profile string same-as-existing-key | |
Tree | same-as-existing-key | |
Description | When configured, this command specifies that the newly generated key is the same type and key length as the existing key. | |
Notes | The following elements are part of a choice: dsa, ecdsa, rsa, or same-as-existing-key. | |
Introduced | 22.10.R1 | |
Platforms | All |
common-name-list [cn-list-name] string
Synopsis | Enter the common-name-list list instance | |
Context | configure system security pki common-name-list string | |
Tree | common-name-list | |
Max. Instances | 64 | |
Introduced | 16.0.R1 | |
Platforms | All |
[cn-list-name] string
Synopsis | CN list name | |
Context | configure system security pki common-name-list string | |
Tree | common-name-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
common-name [cn-index] number
Synopsis | Enter the common-name list instance | |
Context | configure system security pki common-name-list string common-name number | |
Tree | common-name | |
Introduced | 16.0.R1 | |
Platforms | All |
[cn-index] number
Synopsis | Common name index | |
Context | configure system security pki common-name-list string common-name number | |
Tree | common-name | |
Range | 1 to 128 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
cn-type keyword
Synopsis | Common name type | |
Context | configure system security pki common-name-list string common-name number cn-type keyword | |
Tree | cn-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
cn-value string
Synopsis | Common name value | |
Context | configure system security pki common-name-list string common-name number cn-value string | |
Tree | cn-value | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
crl-expiration-warning
Synopsis | Enter the crl-expiration-warning context | |
Context | configure system security pki crl-expiration-warning | |
Tree | crl-expiration-warning | |
Introduced | 16.0.R1 | |
Platforms | All |
hours number
repeat-hours number
Synopsis | Time system repeats CRL expiration warning trap | |
Context | configure system security pki crl-expiration-warning repeat-hours number | |
Tree | repeat-hours | |
Range | 0 to 8760 | |
Units | hours | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | All |
est-profile [name] string
Synopsis | Enter the est-profile list instance | |
Context | configure system security pki est-profile string | |
Tree | est-profile | |
Description | Commands in this context configure an Enrollment over Secure Transport (EST) profile. | |
Max. Instances | 128 | |
Introduced | 21.10.R1 | |
Platforms | All |
[name] string
Synopsis | Enrollment over Secured Transport profile name | |
Context | configure system security pki est-profile string | |
Tree | est-profile | |
Description | This command configures the EST profile name. | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 21.10.R1 | |
Platforms | All |
check-id-kp-cmcra-only boolean
Synopsis | Check id-kp-cmcra in the EST certificate | |
Context | configure system security pki est-profile string check-id-kp-cmcra-only boolean | |
Tree | check-id-kp-cmcra-only | |
Default | false | |
Introduced | 21.10.R1 | |
Platforms | All |
client-tls-profile string
Synopsis | TLS client profile assigned to applications | |
Context | configure system security pki est-profile string client-tls-profile string | |
Tree | client-tls-profile | |
Description | This command specifies the TLS client profile to be assigned to applications for encryption. The profile creates the TLS connection to the EST server. | |
String Length | 1 to 32 | |
Introduced | 21.10.R1 | |
Platforms | All |
http-authentication
Synopsis | Enter the http-authentication context | |
Context | configure system security pki est-profile string http-authentication | |
Tree | http-authentication | |
Introduced | 21.10.R1 | |
Platforms | All |
password string
Synopsis | Password for EST authentication | |
Context | configure system security pki est-profile string http-authentication password string | |
Tree | password | |
String Length | 1 to 115 | |
Introduced | 21.10.R1 | |
Platforms | All |
username string
Synopsis | Username for the EST authentication | |
Context | configure system security pki est-profile string http-authentication username string | |
Tree | username | |
String Length | 1 to 32 | |
Introduced | 21.10.R1 | |
Platforms | All |
server
fqdn string
Synopsis | Fully Qualified Domain Name (FQDN) of the EST server | |
Context | configure system security pki est-profile string server fqdn string | |
Tree | fqdn | |
Description | This command specifies to use the FQDN of the EST server. | |
String Length | 1 to 255 | |
Notes | The following elements are part of a choice: fqdn, ipv4, or ipv6. | |
Introduced | 21.10.R1 | |
Platforms | All |
ipv4 string
ipv6 (ipv4-address-no-zone | ipv6-address-no-zone)
port number
transmission-profile string
Synopsis | Transmission profile name for EST | |
Context | configure system security pki est-profile string transmission-profile string | |
Tree | transmission-profile | |
Description | This command associates a file transmission profile to the EST profile. The transmission profile defines transport parameters for protocol such as HTTP, include routing instance, source address, timeout value, and so on. | |
String Length | 1 to 32 | |
Introduced | 21.10.R1 | |
Platforms | All |
imported-format keyword
Synopsis | The supported encrypted file formats | |
Context | configure system security pki imported-format keyword | |
Tree | imported-format | |
Options | ||
Default | any | |
Introduced | 16.0.R6 | |
Platforms | All |
maximum-cert-chain-depth number
Synopsis | Maximum depth of certificate chain verification | |
Context | configure system security pki maximum-cert-chain-depth number | |
Tree | maximum-cert-chain-depth | |
Range | 1 to 7 | |
Default | 7 | |
Introduced | 16.0.R1 | |
Platforms |
All |
python-script
Synopsis | Enter the python-script context | |
Context | configure system security python-script | |
Tree | python-script | |
Introduced | 21.10.R1 | |
Platforms | All |
authorization
Synopsis | Enter the authorization context | |
Context | configure system security python-script authorization | |
Tree | authorization | |
Introduced | 21.10.R1 | |
Platforms | All |
cron
Synopsis | Enter the cron context | |
Context | configure system security python-script authorization cron | |
Tree | cron | |
Introduced | 21.10.R1 | |
Platforms | All |
cli-user reference
Synopsis | User profile name when executing a Python application | |
Context | configure system security python-script authorization cron cli-user reference | |
Tree | cli-user | |
Reference | configure system security user-params local-user user string | |
Introduced | 21.10.R1 | |
Platforms | All |
event-handler
Synopsis | Enter the event-handler context | |
Context | configure system security python-script authorization event-handler | |
Tree | event-handler | |
Introduced | 21.10.R1 | |
Platforms | All |
cli-user reference
Synopsis | User profile name when executing a Python application | |
Context | configure system security python-script authorization event-handler cli-user reference | |
Tree | cli-user | |
Reference | configure system security user-params local-user user string | |
Introduced | 21.10.R1 | |
Platforms | All |
snmp
access [group] string context string security-model keyword security-level keyword
Synopsis | Enter the access list instance | |
Context | configure system security snmp access string context string security-model keyword security-level keyword | |
Tree | access | |
Introduced | 16.0.R1 | |
Platforms | All |
[group] string
Synopsis | Group name | |
Context | configure system security snmp access string context string security-model keyword security-level keyword | |
Tree | access | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
context string
Synopsis | String to match context name for access rights | |
Context | configure system security snmp access string context string security-model keyword security-level keyword | |
Tree | access | |
String Length | 0 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
security-model keyword
Synopsis | Security model | |
Context | configure system security snmp access string context string security-model keyword security-level keyword | |
Tree | access | |
Options | ||
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
security-level keyword
Synopsis | Minimum security level required to gain access rights | |
Context | configure system security snmp access string context string security-model keyword security-level keyword | |
Tree | access | |
Options | ||
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
notify string
Synopsis | SNMP view for notification access | |
Context | configure system security snmp access string context string security-model keyword security-level keyword notify string | |
Tree | notify | |
Description | This command specifies the SNMP view used to control which MIB objects can be accessed for notifications. | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
prefix-match keyword
Synopsis | Match type for the context | |
Context | configure system security snmp access string context string security-model keyword security-level keyword prefix-match keyword | |
Tree | prefix-match | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
All |
read string
Synopsis | SNMP view for read access | |
Context | configure system security snmp access string context string security-model keyword security-level keyword read string | |
Tree | read | |
Description | This command specifies the SNMP view used to control which MIB objects can be accessed using a read (get) operation. | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
write string
Synopsis | SNMP view for write access | |
Context | configure system security snmp access string context string security-model keyword security-level keyword write string | |
Tree | write | |
Description | This command specifies the SNMP view used to control which MIB objects can be accessed using a write (set) operation. | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
attempts
Synopsis | Enter the attempts context | |
Context | configure system security snmp attempts | |
Tree | attempts | |
Description | Commands in this context configure settings for SNMPv2 or SNMPv3 connection attempts. The command settings are used to counter Denial of Service (DOS) attacks through SNMP. If the threshold is exceeded, the host is locked out for the lockout time period. | |
Introduced | 16.0.R1 | |
Platforms | All |
count number
lockout number
Synopsis | Lockout period during which the host cannot log in | |
Context | configure system security snmp attempts lockout number | |
Tree | lockout | |
Description | This command configures the time period during which the host cannot log in. When the host exceeds the attempted counts setting, the host is locked out from further login attempts for the configured time period. | |
Range | 0 to 1440 | |
Units | minutes | |
Default | 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
time number
community [community-string] string
[community-string] string
access-permissions keyword
Synopsis | Access permissions for objects in the MIB | |
Context | configure system security snmp community string access-permissions keyword | |
Tree | access-permissions | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
source-access-list reference
Synopsis | Source access list to validate received SNMP requests | |
Context | configure system security snmp community string source-access-list reference | |
Tree | source-access-list | |
Reference | configure system security snmp source-access-list string | |
Introduced | 16.0.R1 | |
Platforms | All |
version keyword
source-access-list [list-name] string
Synopsis | Enter the source-access-list list instance | |
Context | configure system security snmp source-access-list string | |
Tree | source-access-list | |
Description | Commands in this context configure SNMP source access lists. SNMP source access lists are used to validate the source IP address of received SNMP requests. Multiple community (VPRN or Base router) and USM community instances can reference the same SNMP source access list. | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[list-name] string
Synopsis | Source access list name | |
Context | configure system security snmp source-access-list string | |
Tree | source-access-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
source-host [host-name] string
Synopsis | Enter the source-host list instance | |
Context | configure system security snmp source-access-list string source-host string | |
Tree | source-host | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[host-name] string
Synopsis | Source host entry name | |
Context | configure system security snmp source-access-list string source-host string | |
Tree | source-host | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Source IP address entry used to validate SNMP requests | |
Context | configure system security snmp source-access-list string source-host string address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
usm-community [community-string] string
Synopsis | Enter the usm-community list instance | |
Context | configure system security snmp usm-community string | |
Tree | usm-community | |
Introduced | 16.0.R1 | |
Platforms | All |
[community-string] string
Synopsis | Community string associated with SNMPv3 access group | |
Context | configure system security snmp usm-community string | |
Tree | usm-community | |
String Length | 1 to 114 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
group string
source-access-list reference
Synopsis | Source access list to validate received SNMP requests | |
Context | configure system security snmp usm-community string source-access-list reference | |
Tree | source-access-list | |
Reference | configure system security snmp source-access-list string | |
Introduced | 16.0.R1 | |
Platforms | All |
view [view-name] string subtree string
[view-name] string
subtree string
mask string
type keyword
source-address
Synopsis | Enter the source-address context | |
Context | configure system security source-address | |
Tree | source-address | |
Description | Commands in this context configure the IP source address that is used in all unsolicited packets sent by the specified applications. This configuration applies to packets transmitted in-band (for example, a network port on an IOM) and does not apply to packets transmitted out-of-band on the management interface on the CPM Ethernet port. Packets transmitted using the CPM Ethernet port use the address of the CPM Ethernet port as the IP source address in the packet. When a source address is specified for the PTP application, the port-based 1588 hardware timestamping assist function is applied to PTP packets matching the IPv4 address of the router interface used to ingress the SR/ESS or IP address specified in this command. If the IP address is removed, the port-based 1588 hardware timestamping assist function is only applied to PTP packets matching the IPv4 address of the router interface. | |
Introduced | 16.0.R1 | |
Platforms | All |
ipv4 [application] keyword
Synopsis | Enter the ipv4 list instance | |
Context | configure system security source-address ipv4 keyword | |
Tree | ipv4 | |
Introduced | 16.0.R1 | |
Platforms | All |
[application] keyword
Synopsis | Application that uses the source IP address | |
Context | configure system security source-address ipv4 keyword | |
Tree | ipv4 | |
Options | ||
Notes |
This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
address string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Source IPv4 address | |
Context | configure system security source-address ipv4 keyword address string | |
Tree | address | |
Notes | The following elements are part of a mandatory choice: address or interface-name. | |
Introduced | 16.0.R1 | |
Platforms | All |
interface-name string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IP interface name | |
Context | configure system security source-address ipv4 keyword interface-name string | |
Tree | interface-name | |
String Length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: address or interface-name. | |
Introduced | 16.0.R1 | |
Platforms | All |
ipv6 [application] keyword
Synopsis | Enter the ipv6 list instance | |
Context | configure system security source-address ipv6 keyword | |
Tree | ipv6 | |
Introduced | 16.0.R1 | |
Platforms | All |
[application] keyword
Synopsis | Application which uses the source IPv6 address | |
Context | configure system security source-address ipv6 keyword | |
Tree | ipv6 | |
Options | ||
Notes |
This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
address string
ssh
authentication-method
Synopsis | Enter the authentication-method context | |
Context | configure system security ssh authentication-method | |
Tree | authentication-method | |
Introduced | 23.7.R1 | |
Platforms | All |
server
public-key-only boolean
Synopsis | Accept only public-key authentication for SSH session | |
Context | configure system security ssh authentication-method server public-key-only boolean | |
Tree | public-key-only | |
Description | When configured to true, the system accepts only public key client authentication for the SSH server. This command defines the authentication method at the system level. When configured to false, the system accepts public key or password client authentication. If interactive-authentication is configured to true in the configure system security aaa remote-servers radius or configure system security aaa remote-servers tacplus context, the system also accepts interactive keyboard authentication. | |
Default | false | |
Introduced | 23.7.R1 | |
Platforms | All |
client-cipher-list-v2
Synopsis | Enter the client-cipher-list-v2 context | |
Context | configure system security ssh client-cipher-list-v2 | |
Tree | client-cipher-list-v2 | |
Introduced | 16.0.R1 | |
Platforms | All |
cipher [index] number
[index] number
name keyword
client-kex-list-v2
Synopsis | Enter the client-kex-list-v2 context | |
Context | configure system security ssh client-kex-list-v2 | |
Tree | client-kex-list-v2 | |
Introduced | 19.10.R3 | |
Platforms | All |
kex [index] number
Synopsis | Enter the kex list instance | |
Context | configure system security ssh client-kex-list-v2 kex number | |
Tree | kex | |
Description | Commands in this context configure SSH Key Exchange (KEX) algorithms for SR OS as a client. If a list is configured, SSH uses the list with the first-listed algorithm having the highest priority. By default, the client list is empty. The default list contains the following:
| |
Introduced | 19.10.R3 | |
Platforms | All |
[index] number
Synopsis | SSHv2 KEX algorithm index | |
Context | configure system security ssh client-kex-list-v2 kex number | |
Tree | kex | |
Description | This command configures the index of the KEX algorithm in the list. The lowest index in the list is negotiated first on the SSH negotiation list, while the highest index is at the bottom of the SSH negotiation list. | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 19.10.R3 | |
Platforms | All |
name keyword
client-mac-list-v2
Synopsis | Enter the client-mac-list-v2 context | |
Context | configure system security ssh client-mac-list-v2 | |
Tree | client-mac-list-v2 | |
Introduced | 16.0.R1 | |
Platforms | All |
mac [index] number
[index] number
name keyword
key-re-exchange
Synopsis | Enter the key-re-exchange context | |
Context | configure system security ssh key-re-exchange | |
Tree | key-re-exchange | |
Introduced | 16.0.R1 | |
Platforms | All |
client
admin-state keyword
Synopsis | Administrative state of the key re-exchange | |
Context | configure system security ssh key-re-exchange client admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
mbytes (number | keyword)
minutes (number | keyword)
server
admin-state keyword
Synopsis | Administrative state of the key re-exchange | |
Context | configure system security ssh key-re-exchange server admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
mbytes (number | keyword)
minutes (number | keyword)
permit-empty-passwords boolean
Synopsis | Permit users with empty password strings to log in | |
Context | configure system security ssh permit-empty-passwords boolean | |
Tree | permit-empty-passwords | |
Default | true | |
Introduced | 22.10.R1 | |
Platforms | All |
preserve-key boolean
Synopsis | Preserve keys and restore on system or server restart | |
Context | configure system security ssh preserve-key boolean | |
Tree | preserve-key | |
Description | When configured to true, private, public, and host keys are saved by the server. The keys are restored following a system reboot or a restart of an SSH server. When configured to false, the keys are held in memory by an SSH server but are not restored following a system reboot. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
server-admin-state keyword
Synopsis | Administrative state of the SSH server | |
Context | configure system security ssh server-admin-state keyword | |
Tree | server-admin-state | |
Options | ||
Default | enable | |
Introduced | 16.0.R1 | |
Platforms | All |
server-cipher-list-v2
Synopsis | Enter the server-cipher-list-v2 context | |
Context | configure system security ssh server-cipher-list-v2 | |
Tree | server-cipher-list-v2 | |
Introduced | 16.0.R1 | |
Platforms | All |
cipher [index] number
[index] number
name keyword
server-kex-list-v2
Synopsis | Enter the server-kex-list-v2 context | |
Context | configure system security ssh server-kex-list-v2 | |
Tree | server-kex-list-v2 | |
Introduced | 19.10.R3 | |
Platforms | All |
kex [index] number
[index] number
Synopsis | SSHv2 KEX algorithm index | |
Context | configure system security ssh server-kex-list-v2 kex number | |
Tree | kex | |
Description | This command configures the index of the KEX algorithm in the list. The lowest index in the list is negotiated first on the SSH negotiation list, while the highest index is at the bottom of the SSH negotiation list. | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 19.10.R3 | |
Platforms | All |
name keyword
server-mac-list-v2
Synopsis | Enter the server-mac-list-v2 context | |
Context | configure system security ssh server-mac-list-v2 | |
Tree | server-mac-list-v2 | |
Introduced | 16.0.R1 | |
Platforms | All |
mac [index] number
[index] number
name keyword
system-passwords
Synopsis | Enter the system-passwords context | |
Context | configure system security system-passwords | |
Tree | system-passwords | |
Description | This command enters the context to configure system passwords. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-password string
Synopsis | Context to configure system passwords | |
Context | configure system security system-passwords admin-password string | |
Tree | admin-password | |
Description | This command allows a user with administrative permissions to configure a password that enables a user to become an administrator. This password is valid only for one session. When enabled, no authorization to TACACS+ or RADIUS is performed and the user is locally regarded as an administrative user. If the admin-password is configured in the configure system security system-passwords admin-password context, any user can enter the special mode by entering the enable command. enable is in the default profile. By default, all users are given access to this command. After the enable command is entered, the user is prompted for a password. If the password matches, user is given unrestricted access to all commands. The minimum length of the password is determined by the minimum-length command. The complexity requirements for the password are determined by the complexity command. Note: This command applies to a local user, in addition to users on RADIUS, TACACS, and LDAP. | |
String Length | 3 to 136 | |
Introduced | 16.0.R1 | |
Platforms | All |
tech-support
Synopsis | Enter the tech-support context | |
Context | configure system security tech-support | |
Tree | tech-support | |
Introduced | 16.0.R1 | |
Platforms | All |
ts-location (ts-sat-url | cflash-url | string)
Synopsis | Default file path for generated tech-support files | |
Context | configure system security tech-support ts-location (ts-sat-url | cflash-url | string) | |
Tree | ts-location | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | All |
telnet-server boolean
Synopsis | Enable Telnet servers running on the system | |
Context | configure system security telnet-server boolean | |
Tree | telnet-server | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
telnet6-server boolean
Synopsis | Enable Telnet IPv6 servers running on the system | |
Context | configure system security telnet6-server boolean | |
Tree | telnet6-server | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
tls
cert-profile [cert-profile-name] string
Synopsis | Enter the cert-profile list instance | |
Context | configure system security tls cert-profile string | |
Tree | cert-profile | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[cert-profile-name] string
Synopsis | TLS certificate profile name | |
Context | configure system security tls cert-profile string | |
Tree | cert-profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the certificate profile | |
Context | configure system security tls cert-profile string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
[entry-id] number
certificate-file string
Synopsis | Certificate file name | |
Context | configure system security tls cert-profile string entry number certificate-file string | |
Tree | certificate-file | |
String Length | 1 to 95 | |
Introduced | 16.0.R1 | |
Platforms | All |
key-file string
send-chain
Synopsis | Enter the send-chain context | |
Context | configure system security tls cert-profile string entry number send-chain | |
Tree | send-chain | |
Introduced | 16.0.R1 | |
Platforms | All |
ca-profile [ca-profile-name] reference
Synopsis | Add a list entry for ca-profile | |
Context | configure system security tls cert-profile string entry number send-chain ca-profile reference | |
Tree | ca-profile | |
Max. Instances | 7 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ca-profile-name] reference
Synopsis | CA profile name | |
Context | configure system security tls cert-profile string entry number send-chain ca-profile reference | |
Tree | ca-profile | |
Reference | configure system security pki ca-profile string | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
client-cipher-list [client-cipher-list-name] string
Synopsis | Enter the client-cipher-list list instance | |
Context | configure system security tls client-cipher-list string | |
Tree | client-cipher-list | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[client-cipher-list-name] string
Synopsis | Client cipher list name | |
Context | configure system security tls client-cipher-list string | |
Tree | client-cipher-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
tls12-cipher [index] number
Synopsis | Enter the tls12-cipher list instance | |
Context | configure system security tls client-cipher-list string tls12-cipher number | |
Tree | tls12-cipher | |
Introduced | 22.2.R1 | |
Platforms | All |
[index] number
Synopsis | Index of the cipher | |
Context | configure system security tls client-cipher-list string tls12-cipher number | |
Tree | tls12-cipher | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
name keyword
Synopsis | Cipher suite code | |
Context | configure system security tls client-cipher-list string tls12-cipher number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.2.R1 | |
Platforms | All |
tls13-cipher [index] number
Synopsis | Enter the tls13-cipher list instance | |
Context | configure system security tls client-cipher-list string tls13-cipher number | |
Tree | tls13-cipher | |
Description | Commands in this context configure the TLS 1.3-supported ciphers used by the client. | |
Introduced | 22.7.R1 | |
Platforms | All |
[index] number
Synopsis | Index number of the TLS 1.3 cipher | |
Context | configure system security tls client-cipher-list string tls13-cipher number | |
Tree | tls13-cipher | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
name keyword
Synopsis | Name of the TLS 1.3 cipher suite code | |
Context | configure system security tls client-cipher-list string tls13-cipher number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.7.R1 | |
Platforms | All |
client-group-list [client-group-list-name] string
Synopsis | Enter the client-group-list list instance | |
Context | configure system security tls client-group-list string | |
Tree | client-group-list | |
Description | Commands in this context configure the list of TLS 1.3-supported group suite codes that the client sends in a client Hello message. | |
Max. Instances | 16 | |
Introduced | 22.7.R1 | |
Platforms | All |
[client-group-list-name] string
Synopsis | Name of the TLS client group list | |
Context | configure system security tls client-group-list string | |
Tree | client-group-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
tls13-group [index] number
Synopsis | Enter the tls13-group list instance | |
Context | configure system security tls client-group-list string tls13-group number | |
Tree | tls13-group | |
Description | Commands in this context configure the TLS 1.3-supported group suite codes sent by the client in its Hello messages. SR OS supports the use of Elliptic-Curve Diffie-Hellman Ephemeral (ECDHE) groups. | |
Introduced | 22.7.R1 | |
Platforms | All |
[index] number
Synopsis | Index number of the TLS 1.3 group | |
Context | configure system security tls client-group-list string tls13-group number | |
Tree | tls13-group | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
name keyword
Synopsis | Name of the TLS 1.3 group suite code | |
Context | configure system security tls client-group-list string tls13-group number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.7.R1 | |
Platforms | All |
client-signature-list [client-signature-list-name] string
Synopsis | Enter the client-signature-list list instance | |
Context | configure system security tls client-signature-list string | |
Tree | client-signature-list | |
Description | Commands in this context configure the list of TLS 1.3-supported signature suite codes that the client sends in a client Hello message. | |
Max. Instances | 16 | |
Introduced | 22.7.R1 | |
Platforms | All |
[client-signature-list-name] string
Synopsis | Name of the TLS 1.3 client signature list | |
Context | configure system security tls client-signature-list string | |
Tree | client-signature-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
tls13-signature [index] number
Synopsis | Enter the tls13-signature list instance | |
Context | configure system security tls client-signature-list string tls13-signature number | |
Tree | tls13-signature | |
Description | Commands in this context configure the TLS 1.3-supported signature suite codes sent by the client in its Hello messages. | |
Introduced | 22.7.R1 | |
Platforms | All |
[index] number
Synopsis | Index number of the TLS 1.3 signature | |
Context | configure system security tls client-signature-list string tls13-signature number | |
Tree | tls13-signature | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
name keyword
Synopsis | Name of the TLS 1.3 signature suite code | |
Context | configure system security tls client-signature-list string tls13-signature number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.7.R1 | |
Platforms | All |
client-tls-profile [client-profile-name] string
Synopsis | Enter the client-tls-profile list instance | |
Context | configure system security tls client-tls-profile string | |
Tree | client-tls-profile | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[client-profile-name] string
Synopsis | Client TLS profile name | |
Context | configure system security tls client-tls-profile string | |
Tree | client-tls-profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the client TLS profile | |
Context | configure system security tls client-tls-profile string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
cert-profile reference
Synopsis | Certificate profile ID | |
Context | configure system security tls client-tls-profile string cert-profile reference | |
Tree | cert-profile | |
Reference | configure system security tls cert-profile string | |
Introduced | 16.0.R1 | |
Platforms | All |
cipher-list reference
Synopsis | Cipher list for negotiation in the client Hello message | |
Context | configure system security tls client-tls-profile string cipher-list reference | |
Tree | cipher-list | |
Reference | configure system security tls client-cipher-list string | |
Introduced | 16.0.R1 | |
Platforms | All |
group-list reference
Synopsis | Name of the list of supported group suite codes | |
Context | configure system security tls client-tls-profile string group-list reference | |
Tree | group-list | |
Description | This command assigns an existing TLS 1.3 group list to the TLS client profile. | |
Reference | configure system security tls client-group-list string | |
Introduced | 22.7.R1 | |
Platforms | All |
protocol-version keyword
Synopsis | TLS protocol version used by the TLS client profile | |
Context | configure system security tls client-tls-profile string protocol-version keyword | |
Tree | protocol-version | |
Description | This command configures the TLS version to be negotiated between the client and the server. The client adds the specified version as a supported version in its Hello message to the server. | |
Options | ||
Default | tls-version-12 | |
Introduced | 22.7.R1 | |
Platforms | All |
signature-list reference
Synopsis | Name of the list of supported signature suite codes | |
Context | configure system security tls client-tls-profile string signature-list reference | |
Tree | signature-list | |
Description | This command assigns an existing TLS 1.3 signature list to the TLS client profile. | |
Reference | configure system security tls client-signature-list string | |
Introduced | 22.7.R1 | |
Platforms | All |
status-verify
Synopsis | Enter the status-verify context | |
Context | configure system security tls client-tls-profile string status-verify | |
Tree | status-verify | |
Description | Commands in this context configure certificate revocation status verification options for the end-entity certificate in a TLS client. | |
Introduced | 23.7.R1 | |
Platforms | All |
default-result keyword
Synopsis | Default result of certificate status verification | |
Context | configure system security tls client-tls-profile string status-verify default-result keyword | |
Tree | default-result | |
Description | This command configures the default result of the entity certificate verification in the TLS client profile. This command overwrites the EE certificate revocation verification for the TLS client profile. By default the router checks the certification revocation status, but if this command is set to good, the end-entity certificate revocation status is overwritten and a good revocation status is returned for the EE certificate. If this command is set to revoked, the router returns the actual revocation status of the end-entity certificate. | |
Options | ||
Default | revoked | |
Introduced | 23.7.R1 | |
Platforms | All |
trust-anchor-profile reference
Synopsis | Trust anchor profile | |
Context | configure system security tls client-tls-profile string trust-anchor-profile reference | |
Tree | trust-anchor-profile | |
Reference | configure system security tls trust-anchor-profile string | |
Introduced | 16.0.R1 | |
Platforms | All |
server-cipher-list [server-cipher-list-name] string
Synopsis | Enter the server-cipher-list list instance | |
Context | configure system security tls server-cipher-list string | |
Tree | server-cipher-list | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[server-cipher-list-name] string
Synopsis | Server cipher list name | |
Context | configure system security tls server-cipher-list string | |
Tree | server-cipher-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
tls12-cipher [index] number
Synopsis | Enter the tls12-cipher list instance | |
Context | configure system security tls server-cipher-list string tls12-cipher number | |
Tree | tls12-cipher | |
Introduced | 22.2.R1 | |
Platforms | All |
[index] number
Synopsis | Index of the cipher | |
Context | configure system security tls server-cipher-list string tls12-cipher number | |
Tree | tls12-cipher | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | All |
name keyword
Synopsis | Cipher suite code | |
Context | configure system security tls server-cipher-list string tls12-cipher number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.2.R1 | |
Platforms | All |
tls13-cipher [index] number
Synopsis | Enter the tls13-cipher list instance | |
Context | configure system security tls server-cipher-list string tls13-cipher number | |
Tree | tls13-cipher | |
Description | Commands in this context configure the TLS 1.3-supported ciphers used by the server. | |
Introduced | 22.7.R1 | |
Platforms | All |
[index] number
Synopsis | Index number of the TLS 1.3 cipher | |
Context | configure system security tls server-cipher-list string tls13-cipher number | |
Tree | tls13-cipher | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
name keyword
Synopsis | Name of the TLS 1.3 cipher suite code | |
Context | configure system security tls server-cipher-list string tls13-cipher number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.7.R1 | |
Platforms | All |
server-group-list [server-group-list-name] string
Synopsis | Enter the server-group-list list instance | |
Context | configure system security tls server-group-list string | |
Tree | server-group-list | |
Description | Commands in this context configure the list of TLS 1.3-supported group suite codes that the server sends in a server Hello message. | |
Max. Instances | 16 | |
Introduced | 22.7.R1 | |
Platforms | All |
[server-group-list-name] string
Synopsis | Name of the TLS server group list | |
Context | configure system security tls server-group-list string | |
Tree | server-group-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
tls13-group [index] number
Synopsis | Enter the tls13-group list instance | |
Context | configure system security tls server-group-list string tls13-group number | |
Tree | tls13-group | |
Description | Commands in this context configure the TLS 1.3-supported group suite codes sent by the server in its Hello messages. SR OS supports the use of Elliptic-Curve Diffie-Hellman Ephemeral (ECDHE) groups. | |
Introduced | 22.7.R1 | |
Platforms | All |
[index] number
Synopsis | Index number of the TLS 1.3 group | |
Context | configure system security tls server-group-list string tls13-group number | |
Tree | tls13-group | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
name keyword
Synopsis | Name of the TLS 1.3 group suite code | |
Context | configure system security tls server-group-list string tls13-group number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.7.R1 | |
Platforms | All |
server-signature-list [server-signature-list-name] string
Synopsis | Enter the server-signature-list list instance | |
Context | configure system security tls server-signature-list string | |
Tree | server-signature-list | |
Description | Commands in this context configure the list of TLS 1.3-supported signature suite codes for the digital signature that the server sends in a server Hello message. | |
Max. Instances | 16 | |
Introduced | 22.7.R1 | |
Platforms | All |
[server-signature-list-name] string
Synopsis | Name of the TLS 1.3 server signature list | |
Context | configure system security tls server-signature-list string | |
Tree | server-signature-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
tls13-signature [index] number
Synopsis | Enter the tls13-signature list instance | |
Context | configure system security tls server-signature-list string tls13-signature number | |
Tree | tls13-signature | |
Description | Commands in this context configure the TLS 1.3-supported signature suite codes sent by the server in its Hello messages. | |
Introduced | 22.7.R1 | |
Platforms | All |
[index] number
Synopsis | Index number of the TLS 1.3 signature | |
Context | configure system security tls server-signature-list string tls13-signature number | |
Tree | tls13-signature | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
name keyword
Synopsis | Name of the TLS 1.3 signature suite code | |
Context | configure system security tls server-signature-list string tls13-signature number name keyword | |
Tree | name | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 22.7.R1 | |
Platforms | All |
server-tls-profile [server-profile-name] string
Synopsis | Enter the server-tls-profile list instance | |
Context | configure system security tls server-tls-profile string | |
Tree | server-tls-profile | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[server-profile-name] string
Synopsis | TLS server profile name | |
Context | configure system security tls server-tls-profile string | |
Tree | server-tls-profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the server TLS profile | |
Context | configure system security tls server-tls-profile string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
authenticate-client
Synopsis | Enter the authenticate-client context | |
Context | configure system security tls server-tls-profile string authenticate-client | |
Tree | authenticate-client | |
Introduced | 16.0.R1 | |
Platforms | All |
common-name-list reference
Synopsis | Common name list for client certificate authentication | |
Context | configure system security tls server-tls-profile string authenticate-client common-name-list reference | |
Tree | common-name-list | |
Reference | configure system security pki common-name-list string | |
Introduced | 16.0.R1 | |
Platforms | All |
trust-anchor-profile reference
Synopsis | Trust anchor profile for client authentication | |
Context | configure system security tls server-tls-profile string authenticate-client trust-anchor-profile reference | |
Tree | trust-anchor-profile | |
Reference | configure system security tls trust-anchor-profile string | |
Introduced | 16.0.R1 | |
Platforms | All |
cert-profile reference
Synopsis | Certificate profile ID | |
Context | configure system security tls server-tls-profile string cert-profile reference | |
Tree | cert-profile | |
Reference | configure system security tls cert-profile string | |
Introduced | 16.0.R1 | |
Platforms | All |
cipher-list reference
Synopsis | Cipher list used by the TLS server profile | |
Context | configure system security tls server-tls-profile string cipher-list reference | |
Tree | cipher-list | |
Reference | configure system security tls server-cipher-list string | |
Introduced | 16.0.R1 | |
Platforms | All |
group-list reference
Synopsis | Name of the list of supported group suite codes | |
Context | configure system security tls server-tls-profile string group-list reference | |
Tree | group-list | |
Description | This command assigns an existing TLS 1.3 group list to the TLS server profile. | |
Reference | configure system security tls server-group-list string | |
Introduced | 22.7.R1 | |
Platforms | All |
protocol-version keyword
Synopsis | TLS protocol version used by the TLS server profile | |
Context | configure system security tls server-tls-profile string protocol-version keyword | |
Tree | protocol-version | |
Description | This command configures the TLS version to be negotiated between the server and the client. The server adds the specified version as a supported version in its Hello message to the client. | |
Options | ||
Default | tls-version-12 | |
Introduced | 22.7.R1 | |
Platforms | All |
signature-list reference
Synopsis | Name of the list of supported signature suite codes | |
Context | configure system security tls server-tls-profile string signature-list reference | |
Tree | signature-list | |
Description | This command assigns an existing TLS 1.3 signature list to the TLS server profile. | |
Reference | configure system security tls server-signature-list string | |
Introduced | 22.7.R1 | |
Platforms | All |
status-verify
Synopsis | Enter the status-verify context | |
Context | configure system security tls server-tls-profile string status-verify | |
Tree | status-verify | |
Description | Commands in this context configure certificate revocation status verification options for the end-entity certificate in a TLS server. | |
Introduced | 23.7.R1 | |
Platforms | All |
default-result keyword
Synopsis | Default result of certificate status verification | |
Context | configure system security tls server-tls-profile string status-verify default-result keyword | |
Tree | default-result | |
Description | This command configures the default result of the entity certificate verification in the TLS server profile. This command overwrites the EE certificate revocation verification for the TLS server profile. By default the router checks the certification revocation status, but if this command is set to good, the end-entity certificate revocation status is overwritten and a good revocation status is returned for the EE certificate. If this command is set to revoked, the router returns the actual revocation status of the end-entity certificate. | |
Options | ||
Default | revoked | |
Introduced | 23.7.R1 | |
Platforms | All |
tls-re-negotiate-timer number
Synopsis | TLS HELLO request timer | |
Context | configure system security tls server-tls-profile string tls-re-negotiate-timer number | |
Tree | tls-re-negotiate-timer | |
Range | 0 to 65000 | |
Units | minutes | |
Default | 0 | |
Introduced | 16.0.R1 | |
Platforms | All |
trust-anchor-profile [trust-anchor-profile-name] string
Synopsis | Enter the trust-anchor-profile list instance | |
Context | configure system security tls trust-anchor-profile string | |
Tree | trust-anchor-profile | |
Max. Instances | 16 | |
Introduced | 16.0.R1 | |
Platforms | All |
[trust-anchor-profile-name] string
Synopsis | Trust anchor profile name | |
Context | configure system security tls trust-anchor-profile string | |
Tree | trust-anchor-profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
trust-anchor [ca-profile-name] reference
Synopsis | Add a list entry for trust-anchor | |
Context | configure system security tls trust-anchor-profile string trust-anchor reference | |
Tree | trust-anchor | |
Max. Instances | 8 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ca-profile-name] reference
Synopsis | Trusted CA profile name | |
Context | configure system security tls trust-anchor-profile string trust-anchor reference | |
Tree | trust-anchor | |
Reference | configure system security pki ca-profile string | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
user-params
Synopsis | Enter the user-params context | |
Context | configure system security user-params | |
Tree | user-params | |
Introduced | 16.0.R1 | |
Platforms | All |
attempts
Synopsis | Enter the attempts context | |
Context | configure system security user-params attempts | |
Tree | attempts | |
Introduced | 16.0.R1 | |
Platforms | All |
count number
lockout number
time number
authentication-order
Synopsis | Enter the authentication-order context | |
Context | configure system security user-params authentication-order | |
Tree | authentication-order | |
Description | Commands in this context configure the sequence in which the system attempts authentication and authorization among the local user database, RADIUS servers, TACACS+ servers, and LDAP servers. Configure the order from the most preferred method to the least preferred. The presence of all methods in the command line does not guarantee they are all operational. Specifying options that are not available delays user authentication. If all operational methods are attempted and no authentication for a particular login has been granted, an entry in the security log records the failed attempt. Both the attempted login identification and originating IP address are logged with a timestamp. The default order is [radius tacplus ldap local]. The order is not applicable to SNMPv3. SNMPv3 messages ignore the configured order and are authorized using the locally configured users only. TACACS+, RADIUS, and LDAP are not supported for SNMPv3 authentication. Note: This command applies to a local user, in addition to users on RADIUS, TACACS+, and LDAP. | |
Introduced | 16.0.R1 | |
Platforms | All |
exit-on-reject boolean
Synopsis | Ignore subsequent AAA methods after a reject | |
Context | configure system security user-params authentication-order exit-on-reject boolean | |
Tree | exit-on-reject | |
Description | When configured to true, the router stops authentication if one of the AAA methods configured in the authentication order sends a rejection. When configured to false, the router attempts the next AAA method if a AAA method sends a rejection. If all AAA methods are exhausted, authentication and authorization is rejected. If the order specifies local as the first method, the following actions apply:
| |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
order keyword
Synopsis | Preferred order of password authentication | |
Context | configure system security user-params authentication-order order keyword | |
Tree | order | |
Options | ||
Max. Instances | 4 | |
Notes | This element is ordered by the user. | |
Introduced | 16.0.R1 | |
Platforms | All |
local-user
Synopsis | Enter the local-user context | |
Context | configure system security user-params local-user | |
Tree | local-user | |
Introduced | 16.0.R1 | |
Platforms | All |
password
Synopsis | Enter the password context | |
Context | configure system security user-params local-user password | |
Tree | password | |
Introduced | 16.0.R1 | |
Platforms | All |
aging number
Synopsis | Maximum time during which a user password is valid | |
Context | configure system security user-params local-user password aging number | |
Tree | aging | |
Range | 1 to 500 | |
Units | days | |
Introduced | 16.0.R1 | |
Platforms |
All |
complexity-rules
Synopsis | Enter the complexity-rules context | |
Context | configure system security user-params local-user password complexity-rules | |
Tree | complexity-rules | |
Introduced | 16.0.R1 | |
Platforms | All |
allow-user-name boolean
Synopsis | Allow the username to be used as part of the password | |
Context | configure system security user-params local-user password complexity-rules allow-user-name boolean | |
Tree | allow-user-name | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
credits
Synopsis | Enter the credits context | |
Context | configure system security user-params local-user password complexity-rules credits | |
Tree | credits | |
Notes | The following elements are part of a choice: credits or required. | |
Introduced | 16.0.R1 | |
Platforms | All |
lowercase number
Synopsis | Maximum credits for the use of lowercase letters | |
Context | configure system security user-params local-user password complexity-rules credits lowercase number | |
Tree | lowercase | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
numeric number
Synopsis | Maximum credits for the use of numeric characters | |
Context | configure system security user-params local-user password complexity-rules credits numeric number | |
Tree | numeric | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
special-character number
Synopsis | Maximum credits for the use of special characters | |
Context | configure system security user-params local-user password complexity-rules credits special-character number | |
Tree | special-character | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
uppercase number
Synopsis | Maximum credits for the use of uppercase letters | |
Context | configure system security user-params local-user password complexity-rules credits uppercase number | |
Tree | uppercase | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
minimum-classes number
Synopsis | Minimum number of different character classes to use | |
Context | configure system security user-params local-user password complexity-rules minimum-classes number | |
Tree | minimum-classes | |
Range | 2 to 4 | |
Introduced | 16.0.R1 | |
Platforms | All |
minimum-length number
Synopsis | Minimum length required for local passwords | |
Context | configure system security user-params local-user password complexity-rules minimum-length number | |
Tree | minimum-length | |
Range | 6 to 50 | |
Default | 6 | |
Introduced | 16.0.R1 | |
Platforms |
All |
repeated-characters number
Synopsis | Number of times same character can repeat consecutively | |
Context | configure system security user-params local-user password complexity-rules repeated-characters number | |
Tree | repeated-characters | |
Range | 2 to 8 | |
Introduced | 16.0.R1 | |
Platforms | All |
required
Synopsis | Enter the required context | |
Context | configure system security user-params local-user password complexity-rules required | |
Tree | required | |
Notes | The following elements are part of a choice: credits or required. | |
Introduced | 16.0.R1 | |
Platforms | All |
lowercase number
Synopsis | Number of lowercase letters required | |
Context | configure system security user-params local-user password complexity-rules required lowercase number | |
Tree | lowercase | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
numeric number
Synopsis | Number of numeric characters required | |
Context | configure system security user-params local-user password complexity-rules required numeric number | |
Tree | numeric | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
special-character number
Synopsis | Number of special characters required | |
Context | configure system security user-params local-user password complexity-rules required special-character number | |
Tree | special-character | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
uppercase number
Synopsis | Number of uppercase letters required | |
Context | configure system security user-params local-user password complexity-rules required uppercase number | |
Tree | uppercase | |
Range | 1 to 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
hashing keyword
Synopsis | Hashing algorithm for user passwords | |
Context | configure system security user-params local-user password hashing keyword | |
Tree | hashing | |
Options | ||
Default | bcrypt | |
Introduced | 20.7.R1 | |
Platforms | All |
history-size number
Synopsis | Number of previous passwords to compare against | |
Context | configure system security user-params local-user password history-size number | |
Tree | history-size | |
Range | 0 to 20 | |
Introduced | 16.0.R1 | |
Platforms | All |
minimum-age number
Synopsis | Minimum age required for a password before changing it | |
Context | configure system security user-params local-user password minimum-age number | |
Tree | minimum-age | |
Range | 0 to 86400 | |
Units | seconds | |
Default | 600 | |
Introduced | 16.0.R1 | |
Platforms | All |
minimum-change number
Synopsis | Minimum character differences between passwords | |
Context | configure system security user-params local-user password minimum-change number | |
Tree | minimum-change | |
Range | 1 to 20 | |
Default | 5 | |
Introduced | 16.0.R1 | |
Platforms |
All |
user [user-name] string
Synopsis | Enter the user list instance | |
Context | configure system security user-params local-user user string | |
Tree | user | |
Introduced | 16.0.R1 | |
Platforms | All |
[user-name] string
Synopsis | Local user name | |
Context | configure system security user-params local-user user string | |
Tree | user | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
access
Synopsis | Enter the access context | |
Context | configure system security user-params local-user user string access | |
Tree | access | |
Introduced | 16.0.R1 | |
Platforms | All |
console boolean
Synopsis | Allow console port, Telnet, and SSH access | |
Context | configure system security user-params local-user user string access console boolean | |
Tree | console | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
ftp boolean
Synopsis | Allow FTP access | |
Context | configure system security user-params local-user user string access ftp boolean | |
Tree | ftp | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
grpc boolean
Synopsis | Allow gRPC access | |
Context | configure system security user-params local-user user string access grpc boolean | |
Tree | grpc | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
li boolean
Synopsis | Allow access to LI | |
Context | configure system security user-params local-user user string access li boolean | |
Tree | li | |
Default | false | |
Introduced | 19.10.R1 | |
Platforms | All |
netconf boolean
Synopsis | Allow NETCONF access | |
Context | configure system security user-params local-user user string access netconf boolean | |
Tree | netconf | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
snmp boolean
Synopsis | Allow SNMP access | |
Context | configure system security user-params local-user user string access snmp boolean | |
Tree | snmp | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
cli-engine keyword
Synopsis | User level override for CLI engine access | |
Context | configure system security user-params local-user user string cli-engine keyword | |
Tree | cli-engine | |
Options | ||
Max. Instances | 2 | |
Notes | This element is ordered by the user. | |
Introduced | 16.0.R1 | |
Platforms | All |
console
Synopsis | Enter the console context | |
Context | configure system security user-params local-user user string console | |
Tree | console | |
Introduced | 16.0.R1 | |
Platforms | All |
cannot-change-password boolean
Synopsis | Change password privileges | |
Context | configure system security user-params local-user user string console cannot-change-password boolean | |
Tree | cannot-change-password | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
login-exec (sat-url | cflash-url | ftp-tftp-url | filename)
Synopsis | File to execute when a user successfully logs in | |
Context | configure system security user-params local-user user string console login-exec (sat-url | cflash-url | ftp-tftp-url | filename) | |
Tree | login-exec | |
String Length | 1 to 200 | |
Introduced | 16.0.R1 | |
Platforms | All |
member reference
Synopsis | User profiles for this user | |
Context | configure system security user-params local-user user string console member reference | |
Tree | member | |
Reference | configure system security aaa local-profiles profile string | |
Max. Instances | 8 | |
Notes | This element is ordered by the user. | |
Introduced | 16.0.R1 | |
Platforms | All |
new-password-at-login boolean
Synopsis | Prompt a user to change password at next console login | |
Context | configure system security user-params local-user user string console new-password-at-login boolean | |
Tree | new-password-at-login | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
home-directory (sat-url | cflash-without-slot-url)
Synopsis | Home directory for the user | |
Context | configure system security user-params local-user user string home-directory (sat-url | cflash-without-slot-url) | |
Tree | home-directory | |
Description | This command configures the home directory of the user for file access. Files can be accessed locally by CLI file commands and output modifiers such as > (file redirect), or remotely via FTP and SCP. If the home directory does not exist, a warning message is displayed when the user logs in. When restricted-to-home is configured, file access is denied unless the home-directory is configured and the directory is created by an administrator. | |
String Length | 1 to 200 | |
Introduced | 16.0.R1 | |
Platforms | All |
password string
Synopsis | User password for console and FTP access | |
Context | configure system security user-params local-user user string password string | |
Tree | password | |
String Length | 3 to 136 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
public-keys
Synopsis | Enter the public-keys context | |
Context | configure system security user-params local-user user string public-keys | |
Tree | public-keys | |
Description | Commands in this context configure public keys for SSH. | |
Introduced | 16.0.R1 | |
Platforms | All |
ecdsa
Synopsis | Enter the ecdsa context | |
Context | configure system security user-params local-user user string public-keys ecdsa | |
Tree | ecdsa | |
Description | Commands in this context configure Elliptic Curve Digital Signature Algorithm (ECDSA) public keys. | |
Introduced | 16.0.R1 | |
Platforms | All |
ecdsa-key [ecdsa-public-key-id] number
Synopsis | Enter the ecdsa-key list instance | |
Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number | |
Tree | ecdsa-key | |
Description | Commands in this context configure an ECDSA public key and associate the key with a username. A user can associate multiple public keys with a username. The key ID identifies these keys for the user. | |
Introduced | 16.0.R1 | |
Platforms | All |
[ecdsa-public-key-id] number
Synopsis | ECDSA public key identifier | |
Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number | |
Tree | ecdsa-key | |
Range | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
key-value string
Synopsis | ECDSA public key value | |
Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number key-value string | |
Tree | key-value | |
Description | This command configures a value for the ECDSA public key. The public key must be enclosed in quotation marks. For ECDSA, the key is between 1 and 1024 bits. | |
String Length | 1 to 255 | |
Introduced | 16.0.R1 | |
Platforms | All |
rsa
Synopsis | Enter the rsa context | |
Context | configure system security user-params local-user user string public-keys rsa | |
Tree | rsa | |
Description | Commands in this context configure RSA public keys. | |
Introduced | 16.0.R1 | |
Platforms | All |
rsa-key [rsa-public-key-id] number
Synopsis | Enter the rsa-key list instance | |
Context | configure system security user-params local-user user string public-keys rsa rsa-key number | |
Tree | rsa-key | |
Description | Commands in this context configure an RSA public key and associate the key with a username. A user can associate multiple public keys with a username. The key ID identifies these keys for the user. | |
Introduced | 16.0.R1 | |
Platforms | All |
[rsa-public-key-id] number
Synopsis | RSA public key identifier | |
Context | configure system security user-params local-user user string public-keys rsa rsa-key number | |
Tree | rsa-key | |
Range | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system security user-params local-user user string public-keys rsa rsa-key number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
key-value string
Synopsis | RSA public key value | |
Context | configure system security user-params local-user user string public-keys rsa rsa-key number key-value string | |
Tree | key-value | |
Description | This command configures a value for the RSA public key. The public key must be enclosed in quotation marks. For RSA, the key is between 768 and 4096 bits. | |
String Length | 1 to 800 | |
Introduced | 16.0.R1 | |
Platforms | All |
restricted-to-home boolean
Synopsis | Restrict file access to the home directory of the user | |
Context | configure system security user-params local-user user string restricted-to-home boolean | |
Tree | restricted-to-home | |
Description | When configured to true, the router denies the user from accessing files outside of their home directory. Files can be accessed locally by CLI file commands and output modifiers such as > (file redirect), or remotely via FTP and SCP. The system denies all configuration save operations (such as admin save) via any management interface (such as CLI and NETCONF) unless save-when-restricted is enabled. File access is denied unless a home directory is configured and the directory is created by an administrator. When configured to false, the router permits the user to access all files on the system. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
save-when-restricted boolean
Synopsis | Save configurations when the user is restricted to home | |
Context | configure system security user-params local-user user string save-when-restricted boolean | |
Tree | save-when-restricted | |
Description | When configured to true, the system permits configuration save operations for all configuration regions (such as bof and configure) via any management interface (such as CLI and NETCONF) even if restricted-to-home is enabled. The configuration for each region can be saved with admin save CLI commands or when committed over NETCONF and gRPC. When configured to false, the system denies saving the configuration when restricted-to-home is enabled, unless the home directory of the user includes the location of the saved configuration file. | |
Default | false | |
Introduced | 22.10.R1 | |
Platforms | All |
snmp
Synopsis | Enter the snmp context | |
Context | configure system security user-params local-user user string snmp | |
Tree | snmp | |
Introduced | 16.0.R1 | |
Platforms | All |
authentication
Synopsis | Enable the authentication context | |
Context | configure system security user-params local-user user string snmp authentication | |
Tree | authentication | |
Description | Commands in this context configure the SNMPv3 authentication and privacy protocols for the user to communicate with the router. The keys are stored in an encrypted format in the configuration. The keys configured with these commands must be localized keys, which are a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate localized authentication and privacy keys. If authentication is not configured, only the username is required to allow and authenticate SNMPv3 operations. | |
Introduced | 16.0.R1 | |
Platforms | All |
authentication-key string
Synopsis | Localized authentication key | |
Context | configure system security user-params local-user user string snmp authentication authentication-key string | |
Tree | authentication-key | |
Description | This command specifies the authentication key for the authentication protocol. The key must be a localized key, which is a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate a localized authentication key. | |
String Length | 1 to 115 | |
Introduced | 16.0.R1 | |
Platforms | All |
authentication-protocol keyword
Synopsis | Authentication protocol | |
Context | configure system security user-params local-user user string snmp authentication authentication-protocol keyword | |
Tree | authentication-protocol | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
privacy
Synopsis | Enable the privacy context | |
Context | configure system security user-params local-user user string snmp authentication privacy | |
Tree | privacy | |
Introduced | 16.0.R1 | |
Platforms | All |
privacy-key string
Synopsis | Localized privacy key | |
Context | configure system security user-params local-user user string snmp authentication privacy privacy-key string | |
Tree | privacy-key | |
Description | This command specifies the privacy key for the privacy protocol. The key must be a localized key, which is a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate a localized privacy key. | |
String Length | 1 to 71 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
privacy-protocol keyword
Synopsis | Privacy protocol | |
Context | configure system security user-params local-user user string snmp authentication privacy privacy-protocol keyword | |
Tree | privacy-protocol | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
group string
Synopsis | User to associate with a group name | |
Context | configure system security user-params local-user user string snmp group string | |
Tree | group | |
String Length | 1 to 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
ssh-authentication-method
Synopsis | Enter the ssh-authentication-method context | |
Context | configure system security user-params local-user user string ssh-authentication-method | |
Tree | ssh-authentication-method | |
Introduced | 23.7.R1 | |
Platforms | All |
server
Synopsis | Enter the server context | |
Context | configure system security user-params local-user user string ssh-authentication-method server | |
Tree | server | |
Introduced | 23.7.R1 | |
Platforms | All |
public-key-only keyword
Synopsis | Public key only SSH authentication for this user | |
Context | configure system security user-params local-user user string ssh-authentication-method server public-key-only keyword | |
Tree | public-key-only | |
Description | This command configures the authentication method accepted for the SSH session for the specified user. This user-level configuration overrides the system-level configuration defined in the configure system security ssh authentication-method public-key-only command. When unconfigured, the command inherits the setting from the system level command. The command options are:
| |
Options | ||
Introduced | 23.7.R1 | |
Platforms |
All |
vprn-network-exceptions
Synopsis | Enable the vprn-network-exceptions context | |
Context | configure system security vprn-network-exceptions | |
Tree | vprn-network-exceptions | |
Description | Commands in this context configure the rate limiting attributes for processing packets with label TTL expiry received within an LSP shortcut or VPRN instances in the system and from all network IP interfaces. This includes labeled user and control plan packets, ping, and traceroute packets within GRT and VPRN, and ICMP replies. These commands do not rate limit MPLS or service OAM packets. | |
Introduced | 16.0.R1 | |
Platforms | All |
count number
Synopsis | Limit of exception messages received | |
Context | configure system security vprn-network-exceptions count number | |
Tree | count | |
Description | This command specifies the threshold limit of exception messages. If the threshold value is exceeded within the configured time interval, packets are dropped. | |
Range | 10 to 1000 | |
Default | 100 | |
Introduced | 16.0.R1 | |
Platforms |
All |
window number
Synopsis | Time interval to measure exception messages | |
Context | configure system security vprn-network-exceptions window number | |
Tree | window | |
Description | This command configures the time interval within which exception messages are counted. If the threshold value is exceeded within the configured time interval, packets are dropped. | |
Range | 1 to 60 | |
Units | seconds | |
Default | 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
selective-fib boolean
Synopsis | FIB assigned to the system | |
Context | configure system selective-fib boolean | |
Tree | selective-fib | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
software-repository [repository-name] string
Synopsis | Enter the software-repository list instance | |
Context | configure system software-repository string | |
Tree | software-repository | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[repository-name] string
Synopsis | Software repository name | |
Context | configure system software-repository string | |
Tree | software-repository | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
description string
Synopsis | Text description | |
Context | configure system software-repository string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
primary-location string
Synopsis | Primary location for files in the software repository | |
Context | configure system software-repository string primary-location string | |
Tree | primary-location | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
secondary-location string
Synopsis | Secondary location for files in the software repository | |
Context | configure system software-repository string secondary-location string | |
Tree | secondary-location | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tertiary-location string
Synopsis | Tertiary location for files in the software repository | |
Context | configure system software-repository string tertiary-location string | |
Tree | tertiary-location | |
String Length | 1 to 180 | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
switch-fabric
Synopsis | Enter the switch-fabric context | |
Context | configure system switch-fabric | |
Tree | switch-fabric | |
Description | Commands in this context configure system level attributes related to the switch fabric. | |
Introduced | 20.5.R1 | |
Platforms | 7450 ESS, 7750 SR-7, 7750 SR-12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
failure-recovery
Synopsis | Enter the failure-recovery context | |
Context | configure system switch-fabric failure-recovery | |
Tree | failure-recovery | |
Description | Commands in this context configure the attributes related to the automatic switch fabric recovery process. This process is triggered when there are two resets of an IOM/XCM due to ICC failures within a small time frame. The recovery process involves the sequential resetting of SFM in case the issues are due to one of the SFM in the ICC communication path. As the final step in the recovery process, a CPM switchover is triggered to reset the active CPM. | |
Introduced | 21.2.R1 | |
Platforms | 7450 ESS, 7750 SR-7, 7750 SR-12e, 7950 XRS |
admin-state keyword
Synopsis | Administrative state of the failure recovery process | |
Context | configure system switch-fabric failure-recovery admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 21.2.R1 | |
Platforms | 7450 ESS, 7750 SR-7, 7750 SR-12e, 7950 XRS |
sfm-loss-threshold number
Synopsis | Number of SFMs that can fail before SFM overload state | |
Context | configure system switch-fabric sfm-loss-threshold number | |
Tree | sfm-loss-threshold | |
Description | This command specifies the number of SFMs that are permitted to fail before the system goes into SFM overload state. The default value for the 7750 SR-7s is 1 and the default value for the 7750 SR-14s is 2. Users can select the SFM limit based on the number possible for the system minus one. For the 7750 SR-7s, the limit is 3 and the limit for the 7750 SR-14s is 7. | |
Range | 1 to 7 | |
Introduced | 20.5.R1 | |
Platforms | 7750 SR-7s, 7750 SR-14s |
telemetry
destination-group [name] string
Synopsis | Enter the destination-group list instance | |
Context | configure system telemetry destination-group string | |
Tree | destination-group | |
Description | Commands in this context configure parameters for destination groups. | |
Max. Instances | 225 | |
Introduced | 20.5.R1 | |
Platforms | All |
[name] string
Synopsis | Destination group name | |
Context | configure system telemetry destination-group string | |
Tree | destination-group | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
allow-unsecure-connection
Synopsis | Allow connection without secured transport protocol | |
Context | configure system telemetry destination-group string allow-unsecure-connection | |
Tree | allow-unsecure-connection | |
Description | When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information. | |
Notes | The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. | |
Introduced | 20.5.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system telemetry destination-group string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.5.R1 | |
Platforms | All |
destination [address] (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
Synopsis | Enter the destination list instance | |
Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
Tree | destination | |
Max. Instances | 4 | |
Notes | This element is ordered by the user. | |
Introduced | 20.5.R1 | |
Platforms | All |
[address] (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
Synopsis | Address of the destination within the destination group | |
Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
Tree | destination | |
String Length | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
port number
Synopsis | TCP port number for the destination | |
Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
Tree | destination | |
Range | 0 | 1 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
router-instance string
Synopsis | Router name or VPRN service name | |
Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number router-instance string | |
Tree | router-instance | |
Introduced | 20.5.R1 | |
Platforms | All |
tcp-keepalive
Synopsis | Enter the tcp-keepalive context | |
Context | configure system telemetry destination-group string tcp-keepalive | |
Tree | tcp-keepalive | |
Introduced | 20.5.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the TCP keep-alive algorithm | |
Context | configure system telemetry destination-group string tcp-keepalive admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.5.R1 | |
Platforms | All |
idle-time number
Synopsis | Time until the first TCP keepalive probe is sent | |
Context | configure system telemetry destination-group string tcp-keepalive idle-time number | |
Tree | idle-time | |
Range | 1 to 100000 | |
Units | seconds | |
Default | 600 | |
Introduced | 20.5.R1 | |
Platforms | All |
interval number
Synopsis | Time between TCP keepalive probes | |
Context | configure system telemetry destination-group string tcp-keepalive interval number | |
Tree | interval | |
Range | 1 to 100000 | |
Units | seconds | |
Default | 15 | |
Introduced | 20.5.R1 | |
Platforms | All |
retries number
Synopsis | Number of probe retries before closing the connection | |
Context | configure system telemetry destination-group string tcp-keepalive retries number | |
Tree | retries | |
Description | This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group. | |
Range | 3 to 100 | |
Default | 4 | |
Introduced | 20.5.R1 | |
Platforms |
All |
tls-client-profile reference
Synopsis | TLS client profile assigned to the destination group | |
Context | configure system telemetry destination-group string tls-client-profile reference | |
Tree | tls-client-profile | |
Reference | configure system security tls client-tls-profile string | |
Notes | The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. | |
Introduced | 20.5.R1 | |
Platforms | All |
notification-bundling
Synopsis | Enter the notification-bundling context | |
Context | configure system telemetry notification-bundling | |
Tree | notification-bundling | |
Description | Commands in this context configure the bundling of multiple notifications into one telemetry message. | |
Introduced | 21.10.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of notification bundling | |
Context | configure system telemetry notification-bundling admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 21.10.R1 | |
Platforms | All |
max-msg-count number
Synopsis | Maximum notifications count in telemetry message bundle | |
Context | configure system telemetry notification-bundling max-msg-count number | |
Tree | max-msg-count | |
Range | 2 to 1000 | |
Default | 100 | |
Introduced | 21.10.R1 | |
Platforms |
All |
max-time-granularity number
Synopsis | Maximum interval when bundling of notifications occurs | |
Context | configure system telemetry notification-bundling max-time-granularity number | |
Tree | max-time-granularity | |
Description | This command sets the maximum time interval during which telemetry notifications are bundled. All bundled notifications have the same timestamp, which is the timestamp of the bundle. | |
Range | 1 to 1000 | |
Units | milliseconds | |
Default | 100 | |
Introduced | 21.10.R1 | |
Platforms | All |
persistent-subscriptions
Synopsis | Enter the persistent-subscriptions context | |
Context | configure system telemetry persistent-subscriptions | |
Tree | persistent-subscriptions | |
Introduced | 20.5.R1 | |
Platforms | All |
delay-on-boot number
Synopsis | Delay for persistent subscriptions after system boot | |
Context | configure system telemetry persistent-subscriptions delay-on-boot number | |
Tree | delay-on-boot | |
Description | This command configures the delay timer for gRPC telemetry persistent subscriptions. When the timer expires, gRPC telemetry persistent subscriptions become operational and connections are initiated. This delay prevents the system from trying to establish gRPC persistent subscriptions while it is still converging. When no delay is configured, gRPC telemetry persistent subscriptions are initiated after the system boots and gRPC becomes operational. | |
Range | 1 to 3600 | |
Units | seconds | |
Introduced | 23.10.R1 | |
Platforms |
All |
subscription [name] string
Synopsis | Enter the subscription list instance | |
Context | configure system telemetry persistent-subscriptions subscription string | |
Tree | subscription | |
Max. Instances | 225 | |
Introduced | 20.5.R1 | |
Platforms | All |
[name] string
Synopsis | Persistent subscription name | |
Context | configure system telemetry persistent-subscriptions subscription string | |
Tree | subscription | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the persistent subscription | |
Context | configure system telemetry persistent-subscriptions subscription string admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 20.5.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system telemetry persistent-subscriptions subscription string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.5.R1 | |
Platforms | All |
destination-group reference
Synopsis | Name of the destination group used in the subscription | |
Context | configure system telemetry persistent-subscriptions subscription string destination-group reference | |
Tree | destination-group | |
Reference | configure system telemetry destination-group string | |
Introduced | 20.5.R1 | |
Platforms | All |
encoding keyword
Synopsis | Encoding used for telemetry notifications | |
Context | configure system telemetry persistent-subscriptions subscription string encoding keyword | |
Tree | encoding | |
Description | This command specifies the encoding used for telemetry notifications as defined by the gNMI OpenConfig standard. | |
Options | json – JSON encoded text bytes – Encoded according to gnmi.schemas proto – Encoded with scalar TypedValue values json-ietf – JSON encoded text as per RFC 7951 | |
Default | json | |
Introduced | 20.5.R1 | |
Platforms | All |
local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Local IP address of packets sent from the source | |
Context | configure system telemetry persistent-subscriptions subscription string local-source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | local-source-address | |
Introduced | 20.5.R1 | |
Platforms | All |
mode keyword
Synopsis | Mode for telemetry notifications | |
Context | configure system telemetry persistent-subscriptions subscription string mode keyword | |
Tree | mode | |
Description | This command specifies the subscription path mode for telemetry notifications sent out for the persistent subscription. | |
Options | ||
Introduced | 20.5.R1 | |
Platforms | All |
originated-qos-marking keyword
Synopsis | QoS marking used for telemetry notification packets | |
Context | configure system telemetry persistent-subscriptions subscription string originated-qos-marking keyword | |
Tree | originated-qos-marking | |
Options | ||
Introduced | 20.5.R1 | |
Platforms |
All |
sample-interval number
Synopsis | Sampling interval for the persistent subscription | |
Context | configure system telemetry persistent-subscriptions subscription string sample-interval number | |
Tree | sample-interval | |
Description | This command configures the sampling interval for the persistent subscription. The interval applies only in sampling or target-defined modes. | |
Range | 1000 to 18446744073709551615 | |
Units | milliseconds | |
Default | 10000 | |
Introduced | 20.5.R1 | |
Platforms |
All |
sensor-group reference
Synopsis | Sensor group used in the persistent subscription | |
Context | configure system telemetry persistent-subscriptions subscription string sensor-group reference | |
Tree | sensor-group | |
Description | This command specifies the sensor group to be used in the persistent subscription. If no valid paths exist in the sensor group, the configuration is accepted, however, no gRPC connection is established when persistent subscription is activated. | |
Reference | configure system telemetry sensor-groups sensor-group string | |
Introduced | 20.5.R1 | |
Platforms | All |
sensor-groups
Synopsis | Enter the sensor-groups context | |
Context | configure system telemetry sensor-groups | |
Tree | sensor-groups | |
Introduced | 20.5.R1 | |
Platforms | All |
sensor-group [name] string
Synopsis | Enter the sensor-group list instance | |
Context | configure system telemetry sensor-groups sensor-group string | |
Tree | sensor-group | |
Max. Instances | 225 | |
Introduced | 20.5.R1 | |
Platforms | All |
[name] string
Synopsis | Sensor group name | |
Context | configure system telemetry sensor-groups sensor-group string | |
Tree | sensor-group | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system telemetry sensor-groups sensor-group string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.5.R1 | |
Platforms | All |
path [xpath] string
Synopsis | Add a list entry for path | |
Context | configure system telemetry sensor-groups sensor-group string path string | |
Tree | path | |
Max. Instances | 4500 | |
Introduced | 20.5.R1 | |
Platforms | All |
[xpath] string
Synopsis | gNMI path to be streamed | |
Context | configure system telemetry sensor-groups sensor-group string path string | |
Tree | path | |
Description | The command specifies the path from which data is streamed to the collector. Streamed data includes all descendants of the tree indicated by the path. | |
String Length | 1 to 512 | |
Notes | This element is part of a list key. | |
Introduced | 20.5.R1 | |
Platforms | All |
thresholds
Synopsis | Enter the thresholds context | |
Context | configure system thresholds | |
Tree | thresholds | |
Introduced | 16.0.R1 | |
Platforms | All |
cflash-cap-alarm-percent [cflash-id] string
Synopsis | Enter the cflash-cap-alarm-percent list instance | |
Context | configure system thresholds cflash-cap-alarm-percent string | |
Tree | cflash-cap-alarm-percent | |
Introduced | 16.0.R1 | |
Platforms | All |
[cflash-id] string
Synopsis | cflash device name monitored for capacity | |
Context | configure system thresholds cflash-cap-alarm-percent string | |
Tree | cflash-cap-alarm-percent | |
String Length | 1 to 200 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
falling-threshold number
Synopsis | Falling threshold for the sampled statistic | |
Context | configure system thresholds cflash-cap-alarm-percent string falling-threshold number | |
Tree | falling-threshold | |
Description | This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. | |
Range | 0 to 100 | |
Units | percent | |
Introduced | 16.0.R4 | |
Platforms |
All |
interval number
Synopsis | Polling period over which data is sampled and compared | |
Context | configure system thresholds cflash-cap-alarm-percent string interval number | |
Tree | interval | |
Description | This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. | |
Range | 1 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
rising-threshold number
Synopsis | Rising threshold for the sampled statistic | |
Context | configure system thresholds cflash-cap-alarm-percent string rising-threshold number | |
Tree | rising-threshold | |
Description | This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. | |
Range | 0 to 100 | |
Units | percent | |
Notes |
This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms |
All |
rmon-event-type keyword
Synopsis | Notification type specifying action when event occurs | |
Context | configure system thresholds cflash-cap-alarm-percent string rmon-event-type keyword | |
Tree | rmon-event-type | |
Options | ||
Default | both | |
Introduced | 16.0.R1 | |
Platforms | All |
startup-alarm keyword
Synopsis | Alarm type when the alarm is first created | |
Context | configure system thresholds cflash-cap-alarm-percent string startup-alarm keyword | |
Tree | startup-alarm | |
Description | This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. | |
Options | ||
Default | either | |
Introduced | 16.0.R1 | |
Platforms | All |
cflash-cap-warn-percent [cflash-id] string
Synopsis | Enter the cflash-cap-warn-percent list instance | |
Context | configure system thresholds cflash-cap-warn-percent string | |
Tree | cflash-cap-warn-percent | |
Description | Commands in this context configure the capacity monitoring of the compact flash. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is warning. Both a rising and falling threshold can be specified. | |
Introduced | 16.0.R1 | |
Platforms | All |
[cflash-id] string
Synopsis | cflash device name monitored for capacity | |
Context | configure system thresholds cflash-cap-warn-percent string | |
Tree | cflash-cap-warn-percent | |
String Length | 1 to 200 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
falling-threshold number
Synopsis | Falling threshold for the sampled statistic | |
Context | configure system thresholds cflash-cap-warn-percent string falling-threshold number | |
Tree | falling-threshold | |
Description | This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. | |
Range | 0 to 100 | |
Units | percent | |
Introduced | 16.0.R4 | |
Platforms |
All |
interval number
Synopsis | Polling period over which data is sampled and compared | |
Context | configure system thresholds cflash-cap-warn-percent string interval number | |
Tree | interval | |
Description | This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. | |
Range | 1 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
rising-threshold number
Synopsis | Rising threshold for the sampled statistic | |
Context | configure system thresholds cflash-cap-warn-percent string rising-threshold number | |
Tree | rising-threshold | |
Description | This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. | |
Range | 0 to 100 | |
Units | percent | |
Notes |
This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms |
All |
rmon-event-type keyword
Synopsis | Notification type specifying action when event occurs | |
Context | configure system thresholds cflash-cap-warn-percent string rmon-event-type keyword | |
Tree | rmon-event-type | |
Options | ||
Default | both | |
Introduced | 16.0.R1 | |
Platforms | All |
startup-alarm keyword
Synopsis | Alarm type when the alarm is first created | |
Context | configure system thresholds cflash-cap-warn-percent string startup-alarm keyword | |
Tree | startup-alarm | |
Description | This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. | |
Options | ||
Default | either | |
Introduced | 16.0.R1 | |
Platforms | All |
kb-memory-use-alarm
Synopsis | Enable the kb-memory-use-alarm context | |
Context | configure system thresholds kb-memory-use-alarm | |
Tree | kb-memory-use-alarm | |
Introduced | 16.0.R4 | |
Platforms | All |
falling-threshold number
Synopsis | Falling threshold for the sampled statistic | |
Context | configure system thresholds kb-memory-use-alarm falling-threshold number | |
Tree | falling-threshold | |
Description | This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. | |
Range | -2147483648 to 2147483647 | |
Introduced | 16.0.R4 | |
Platforms | All |
interval number
Synopsis | Polling period over which data is sampled and compared | |
Context | configure system thresholds kb-memory-use-alarm interval number | |
Tree | interval | |
Description | This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. | |
Range | 1 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
rising-threshold number
Synopsis | Rising threshold for the sampled statistic | |
Context | configure system thresholds kb-memory-use-alarm rising-threshold number | |
Tree | rising-threshold | |
Description | This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. | |
Range | -2147483648 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
rmon-event-type keyword
Synopsis | Notification type specifying action when event occurs | |
Context | configure system thresholds kb-memory-use-alarm rmon-event-type keyword | |
Tree | rmon-event-type | |
Options | ||
Default | both | |
Introduced | 16.0.R4 | |
Platforms | All |
startup-alarm keyword
Synopsis | Alarm type when the alarm is first created | |
Context | configure system thresholds kb-memory-use-alarm startup-alarm keyword | |
Tree | startup-alarm | |
Description | This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. | |
Options | ||
Default | either | |
Introduced | 16.0.R4 | |
Platforms | All |
kb-memory-use-warn
Synopsis | Enable the kb-memory-use-warn context | |
Context | configure system thresholds kb-memory-use-warn | |
Tree | kb-memory-use-warn | |
Introduced | 16.0.R4 | |
Platforms | All |
falling-threshold number
Synopsis | Falling threshold for the sampled statistic | |
Context | configure system thresholds kb-memory-use-warn falling-threshold number | |
Tree | falling-threshold | |
Description | This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. | |
Range | -2147483648 to 2147483647 | |
Introduced | 16.0.R4 | |
Platforms | All |
interval number
Synopsis | Polling period over which data is sampled and compared | |
Context | configure system thresholds kb-memory-use-warn interval number | |
Tree | interval | |
Description | This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. | |
Range | 1 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
rising-threshold number
Synopsis | Rising threshold for the sampled statistic | |
Context | configure system thresholds kb-memory-use-warn rising-threshold number | |
Tree | rising-threshold | |
Description | This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. | |
Range | -2147483648 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
rmon-event-type keyword
Synopsis | Notification type specifying action when event occurs | |
Context | configure system thresholds kb-memory-use-warn rmon-event-type keyword | |
Tree | rmon-event-type | |
Options | ||
Default | both | |
Introduced | 16.0.R4 | |
Platforms | All |
startup-alarm keyword
Synopsis | Alarm type when the alarm is first created | |
Context | configure system thresholds kb-memory-use-warn startup-alarm keyword | |
Tree | startup-alarm | |
Description | This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. | |
Options | ||
Default | either | |
Introduced | 16.0.R4 | |
Platforms | All |
rmon
Synopsis | Enter the rmon context | |
Context | configure system thresholds rmon | |
Tree | rmon | |
Introduced | 16.0.R1 | |
Platforms | All |
alarm [rmon-alarm-id] number
Synopsis | Enter the alarm list instance | |
Context | configure system thresholds rmon alarm number | |
Tree | alarm | |
Max. Instances | 1200 | |
Introduced | 16.0.R1 | |
Platforms | All |
[rmon-alarm-id] number
Synopsis | Index ID for an entry in the alarm table | |
Context | configure system thresholds rmon alarm number | |
Tree | alarm | |
Range | 0 to 65400 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
falling-event number
Synopsis | RMON event ID for falling threshold crossing event | |
Context | configure system thresholds rmon alarm number falling-event number | |
Tree | falling-event | |
Range | 0 to 65400 | |
Introduced | 16.0.R1 | |
Platforms | All |
falling-threshold number
Synopsis | Falling threshold for the sampled statistic | |
Context | configure system thresholds rmon alarm number falling-threshold number | |
Tree | falling-threshold | |
Description | This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold and the value at the last sampling interval was greater than this threshold, a single threshold crossing event is generated. A single threshold crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is set to falling or either. After a falling threshold crossing event is generated, another such event is not generated until the sampled value exceeds this threshold and reaches or exceeds the rising-threshold command setting. | |
Range | -2147483648 to 2147483647 | |
Introduced | 16.0.R1 | |
Platforms | All |
interval number
Synopsis | Polling period over which data is sampled and compared | |
Context | configure system thresholds rmon alarm number interval number | |
Tree | interval | |
Description | This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds | |
Range | 1 to 2147483647 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
owner string
rising-event number
Synopsis | RMON event ID for rising threshold crossing event | |
Context | configure system thresholds rmon alarm number rising-event number | |
Tree | rising-event | |
Range | 0 to 65400 | |
Introduced | 16.0.R1 | |
Platforms | All |
rising-threshold number
Synopsis | Rising threshold for the sampled statistic | |
Context | configure system thresholds rmon alarm number rising-threshold number | |
Tree | rising-threshold | |
Description | This command specifies the rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval was below this threshold, a single threshold crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is set to rising or either. After a rising threshold crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches or falls below the falling-threshold command setting. | |
Range | -2147483648 to 2147483647 | |
Introduced | 16.0.R1 | |
Platforms | All |
sample-type keyword
Synopsis | Sampling type for value comparison with thresholds | |
Context | configure system thresholds rmon alarm number sample-type keyword | |
Tree | sample-type | |
Options | ||
Default | absolute | |
Introduced | 16.0.R1 | |
Platforms | All |
startup-alarm keyword
Synopsis | Alarm to send when this entry is first set to valid | |
Context | configure system thresholds rmon alarm number startup-alarm keyword | |
Tree | startup-alarm | |
Options | ||
Default | either | |
Introduced | 16.0.R1 | |
Platforms | All |
variable-oid string
Synopsis | Object identifier to sample the specific variable | |
Context | configure system thresholds rmon alarm number variable-oid string | |
Tree | variable-oid | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
event [rmon-event-id] number
Synopsis | Enter the event list instance | |
Context | configure system thresholds rmon event number | |
Tree | event | |
Max. Instances | 1200 | |
Introduced | 16.0.R1 | |
Platforms | All |
[rmon-event-id] number
Synopsis | Index ID for an entry in the event table | |
Context | configure system thresholds rmon event number | |
Tree | event | |
Range | 1 to 65400 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure system thresholds rmon event number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
event-type keyword
Synopsis | Notification action to be taken when the event occurs | |
Context | configure system thresholds rmon event number event-type keyword | |
Tree | event-type | |
Options | ||
Default | both | |
Introduced | 16.0.R1 | |
Platforms | All |
owner string
time
dst-zone [summer-time-zone] string
[summer-time-zone] string
end
day keyword
hours-minutes string
Synopsis | Time to end Daylight Savings Time in hh:mm format | |
Context | configure system time dst-zone string end hours-minutes string | |
Tree | hours-minutes | |
String Length | 5 | |
Default | 00:00 | |
Introduced | 16.0.R1 | |
Platforms |
All |
month keyword
week keyword
offset number
start
day keyword
hours-minutes string
Synopsis | Time to start Daylight Savings Time in hh:mm format | |
Context | configure system time dst-zone string start hours-minutes string | |
Tree | hours-minutes | |
String Length | 5 | |
Default | 00:00 | |
Introduced | 16.0.R1 | |
Platforms |
All |
month keyword
week keyword
ntp
admin-state keyword
Synopsis | Administrative state of NTP execution | |
Context | configure system time ntp admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
authentication-check boolean
Synopsis | Authenticate NTP PDUs and reject mismatches | |
Context | configure system time ntp authentication-check boolean | |
Tree | authentication-check | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
authentication-key [key-id] number
Synopsis | Enter the authentication-key list instance | |
Context | configure system time ntp authentication-key number | |
Tree | authentication-key | |
Introduced | 16.0.R1 | |
Platforms | All |
[key-id] number
Synopsis | Authentication key ID used for NTP packets | |
Context | configure system time ntp authentication-key number | |
Tree | authentication-key | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
key string
type keyword
authentication-keychain reference
Synopsis | Authentication keychain for unsolicited traffic | |
Context | configure system time ntp authentication-keychain reference | |
Tree | authentication-keychain | |
Description | This command configures the authentication keychain used to handle unsolicited NTP requests. If a request is received with a key ID that matches both a configured key and the keychain, the MAC is checked first using the key information. If the authentication fails, the MAC is checked using the information from the keychain. | |
Reference | ||
Introduced | 23.10.R1 | |
Platforms | All |
broadcast [router-instance] reference interface-name string
[router-instance] reference
interface-name string
authentication-keychain reference
Synopsis | Keychain used to authenticate broadcast messages | |
Context | configure system time ntp broadcast reference interface-name string authentication-keychain reference | |
Tree | authentication-keychain | |
Description | This command configures the keychain used to authenticate messages sent by this node. The keychain infrastructure is queried using this keychain name to get the youngest key used for generating the authentication value for the message. When an NTP packet is received by this node, the keychain infrastructure is queried using the keychain name and the key ID extracted from the received message to get the key used to perform the authentication check. If authentication does not pass, the packet is rejected. Keychain entries also have a direction. The key ID and authentication keychain are mutually exclusive. When neither one is set, for example, the key ID has a value of '0' and the value of this command is empty, no authentication is performed. | |
Reference | ||
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 23.10.R1 | |
Platforms | All |
key-id reference
Synopsis | Authentication key and type used by the node | |
Context | configure system time ntp broadcast reference interface-name string key-id reference | |
Tree | key-id | |
Reference | configure system time ntp authentication-key number | |
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 16.0.R1 | |
Platforms | All |
ttl number
version number
broadcast-client [router-instance] string interface-name string
Synopsis | Enter the broadcast-client list instance | |
Context | configure system time ntp broadcast-client string interface-name string | |
Tree | broadcast-client | |
Introduced | 16.0.R1 | |
Platforms | All |
[router-instance] string
Synopsis | Router name or VPRN service name | |
Context | configure system time ntp broadcast-client string interface-name string | |
Tree | broadcast-client | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
interface-name string
Synopsis | Interface to transmit or receive NTP broadcast packets | |
Context | configure system time ntp broadcast-client string interface-name string | |
Tree | broadcast-client | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
authenticate boolean
Synopsis | Enforce authentication of NTP PDUs | |
Context | configure system time ntp broadcast-client string interface-name string authenticate boolean | |
Tree | authenticate | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
multicast
authentication-keychain reference
Synopsis | Keychain used to authenticate broadcast messages | |
Context | configure system time ntp multicast authentication-keychain reference | |
Tree | authentication-keychain | |
Description | This command configures the keychain used to authenticate messages sent by this node. The keychain infrastructure is queried using this keychain name to get the youngest key used for generating the authentication value for the message. When an NTP packet is received by this node, the keychain infrastructure is queried using the keychain name and the key ID extracted from the received message to get the key used to perform the authentication check. If authentication does not pass, the packet is rejected. Keychain entries also have a direction. The key ID and authentication keychain are mutually exclusive. When neither one is set, for example, the key ID has a value of '0' and the value of this command is empty, no authentication is performed. | |
Reference | ||
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 23.10.R1 | |
Platforms | All |
key-id reference
Synopsis | Authentication key and type used by the node | |
Context | configure system time ntp multicast key-id reference | |
Tree | key-id | |
Reference | configure system time ntp authentication-key number | |
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 16.0.R1 | |
Platforms | All |
version number
Synopsis | NTP version number generated by the node | |
Context | configure system time ntp multicast version number | |
Tree | version | |
Description | This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted. | |
Range | 2 to 4 | |
Default | 4 | |
Introduced | 16.0.R1 | |
Platforms |
All |
multicast-client
Synopsis | Enable the multicast-client context | |
Context | configure system time ntp multicast-client | |
Tree | multicast-client | |
Introduced | 16.0.R1 | |
Platforms | All |
authenticate boolean
Synopsis | Enforce authentication of NTP PDUs | |
Context | configure system time ntp multicast-client authenticate boolean | |
Tree | authenticate | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
ntp-server
Synopsis | Enable the ntp-server context | |
Context | configure system time ntp ntp-server | |
Tree | ntp-server | |
Introduced | 16.0.R1 | |
Platforms | All |
authenticate boolean
Synopsis | Authentication of NTP PDUs when acting as a server | |
Context | configure system time ntp ntp-server authenticate boolean | |
Tree | authenticate | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
peer [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
router-instance string
authentication-keychain reference
Synopsis | Keychain used to authenticate broadcast messages | |
Context | configure system time ntp peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string authentication-keychain reference | |
Tree | authentication-keychain | |
Description | This command configures the keychain used to authenticate messages sent by this node. The keychain infrastructure is queried using this keychain name to get the youngest key used for generating the authentication value for the message. When an NTP packet is received by this node, the keychain infrastructure is queried using the keychain name and the key ID extracted from the received message to get the key used to perform the authentication check. If authentication does not pass, the packet is rejected. Keychain entries also have a direction. The key ID and authentication keychain are mutually exclusive. When neither one is set, for example, the key ID has a value of '0' and the value of this command is empty, no authentication is performed. | |
Reference | ||
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 23.10.R1 | |
Platforms | All |
key-id reference
Synopsis | Authentication key and type used by the node | |
Context | configure system time ntp peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string key-id reference | |
Tree | key-id | |
Reference | configure system time ntp authentication-key number | |
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 16.0.R1 | |
Platforms | All |
prefer boolean
version number
Synopsis | NTP version number generated by the node | |
Context | configure system time ntp peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string version number | |
Tree | version | |
Description | This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted. | |
Range | 2 to 4 | |
Default | 4 | |
Introduced | 16.0.R1 | |
Platforms |
All |
server [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone | keyword)
router-instance string
authentication-keychain reference
Synopsis | Keychain used to authenticate broadcast messages | |
Context | configure system time ntp server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string authentication-keychain reference | |
Tree | authentication-keychain | |
Description | This command configures the keychain used to authenticate messages sent by this node. The keychain infrastructure is queried using this keychain name to get the youngest key used for generating the authentication value for the message. When an NTP packet is received by this node, the keychain infrastructure is queried using the keychain name and the key ID extracted from the received message to get the key used to perform the authentication check. If authentication does not pass, the packet is rejected. Keychain entries also have a direction. The key ID and authentication keychain are mutually exclusive. When neither one is set, for example, the key ID has a value of '0' and the value of this command is empty, no authentication is performed. | |
Reference | ||
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 23.10.R1 | |
Platforms | All |
key-id reference
Synopsis | Authentication key and type used by the node | |
Context | configure system time ntp server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string key-id reference | |
Tree | key-id | |
Reference | configure system time ntp authentication-key number | |
Notes | The following elements are part of a choice: authentication-keychain or key-id. | |
Introduced | 16.0.R1 | |
Platforms | All |
prefer boolean
version number
Synopsis | NTP version number generated by the node | |
Context | configure system time ntp server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string version number | |
Tree | version | |
Description | This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted. | |
Range | 2 to 4 | |
Default | 4 | |
Introduced | 16.0.R1 | |
Platforms |
All |
prefer-local-time boolean
Synopsis | Use local time over UTC time in the system | |
Context | configure system time prefer-local-time boolean | |
Tree | prefer-local-time | |
Description | When configured to true, the system uses local time. This preference is applied to objects such as log file names, created and completed times reported in log files, NETCONF and gRPC date-and-time leafs, and rollback times displayed in show command outputs. When configured to false, the system uses UTC time. Note: The timezone used for show command outputs during a CLI session can be controlled using the environment time-display command. Note: The format used for the date-time strings may change, depending on the command setting. For example, when this command is set to true, all date-time strings include a suffix of three to five characters that indicates the timezone used. Note: The time format for timestamps on log events is controlled on a per-log basis, using the configure log log-id time-format command. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
sntp
admin-state keyword
Synopsis | Administrative state of SNTP | |
Context | configure system time sntp admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 16.0.R1 | |
Platforms | All |
server [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
interval number
prefer boolean
version number
sntp-state keyword
Synopsis | Mode for Simple Network Time Protocol (SNTP) | |
Context | configure system time sntp sntp-state keyword | |
Tree | sntp-state | |
Options | ||
Default | unicast | |
Introduced | 16.0.R1 | |
Platforms | All |
zone
non-standard
Synopsis | Enter the non-standard context | |
Context | configure system time zone non-standard | |
Tree | non-standard | |
Notes | The following elements are part of a choice: non-standard or standard. | |
Introduced | 16.0.R1 | |
Platforms | All |
name string
offset string
standard
name keyword
transmission-profile [name] string
Synopsis | Enter the transmission-profile list instance | |
Context | configure system transmission-profile string | |
Tree | transmission-profile | |
Introduced | 16.0.R4 | |
Platforms | All |
[name] string
Synopsis | File transmission profile name | |
Context | configure system transmission-profile string | |
Tree | transmission-profile | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
http-version keyword
Synopsis | HTTP version | |
Context | configure system transmission-profile string http-version keyword | |
Tree | http-version | |
Options | ||
Default | 1.1 | |
Introduced | 23.3.R1 | |
Platforms | All |
ipv4-source-address string
Synopsis | IPv4 source address used for the transport protocol | |
Context | configure system transmission-profile string ipv4-source-address string | |
Tree | ipv4-source-address | |
Introduced | 16.0.R4 | |
Platforms | All |
ipv6-source-address string
Synopsis | IPv6 source address used for the transport protocol | |
Context | configure system transmission-profile string ipv6-source-address string | |
Tree | ipv6-source-address | |
Introduced | 16.0.R4 | |
Platforms | All |
redirection number
Synopsis | Maximum level of redirection | |
Context | configure system transmission-profile string redirection number | |
Tree | redirection | |
Range | 1 to 8 | |
Introduced | 16.0.R4 | |
Platforms | All |
retry number
Synopsis | Number of attempts to reconnecting to the server | |
Context | configure system transmission-profile string retry number | |
Tree | retry | |
Range | 1 to 256 | |
Introduced | 16.0.R4 | |
Platforms | All |
router-instance string
Synopsis | Router instance used by the transport protocol | |
Context | configure system transmission-profile string router-instance string | |
Tree | router-instance | |
String Length | 1 to 64 | |
Default | Base | |
Introduced | 16.0.R4 | |
Platforms |
All |
timeout number
Synopsis | Timeout for a response from the server | |
Context | configure system transmission-profile string timeout number | |
Tree | timeout | |
Range | 1 to 3600 | |
Units | seconds | |
Default | 60 | |
Introduced | 16.0.R4 | |
Platforms | All |
usb [usb-cflash] keyword
Synopsis | Enter the usb list instance | |
Context | configure system usb keyword | |
Tree | usb | |
Description | Commands in this context configure the operational state of the USB port. | |
Introduced | 22.10.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se |
[usb-cflash] keyword
admin-state keyword
Synopsis | Administrative state of the USB port | |
Context | configure system usb keyword admin-state keyword | |
Tree | admin-state | |
Options | ||
Default | disable | |
Introduced | 22.10.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se |