e Commands

e-counters

e-counters

Syntax

e-counters [all]

no e-counters

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue e-counters)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue e-counters)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue e-counters

configure subscriber-mgmt radius-accounting-policy custom-record queue e-counters

Description

Commands in this context configure egress counter parameters for this custom record.

The no form of this command reverts to the default.

Parameters

all

Includes all counters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

e-counters

Syntax

e-counters [all]

no e-counters

Context

[Tree] (config>log>acct-policy>cr>policer e-counters)

[Tree] (config>log>acct-policy>cr>queue e-counters)

[Tree] (config>log>acct-policy>cr>ref-queue e-counters)

[Tree] (config>log>acct-policy>cr>ref-policer e-counters)

Full Context

configure log accounting-policy custom-record policer e-counters

configure log accounting-policy custom-record queue e-counters

configure log accounting-policy custom-record ref-queue e-counters

configure log accounting-policy custom-record ref-policer e-counters

Description

This command configures egress counter parameters for this custom record.

The no form of this command reverts all egress counters to their default value.

Default

e-counters

Parameters

all

Specifies that all egress counters should be included.

Platforms

All

e1

e1

Syntax

e1 [e1-id]

Context

[Tree] (config>port>tdm e1)

Full Context

configure port tdm e1

Description

Commands in this context configure E-1 parameters. E-1 is a basic time division multiplexing scheme used to carry digital circuits. It is also a standard WAN digital communication format designed to operate over copper facilities at a rate of 2.048 Mb/s.

North America uses the T-Carrier system while Europe uses the E-Carrier system of transmission, using multiples of the DS system. Digital signals are carried inside the carrier systems.

The no form of this command disables E-1 capabilities.

Parameters

e1-id

Specifies the E-1 channel being created.

Values

E1: 1 to 21, e1-sonet-sdh-index

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

e3

e3

Syntax

[no] e3 [sonet-sdh-index]

Context

[Tree] (config>port>tdm e3)

Full Context

configure port tdm e3

Description

Commands in this context configure E-3 parameters. E-3 lines provide a speed of 44.736 Mb/s and is also frequently used by service providers. E-3 lines carry 16 E-1 signals with a data rate of 34.368 Mb/s.

An E-3 connection typically supports data rates of about 43 Mb/s. An E-3 line actually consists of 672 individual channels, each supporting 64 kb/s. E-3 lines are used mainly by Service Providers to connect to the Internet backbone and for the backbone itself.

Depending on the MDA type, the E-3 parameters must be disabled if clear channel is enabled by default (for example, on the m12-ds3e3 MDA). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. Note that if E-3 nodes are provisioned on the channelized SONET/SDH MDA you must provision the parent STS-1 SONET/STM0 SDH path first.

North America uses the T-Carrier system while Europe uses the E-Carrier system of transmission, using multiples of the DS system. Digital signals are carried inside the carrier systems.

The no form of this command disables E-3 capabilities.

Parameters

sonet-sdh-index

Specifies the components making up the specified SONET/SDH Path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path. The sonet-sdh-index differs for SONET and SDH ports.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

ea-length

ea-length

Syntax

ea-length ea-bits-length

no ea-length

Context

[Tree] (config>service>nat>map-domain>mapping-rule ea-length)

Full Context

configure service nat map-domain mapping-rule ea-length

Description

This command configures the length of EA bits in the MAP rule. The no ea-length statement sets the ea-length to 0.

Default

no ea-length

Parameters

ea-bits-length

Specifies the length of the EA bits.

Values

1 to 48

Platforms

VSR

eapol-destination-address

eapol-destination-address

Syntax

eapol-destination-address mac

no eapol-destination-address

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port eapol-destination-address)

Full Context

configure port ethernet dot1x macsec sub-port eapol-destination-address

Description

The EAPoL destination MAC address uses a destination multicast MAC address of 01:80:C2:00:00:03. Some networks cannot tunnel this packet over the network and consume these packets, causing the MKA session to fail. This command can change the destination MAC of the EAPoL to the unicast address of the MACsec peer, and as such, the EAPoL and MKA signaling will be unicasted between two peers.

The no form of this command returns the value to the default.

Default

no eapol-destination-address

Parameters

mac

Specifies the desired destination MAC address to be used by the EAPOL MKA packets of this sub-port.

Values

aa:bb:cc:dd:ee:ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers.

Platforms

All

ebgp-default-reject-policy

ebgp-default-reject-policy

Syntax

ebgp-default-reject-policy [import] [export]

no ebgp-default-reject-policy

Context

[Tree] (config>service>vprn>bgp>group ebgp-default-reject-policy)

[Tree] (config>service>vprn>bgp>group>neighbor ebgp-default-reject-policy)

[Tree] (config>service>vprn>bgp ebgp-default-reject-policy)

Full Context

configure service vprn bgp group ebgp-default-reject-policy

configure service vprn bgp group neighbor ebgp-default-reject-policy

configure service vprn bgp ebgp-default-reject-policy

Description

This command configures the default import and export policy behavior for EBGP neighbors.

The no form of this command removes the default import and export policy behavior.

Default

no ebgp-default-reject-policy

Parameters

import

Specifies the default reject import policy for EBGP neighbors.

export

Specifies the default reject export policy for EBGP neighbors.

Platforms

All

ebgp-default-reject-policy

Syntax

ebgp-default-reject-policy [import] [export]

no ebgp-default-reject-policy

Context

[Tree] (config>router>bgp>group ebgp-default-reject-policy)

[Tree] (config>router>bgp ebgp-default-reject-policy)

[Tree] (config>router>bgp>group>neighbor ebgp-default-reject-policy)

Full Context

configure router bgp group ebgp-default-reject-policy

configure router bgp ebgp-default-reject-policy

configure router bgp group neighbor ebgp-default-reject-policy

Description

This command configures the default import and export policy behavior for EBGP neighbors.

The no form of this command removes the default import and export policy behavior.

Default

no ebgp-default-reject-policy

Parameters

import

Specifies the default reject import policy for EBGP neighbors.

export

Specifies the default reject export policy for EBGP neighbors.

Platforms

All

ebgp-ibgp-equal

ebgp-ibgp-equal

Syntax

ebgp-ibgp-equal [ipv4] [ipv6] [label-ipv4] [label-ipv6]

no ebgp-ibgp-equal

Context

[Tree] (config>service>vprn>bgp>best-path-selection ebgp-ibgp-equal)

Full Context

configure service vprn bgp best-path-selection ebgp-ibgp-equal

Description

This command instructs the BGP decision process to ignore the difference between EBGP and IBGP routes in selecting the best path and eligible multipaths (if multipath and ECMP are enabled). The result is a form of EIBGP load-balancing in a multipath scenario.

The operator can apply the behavior selectively to only certain types of routes by specifying one or more address family names in the command.

The no form of this command configures the router in the BGP decision process to prefer an EBGP learned route over an IBGP learned route.

Default

no ebgp-ibgp-equal

Parameters

ipv4

Specifies that the command should be applied to unlabeled unicast IPv4 routes.

ipv6

Specifies that the command should be applied to unlabeled unicast IPv6 routes.

label-ipv4

Specifies that the command should be applied to labeled IPv4 routes.

label-ipv6

Specifies that the command should be applied to labeled IPv6 routes.

Platforms

All

ebgp-ibgp-equal

Syntax

ebgp-ibgp-equal [ipv4] [ipv6] [label-ipv4] [label-ipv6] [vpn-ipv4] [vpn-ipv6]

[evpn]

no ebgp-ibgp-equal

Context

[Tree] (config>router>bgp>best-path-selection ebgp-ibgp-equal)

Full Context

configure router bgp best-path-selection ebgp-ibgp-equal

Description

This command instructs the BGP decision process to ignore the difference between EBGP and IBGP routes in selecting the best path and eligible multipaths (if multipath and ECMP are enabled). The result is a form of EIBGP load balancing in a multipath scenario.

The behavior can be applied selectively to only certain types of routes by specifying one or more address family names in the command. If no families are specified, this command applies to IPv4, IPv6, label-IPv4, label-IPv6, VPN-IPv4, VPN-IPv6, and EVPN routes.

The no form of this command configures the router in the BGP decision process to prefer an EBGP learned route over an IBGP learned route.

Default

no ebgp-ibgp-equal

Parameters

ipv4

Specifies that the command should be applied to unlabeled unicast IPv4 routes.

ipv6

Specifies that the command should be applied to unlabeled unicast IPv6 routes.

label-ipv4

Specifies that the command should be applied to labeled unicast IPv4 routes.

label-ipv6

Specifies that the command should be applied to labeled unicast IPv6 routes.

vpn-ipv4

Specifies that the command should be applied to IPv4 VPN routes.

vpn-ipv6

Specifies that the command should be applied to IPv6 VPN routes.

evpn

Specifies that the command should be applied to EVPN routes.

Platforms

All

ecdsa

ecdsa

Syntax

ecdsa

Context

[Tree] (config>system>security>user>public-keys ecdsa)

Full Context

configure system security user public-keys ecdsa

Description

This command allows the user to enter the context to configure ECDSA public keys.

Platforms

All

ecdsa-key

ecdsa-key

Syntax

ecdsa-key key-id [create]

no ecdsa-key key-id

Context

[Tree] (config>system>security>user>public-keys>ecdsa ecdsa-key)

Full Context

configure system security user public-keys ecdsa ecdsa-key

Description

This command creates an ECDSA public key and associates it with the username. Multiple public keys can be associated with the user. The key ID is used to identify these keys for the user.

Parameters

create

Keyword used to create an ECDSA key. The create keyword requirement can be enabled/disabled in the environment>create context.

key-id

Specifies the key identifier.

Values

1 to 32

Platforms

All

echo

echo

Syntax

echo [text-to-echo] [extra-text-to-echo] [more-text]

Context

[Tree] (echo)

Full Context

echo

Description

This command echoes arguments on the command line. The primary use of this command is to allow messages to be displayed to the screen in files executed with the exec command.

Parameters

text-to-echo

Specifies a text string to be echoed, up to 256 characters.

extra-text-to-echo

Specifies more text to be echoed, up to 256 characters.

more-text

Specifies more text to be echoed, up to 256 characters.

Platforms

All

echo-interval

echo-interval

Syntax

echo-interval seconds

no echo-interval

Context

[Tree] (config>open-flow>of-switch echo-interval)

Full Context

configure open-flow of-switch echo-interval

Description

This command configures the Echo Request interval for monitoring the OpenFlow control channels to the controllers for this OpenFlow switch instance.

The no form of this command restores default value.

Default

echo-interval 10

Parameters

seconds

Specifies an interval, in seconds.

Values

1 to 3600

Platforms

All

echo-multiple

echo-multiple

Syntax

echo-multiple value

no echo-multiple

Context

[Tree] (config>open-flow>of-switch echo-multiple)

Full Context

configure open-flow of-switch echo-multiple

Description

This command configures the number of consecutive Echo Reply messages that must be lost to declare OF control channel down.

The no form of this command restores default value.

Default

echo-multiple 3

Parameters

value

Specifies the threshold value for the number of consecutive Echo Rely messages lost.

Values

3 to 100

Platforms

All

echo-receive

echo-receive

Syntax

echo-receive echo-interval

no echo-receive

Context

[Tree] (config>router>bfd>bfd-template echo-receive)

Full Context

configure router bfd bfd-template echo-receive

Description

This command sets the minimum echo receive interval, in milliseconds, for a session. This is not used by a BFD session for MPLS-TP.

The no form of this command reverts to the default value.

Default

echo-receive 100

Parameters

echo-interval

Specifies the echo receive interval.

Values

100 ms to 100,000 ms in 1 ms increments

Default

100

Platforms

All

ecmp

ecmp

Syntax

ecmp max-ecmp-routes

Context

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel ecmp)

[Tree] (config>service>epipe>bgp-evpn>srv6 ecmp)

[Tree] (config>service>vpls>bgp-evpn>srv6 ecmp)

[Tree] (config>service>vpls>bgp-evpn>vxlan ecmp)

[Tree] (config>service>epipe>bgp-evpn>mpls ecmp)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel ecmp)

[Tree] (config>service>epipe>bgp-evpn>vxlan ecmp)

[Tree] (config>service>vpls>bgp-evpn>mpls ecmp)

Full Context

configure service vpls bgp-evpn mpls auto-bind-tunnel ecmp

configure service epipe bgp-evpn segment-routing-v6 ecmp

configure service vpls bgp-evpn segment-routing-v6 ecmp

configure service vpls bgp-evpn vxlan ecmp

configure service epipe bgp-evpn mpls ecmp

configure service epipe bgp-evpn mpls auto-bind-tunnel ecmp

configure service epipe bgp-evpn vxlan ecmp

configure service vpls bgp-evpn mpls ecmp

Description

When configured in a VPLS service, this command controls the number of paths that are allowed to reach a specified MAC address when that MAC in the FDB is associated to a remote all-active multi-homed ES.

The configuration of two or more ECMP paths to a specified MAC enables the aliasing function described in RFC 7432.

When used in an Epipe service, this command controls the number of paths that are allowed to reach a specified remote Ethernet tag that is associated to an ES destination.

Default

ecmp 1

Parameters

max-ecmp-routes

Specifies the number of paths allowed to the same multi-homed MAC address or Ethernet tag.

Values

1 to 32

Platforms

All

  • configure service vpls bgp-evpn mpls ecmp
  • configure service epipe bgp-evpn vxlan ecmp
  • configure service epipe bgp-evpn mpls auto-bind-tunnel ecmp
  • configure service vpls bgp-evpn vxlan ecmp
  • configure service vpls bgp-evpn mpls auto-bind-tunnel ecmp
  • configure service epipe bgp-evpn mpls ecmp

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service epipe bgp-evpn segment-routing-v6 ecmp
  • configure service vpls bgp-evpn segment-routing-v6 ecmp

ecmp

Syntax

ecmp max-ecmp-routes

no ecmp

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel ecmp)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel ecmp)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel ecmp

configure service vprn bgp-evpn mpls auto-bind-tunnel ecmp

Description

This command configures the maximum number of tunnels that may be used as ECMP next-hops for the VPRN. This value overrides any values that are configured using the config>service>vprn>ecmp command.

The no form of this command removes the configured overriding value, and the value configured using the config>service>vprn>ecmp command is used.

Default

ecmp 1

Parameters

max-ecmp-routes

Specifies the maximum number of tunnels that may be used as ECMP next-hops for the VPRN.

Values

1 to 32

Default

1

Platforms

All

ecmp

Syntax

ecmp max-ecmp-routes

no ecmp

Context

[Tree] (config>router ecmp)

Full Context

configure router ecmp

Description

This command enables ECMP and configures the number of routes for path sharing; for example, the value 2 means two equal cost routes are used for cost sharing.

ECMP can be used only for routes with the same preference and same protocol.

If available ECMP routes at the best preference exceed the maximum ECMP routes allowed, the system selects using the following criteria:

  1. The system selects the lowest next hop router ID.
  2. If the next hop goes to the same neighbor, the system selects the next hop with the lowest interface index.

The no form of this command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the route with the lowest next-hop IP address is used.

Default

no ecmp

Parameters

max-ecmp-routes

Specifies the maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp.

Values

1 to 64

Platforms

All

ecmp

Syntax

ecmp max-ecmp-routes

no ecmp

Context

[Tree] (config>service>vprn ecmp)

Full Context

configure service vprn ecmp

Description

This command enables equal-cost multipath (ECMP) and configures the number of routes for path sharing. For example, the value of 2 means that 2 equal cost routes are used for cost sharing.

ECMP groups form when the system routes to the same destination with equal cost values. Routing table entries can be entered manually (as static routes), or they can be formed when neighbors are discovered and routing table information is exchanged by routing protocols. The system can balance traffic across the groups with equal costs.

ECMP can only be used for routes learned with the same preference and same protocol.

If available ECMP routes at the best preference exceed the maximum ECMP routes allowed, the system selects using the following criteria:

  1. The system selects the lowest next hop router ID.
  2. If the next hop goes to the same neighbor, the system selects the next hop with the lowest interface index.

The no form of this command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the newly updated route is used.

Default

no ecmp

Parameters

max-ecmp-routes

Specifies the maximum number of routes for path sharing.

Values

1 to 64

Platforms

All

ecmp

Syntax

ecmp

Context

[Tree] (config>service>vprn>auto-bind-tunnel ecmp)

Full Context

configure service vprn auto-bind-tunnel ecmp

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

ecmp-opt-threshold

ecmp-opt-threshold

Syntax

ecmp-opt-threshold preference-level

no ecmp-opt-threshold

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle ecmp-opt-threshold)

Full Context

configure mcast-management multicast-info-policy bundle ecmp-opt-threshold

Description

This command defines the preference level threshold where multicast ECMP path management can dynamically optimize channels based on topology or bandwidth events. If the channels preference is equal to or less than the ecmp-opt-threshold, ECMP can move the channel between ECMP paths when bandwidth distribution events happen. Channels with a preference level higher than the threshold are moved during these events.

The default ECMP optimization limit threshold is 7. This means that multicast channels with a preference level of 0 to 7 (all channels) are allowed to move between ECMP paths. The ecmp-opt-threshold command can be used to change the default threshold.

Changing the threshold causes all channels ECMP optimization eligibility to be reevaluated.

The no form of this command restores the default ECMP optimization preference threshold value.

Default

ecmp-opt-threshold 7

Parameters

preference-level

The preference-level parameter is required when specifying the ecmp-opt-threshold. An integer value from 0 to 7 must be specified.

Values

0 to 7

Platforms

All

ecmp-unequal-cost

ecmp-unequal-cost

Syntax

[no] ecmp-unequal-cost

Context

[Tree] (config>service>vprn ecmp-unequal-cost)

Full Context

configure service vprn ecmp-unequal-cost

Description

This command relaxes the constraint that ECMP multipaths must have the same IGP cost to reach the BGP next-hop. When VPN routes for the same IP prefix are imported into a VPRN service, they are eligible to be used as multipaths. The resulting route is programmed as an ECMP IP route.

The BGP best path selection algorithm is the basis for choosing the set of imported VPN routes that can be combined to form an ECMP route. Normally (unless an ignore-nh-metric command is configured), the BGP decision process gives higher preference to VPN routes with a lower next-hop cost if other, more significant criteria, are tied. In these circumstances, a VPN route cannot be an eligible multipath if it does not have the same next-hop cost as the best VPN route. Configuring this command removes this restriction and allows the multipaths to have different (meaning lower) next-hop costs than the best route. This broadens the applicability of multipath and can result in better load balancing in the network.

This command applies only to the following types of routes imported by a VPRN.

  • vpn-ipv4

  • vpn-ipv6

  • mcast-vpn-ipv4

  • mcast-vpn-ipv6

The no form of this command restores the default behavior that requires next-hop costs of multipaths to be equal, unless the next-hop cost is completely removed from the BGP decision process.

Default

ecmp-unequal-cost

Platforms

All

ect-algorithm

ect-algorithm

Syntax

ect-algorithm fid-range fid-range {low-path-id| high-path-id}

Context

[Tree] (config>service>vpls>spb>level ect-algorithm)

Full Context

configure service vpls spb level ect-algorithm

Description

This command configures the ect-algorithm associated with a FID. Names are:

  • low-path-id

  • high-path-id

The algorithm for low-path-id chooses the path with the lowest metric and uses the sum of each Bridge-ID to break-ties (in this case preferring the lowest bridge identifiers).

The algorithm for high-path-id choose the path with the lowest metric and the sum of each Bridge-ID (after each one is modified by the algorithm mask) to break-ties (in this case preferring the highest bridge identifiers).

A Forwarding Identifier (FID) is an abstraction of the IEEE 802.1 SPB Base VID and represents the VLAN (B-VPLS) in IS-IS LSPs. B-VPLS services with the same FID share B-MACs and I-SIDs. (the SAP encapsulation VLAN tag may be set to the same value as the FID or to any other valid VLAN tag). One or more FIDs can be associated with an ECT-algorithm by using the FID range. User B-VPLS services may share the same FID as the control B-VPLS or use independent FIDs where each FID has an assigned ect-algorithm. B-VPLS services with i-vpls services must have an independent FID. B-VPLS services with only PBB Epipes may share FIDs with other B-VPLS services including the control B-VPLS service.

The ect-algorithm is associated with the FID and can only be changed only when there are no VPLS, SAPs or SDP bindings associated with the FID. The FID must be independent from the FID assigned to other services.

Default

ect-algorithm fid-range 1-4095 low-path-id

Parameters

name

low-path-id, high-path-id.

fid-range

Range of Forwarding Identifier values.

Values

1 to 4095

Platforms

All

edge-port

edge-port

Syntax

[no] edge-port

Context

[Tree] (config>service>template>vpls-sap-template>stp edge-port)

[Tree] (config>service>vpls>spoke-sdp>stp edge-port)

[Tree] (config>service>vpls>sap>stp edge-port)

Full Context

configure service template vpls-sap-template stp edge-port

configure service vpls spoke-sdp stp edge-port

configure service vpls sap stp edge-port

Description

This command configures the SAP or SDP as an edge or non-edge port. If auto-edge is enabled for the SAP, this value will be used only as the initial value.

Note:

The function of the edge-port command is similar to the rapid-start command. It tells RSTP that it is on the edge of the network (for example, there are no other bridges connected to that port) and, as a consequence, it can immediately transition to a forwarding state if the port becomes available.

RSTP, however, can detect that the actual situation is different from what edge-port may indicate.

Initially, the value of the SAP or spoke-SDP parameter is set to edge-port. This value will change if:

  • A BPDU is received on that port. This means that after all there is another bridge connected to this port. Then the edge-port becomes disabled.

  • If auto-edge is configured and no BPDU is received within a certain period of time, RSTP concludes that it is on an edge and enables the edge-port.

The no form of this command returns the edge port setting to the default value.

Default

no edge-port

Platforms

All

edge-port

Syntax

[no] edge-port

Context

[Tree] (config>service>pw-template>stp edge-port)

Full Context

configure service pw-template stp edge-port

Description

This command configures the SAP or SDP as an edge or non-edge port. If auto-edge is enabled for the SAP, this value will be used only as the initial value.

Note:

On the 7750 SR and the 7950 XRS, the function of the edge-port command is similar to the rapid-start command. It tells RSTP that it is on the edge of the network (for example, there are no other bridges connected to that port) and, as a consequence, it can immediately transition to a forwarding state if the port becomes available.

RSTP, however, can detect that the actual situation is different from what edge-port may indicate.

Initially, the value of the SAP or spoke SDP parameter is set to edge-port. This value will change if:

  • A BPDU is received on that port. This means that after all there is another bridge connected to this port. Then the edge-port becomes disabled.

  • If auto-edge is configured and no BPDU is received within a certain period of time, RSTP concludes that it is on an edge and enables the edge-port.

The no form of this command returns the edge port setting to the default value.

Default

no edge-port

Platforms

All

edit

edit

Syntax

edit [exclusive]

Context

[Tree] (candidate edit)

Full Context

candidate edit

Description

This command enables the edit-cfg mode where changes can be made to the candidate configuration and sets the edit-point to the end of the candidate. In edit-cfg mode the CLI prompt contains edit-cfg near the root of the prompt. Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.

Parameters

exclusive

Allows a user to exclusively create a candidate configuration by blocking other users (and other sessions of the same user) from entering edit-cfg mode. Exclusive edit-cfg mode can only be entered if the candidate configuration is empty and no user is in edit-cfg mode. Once a user is in exclusive edit-cfg mode no other users/sessions are allowed in edit-cfg mode. The user must either commit or discard the exclusive candidate before leaving exclusive edit-cfg mode. If the CLI session times out while a user is in exclusive edit-cfg mode then the contents of the candidate are discarded. The admin disconnect command can be used to force a user to disconnect (and to clear the contents of the candidate) if they have the candidate locked.

Platforms

All

edit-config

edit-config

Syntax

[no] edit-config

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization edit-config)

Full Context

configure system security profile netconf base-op-authorization edit-config

Description

This command enables the NETCONF edit-config operation.

The no form of this command disables the operation.

Default

no edit-config

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

efm

efm

Syntax

efm port-id local-loopback {start | stop}

efm port-id remote-loopback {start | stop}

Context

[Tree] (oam efm)

Full Context

oam efm

Description

This command enables Ethernet in the First Mile (EFM) OAM tests loopback tests on the specified port. The EFM OAM remote loopback OAMPDU is sent to the peering device to trigger remote loopback.

When EFM OAM is disabled or shutdown on a port, the dying gasp flag for the OAMPDU is set for the OAMPDUs sent to the peer. This speeds up the peer loss detection time.

Parameters

port-id

Specifies the port ID.

Note:

On the 7950 XRS, The XMA ID takes the place of the MDA.

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

local-loopback {start | stop}

Specifies whether to start or stop local loopback tests on the specified port.

remote-loopback {start | stop}

Specifies whether to start or stop remote Ethernet in the First Mile (EFM) OAM loopback tests on the specified port. The EFM OAM remote loopback OAMPDU is sent to the peering device to trigger remote loopback.

For EFM OAM tunneling to function properly, EFM OAM tunneling should be configured for VLL services or a VPLS service with two SAPs only.

Platforms

All

efm-oam

efm-oam

Syntax

efm-oam

Context

[Tree] (config>port>ethernet efm-oam)

Full Context

configure port ethernet efm-oam

Description

This command configures EFM-OAM attributes.

Platforms

All

egr-ip-load-balancing

egr-ip-load-balancing

Syntax

egr-ip-load-balancing {source | destination | inner-ip}

no egr-ip-load-balancing

Context

[Tree] (config>service>ies>if>load-balancing egr-ip-load-balancing)

Full Context

configure service ies interface load-balancing egr-ip-load-balancing

Description

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default

no egr-ip-load-balancing

Parameters

source

Specifies using the source address and, if l4-load balancing is enabled, the source port in the hash, ignore destination address/port.

destination

Specifies using the destination address and, if l4-load balancing is enabled, the destination port in the hash, ignore source address/port.

inner-ip

Specifies using the inner IP header parameters instead of the outer IP header parameters in the LAG/ECMP hash for IPv4 encapsulated traffic.

Platforms

All

egr-ip-load-balancing

Syntax

egr-ip-load-balancing {source | destination | inner-ip}

no egr-ip-load-balancing

Context

[Tree] (config>service>vprn>if>load-balancing egr-ip-load-balancing)

[Tree] (config>service>vprn>if>nw-if>load-balancing egr-ip-load-balancing)

Full Context

configure service vprn interface load-balancing egr-ip-load-balancing

configure service vprn interface nw-if load-balancing egr-ip-load-balancing

Description

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default

no egr-ip-load-balancing

Parameters

source

Specifies using the source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port.

destination

Specifies using the destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.

inner-ip

Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

Platforms

All

egr-ip-load-balancing

Syntax

egr-ip-load-balancing {source | destination | inner-ip}

no egr-ip-load-balancing

Context

[Tree] (config>router>if>load-balancing egr-ip-load-balancing)

Full Context

configure router interface load-balancing egr-ip-load-balancing

Description

This command specifies whether to include source address or destination address or both in LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled the command applies also to inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default

no egr-ip-load-balancing

Parameters

source

Specifies using source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port

destination

Specifies using destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.

inner-ip

Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

Platforms

All

egr-percentage-of-rate

egr-percentage-of-rate

Syntax

egr-percentage-of-rate egr-rate-percentage

no egr-percentage-of-rate

Context

[Tree] (config>port>modify-buffer-allocation-rate egr-percentage-of-rate)

Full Context

configure port modify-buffer-allocation-rate egr-percentage-of-rate

Description

The egr-percentage-of-rate command increases or decreases the active bandwidth associated with the egress port that affects the amount of egress buffer space managed by the port. Changing a ports active bandwidth using the egr-percentage-of-rate command is an effective means of artificially lowering the buffers managed by one egress port and giving them to other egress ports on the same MDA.

The egr-percentage-of-rate command accepts a percentage value that increases or decreases the active bandwidth based on the defined percentage. A value of 50% causes the active bandwidth to be reduced by 50%. A value of 150% causes the active bandwidth to be increased by 50%. Values from 1 to 1000 percent are supported.

A value of 100 (the default value) is equivalent to executing the no egr-percentage-of-rate command and restores the egress active rate to the normal value.

The no form of this command removes any artificial increase or decrease of the egress active bandwidth used for egress buffer space allocation to the port. The no egr-percentage-of-rate command sets the egress rate percentage to 100%.

Parameters

egr-rate-percentage

The egr-rate-percentage parameter is required and specifies the percentage value used to modify the current egress active bandwidth of the port. This does not actually change the bandwidth available on the port in any way. The defined egr-rate-percentage parameter is multiplied by the egress active bandwidth of the port. A value of 150 results in an increase of 50% (1.5 x Rate).

Values

1 to 1000

Default

100 (no change to active rate)

Platforms

All

egr-vtep

egr-vtep

Syntax

egr-vtep {ip-address | ipv6-address}

no egr-vtep

Context

[Tree] (config>service>epipe>vxlan egr-vtep)

[Tree] (config>service>vpls>vxlan egr-vtep)

Full Context

configure service epipe vxlan egr-vtep

configure service vpls vxlan egr-vtep

Description

This command configures the static destination VTEP IP used when originating VXLAN packets for the service.

Parameters

ip-address

Specifies the IPv4 address used as the destination VTEP when originating VXLAN packets for the service.

ipv6-address

Specifies the IPv6 address used as the destination VTEP when originating VXLAN packets for the service.

Platforms

All

  • configure service epipe vxlan egr-vtep

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vpls vxlan egr-vtep

egr-weight

egr-weight

Syntax

egr-weight access access-weight network network-weight

no egr-weight

Context

[Tree] (config>port>hybrid-buffer-allocation egr-weight)

Full Context

configure port hybrid-buffer-allocation egr-weight

Description

This command configures the sharing of the egress buffers allocated to a hybrid port among the access and network contexts. By default, it is split equally between network and access.

The no form of this command reverts to the default values for the egress access and network weights.

Parameters

access-weight

Specifies the access weight as an integer.

Values

0 to 100

Default

50

network-weight

Specifies the network weight as an integer.

Values

0 to 100

Default

50

Platforms

All

egress

egress

Syntax

egress

Context

[Tree] (config>subscr-mgmt>ancp>ancp-policy egress)

Full Context

configure subscriber-mgmt ancp ancp-policy egress

Description

Commands in this context configure egress ANCP policy parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>subscr-mgmt>msap-policy>ies-vprn egress)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only egress)

Full Context

configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters egress

configure subscriber-mgmt msap-policy vpls-only-sap-parameters egress

Description

Commands in this context configure egress policies for Managed SAPs (MSAPs).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>service>vprn>if>spoke-sdp egress)

[Tree] (config>service>vprn>red-if>spoke-sdp egress)

Full Context

configure service vprn interface spoke-sdp egress

configure service vprn redundant-interface spoke-sdp egress

Description

This command configures egress SDP parameters.

Platforms

All

  • configure service vprn interface spoke-sdp egress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn redundant-interface spoke-sdp egress

egress

Syntax

egress

Context

[Tree] (config>subscr-mgmt>sla-profile egress)

Full Context

configure subscriber-mgmt sla-profile egress

Description

Commands in this context configure egress parameters for the SLA profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap egress)

[Tree] (config>service>ies>sub-if>grp-if>sap egress)

[Tree] (config>service>vpls>sap egress)

[Tree] (config>service>ies>if>sap egress)

Full Context

configure service vprn subscriber-interface group-interface sap egress

configure service ies subscriber-interface group-interface sap egress

configure service vpls sap egress

configure service ies interface sap egress

Description

Commands in this context configure egress Quality of Service (QoS) policies and filter policies.

If no QoS policy is defined, the system default QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface sap egress
  • configure service vprn subscriber-interface group-interface sap egress

All

  • configure service vpls sap egress
  • configure service ies interface sap egress

egress

Syntax

egress

Context

[Tree] (config>service>vpls>sap egress)

Full Context

configure service vpls sap egress

Description

Commands in this context configure egress filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>vpls>spoke-sdp egress)

[Tree] (config>service>vpls>mesh-sdp egress)

[Tree] (config>service>ies>if>spoke-sdp egress)

[Tree] (config>service>ies>red-if>spoke-sdp egress)

Full Context

configure service vpls spoke-sdp egress

configure service vpls mesh-sdp egress

configure service ies interface spoke-sdp egress

configure service ies redundant-interface spoke-sdp egress

Description

Commands in this context configure egress SDP parameters.

Platforms

All

  • configure service vpls mesh-sdp egress
  • configure service ies interface spoke-sdp egress
  • configure service vpls spoke-sdp egress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies redundant-interface spoke-sdp egress

egress

Syntax

egress

Context

[Tree] (config>port>ethernet>network egress)

[Tree] (config>port>ethernet>access egress)

Full Context

configure port ethernet network egress

configure port ethernet access egress

Description

This command configures Ethernet access egress port parameters.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw egress)

Full Context

configure service ies subscriber-interface group-interface wlan-gw egress

Description

Commands in this context configure egress QoS parameters for wlan-gw tunnels.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>card>mda>access egress)

[Tree] (config>port>access egress)

[Tree] (config>port>network egress)

[Tree] (config>card>mda>network egress)

Full Context

configure card mda access egress

configure port access egress

configure port network egress

configure card mda network egress

Description

Commands in this context configure egress buffer pool parameters which define the percentage of the pool buffers that are used for CBS calculations and specify the slope policy that is configured in the config>qos>slope-policy context.

On the MDA level, network and access egress pools are only allocated on channelized MDAs.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>card>fp egress)

Full Context

configure card fp egress

Description

This command enables access to the egress fp CLI context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

egress

Syntax

egress

Context

[Tree] (config>port>ethernet egress)

Full Context

configure port ethernet egress

Description

This command configures Ethernet egress port parameters.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>sdp>binding>pw-port egress)

Full Context

configure service sdp binding pw-port egress

Description

Commands in this context configure PW port egress side parameters.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>ipipe>sap egress)

[Tree] (config>service>cpipe>sap egress)

[Tree] (config>service>epipe>sap egress)

Full Context

configure service ipipe sap egress

configure service cpipe sap egress

configure service epipe sap egress

Description

Commands in this context configure egress SAP parameters.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing.

Platforms

All

  • configure service ipipe sap egress
  • configure service epipe sap egress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress

egress

Syntax

egress

Context

[Tree] (config>service>cpipe>spoke-sdp egress)

[Tree] (config>service>ipipe>spoke-sdp egress)

[Tree] (config>service>epipe>spoke-sdp egress)

Full Context

configure service cpipe spoke-sdp egress

configure service ipipe spoke-sdp egress

configure service epipe spoke-sdp egress

Description

This command configures the egress SDP context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp egress

All

  • configure service epipe spoke-sdp egress
  • configure service ipipe spoke-sdp egress

egress

Syntax

egress

Context

[Tree] (config>service>epipe>pw-port egress)

Full Context

configure service epipe pw-port egress

Description

Commands in this context configure PW-port egress-side parameters

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>template>epipe-sap-template egress)

Full Context

configure service template epipe-sap-template egress

Description

Commands in this context configure egress filter policies.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>service>ies>aarp-interface>spoke-sdp egress)

Full Context

configure service ies aarp-interface spoke-sdp egress

Description

Commands in this context configure the egress for a spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>service>ies>if>vpls egress)

Full Context

configure service ies interface vpls egress

Description

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS or I-VPLS service context.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>vprn>aarp-interface>spoke-sdp egress)

Full Context

configure service vprn aarp-interface spoke-sdp egress

Description

Commands in this context configure the egress for a spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>service>vprn>nw-if egress)

Full Context

configure service vprn network-interface egress

Description

Commands in this context configure egress network filter policies for the interface.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>vprn>if>sap egress)

Full Context

configure service vprn interface sap egress

Description

Commands in this context configure egress SAP Quality of Service (QoS) policies and filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>vprn>if>vpls egress)

Full Context

configure service vprn interface vpls egress

Description

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS service context.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>vprn>network-interface egress)

Full Context

configure service vprn network-interface egress

Description

Commands in this context configure egress network filter policies for the interface.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>vprn>aa-interface>sap egress)

[Tree] (config>service>ies>aa-interface>sap egress)

Full Context

configure service vprn aa-interface sap egress

configure service ies aa-interface sap egress

Description

Commands in this context configure egress parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>isa>aa-grp>qos egress)

Full Context

configure isa application-assurance-group qos egress

Description

Commands in this context configure IOM port-level Quality of Service for this application assurance group in the egress direction (traffic entering an application assurance engine).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress

Syntax

egress

Context

[Tree] (config>service>ies>video-interface>video-sap egress)

[Tree] (config>service>vprn>video-interface>video-sap egress)

Full Context

configure service ies video-interface video-sap egress

configure service vprn video-interface video-sap egress

Description

Commands in this context configure egress parameters for the service’s video SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

egress

Syntax

egress

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp egress)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp egress)

Full Context

configure mirror mirror-dest spoke-sdp egress

configure mirror mirror-dest remote-source spoke-sdp egress

Description

Commands in this context configure spoke SDP egress parameters.

Platforms

All

egress

Syntax

[no] egress

Context

[Tree] (config>mirror>mirror-dest>sap egress)

Full Context

configure mirror mirror-dest sap egress

Description

This command enables access to the context to associate an egress SAP Quality of Service (QoS) policy with a mirror destination SAP.

If no QoS policy is defined, the system default SAP egress QoS policy is used for egress processing.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>qos>network egress)

Full Context

configure qos network egress

Description

This command is used to enter the CLI node that creates or edits egress policy entries that specify the forwarding class queues to be instantiated when this policy is applied to the network port.

The forwarding class and profile state mapping to in- and out-of-profile DiffServ Code Points (DSCPs), dot1p, and MPLS EXP bits mapping for all labeled packets are also defined in this context.

All service packets are aggregated into DiffServ-based egress queues on the network interface. The service packets are transported either with IP GRE encapsulation or over a MPLS LSP. The exception is with the IES service. In this case, the actual customer IP header has the DSCP field mapped.

All out-of-profile service packets are marked with the corresponding out-of-profile DSCP, dot1p, or the EXP bit value at network egress. All the in-profile service ingress packets are marked with the corresponding in-profile DSCP, dot1p, or EXP bit value based on the forwarding class to which they belong. The exceed-profile traffic is marked with the same value as out-of-profile traffic and the inplus-profile traffic is marked with the same value as in-profile traffic.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>qos>queue-group-templates egress)

Full Context

configure qos queue-group-templates egress

Description

Commands in this context configure QoS egress queue groups. Egress queue group templates can be applied to egress Ethernet ports to create an egress queue group.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>router>if egress)

Full Context

configure router interface egress

Description

This command enables access to the context to configure egress network filter policies for the IP interface. If an egress filter is not defined, no filtering is performed.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>cust>multi-service-site egress)

Full Context

configure service customer multi-service-site egress

Description

Commands in this context configure the egress node associate an existing scheduler policy name with the customer site. The egress node is an entity to associate commands that complement the association.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>service>pw-template egress)

Full Context

configure service pw-template egress

Description

Commands in this context configure spoke SDP binding egress filter parameters.

Platforms

All

egress

Syntax

egress

Context

[Tree] (config>subscr-mgmt>sub-prof egress)

Full Context

configure subscriber-mgmt sub-profile egress

Description

Commands in this context configure subscriber profile egress setting parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-amplifier-gain

egress-amplifier-gain

Syntax

egress-amplifier-gain egress-amplifier-gain

no egress-amplifier-gain

Context

[Tree] (configure>port>transceiver>optical-line-system egress-amplifier-gain)

Full Context

configure port transceiver optical-line-system egress-amplifier-gain

Description

This command configures the gain for the egress amplifier.

The no form of this command sets the gain for the egress amplifier to the default.

Default

no egress-amplifier-gain

Parameters

egress-amplifier-gain

Specifies the gain for the amplifier in decibels.

Values

0 to 25.00 dB

Default

25.00 dB

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

egress-counter-map

egress-counter-map

Syntax

egress-counter-map policer policer-id traffic-type {unicast | multicast | broadcast} [create]

egress-counter-map queue queue-id traffic-type {unicast | multicast | broadcast} [create]

no egress-counter-map policer policer-id

no egress-counter-map queue queue-id

Context

[Tree] (config>sflow egress-counter-map)

Full Context

configure sflow egress-counter-map

Description

This command configures the egress counter map for sFlow. The map must be configured so sFlow agent understands how to interpret data collected against SAP queues and policers. Multiple queues and policers can be mapped to the same traffic-type using separate line entries.

The no form of this command deletes a SAP policy queue/policer from the map.

Parameters

policer-id

Specifies the policer ID in a SAP egress QoS policy. If the SAP policy does not have a policer with the specified ID, the map entry will be ignored for this SAP.

Values

1 to 8

queue-id

Specifies the queue ID in a SAP egress QoS policy. If the SAP policy does not have a queue with the specified ID, the map entry will be ignored for this SAP.

Values

1 to 8

Platforms

7750 SR, 7750 SR-s, 7950 XRS

egress-engineering

egress-engineering

Syntax

egress-engineering

no egress-engineering

Context

[Tree] (config>router>bgp>group egress-engineering)

[Tree] (config>router>bgp>group>neighbor egress-engineering)

Full Context

configure router bgp group egress-engineering

configure router bgp group neighbor egress-engineering

Description

Commands in this context configure egress engineering on a specific neighbor or all neighbors in a BGP group.

If egress engineering is not configured in the neighbor context, the configuration is inherited from the group context.

The no form of this command removes the egress engineering configuration.

Default

no egress-engineering

Platforms

All

egress-fc

egress-fc

Syntax

egress-fc fc-name

no egress-fc

Context

[Tree] (config>qos>sap-ingress>fc egress-fc)

Full Context

configure qos sap-ingress fc egress-fc

Description

This command configures the forwarding class to be used by the egress QoS processing. It overrides the forwarding class determined by ingress classification but not the QoS Policy Propagation via BGP.

The forwarding class or forwarding subclass can be overridden.

The new egress forwarding class is applicable to both SAP egress and network egress.

Default

no egress-fc

Parameters

fc-name

Specifies the forwarding class name to be used by the egress QoS processing.

Values

be, l2, af, l1, h2, ef, h1, nc

Platforms

All

egress-ip-filter-entries

egress-ip-filter-entries

Syntax

[no] egress-ip-filter-entries

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl egress-ip-filter-entries)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries

Description

Commands in this context configure the egress IP filter parameters.

The no form of this command reverts to the default.

Default

egress-ip-filter-entries

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-ipv6-filter-entries

egress-ipv6-filter-entries

Syntax

[no] egress-ipv6-filter-entries

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl egress-ipv6-filter-entries)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries

Description

Commands in this context configure the egress IPv6 filter parameters.

The no form of this command reverts to the default.

Default

egress-ipv6-filter-entries

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-pbr

egress-pbr

Syntax

egress-pbr {default-load-balancing | l4-load-balancing}

no egress-pbr

Context

[Tree] (config>filter>ipv6-filter>entry egress-pbr)

[Tree] (config>filter>ip-filter>entry egress-pbr)

Full Context

configure filter ipv6-filter entry egress-pbr

configure filter ip-filter entry egress-pbr

Description

This command specifies that the configured PBR action is applicable to egress processing. The command should only be enabled in ACL policies used by residential subscribers. Enabling egress-pbr on filters not deployed for residential subscribers is not blocked but may lead to unexpected behavior and should be avoided.

The no form of this command removes the egress-pbr designation of the filter entry's action.

Default

no egress-pbr

Parameters

default-load-balancing

Sets load-balancing to the default (hash based on SA/DA of the packet).

l4-load-balancing

Includes TCP/UDP port (if available) in the hash.

Platforms

All

egress-peer-engineering

egress-peer-engineering

Syntax

egress-peer-engineering

no egress-peer-engineering

Context

[Tree] (config>router>bgp egress-peer-engineering)

Full Context

configure router bgp egress-peer-engineering

Description

Commands in this context configure EPE parameters in BGP.

The no form of this command removes the EPE parameters from the BGP context.

Default

no egress-peer-engineering

Platforms

All

egress-peer-engineering-label-unicast

egress-peer-engineering-label-unicast

Syntax

[no] egress-peer-engineering-label-unicast

Context

[Tree] (config>router>bgp>group egress-peer-engineering-label-unicast)

[Tree] (config>router>bgp>group>neighbor egress-peer-engineering-label-unicast)

Full Context

configure router bgp group egress-peer-engineering-label-unicast

configure router bgp group neighbor egress-peer-engineering-label-unicast

Description

This command enables the generation of a label-unicast route for each /32 or /128 prefix that corresponds to the BGP neighbor or group address in the scope of the command. These routes can be advertised to other routers to recursively resolve unlabeled BGP routes for AS external destinations. They support the Egress Peer Engineering (EPE) use case.

The no form of this command disables the generation of EPE label-unicast routes.

Default

no egress-peer-engineering-label-unicast

Platforms

All

egress-policer

egress-policer

Syntax

egress-policer [policer-name]

no egress-policer

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm egress-policer)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm egress-policer)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt egress-policer

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt egress-policer

Description

This command specifies the egress policer applied to all UEs corresponding to default vlan-range (such as, group-interface) or the specified vlan-range. The policer can be created in the config>subscr-mgmt>isa-policer context. The egress policer can be overridden per UE from RADIUS via access-accept or COA.

The no form of this command reverts to the default.

Parameters

policer-name

Specifies the identifier of the distributed-sub-mgmt policer for egress traffic up to 256 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress-port-queue-overrides

egress-port-queue-overrides

Syntax

egress-port-queue-overrides

Context

[Tree] (config>port>ethernet>network egress-port-queue-overrides)

Full Context

configure port ethernet network egress-port-queue-overrides

Description

Commands in this context configure Ethernet network egress port queue override parameters.

Platforms

All

egress-rate

egress-rate

Syntax

egress-rate sub-rate

no egress-rate

Context

[Tree] (config>port>ethernet egress-rate)

Full Context

configure port ethernet egress-rate

Description

This command configures the rate of traffic leaving the network. The configured sub-rate uses packet-based accounting. An event log is generated each time the egress rate is modified unless the port is part of a LAG.

The no form of this command returns the value to the default.

Default

no egress-rate

Parameters

sub-rate

Specifies the egress rate in kb/s.

Values

1 to 100000000

Platforms

All

egress-rate-modify

egress-rate-modify

Syntax

egress-rate-modify agg-rate-limit

egress-rate-modify scheduler scheduler-name

no egress-rate-modify

Context

[Tree] (config>subscr-mgmt>trk-plcy egress-rate-modify)

Full Context

configure subscriber-mgmt host-tracking-policy egress-rate-modify

Description

This command specifies the egress-rate modification that is to be applied.

The no form of this command reverts to the default value.

Parameters

agg-rate-limit

Specifies to use the egress rate limit.

scheduler-name

Specifies the scheduler name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-rate-modify

Syntax

egress-rate-modify [agg-rate-limit | scheduler scheduler-name]

no egress-rate-modify

Context

[Tree] (config>subscr-mgmt>igmp-policy egress-rate-modify)

Full Context

configure subscriber-mgmt igmp-policy egress-rate-modify

Description

This command is used to apply HQoS Adjustment to a subscriber. HQoS Adjustment is needed when multicast traffic flow for the subscriber is dissociated from subscriber host queues. Multicast redirection is typical such case although it can be applied in direct IPoE subscriber per-sap replication mode.

The channel bandwidth definition policy is defined in the mcac policy under the config>router>mcac>policy context. The policy is applied under the redirected interface or under the group-interface.

In order for HQoS Adjustment to take effect, sub-mcac-policy must be in a no shutdown mode and applied under the sub-profile even if mcac is not deployed.

The no form of this command reverts to the default value.

Parameters

agg-rate-limit

Specifies the aggregate14 rate modification to be applied. The subscriber’s bandwidth is capped via the agg-rate-limit command in the sub-profile or with a Change of Authorization (CoA) request. This bandwidth cap is dynamically adjusted according to the multicast channel definition and channel association with the host via IGMP.

scheduler-name

Specifies the schedule name. The subscriber’s bandwidth is capped via the scheduling-policy in the sub-profile or with a Change of Authorization (CoA) request. HQoS Adjustment will modify the rate of the scheduler defined in the scheduling policy or configured via CoA.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-rate-modify

Syntax

egress-rate-modify agg-rate-limit

egress-rate-modify scheduler scheduler-name

no egress-rate-modify

Context

[Tree] (config>subscr-mgmt>mld-policy egress-rate-modify)

Full Context

configure subscriber-mgmt mld-policy egress-rate-modify

Description

This command configures the egress rate modification.

The no form of this command removes the values from the configuration.

Parameters

agg-rate-limit

Specifies that the maximum total rate for all subscriber egress queues for each subscriber associated with the policy.

scheduler-name

Specifies the scheduler to be applied for egress rate modification.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-rate-modify

Syntax

[no] egress-rate-modify

Context

[Tree] (config>port>ethernet>access>egress>vport egress-rate-modify)

Full Context

configure port ethernet access egress vport egress-rate-modify

Description

This command applies HQoS Adjustment to a Vport. HQoS Adjustment refers to the dynamic adjustment of the rate limit at an QoS enforcement point within a Nokia router when the multicast traffic stream is disjointed from the unicast traffic stream. This QoS enforcement point within the router represents the physical point further down in the access part of the network where the two streams join each other and potentially can cause congestion.

An example would be a PON port which is shared amongst subscriber’s multicast traffic (single copy of each channel) and subscriber’s unicast traffic. The bandwidth control point for this PON port resides in the upstream Nokia BNG node in the form of a Vport. In the case where the multicast delivery method of the BNG utilizes redirection, the multicast traffic in the BNG will flow outside of the subscriber or the Vport context and thus will bypass any bandwidth enforcement in the Nokia router. To correct this, a Vport bandwidth adjustment is necessary in the router that will account for the multicast bandwidth consumption that is bypassing Vport in the router but is present in the PON port whose bandwidth is controlled by Vport.

An estimate of the multicast bandwidth consumption on the PON port can be made at the Vport level based on the IGMP messages sourced from the subscribers behind the PON port. This process is called HQoS Adjustment.

A multicast channel bandwidth is subtracted from or added to the Vport rate limit according to the received IGMP Join/Leave messages and the channel bandwidth definition policy associated with the Vport (indirectly through a group-interface). Since the multicast traffic on the PON port is shared amongst subscribers behind this PON port, only the first IGMP Join or the last IGMP Leave per multicast channel is tracked for the purpose of the Vport bandwidth modification.

The Vport rate that will be affected by this functionality depends on the configuration:

  • In case the agg-rate within the Vport is configured, its value will be modified based on the IGMP activity associated with the subscriber under this Vport.

  • In case the port-scheduler-policy within the Vport is referenced, the max-rate defined in the corresponding port-scheduler-policy will be modified based on the IGMP activity associated with the subscriber under this Vport.

The channel bandwidth definition policy is defined in the mcac policy in the config>router>mcac>policy context. The policy is applied under the group-interface or in case of redirection under the redirected-interface.

The rates in effect can be displayed with the following two commands:

show port 1/1/5 vport name
qos scheduler-hierarchy port port-id vport vport-name

The configuration of a scheduler policy under a Vport, which is only applicable to Ethernet interfaces, is mutually exclusive with the configuration of the egress-rate-modify parameter.

Context: HQoS Adjustment for Vport is disabled.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

egress-scheduler-override

egress-scheduler-override

Syntax

egress-scheduler-override [create]

no egress-scheduler-override

Context

[Tree] (config>port>tdm>ds3 egress-scheduler-override)

[Tree] (config>port>tdm>e3 egress-scheduler-override)

[Tree] (config>port>sonet-sdh>path egress-scheduler-override)

[Tree] (config>port>tdm>e1>channel-group egress-scheduler-override)

[Tree] (config>port>ethernet egress-scheduler-override)

[Tree] (config>port>tdm>ds1>channel-group egress-scheduler-override)

Full Context

configure port tdm ds3 egress-scheduler-override

configure port tdm e3 egress-scheduler-override

configure port sonet-sdh path egress-scheduler-override

configure port tdm e1 channel-group egress-scheduler-override

configure port ethernet egress-scheduler-override

configure port tdm ds1 channel-group egress-scheduler-override

Description

This command applies egress scheduler overrides. When a port scheduler is associated with an egress port, it is possible to override the following parameters:

  • The max-rate allowed for the scheduler.

  • The maximum rate for each priority level 8 through 1.

  • The CIR associated with each priority level 8 through 1.

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for command syntax and usage for the port-scheduler-policy command.

The no form of this command removes all override parameters from the egress port or channel scheduler context. Once removed, the port scheduler reverts all rate parameters back to the parameters defined on the port-scheduler-policy associated with the port.

Parameters

create

Mandatory while creating an entry.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm ds1 channel-group egress-scheduler-override
  • configure port tdm ds3 egress-scheduler-override
  • configure port tdm e1 channel-group egress-scheduler-override
  • configure port tdm e3 egress-scheduler-override

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path egress-scheduler-override

All

  • configure port ethernet egress-scheduler-override

egress-scheduler-policy

egress-scheduler-policy

Syntax

egress-scheduler-policy port-sched-plcy

no egress-scheduler-policy

Context

[Tree] (config>port-policy egress-scheduler-policy)

Full Context

configure port-policy egress-scheduler-policy

Description

This command references a port scheduler policy that is defined under the config>qos>port-scheduler-policy> hierarchy. Port schedulers are instantiated on carrier IOMs towards all ISAs that are part of the lns-group.

The no form of the command removes the port scheduler policy from the configuration.

Default

no egress-scheduler-policy

Parameters

port-sched-plcy

Specifies the egress scheduler policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

egress-scheduler-policy

Syntax

egress-scheduler-policy port-scheduler-policy-name

no egress-scheduler-policy

Context

[Tree] (config>port>tdm>ds1>channel-group egress-scheduler-policy)

[Tree] (config>port>tdm>e1>channel-group egress-scheduler-policy)

[Tree] (config>port>sonet-sdh>path egress-scheduler-policy)

[Tree] (config>port>tdm>ds3 egress-scheduler-policy)

[Tree] (config>port>tdm>e3 egress-scheduler-policy)

[Tree] (config>port>ethernet egress-scheduler-policy)

Full Context

configure port tdm ds1 channel-group egress-scheduler-policy

configure port tdm e1 channel-group egress-scheduler-policy

configure port sonet-sdh path egress-scheduler-policy

configure port tdm ds3 egress-scheduler-policy

configure port tdm e3 egress-scheduler-policy

configure port ethernet egress-scheduler-policy

Description

This command enables the provisioning of an existing port-scheduler-policy to a port or channel.

The egress-scheduler-override node allows for the definition of the scheduler overrides for a specific port or channel.

When a port scheduler is active on a port or channel, all queues and intermediate service schedulers on the port are subject to receiving bandwidth from the scheduler. Any policers, queues, or schedulers with port-parent associations are mapped to the appropriate port priority levels based on the port-parent command parameters. Any policers, queues, or schedulers that do not have a port-parent or valid intermediate scheduler parent defined are treated as orphaned and are handled based on the port scheduler policies default or explicit orphan behavior.

The port scheduler maximum rate and priority level rate parameters may be overridden to allow unique values separate from the port-scheduler-policy-name attached to the port or channel. Use the egress-scheduler-override command to specify the port or channel specific scheduling parameters.

The no form of this command removes a port scheduler policy from an egress port or channel. Once the scheduler policy is removed, all orphaned policers, queues, and schedulers revert to a free running state governed only by the local queue or scheduler parameters. This includes any queues or schedulers with a port-parent association.

Parameters

port-scheduler-policy-name

Specifies an existing port-scheduler-policy configured in the config>qos context. The name can be up to 32 characters.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm e1 channel-group egress-scheduler-policy
  • configure port tdm e3 egress-scheduler-policy
  • configure port tdm ds3 egress-scheduler-policy
  • configure port tdm ds1 channel-group egress-scheduler-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path egress-scheduler-policy

All

  • configure port ethernet egress-scheduler-policy

egress-statistics

egress-statistics

Syntax

egress-statistics

Context

[Tree] (config>router>ldp egress-statistics)

Full Context

configure router ldp egress-statistics

Description

Commands in this context enter the LDP FEC prefix for the purpose of enabling egress data path statistics at the ingress LER for this FEC.

Platforms

All

egress-statistics

Syntax

[no] egress-statistics

Context

[Tree] (config>router>mpls>lsp egress-statistics)

[Tree] (config>router>mpls>lsp-template egress-statistics)

Full Context

configure router mpls lsp egress-statistics

configure router mpls lsp-template egress-statistics

Description

This command configures statistics in the egress data path of an originating LSP at a head-end node. The user must execute the no shutdown for this command to effectively enable statistics.

Note:

SR-TE LSP egress statistics are not supported on VSR.

The same set of counters is updated for packets forwarded over any path of the RSVP-TE LSP and over the lifetime of the LSP. In steady state, the counters are updated for packets forwarded over the active path of the LSP. The active path can be the primary path, one of the secondary paths, the FRR detour path, or the FRR bypass path when the head-end node is also the PLR.

For SR-TE LSPs, egress statistics are collected independently for each path (primary, backup standby or not), and are preserved on switchover (except for non-standby).

LSP egress statistics are collected if the head-end node is also the Penultimate-Popping Hop (PHP) node for a single-hop LSP using an implicit null egress label.

RSVP-TE LSP statistics are not collected on a dynamic or a static bypass tunnel itself.

Statistics collection on two labels of the stack is possible. Please refer to config>system>ip>mpls>label-stack-statistics-count.

The no form of this command disables the statistics in the egress data path and removes the accounting policy association from the LSP.

Default

no egress-statistics

Platforms

All

egress-statistics

Syntax

[no] egress-statistics

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy egress-statistics)

Full Context

configure router mpls forwarding-policies forwarding-policy egress-statistics

Description

This command configures egress statistics in an MPLS forwarding policy.

The no form of this command removes any egress statistics in a forwarding policy.

Default

no egress-statistics

Platforms

All

egress-statistics

Syntax

egress-statistics

Context

[Tree] (config>router>ospf>segm-rtng egress-statistics)

[Tree] (config>router>ospf3>segm-rtng egress-statistics)

[Tree] (config>router>isis>segm-rtng egress-statistics)

Full Context

configure router ospf segment-routing egress-statistics

configure router ospf3 segment-routing egress-statistics

configure router isis segment-routing egress-statistics

Description

Commands in this context configure the egress statistics for IGP SIDs.

Platforms

All

egress-statistics

Syntax

[no] egress-statistics

Context

[Tree] (config>router>segment-routing>sr-policies egress-statistics)

Full Context

configure router segment-routing sr-policies egress-statistics

Description

This command administratively enables the collection of egress traffic statistics for all segment routing policies.

The no form of this command disables egress traffic statistics collection for all segment routing policies.

Default

no egress-statistics

Platforms

All

egress-statistics

Syntax

[no] egress-statistics

Context

[Tree] (config>router>policy-options>policy-statement>entry>action egress-statistics)

[Tree] (config>router>policy-options>policy-statement>default-action egress-statistics)

Full Context

configure router policy-options policy-statement entry action egress-statistics

configure router policy-options policy-statement default-action egress-statistics

Description

This command enables the allocation of statistical indexes to BGP-LU route entries that are programmed on an egress data path.

The no form of this command disables the allocation of statistical indexes to BGP-LU entries.

Default

no egress-statistics

Platforms

All

egress-xpl

egress-xpl

Syntax

egress-xpl

Context

[Tree] (config>card>mda egress-xpl)

Full Context

configure card mda egress-xpl

Description

Commands in this context configure egress-xpl settings used by the fail-on-error feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eibgp-loadbalance

eibgp-loadbalance

Syntax

[no] eibgp-loadbalance

Context

[Tree] (config>service>vprn>bgp eibgp-loadbalance)

Full Context

configure service vprn bgp eibgp-loadbalance

Description

This command enables eiBGP load sharing so routes with both MP-BGP and IPv4 next-hops can be used simultaneously.

In order for this command to be effective, the ecmp and multipath commands for the associated VPRN instance must also be configured to allow for multiple routes to the same destination.

The no form of this command used at the global level reverts to default values.

Default

no eibgp-loadbalance

Platforms

All

elevation-mask-angle

elevation-mask-angle

Syntax

elevation-mask-angle degrees

Context

[Tree] (config>port>gnss elevation-mask-angle)

Full Context

configure port gnss elevation-mask-angle

Description

This command configures the elevation mask angle, which provides a method of filtering satellites used by the system. This command is supported on platforms that have one or more embedded GNSS receivers.

Satellites with low elevation may provide degraded accuracy because of the long signal path through the atmosphere. Signals from satellites below the configured minimum satellite elevation are not used.

Note:

Nokia recommends not to configure an elevation mask angle below 10°.

Default

10

Parameters

degrees

Specifies the elevation mask angle in degrees from the horizon.

Values

0 to 89

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se

elmi

elmi

Syntax

elmi

Context

[Tree] (config>port>ethernet elmi)

Full Context

configure port ethernet elmi

Description

This command configures Ethernet Local Management Interface (E-LMI) parameters for the Ethernet port. E-LMI is only supported on Ethernet access ports with Dot1q encapsulation type.

Platforms

All

embed-filter

embed-filter

Syntax

embed-filter ip-filter-id [offset offset] [{active | inactive}]

no embed-filter ip-filter-id

embed-filter ipv6-filter-id [offset offset] [{active | inactive}]

no embed-filter ipv6-filter-id

embed-filter flowspec [group group-id] [router {router-instance | service-name vprn-service-name}] [offset offset] [{active | inactive}]

no embed-filter flowspec [group group-id]

embed-filter open-flow ofs-name [{system | service {service-id | service-name} | sap sap-id}] [ offset offset] [{active | inactive}]

no embed-filter open-flow ofs-name [{system | service {service-id | service-name} | sap sap-id}]

Context

[Tree] (config>filter>ipv6-filter embed-filter)

[Tree] (config>filter>ip-filter embed-filter)

Full Context

configure filter ipv6-filter embed-filter

configure filter ip-filter embed-filter

Description

This command embeds a previously defined IPv4, IPv6, or MAC embedded filter policy or Hybrid OpenFlow switch instance into this exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only.

The embed-filter open-flow ofs-name form of this command enables OpenFlow (OF) in GRT either by embedding the specified OpenFlow switch (OFS) instance with switch-defined-cookie disabled, or by embedding rules with sros-cookie:type "grt-cookie”, value 0, from the specified OFS instance with switch-defined-cookie enabled. The embedding filter can only be deployed in GRT context or be unassigned.

The embed-filter open-flow ofs-name system form of this command enables OF in system filters by embedding rules with sros-cookie:type "system-cookie”, value 0, from the specified OFS instance with switch-defined-cookie enabled. The embedding filter can only be of scope system.

The embed-filter open-flow ofs-name service {service-id | service-name} form of this command enables OF in VPRN/VPLS filters by embedding rules with sros-cookie:type "service-cookie”, value service-id, from the specified OFS instance with switch-defined-cookie enabled—per service rules. The embedding filter can only be deployed in the specified VPRN/VPLS service. A single VPLS service can only support OF rules per SAP or per service.

The embed-filter open-flow ofs-name sap sap-id form of this command enables OF in VPLS SAP filters by embedding rules with sros-cookie:type "service-cookie”, value service-id and flow match conditions specifying the sap-id from the specified OFS instance with switch-defined-cookie enabled—per SAP OF rules. The embedding filter must be of type exclusive and can only be deployed on the specified SAP in the context of the specified VPLS service. A single VPLS service can only support OF rules per SAP or per service.

The no embed-filter open-flow ofs-name form of this command removes the OF embedding for the GRT context.

The embed-filter flowspec form of this command enables the embedding of rules derived from BGP FlowSpec routes into the filter policy that is being configured. The optional group parameter specifies that only FlowSpec routes tagged with an interface-set extended community containing this group ID should be selected for embedding. The optional router parameter specifies the routing instance source of the BGP FlowSpec routes; if the parameter is not specified, the routing instance is derived automatically from the context in which the filter policy is applied.

The no embed-filter flowspec form of this command removes the FlowSpec filter embedding from this filter policy.

The no embed-filter filter-id form of this command removes the embedding from this filter policy.

See the description of embedded filter policies in this guide for further operational details.

Parameters

ip-filter-id

Specifies a previously defined IPv4 policy for embedding in this filter.

ipv6-filter-id

Specifies a previously defined IPv6 policy for embedding in this filter.

offset

Specifies that an embedded filter entry X will have an entry X + offset in the embedding filter.

Values

0 to 2097151

Default

0

active

Specifies that embedded filter entries are to be included in this embedding filter policy and activated on applicable line cards—default if no keyword is specified and omitted from info command output (but not info detail), or when saving the configuration.

inactive

Specifies that no embedded filter policy entries are to be included in this embedding filter policy. The embedding is configured but will not do anything.

flowspec

This keyword indicates that rules derived from BGP FlowSpec routes should be embedded into (or removed from, in case of the no form) the filter.

group-id

Specifies that only FlowSpec routes with an interface-set extended community with this value of group-id should be selected for embedding.

Values

0 to 16383

router-instance

Specifies a router instance.

vprn-service-name

Specifies the VPRN service name used for embedding FlowSpec rules.

open-flow

Indicates that rules derived from OpenFlow should be embedded into (or removed from, in case of the no form) the filter.

ofs-name

Specifies the name of the currently configured Hybrid OpenFlow Switch (OFS) instance.

Not including the system, service or sap parameters will specify OF in a GRT instance context by default. This allows embedding of OF rules into filters deployed in GRT instances from OFS with switch-defined-cookie disabled, or embedding rules from OFS with switch-defined-cookie enabled, when the FlowTable cookie encodes sros-cookie:type "grt-cookie”.

system

Used for OF control of system filters. Allows embedding of OF rules into system filters from OFS with switch-defined-cookie enabled. Only the rules with cookie value encoding "system-cookie” are embedded.

service-id

Specifies an existing VPRN or VPLS service ID that the embedding filter can be used for.

service-name — Specifies an existing VPRN or VPLS service name that the embedding filter can be used for.

Values

1 to 2147483647

service-name

Specifies an existing VPRN or VPLS service name up to 64 characters that the embedding filter can be used for.

sap-id

Used for OF control of VPLS services when a PortID and VLAN ID match is required. Allows embedding of OF rules with a PortID and VLAN ID match into exclusive VPLS SAP filters. Only the rules with cookie value encoding the VPLS service, and flow table match encoding the specified SAP, are embedded into the filter. The embedding filter can only be deployed in the context of the specified SAP.

sap-id — Specifies an existing SAP that the embedding filter can be used for.

Platforms

All

embedded-rp

embedded-rp

Syntax

embedded-rp

Context

[Tree] (config>service>vprn>pim>rp>ipv6 embedded-rp)

Full Context

configure service vprn pim rp ipv6 embedded-rp

Description

This command enables context to configure IPv6 embedded RP parameters.

Platforms

All

embedded-rp

Syntax

[no] embedded-rp

Context

[Tree] (config>router>pim>rp>ipv6 embedded-rp)

Full Context

configure router pim rp ipv6 embedded-rp

Description

Commands in this context configure embedded RP parameters.

Embedded RP is required to support IPv6 inter-domain multicast because there is no MSDP equivalent in IPv6.

The detailed protocol specification is defined in RFC 3956, Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address. This RFC describes a multicast address allocation policy in which the address of the RP is encoded in the IPv6 multicast group address, and specifies a PIM-SM group-to-RP mapping to use the encoding, leveraging, and extending unicast-prefix-based addressing. This mechanism not only provides a simple solution for IPv6 inter-domain ASM but can be used as a simple solution for IPv6 intra-domain ASM with scoped multicast addresses as well. It can also be used as an automatic RP discovery mechanism in those deployment scenarios that would have previously used the Bootstrap Router protocol (BSR).

The no form of this command disables embedded RP.

Platforms

All

emulated-server

emulated-server

Syntax

emulated-server ip-address

no emulated-server

Context

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>proxy-server emulated-server)

[Tree] (config>service>vprn>if>dhcp>proxy-server emulated-server)

[Tree] (config>service>ies>if>dhcp>proxy-server emulated-server)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server emulated-server)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy emulated-server)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>proxy emulated-server)

[Tree] (config>service>vpls>sap>dhcp>proxy-server emulated-server)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>proxy-server emulated-server)

Full Context

configure service vprn subscriber-interface group-interface dhcp proxy-server emulated-server

configure service vprn interface dhcp proxy-server emulated-server

configure service ies interface dhcp proxy-server emulated-server

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server emulated-server

configure service vprn subscriber-interface ipv6 dhcp6 proxy emulated-server

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server emulated-server

configure service vpls sap dhcp proxy-server emulated-server

configure service ies subscriber-interface group-interface dhcp proxy-server emulated-server

Description

This command configures the IP address which is used as the DHCP server address in the context of the SAP. Typically, the configured address should be in the context of the subnet represented by the service.

The no form of this command reverts to the default setting. The local proxy server will not become operational without the emulated-server address being specified.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the emulated server’s IP address. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server emulated-server
  • configure service ies subscriber-interface group-interface dhcp proxy-server emulated-server
  • configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server emulated-server
  • configure service vprn subscriber-interface group-interface dhcp proxy-server emulated-server

All

  • configure service vprn interface dhcp proxy-server emulated-server
  • configure service ies interface dhcp proxy-server emulated-server
  • configure service vpls sap dhcp proxy-server emulated-server

enable

enable

Syntax

[no] enable

Context

[Tree] (config>app-assure>group>ip-id-asst>pos-app-id enable)

Full Context

configure application-assurance group ip-identification-assist positive-app-id enable

Description

This command configures the router to use the positive application identification mechanism. This mechanism causes the router to add the IP addresses of the global applications learned through AA analysis into the IP identification assist cache. The router uses the harvested IP addresses to build its internal application-IP database.

The no form of this command configures the router to use only DNS to harvest IP addresses.

Default

enable

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

enable-admin

enable-admin

Syntax

enable-admin

Context

[Tree] (enable-admin)

Full Context

enable-admin

Description

See the description for the admin-password command. If the admin-password is configured in the config>system>security>password context, then any user can enter a special administrative mode by entering the enable-admin command.

enable-admin is in the default profile. By default, all users are given access to this command.

Once the enable-admin command is entered, the user is prompted for a password. If the password matches, the user is given unrestricted access to all the commands.

The minimum length of the password is determined by the minimum-length command. The complexity requirements for the password are determined by the complexity command.

The following shows a password configuration example:

A:ALA-1>config>system>security# info
----------------------------------------------
...
            password
                aging 365
                minimum-length 8
                attempts 5 time 5 lockout 20
                admin-password "rUYUz9XMo6I" hash
            exit
...
----------------------------------------------
A:ALA-1>config>system>security#

There are two ways to verify that a user is in the enable-admin mode:

  • show users — administrator can know which users are in this mode

  • Enter the enable-admin command again at the root prompt and an error message will be returned.

*A:node-1# show users
===============================================================================
User                             Type      Login time           Idle time
  Session ID   From
===============================================================================
                                 Console         --             3d 10:16:12 --
  6            --
admin                            SSHv2     12OCT2018 20:44:15   0d 00:00:00 A-
 #83           192.168.0.10
admin                            SSHv2     12OCT2018 21:09:25   0d 00:05:10 --
  84           192.168.0.10
-------------------------------------------------------------------------------
Number of users: 2
'#' indicates the current active session
'A' indicates user is in admin mode
===============================================================================
*A:node-1# enable-admin
MINOR: CLI Already in admin mode.
*A:node-1#

Platforms

All

enable-admin-control

enable-admin-control

Syntax

enable-admin-control

Context

[Tree] (config>system>security>password enable-admin-control)

Full Context

configure system security password enable-admin-control

Description

Enable the user to become a system administrator.

Note:

This command applies to users on RADIUS, TACACS, and LDAP.

Platforms

All

enable-asm-mdt

enable-asm-mdt

Syntax

[no] enable-asm-mdt

Context

[Tree] (config>service>vprn>mvpn>pt>selective enable-asm-mdt)

Full Context

configure service vprn mvpn provider-tunnel selective enable-asm-mdt

Description

This command enables Data MDT with PIM-ASM mode on the receiver PE node. PIM-ASM or PIM-SSM operation mode is derived based on the locally configured SSM range on the node.

If asm-mode is disabled using this command, then PIM-SSM mode is enabled for all groups, independent of the configured SSM range on the node.

Platforms

All

enable-bfd-leaf

enable-bfd-leaf

Syntax

[no] enable-bfd-leaf

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>rsvp enable-bfd-leaf)

Full Context

configure service vprn mvpn provider-tunnel inclusive rsvp enable-bfd-leaf

Description

This command enables unidirectional multi-point BFD session on a receiver (leaf) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

Platforms

All

enable-bfd-leaf

Syntax

[no] enable-bfd-leaf

Context

[Tree] (configure>service>vprn>mvpn>provider-tunnel>inclusive>p2mp-sr enable-bfd-leaf)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr enable-bfd-leaf

Description

This command enables unidirectional multipoint BFD sessions on a receiver (leaf) PE node for upstream fast failure detection over P2MP SR tree LSP.

The no form of this command disables unidirectional multipoint BFD sessions.

Default

no enable-bfd-leaf

Platforms

All

enable-bfd-root

enable-bfd-root

Syntax

enable-bfd-root transmit-interval [multiplier multiplier]

no enable-bfd-root

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>rsvp enable-bfd-root)

Full Context

configure service vprn mvpn provider-tunnel inclusive rsvp enable-bfd-root

Description

This command enables unidirectional multi-point BFD session on a sender (Root) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

Parameters

transmit-interval

Sets the transmit interval, in milliseconds.

Values

10 to 100000

Default

100

multiplier

Sets the multiplier for the BFD session.

Values

3 to 20

Default

3

Platforms

All

enable-bfd-root

Syntax

enable-bfd-root transmit-interval [multiplier multiplier]

no enable-bfd-root

Context

[Tree] (configure>service>vprn>mvpn>pt>inclusive>p2mp-sr enable-bfd-root)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr enable-bfd-root

Description

This command enables a unidirectional multi-point BFD session on a sender (Root) PE node for upstream fast failure detection over P2MP SR tree LSP. The node uses the multiplier and the transmit interval parameters to calculate the detection time, which is the period of time without receiving BFD packets after which the session failure is determined.

Default

no enable-bfd-root

Parameters

transmit-interval

Sets the transmit interval, in milliseconds.

Values

10 to 100000

Default

300

multiplier

Sets the multiplier for the transmit interval of the BFD session.

Values

3 to 20

Default

3

Platforms

All

enable-bgp-vpn-backup

enable-bgp-vpn-backup

Syntax

enable-bgp-vpn-backup [ipv4] [ ipv6]

no enable-bgp-vpn-backup

Context

[Tree] (config>service>vprn enable-bgp-vpn-backup)

Full Context

configure service vprn enable-bgp-vpn-backup

Description

This command allows BGP-VPN routes imported into the VPRN to be used as backup paths for IPv4 or IPv6 BGP-learned prefixes.

Parameters

ipv4

Allows BGP-VPN routes to be used as backup paths for IPv4 prefixes.

ipv6

Allows BGP-VPN routes to be used as backup paths for IPv6 prefixes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

enable-console-access

enable-console-access

Syntax

[no] enable-console-access

Context

[Tree] (config>system>satellite>eth-sat enable-console-access)

Full Context

configure system satellite eth-sat enable-console-access

Description

This command enables access to a satellite console interface for additional debugging purposes.

When configured through the 7750 SR, 7450 ESS, and 7950 XRS host CLI, the 7210 SAS console port is enabled to perform the debug function. Console commands are limited to specific show commands and no configuration or operational changes can be made using the 7210 console.

The no form of this command disables satellite console interface access.

Default

no enable-console-access

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

enable-dscp-prec-remarking

enable-dscp-prec-remarking

Syntax

[no] enable-dscp-prec-remarking

Context

[Tree] (config>qos>sap-egress>policer enable-dscp-prec-remarking)

Full Context

configure qos sap-egress policer enable-dscp-prec-remarking

Description

This command enables DSCP/precedence remarking based on the profile state of a packet being forwarded by a SAP or subscriber egress policer. The DSCP/precedence can be remarked to a value independent of, or separately based on, the packet's profile, if the packet has an exceed, in-profile, or out-of-profile state.

Default

no enable-dscp-prec-remarking

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

enable-dynamic-services-config

enable-dynamic-services-config

Syntax

[no] enable-dynamic-services-config

Context

[Tree] (enable-dynamic-services-config)

Full Context

enable-dynamic-services-config

Description

Note:

See also the description for the dynsvc-password command.

If the dynsvc-password is configured in the config>system>security>password context, then any user can enter a special dynamic services configuration mode by entering the enable-dynamic-services-config command.

The enable-dynamic-services-config command is not in the default profile. To give access to this command, the user must belong to the administrative profile or a new profile should be created.

Once the enable-dynamic-services-config command is entered, the user is prompted for a password. If the password matches, the user is given access to the dynamic services configuration. Access to static configuration is in this case prohibited.

To verify that a user is in the enable-dynamic-services-config mode, use the show users command. Users in the enable-dynamic-services-config mode lists the letter "D” next to the user’s CLI session.

The no form of this command disables the dynamic services configuration mode for this user.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

enable-exceed-pir

enable-exceed-pir

Syntax

[no] enable-exceed-pir

Context

[Tree] (config>qos>sap-egress>policer enable-exceed-pir)

Full Context

configure qos sap-egress policer enable-exceed-pir

Description

This command enables the forwarding of packets with an exceed-profile state and traffic exceeding the PIR for a SAP egress or a network egress queue group (configured in the egress queue group template) policer. This traffic is forwarded as exceed-profile instead of being dropped. This parameter is not supported when policers-hqos-manageable is configured in the SAP egress QoS policy.

Default

no enable-exceed-pir

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

enable-exceed-pir

Syntax

[no] enable-exceed-pir

Context

[Tree] (cfg>qos>qgrps>egr>qgrp>policer enable-exceed-pir)

Full Context

configure qos queue-group-templates egress queue-group policer enable-exceed-pir

Description

This command enables the forwarding of traffic exceeding the PIR for a SAP egress or a network egress queue group (configured in the egress queue group template) policer. This traffic is forwarded as exceed-profile instead of being dropped.

Default

no enable-exceed-pir

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

enable-fc-collection

enable-fc-collection

Syntax

[no] enable-fc-collection

Context

[Tree] (config>oam-pm>session>ethernet>lmm enable-fc-collection)

Full Context

configure oam-pm session ethernet lmm enable-fc-collection

Description

This command enables the ETH-LMM test within the OAM-PM session to collect per-FC counters. This command must be used in combination with the collect-lmm-fc-stats command for the entity over which the source MEP is defined. The config>oam-pm>session>ethernet>priority value must match the numerical value that represents the FC name (7 = NC, 6 = H1, 5 = EF, 4 = H2, 3 = L1, 2 = AF, 1 = L2, 0 = BE).

The OAM-PM infrastructure does not validate that the proper counting mode has been configured on the entity that is linked to the source MEP, and does not validate that the FC and priority have been configured. The show>eth-cfm>collect-lmm-fc-stats command may be used to display the entities and the FCs on those entities that have established individual FC counters.

Sessions that launch from the same source MEP must use the same counting model; either collect-lmm-fc-stats for individual counters for the defined FCs, or collect-lmm-stats for a single all-encompassing counter.

Individual OAM-PM sessions must be configured if multiple Ethernet LMM tests are required for different FCs. Cross-session validation occurs to ensure that a source MEP does not include multiple tests that are using the same priority.

The no form of this command removes all previously defined FCs and stops counting for those FCs.

Platforms

All

enable-graceful-shutdown

enable-graceful-shutdown

Syntax

[no] enable-graceful-shutdown

Context

[Tree] (config>system>login-control>telnet enable-graceful-shutdown)

Full Context

configure system login-control telnet enable-graceful-shutdown

Description

This command enables graceful shutdown of telnet sessions.

The no form of this command disables graceful shutdown of telnet sessions.

Platforms

All

enable-grt

enable-grt

Syntax

[no] enable-grt

Context

[Tree] (config>service>vprn>grt-lookup enable-grt)

Full Context

configure service vprn grt-lookup enable-grt

Description

This command enables the functions required for looking up routes in the Global Route Table (GRT) when the lookup in the local VRF fails. If this command is enabled without the use of a static-route option (as subcommand to this parent), a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.

The no form of this command disables the lookup in the GRT when the lookup in the local VRF fails.

Default

no enable-grt

Platforms

All

enable-icmp-vse

enable-icmp-vse

Syntax

[no] enable-icmp-vse

Context

[Tree] (config>system enable-icmp-vse)

Full Context

configure system enable-icmp-vse

Description

This command enables vendor specific extensions to ICMP.

Default

no enable-icmp-vse

Platforms

All

enable-ingress-stats

enable-ingress-stats

Syntax

[no] enable-ingress-stats

Context

[Tree] (config>service>ies>if enable-ingress-stats)

[Tree] (config>service>ies>sub-if>grp-if enable-ingress-stats)

[Tree] (config>service>vprn>if enable-ingress-stats)

[Tree] (config>service>vprn>sub-if>grp-if enable-ingress-stats)

[Tree] (config>service>vprn>nw-if enable-ingress-stats)

[Tree] (config>router>if enable-ingress-stats)

Full Context

configure service ies interface enable-ingress-stats

configure service ies subscriber-interface group-interface enable-ingress-stats

configure service vprn interface enable-ingress-stats

configure service vprn subscriber-interface group-interface enable-ingress-stats

configure service vprn network-interface enable-ingress-stats

configure router interface enable-ingress-stats

Description

This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics.

If enabled, then the following statistics are collected:

  • IPv4 offered packets

  • IPv4 offered octets

  • IPv6 offered packets

  • IPv6 offered octets

Note:

Octet statistics for IPv4 and IPv6 bytes at IP interfaces include the Layer 2 frame overhead.

Default

no enable-ingress-stats

Platforms

All

  • configure service ies interface enable-ingress-stats
  • configure router interface enable-ingress-stats
  • configure service vprn network-interface enable-ingress-stats
  • configure service vprn interface enable-ingress-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface enable-ingress-stats
  • configure service ies subscriber-interface group-interface enable-ingress-stats

enable-inter-as-vpn

enable-inter-as-vpn

Syntax

[no] enable-inter-as-vpn

Context

[Tree] (config>router>bgp enable-inter-as-vpn)

Full Context

configure router bgp enable-inter-as-vpn

Description

This command specifies whether VPNs can exchange routes across autonomous system boundaries, providing model B connectivity.

The no form of this command disallows ASBRs to advertise VPRN routes to their peers in other autonomous systems.

Default

no enable-inter-as-vpn

Platforms

All

enable-mac-accounting

enable-mac-accounting

Syntax

[no] enable-mac-accounting

Context

[Tree] (config>service>ies>if enable-mac-accounting)

Full Context

configure service ies interface enable-mac-accounting

Description

This command enables MAC accounting functionality on this interface.

The no form of this command disables MAC accounting functionality on this interface.

Platforms

All

enable-mac-accounting

Syntax

[no] enable-mac-accounting

Context

[Tree] (config>service>vprn>if enable-mac-accounting)

Full Context

configure service vprn interface enable-mac-accounting

Description

This command enables MAC accounting functionality on this interface.

The no form of this command disables MAC accounting functionality on this interface.

Platforms

All

enable-mac-accounting

Syntax

[no] enable-mac-accounting

Context

[Tree] (config>router>if enable-mac-accounting)

Full Context

configure router interface enable-mac-accounting

Description

This command enables MAC Accounting functionality for the interface.

Default

no enable-mac-accounting

Platforms

All

enable-mdt-spt

enable-mdt-spt

Syntax

[no] enable-mdt-spt

Context

[Tree] (config>router>pim enable-mdt-spt)

Full Context

configure router pim enable-mdt-spt

Description

This command enables SPT switchover for default MDT. On enable, PIM instance resets all MDTs and re-initiate setup.

The no form of this command disables SPT switchover for default MDT. On disable, PIM instance resets all MDTs and re-initiate setup.

Default

no enable-mdt-spt

Platforms

All

enable-notification

enable-notification

Syntax

enable-notification

no enable-notification

Context

[Tree] (config>service>vprn>bgp>graceful-restart enable-notification)

[Tree] (config>service>vprn>bgp>group>graceful-restart enable-notification)

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart enable-notification)

Full Context

configure service vprn bgp graceful-restart enable-notification

configure service vprn bgp group graceful-restart enable-notification

configure service vprn bgp group neighbor graceful-restart enable-notification

Description

When this command is present, the graceful restart capability sent by this router indicates support for NOTIFICATION messages. If the peer also supports this capability then the session can be restarted gracefully (while preserving forwarding) if either peer sends a NOTIFICATION message due to some type of event or error.

Default

no enable-notification

Platforms

All

enable-notification

Syntax

enable-notification

no enable-notification

Context

[Tree] (config>router>bgp>graceful-restart enable-notification)

[Tree] (config>router>bgp>group>neighbor>graceful-restart enable-notification)

[Tree] (config>router>bgp>group>graceful-restart enable-notification)

Full Context

configure router bgp graceful-restart enable-notification

configure router bgp group neighbor graceful-restart enable-notification

configure router bgp group graceful-restart enable-notification

Description

When this command is present, the graceful restart capability sent by this router indicates support for NOTIFICATION messages. If the peer also supports this capability, then the session can be restarted gracefully (while preserving forwarding) if either peer needs to send a NOTIFICATION message due to some type of event or error.

Default

no enable-notification

Platforms

All

enable-origin-validation

enable-origin-validation

Syntax

enable-origin-validation [ipv4] [ipv6] [ label-ipv4]

no enable-origin-validation

Context

[Tree] (config>service>vprn>bgp>group>neighbor enable-origin-validation)

[Tree] (config>service>vprn>bgp>group enable-origin-validation)

Full Context

configure service vprn bgp group neighbor enable-origin-validation

configure service vprn bgp group enable-origin-validation

Description

When this command is added to the configuration of a group or neighbor, it causes every inbound IPv4, IPv6, and label-IPv4 route from that peer to be marked with one of the following origin validation states:

  • Valid (0)

  • Not-Found (1)

  • Invalid (2)

By default (when no family parameter is present in the command) or when all the family options are specified, all unicast IPv4 (AFI1/SAFI1), label-IPv4 (AFI1/SAFI4), and unicast IPv6 (AFI2/SAFI1) routes are evaluated to determine their origin validation states. When only a subset of the family options are present, then only the corresponding address family routes are evaluated.

This command applies to all types of VPRN BGP peers, generally, it should only be applied to EBGP peers and groups that contain only EBGP peers.

The no form of this command disables the inspection of received routes from the peer to determine origin validation state.

Default

no enable-origin-validation

Parameters

ipv4

Enables origin validation processing for unlabeled unicast IPv4 routes.

ipv6

Enables origin validation processing for unlabeled unicast IPv6 routes.

label-ipv4

Enables origin validation processing for labeled IPv4 routes.

Platforms

All

enable-origin-validation

Syntax

enable-origin-validation [ipv4] [ipv6] [ label-ipv4] [label-ipv6]

no enable-origin-validation

Context

[Tree] (config>router>bgp>group enable-origin-validation)

[Tree] (config>router>bgp>group>neighbor enable-origin-validation)

Full Context

configure router bgp group enable-origin-validation

configure router bgp group neighbor enable-origin-validation

Description

When the enable-origin-validation command is added to the configuration of a group or neighbor, it causes every inbound IPv4 or IPv6 route from that peer to be marked with one of the following origin validation states:

  • Valid (0)

  • Not-Found (1)

  • Invalid (2)

By default (when neither the ipv4 or ipv6 option is present in the command) or when both the ipv4 and ipv6 options are specified, all unicast IPv4 (AFI1/SAFI1), label-IPv4 (AFI1/SAFI4), unicast IPv6 (AFI2/SAFI1), and label-IPv6 (AFI2/SAFI4) routes are evaluated to determine their origin validation states. When only the ipv4 or ipv6 option is present, only the corresponding address family routes (unlabeled and labeled) are evaluated.

The enable-origin-validation command applies to all types of BGP peers, but as a general rule, it should only be applied to EBGP peers and groups that contain only EBGP peers.

Default

no enable-origin-validation

Parameters

ipv4

Enables origin validation processing for unlabeled unicast IPv4 routes.

ipv6

Enables origin validation processing for unlabeled unicast IPv6 routes.

label-ipv4

Enables origin validation processing for labeled IPv4 routes.

label-ipv6

Enables origin validation processing for labeled IPv6 routes.

Platforms

All

enable-peer-tracking

enable-peer-tracking

Syntax

[no] enable-peer-tracking

Context

[Tree] (config>service>vprn>bgp>group>neighbor enable-peer-tracking)

[Tree] (config>service>vprn>bgp enable-peer-tracking)

[Tree] (config>service>vprn>bgp>group enable-peer-tracking)

Full Context

configure service vprn bgp group neighbor enable-peer-tracking

configure service vprn bgp enable-peer-tracking

configure service vprn bgp group enable-peer-tracking

Description

This command enables BGP peer tracking.

Default

no enable-peer-tracking

Platforms

All

enable-peer-tracking

Syntax

[no] enable-peer-tracking

Context

[Tree] (config>router>bgp enable-peer-tracking)

[Tree] (config>router>bgp>group enable-peer-tracking)

[Tree] (config>router>bgp>group>neighbor enable-peer-tracking)

Full Context

configure router bgp enable-peer-tracking

configure router bgp group enable-peer-tracking

configure router bgp group neighbor enable-peer-tracking

Description

This command enables BGP peer tracking. BGP peer tracking allows a BGP peer to be dropped immediately if the route used to resolve the BGP peer address is removed from the IP routing table and there is no alternative available. The BGP peer will not wait for the holdtimer to expire; therefore, the BGP re-convergence process is accelerated.

The no form of this command disables peer tracking.

Default

no enable-peer-tracking

Platforms

All

enable-rr-vpn-forwarding

enable-rr-vpn-forwarding

Syntax

[no] enable-rr-vpn-forwarding

Context

[Tree] (config>router>bgp enable-rr-vpn-forwarding)

Full Context

configure router bgp enable-rr-vpn-forwarding

Description

When this command is configured all received VPN-IP routes, regardless of route target, are imported into the dummy VRF, where the BGP next-hops are resolved. The label-route-transport-tunnel under config>router>bgp>next-hop-resolution determines what types of tunnels are eligible to resolve the next-hops. If a received VPN-IP route from IBGP peer X is resolved and selected as best so that it can be re-advertised to an IBGP peer Y, and the BGP next-hop is modified towards peer Y (by using the next-hop-self command in Y’s group or neighbor context or by using a next-hop action in an export policy applied to Y) then BGP allocates a new VPRN service label value for the route, signals that new label value to Y and programs the IOM to do the corresponding label swap operation. The supported combinations of X and Y are outlined below:

  • from X (client) to Y (client)

  • from X (client) to Y (non-client)

  • from X (non-client) to Y (client)

The no form of this command causes the re-advertisement of a VPN-IP route between one IBGP peer and another IBGP peer does not cause a new VPRN service label value to be signaled and programmed even if the BGP next-hop is changed through group/neighbor configuration or policy.

Nokia recommends leaving this command disabled for scaling and convergence reasons.

Default

no enable-rr-vpn-forwarding

Platforms

All

enable-subconfed-vpn-forwarding

enable-subconfed-vpn-forwarding

Syntax

[no] enable-subconfed-vpn-forwarding

Context

[Tree] (config>router>bgp enable-subconfed-vpn-forwarding)

Full Context

configure router bgp enable-subconfed-vpn-forwarding

Description

This command configures BGP to keep VPN-IPv4 and VPN-IPv6 routes within a subconfederation and allow a next-hop-self command to create label swap forwarding entries.

When this is enabled, the base router BGP instance retains all received VPN-IPv4 and VPN-IPv6 routes, even those with route targets not matching any VRF import policy of any locally configured VPRN. In addition, when this leaf is enabled and base router BGP is configured to apply a next-hop-self command to a peer of any type (EBGP, IBGP, or confed-EBGP), the VPN-IPv4 and VPN-IPv6 routes are advertised to the peer with a new BGP label and next-hop, and a label-swap forwarding entry is programmed.The preceding behaviors are applied when the enable-inter-as-vpn or the enable-rr-vpn-forwarding commands, both under the configure router bgp context, are also enabled in the same BGP instance and regardless of whether the base router has a confederation configuration.

The no form of this command disables subconfederation VPN forwarding.

Default

no enable-subconfed-vpn-forwarding

Platforms

All

enable-tech

enable-tech

Syntax

[no] enable-tech

Context

[Tree] (admin enable-tech)

Full Context

admin enable-tech

Description

This command enables the shell and kernel commands.

Note:

This command should only be used with authorized direction of Nokia support.

Platforms

All

enable-triggered-hosts

enable-triggered-hosts

Syntax

[no] enable-triggered-hosts

Context

[Tree] (config>service>vprn>sub-if>grp-if>wpp enable-triggered-hosts)

[Tree] (config>service>ies>sub-if>grp-if>wpp enable-triggered-hosts)

Full Context

configure service vprn subscriber-interface group-interface wpp enable-triggered-hosts

configure service ies subscriber-interface group-interface wpp enable-triggered-hosts

Description

This command enables system to auto creates ESM hosts upon successful WPP authentication. The default host must be configured under SAP on the subscriber SAP to redirect unauthenticated client traffic to the web portal.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

encap

encap

Syntax

encap

Context

[Tree] (config>mirror>mirror-dest encap)

Full Context

configure mirror mirror-dest encap

Description

Commands in this context configure encapsulation options for the mirrored traffic. Note that the use of encap is mutually exclusive with SAP or spoke SDP options in the same mirror destination. Only one type of encapsulation can be specified for a single mirror destination. Slicing and encap are mutually exclusive in the same mirror-dest context.

Platforms

All

encap-defined-qos

encap-defined-qos

Syntax

encap-defined-qos

Context

[Tree] (config>service>vpls>sap>egress encap-defined-qos)

Full Context

configure service vpls sap egress encap-defined-qos

Description

This command creates a new QoS sub-context in B-VPLS SAP egress context. The user can define encapsulation groups, referred to as encap-group, based on the ISID value in the packet’s encapsulation and assign a QoS policy and a scheduler policy or aggregate rate limit to the group.

Platforms

All

encap-group

encap-group

Syntax

encap-group group-name [type group-type] [qos-per-member] [create]

no encap-group group-name

Context

[Tree] (config>service>vpls>sap>egress>encap-defined-qos encap-group)

Full Context

configure service vpls sap egress encap-defined-qos encap-group

Description

This command defines an encapsulation group which consists of a group of ISID values. All packets forwarded on the egress of a B-VPLS SAP which payload header matches one of the ISID value in the encap-group will use the same QoS policy instance and scheduler policy or aggregate rate limit instance.

The user adds or removes members to the encap-group one at a time or as a range of contiguous values using the member command. However, when the qos-per-member option is enabled, members must be added or removed one at a time. These members are also referred to as ISID contexts.

The user can configure one or more encap-groups in the egress context of the same B-SAP, therefore defining different ISID values and applying each a different SAP egress QoS policy, and optionally a different scheduler policy/agg-rate. ISID values are unique within the context of a B-SAP. The same ISID value cannot be re-used in another encap-group under the same B-SAP but can be re-used in an encap-group under a different B-SAP. Finally, if the user adds to an encap-group an ISID value which is already a member of this encap-group, the command causes no effect. The same if the user attempts to remove an ISID value which is not a member of this encap-group.

Once a group is created, the user will assign a SAP egress QoS policy, and optionally a scheduler policy or aggregate rate limit, using the following commands:

config>service>vpls>sap>egress>encap-defined-qos>encap-group>qos sap-egress-policy-id

config>service>vpls>sap>egress>encap-defined-qos>encap-group>scheduler-policy scheduler-policy-name

config>service>vpls>sap>egress>encap-defined-qos>encap-group>agg-rate kilobits-per-second

A SAP egress QoS policy must first be assigned to the created encap group before the user can add members to this group. Conversely, the user cannot perform the no qos command until all members are deleted from the encap-group.

An explicit or the default SAP egress QoS policy continues to be applied to the entire B-SAP but this will serve to create the set of egress queues which are used to store and forward a packet which does not match any of the defined ISID values in any of the encap-groups for this SAP.

Only the queue definition and fc-to-queue mapping from the encap-group SAP egress QoS policy is applied to the ISID members. All other parameters configurable in a SAP egress QoS policy must be inherited from egress QoS policy applied to the B-SAP.

Furthermore, any other CLI option configured in the egress context of the B-SAP continues to apply to packets matching a member of any encap-group defined in this B-SAP.

The keyword qos-per-member allows the user to specify that a separate queue set instance and scheduler/agg-rate instance will be created for each ISID value in the encap-group. By default, shared instances will be created for the entire encap-group.

When the B-SAP is configured on a LAG port, the ISID queue instances defined by all the encap-groups applied to the egress context of the SAP will be replicated on each member link of the LAG. The set of scheduler/agg-rate instances will be replicated per link or per IOM or XMA depending if the adapt-qos option is set to link/port-fair mode or distribute mode. This is the same behavior as that applied to the entire B-SAP in the current implementation.

The no form of this command deletes the encap-group.

Parameters

group-name

Specifies the name of the encap-group and can be up to 32 ASCII characters in length

type

Specifies the type of the encapsulation ID used by this encap-group

Values

isid

qos-per-member

Specifies that a separate queue set instance and scheduler/agg-rate instance will be created for each ISID value in the encap-group

Platforms

All

encap-match

encap-match

Syntax

encap-match {all-encap | double-tag encap-value | single-tag encap-value | untagged}

no encap-match

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port encap-match)

Full Context

configure port ethernet dot1x macsec sub-port encap-match

Description

This command defines the sub-set of traffic on this port affected by this MACsec sub-port.

In order to establish an end-to-end communication between the remote MACsec peers encrypting VLAN-tagged traffic, the MKA packets have to be able to travel over the network following the same path as the encrypted traffic. MKA packets are generated with specific tags depending on the traffic match criteria configured, as shown in MKA Packet Generation .

The no form of this command removes all traffic sub-set definitions from the MACsec sub-port.

Table 1. MKA Packet Generation

Configuration

Config Example (<s-tag>.<c-tag>)

MKA Packet Generation

Traffic pattern match/behavior

PORT all-encap

Config>port>ethernet>dot1x>macsec

Sub-port 10

encap-match all-encap

ca-name 10

untagged MKA packet

Matches all traffic on the port, including untagged, single-tag, double-tag.

This is the Release 15.0 default behavior.

Untagged

Config>port>ethernet>dot1x>macsec

Sub-port 1

encap-match untagged

ca-name 2

untagged MKA packet

Matches only untagged traffic on the port

802.1Q single S-TAG (specific S-TAG)

Config>port>ethernet>dot1x>macsec

Sub-port 2

encap-match dot1q 1

ca-name 3

MKA packet generated with S-TAG=1

Matches only single-tag traffic on port with tag ID of 1

802.1Q single S-TAG (any S-TAG)

Config>port>ethernet>dot1x>macsec

Sub-port 3

encap-match dot1q *

ca-name 4

untagged MKA packet

Matches any single-tag traffic on port

802.1ad double tag (both tag have specific TAGs)

Config>port>ethernet>dot1x>macsec

Sub-port 4

encap-match qinq 1.1

ca-name 5

MKA packet generated with S-tag=1 and C-TAG=1

Matches only double-tag traffic on port with service tag of 1 and customer tag of 1

802.1ad double tag (specific S-TAG, any C-TAG)

Config>port>ethernet>dot1x>macsec

Sub-port 6

encap-match qinq 1.*

ca-name 7

MKA packet generated with S-TAG=1

Matches only double-tag traffic on port with service tag of 1 and customer tag of any

802.1ad double tag (any S-TAG, any C-TAG

Config>port>ethernet>dot1x>macsec

Sub-port 7

encap-match double-tag *.*

ca-name 8

untagged MKA packet

Matches any double-tag traffic on port

Default

encap-match all-encap

Parameters

all-encap

Specifies that all traffic patterns are matched including untagged, single-tag or double-tag, and all will be encrypted.

untagged

Specifies that only untagged traffic are matched and encrypted.

single-tag

Specifies that only dot1q traffic are matched. Either all single tag traffic can be matched, by using *, or a specific dot1q tag can be matched.

double-tag

Specifies that only qinq traffic are matched. The service tag can be specifically matched or a wild card match (*.*) can be used.

encap-value

Specifies the type and value of the packet encapsulation to match for this MACsec sub-port.

Type

Parameter

all-encap

untagged

dot1q

[*| s] (s = 0..4094)

qinq

[*.*| s.*| s.c] (s and c = 0..4094)

where:

  • S = service tag

  • C = customer tag

Platforms

All

encap-offset

encap-offset

Syntax

encap-offset [type type]

no encap-offset

Context

[Tree] (config>subscr-mgmt>sub-profile>egress encap-offset)

Full Context

configure subscriber-mgmt sub-profile egress encap-offset

Description

This command enables the adjustment of the queue and subscriber aggregate rate based on the last mile Ethernet or ATM encapsulation.

The data path computes the adjusted frame size real-time for each serviced packet from a queue by adding the actual packet size to the fixed offset provided by CPM for this queue and variable AAL5 padding.

When this command is enabled, the fixed packet offset is derived from the encapsulation type value signaled in the Access-loop-encapsulation sub-TLV in the Vendor-Specific PPPoE Tags or DHCP Relay Options as per RFC 4679. If the user specifies an encapsulation type with the command, this value is used as the default value for all hosts of this subscriber until a host session signaled a valid value. The signaled value is applied to this host only and the remaining hosts of this subscriber continue to use the user entered default type value if configured, or no offset is applied. However, hosts of the same subscriber using the same SLA profile and which are on the same SAP will share the same instance of FC queues. In this case, the last valid encapsulation value signaled by a host of that same instance of the SAP egress QoS policy will override any previous signaled or configured value.

If the user manually applied a constant byte offset to each packet serviced by the queue by configuring the packet-byte-offset, it will have no effect on the net offset computed for the packet. This net offset is stored in the subscriber host table.

The procedures for handling signaling changes or configuration changes affecting the subscriber profile are as follows:

The avg-frame-size parameter in the subscriber profile is ignored.

If the user specifies an encapsulation type with the command, this value is used as the default value for all hosts of this subscriber until a host session signaled a valid value. The signaled value is applied to this host and other hosts of the same subscriber sharing the same SLA profile and which are on the same SAP. The remaining hosts of this subscriber continue to use the user entered default type value if configured, or no offset is applied.

If the user enables/disables the encap-offset option, or changes the parameter value of the encap-offset option, CPM immediately triggers a re-evaluation of subscribers hosts using the corresponding subscriber profile and an update the IOM with the new fixed offset value.

If a subscriber has a static host or an ARP host, the subscriber host continues to use the user-configured default encapsulation type value or the last valid encapsulation value signaled in the PPPoE tags or DHCP relay options by other hosts of the same subscriber which use the same SLA profile instance. If none was signaled or configured, then no rate adjustment is applied.

When the encap-offset option is configured in the subscriber profile, the subscriber host queue rates, that is, CLI and operational PIR and CIR as well as queue bucket updates, the queue statistics, that is, forwarded, dropped, and HQoS offered counters use the last-mile frame-over-the-wire format. The scheduler policy CLI and operational rates also use LM-FoW format. The port scheduler max-rate and the priority level rates and weights, if a Weighted Scheduler Group is used, are always entered in CLI and interpreted as local port frame-over-the-wire rates. The same is true for an agg-rate-limit applied to a Vport. Finally the subscriber agg-rate-limit is entered in CLI as last-mile frame-over-the-wire rate. The system maintains a running average frame expansion ratio for each queue to convert queue rates between these two formats.

The no form of this command reverts to the default.

Parameters

type

The name of the default encapsulation used for all host queues of a subscriber in the absence of a valid value signaled in the PPPoE tags.

Values

pppoa-llc, pppoa-null, pppoeoa-llc, pppoeoa-llc-fcs, pppoeoa-llc-tagged, pppoeoa-llc-tagged-fcs, pppoeoa-null, pppoeoa-null-fcs, pppoeoa-null-tagged, pppoeoa-null-tagged-fcs, ipoa-llc, ipoa-null, ipoeoa-llc, ipoeoa-llc-fcs, ipoeoa-llc-tagged, ipoeoa-llc-tagged-fcs, ipoeoa-null, ipoeoa-null-fcs, ipoeoa-null-tagged, ipoeoa-null-tagged-fcs, pppoe, pppoe-tagged, ipoe, ipoe-tagged

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

encap-offset

Syntax

encap-offset [type encap-type]

no encap-offset

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>access-loop-encapsulation encap-offset)

Full Context

configure subscriber-mgmt local-user-db ppp host access-loop-encapsulation encap-offset

Description

This command is applicable within the LAC/LNS context. It provides the last mile link encapsulation information that is needed for proper (shaping) rate calculations and interleaving delay in the last mile.

The encapsulation value will be taken from the following sources in the order of priority:

  • Statically provisioned value in local user database (LUDB).

  • RADIUS

  • PPPoE tags on LAC or ICRQ message (RFC 5515) on LNS

In case that the encapsulation information is not provided by any of the existing means (LUDB, RADIUS, AVP signaling, PPPoE Tags), then by default pppoea-null encapsulation will be in effect.

The following values are supported encapsulation values on LNS in the 7750 SR.

encap-type:

pppoa-llc

LLC (NLPID) PPPoA encapsulation.

pppoa-null

VC-MUX PPPoA encapsulation.

pppoeoa-llc

LLC/SNAP based bridged Ethernet PPPoEoA encapsulation without FCS.

pppoeoa-llc-fcs

LLC/SNAP based bridged Ethernet PPPoEoA encapsulation with FCS.

pppoeoa-null

VC-MUX PPPoEoA encapsulation without FCS.

pppoeoa-null-fcs

VC-MUX PPPoEoA encapsulation with FCS.

pppoe

PPPoE encapsulation.

pppoe-tagged

Tagged PPPoE Encapsulation.

The values are not supported encapsulation values on LNS in the 7750 SR.

pppoeoa-llc-tagged

pppoeoa-llc-tagged-fcs

pppoeoa-null-tagged

pppoeoa-null-tagged-fcs

ipoa-llc

ipoa-null

ipoeeoa-llc

ipoeoa-llc-fcs

ipoeoa-llc-tagged

ipoeoa-llc-tagged-fcs

ipoeoa-null

ipoeoa-null-fcs

ipoeoa-null-tagged

ipoeoa-null-tagged-fcs

ipoe

ipoe-tagged

Default

no encap-offset

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

encap-tag-range

encap-tag-range

Syntax

encap-tag-range start-tag start-tag end-tag end-tag

no encap-tag-range

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident encap-tag-range)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident encap-tag-range)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification encap-tag-range

configure subscriber-mgmt local-user-db ppp host host-identification encap-tag-range

Description

This command specifies a range of encapsulation tags as the host identifications. The encapsulation tag is dot1q or qinq on Ethernet port.

For dot1q, the start/end-tag is single number, range from 0-4094; for QinQ, the start/end-tag format is x.y, x or y could be "*”, which means ignore inner or outer tag.

Note:

This command is only used when encap-tag-range is configured as one of the match-list parameters.

The no form of this command removes the encapsulation tag range from the configuration.

Parameters

start-tag start-tag

Specifies the value of the start label in the range of SAPs allowed on this host.

Values

start-tag

dot1q

qtag1

qinq

(qtag1.qtag2 | qtag1.* | *.qtag2)

end-tag end-tag

Specifies the value of the end label in the range of SAPs allowed on this host.

Values

end-tag

dot1q

qtag1

qinq

(qtag1.qtag2 | qtag1.* | *.qtag2)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

encap-tag-separate-range

encap-tag-separate-range

Syntax

encap-tag-separate-range outer outer-encap-range inner inner-encap-range

no encap-tag-separate-range

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident encap-tag-separate-range)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident encap-tag-separate-range)

Full Context

configure subscriber-mgmt local-user-db ppp host host-identification encap-tag-separate-range

configure subscriber-mgmt local-user-db ipoe host host-identification encap-tag-separate-range

Description

This command specifies a range of encapsulation tags as the host identifications.

Note:

This command is only used when encap-tag-separate-range is configured as one of the match-list parameters.

The no form of this command removes the range of encapsulation tags from the configuration.

Default

no encap-tag-separate-range

Parameters

outer-encap-range

Specifies the value of the outer encapsulation tag range.

Values

start-qtag - end-qtag

start-qtag: 0 to 4094

end-qtag: 0 to 4094

inner-encap-range

Specifies the value of the inner encapsulation tag range.

Values

start-qtag - end-qtag

start-qtag: 0 to 4094

end-qtag: 0 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

encap-type

encap-type

Syntax

encap-type {default | null | dot1q | qinq}

no encap-type

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap encap-type)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap encap-type)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-access-points l2-ap encap-type

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points l2-ap encap-type

Description

If different from default, this command overrides the value specified by l2-ap-encap-type on wlan-gw level. See the description of l2-ap-encap-type for more detail. This value can only be changed while the l2-ap is shut down.

The no form of this command sets the default value.

Default

encap-type default

Parameters

default

Specifies to use the value specified by l2-ap-encap-type.

null

Specifies to use both the SAP and the AP are not VLAN-tagged.

dot1q

Specifies to use either the AP or the SAP uses one VLAN tag.

qinq

Up to two VLAN tags are used by the AP or SAP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

encap-type

Syntax

encap-type {dot1q | null | qinq}

no encap-type

Context

[Tree] (config>port>ethernet encap-type)

Full Context

configure port ethernet encap-type

Description

This command configures the encapsulation method used to distinguish customer traffic on an Ethernet access port, or different VLANs on a network port.

The no form of this command restores the default.

Default

encap-type null

Parameters

dot1q

Ingress frames carry 802.1Q tags where each tag signifies a different service.

null

Ingress frames will not use any tags to delineate a service. As a result, only one service can be configured on a port with a null encapsulation type.

qinq

Specifies QinQ encapsulation.

Platforms

All

encap-type

Syntax

encap-type {cem}

Context

[Tree] (config>port>tdm>e3 encap-type)

[Tree] (config>port>tdm>ds1>channel-group encap-type)

[Tree] (config>port>tdm>ds3 encap-type)

[Tree] (config>port>tdm>e1>channel-group encap-type)

Full Context

configure port tdm e3 encap-type

configure port tdm ds1 channel-group encap-type

configure port tdm ds3 encap-type

configure port tdm e1 channel-group encap-type

Description

This command configures the encapsulation method used to on the specified port, path, or channel. This parameter can be set on both access and network ports.

The no form of this command restores the default.

Default

encap-type bcp-null

Parameters

cem

Specifies that on circuit emulation MDAs, only the cem encap-type is supported. All other values are blocked with an appropriate warning. The cem encap-type is not supported on other MDAs and are blocked with an appropriate warning.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

encap-type

Syntax

encap-type {dot1q | null | qinq}

no encap-type

Context

[Tree] (config>lag encap-type)

Full Context

configure lag encap-type

Description

This command configures the encapsulation method used to distinguish customer traffic on a LAG. The encapsulation type is configurable on a LAG port. The LAG port and the port member encapsulation types must match when adding a port member.

If the encapsulation type of the LAG port is changed, the encapsulation type on all the port members will also change. The encapsulation type can be changed on the LAG port only if there is no interface associated with it. If the MTU is set to a non-default value, it will be reset to the default value when the encap type is changed.

The no form of this command restores the default.

Default

encap-type null — All traffic on the port belongs to a single service or VLAN.

Parameters

dot1q

Ingress frames carry 802.1Q tags where each tag signifies a different service.

null

Ingress frames will not use any tags to delineate a service. As a result, only one service can be configured on a port with a null encapsulation type.

qinq

Specifies QinQ encapsulation.

Platforms

All

encap-type

Syntax

encap-type {dot1q| qinq}

no encap-type

Context

[Tree] (config>eth-tunnel>ethernet encap-type)

Full Context

configure eth-tunnel ethernet encap-type

Description

This command configures the encapsulation method used to distinguish customer traffic on a LAG. The encapsulation type is configurable on a LAG port. The LAG port and the port member encapsulation types must match when adding a port member.

If the encapsulation type of the LAG port is changed, the encapsulation type on all the port members will also change. The encapsulation type can be changed on the LAG port only if there is no interface associated with it. If the MTU is set to a non-default value, it will be reset to the default value when the encap type is changed.

The no form of this command reverts to the default.

Default

encap-type dot1q

Parameters

dot1q

Specifies that frames carry 802.1Q tags where each tag signifies a different service.

qinq

Specifies the qinq encapsulation method.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

encap-type

Syntax

encap-type {dot1q | qinq}

no encap-type

Context

[Tree] (config>pw-port encap-type)

Full Context

configure pw-port encap-type

Description

This command configures the encapsulation type on a PW port. Customer Ethernet frames can be single-tagged or double-tagged, and this command determines the number of tags that the SR OS will check (and strip) on PW-SAP ingress and insert on PW-SAP egress.

The no form of this command removes the configuration.

Parameters

dot1q

Specifies that the encapsulation type is dot1q; used when the customer's Ethernet frame is single-tagged.

qinq

Specifies that the encapsulation type is qinq; used when the customer's Ethernet frame is double-tagged.

Default

dot1q

Platforms

All

encapsulated-ip-mtu

encapsulated-ip-mtu

Syntax

encapsulated-ip-mtu bytes

no encapsulated-ip-mtu

Context

[Tree] (config>ipsec>tnl-temp encapsulated-ip-mtu)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel encapsulated-ip-mtu)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel encapsulated-ip-mtu)

[Tree] (config>service>ies>if>sap>ip-tunnel encapsulated-ip-mtu)

[Tree] (config>service>vprn>if>sap>ipsec-tun encapsulated-ip-mtu)

[Tree] (config>router>if>ipsec>ipsec-tunnel encapsulated-ip-mtu)

[Tree] (config>service>vprn>if>sap>ip-tunnel encapsulated-ip-mtu)

Full Context

configure ipsec tunnel-template encapsulated-ip-mtu

configure service ies interface ipsec ipsec-tunnel encapsulated-ip-mtu

configure service vprn interface ipsec ipsec-tunnel encapsulated-ip-mtu

configure service ies interface sap ip-tunnel encapsulated-ip-mtu

configure service vprn interface sap ipsec-tunnel encapsulated-ip-mtu

configure router interface ipsec ipsec-tunnel encapsulated-ip-mtu

configure service vprn interface sap ip-tunnel encapsulated-ip-mtu

Description

This command specifies the maximum size of encapsulated tunnel packet for the ipsec-tunnel, ip-tunnel, or the dynamic tunnels terminated on the ipsec-gw. If the encapsulated IPv4 or IPv6 tunnel packet exceeds the encapsulated-ip-mtu, then the system fragments the packet against the encapsulated-ip-mtu.

The no form of this command reverts to the default.

Default

no encapsulated-ip-mtu

Parameters

bytes

Specifies the maximum size in bytes.

Values

512 to 9000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ip-tunnel encapsulated-ip-mtu
  • configure service ies interface sap ip-tunnel encapsulated-ip-mtu
  • configure service vprn interface sap ipsec-tunnel encapsulated-ip-mtu
  • configure ipsec tunnel-template encapsulated-ip-mtu

VSR

  • configure service vprn interface ipsec ipsec-tunnel encapsulated-ip-mtu
  • configure router interface ipsec ipsec-tunnel encapsulated-ip-mtu
  • configure service ies interface ipsec ipsec-tunnel encapsulated-ip-mtu

encapsulated-ip-mtu

Syntax

encapsulated-ip-mtu octets

no encapsulated-ip-mtu

Context

[Tree] (config>service>vprn>sap>ip-tunnel encapsulated-ip-mtu)

Full Context

configure service vprn sap ip-tunnel encapsulated-ip-mtu

Description

This command configures the tunnel encapsulated IP MTU.

The no form of this command reverts to the default.

Parameters

octets

Specifies the tunnel encapsulated IP MTU in octets.

encode

encode

Syntax

encode type type key key

encode type type key hash-key hash

encode type type key hash2-key hash2

encode type type key custom-key custom

encode type type cert-profile cert-profile-name

no encode

Context

[Tree] (config>app-assure>group>http-enrich>field encode)

Full Context

configure application-assurance group http-enrich field encode

Description

This command configures the encoding applied to the HTTP header enrichment field.

The no form of this command removes the encoding.

Default

no encode

Parameters

type

Specifies whether the parameters are hashed with MD5, encrypted with RC4 or AES using the configured key, or if certificate-based encryption is used with RSA.

Values

md5, rc4, certificate, cert-base64, rc4md5-base64, aes128, aes256, aes128cbc, aes256cbc

key

Specifies the key string, 64 characters maximum.

hash-key

Specifies the first hashed key.

hash-key2

Specifies the second hashed key.

hash

Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

cert-profile-name

Specifies the name of the certificate profile to use. This profile must have already been created using the certificate-profile command.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

encoding

encoding

Syntax

encoding encoding

no encoding

Context

[Tree] (config>system>telemetry>persistent-subscriptions>subscription encoding)

Full Context

configure system telemetry persistent-subscriptions subscription encoding

Description

This command configures the encoding type that is used for telemetry notifications in accordance with the definitions in the gNMI OpenConfig standard.

Default

encoding json

Parameters

encoding

Specifies the encoding type.

Values

json, bytes, proto

Platforms

All

encrypt

encrypt

Syntax

encrypt {on | off}

Context

[Tree] (bof encrypt)

Full Context

bof encrypt

Description

This command enables and disables encryption of the BOF using AES256 and SHA256.

When the BOF is encrypted on the compact flash, it is still reachable using the BOF interactive menu during node startup, and fields can be modified using the BOF interactive menu.

Default

encrypt off

Parameters

on

Enables BOF encryption

off

Disables BOF encryption

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

encryption-group

encryption-group

Syntax

encryption-group group-name [create]

no encryption-group group-name

Context

[Tree] (config>anysec>tnl-enc encryption-group)

Full Context

configure anysec tunnel-encryption encryption-group

Description

This command creates an encryption group.

An encryption group is a group of LSPs that use the same CA and preshared keys (PSK). For ease of PSK management, SR OS allows a group of LSPs to use the same CA with same PSKs. The PSK is used to secure the SAK for distribution to other PEERs.

Note: Although the LSPs are unidirectional, ANYsec is a bidirectional concept where a pair of LSPs between two peers are encrypted and decrypted. Each pair of LSP uses its own SAK for maximum security, though they may share the same CA and PSK with all other LSPs in the encryption group to secure the SAK.

The no form of this command removes the encryption group.

Parameters

group-name

Specifies the encryption group name, up to 32 characters.

create

Keyword used to create an encryption group.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

encryption-group

Syntax

encryption-group group-name peer ip-address detail

Context

[Tree] (debug>anysec encryption-group)

Full Context

debug anysec encryption-group

Description

This command debugs ANYsec encryption groups.

Parameters

group-name

Specifies the encryption group name, up to 32 characters.

ip-address

Specifies a peer IP address.

Values

ipv4-address: a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

detail

Keyword used to specify detailed information.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

encryption-key

encryption-key

Syntax

encryption-key key [hash | hash2 | custom]

no encryption-key

Context

[Tree] (bof encryption-key)

Full Context

bof encryption-key

Description

This command creates a key to be used by AES256 and SHA256 for configuration file encryption and hashing. This key is used for all configuration files (primary, secondary, and tertiary).

After creating or deleting a key, use the admin save command to save the configuration file with the current encryption key state.

The no form of this command deletes the encryption key.

Default

no encryption-key

Parameters

key

Specifies the encryption key.

If the hash, hash2, or custom parameter is not configured, the key is entered in plaintext and the key length must be between 8 and 32 characters. A plaintext key cannot contain embedded nulls or end with " hash”, " hash2”, or " custom”.

If the hash, hash2, or custom parameter is configured, the key is hashed and the key length must be between 1 and 64 characters.

hash

Keyword to specify that the key is entered in an encrypted form.

hash2

Keyword to specify that the key is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.

custom

Keyword to specify that the key uses custom encryption.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

encryption-key

Syntax

encryption-key key [hash | hash2 | custom]

no encryption-key

Context

[Tree] (config>log encryption-key)

Full Context

configure log encryption-key

Description

This command specifies the encryption key used by AES-256-CTR for log file encryption. The encryption key is used for all local log files on the system.

The no form of this command deletes the encryption key.

Default

no encryption-key

Parameters

key

Specifies the encryption key.

If the hash, hash2, or custom parameter is not configured, the key is entered in plaintext and the key length must be between 8 and 32 characters. A plaintext key cannot contain embedded nulls or end with " hash”, " hash2”, or " custom”.

If the hash, hash2, or custom parameter is configured, the key is hashed and the key length must be between 1 and 64 characters.

hash

Keyword to specify that the key is entered in an encrypted form.

hash2

Keyword to specify that the key is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.

custom

Keyword to specify that the key uses custom encryption.

Platforms

All

encryption-keygroup

encryption-keygroup

Syntax

encryption-keygroup keygroup-id direction direction

no encryption-keygroup direction direction

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>group-encryption encryption-keygroup)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>group-encryption encryption-keygroup)

Full Context

configure service ies subscriber-interface group-interface wlan-gw group-encryption encryption-keygroup

configure service vprn subscriber-interface group-interface wlan-gw group-encryption encryption-keygroup

Description

This command binds an encryption key-group to a WLAN-GW soft-GRE group interface. When configured in the inbound direction, received packets must be encrypted using one of the valid security-associations configured for the key-group. When configured in the outbound direction, L2oMPLSoGRE packets egressing the node use the "active-outbound-sa” associated with the key-group configured.

The no form of this command removes the encryption keygroup from the inbound or outbound group interface.

Parameters

keygroup-id

Specifies the ID number or name of the keygroup.

Values

1 to 127, keygroup-name up to 64 characters

direction

Applies the keygroup to the inbound or outbound direction of a service.

Values

inbound | outbound

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

encryption-keygroup

Syntax

encryption-keygroup keygroup-id direction {inbound | outbound}

no encryption-keygroup direction {inbound | outbound}

Context

[Tree] (config>router>if>group-encryption encryption-keygroup)

Full Context

configure router interface group-encryption encryption-keygroup

Description

This command is used to bind a key group to a router interface for inbound or outbound packet processing. When configured in the outbound direction, packets egressing the router use the active-outbound-sa associated with the configured key group. When configured in the inbound direction, received packets must be encrypted using one of the valid security associations configured for the key group.

The no form of this command removes the key group from the router interface in the specified direction.

Default

no encryption-keygroup direction inbound

no encryption-keygroup direction outbound

Parameters

keygroup-id

The ID number of the key group being configured.

Values

1 to 127, keygroup-name (64 characters maximum)

inbound

Binds the key group in the inbound direction.

outbound

Binds the key group in the outbound direction.

Platforms

VSR

encryption-keygroup

Syntax

encryption-keygroup keygroup-id [create]

no encryption-keygroup keygroup-id

Context

[Tree] (config>grp-encryp encryption-keygroup)

Full Context

configure group-encryption encryption-keygroup

Description

This command is used to create a key group. Once the key group is created, use the command to enter the key group context or delete a key group.

The no form of the command removes the key group. Before using the no form, the key group association must be deleted from all services that are using this key group.

Parameters

keygroup-id

The number or name of the key group being referenced.

Values

1 to 15, or keygroup-name (up to 64 characters)

create

Creates a key group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

encryption-keygroup

Syntax

encryption-keygroup keygroup-id direction {inbound | outbound}

no encryption-keygroup direction {inbound | outbound}

Context

[Tree] (config>service>vprn encryption-keygroup)

[Tree] (config>service>pw-template encryption-keygroup)

[Tree] (config>service>sdp encryption-keygroup)

Full Context

configure service vprn encryption-keygroup

configure service pw-template encryption-keygroup

configure service sdp encryption-keygroup

Description

This command is used to bind a key group to an SDP, VPRN service, or PW template for inbound or outbound packet processing. When configured in the outbound direction, packets egressing the node use the active-outbound-sa associated with the key group configured. When configured in the inbound direction, received packets must be encrypted using one of the valid security associations configured for the key group. Services using the SDP will be encrypted.

The encryption (enabled or disabled) configured on an SDP used to terminate a Layer 3 spoke SDP of a VPRN always overrides any VPRN-level configuration for encryption.

Encryption is enabled after the outbound direction is configured.

For PW template changes, the following tools command must be executed after the configuration changes are made: tools>perform>service>eval-pw-template>allow-service-impact. This command applies the changes to services that use the PW template.

The no form of the command removes the key group from the SDP or service in the specified direction (inbound or outbound).

Parameters

keygroup-id

Specifies the number of the key group being configured.

Values

1 to 15 or keygroup-name (up to 64 characters)

direction {inbound | outbound}

Specifies the direction of the service that the key group will be bound to.

Platforms

VSR

encryption-label

encryption-label

Syntax

encryption-label label

no encryption-label

Context

[Tree] (config>anysec>tnl-enc>enc-grp encryption-label)

Full Context

configure anysec tunnel-encryption encryption-group encryption-label

Description

This command creates an encryption group label ID.

The encryption SID uniquely identifies the encrypting node within a network to avoid double encryption scenarios. The encryption SID can be assigned per encryption group. However, all encryption groups can have the same encryption SID. To save label space, Nokia recommends limiting the number of encryption SIDs within a network. To configure the encryption SID, a reserved-label-block command must be configured under the anysec context. The encryption SID is programmed at the bottom of the stack with S bit set.

The no form of this command removes the encryption group label.

Parameters

label

Specifies the encryption group label ID.

Values

0 to 1048575

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

encryption-offset

encryption-offset

Syntax

encryption-offset encryption-offset

no encryption-offset

Context

[Tree] (config>macsec>connectivity-association encryption-offset)

Full Context

configure macsec connectivity-association encryption-offset

Description

This command specifies the offset of the encryption in MACsec packet.

The encryption-offset is distributed by MKA (Key-server) to all parties.

It is signaled via MACsec capabilities. There are four basic settings for this. MACsec Basic Settings breaks down the settings.

Table 2. MACsec Basic Settings

Setting

Description

0

MACsec is not implemented

1

Integrity without confidentiality

2

The following are supported:

  • Integrity without confidentiality

  • Integrity and confidentiality with a confidentiality offset of 0

3

The following are supported:

  • Integrity without confidentiality

  • Integrity and confidentiality with a confidentiality offset of 0, 30, or 50

Note:

  1. SR OS supports setting (3) Integrity without confidentiality and Integrity and confidentiality with a confidentiality offset of 0, 30, or 50.

The no form of this command rejects all arriving traffic whether MACsec is secured or not.

Default

encryption-offset 0

Parameters

encryption-offset

Specifies the encryption.

Values

0 — encrypt the entire payload

30 — leave the IPv4 header in clear

50 — leave the IPv6 header in clear

Platforms

All

end

end

Syntax

end end-week end-day end-month hours-minutes

Context

[Tree] (config>system>time>dst-zone end)

Full Context

configure system time dst-zone end

Description

This command configures start of summer time settings.

Default

end first sunday january 00:00

Parameters

end-week

Specifies the starting week of the month when the summer time ends.

Values

first, second, third, fourth, last

Default

first

end-day

Specifies the starting day of the week when the summer time ends.

Values

sunday, monday, tuesday, wednesday, thursday, friday, saturday

Default

sunday

end-month

Specifies the starting month of the year when the summer time takes effect.

Values

january, february, march, april, may, june, july, august, september, october, november, december

Default

january

hours-minutes

Specifies the time at which the summer time ends, in hh:mm format.

Values

hours: 00 to 23

minutes: 00 to 59

Default

00:00

Platforms

All

end

Syntax

[no] end function-value

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end

Description

Commands in this context configure the value and attributes of SRv6 End SID function of a locator. The End SID function encodes the basic behavior of a prefix or a node SID.

The End SID function for each SRH mode must be statically allocated. The value is not automatically allocated by default.

The no form of this command removes the specified End function.

Parameters

function-value

Specifies an SRv6 End SID function value. Up to eight values can be configured per locator. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt2m

end-dt2m

Syntax

end-dt2m [function-value]

no end-dt2m

Context

[Tree] (config>service>vpls>srv6>locator>function end-dt2m)

Full Context

configure service vpls segment-routing-v6 locator function end-dt2m

Description

This command configures the SRv6 End.DT2M behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPLS service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt2m

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt2u

end-dt2u

Syntax

end-dt2u [function-value]

no end-dt2u

Context

[Tree] (config>service>vpls>srv6>locator>function end-dt2u)

Full Context

configure service vpls segment-routing-v6 locator function end-dt2u

Description

This command configures the SRv6 End.DT2U behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPLS service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt2m

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt4

end-dt4

Syntax

end-dt4 [function-value]

no end-dt4

Context

[Tree] (config>service>vprn>srv6>locator>function end-dt4)

Full Context

configure service vprn segment-routing-v6 locator function end-dt4

Description

This command configures the SRv6 End.DT4 behavior and function value that is associated to the SRv6 instance in the service. This implies decapsulation and table lookup for IPv4 prefixes in the VPRN.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt4

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20 bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt4

Syntax

end-dt4 [function-value]

no end-dt4

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-dt4)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-dt4

Description

This command configures the SRv6 End.DT4 behavior and function value associated with the base routing instance. This implies decapsulation and table lookup for IPv4 prefixes in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt4

Parameters

function-value

Specifies the SRv6 End.DT4 function value. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt46

end-dt46

Syntax

end-dt46 [function-value]

no end-dt46

Context

[Tree] (config>service>vprn>srv6>locator>function end-dt46)

Full Context

configure service vprn segment-routing-v6 locator function end-dt46

Description

This command configures the SRv6 End.DT46 behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv4 and IPv6 prefixes occurs in the VPRN service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt46

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt46

Syntax

end-dt46 [function-value]

no end-dt46

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-dt46)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-dt46

Description

This command configured the SRv6 End.DT46 function behavior and value associated with the base routing instance. This implies decapsulation and table lookup for IPv4 and IPv6 prefixes in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt46

Parameters

function-value

Specifies the SRv6 End.DT46 function value. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt6

end-dt6

Syntax

end-dt6 [function-value]

no end-dt6

Context

[Tree] (config>service>vprn>srv6>locator>function end-dt6)

Full Context

configure service vprn segment-routing-v6 locator function end-dt6

Description

This command configures the SRv6 End.DT6 behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPRN service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt6

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dt6

Syntax

[no] end-dt6

end-dt6 [function-value]

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-dt6)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-dt6

Description

This command configures the SRv6 End.DT6 function behavior and value associated with the base routing instance. This means that decapsulation and table lookup for IPv6 prefixes occurs in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt6

Parameters

function-value

Specifies the SRv6 End.DT6 function value. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-dx2

end-dx2

Syntax

end-dx2 [function-value]

no end-dx2

Context

[Tree] (config>service>epipe>srv6>locator>function end-dx2)

Full Context

configure service epipe segment-routing-v6 locator function end-dx2

Description

This command configures the SRv6 End.DX2 behavior and function value that is associated with the SRv6 instance in the service, which means that decapsulation and cross-connect to the egress SAP occurs in the Epipe service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dx2

Parameters

function-value

Specifies the optional static function value that is associated with the function behavior. Statically allocated functions of all SID types in a locator have their upper range limited by the config>router>segment-routing>srv6>loc>static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20 bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-marker-count

end-marker-count

Syntax

end-marker-count packets

no end-marker-count

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile end-marker-count)

Full Context

configure subscriber-mgmt gtp peer-profile end-marker-count

Description

This command specifies the number of end marker packets that are sent when it is certain no more packets will be sent over the corresponding GTP-U tunnel, such as after a completed mobility event.

The no form of this command reverts the value to the default.

Default

end-marker-count 1

Parameters

packets

Specifies the number of end marker packets to send.

Values

0 to 5

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

end-of-data

end-of-data

Syntax

[no] end-of-data

Context

[Tree] (debug>router>rpki-session>packet end-of-data)

Full Context

debug router rpki-session packet end-of-data

Description

This command enables debugging for end of data RPKI packets.

The no form of this command disables debugging for end of data RPKI packets.

Platforms

All

end-station-only

end-station-only

Syntax

[no] end-station-only

Context

[Tree] (config>service>vpls>mrp>mmrp end-station-only)

Full Context

configure service vpls mrp mmrp end-station-only

Description

This command configures the end-station-only. This option prevents MMRP messages from being generated or processed. It is useful in case all the MMRP entries for the B-VPLS are static.

Platforms

All

end-time

end-time

Syntax

end-time [date | day-name] time

no end-time

Context

[Tree] (config>system>cron>sched end-time)

Full Context

configure system cron schedule end-time

Description

This command is used concurrently with type periodic or calendar. Using the type of periodic, end-time determines at which interval the schedule will end. Using the type of calendar, end-time determines on which date the schedule will end.

When no end-time is specified, the schedule runs forever.

Default

no end-time

Parameters

date

Specifies the date to schedule a command.

Values

YYYY:MM:DD in year:month:day number format

day-name

Specifies the day of the week to schedule a command.

Values

sunday, monday, tuesday, wednesday, thursday, friday, saturday

time

Specifies the time of day to schedule a command.

Values

hh:mm

Platforms

All

end-time

Syntax

end-time date hours-minutes [UTC]

end-time {now | forever}

no end-time

Context

[Tree] (config>system>security>keychain>direction>uni>receive>entry end-time)

Full Context

configure system security keychain direction uni receive entry end-time

Description

This command specifies the calendar date and time after which the key specified by the authentication key is no longer eligible to sign or authenticate the protocol stream.

Default

end-time forever

Parameters

date

Specifies the calendar date after which the key specified by the authentication key is no longer eligible to sign or authenticate the protocol stream in the YYYY/MM/DD format. When no year is specified the system assumes the current year.

hours-minutes

Specifies the time after which the key specified by the authentication key is no longer eligible to sign or authenticate the protocol stream in the hh:mm[:ss] format. Seconds are optional, and if not included, assumed to be 0.

UTC

Indicates that time is given with reference to Coordinated Universal Time in the input.

now

Specifies a time equal to the current system time.

forever

Specifies that the key is always active.

Platforms

All

end-x

end-x

Syntax

[no] end-x function-value

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-x)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-x

Description

Commands in this context configure the attributes of the End.X SID function associated with a P2P interface. The End.X SID function encodes the behavior of an adjacency SID.

A static function value can be configured for each combination of SRH mode and protection type.

For a given interface, the static function value associated with the same combination of protection type and SRH mode overrides any corresponding automatically allocated function value (end-x-auto-allocate command configuration).

If more than one value is configured for an interface and combination of SRH mode and protection type, they are all advertised in IS-IS.

When used in remote TI-LFA repair tunnel programming, IS-IS uses rules to select one End.X value from the multiple values received in IS-IS link advertisements.

Values assigned to loopback and system interfaces are not advertised in IS-IS.

End.X SID functions for adjacencies over broadcast interfaces are always automatically allocated based on the configuration of the end-x-auto-allocate command.

The no form of this command removes the function value from the configuration.

Parameters

function-value

Specifies the SRv6 End.X function. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

end-x-auto-allocate

end-x-auto-allocate

Syntax

[no] end-x-auto-allocate srh-mode srh-mode protection protection

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-x-auto-allocate)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-x-auto-allocate

Description

This command adds a list entry for the automatic allocation of the End.X SID function for all adjacencies over all network interfaces on the router (P2P and broadcast interfaces). Auto-allocated End.X SID function values have a range up to the maximum value of parameter function-length in a locator configuration.

A list entry is a combination of the protection type and the SRH mode. Any combinations in addition to the maximum number of entries supported by this command must be allocated statically for each P2P interface. The maximum number of entries in this list is two.

When no list entries are configured, no End.X function values are automatically allocated by default for a locator.

Note:

Any change to this list causes a reallocation of new function values to all interfaces on the router that results in flooding them to the network and triggers a new SPF in all routers.

The no form of this command removes a list entry.

Parameters

srh-mode

Specifies the SRH mode for the SID.

Values

psp — Penultimate Segment Pop (PSP) of the SRH

usp — Ultimate Segment Pop (USP) of the SRH

psp-usd — Supports both PSP of the SRH and Ultimate Segment Decapsulation (USD) on the same SID

usp-usd — Supports both USP of the SRH and USD on the same SID

psp-usp-usd — Supports PSP and USP of the SRH with USD on the same SID

protection

Specifies if the adjacency SID is protected.

Values

protected, unprotected

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

endpoint

endpoint

Syntax

endpoint ip ip-address

endpoint mac ieee-address

endpoint system-ip

endpoint system-mac

no endpoint

Context

[Tree] (config>service>vprn>l2tp>group>tunnel>mlppp endpoint)

[Tree] (config>router>l2tp>group>tunnel>mlppp endpoint)

[Tree] (config>service>vprn>l2tp>group>mlppp endpoint)

[Tree] (config>router>l2tp>group>mlppp endpoint)

[Tree] (config>subscr-mgmt>ppp-policy>mlppp endpoint)

Full Context

configure service vprn l2tp group tunnel mlppp endpoint

configure router l2tp group tunnel mlppp endpoint

configure service vprn l2tp group mlppp endpoint

configure router l2tp group mlppp endpoint

configure subscriber-mgmt ppp-policy mlppp endpoint

Description

When configured under the l2tp hierarchy, this command is applicable to LNS.

Within the ppp-policy, this command is applicable only to LAC.

The endpoint, according to RFC 1990, represents the system transmitting the packet. It is used during MLPPPoX negotiation phase to distinguish this peer from all others.

In the case that the client rejects the endpoint option during LCP negotiation, the LAC and the LNS must be able to negotiate the LCP session without the endpoint option.

The no form of this command disables sending endpoint option in LCP negotiation.

Parameters

ip-address

Specifies the IPv4 address (class 2).

system-ip

Specifies to use the system IPv4 address (class 2).

ieee-address

Specifies the MAC address of the interface (class 3).

system-mac

Specifies to use the MAC address of the system (class 3).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

endpoint

Syntax

endpoint endpoint-name [create]

no endpoint endpoint-name

Context

[Tree] (config>service>epipe endpoint)

[Tree] (config>service>cpipe endpoint)

[Tree] (config>service>ipipe endpoint)

Full Context

configure service epipe endpoint

configure service cpipe endpoint

configure service ipipe endpoint

Description

This command configures a service endpoint.

Parameters

endpoint-name

Specifies an endpoint name.

Platforms

All

  • configure service ipipe endpoint
  • configure service epipe endpoint

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe endpoint

endpoint

Syntax

endpoint endpoint-name [create]

no endpoint

Context

[Tree] (config>service>vpls endpoint)

Full Context

configure service vpls endpoint

Description

This command configures a service endpoint.

Parameters

endpoint-name

Specifies an endpoint name up to 32 characters in length

create

This keyword is mandatory while creating a service endpoint

Platforms

All

endpoint

Syntax

endpoint ip-address

no endpoint

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy endpoint)

Full Context

configure router mpls forwarding-policies forwarding-policy endpoint

Description

This command configures the endpoint address for an MPLS forwarding policy.

The policy allows the user to forward unlabeled packets over a set of user-defined direct (with option to push a label stack) or indirect next hops. Routes are bound to an endpoint policy when their next hop matches the endpoint address of the policy.

The no form of the command removes the endpoint from the MPLS forwarding policy.

Parameters

ip-address

Specifies the destination IPv4 or IPv6 address.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

Platforms

All

endpoint

Syntax

endpoint endpoint-name [create]

no endpoint endpoint-name

Context

[Tree] (config>mirror>mirror-dest>sdp endpoint)

[Tree] (config>mirror>mirror-dest endpoint)

[Tree] (config>mirror>mirror-dest>sap endpoint)

Full Context

configure mirror mirror-dest sdp endpoint

configure mirror mirror-dest endpoint

configure mirror mirror-dest sap endpoint

Description

This command configures a service end point. A mirror service supports two implicit endpoints managed internally by the system. The following applies to endpoint configurations.

Up to two named endpoints may be created per service mirror or LI service. The endpoint name is locally significant to the service mirror or LI service.

  • Objects (SAPs or SDPs) may be created on the service mirror or LI with the following limitations:

    • two implicit endpoint objects (without explicit endpoints defined)

    • one implicit and multiple explicit object with the same endpoint name

    • multiple explicit objects each with one of two explicit endpoint names

  • All objects become associated implicitly or indirectly with the implicit endpoints 'x' and 'y'.

  • Objects may be created without an explicit endpoint defined.

  • Objects may be created with an explicit endpoint defined.

  • Objects without an explicit endpoint may have an explicit endpoint defined without deleting the object.

  • Objects with an explicit endpoint defined may be dynamically moved to another explicit endpoint or may have the explicit endpoint removed.

Creating an object without an explicit endpoint:

  • If an object on a mirror or LI service has no explicit endpoint name associated, the system attempts to associate the object with implicit endpoint 'x' or 'y'.

  • The implicit endpoint cannot have an existing object association.

  • If both 'x' and 'y' are available, 'x' is selected.

  • If an 'x' or 'y' association cannot be created, the object cannot be created.

Creating an object with an explicit endpoint name:

  • The endpoint name must exist on the mirror or LI service.

  • If this is the first object associated with the endpoint name:

    • the object is associated with either implicit endpoint 'x' or 'y'

    • the implicit endpoint cannot have an existing object associated

    • if both 'x' and 'y' are available, 'x' is selected

    • if 'x' or 'y' is not available, the object cannot be created

    • the implicit endpoint is now associated with the named endpoint

    • f this is not the first object associated with the endpoint name:

    • the object is associated with the named endpoint's implicit association

Changing an object’s implicit endpoint to an explicit endpoint name

  • If the explicit endpoint name is associated with an implicit endpoint, the object is moved to that implicit endpoint

  • If the object is the first to be associated with the explicit endpoint name:

    • the object is associated with either implicit endpoint 'x' or 'y'

    • the implicit endpoint cannot have an existing object associated (except this one)

    • if both 'x' and 'y' are available, 'x' is selected

    • if 'x' or 'y' is not available, the object cannot be moved to the explicit endpoint

    • if moved, the implicit endpoint is now associated with the named endpoint

Changing an object’s explicit endpoint to another explicit endpoint name

  • If the new explicit endpoint name is associated with an implicit endpoint, the object is moved to that implicit endpoint

  • If the object is the first to be associated with the new explicit endpoint name:

    • the object is associated with either implicit endpoint 'x' or 'y'

    • the implicit endpoint cannot have an existing object associated (except this one)

    • if both 'x' and 'y' are available, 'x' is selected

    • if 'x' or 'y' is not available, the object cannot be moved to the new endpoint

    • if moved, the implicit endpoint is now associated with the named endpoint

An explicitly named endpoint can have a maximum of one SAP and one ICB. Once a SAP is added to the endpoint, only one more object of type ICB sdp is allowed. The ICB sdp cannot be added to the endpoint if the SAP is not part of a MC-LAG instance. Conversely, a SAP which is not part of a MC-LAG instance cannot be added to an endpoint which already has an ICB sdp.

An explicitly named endpoint which does not have a SAP object can have a maximum of four SDPs which can include any of the following: a single primary SDP, one or many secondary SDPs with precedence, and a single ICB SDP.

The user can only add a SAP configured on a MC-LAG instance to this endpoint. Conversely, the user will not be able to change the mirror service type away from mirror service without first deleting the MC-LAG SAP.

The no form of this command removes the association of a SAP or an SDP with an explicit endpoint name. When removing an objects explicit endpoint association:

  • The system attempts to associate the object with implicit endpoint 'x' or 'y'.

  • The implicit endpoint cannot have an existing object association (except this one).

  • If both 'x' and 'y' are available, 'x' is selected.

  • If an 'x' or 'y' association cannot be created, the explicit endpoint cannot be removed.

Parameters

endpoint-name

Specifies the endpoint name.

create

Mandatory keyword to create this entry.

Platforms

All

endpoint

Syntax

endpoint ip-address

no endpoint

Context

[Tree] (conf>router>segment-routing>sr-policies>policy endpoint)

Full Context

configure router segment-routing sr-policies static-policy endpoint

Description

This command associates an IPv4 or IPv6 endpoint address with a statically-defined segment routing policy. This association is mandatory when enabling an SR segment-routing policy.

The endpoint address 0.0.0.0 is a special value that matches all BGP next-hops. To use it, the BGP route must have a color-extended community with the color-only bits set to '01' or '10'.

The no form of this command removes the endpoint association.

Default

no endpoint

Parameters

ip-address

Specifies the endpoint IP address to be associated with the statically-defined segment-routing policy.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

Platforms

All

endpoint

Syntax

endpoint ip-address

no endpoint

Context

[Tree] (config>router>policy-options>policy-statement>entry>from endpoint)

Full Context

configure router policy-options policy-statement entry from endpoint

Description

This command configures an SR Policy endpoint address as a route policy match criterion. This match criterion is only used in import policies.

The no form of this command removes the endpoint IP match criterion from the configuration.

Parameters

ip-address

Specifies the IPv4 or IPv6 address.

Values

ipv4-address:

  • a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface]

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

endstation-vid-group

endstation-vid-group

Syntax

endstation-vid-group id vlan-id startvid-endvid

no endstation-vid-group id

Context

[Tree] (config>service>vpls>mrp>mvrp endstation-vid-group)

Full Context

configure service vpls mrp mvrp endstation-vid-group

Description

This command specifies the range of VLAN IDs that are controlled by MVRP on the port associated with the parent SAP. When the command is present under a certain SAP, the MVRP will treat the associated virtual port as an end-station.

MVRP endstation behavior means that configuration of a new data SAP with the outer tag in the configured endstation-vid-group will generate down that virtual port a MVRP declaration for the new [outer] VLAN attribute. Also registration received for the VLAN attribute in the range will be accepted but not propagated in the rest of MVRP context.

VPLS-groups are not allowed under the associated Management VPLS (M-VPLS) when the endstation is configured under one SAP. VPLS-groups can be supported in the chassis using a different M-VPLS.

The no form of this command removes the specified group id.

Default

no endstation-vid-group

Parameters

id

Specifies the range index

Values

1 to 4094

startvid-endvid

Specifies the range of VLANs to be controlled by MVRP

Values

1 to 4094

Platforms

All

enforce-diffserv-lsp-fc

enforce-diffserv-lsp-fc

Syntax

[no] enforce-diffserv-lsp-fc

Context

[Tree] (config>service>sdp>class-forwarding enforce-diffserv-lsp-fc)

Full Context

configure service sdp class-forwarding enforce-diffserv-lsp-fc

Description

This command enables checking by RSVP that a Forwarding Class (FC) mapping to an LSP under the SDP configuration is compatible with the Diff-Serv Class Type (CT) configuration for this LSP.

When the user enables this option, the service manager inquires with RSVP if the FC is supported by the LSP. RSVP checks if the FC maps to the CT of the LSP, for example, the default class-type value or the class-type value entered at the LSP configuration level.

If RSVP did not validate the FC, then the service manager will return an error and the check has failed. In this case, packets matching this FC will be forwarded over the default LSP. Any addition of an LSP to an SDP that will not satisfy the FC check will also be rejected.

The service manager does not validate the default-lsp FC-to-CT mapping. Whether or not the FC is validated, the default-lsp will always end up being used in this case.

RSVP will not allow the user to change the CT of the LSP until no SDP with class-based forwarding enabled and the enforce-diffserv-lsp-fc option enabled is using this LSP. All other SDPs using this LSP are not concerned by this rule.

The SDP will continue to enforce the mapping of a single LSP per FC. However, when enforce-diffserv-lsp-fc enabled, RSVP will also enforce the use of a single CT per FC as per the user configured mapping in RSVP.

If class-forwarding is enabled but enforce-diffserv-lsp-fc is disabled, forwarding of the service packets will continue to be based on the user entered mapping of FC to LSP name without further validation as per the existing implementation. The CT of the LSP does not matter in this case.

If class-forwarding is not enabled on the SDP, forwarding of the service packets will continue to be based on the ECMP/LAG hash routine. The CT of the LSP does not matter in this case.

The no form of this command reverts to the default value which is to use the user entered mapping of FC to LSP name.

Default

no enforce-diffserv-lsp-fc

Platforms

All

enforce-first-as

enforce-first-as

Syntax

enforce-first-as

Context

[Tree] (config>service>vprn>bgp>group>neighbor enforce-first-as)

[Tree] (config>service>vprn>bgp enforce-first-as)

[Tree] (config>service>vprn>bgp>group enforce-first-as)

Full Context

configure service vprn bgp group neighbor enforce-first-as

configure service vprn bgp enforce-first-as

configure service vprn bgp group enforce-first-as

Description

When this command is configured so that it applies to an EBGP session, all routes (belonging to all address families) that are received from the EBGP peer are checked to ensure that the most recent autonomous system number (ASN) in the AS_PATH attribute of each route matches the configured peer-as of the session; if it does not match, then either the session is reset (if update-fault-tolerance is not enabled) or the session is left up but the route is treated as withdrawn (if update-fault-tolerance is enabled).

Enabling or disabling this command on a session that is already up does not flap the session. When enforce-first-as is enabled, previously received routes are not checked for compliance with the rule. Enforcement applies only to routes received after the command is enabled and stops when the command is disabled.

Platforms

All

enforce-first-as

Syntax

enforce-first-as

Context

[Tree] (config>router>bgp enforce-first-as)

[Tree] (config>router>bgp>group enforce-first-as)

[Tree] (config>router>bgp>group>neighbor enforce-first-as)

Full Context

configure router bgp enforce-first-as

configure router bgp group enforce-first-as

configure router bgp group neighbor enforce-first-as

Description

When this command is configured so that it applies to an EBGP session, all routes (belonging to all address families) that are received from the EBGP peer are checked to ensure that the most recent autonomous system number (ASN) in the AS_PATH attribute of each route matches the configured peer-as of the session; if it does not match, then either the session is reset (if update-fault-tolerance is not enabled) or the session is left up but the route is treated as withdrawn (if update-fault-tolerance is enabled).

Enabling or disabling this command on a session that is already up does not flap the session. When enforce-first-as is enabled, previously received routes are not checked for compliance with the rule. Enforcement applies only to routes received after the command is enabled and stops when the command is disabled.

Platforms

All

enforce-strict-tunnel-tagging

enforce-strict-tunnel-tagging

Syntax

[no] enforce-strict-tunnel-tagging

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel enforce-strict-tunnel-tagging)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel enforce-strict-tunnel-tagging)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel enforce-strict-tunnel-tagging)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel enforce-strict-tunnel-tagging

configure service vprn bgp-evpn mpls auto-bind-tunnel enforce-strict-tunnel-tagging

configure service vpls bgp-evpn mpls auto-bind-tunnel enforce-strict-tunnel-tagging

Description

This command forces the system to only consider LSPs marked with an admin tag for next hop resolution. Untagged LSPs are not considered.

The no form of this command reverts to default value. While tagged RSVP and SR-TE LSPs are considered first, the system can fall back to using untagged LSPs of other types and does not exclude them depending on the auto-bind-tunnel configuration.

Default

no enforce-strict-tunnel-tagging

Platforms

All

enforce-strict-tunnel-tagging

Syntax

[no] enforce-strict-tunnel-tagging

Context

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family enforce-strict-tunnel-tagging)

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family enforce-strict-tunnel-tagging)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family enforce-strict-tunnel-tagging

configure router bgp next-hop-resolution labeled-routes transport-tunnel family enforce-strict-tunnel-tagging

Description

This command forces the system to only consider LSPs marked with an admin-tag for next-hop resolution. Untagged LSPs are not be considered.

The no form of this command reverts to the default behavior. While tagged RSVP and SR-TE LSPs will be considered first, the system can fall back to using tagged LSPs that are not explicitly excluded by a route admin tag policy and untagged LSPs of other types and not exclude them.

Default

no enforce-strict-tunnel-tagging

Platforms

All

enforce-strict-tunnel-tagging

Syntax

enforce-strict-tunnel-tagging

Context

[Tree] (config>service>vprn>auto-bind-tunnel enforce-strict-tunnel-tagging)

Full Context

configure service vprn auto-bind-tunnel enforce-strict-tunnel-tagging

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

enforce-test-session-start-time

enforce-test-session-start-time

Syntax

[no] enforce-test-session-start-time

Context

[Tree] (config>test-oam>twamp>server enforce-test-session-start-time)

Full Context

configure test-oam twamp server enforce-test-session-start-time

Description

This command configures the router to check the signalled test-session start time against the server time and discard TWAMP test packets that arrive before the negotiated test-session start time.

The no form of this command configures the router to process all TWAMP test packets without checking the test-session start time against the server time.

Default

enforce-test-session-start-time

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

enforce-unique-if-index

enforce-unique-if-index

Syntax

[no] enforce-unique-if-index

Context

[Tree] (config>system>ip enforce-unique-if-index)

Full Context

configure system ip enforce-unique-if-index

Description

This command enables the options to force the creation of IP interface indexes so that they are globally unique across all routing contexts. In addition, the command ensures that any interface created using SNMP also has a system-wide unique IP interface index.

If this command is issued but the system has previously existing interface indexes that conflict, the command will be rejected until all the conflicts are removed. Pre-existing persistency tables should also be removed before enabling this system option.

The no form of the command disables this option and returns the system to the default behavior.

Default

no enforce-unique-if-index

Platforms

All

enforcement

enforcement

Syntax

enforcement {static policer-name | dynamic {mon-policer-name | local-mon-bypass}}

Context

[Tree] (config>sys>security>dist-cpu-protection>policy>protocol enforcement)

Full Context

configure system security dist-cpu-protection policy protocol enforcement

Description

This command configures the enforcement method for the protocol.

Default

enforcement dynamic local-mon-bypass

Parameters

static

Specifies that the protocol is always enforced using a static-policer. Multiple protocols can reference the same static-policer. Packets of protocols that are statically enforced bypass any local monitors.

policer name

Specifies which static-policer to use.

dynamic

Specifies that a specific enforcement policer for this protocol for this SAP/object is instantiated when the associated local-monitoring-policer is determined to be in a nonconforming state (at the end of a minimum monitoring time of 60 seconds to reduce thrashing).

mon-policer-name

Specifies which local-monitoring-policer to use.

local-mon-bypass

This parameter is used to not include packets from this protocol in the local monitoring function, and when the local-monitor "trips”, do not instantiate a dynamic enforcement policer for this protocol.

Platforms

All

engineID

engineID

Syntax

[no] engineID engine-id

Context

[Tree] (config>system>snmp engineID)

Full Context

configure system snmp engineID

Description

This command sets the SNMP engine ID that uniquely identifies the SNMPv3 node.If unconfigured, the system uses an engine ID based on the information from the system backplane.If the SNMP engine ID is changed, the current configuration must be saved and a reboot must be executed. Otherwise, the previously configured SNMP communities and logger trap-target notify communities will not be valid for the new engine ID.

Note:

Changing the SNMP engine ID invalidates all SNMPv3 MD5 and SHA security digest keys, which may render the node unmanageable.

When replacing a chassis, configure the new router to use the same engine ID as the previous router. This preserves SNMPv3 security keys and allows management stations to use their existing authentication keys for the new router.

Ensure that the engine ID of each router is unique. A management domain can only maintain one instance of a specific engine ID.

The no form of the command configures the router to use the default value.

Parameters

engine-id

Specifies an identifier from 10 to 64 hexadecimal digits (5 to 32 octet number), uniquely identifying this SNMPv3 node. This string is used to access this node from a remote host with SNMPv3.

Platforms

All

enhanced-distribution

enhanced-distribution

Syntax

[no] enhanced-distribution

Context

[Tree] (config>cflowd enhanced-distribution)

Full Context

configure cflowd enhanced-distribution

Description

This command enables the inclusion of the ingress port ID into the hash algorithm used to distribute cflowd sample traffic to cflowd processes running on the 7950 XRS CPM. By including this new attribute, cflowd may see better distribution of flows across processing tasks if there is a limited number of IP interfaces on which sampling is performed, but those interfaces use LAGs with a large number of port members.

By enabling this option, the same flow may be captured multiple times if packets are received on multiple ingress ports.

This command is only applicable to cflowd running on a 7950 XRS platform.

The no form of this command removes the command from the configuration and disables the inclusion of the ingress port ID in the cflowd hash algorithm.

Default

no enhanced-distribution

Platforms

7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

enqueue-on-pir-zero

enqueue-on-pir-zero

Syntax

[no] enqueue-on-pir-zero

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution enqueue-on-pir-zero)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution enqueue-on-pir-zero

Description

This command is used to enable queuing of new packets when H-QoS determines that a queue should stop forwarding (operational PIR set to zero). The default behavior is to allow the queue to continue to use the previously determined operational PIR and set the queue’s MBS (Maximum Burst Size) to zero. This prevents new packets from being admitted to the queue until the PIR zero case terminates. The new behavior when enqueue-on-pir-zero is enabled is to set the operational PIR to zero and leave the queue’s MBS set to the normal value.

This command overrides the limit-pir-zero-drain command.

The no form of this command reverts to default behavior.

Platforms

All

enroll

enroll

Syntax

enroll est-profile name key key-filename output output-cert-filename [hash-alg hash algorithm] subject-dn subject-dn [domain-name domain-names] [ip-addr ip-address | ipv6-address] [validate-cert-chain] [force]

Context

[Tree] (admin>certificate>est enroll)

Full Context

admin certificate est enroll

Description

This command enrolls a new certificate with Certificate Authority (CA) by the EST protocol specified with the est-profile name parameter with a imported private key specified by the key key-filename parameter.

The est-profile name specifies the authentication between the system and EST server.

The hash-alg hash-algorithm, subject-dn subject-dn, domain-name domain-names, and ip-addr ip-address parameters are used to generate the Certificate Signing Request (CSR) in the EST request message. The domain-name domain-names and ip-addr ip-address parameters are used as subject alternative names.

If validate-cert-chain is specified, the system validates the certificate’s chain of result certificate before importing it. The "certificate chain” is the chain of all the certificates from the result certificate to the issuing CA. The "result certificate” is the new certificate returned by EST server.

The result certificate is imported and saved with the filename specified by the output output-cert-filename. If force is specified, the system overwrites the existing file with same name as the output-cert-filename.

Parameters

name

Specifies EST profile name, up to 32 characters

key-filename

Specifies the filename of a key, up to 95 characters

output-cert-filename

Specifies the output certificate filename, up to 200 characters

hash-algorithm

Specifies the hash algorithm used in a certificate request.

Values

sha1, sha224, sha256, sha384, sha512

subject-dn

Specifies the distinguish name, up to 256 characters, used as the subject in a certificate request, including:

  • C-Country

  • ST-State

  • O-Organization name

  • OU-Organization Unit name

  • CN-common name

This parameter is formatted as a text string including any of the preceding attributes. The attribute and its value is linked by using "=”, and ",” is used to separate different attributes.

For example: C=US,ST=CA,O=ALU,CN=SR12

Values

attr1=val1,attr2=val2

where: attrN={C | ST | O | OU | CN}, up to 256 characters

domain-names

Specifies domain names, up to 512 characters, separated by commas

ip-address

Specifies an IPv4 or IPv6 address string, up to 64 characters

validate-cert-chain

Specifies that the system validates the certificate’s chain of result certificate before importing it

force

Specifies that the system overwrites the existing file with same output-cert-filename

Platforms

All

enter

enter

Syntax

[no] enter

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>command-completion enter)

Full Context

configure system management-interface cli md-cli environment command-completion enter

Description

This command enables completion on the enter character.

The no form of this command reverts to the default value.

Default

enter

Platforms

All

entropy-label

entropy-label

Syntax

[no] entropy-label

Context

[Tree] (config>service>epipe>bgp-evpn>mpls entropy-label)

[Tree] (config>service>epipe>spoke-sdp entropy-label)

[Tree] (config>service>vpls>spoke-sdp entropy-label)

[Tree] (config>service>vpls>mesh-sdp entropy-label)

[Tree] (config>service>ipipe>spoke-sdp entropy-label)

[Tree] (config>service>pw-template entropy-label)

[Tree] (config>service>vpls>bgp-evpn>mpls entropy-label)

Full Context

configure service epipe bgp-evpn mpls entropy-label

configure service epipe spoke-sdp entropy-label

configure service vpls spoke-sdp entropy-label

configure service vpls mesh-sdp entropy-label

configure service ipipe spoke-sdp entropy-label

configure service pw-template entropy-label

configure service vpls bgp-evpn mpls entropy-label

Description

This command enables or disables the use of entropy labels for spoke SDPs.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.

Default

no entropy-label

Platforms

All

entropy-label

Syntax

[no] entropy-label

Context

[Tree] (config>service>ies>if>spoke-sdp entropy-label)

Full Context

configure service ies interface spoke-sdp entropy-label

Description

This command enables the use of entropy labels on a spoke-SDP bound to an IES interface.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and hash label features are mutually exclusive. The entropy label cannot be configured on a spoke-sdp or service where the hash label feature has already been configured.

Default

no entropy-label

Platforms

All

entropy-label

Syntax

[no] entropy-label

Context

[Tree] (config>service>vprn entropy-label)

[Tree] (config>service>vprn>if>spoke-sdp entropy-label)

Full Context

configure service vprn entropy-label

configure service vprn interface spoke-sdp entropy-label

Description

This command enables or disables the use of entropy labels for spoke SDPs on a VPRN.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and the hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.

Default

no entropy-label

Platforms

All

entropy-label

Syntax

entropy-label

[no] entropy-label

Context

[Tree] (config>service>sdp>binding>pw-port entropy-label)

Full Context

configure service sdp binding pw-port entropy-label

Description

This command enables entropy label insertion on the PW port.

If this command is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy label capability.

  • If the tunnel is of type RSVP or SR-TE, the entropy-label must be enabled under the config>router>mpls or config>router>mpls>lsp contexts.

  • If the tunnel is of type SR-ISIS, SR-OSPF or SR-TE, the override-tunnel-elc command must be configured under the config>router>isis or config>router>ospf contexts.

  • If the tunnel is LDP, the entropy-level capability is configured under the configure>router>ldp context.

The entropy label is only applicable to PW ports bound to a static port, and not to ports using an FPE.

The no form of this command disables the entropy label insertion on the PW port.

Default

no entropy-label

Platforms

All

entropy-label

Syntax

entropy-label {rsvp-te | sr-te} {force-disable | enable}

Context

[Tree] (config>router>mpls entropy-label)

Full Context

configure router mpls entropy-label

Description

This command configures the use of entropy labels for MPLS.

The entropy label (EL) and entropy label indicator (ELI) require the insertion of two additional labels in the label stack. In some cases, this may result in an unsupported label stack depth or large changes in the label stack depth during the lifetime of an LSP (for example, due to switching from a primary path with ELC enabled to a secondary path for which the far end has not signaled ELC).

This command provides control at the head end of an RSVP LSP or SR-TE LSP as to whether an EL is inserted on an LSP by ignoring the ELC signaled from the far-end LER, and to control how the additional label stack depth is accounted for.

By default, regardless of the value set for entropy label capability at the egress node, the ingress LER considers the EL and ELI in the label stack while sending the information to the TTM and NHLFE. The application using the LSP does not insert an EL and ELI in the label stack unless the far-end signals ELC and the application is configured to insert an entropy label.

When entropy-label is set to force-disable, the ingress LER does not consider EL and ELC in the label stack when sending the information to the TTM and NHLFE. Therefore, the system marks the TTM and NHLFE as ELC not supported, and applications do not insert an EL or ELI.

The entropy-label command value changes at either the MPLS level or the LSP level. The new operational value does not take effect until the LSP is re-signaled. A shutdown and no shutdown of the LSP is required to enable the new value.

The user can use the clear command or bounce MPLS itself (shutdown/no shutdown) to force the new value to take effect for a large numbers of LSPs.

Default

entropy-label rsvp-te enable

Parameters

rsvp-te

Applies the entropy-label command to RSVP LSPs.

sr-te

Applies the entropy-label command applies to SR-TE LSPs.

force-disable

Specifies that the ingress LER will not consider the EL and ELI in the label stack while sending the information to the TTM and NHLFE. The system marks the TTM and NHLFE as ELC not supported, and applications do not insert an EL or ELI in the label stack.

enable

Specifies that the ingress LER will consider what is signaled from the egress node for ELC for marking the NHLFE, while the TTM is always marked. Although applications only insert the entropy label if the far end signals ELC, the additional two labels of the EL and ELI are always accounted for.

Platforms

All

entropy-label

Syntax

entropy-label {force-disable | enable | inherit}

Context

[Tree] (config>router>mpls>lsp entropy-label)

[Tree] (config>router>mpls>lsp-template entropy-label)

Full Context

configure router mpls lsp entropy-label

configure router mpls lsp-template entropy-label

Description

This command configures the use of entropy labels for an LSP.

The entropy label (EL) and entropy label indicator (ELI) require the insertion of two additional labels in the label stack. In some cases, this may result in an unsupported label stack depth or large changes in the label stack depth during the lifetime of an LSP (for example, due to switching from a primary path with ELC enabled to a secondary path for which the far end has not signaled ELC).

This command provides control at the head end of an RSVP LSP or SR-TE LSP over whether an entropy label is inserted on an LSP by overriding the ELC signaled from the far-end LER, and control over how the additional label stack depth is accounted for.

By default, the value of entropy-label is inherited from the MPLS level. The command under the LSP context provides a means to override the default MPLS behavior on a per-LSP basis. For auto-LSPs, it can only be configured in LSP templates of type one-hope-p2p and mesh-p2p.

Under the LSP context, when the value of entropy-label is set to enable, the ingress LER will take into consideration what is signaled from the egress node for ELC when marking the NHLFE as entropy-label-capable. Since the value of entropy-label is set to enable at the LSP level, the system will always mark it in the TTM as entropy-label-capable regardless of the signaled value, in order to ensure that the potential additional label stack depth is accounted for. In this scenario, the TTM and NHLFE can be out of synchronization based on what is configured at the egress node. That is, the application will always account for the entropy label and ELI in the label stack without taking into consideration the signaled value of ELC.

When entropy-label is set to force-disable, the ingress LER will not consider EL and ELI in the label stack while sending the information to the TTM and NHLFE, regardless of what the far end signals. Therefore, the system will mark the TTM and NHLFE as ELC not supported, and applications will not insert an EL or ELI.

When the value of entropy-label changes at either the MPLS level or the LSP level, the new operational value will not take effect until the LSP is re-signaled. A shutdown and no shutdown of the LSP is required to enable the new value.

The user can use the clear command or bounce MPLS itself (shutdown and no shutdown) to force the new value to take effect for a large numbers of LSPs.

Default

entropy-label inherit

Parameters

force-disable

Indicates that the ingress LER will not consider the entropy label and ELI in the label stack while sending the information to the TTM and NHLFE. The system will mark the TTM and NHLFE as ELC not supported, and applications will not insert an EL or ELI in the label stack.

enable

Indicates that the ingress LER will take into consideration what is signaled from the egress node for ELC for marking the NHLFE, while the TTM is always marked. Therefore, although applications will only insert the entropy label if the far end signals ELC, the additional two labels of the entropy label EL and ELI are always accounted for.

inherit

Indicates that the value of entropy-label is inherited from the setting in the MPLS context.

Platforms

All

entropy-label

Syntax

[no] entropy-label

Context

[Tree] (config>router entropy-label)

Full Context

configure router entropy-label

Description

If entropy-label is configured, the Entropy label and Entropy Label Indicator is inserted on packets for which at least one LSP in the stack for the far-end of the LDP or RSVP tunnel used by an IGP or BGP shortcut has advertised entropy-label-capability. If the tunnel is of type RSVP, then entropy-label must also have been enabled under config>router>mpls or config>router>mpls>lsp.

This configuration will result in other traffic that is forwarded over an LDP or RSVP LSP for which this router is the LER, and for which there is no explicit service endpoint on this router, to have the EL/ELI enabled, subject to the LSP far-end advertising entropy-label-capability. An example of such traffic includes packets arriving on a stitched LDP LSP forwarded over an RSVP LSP.

Default

no entropy-label

Platforms

All

entropy-label

Syntax

entropy-label

Context

[Tree] (config>router>ospf entropy-label)

[Tree] (config>router>isis entropy-label)

Full Context

configure router ospf entropy-label

configure router isis entropy-label

Description

Commands in this context configure entropy label capabilities for the routing protocol.

Platforms

All

entropy-label

Syntax

entropy-label {force-disable | enable}

no entropy-label

Context

[Tree] (config>router>isis>segm-rtng entropy-label)

[Tree] (config>router>ospf>segm-rtng entropy-label)

Full Context

configure router isis segment-routing entropy-label

configure router ospf segment-routing entropy-label

Description

This command instructs the system to ignore any received IGP advertisements of entropy label capability relating to remote nodes in the network. It also prevents a user from configuring override-tunnel-elc for the IGP instance.

The no version of this command enables the processing of any received IGP advertisements of entropy label capability.

Default

entropy-label enable

Parameters

force-disable

Forces the system to ignore any received entropy label capability signaled in the IGP.

enable

Enables the system to process any received entropy label capability signaled in the IGP.

Platforms

All

entropy-label-capability

entropy-label-capability

Syntax

[no] entropy-label-capability

Context

[Tree] (config>router>ldp entropy-label-capability)

[Tree] (config>router>rsvp entropy-label-capability)

Full Context

configure router ldp entropy-label-capability

configure router rsvp entropy-label-capability

Description

This command enables or disables ELC for RSV.

If entropy-label-capability is configured, then the system will signal (using the procedures specified in RFC 6790) that it is capable of receiving and processing the entropy label and ELI on incoming packets of RSVP and LDP LSPs.

If no entropy-label-capability is configured, then the system will not signal ELC. If an ELI is exposed on a packet where the tunnel label is popped at the termination of that LSP, and an entropy label is not configured, then the packet will be dropped.

Default

no entropy-label-capability

Platforms

All

entry

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>filter>dhcp-filter entry)

[Tree] (config>filter>dhcp6-filter entry)

Full Context

configure filter dhcp-filter entry

configure filter dhcp6-filter entry

Description

This command configures DHCP filter entries.

The no form of this command removes the entry from the configuration.

Parameters

entry-id

Specifies the entry ID.

Values

1 to 65535

create

This keyword is required when first creating the DHCP filter entry. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

All

entry

Syntax

entry id [create]

no entry id

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter entry)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry

Description

This command configures an entry in the VAS filter.

The no form of this command removes the entry ID from the configuration.

Parameters

id

Specified an entry in the VAS filter.

Values

0 to 4294967295

create

Keyword used to create the entry ID instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry key ancp-string customer customer-id multi-service-site customer-site-name ancp-policy policy-name

entry key ancp-string sap sap-id ancp-policy policy-name

no entry key ancp-string customer customer-id multi-service-site customer-site-name

no entry key ancp-string sap sap-id

Context

[Tree] (config>subscr-mgmt>ancp>static-map entry)

Full Context

configure subscriber-mgmt ancp ancp-static-map entry

Description

This command configures an ANCP name. When ANCP is configured to provide rate adaptation without the use of enhanced subscriber management, this command will define how to map an ANCP key (usually the circuit-id of the DSLAM port) to either a SAP and a scheduler name (when a Multi-Service Site (MSS) is not used) or a customer, site and scheduler name when MSS is used.

Different ANCP names may be used with the same SAPs or customer ID/MSS combinations to allow schedulers within the policy to be mapped to the ANCP names. An ANCP string and SAP combination may reference only one ancp-policy. An ANCP string and customer and site-name combination may reference a single ancp-policy.

The no form of this command reverts to the default.

Parameters

ancp-string

Specifies the ASCII representation of the DSLAM circuit-id name, up to 63 characters.

customer-id

Specifies the associated existing customer ID.

Values

1 to 2147483647

customer-site-name

Specifies the associated customer’s configured MSS name, up to 32 characters.

policy-name

Specifies an existing ANCP policy name, up to 32 characters.

sap-id

Specifies the physical port identifier portion of the SAP definition.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6 entry)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip entry)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6 entry)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip entry)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry

Description

This command configures the IP filter entry.

The no form of this command reverts to the default.

Parameters

entry-id

Specifies the entry ID.

Values

1 to 65535

create

Keyword used to create an entry. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry key sub-ident-string [sub-profile sub-profile-name] [alias sub-alias-string] [sla-profile sla-profile-name] [app-profile app-profile-name]

no entry key sub-ident-string

Context

[Tree] (config>subscr-mgmt>explicit-sub-map entry)

Full Context

configure subscriber-mgmt explicit-subscriber-map entry

Description

This command configures a subscriber identification string.

The no form of this command reverts to the default.

Parameters

sub-ident-string

Specifies the profile string, up to 32 characters.

sub-profile-name

Specifies an existing subscriber profile name, up to 32 characters.

sub-alias-string

Specifies an alias for the subscriber identification string, up to 64 characters.

sla-profile-name

Specifies an existing SLA profile, up to 32 characters.

app-profile-name

Specifies an app profile name up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry key app-profile-string app-profile app-profile-name

no entry key app-profile-string

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>app-profile-map entry)

Full Context

configure subscriber-mgmt sub-ident-policy app-profile-map entry

Description

This command configures an application profile string.

The no form of this command removes the values from the configuration.

Parameters

app-profile-string

Specifies the application profile string up to 16 characters.

app-profile-name

Specifies the application profile name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry key sla-profile-string sla-profile sla-profile-name

no entry key sla-profile-string

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>sla-profile-map entry)

[Tree] (config>subscr-mgmt>sub-prof>sla-profile-map entry)

Full Context

configure subscriber-mgmt sub-ident-policy sla-profile-map entry

configure subscriber-mgmt sub-profile sla-profile-map entry

Description

This command configures an SLA profile string. Each subscriber identification string can be provisioned into a subscriber mapping table providing an explicit mapping of the string to a specific subscriber profile. This allows certain subscribers to be directly mapped to the appropriate subscriber profile in the event that the default mappings are not desired for the subscriber.

An explicit mapping of a subscriber identification string to a subscriber profile cannot be defined with the subscriber profile name default. It is possible for the subscriber identification string to be entered in the mapping table without a defined subscriber profile which can result in the explicitly defined subscriber to be associated with the subscriber profile named default.

Explicitly mapping a subscriber identification string to a subscriber profile will cause an existing active subscriber associated with the string to be reassigned to the newly mapped subscriber profile. An explicit mapping overrides all default subscriber profile definitions.

Attempting to delete a subscriber profile that is currently defined as in an explicit subscriber identification string mapping will fail.

The system will fail the removal attempt of an explicit subscriber identification string mapping to a subscriber profile definition when an active subscriber is using the mapping and cannot be reassigned to a defined default non-provisioned subscriber profile.

The no form of this command reverts to the default.

Parameters

sla-profile-string

Identifies the SLA profile string, up to 32 characters.

sla-profile-name

Identifies the SLA profile name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry key sub-profile-string sub-profile sub-profile-name

no entry key sub-profile-string

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>sub-profile-map entry)

Full Context

configure subscriber-mgmt sub-ident-policy sub-profile-map entry

Description

This command configures a subscriber profile string.

The no form of this command reverts to the default.

Parameters

sub-profile-string

Specifies the subscriber profile string, up to 32 characters.

sub-profile-name

Specifies the subscriber profile name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

[no] entry direction direction type type id id

Context

[Tree] (config>subscr-mgmt>accu-stats-policy entry)

Full Context

configure subscriber-mgmt accu-stats-policy entry

Description

This command defines the direction of the policer or queue to the stored and accumulated policy.

The no form of this command removes the entry.

Parameters

direction

Specifies the direction of the queue or policer.

Values

egress, ingress

type

Specifies whether the entry is for a queue or policer.

Values

queue, policer

id

Specifies the queue or policer ID.

Values

1 to 63

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>subscr-mgmt>isa-filter>ipv6 entry)

[Tree] (config>subscr-mgmt>isa-filter entry)

Full Context

configure subscriber-mgmt isa-filter ipv6 entry

configure subscriber-mgmt isa-filter entry

Description

This command creates a new entry for this filter. When processing a packet, entries are matched in order, starting with the lowest entry-id. A maximum of 128 IPv4 and 128 IPv6 DSM filter entries are allowed.

The no form of this command removes the specified entry from the ISA filter.

Parameters

entry-id

Specifies the numeric identifier for the filter entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry [entry] [prefix-string prefix-string] [accounting-server-policy policy-name] [authentication-server-policy policy-name] [suffix-string suffix-string]

no entry [entry]

Context

[Tree] (config>router>radius-proxy>server>attribute-matching entry)

[Tree] (config>service>vprn>radius-proxy>server>attribute-matching entry)

Full Context

configure router radius-proxy server attribute-matching entry

configure service vprn radius-proxy server attribute-matching entry

Description

This command matches the specified prefix or suffix string with the selected accounting server policy or authentication server policy.

Parameters

entry

Specifies an entry ID.

Values

1 to 32

prefix-string

Specifies the prefix string for matching up to 128 characters. If the suffix-string is also used, the combined length cannot exceed 126 characters.

suffix-string

Specifies the suffix string for matching up to 126 characters. If the prefix-string is also used, the combined length cannot exceed 126 characters.

policy-name

Specifies the RADIUS accounting or authentication policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>service>mrp>mrp-policy entry)

Full Context

configure service mrp mrp-policy entry

Description

This command creates or edits an mrp-policy entry. Multiple entries can be created using unique entry-id numbers within the policy. The implementation exits the policy on the first match found and executes the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit. An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and therefore will be rendered inactive.

The no form of this command removes the specified entry from the mrp-policy. Entries removed from the mrp-policy are immediately removed from all services where the policy is applied.

Parameters

entry-id

An entry-id uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 65535

create

Keyword; required when first creating the configuration context. When the context is created, one can navigate into the context without the create keyword.

Platforms

All

entry

Syntax

entry range-entry-id [create]

no entry range-entry-id

Context

[Tree] (config>service>vpls>isid-policy entry)

Full Context

configure service vpls isid-policy entry

Description

This command creates or edits an ISID policy entry. Multiple entries can be created using unique entry-id numbers within the ISID policy.

entry-id — Specifies an entry-id uniquely identifies a ISID range and the corresponding actions. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

The following rules govern the usage of multiple entry statements:

  • overlapping values are allowed:

    • isid from 301 to 310

    • isid from 305 to 315

    • isid 316

  • the minimum and maximum values from overlapping ranges are considered and displayed. The above entries will be equivalent with "isid from 301 to 316” statement.

  • there is no consistency check with the content of ISID statements from other entries. The entries will be evaluated in the order of their IDs and the first match will cause the implementation to execute the associated action for that entry.

no isid - removes all the previous statements under one entry.

no isid value | from value to higher-value - removes a specific ISID value or range. Must match a previously used positive statement: for example, if the command "isid 16 to 100” was used using "no isid 16 to 50”, it will not work but "no isid 16 to 100 will be successful.

Values 1 to 65535

Default

no entry

Parameters

range-entry-id

Specifies the ID of the ISID policy to be created or edited

Values

1 to 8191

create

Required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword.

Platforms

All

entry

Syntax

entry entry-id [name entry-name]

no entry entry-id

Context

[Tree] (config>service>vprn>log>filter entry)

Full Context

configure service vprn log filter entry

Description

This command is used to create or edit an event filter entry. Multiple entries may be created using unique entry-id values. The SR OS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and are rendered inactive.

By default, no filter entries are defined. Entries must be explicitly configured.

The no form of this command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log-id’s where the filter is applied.

Default

No event filter entries are defined. An entry must be explicitly configured.

Parameters

entry-id

The entry ID uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.

Values

1 to 999

name entry-name

Configures an optional entry name for the event filter, up to 64 characters, that can be used to refer to the entry after it is created.

Platforms

All

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>app-assure>group>policy>app-filter entry)

Full Context

configure application-assurance group policy app-filter entry

Description

This command creates an application filter entry.

App filter entries are an ordered list, the lowest numerical entry that matches the flow defines the application for that flow.

An application filter entry or entries configures match attributes of an application.

The no form of this command deletes the specified application filter entry.

Parameters

entry-id

Specifies an integer that identifies an app-filter entry.

Values

1 to 65535

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>app-assure>group>policy>aqp entry)

Full Context

configure application-assurance group policy app-qos-policy entry

Description

This command creates an application QoS policy entry. A flow that matches multiple Application QoS policies (AQP) entries will have multiple AQP entries actions applied. When a conflict occurs for two or more actions, the action from the AQP entry with the lowest numerical value takes precedence.

The no form of this command deletes the specified application QoS policy entry.

Parameters

entry-id

An integer identifying the AQP entry.

Values

1 to 65535

create

Mandatory keyword creates the entry. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>app-assure>group>sess-fltr entry)

Full Context

configure application-assurance group session-filter entry

Description

This command configures a particular Application-Assurance session filter match entry. Every session filter can have zero or more session filter match entries. An application filter entry or entries configures match attributes of an application.

The no form of this command deletes the specified entry.

Parameters

entry-id

Specifies an integer that identifies the entry.

Values

1 to 65535

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id direction direction [create]

no entry entry-id direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-fltr>msg entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter message-type entry

Description

This command configures a TCA for the counter capturing hits for the specified GTP filter entry. A GTP filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a default action TCA.

Parameters

entry-id

Specifies the GTP filter message-type entry identifier.

Values

1 to 255

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id direction direction [create]

no entry entry-id direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-fltr>msg-gtpv2 entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter message-type-gtpv2 entry

Description

This command configures a TCA for the counter capturing hits for the specified GTPv2 message type filter entry. A GTP filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating an entry TCA.

Parameters

entry-id

Specifies the GTP filter message-type-gtpv2 entry identifier.

Values

516 to 770

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id direction direction [create]

no entry entry-id direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-fltr>imsi-apn entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter imsi-apn entry

Description

This command configures a TCA for the counter capturing hits for the specified IMSI-APN filter entry. A GTP IMSI-APN filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating an entry TCA.

Parameters

entry-id

Specifies the identifier for the IMSI-APN filter entry.

Values

1031 to 2030

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

entry

Syntax

entry entry-id direction direction [create]

no entry entry-id direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-fltr>ppid entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid entry

Description

This command configures a TCA for the counter capturing hits for the specified SCTP filter PPID entry. An SCTP filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

entry-id

Specifies the SCTP filter PPID entry identifier.

Values

1 to 255

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id direction direction [create]

no entry entry-id direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>session-filter entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert session-filter entry

Description

This command configures a TCA for the counter capturing hits for the specified session filter entry. A session filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

entry-id

Specifies the SCTP filter PPID entry identifier.

Values

1 to 65535

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr entry)

Full Context

configure application-assurance group gtp gtp-filter imsi-apn-filter entry

Description

This command configures an entry within the IMSI-APN filter to allow for IMSI-APN match and action configuration.

Parameters

entry-id

Specifies the index into the IMSI-APN list that defines a custom filtering action.

Values

1031 to 2030

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id value gtp-message-value action {permit | deny}

no entry entry-id

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>msg entry)

Full Context

configure application-assurance group gtp gtp-filter message-type entry

Description

This command configures an entry for a specific GTPv1 message type value.

Parameters

entry-id

Specifies the index into the GTP message value list that defines a custom message-type action.

Values

1 to 255

gtp-message-value

Specifies the GTPv1 message type, either as a numeric value or as a string.

Values

1 to 255 or 256 characters {echo-request, echo-response, error-indication, g-pdu, supported-extension-headers-notification}

permit | deny

Specifies the action to take for packets that match this GTP filter message entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id value gtpv2-message-value action {permit | deny}

no entry entry-id

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>msg-gtpv2 entry)

Full Context

configure application-assurance group gtp gtp-filter message-type-gtpv2 entry

Description

This command configures an entry for a specific GTPv2 message type value.

Default

entry permit

Parameters

entry-id

Specifies the index into the GTP message value list that defines a custom message-type action.

Values

516 to 770

gtpv2-message-value

Specifies the GTPv2 message type, either as a numeric value or as a string.

Values

1 to 255 or 256 characters (such as: echo-request, echo-response, create-session-request, modify-bearer-request, change-notification-request, change-notification-response, modify-bearer-response, create-session-response, delete-session-request, delete-session-response, remote-ue-report-notification, remote-ue-report-acknowledge)

permit | deny

Specifies the action to take for packets that match this GTP filter message entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id value ppid-value action {permit | deny}

no entry entry-id

Context

[Tree] (config>app-assure>group>sctp-fltr>ppid entry)

Full Context

configure application-assurance group sctp-filter ppid entry

Description

This command specifies if an SCTP PPID value is allowed or not.

The no form of this command removes this PPID. In which case, the default action for the sctp-filter>ppid is applied.

Parameters

entry-id

Specifies the SCTP filter PPID entry identifier.

ppid-value

Specifies the PPID value, either as numeric value or as a string.

Values

0 to 4294967295 D, 256 chars max

action {permit | deny}

Specifies to allow or deny the configured PPID.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

entry entry-id

no entry entry-id

Context

[Tree] (config>app-assure>group>transit-prefix-policy entry)

Full Context

configure application-assurance group transit-prefix-policy entry

Description

This command configures the index to a specific entry of a transit prefix policy.

The no form of this command removes the entry ID from the transit prefix policy configuration.

Parameters

entry-id

Specifies a transit prefix policy entry.

Values

1 to 4294967295

create

Keyword used when creating an entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>ipsec>cert-profile entry)

Full Context

configure ipsec cert-profile entry

Description

This command configures the certificate profile entry information

The no form of this command removes the entry-id value from the cert-profile configuration.

Parameters

entry-id

Specifies the entry ID.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>ipsec>ts-list>remote entry)

[Tree] (config>ipsec>ts-list>local entry)

Full Context

configure ipsec ts-list remote entry

configure ipsec ts-list local entry

Description

This command creates a new TS-list entry or enables the context to configure an existing TS-list entry.

The no form of this command removes the entry from the local or remote configuration.

Parameters

entry-id

Specifies the entry ID

Values

1 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>router>ipsec>sec-plcy entry)

[Tree] (config>service>vprn>ipsec>sec-plcy entry)

Full Context

configure router ipsec security-policy entry

configure service vprn ipsec security-policy entry

Description

This command configures an IPsec security policy entry.

Parameters

entry-id

Specifies the IPsec security policy entry.

Values

1 to 16

create

Keyword used to create the security policy entry instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

VSR

  • configure router ipsec security-policy entry

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn ipsec security-policy entry

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>service>nat>nat-classifier entry)

Full Context

configure service nat nat-classifier entry

Description

This command creates or edits a nat-classifier entry. Multiple entries can be created using unique entry-id numbers within the nat-classifier. Entries must be sequenced from most to least explicit. An entry may not have any match criteria defined, in which case all UDP traffic will be matched. In case that the action is not explicitly configured, a default-action will be applied.

The no form of the command removes the specified entry from the filter. Entries removed from the nat-classifier are immediately removed from all entities to which the nat-classifier is applied.

Parameters

entry-id

Specifies an entry-id that uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 1000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry li-entry-id [create]

no entry li-entry-id

Context

[Tree] (config>li>li-filter>li-mac-filter entry)

[Tree] (config>li>li-filter>li-ip-filter entry)

[Tree] (config>li>li-filter>li-ipv6-filter entry)

Full Context

configure li li-filter li-mac-filter entry

configure li li-filter li-ip-filter entry

configure li li-filter li-ipv6-filter entry

Description

This command creates or edits a Lawful Interception filter entry. Multiple entries can be created using unique entry-id numbers within the filter.

An entry in an LI filter always has an implicit action of "forward”.

The no form of this command removes the specified entry from the filter. Entries removed from the filter are immediately removed from all services or network ports where the associated filter is applied.

LI filter entries can be used as li-source entries.

The entry numbers for LI filters serve purely as keys for managing the entries (deleting entries, and so on). The order of LI filter entries is not guaranteed to match the entry numbers and the software may reorder entries. Operators must use LI entries in a manner such that relative order of the LI entries amongst themselves is not important.

The no form of this command removes the LI entry ID from the configuration.

Parameters

li-entry-id

Identifies the Lawful Interception filter entry.

Values

1 to 65536

Platforms

All

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>qos>sap-ingress>mac-criteria entry)

[Tree] (config>qos>sap-ingress>ipv6-criteria entry)

[Tree] (config>qos>sap-egress>ip-criteria entry)

[Tree] (config>qos>sap-egress>ipv6-criteria entry)

[Tree] (config>qos>sap-ingress>ip-criteria entry)

Full Context

configure qos sap-ingress mac-criteria entry

configure qos sap-ingress ipv6-criteria entry

configure qos sap-egress ip-criteria entry

configure qos sap-egress ipv6-criteria entry

configure qos sap-ingress ip-criteria entry

Description

This command is used to create or edit an IP, IPv6, or MAC criteria entry for the policy. Multiple entries can be created using unique entry-id numbers.

The list of flow criteria is evaluated in a top-down manner with the lowest entry ID at the top and the highest entry ID at the bottom. If the defined match criteria for an entry within the list matches the information in the egress packet, the system stops matching the packet against the list and performs the matching entries reclassification actions. If none of the entries match the packet, the IP flow reclassification list has no effect on the packet.

An entry is not populated in the list unless the action command is executed for the entry. An entry that is not populated in the list has no effect on egress packets. If the action command is executed without any explicit reclassification actions specified, the entry is populated in the list allowing packets matching the entry to exit the list, preventing them from matching entries lower in the list. Since this is the only flow reclassification entry that the packet matched and this entry explicitly states that no reclassification action is to be performed, the matching packet will not be reclassified.

The no form of this command removes the specified entry from the policy. Entries removed from the policy are immediately removed from all services where that policy is applied.

Parameters

entry-id

The entry-id, expressed as an integer, uniquely identifies a match criterion and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

An entry cannot have any match criteria defined (in which case, everything matches) but must have at least the keyword action fc fc-name for it to be considered complete. Entries without the action keyword will be considered incomplete and, therefore, will be rendered inactive.

Values

1 to 65535

create

Required parameter when creating a flow entry when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the flow entry already exists.

Platforms

All

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>qos>network>egress>ip-criteria entry)

[Tree] (config>qos>network>egress>ipv6-criteria entry)

[Tree] (config>qos>network>ingress>ip-criteria entry)

[Tree] (config>qos>network>ingress>ipv6-criteria entry)

Full Context

configure qos network egress ip-criteria entry

configure qos network egress ipv6-criteria entry

configure qos network ingress ip-criteria entry

configure qos network ingress ipv6-criteria entry

Description

This command is used to create or edit an IP or IPv6 criteria entry for the policy. Multiple entries can be created using unique entry numbers.

The list of flow criteria is evaluated in a top-down manner with the lowest entry ID at the top and the highest entry ID at the bottom. If the defined match criteria for an entry within the list matches the information in the packet, the system stops matching the packet against the list and performs the matching entries reclassification actions. If none of the entries match the packet, the IP flow reclassification list has no effect on the packet.

An entry is not populated in the list unless the action command is executed for the entry. An entry that is not populated in the list has no effect on ingress packets. If the action command is executed without any explicit reclassification actions specified, the entry is populated in the list allowing packets matching the entry to exit the list, preventing them from matching entries lower in the list. Since this is the only flow reclassification entry that the packet matched, and this entry explicitly states that no reclassification action is to be performed, the matching packet will not be reclassified.

The configuration of egress prec/DSCP classification and the configuration of an egress IP criteria or IPv6 criteria entry statement within a network QoS policy are mutually exclusive.

Network QoS policies containing egress ip-criteria or ipv6-criteria entry statements are only applicable to network interfaces. Configuration of ip-criteria or ipv6-criteria entry statements in a network egress QoS policy and the application of the policy on any object other than a GRT network interface are mutually exclusive.

The no form of this command removes the specified entry from the policy. Entries removed from the policy are immediately removed from all services to which that policy is applied.

Parameters

entry-id

The entry identifier, expressed as an integer, uniquely identifies a match criterion and the corresponding action. It is recommended that multiple entries be given entry identifiers in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

An entry cannot have any match criteria defined (in which case, everything matches) but must have at least the keyword action fc fc-name profile profile for it to be considered complete. Entries without the action keyword will be considered incomplete and will be rendered inactive.

Values

1 to 65535

create

Required parameter when creating a flow entry when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled, and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the flow entry already exists.

Platforms

All

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>filter>ip-exception entry)

[Tree] (config>filter>ip-filter entry)

[Tree] (config>filter>ipv6-filter entry)

[Tree] (config>filter>ipv6-exception entry)

[Tree] (config>filter>mac-filter entry)

Full Context

configure filter ip-exception entry

configure filter ip-filter entry

configure filter ipv6-filter entry

configure filter ipv6-exception entry

configure filter mac-filter entry

Description

This command creates or edits an IPv4, IPv6, MAC, IP exception filter, or IPv6 exception filter entry. Multiple entries can be created using unique entry-id numbers within the filter. Entries must be sequenced from most to least explicit.

An entry may not have any match criteria defined (in which case everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and hence will be rendered inactive.

The no form of the command removes the specified entry from the filter. Entries removed from the filter are immediately removed from all services or network ports where that filter is applied.

Parameters

entry-id

Uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-id in staggered increments. This allows users to insert a new entry in an existing policy without requiring to renumbering all the existing entries. The parameter is expressed as a decimal integer.

Values

1 to 2097151

create

This keyword is required to create the configuration context. Once the context is created, the user can enable the context with or without the create keyword.

Platforms

VSR

  • configure filter ipv6-exception entry
  • configure filter ip-exception entry

All

  • configure filter mac-filter entry
  • configure filter ip-filter entry
  • configure filter ipv6-filter entry

entry

Syntax

entry entry-id [name entry-name]

no entry entry-id

Context

[Tree] (config>log>filter entry)

Full Context

configure log filter entry

Description

This command creates or edits an event filter entry. Multiple entries can be created using unique entry-id values. The SR OS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and are rendered inactive.

By default, no filter entries are defined. Entries must be explicitly configured.

The no form of this command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log-id’s where the filter is applied.

Parameters

entry-id

The entry ID uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.

Values

1 to 999

name entry-name

Configures an optional entry name for the event filter, up to 64 characters, that can be used to refer to the entry after it is created.

Platforms

All

entry

Syntax

[no] entry entry-id

Context

[Tree] (config>log>event-handling>handler>action-list entry)

Full Context

configure log event-handling handler action-list entry

Description

This command configures an EHS handler action-list entry. A handler can have multiple actions where each action, for example, could request the execution of a different script. When the handler is triggered it will walk through the list of configured actions.

The no form of this command removes the specified EHS handler action-list entry.

Parameters

entry-id

Specifies the identifier of the EHS handler entry.

Values

1 to 1500

Platforms

All

entry

Syntax

[no] entry entry-id

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter entry)

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter entry)

[Tree] (config>system>security>mgmt-access-filter>mac-filter entry)

Full Context

configure system security management-access-filter ip-filter entry

configure system security management-access-filter ipv6-filter entry

configure system security management-access-filter mac-filter entry

Description

This command is used to create or edit a management access IP(v4), IPv6, or MAC filter entry. Multiple entries can be created with unique entry-id numbers. The OS exits the filter upon the first match found and executes the actions according to the respective action command. For this reason, entries must be sequenced correctly from most to least explicit.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action defined to be considered complete. Entries without the action keyword are considered incomplete and inactive.

The no form of this command removes the specified entry from the management access filter.

Parameters

entry-id

Specifies an entry ID uniquely identifies a match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries.

Values

1 to 9999

Platforms

All

entry

Syntax

entry entry-id

Context

[Tree] (config>sys>sec>cpm>mac-filter entry)

[Tree] (config>sys>sec>cpm>ip-filter entry)

[Tree] (config>sys>sec>cpm>ipv6-filter entry)

Full Context

configure system security cpm-filter mac-filter entry

configure system security cpm-filter ip-filter entry

configure system security cpm-filter ipv6-filter entry

Description

This command specifies a particular CPM filter match entry. Every CPM filter must have at least one filter match entry. Entries are created and deleted by user.

The default match criteria is match none.

Parameters

entry-id

Identifies a CPM filter entry as configured on this system.

Values

1 to 131072

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

entry

Syntax

entry entry levels levels opcodes opcodes rate packet-rate-limit

no entry

Context

[Tree] (config>sys>security>cpu-protection>policy>eth-cfm entry)

Full Context

configure system security cpu-protection policy eth-cfm entry

Description

Builds the specific match and rate criteria. Up to ten entries may exist in up to four CPU protection policies.

The no form of this command reverses the match and rate criteria configured.

Default

no entry

Parameters

rate

Specifies a packet rate limit in frames per second, where a "0” means drop all.

Values

1 to 100

level

Specifies a domain level.

Values

all: Wildcard entry level

range: 0 to 7: within specified range, multiple ranges allowed

number: 0 to 7: specific level number, may be combined with range

opcode

Specifies an operational code that identifies the application.

Values

range: 0 to 255: within specified range, multiple ranges allowed

number: 0 to 255: specific level number, may be combined with range

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

entry

Syntax

[no] entry entry-id

Context

[Tree] (config>system>security>profile entry)

Full Context

configure system security profile entry

Description

This command is used to create a user profile entry.

More than one entry can be created with unique entry-id numbers. Exits when the first match is found and executes the actions according to the accompanying action command. Entries should be sequenced from most explicit to least explicit.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete.

The no form of this command removes the specified entry from the user profile.

Parameters

entry-id

Specifies an entry-id that uniquely identifies a user profile command match criteria and a corresponding action. If more than one entry is configured, the entry-ids should be numbered in staggered increments to allow users to insert a new entry without requiring renumbering of the existing entries.

Values

1 to 9999

Platforms

All

entry

Syntax

entry entry-id [key authentication-key | hash-key | hash2-key | custom-key] [hash | hash2 | custom] algorithm algorithm]

no entry entry-id

Context

[Tree] (config>system>security>keychain>direction>bi entry)

[Tree] (config>system>security>keychain>direction>uni>receive entry)

[Tree] (config>system>security>keychain>direction>uni>send entry)

Full Context

configure system security keychain direction bi entry

configure system security keychain direction uni receive entry

configure system security keychain direction uni send entry

Description

This command defines a particular key in the keychain. Entries are defined by an entry ID. A keychain must have valid entries for the TCP Enhanced Authentication mechanism to work.

If the entry is the active entry for sending, then this causes a new active key to be selected (if one is available using the youngest key rule). If it is the only possible key to send, then the system rejects the command with an error indicating the configured key is the only available send key.

If the key is one of the eligible keys for receiving, it will be removed. If the key is the only possible eligible key, then the command is accepted, and an error indicating that this is the only eligible key will be generated.

The no form of this command removes the entry from the keychain.

Parameters

entry-id

Specifies an entry that represents a key configuration to be applied to a keychain.

Values

0 to 63, null-key

key

Specifies a key ID which is used along with keychain-name and direction to uniquely identify this particular key entry.

authentication-key

Specifies the authentication-key that is used by the encryption algorithm. The key is used to sign and authenticate a protocol packet.

The authentication-key can be any combination of letters or numbers.

Values

A key must be 160 bits for algorithm hmac-sha-1-96 and must be 128 bits for algorithm aes-128-cmac-96. If the key given with the entry command amounts to less than this number of bits, then it is padded internally with zero bits up to the correct length.

algorithm

Specifies an enumerated integer that indicates the encryption algorithm to be used by the key defined in the keychain.

Values

aes-128-cmac-96 — Specifies an algorithm based on the AES standard for TCP authentication as described in RFC 4494 for BGP and LDP.

aes-128-cmac-128 — Specifies an algorithm based on the AES standard as described in RFC 4493 for NTP.

aes-128-gcm-16 — Specifies an algorithm used for MCS.

hmac-sha-1-96 — Specifies an algorithm based on SHA-1 for RSVP-TE and TCP authentication.

message-digest — MD5 hash used for TCP authentication.

hmac-md5 — MD5 hash used for IS-IS and RSVP-TE.

password – Specifies a simple password authentication for OSPF, IS-IS, and RSVP-TE.

hmac-sha-1 — Specifies the sha-1 algorithm for OSPF, IS-IS, and RSVP-TE.

hmac-sha-256 — Specifies the sha-256 algorithm for OSPF and IS-IS.

hash-key | hash2-key | custom-key

Specifies the hash key. The key can be any combination of ASCII characters up to 33 for the hash-key and 96 characters for the hash2-key (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies a custom hash version is used while saving the configuration files.

Platforms

All

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>system>security>tls>cert-profile entry)

Full Context

configure system security tls cert-profile entry

Description

This command configures an entry for the TLS certificate profile. A certificate profile may have up to eight entries. Currently, TLS uses the entry with the smallest ID number when responding to server requests.

The no form of the command deletes the specified entry.

Parameters

entry-id

Specifies the identification number of the TLS certificate profile entry.

Values

1 to 8

create

Keyword used to create the TLS certificate profile entry.

Platforms

All

entry

Syntax

entry entry-id expression regular-expression

no entry entry-id

Context

[Tree] (config>router>policy-options>as-path-group entry)

Full Context

configure router policy-options as-path-group entry

Description

This command creates the context to edit route policy entries within an autonomous system path group.

Multiple entries can be created using unique entries. The router exits the filter when the first match is found and executes the action specified. For this reason, entries must be sequenced correctly from most to least explicit.

An entry does not require matching criteria defined (in which case, everything matches) but must at least define an action in order to be considered complete. Entries without an action are considered incomplete and will be rendered inactive.

The no form of this command removes the specified entry from the autonomous system path group.

Parameters

entry-id

Specifies the entry ID expressed as a decimal integer. An entry-id uniquely identifies match criteria and the corresponding action. Nokia recommends that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 128

regular-expression

Specifies the AS path group regular expression. Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

An AS path in a BGP route matches an AS path group, if the pattern of the path matches the concatenation of all regular expressions in the group. A regular expression incorporates terms and operators that use the terms. An individual AS number is an elementary term in the AS path regular expression. More complex terms can be built from elementary terms. The following are key operators supported by SR OS:

  • .

  • *

  • ?

  • {n}

  • {m,n}

  • {m, }

To reverse the match criteria when specifying a list of ranges or single values using square brackets, use the non-match operator (^) before the elements within the square brackets.

Platforms

All

entry

Syntax

entry entry-id

no entry

Context

[Tree] (config>router>policy-options>policy-statement entry)

Full Context

configure router policy-options policy-statement entry

Description

This command creates the context to edit route policy entries within the route policy statement.

Multiple entries can be created using unique entries. The router exits the filter when the first match is found and executes the action specified. For this reason, entries must be sequenced correctly from most to least explicit.

An entry does not require matching criteria defined (in which case, everything matches) but must have at least define an action in order to be considered complete. Entries without an action are considered incomplete and will be rendered inactive.

The no form of this command removes the specified entry from the route policy statement.

Parameters

entry-id

Specifies the entry ID expressed as a decimal integer. An entry-id uniquely identifies match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 128

Platforms

All

entry

Syntax

entry entry-id expression hostname category category

no entry entry-id

Context

[Tree] (config>app-assure>group>url-filter>web-service>classification-overrides entry)

Full Context

configure application-assurance group url-filter web-service classification-overrides entry

Description

This command creates a classification override, manually setting the category of a hostname.

The no form of this command removes the classification override entry.

Default

no entry

Parameters

entry-id

Specifies the classification of the override entry.

Values

1 to 65535

hostname

Specifies the hostname of the configured override category, up to 255 characters.

category

Specifies the override category, up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

[Tree] (config>app-assure>group>policy>charging-filter entry)

Full Context

configure application-assurance group policy charging-filter entry

Description

This command configures a charging filter entry. Charging filter entries are an ordered list; the lowest numerical entry that matches the flow, defines the charging filter for this flow.

The no form of this command removes the specified entry.

Default

no entry

Parameters

entry-id

Specifies the entry identifier.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

entry-size

entry-size

Syntax

entry-size size

no entry-size

Context

[Tree] (config>python>py-policy>cache entry-size)

Full Context

configure python python-policy cache entry-size

Description

This command configures the maximum size of the data structure that can be stored in a single Python cache entry which includes both a value and key.

When requesting to store a data structure, the size of the serialized object is compared with the value specified. If larger, the object will not be stored and Python will return exception.

The no form of this command reverts to the default.

Default

entry-size 256

Parameters

size

Configures the maximum accepted size of a single cache entry.

Values

32 to 2048

Platforms

All

environment

environment

Syntax

environment

Context

[Tree] (environment)

Full Context

environment

Description

Commands in this context configure classic CLI session environment parameters.

Platforms

All

environment

Syntax

environment

Context

[Tree] (config>system>management-interface>cli>md-cli environment)

Full Context

configure system management-interface cli md-cli environment

Description

Commands in this context configure MD-CLI session environment parameters.

Platforms

All

epipe

epipe

Syntax

epipe service-id customer customer-id [vpn vpn-id] [vc-switching] [create] name [name]

epipe service-id [test] [create] [name name]

no epipe service-id

Context

[Tree] (config>service epipe)

Full Context

configure service epipe

Description

This command configures an Epipe service instance. This command is used to configure a point-to-point epipe service. An Epipe connects two endpoints defined as Service Access Points (SAPs). Both SAPs may be defined in one 7450 ESS, 7750 SR, or 7950 XRS or they may be defined in separate devices connected over the service provider network. When the endpoint SAPs are separated by the service provider network, the far end SAP is generalized into a Service Distribution Point (SDP). This SDP describes a destination and the encapsulation method used to reach it.

No MAC learning or filtering is provided on an Epipe.

When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.

By default, no epipe services exist until they are explicitly created with this command.

The no form of this command deletes the epipe service instance with the specified service-id. The service cannot be deleted until the service has been shut down.

Cpipe services are enabled on the 7450 ESS.

Parameters

service-id

The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7450 ESS, 7750 SR, or 7950 XRS on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: up to 64 characters

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn vpn-id

Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN ID. If this parameter is not specified, the VPN ID uses the same service ID number.

Values

1 to 2147483647

Default

null (0)

vc-switching

Specifies if the pseudowire switching signaling is used for the spoke SDPs configured in this service.

test

Specifies a unique test service type for the service context which will contain only a SAP configuration. The test service can be used to test the throughput and performance of a path for MPLS-TP PWs. This parameter applies to the 7450 ESS and 7750 SR only.

create

Keyword used to create the service instance. The create keyword requirement can be enabled/disabled in the environment>create context.

name name

Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values

name: up to 64 characters

Platforms

All

epipe-sap-template

epipe-sap-template

Syntax

epipe-sap-template name

no epipe-sap-template

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap epipe-sap-template)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap epipe-sap-template)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-access-points l2-ap epipe-sap-template

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points l2-ap epipe-sap-template

Description

This command specifies which SAP parameter template should be applied to the l2-ap SAP. This can only be changed when the l2-ap is shut down.

The no form of this command removes the template, the SAP will use default parameters.

Parameters

name

Specifies the name of the template to use

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

epipe-sap-template

Syntax

epipe-sap-template name [create]

no epipe-sap-template name

Context

[Tree] (config>service>template epipe-sap-template)

Full Context

configure service template epipe-sap-template

Description

This command specifies which SAP parameter template should be applied to the l2-ap SAP. This can only be changed when the l2-ap is shutdown.

The no form of this command removes the template, the SAP will use default parameters.

Parameters

name

Specifies the SAP template name associated with this template.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

error

error

Syntax

[no] error [neighbor ip-int-name | ip-address]

Context

[Tree] (debug>router>rip error)

Full Context

debug router rip error

Description

This command enables debugging for RIP errors.

Parameters

ip-int-name | ip-address

Debugs the RIP errors sent on the neighbor IP address or interface.

Platforms

All

error

Syntax

[no] error [neighbor ip-int-name | ipv6-address]

Context

[Tree] (debug>router>ripng error)

Full Context

debug router ripng error

Description

This command enables debugging for RIPng errors.

Parameters

ip-int-name| ipv6-address

Debugs the RIPng errors sent on the neighbor IP address or interface.

Platforms

All

error

Syntax

[no] error

Context

[Tree] (debug>router>pcep>pcc error)

[Tree] (debug>router>pcep>pcc>conn error)

Full Context

debug router pcep pcc error

debug router pcep pcc connection error

Description

This command enables debugging for PCC or connection errors.

The no form of this command disables debugging.

Platforms

All

error

Syntax

[no] error

Context

[Tree] (debug>router>pcep>pce error)

[Tree] (debug>router>pcep>pce>conn error)

Full Context

debug router pcep pce error

debug router pcep pce connection error

Description

This command enables debugging for PCE or connection errors.

The no form of this command disables debugging.

Platforms

VSR-NRC

error-code

error-code

Syntax

error-code error-code [custom-msg-size custom-msg-size]

no error-code error-code

Context

[Tree] (config>app-assure>group>http-error-redirect error-code)

Full Context

configure application-assurance group http-error-redirect error-code

Description

This command refers to which HTTP status codes a redirect action is applied. Only messages with sizes less than that configured here (custom-msg-size) are eligible for redirect action.

The no form of this command removes the parameters from the configuration.

Parameters

error-code

Specifies the error code for an HTTP error redirect.

Values

0 to 4294967295, of which 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 451, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 730, 731, and 735 are supported for redirect

custom-msg-size

Specifies the maximum message size above which redirect will not be done.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

error-drop

error-drop

Syntax

error-drop [event-log event-log-name]

no error-drop

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action error-drop)

Full Context

configure application-assurance group policy app-qos-policy entry action error-drop

Description

This command configures a drop action for error flows (bad IP checksums, tcp/udp port 0, and so on).

Default

no error-drop

Parameters

event-log-name

Specifies the event log name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

error-drop

Syntax

error-drop direction direction [create]

no error-drop direction direction

Context

[Tree] (config>app-assure>group>statistics>tca error-drop)

Full Context

configure application-assurance group statistics threshold-crossing-alert error-drop

Description

This command configures a TCA for the counter capturing error drops. An error drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating an error-drop TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the error drop TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

error-handling

error-handling

Syntax

error-handling

Context

[Tree] (config>service>vprn>bgp>group error-handling)

[Tree] (config>service>vprn>bgp>group>neighbor error-handling)

[Tree] (config>service>vprn>bgp error-handling)

Full Context

configure service vprn bgp group error-handling

configure service vprn bgp group neighbor error-handling

configure service vprn bgp error-handling

Description

This command specifies whether the error handling mechanism for optional transitive path attributes is enabled for this peer group.

Platforms

All

error-handling

Syntax

error-handling

Context

[Tree] (config>router>bgp error-handling)

[Tree] (config>router>bgp>group>neighbor error-handling)

[Tree] (config>router>bgp>group error-handling)

Full Context

configure router bgp error-handling

configure router bgp group neighbor error-handling

configure router bgp group error-handling

Description

This command specifies whether updated BGP error handling procedures should be applied.

Platforms

All

error-handling-action

error-handling-action

Syntax

error-handling-action {continue | block}

no error-handling-action

Context

[Tree] (config>subscr-mgmt>credit-control-policy error-handling-action)

Full Context

configure subscriber-mgmt credit-control-policy error-handling-action

Description

This command configures the error handling action for the policy.

The no form of this command reverts to the default.

Default

error-handling-action continue

Parameters

continue

Specifies to continue when an error occurs in the CC determination.

block

Specifies to block when an error occurs in the CC determination.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

error-report

error-report

Syntax

[no] error-report

Context

[Tree] (debug>router>rpki-session>packet error-report)

Full Context

debug router rpki-session packet error-report

Description

This command enables debugging for error report RPKI packets.

The no form of this command disables debugging for error report RPKI packets.

Platforms

All

errored-frame

errored-frame

Syntax

errored-frame

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-frame)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame

Description

The context used to define errored frame parameters including thresholds, and windows of time to which the error count will be compared. An errored frame is counted when there is any frame error detected by the Ethernet physical layer. This excludes jumbo frames above 9192 bytes which are dropped prior to this function.

Platforms

All

errored-frame-period

errored-frame-period

Syntax

errored-frame-period

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-frame-period)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-period

Description

The context used to define errored frame parameters including thresholds, and windows of received packets to which the error count will be compared. An errored frame is counted when there is any frame error detected by the Ethernet physical layer. This excludes jumbo frames above 9192 bytes which are dropped prior to this function. The received packet count will be checked every one second to see if the window has been reached.

Platforms

All

errored-frame-seconds

errored-frame-seconds

Syntax

errored-frame-seconds

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-frame-seconds)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-seconds

Description

This command defines the errored frame seconds parameters including thresholds, and windows of time to which the error count will be compared. An errored second is any second in which a single frame error occurred. An errored frame is counted when there is any frame error detected by the Ethernet physical layer. This excludes jumbo frames above 9192 bytes that are dropped prior to this function.

Platforms

All

errored-symbols

errored-symbols

Syntax

errored-symbols

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-symbols)

Full Context

configure port ethernet efm-oam link-monitoring errored-symbols

Description

This command defines the symbol error parameters including thresholds, and windows of time (converted to symbols in that time) to which the error count will be compared. A symbol error occurs when any encoded symbol is in error and independent of frame counters.

Platforms

All

errors

errors

Syntax

[no] errors

Context

[Tree] (debug>dynsvc>scripts>script>event errors)

[Tree] (debug>dynsvc>scripts>event errors)

[Tree] (debug>dynsvc>scripts>inst>event errors)

Full Context

debug dynamic-services scripts script event errors

debug dynamic-services scripts event errors

debug dynamic-services scripts instance event errors

Description

This command enables/disables the generation of a specific dynamic data service script debugging event output: errors.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

es-activation-timer

es-activation-timer

Syntax

es-activation-timer seconds

no es-activation-timer

Context

[Tree] (config>service>system>bgp-evpn>eth-seg es-activation-timer)

Full Context

configure service system bgp-evpn ethernet-segment es-activation-timer

Description

This command configures the Ethernet Segment activation timer for a specified Ethernet Segment. The es-activation-timer delays the activation of a specified ethernet-segment on a specified PE that has been elected as DF (Designated Forwarder). Only when the es-activation-timer has expired, the SAP/SDP-binding associated to an ethernet-segment can be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).

If no es-activation-timer is configured, the system uses the value configured in the config>redundancy>bgp-evpn-multi-homing>es-activation-timer context, if configured. Otherwise the system uses a default value of 3 seconds.

Default

no es-activation-timer

Parameters

seconds

Specifies the number of seconds for the es-activation-timer.

Values

0 to 100

Default

3

Platforms

All

es-activation-timer

Syntax

es-activation-timer seconds

Context

[Tree] (config>redundancy>bgp-evpn-multi-homing es-activation-timer)

Full Context

configure redundancy bgp-evpn-multi-homing es-activation-timer

Description

This command configures the global Ethernet-Segment activation timer. The es-activation-timer delays the activation of a specified Ethernet-Segment on a specified PE that has been elected as DF (Designated Forwarder). Only when the es-activation-timer has expired, the SAP/SDP-binding associated to an Ethernet-Segment can be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).

The es-activation-timer configured at the Ethernet-Segment level supersedes this global es-activation-timer.

Default

es-activation-timer 3

Parameters

seconds

Specifies the number of seconds for the es-activation-timer.

Values

0 to 100

Platforms

All

es-orig-ip

es-orig-ip

Syntax

es-orig-ip ip-address

no es-orig-ip

Context

[Tree] (config>service>system>bgp-evpn>eth-seg es-orig-ip)

Full Context

configure service system bgp-evpn ethernet-segment es-orig-ip

Description

This command modifies the Originating IP field advertised in the ES route for a given Ethernet Segment. By default, the Originating IP is the system-ip of the PE. However, this value can be changed to the IPv4 or IPv6 address configured with this command.

With the es-orig-ip configured, ES shutdown is required, for the following cases:

  • When adding Local ES routes, the command changes how the ES routes are added to the candidate list; the configured IP address is added, instead of the system-ip.

  • When advertising local ES routes, the configured IP address is used for the orig-ip of the route.

The no form of the command changes the originating IP address back to the system-ip.

Default

no es-orig-ip

Parameters

ip-address

Specifies an IPv4 or IPv6 address.

Values

{ip-address | ipv6-address}

Platforms

All

esa

esa

Syntax

esa esa-id [create]

no esa esa-id

Context

[Tree] (config esa)

Full Context

configure esa

Description

This command configures or creates an ESA instance with an identifier.

The no form of this command removes the ESA from the system.

Parameters

esa-id

Specifies the ESA identifier.

Values

1 to 16

create

Mandatory keyword used when creating an ESA instance in the config context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

esa-vm

esa-vm

Syntax

[no] esa-vm [esa-id/vm-id]

Context

[Tree] (config>isa>tunnel-group esa-vm)

Full Context

configure isa tunnel-group esa-vm

Description

This command specifies the tunnel ESA VM for the tunnel group. The ISA and ESA VM cannot co-exist in the same tunnel group.

Parameters

esa-id

Specifies the ESA id

Values

1 to 16

vm-id

Specifies the VM id

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

esa-vm

Syntax

[no] esa-vm [esa-id/vm-id]

Context

[Tree] (config>isa>tunnel-mem-pool esa-vm)

Full Context

configure isa tunnel-member-pool esa-vm

Description

This command configures the tunnel ESA VM for the tunnel member pool. The ISA and ESA VM cannot coexist in the same tunnel member group.

The no form of this command removes the ESA VM from the tunnel member pool.

Parameters

esa-id

Specifies the ESA ID.

Values

1 to 16

vm-id

Specifies the VM ID.

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

esa-vm

Syntax

esa-vm vapp-id [drain]

no esa-vm vapp-id

Context

[Tree] (config>isa>lns-group esa-vm)

Full Context

configure isa lns-group esa-vm

Description

This command specifies the ISA and ESA VM to be used in the LNS group.

Parameters

vapp-id

Displays the ID of the configured ESA and ESA VM.

Values

vapp-id:

esa-id/vm-id

esa-id

1 to 16

vm-id

1 to 4

drain

Specifies the draining of the ESA VM. The drain function gracefully redirects subscribers to other ESA VMs as it does not allow new subscribers to use the ESA VM. Eventually, the ESA VM will not service any subscriber and can be decommissioned gracefully.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

esa-vm

Syntax

[no] esa-vm vapp-id

Context

[Tree] (config>isa>wlan-group esa-vm)

Full Context

configure isa wlan-group esa-vm

Description

This command configures the ESA VM for the WLAN-GW group. It requires group redundancy to be configured in MDA mode.

Parameters

vapp-id

Specifies the ID of the ESA and ESA VM to configure.

Values

vapp-id:

esa-id/vm-id

esa-id

1 to 16

vm-id

1 to 4

esa-vm

Syntax

[no] esa-vm vapp-id

Context

[Tree] (config>isa>nat-group esa-vm)

Full Context

configure isa nat-group esa-vm

Description

This command assigns an ESA-VM to a NAT group.

Parameters

vapp-id

Specifies the ESA and VM identifying a provisioned BB ISA.

Values

vapp-id:

esa-id/vm-id

esa-id

1 to 16

vm-id

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

esa-vm

Syntax

[no] esa-vm vapp-id

Context

[Tree] (config>isa>video-group esa-vm)

Full Context

configure isa video-group esa-vm

Description

This command assigns an ESA-VM to a video group.

The no form of this command removes the specified ESA-VM from the video group.

Default

no esa-vm

Parameters

vapp-id

Specifies the ESA and VM ID of the configured ESA-VM.

Values

vapp-id:

esa-id/vm-id

esa-id

1 to 16

vm-id

1 to 4

Platforms

7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

esi

esi

Syntax

esi value

no esi

Context

[Tree] (config>service>system>bgp-evpn>eth-seg esi)

Full Context

configure service system bgp-evpn ethernet-segment esi

Description

This command configures the 10-byte Ethernet Segment identifier (ESI) associated to the Ethernet-Segment that will be signaled in the BGP-EVPN routes. The ESI value cannot be changed unless the Ethernet-Segment is shutdown. Reserved esi values (0 and MAX-ESI) are not allowed.

Default

no esi

Parameters

value

Specifies the 10-byte esi.

Values

00-11-22-33-44-55-66-77-88-99

Using any of these separators ('-',':')

Platforms

All

esm

esm

Syntax

[no] esm

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>ue-state esm)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query ue-state esm

Description

This command enables matching on ESM UEs.

The no form of this command disables matching on DSM UEs, unless UE state matching is disabled altogether.

Default

no esm

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

esm

Syntax

[no] esm

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state esm)

Full Context

configure subscriber-mgmt wlan-gw ue-query state esm

Description

This command enables matching on UEs in an ESM state.

The no form of this command disables matching on UEs in an ESM state, unless all state matching is disabled.

Default

no esm

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

esmc-tunnel

esmc-tunnel

Syntax

[no] esmc-tunnel

Context

[Tree] (config>port>ethernet>ssm esmc-tunnel)

Full Context

configure port ethernet ssm esmc-tunnel

Description

This command allows ESMC frames that are received into the Ethernet port to be tunneled in an Epipe or VPLS service. This is not recommended because it breaks the concepts inherent in Synchronous Ethernet, however it is required for compliance to MEF 6.1.1 EPL Option 2.

The no form of this command extracts the ESMC frames upon reception by the port. The ESMC frames are not tunneled through the service.

Default

no esmc-tunnel

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

esp-auth-algorithm

esp-auth-algorithm

Syntax

esp-auth-algorithm {null | md5 | sha1 | sha256 | sha384 | sha512 | aes-xcbc | auth-encryption}

no esp-auth-algorithm

Context

[Tree] (config>ipsec>transform esp-auth-algorithm)

Full Context

configure ipsec ipsec-transform esp-auth-algorithm

Description

This command specifies which hashing algorithm should be used for the authentication function Encapsulating Security Payload (ESP). Both ends of a manually configured tunnel must share the same configuration parameters for the IPsec tunnel to enter the operational state.

The no form of this command disables the authentication.

Default

esp-auth-algorithm sha1

Parameters

null

This is a very fast algorithm specified in RFC 2410, which provides no authentication.

md5

This parameter configures ESP to use the hmac-md5 algorithm for authentication.

sha1

This parameter configures ESP to use the hmac-sha1 algorithm for authentication.

sha256

This parameter configures ESP to use the sha256 algorithm for authentication.

sha384

This parameter configures ESP to use the sha384 algorithm for authentication.

sha512

This parameter configures ESP to use the sha512 algorithm for authentication.

aes-xcbc

Specifies the aes-xcbc algorithm for authentication.

auth-encryption

This parameter must be configured when esp-encryption-algorithm is either aes-gcm or aes-gmac.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

esp-auth-algorithm

Syntax

esp-auth-algorithm {sha256 | sha512}

no esp-auth-algorithm

Context

[Tree] (config>grp-encryp>encryp-keygrp esp-auth-algorithm)

Full Context

configure group-encryption encryption-keygroup esp-auth-algorithm

Description

This command specifies the hashing algorithm used to perform authentication on the Encapsulating Security Payload (ESP) within NGE packets for services configured using this key group. All SPI entries must be deleted before the no form of the command may be entered or the esp-auth-algorithm value changed from its current value.

The no form of the command reverts to the default value.

Default

esp-auth-algorithm sha256

Parameters

sha256

Configures the ESP to use the HMAC-SHA-256 algorithm for authentication.

sha512

Configures the ESP to use the HMAC-SHA-512 algorithm for authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

esp-encryption-algorithm

esp-encryption-algorithm

Syntax

esp-encryption-algorithm {null | des | 3des | aes128 | aes192 | aes256| aes128-gcm8 | aes128-gcm12 | aes128-gcm16 | aes192-gcm8 | aes192-gcm12 | aes192-gcm16 | aes256-gcm8 | aes256-gcm12 | aes256-gcm16 | null-aes128-gmac | null-aes192-gmac | null-aes256-gmac}

no esp-encryption-algorithm

Context

[Tree] (config>ipsec>ipsec-transform esp-encryption-algorithm)

Full Context

configure ipsec ipsec-transform esp-encryption-algorithm

Description

This command specifies the encryption algorithm to use for the IPsec session. Encryption only applies to esp configurations. If encryption is not defined, esp will not be used.

For IPsec tunnels to come up, both ends need to be configured with the same encryption algorithm.

The no form of this command removes the specified encryption algorithm.

Note:

When aes-gcm or aes-gmac is configured:

  • esp-auth-algorithm must be set to auth-encryption

  • the system will not include the authentication algorithm in the ESP proposal of the SA payload

  • ipsec-transform cannot be used for manual keying

Default

esp-encryption-algorithm aes128

Parameters

null

This parameter configures the high-speed null algorithm, which does nothing. This is the same as not having encryption turned on.

des

This parameter configures the 56-bit des algorithm for encryption. This is an older algorithm, with relatively weak security. Although slightly better than no encryption, it should only be used where a strong algorithm is not available on both ends at an acceptable performance level.

3des

This parameter configures the 3-des algorithm for encryption. This is a modified application of the des algorithm which uses multiple des operations to make things more secure.

aes128

This parameter configures the aes algorithm with a block size of 128 bits. This is the mandatory implementation size for aes. As of today, this is a very strong algorithm choice.

aes192

This parameter configures the aes algorithm with a block size of 192 bits. This is a stronger version of aes.

aes256

This parameter configures the aes algorithm with a block size of 256 bits. This is the strongest available version of aes.

aes128-gcm8

Configures ESP to use aes-gcm with a 128-bit key size and an 8-byte ICV for encryption and authentication.

aes128-gcm12

Configures ESP to use aes-gcm with a 128-bit key size and a 12-byte ICV for encryption and authentication.

aes128-gcm16

Configures ESP to use aes-gcm with a 128-bit key size and a 16-byte ICV for encryption and authentication.

aes192-gcm8

Configures ESP to use aes-gcm with a 192-bit key size and an 8-byte ICV for encryption and authentication.

aes192-gcm12

Configures ESP to use aes-gcm with a 192-bit key size and a 12-byte ICV for encryption and authentication.

aes192-gcm16

Configures ESP to use aes-gcm with a 192-bit key size and a 16-byte ICV for encryption and authentication.

aes256-gcm8

Configures ESP to use aes-gcm with a 256-bit key size and an 8-byte ICV for encryption and authentication.

aes256-gcm12

Configures ESP to use aes-gcm with a 256-bit key size and a 12-byte ICV for encryption and authentication.

aes128-gcm16

Configures ESP to use aes-gcm with a 256-bit key size and a 16-byte ICV for encryption and authentication.

null-aes128gmac

Configures ESP to use aes-gmac with a 128-bit key size for authentication only.

null-aes192gmac

Configures ESP to use aes-gmac with a 192-bit key size for authentication only.

null-aes256gmac

Configures ESP to use aes-gmac with a 256-bit key size for authentication only.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

esp-encryption-algorithm

Syntax

esp-encryption-algorithm {aes128 | aes256}

no esp-encryption-algorithm

Context

[Tree] (config>grp-encryp>encryp-keygrp esp-encryption-algorithm)

Full Context

configure group-encryption encryption-keygroup esp-encryption-algorithm

Description

This command specifies the encryption algorithm used to perform encryption on the Encapsulating Security Payload (ESP) within NGE packets for services configured using this key group. All SPI entries must be deleted before the no form of the command may be entered or the esp-encryption-algorithm value changed from its current value.

The no form of the command resets the parameter to the default value.

Default

esp-encryption-algorithm aes128

Parameters

aes128

Configures the AES algorithm with a block size of 128 bits—a very strong algorithm choice.

aes256

Configures the AES algorithm with a block size of 256 bits—the strongest available version of AES.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

esp-ext-hdr

esp-ext-hdr

Syntax

esp-ext-hdr {true | false}

no esp-ext-hdr

Context

[Tree] (config>filter>ipv6-filter>entry>match esp-ext-hdr)

Full Context

configure filter ipv6-filter entry match esp-ext-hdr

Description

This command enables match on existence of ESP Extension Header in the IPv6 filter policy.

The no form of this command ignores ESP Extension Header presence/absence in a packet when evaluating match criteria of a given filter policy entry.

Default

no esp-ext-hdr

Parameters

true

Matches a packet with an ESP Extension Header.

false

Matches a packet without an ESP Extension Header.

Platforms

All

ess-system-type

ess-system-type

Syntax

[no] ess-system-type

Context

[Tree] (bof ess-system-type)

Full Context

bof ess-system-type

Description

This command allows a new RoHS compliant 7750 SR-12 or 7750 SR-7 chassis to operate as an 7450 ESS-12 or 7450 ESS-7 system.

After entering this command, the system must be rebooted for the change to take effect.

If the RoHS compliant 7750 SR-12 or 7750 SR-7 chassis is operating as an 7450 ESS system, it can operate with either the 7750 SR or 7450 ESS CPM (subject to SR OS support) but both should always be the same type. See the SR OS release notes for information about the cards supported in 7750 SR and 7450 ESS.

In addition, the system can operate with supported 7450 ESS or 7750 SR IOMs, MDAs, and IMMs.

The no form of this command disables this mode of operation and returns the system to a 7750 SR chassis type operation on the next reboot.

Default

no ess-system-type

Platforms

7750 SR-7/12

est

est

Syntax

est

Context

[Tree] (admin>certificate est)

Full Context

admin certificate est

Description

Commands in this context configure Enrollment over Secure Transport (EST) parameters.

Platforms

All

eth-bn

eth-bn

Syntax

eth-bn

Context

[Tree] (config>port>ethernet>eth-cfm>mep eth-bn)

Full Context

configure port ethernet eth-cfm mep eth-bn

Description

Commands in this context configure Ethernet Bandwidth Notification (ETH-BN) message handling.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-bn-egress-rate-changes

eth-bn-egress-rate-changes

Syntax

eth-bn-egress-rate-changes

no eth-bn-egress-rate-changes

Context

[Tree] (config>port>ethernet eth-bn-egress-rate-changes)

Full Context

configure port ethernet eth-bn-egress-rate-changes

Description

This command allows rate changes received in ETH-BN messages on a port-based MEP to update the egress rate used on the port. The egress rate is capped by the minimum of the configured egress-rate and the maximum port rate, and the minimum egress rate is 1 kb/s. The no form of this command returns the value to the default.

Default

no eth-bn-egress-rate-changes

Platforms

All

eth-cfm

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>eth-tunnel>path eth-cfm)

Full Context

configure eth-tunnel path eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>lag eth-cfm)

[Tree] (config>port>ethernet eth-cfm)

Full Context

configure lag eth-cfm

configure port ethernet eth-cfm

Description

Commands in this context configure 802.1ag CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>service>epipe>sap eth-cfm)

[Tree] (config>service>epipe eth-cfm)

[Tree] (config>service>epipe>spoke-sdp eth-cfm)

[Tree] (config>service>ipipe>sap eth-cfm)

Full Context

configure service epipe sap eth-cfm

configure service epipe eth-cfm

configure service epipe spoke-sdp eth-cfm

configure service ipipe sap eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>service>vpls eth-cfm)

[Tree] (config>service>vpls>spoke-sdp eth-cfm)

[Tree] (config>service>vpls>mesh-sdp eth-cfm)

[Tree] (config>service>vpls>sap eth-cfm)

Full Context

configure service vpls eth-cfm

configure service vpls spoke-sdp eth-cfm

configure service vpls mesh-sdp eth-cfm

configure service vpls sap eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>service>ies>sub-if>grp-if>sap eth-cfm)

[Tree] (config>service>ies>if>spoke-sdp eth-cfm)

[Tree] (config>service>ies eth-cfm)

[Tree] (config>service>ies>if>sap eth-cfm)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm

configure service ies interface spoke-sdp eth-cfm

configure service ies eth-cfm

configure service ies interface sap eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm
  • configure service ies interface spoke-sdp eth-cfm
  • configure service ies eth-cfm

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>service>vprn>if>spoke-sdp eth-cfm)

[Tree] (config>service>vprn>sub-if>grp-if>sap eth-cfm)

[Tree] (config>service>vprn eth-cfm)

[Tree] (config>service>vprn>if>sap eth-cfm)

Full Context

configure service vprn interface spoke-sdp eth-cfm

configure service vprn subscriber-interface group-interface sap eth-cfm

configure service vprn eth-cfm

configure service vprn interface sap eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm
  • configure service vprn eth-cfm
  • configure service vprn interface spoke-sdp eth-cfm

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm

eth-cfm

Syntax

eth-cfm

Context

[Tree] (debug eth-cfm)

Full Context

debug eth-cfm

Description

Commands in this context configure ETH-CFM debugging functions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>router>if eth-cfm)

Full Context

configure router interface eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>eth-ring>path eth-cfm)

Full Context

configure eth-ring path eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config eth-cfm)

Full Context

configure eth-cfm

Description

Commands in this context configure 802.1ag CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm

Syntax

[no] eth-cfm

Context

[Tree] (config>sys>security>cpu-protection>policy eth-cfm)

Full Context

configure system security cpu-protection policy eth-cfm

Description

Provides the construct under which the different entries within CPU policy can define the match criteria and overall arrival rate of the Ethernet Configuration and Fault Management (ETH-CFM) packets at the CPU.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

eth-cfm

Syntax

eth-cfm

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth eth-cfm)

Full Context

configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet eth-cfm

Description

Commands in this context configure the ETH-CFM source MEP for the service activation test stream.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

eth-cfm-linktrace

eth-cfm-linktrace

Syntax

eth-cfm-linktrace {mac-address | remote-mepid mep-id} mep mep-id domain md-index association ma-index [ttl ttl-value] [fc {fc-name} [profile {in | out}]] [count send-count] [timeout timeout] [interval interval]

Context

[Tree] (config>saa>test>type eth-cfm-linktrace)

Full Context

configure saa test type eth-cfm-linktrace

Description

This command configures a CFM linktrace test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

ttl-value

Specifies the maximum number of hops traversed in the linktrace.

Values

1 to 255

Default

64

fc-name

Specifies the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

profile {in | out}

Specifies the profile state of the MPLS echo request encapsulation.

Default

in

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must be expired before the next message request is sent.

Values

1 to 10

Default

1

timeout

Specifies the time, to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

Values

1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm-loopback

eth-cfm-loopback

Syntax

eth-cfm-loopback {mac-address | remote-mepid mep-id} mep mep-id domain md-index association ma-index [size data-size] [fc {fc-name} [profile {in | out}]] [count send-count] [timeout timeout] [interval interval]

Context

[Tree] (config>saa>test>type eth-cfm-loopback)

Full Context

configure saa test type eth-cfm-loopback

Description

This command configures an Ethernet CFM loopback test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

data-size

This is the size of the data portion of the data TLV. If 0 is specified, no data TLV is added to the packet.

Values

0 to 1500

Default

0

fc-name

Specifies the fc parameter that is used to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

profile {in | out}

Specifies the profile state of the MPLS echo request encapsulation.

Default

in

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must be expired before the next message request is sent.

Values

1 to 100

Default

1

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

Values

1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm-two-way-delay

eth-cfm-two-way-delay

Syntax

eth-cfm-two-way-delay {mac-address | remote-mepid mep-id} mep mep-id domain md-index association ma-index [fc {fc-name} [profile {in | out}]] [count send-count] [timeout timeout] [interval interval]

Context

[Tree] (config>saa>test>type eth-cfm-two-way-delay)

Full Context

configure saa test type eth-cfm-two-way-delay

Description

This command configures an Ethernet CFM two-way delay test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

fc-name

Specifies the fc parameter that is used to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. The message interval value must be expired before the next message request is sent.

Values

1 to 100

Default

1

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, expressed as a decimal integer. This parameter is used to configure the spacing between probes within a test run.

Values

0.1 to 0.9, 1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-cfm-two-way-slm

eth-cfm-two-way-slm

Syntax

eth-cfm-two-way-slm {mac-address | remote-mepid mep-id} mep mep-id domain md-index association ma-index [fc {fc-name} [profile {in | out}]] [count send-count] [size data-size] [timeout timeout] [interval interval]

Context

[Tree] (config>saa>test>type eth-cfm-two-way-slm)

Full Context

configure saa test type eth-cfm-two-way-slm

Description

This command configures an Ethernet CFM two-way SLM test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

fc-name

Specifies the fc parameter that is to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

profile {in | out}

The profile state of the MPLS echo request encapsulation.

Default

in

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. The message interval value must be expired before the next message request is sent.

Values

1 to 1000

Default

1

data-size

Specifies the size of the data portion of the data TLV. If 0 is specified, no data TLV is added to the packet.

Values

0 to 1500

Default

0

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, used to configure the spacing between probes within a test run.

Values

0.1 to 0.9, 1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-ed

eth-ed

Syntax

eth-ed

Context

[Tree] (config>port>ethernet>eth-cfm>mep>grace eth-ed)

[Tree] (config>eth-ring>path>eth-cfm>mep>grace eth-ed)

[Tree] (config>lag>eth-cfm>mep>grace eth-ed)

[Tree] (config>eth-tunnel>path>eth-cfm>mep>grace eth-ed)

Full Context

configure port ethernet eth-cfm mep grace eth-ed

configure eth-ring path eth-cfm mep grace eth-ed

configure lag eth-cfm mep grace eth-ed

configure eth-tunnel path eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-ed

Syntax

eth-ed

Context

[Tree] (config>service>ipipe>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>epipe>sap>eth-cfm>mep>grace eth-ed)

Full Context

configure service ipipe sap eth-cfm mep grace eth-ed

configure service epipe spoke-sdp eth-cfm mep grace eth-ed

configure service epipe sap eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-ed

Syntax

eth-ed

Context

[Tree] (config>service>vpls>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vpls>sap>eth-cfm>mep>grace eth-ed)

Full Context

configure service vpls eth-cfm mep grace eth-ed

configure service vpls mesh-sdp eth-cfm mep grace eth-ed

configure service vpls spoke-sdp eth-cfm mep grace eth-ed

configure service vpls sap eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-ed

Syntax

eth-ed

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>ies>if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep>grace eth-ed)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed

configure service ies interface sap eth-cfm mep grace eth-ed

configure service ies interface spoke-sdp eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface spoke-sdp eth-cfm mep grace eth-ed
  • configure service ies interface sap eth-cfm mep grace eth-ed

eth-ed

Syntax

eth-ed

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace eth-ed)

Full Context

configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed

configure service vprn interface sap eth-cfm mep grace eth-ed

configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep grace eth-ed
  • configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed

eth-ed

Syntax

eth-ed

Context

[Tree] (config>router>if>eth-cfm>mep>grace eth-ed)

Full Context

configure router interface eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-legacy-fault-notification

eth-legacy-fault-notification

Syntax

eth-legacy-fault-notification

Context

[Tree] (config>service>ipipe eth-legacy-fault-notification)

Full Context

configure service ipipe eth-legacy-fault-notification

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

eth-ring

eth-ring

Syntax

eth-ring ring-id

no eth-ring

Context

[Tree] (config>service>vpls eth-ring)

Full Context

configure service vpls eth-ring

Description

This command configures a VPLS SAP to be associated with an Ethernet ring. The SAP port ID is associated with the corresponding Ethernet ring path configured on the same port ID. The encapsulation type must be compatible with the Ethernet ring path encapsulation.

The no form of this command removes the Ethernet ring association from this SAP.

Default

no eth-ring

Parameters

ring-id

Specifies the ring ID.

Values

1 to 128

Platforms

All

eth-ring

Syntax

eth-ring ring-index

no eth-ring

Context

[Tree] (config eth-ring)

Full Context

configure eth-ring

Description

This command configures a G.8032 protected Ethernet ring. G.8032 Rings may be configured as major rings with two paths (a&b) or as sub-rings with two paths, or in the case of an interconnection node a single path.

The no form of this command deletes the Ethernet ring specified by the ring-id.

Default

no eth-ring

Parameters

ring-index

Specifies the ring ID.

Values

1 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-sat

eth-sat

Syntax

eth-sat sat-id [create]

no eth-sat sat-id

Context

[Tree] (config>system>satellite eth-sat)

Full Context

configure system satellite eth-sat

Description

This command enables the specified Ethernet satellite configuration context.

The no form of the command deletes the specified Ethernet satellite.

Parameters

sat-id

Specifies the satellite ID for the associated Ethernet satellite.

Values

1 to 20

create

Creates a new Ethernet satellite context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-sat

Syntax

eth-sat sat-id

Context

[Tree] (admin>satellite eth-sat)

Full Context

admin satellite eth-sat

Description

This command can be used to perform administrative functions on the specified Ethernet-satellite chassis.

Parameters

sat-id

Specifies the Ethernet-satellite chassis.

Values

1 to 20

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-tag

eth-tag

Syntax

eth-tag tag-value

no eth-tag

Context

[Tree] (config>service>epipe>bgp-evpn>remote-attachment-circuit eth-tag)

[Tree] (config>service>epipe>bgp-evpn>local-attachment-circuit eth-tag)

Full Context

configure service epipe bgp-evpn remote-attachment-circuit eth-tag

configure service epipe bgp-evpn local-attachment-circuit eth-tag

Description

This command configures the Ethernet tag value. When configured in the local-attachment-circuit context, the system uses the value in the advertised AD per-EVI route sent for the attachment circuit. When configured in the remote-attachment-circuit context the system compares that value with the eth-tag value of the imported AD per-EVI routes for the service. If there is a match, the system creates an EVPN destination for the Epipe.

Parameters

tag-value

Specifies the Ethernet tag value of the attachment circuit.

Values

1 to 16777215

Platforms

All

eth-test

eth-test

Syntax

eth-test {mac-address | remote-mepid mep-id} mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

Context

[Tree] (oam>eth-cfm eth-test)

Full Context

oam eth-cfm eth-test

Description

This command initiates an ETH-CFM test. The implementation supports a single ETH-TST PDU to check unidirectional reachability, launched from a source MEP and terminated on the remote MEP with no response PDU toward the source.

Parameters

mac-address

Specifies a unicast destination MAC address.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID of the peer within the association. The domain and association information are derived from the source mep for the session. The Layer 2 IEEE MAC address is resolved from previously-learned remote MAC addressing, derived from the reception and processing of the ETH-CC PDU. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

priority

Specifies the priority of the frame. The priority can be manipulated by QoS policies.

Values

0 to 7

Default

7

data-length

Specifies the size of the padding to be added to the frame.

Values

64 to 1500

Default

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-test-enable

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep eth-test-enable)

Full Context

configure eth-tunnel path eth-cfm mep eth-test-enable

Description

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>router>if>eth-cfm>mep eth-test-enable)

[Tree] (config>lag>eth-cfm>mep eth-test-enable)

[Tree] (config>port>ethernet>eth-cfm>mep eth-test-enable)

Full Context

configure router interface eth-cfm mep eth-test-enable

configure lag eth-cfm mep eth-test-enable

configure port ethernet eth-cfm mep eth-test-enable

Description

For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

The no form of this command disables eth-test capabilities.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep eth-test-enable)

[Tree] (config>service>ipipe>sap>eth-cfm>mep eth-test-enable)

Full Context

configure service epipe sap eth-cfm mep eth-test-enable

configure service epipe spoke-sdp eth-cfm mep eth-test-enable

configure service ipipe sap eth-cfm mep eth-test-enable

Description

For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is performed for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP indicates the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep eth-test-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep eth-test-enable)

Full Context

configure service vpls spoke-sdp eth-cfm mep eth-test-enable

configure service vpls sap eth-cfm mep eth-test-enable

configure service vpls mesh-sdp eth-cfm mep eth-test-enable

Description

For ETH-test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep eth-test-enable)

[Tree] (config>service>ies>if>sap>eth-cfm>mep eth-test-enable)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep eth-test-enable

configure service ies interface spoke-sdp eth-cfm mep eth-test-enable

configure service ies interface sap eth-cfm mep eth-test-enable

Description

For ETH-test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep eth-test-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep eth-test-enable
  • configure service ies interface spoke-sdp eth-cfm mep eth-test-enable

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>service>vprn>if>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm eth-test-enable)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep eth-test-enable)

Full Context

configure service vprn interface sap eth-cfm mep eth-test-enable

configure service vprn subscriber-interface group-interface sap eth-cfm eth-test-enable

configure service vprn interface spoke-sdp eth-cfm mep eth-test-enable

Description

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm mep eth-test-enable
  • configure service vprn interface sap eth-cfm mep eth-test-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm eth-test-enable

eth-test-enable

Syntax

[no] eth-test-enable

Context

[Tree] (config>eth-ring>path>eth-cfm>mep eth-test-enable)

Full Context

configure eth-ring path eth-cfm mep eth-test-enable

Description

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-tunnel

eth-tunnel

Syntax

eth-tunnel

Context

[Tree] (config>router>l2tp>group eth-tunnel)

[Tree] (config>service>vprn>l2tp>group eth-tunnel)

[Tree] (config>router>l2tp eth-tunnel)

[Tree] (config>service>vprn>l2tp eth-tunnel)

Full Context

configure router l2tp group eth-tunnel

configure service vprn l2tp group eth-tunnel

configure router l2tp eth-tunnel

configure service vprn l2tp eth-tunnel

Description

Commands in this context configure Ethernet tunnel client parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

eth-tunnel

Syntax

[no] eth-tunnel tunnel-index

Context

[Tree] (config eth-tunnel)

Full Context

configure eth-tunnel

Description

This command configures a G.8031 protected Ethernet tunnel.

The no form of this command deletes the Ethernet tunnel specified by the tunnel-id.

Parameters

tunnel-index

Specifies the tunnel index.

Values

1 to 1024

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-tunnel

Syntax

eth-tunnel tunnel-id

Context

[Tree] (config>service>vpls eth-tunnel)

Full Context

configure service vpls eth-tunnel

Description

This command associates a BVPLS SAP with the global Ethernet tunnel object specified by tunnel-id. Only one-to-one mapping between SAP and Ethernet tunnel is supported in the initial implementation. The global eth-tunnel tunnel-id with at least a member port must be configured in advance for the command to be successful. A SAP will be instantiated using the active path components (member port and control-tag) for VPLS forwarding. The last member port in the Ethernet tunnel cannot be deleted if there is a SAP configured on that eth-tunnel. This command is only available in the BVPLS context.

The no form of this command removes the sap from the Ethernet tunnel object.

Default

no sap is specified

Parameters

tunnel-id

Specifies the value of the Ethernet tunnel identifier to be used for the SAP.

Values

1 to 64

Platforms

All

eth-tunnel

Syntax

eth-tunnel

Context

[Tree] (config>service>ipipe>sap eth-tunnel)

[Tree] (config>service>epipe>sap eth-tunnel)

Full Context

configure service ipipe sap eth-tunnel

configure service epipe sap eth-tunnel

Description

Commands in this context configure Ethernet tunnel SAP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-tunnel

Syntax

eth-tunnel

Context

[Tree] (config>service>vpls>sap eth-tunnel)

Full Context

configure service vpls sap eth-tunnel

Description

Commands in this context configure Ethernet tunnel SAP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-vsm-grace

eth-vsm-grace

Syntax

eth-vsm-grace

Context

[Tree] (config>port>ethernet>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>lag>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>eth-ring>path>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>eth-tunnel>path>eth-cfm>mep>grace eth-vsm-grace)

Full Context

configure port ethernet eth-cfm mep grace eth-vsm-grace

configure lag eth-cfm mep grace eth-vsm-grace

configure eth-ring path eth-cfm mep grace eth-vsm-grace

configure eth-tunnel path eth-cfm mep grace eth-vsm-grace

Description

Commands in this context configure Nokia ETH-CFM Grace functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-vsm-grace

Syntax

eth-vsm-grace

Context

[Tree] (config>service>ipipe>sap>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>epipe>sap>eth-cfm>mep>grace eth-vsm-grace)

Full Context

configure service ipipe sap eth-cfm mep grace eth-vsm-grace

configure service epipe spoke-sdp eth-cfm mep grace eth-vsm-grace

configure service epipe sap eth-cfm mep grace eth-vsm-grace

Description

Commands in this context configure Nokia ETH-CFM Grace functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-vsm-grace

Syntax

eth-vsm-grace

Context

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>vpls>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>vpls>sap>eth-cfm>mep>grace eth-vsm-grace)

Full Context

configure service vpls mesh-sdp eth-cfm mep grace eth-vsm-grace

configure service vpls eth-cfm mep grace eth-vsm-grace

configure service vpls spoke-sdp eth-cfm mep grace eth-vsm-grace

configure service vpls sap eth-cfm mep grace eth-vsm-grace

Description

Commands in this context configure Nokia ETH-CFM Grace functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

eth-vsm-grace

Syntax

eth-vsm-grace

Context

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>ies>if>sap>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace eth-vsm-grace)

Full Context

configure service ies interface spoke-sdp eth-cfm mep grace eth-vsm-grace

configure service ies interface sap eth-cfm mep grace eth-vsm-grace

configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-vsm-grace

Description

Commands in this context configure Nokia ETH-CFM Grace functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface spoke-sdp eth-cfm mep grace eth-vsm-grace
  • configure service ies interface sap eth-cfm mep grace eth-vsm-grace

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-vsm-grace

eth-vsm-grace

Syntax

eth-vsm-grace

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep>grace eth-vsm-grace)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace eth-vsm-grace)

Full Context

configure service vprn interface spoke-sdp eth-cfm mep grace eth-vsm-grace

configure service vprn interface sap eth-cfm mep grace eth-vsm-grace

configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-vsm-grace

Description

Commands in this context configure Nokia ETH-CFM Grace functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm mep grace eth-vsm-grace
  • configure service vprn interface sap eth-cfm mep grace eth-vsm-grace

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-vsm-grace

eth-vsm-grace

Syntax

eth-vsm-grace

Context

[Tree] (config>router>if>eth-cfm>mep>grace eth-vsm-grace)

Full Context

configure router interface eth-cfm mep grace eth-vsm-grace

Description

Commands in this context configure Nokia ETH-CFM Grace functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ethernet

ethernet

Syntax

ethernet

Context

[Tree] (config>port ethernet)

Full Context

configure port ethernet

Description

This command the context to configure Ethernet port attributes.

This context can only be used when configuring Fast Ethernet, gigabit or 10-G Fast Ethernet or Ethernet LAN ports on an appropriate MDA.

Platforms

All

ethernet

Syntax

ethernet

Context

[Tree] (config>eth-tunnel ethernet)

Full Context

configure eth-tunnel ethernet

Description

Commands in this context configure Ethernet parameters for the Ethernet tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ethernet

Syntax

ethernet

Context

[Tree] (config>service>epipe>sap ethernet)

Full Context

configure service epipe sap ethernet

Description

Commands in this context configure Ethernet properties in this SAP.

Platforms

All

ethernet

Syntax

ethernet

Context

[Tree] (config>test-oam>build-packet>header ethernet)

[Tree] (debug>oam>build-packet>packet>field-override>header ethernet)

Full Context

configure test-oam build-packet header ethernet

debug oam build-packet packet field-override header ethernet

Description

This command causes the associated header to be defined as an Ethernet header template and enables the context to define the Ethernet parameters.

The no form of this command removes the Ethernet header association.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ethernet

Syntax

ethernet

Context

[Tree] (config>oam-pm>session ethernet)

Full Context

configure oam-pm session ethernet

Description

Commands in this context configure the Ethernet specific source and destination information, the priority, and the Ethernet tests tools on the launch point.

Platforms

All

ethernet

Syntax

ethernet

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl ethernet)

Full Context

configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet

Description

Commands in this context configure the Ethernet header parameters and ETH-CFM information used by the testhead tool.

Only the specified header information is included in the frame. At a minimum, the Ethernet destination MAC address and ETH-CFM information must be included.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

ethernet-ctag

ethernet-ctag

Syntax

[no] ethernet-ctag

Context

[Tree] (config>qos>sap-egress ethernet-ctag)

Full Context

configure qos sap-egress ethernet-ctag

Description

This command specifies that the top customer tag should be used for egress reclassification based on dot1p criteria. This command applies to all dot1p criteria configured in a given SAP egress QoS policy.

The no form of this command means that a service delimiting tag will be used for egress reclassification based on dot1p criteria.

Default

no ethernet-ctag

Platforms

All

ethernet-header

ethernet-header

Syntax

ethernet-header [da ieee-address] [sa ieee-address] [etype ethertype]

no ethernet-header

Context

[Tree] (config>li>li-source>nat ethernet-header)

Full Context

configure li li-source nat ethernet-header

Description

This command configures the Ethernet header for the NAT sources.

The no form of this command removes the values from the configuration.

Parameters

da ieee-address

Specifies the destination MAC address field of the of the Ethernet encapsulation used for the NAT subscribers associated with this mirror source up to 30 characters.

sa ieee-address

Specifies the source MAC address field of the of the Ethernet encapsulation used for the NAT subscribers associated with this mirror source up to 30 characters.

ethertype

Specifies the ethertype of the ethernet encapsulation used for the NAT subscribers associated with this mirror source that have an intercept identifier.

Values

1536 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ethernet-segment

ethernet-segment

Syntax

ethernet-segment name [virtual] [create]

no ethernet-segment name

Context

[Tree] (config>service>system>bgp-evpn ethernet-segment)

Full Context

configure service system bgp-evpn ethernet-segment

Description

This command configures an Ethernet Segment instance and its corresponding name. The configuration of the dot1q or qinq nodes is only allowed if the Ethernet Segment (ES) is created as virtual.

For a virtual ES, a port, LAG, or SDP must be created for the ES before configuring a VLAN or vc-id association.

When a port or LAG is added, the type and encap-type values are checked. If the encap-type is dot1q, then only the dot1q node can be configured; the qinq context is not allowed. In the same way, if the encap-type is qinq, then only the qinq node is allowed. A dot1q, qinq, or vc-id range is required for a virtual ES to be operationally active.

Parameters

name

Specifies the 32-character ES name.

virtual

This keyword specifies that the ES is virtual and is associated to logical interfaces, in addition to ports, LAGs, or SDPs.

create

Mandatory keyword for creating an ES.

Platforms

All

etype

etype

Syntax

etype etype-value

no etype

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match etype)

Full Context

configure qos sap-ingress mac-criteria entry match etype

Description

Configures an Ethernet type II value to be used as a service ingress QoS policy match criterion.

The Ethernet type field is a 2-byte field used to identify the protocol carried by the Ethernet frame. For e.g. 0800 is used to identify the IPv4 packets.

The Ethernet type field is used by the Ethernet version-II frames. IEEE 802.3 Ethernet frames do not use the type field. For IEEE 802.3 frames, use the dsap, ssap, or snap-pid fields as match criteria.

The snap-pid field, etype field, ssap, and dsap fields are mutually exclusive and cannot be part of the same match criteria.

The no form of this command removes the previously entered etype field as the match criteria.

Default

no etype

Parameters

etype-value

The Ethernet type II frame Ethertype value to be used as a match criterion expressed in hexadecimal.

Values

0x0600 to 0xFFFF

Platforms

All

etype

Syntax

etype 0x0600..0xffff

no etype

Context

[Tree] (config>filter>mac-filter>entry>match etype)

Full Context

configure filter mac-filter entry match etype

Description

Configures an Ethernet type II Ethertype value to be used as a MAC filter match criterion.

The Ethernet type field is a two-byte field used to identify the protocol carried by the Ethernet frame. For example, 0800 is used to identify the IPv4 packets.

The Ethernet type field is used by the Ethernet version-II frames. IEEE 802.3 Ethernet frames do not use the type field. For IEEE 802.3 frames, use the dsap, ssap or snap-pid fields as match criteria.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria.

The no form of the command removes the previously entered etype field as the match criteria.

Default

no etype

Parameters

0x0600..0xffff

Specifies the Ethernet type II frame Ethertype value to be used as a match criterion expressed in decimal integer or hexadecimal format.

Values

1536 to 65535 or 0x0600 to 0xFFFF

Platforms

All

etype

Syntax

etype 0x0600xx0xffff

no etype

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match etype)

Full Context

configure system security management-access-filter mac-filter entry match etype

Description

Configures an Ethernet type II Ethertype value to be used as a MAC filter match criterion.

The Ethernet type field is a two-byte field used to identify the protocol carried by the Ethernet frame. For example, 0800 is used to identify the IPv4 packets.

The Ethernet type field is used by the Ethernet version-II frames. IEEE 802.3 Ethernet frames do not use the type field. For IEEE 802.3 frames, use the dsap, ssap or snap-pid fields as match criteria.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide for information about MAC Match Criteria Exclusivity Rules fields that are exclusive based on the frame format.

The no form of this command removes the previously entered etype field as the match criteria.

Default

no etype

Parameters

ethernet-type

Specifies the Ethernet type II frame Ethertype value to be used as a match criterion expressed in hexadecimal.

Values

0x0600 to 0xFFFF

Platforms

All

event

event

Syntax

[no] event

Context

[Tree] (debug>gtp event)

Full Context

debug gtp event

Description

This command configures detailed debugging of all events in the GTP system.

The no form of this command disables event debugging.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

event

Syntax

[no] event

Context

[Tree] (debug>router>l2tp>assignment-id event)

[Tree] (debug>router>l2tp>tunnel event)

[Tree] (debug>router>l2tp event)

[Tree] (debug>router>l2tp>peer event)

[Tree] (debug>router>l2tp>group event)

Full Context

debug router l2tp assignment-id event

debug router l2tp tunnel event

debug router l2tp event

debug router l2tp peer event

debug router l2tp group event

Description

This command configures an L2TP debugging event.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

event

Syntax

[no] event

Context

[Tree] (debug>service>id>ppp event)

Full Context

debug service id ppp event

Description

This command enables the PPP event debug context.

The no form of this command disables PPP event debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

event

Syntax

[no] event

Context

[Tree] (debug>dynsvc>scripts>inst event)

[Tree] (debug>dynsvc>scripts event)

[Tree] (debug>dynsvc>scripts>script event)

Full Context

debug dynamic-services scripts instance event

debug dynamic-services scripts event

debug dynamic-services scripts script event

Description

This command enables/disables the generation of all dynamic data service script debugging events output: cli, errors, executed-cmd, warnings, state-change.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

event

Syntax

event event-type [create]

no event event-type

Context

[Tree] (config>card>mda event)

Full Context

configure card mda event

Description

This command allows the user to control the action to be taken when a specific hardware error event is raised against the target MDA.

If no event action has been created for a specific event type, then the hardware errors related to that event type are ignored by the management plane of the router.

The no form of this command clears any action defined for the event.

Parameters

event-type

Specifies the event type, up to 32 characters.

Values

soft-error — Defines the action to be taken when soft errors are detected on the MDA

internal-frame-loss — System detected frame loss in the traffic transiting the MDA.

memory-error — Provides the user options to handle MDA memory error events on MDAs. This feature is supported on FP2- and FP3-based Ethernet MDAs and IMMs.

data-link-error — Provides the user options to handle datapath link errors on an MDA.

create

Keyword used to create an event.

Platforms

All

event

Syntax

[no] event

Context

[Tree] (debug>router>ldp>peer event)

[Tree] (debug>router>ldp>if event)

Full Context

debug router ldp peer event

debug router ldp interface event

Description

This command configures debugging for specific LDP events.

Platforms

All

event

Syntax

[no] event

Context

[Tree] (debug>router>rsvp event)

[Tree] (debug>router>mpls event)

Full Context

debug router rsvp event

debug router mpls event

Description

This command enables debugging for specific events.

The no form of the command disables the debugging.

Platforms

All

event

Syntax

[no] event

Context

[Tree] (debug>router>ip event)

Full Context

debug router ip event

Description

This command enables debugging for specific IP events.

The no form of this command disables debugging for the specified IP events.

Platforms

All

event

Syntax

event rmon-event-id [event-type] [description description-string] [owner owner-string]

no event rmon-event-id

Context

[Tree] (config>system>thresholds>rmon event)

Full Context

configure system thresholds rmon event

Description

The event command configures an entry in the RMON-MIB event table. The event command controls the generation and notification of threshold crossing events configured with the alarm command. When a threshold crossing event is triggered, the rmon>event configuration optionally specifies if an entry in the RMON-MIB log table should be created to record the occurrence of the event. It may also specify that an SNMP notification (trap) should be generated for the event. The RMON-MIB defines two notifications for threshold crossing events: Rising Alarm and Falling Alarm.

Creating an event entry in the RMON-MIB log table does not create a corresponding entry in the SR OS event logs. However, when the event-type is set to trap, the generation of a Rising Alarm or Falling Alarm notification creates an entry in the SR OS event logs and that is distributed to all the SR OS log destinations that are configured: CONSOLE, session, memory, file, syslog, or SNMP trap destination.

The SR OS logger message includes a rising or falling threshold crossing event indicator, the sample type (absolute or delta), the sampled value, the threshold value, the RMON-alarm-id, the associated RMON-event-id and the sampled SNMP object identifier.

Use the no form of this command to remove an rmon-event-id from the configuration.

Parameters

rmon-event-id

Specifies an identifier for this event. Alarm ID values above 65400 are used for dynamic system threshold commands and should be avoided.

Values

1 to 65535

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence.

This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

description-string

Specifies a user configurable string that can be used to identify the purpose of this event. This is an optional parameter and can be up to 80 characters long. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

owner-string

Specifies the owner string; the owner identifies the creator of this alarm. It defaults to "TiMOS CLI". This parameter is defined primarily to allow entries that have been created in the RMON-MIB alarmTable by remote SNMP managers to be saved and reloaded in a CLI configuration file. The owner will not normally be configured by CLI users and can be up 80 characters long.

Default

TiMOS CLI

Configuration example:

event 5 rmon-event-type both description "alarm testing" owner "TiMOS CLI"

Platforms

All

event

Syntax

[no] event application-id event-name-id

Context

[Tree] (config>log>event-trigger event)

Full Context

configure log event-trigger event

Description

This command configures a specific log event as a trigger for one or more EHS handlers. Further matching criteria can be applied to only trigger certain handlers with certain instances of the log event.

The no form of this command removes the specified trigger event.

Parameters

application-id

Specifies the type of application that triggers the event.

Values

adp, application_assurance, auto_prov, bfd, bgp, bier, bmp, calltrace, cflowd, chassis, cpmhwfilter, cpmhwqueue, debug, dhcp, dhcps, diameter, dot1x, dynsvc, efm_oam, elmi, ering, eth_cfm, etun, filter, fpe, gsmp, gtp, igmp, igmp_snooping, ip, ipfix, ipsec, ipsec_cpm, isis, l2tp, lag, ldap, ldp, li, lldp, logger, maffilter, macsec, mcac, mcpath, mc_redundancy, mgmt_core, mirror, mld, mld_snooping, mpls, mpls_tp, mpls_lmgr, mrp, msdp, nat, nge, ntp, oam, open_flow, ospf, pcap, pcep, pfcp, pim, pim_snooping, port, pppoe, pppoe_clnt, profile, ptp, pxc, python, qos, radius, rib_api, rip, rip_ng, route_next_hop, route_policy, rpki, rsvp, satellite, security, sflow, snmp, sr_mpls, sr_policy, srv6, stp, subscr_mgmt, sub_host_trk, svcmgr, system, telemetry, tip, tls, tree_sid, user, user_db, video, vrrp, vrtr, wlan_gw, wpp

event-name-id

Specifies the name or numerical identifier of the event.

Values

0 to 4294967295 | event-name: 32 characters max

Platforms

All

event-control

event-control

Syntax

event-control application-id [event-name | event-number] [generate] [severity-level] [throttle] [specific-throttle-rate events-limit interval seconds | disable-specific-throttle] [repeat | no-repeat]

event-control application-id [event-name | event-number] suppress

no event-control application-id [event-name | event-number]

Context

[Tree] (config>log event-control)

Full Context

configure log event-control

Description

This command is used to specify that a particular event or all events associated with an application is either generated or suppressed.

Events are generated by an application and contain an event number and description explaining the cause of the event. Each event has a default designation which directs it to be generated or suppressed.

Events are generated with a default severity level that can be modified by using the severity-level option.

Events that are suppressed by default are typically used for debugging purposes. Events are suppressed at the time the application requests the event’s generation. No event log entry is generated regardless of the destination. While this feature can save processor resources, there may be a negative effect on the ability to troubleshoot problems if the logging entries are squelched. In reverse, indiscriminate application may cause excessive overhead.

The rate of event generation can be throttled by using the throttle parameter.

The no form of this command reverts the parameters to the default setting for events for the application or a specific event within the application. The severity, generate, suppress, and throttle options will also be reset to the initial values.

Default

Each event has a set of default settings. To display a list of all events and the current configuration use the event-control command.

Parameters

application-id

The application whose events are affected by this event control filter.

Values

A valid application name. Use the show log applications command to display a list of valid application names. Examples of valid applications are bgp, chassis, efm_oam, filter, security, system, and vrrp.

event-name

To generate, suppress, or revert to default for a single event, enter the specific event short name up to 32 characters. If no event name is specified, the command applies to all events in the application. To display a list of all event short names use the event-control command.

event-number

To generate, suppress, or revert to default for a single event, enter the specific number. If no event number is specified, the command applies to all events in the application.

Values

0 to 4294967295

generate

Specifies that logger event is created when this event occurs. The generate keyword can be used with two optional parameters, severity-level and throttle.

Default

generate

severity-level

An ASCII string representing the severity level to associate with the specified generated events

Default

The system-assigned severity name

Values

cleared, indeterminate, critical, major, minor, warning

throttle

Specifies whether or not events of this type will be throttled. By default, event throttling is on for most event types.

suppress

This keyword indicates that the specified events will not be logged. If the suppress keyword is not specified then the events are generated by default. For example on the 7750 SR, event-control bgp suppress will suppress all BGP events. If a log event is a raising event for a Facility Alarm, and the associated Facility Alarm is raised, then changing the log event to suppress clears the associated Facility Alarm.

Default

generate

specific-throttle-rate events-limit

The log event throttling rate can be configured independently for each log event using this keyword. This specific-throttle-rate overrides the globally configured throttle rate (config>log>throttle-rate) for the specific log event.

Values

1 to 20000

interval seconds

Specifies the number of seconds that the specific throttling intervals lasts.

Values

1 to 1200

disable-specific-throttle

Specifies to disable the specific-throttle-rate.

repeat

Specifies that the log event should be repeated every minute until the underlying condition is cleared. Only supported for the following log events: BGP tBgpMaxNgPfxLmtThresholdReached and PORT tmnxEqPortEtherCrcAlarm (for degrade threshold only)

Platforms

All

event-damping

event-damping

Syntax

[no] event-damping

Context

[Tree] (config>log event-damping)

Full Context

configure log event-damping

Description

This command allows the user to set the event damping algorithm to suppress QoS or filter change events.

The no form of this command removes the event damping algorithm.

Note:

While this event damping is original behavior for some modules such as service manager, QoS, and filters, it can result in the NMS system database being out of sync because of missed change events. On the other hand, if the damping is disabled (no event-damping), it may take much longer to exec a large CLI configuration file after system bootup.

Platforms

All

event-handler

event-handler

Syntax

event-handler event-handler

no event-handler

Context

[Tree] (config>log>event-trigger>event>trigger-entry event-handler)

Full Context

configure log event-trigger event trigger-entry event-handler

Description

This command configures the event handler to be used for this trigger entry.

The no form of this command removes the event handler configuration.

Parameters

event-handler

Specifies the name of the event handler, up to 32 characters.

Platforms

All

event-handler

Syntax

event-handler

Context

[Tree] (config>system>security>cli-script>authorization event-handler)

Full Context

configure system security cli-script authorization event-handler

Description

Commands in this context configure authorization for the Event Handling System (EHS). EHS allows user-controlled programmatic exception handling by allowing a CLI script to be executed upon the detection of a log event.

Platforms

All

event-handling

event-handling

Syntax

event-handling

Context

[Tree] (config>log event-handling)

Full Context

configure log event-handling

Description

Commands in this context configure event handling within the Event Handler System (EHS).

Platforms

All

event-log

event-log

Syntax

event-log event-log-name [create]

no event-log event-log-name

Context

[Tree] (config>app-assure>group event-log)

Full Context

configure application-assurance group event-log

Description

This command configures an event log.

Parameters

event-log-name

Specifies the name of the event log.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

event-log

Syntax

event-log event-log-name [all]

no event-log

Context

[Tree] (config>app-assure>group>tcp-validate event-log)

Full Context

configure application-assurance group tcp-validate event-log

Description

This command enables logging of traffic dropped by TCP validation.

The no form of this command disables logging of traffic dropped by TCP validation.

Default

no event-log

Parameters

event-log-name

Specifies the name of the event log up to 32 characters.

all

Logs all dropped traffic. Using the all option allows the operator to capture all discards made by the TCP validation policy, including those related to:

  • packets that were received after an RST and discarded

  • packets received before TCP session establishment (before SYN) and discarded

Without the all option, discards related to these cases are not captured in any event log.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

event-log

Syntax

event-log event-log-name

no event-log

Context

[Tree] (config>app-assure>group>gtp>gtp-filter event-log)

[Tree] (config>app-assure>group>gtp event-log)

Full Context

configure application-assurance group gtp gtp-filter event-log

configure application-assurance group gtp event-log

Description

This command allows AA to treat traffic on UDP port number 2152 as GTP-u. Without further specifying any other parameters within this GTP context, AA performs basic GTP-u header sanity checks and discards packets that are malformed. This GTP context allows the operator to configure various GTP filters (maximum of 128 GTP filters).

Default

no event-log

Parameters

event-log-name

Specifies the event log name to be used to log discards due to GTP-u basic header sanity checks.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

event-log

Syntax

event-log event-log-name

no event-log

Context

[Tree] (config>app-assure>group>sctp-filter event-log)

Full Context

configure application-assurance group sctp-filter event-log

Description

This command configures an event log for packets dropped by the SCTP filter.

Default

no event-log

Parameters

event-log-name

Specifies the event log name to be used.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

event-mon

event-mon

Syntax

event-mon

Context

[Tree] (config>oam-pm>session>measurement-interval event-mon)

Full Context

configure oam-pm session measurement-interval event-mon

Description

This command enables the different threshold events on a specific measurement interval. Only one measurement interval with a configured OAM PM session can have events enabled using the no shutdown command.

event-notification

event-notification

Syntax

[no] event-notification

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-period event-notification)

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-seconds event-notification)

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame event-notification)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-period event-notification

configure port ethernet efm-oam link-monitoring errored-frame-seconds event-notification

configure port ethernet efm-oam link-monitoring errored-frame event-notification

Description

Allows the frame error sf-threshold crossing events to transmit the Event Notification OAMPDU with the specific Link Event TLV information. The Event Notification OAM PDU will only be generated when the initial sf-threshold is reached. No subsequent notification will be sent until the event that triggered until the event is manually cleared. The burst parameter under the local-sf-action will determine the number of Event Notification OAMPDUs to generate when the event occurs. The reception of the event notification will be processed regardless of this parameter.

The no version of this command will disable the transmission of the Event Notification OAMPDU for this event type.

Default

event-notification

Platforms

All

event-notification

Syntax

[no] event-notification

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-symbols event-notification)

Full Context

configure port ethernet efm-oam link-monitoring errored-symbols event-notification

Description

This command allows the symbol error event threshold crossing actions to transmit the Event Notification OAM PDU with the specific Link Event TLV information. The Event Notification OAM PDU will only be generated on the initial sf-threshold is reached. No subsequent notification will be sent until the event that triggered the notification clears, through manual intervention or a window where the configured sd-threshold is not reached. The burst parameter under the local-sf-action will determine the number of Event Notification OAM PDUs to generate when the event occurs. The reception of the event notification will be processed regardless of this parameter.

The no version of this command will disable the transmission of the Event Notification OAM PDU for this event type.

Default

event-notification

Platforms

All

event-notification

Syntax

event-notification local-port-action {log-only | out-of-service}

Context

[Tree] (config>port>ethernet>efm-oam>peer-rdi-rx event-notification)

Full Context

configure port ethernet efm-oam peer-rdi-rx event-notification

Description

This command defines how to react to the reception of event TLVs contained in the Event Notification OAMPDU. The event TLVs contained in the event notification OAMPDU will be analyzed to determine if the peer has crossed the error threshold for the window. The analysis does not consider any local signal degrades or signal failure threshold. The analysis is based solely on the information receive form the peer. The analysis is performed on all event TLVs contained in the Event Notification OAMPDU without regard for support of a specific error counters or local configuration of any thresholds. In the case of symbol errors only, a threshold below the error rate can be used to return the port to service.

Default

event-notification local-port-action log-only

Parameters

local-port-action

Defines whether or not the local port will be affected when the Event Notification OAM PDU is received from a peer based on the threshold computation for the included TLVs.

log-only

Keyword that prevents the port from being affected when the local peer receives an Event Notification OAM PDU. The event will be logged but the port will remain operational.

out-of-service

Keyword that causes the port to enter a non-operation down state with a port state of link up. The error will be logged upon reception of Event Notification. The port will not be available to service data but will continue to carry Link OAM traffic to ensure the link is monitored. All this assumes the error threshold exceeds the error rate in the TLV.

Platforms

All

event-notification-burst

event-notification-burst

Syntax

event-notification-burst packets

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>local-sf-action event-notification-burst)

Full Context

configure port ethernet efm-oam link-monitoring local-sf-action event-notification-burst

Description

This command defines the number of the Event Notification OAM PDU to be send to the peer if the local signal failure threshold (sf-threshold) has been reached. The sending of the Event Notification OAMPDU is configured under the individual monitors.

Interactions: The sf-thresh threshold will trigger these actions.

Parameters

packets

Specifies the number of Event Notification OAM PDUs to send to a peer when the signal failure threshold has been reached.

Values

1 to 5

Platforms

All

event-trigger

event-trigger

Syntax

event-trigger

Context

[Tree] (config>log event-trigger)

Full Context

configure log event-trigger

Description

Commands in this context configure log events as triggers for Event Handling System (EHS) handlers.

Platforms

All

event-type

event-type

Syntax

[no] event-type {arp | config-change | oper-status-change | neighbor-discovery}

Context

[Tree] (debug>service>id>sap event-type)

Full Context

debug service id sap event-type

Description

This command enables a particular debugging event type.

The no form of this command disables the event type debugging.

Parameters

arp

Displays ARP events.

config-change

Debugs configuration change events.

oper-status-change

Debugs service operational status changes.

neighbor-discovery

Displays the status of IPv6 neighbor discovery for the sap or the spoke-sdp for the 7450 ESS or 7750 SR only.

Platforms

All

Output

The following output is an example of event-type information.

Output Example
A:bksim180# debug service id 1000 sap 1/7/1 event-type arp 
DEBUG OUTPUT show on CLI is as follows:
3 2008/11/17 18:13:24.35 UTC MINOR: DEBUG #2001 Base Service 1000 SAP 
1/7/1 "Service 1000 SAP 1/7/1: 
RX: ARP_REQUEST (0x0001)
hwType     : 0x0001
prType     : 0x0800
hwLength   : 0x06
prLength   : 0x04
srcMac     : 8c:c7:01:07:00:03
destMac    : 00:00:00:00:00:00
srcIp      : 10.1.1.2
destIp     : 10.1.1.1
"

4 2008/11/17 18:13:24.35 UTC MINOR: DEBUG #2001 Base Service 1000 
SAP 1/7/1 "Service 1000 SAP 1/7/1: 
TX: ARP_RESPONSE (0x0002)
hwType     : 0x0001
prType     : 0x0800
hwLength   : 0x06
prLength   : 0x04
srcMac     : 00:03:0a:0a:0a:0a
destMac    : 8c:c7:01:07:00:03
srcIp      : 10.1.1.1
destIp     : 10.1.1.2
"

event-type

Syntax

[no] event-type {config-change | oper-status-change | neighbor-discovery | control-channel-status}

Context

[Tree] (debug>service>id>sdp event-type)

Full Context

debug service id sdp event-type

Description

This command enables a particular debugging event type.

The no form of this command disables the event type debugging.

Parameters

config-change

Debugs configuration change events.

oper-status-change

Debugs service operational status changes.

neighbor-discovery

Displays the status of IPv6 neighbor discovery for the sap or the spoke-sdp for the 7450 ESS or 7750 SR only.

control-channel-status

Debugs control channel status events.

Platforms

All

event-type

Syntax

[no] event-type {config-change | svc-oper-status-change | sap-oper-status-change | sdpbind-oper-status-change}

Context

[Tree] (debug>service>id event-type)

Full Context

debug service id event-type

Description

This command enables a particular debugging event type. The no form of this command disables the event type debugging.

Parameters

config-change

Debugs configuration change events

svc-oper-status-change

Debugs service operational status changes

sap-oper-status-change

Debugs SAP operational status changes

sdpbind-oper-status-change

Debugs SDP operational status changes

Platforms

All

events

events

Syntax

events {none | public-only | all}

Context

[Tree] (config>call-trace-trace-profile events)

Full Context

configure call-trace trace-profile events

Description

This command configures whether captured traces include events that occurred on the SR OS router, such as mobility and idle-timeout.

Default

events none

Parameters

none

Specifies that no events is traced.

public-only

Specifies that only events that are readable by everyone is traced.

all

Specifies that all events is traced, including events that are encrypted for use by customer support only. Encrypted events are not readable by end-users.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

events

Syntax

[no] events [interface ip-int-name]

Context

[Tree] (debug>router>srrp events)

Full Context

debug router srrp events

Description

This command enables debugging for SRRP packets.

The no form of this command disables debugging.

Platforms

All

events

Syntax

[no] events

[no] events interface ip-int-name [vrid virtual-router-id]

[no] events interface ip-int-name vrid virtual-router-id ipv6

Context

[Tree] (debug>router>vrrp events)

Full Context

debug router vrrp events

Description

This command enables debugging for VRRP events.

The no form of the command disables debugging.

Parameters

ip-int-name

Displays the specified interface name.

virtual-router-id

Displays the specified VRID.

ipv6

Debugs the specified IPv6 VRRP interface.

Platforms

All

events

Syntax

events [neighbor ip-address | group name]

no events

Context

[Tree] (debug>router>bgp events)

Full Context

debug router bgp events

Description

This command logs all events changing the state of a BGP peer.

The no form of this command disables the debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

events

Syntax

events [station station-name]

no events

Context

[Tree] (debug>router>bmp events)

Full Context

debug router bmp events

Description

This command enables debugging for all BMP events.

The no form of the command disables debugging for all BMP events.

Parameters

station-name

Specifies the station name of the BMP monitoring station, up to 32 characters.

Platforms

All

events

Syntax

[no] events [neighbor ip-int-name | ip-addr]

Context

[Tree] (debug>router>rip events)

Full Context

debug router rip events

Description

This command enables debugging for RIP events.

Parameters

ip-int-name | ip-address

Debugs the RIP events sent on the neighbor IP address or interface.

Platforms

All

events

Syntax

[no] events [neighbor ip-int-name]

Context

[Tree] (debug>router>ripng events)

Full Context

debug router ripng events

Description

This command enables debugging for RIPng events.

Parameters

ip-int-name

Debugs the RIPng events sent on the neighbor IP interface.

Platforms

All

evi

evi

Syntax

evi value

no evi

Context

[Tree] (config>service>vpls>bgp-evpn evi)

[Tree] (config>service>epipe>bgp-evpn evi)

Full Context

configure service vpls bgp-evpn evi

configure service epipe bgp-evpn evi

Description

This command allows the configuration of a 2-byte EVPN instance (EVI) unique in the system. It is used for the service-carving algorithm for multi-homing and auto-deriving route target and route distinguishers.

If not specified, the value is zero and no route distinguisher or route targets are auto-derived from it. If the evi value is specified and no other route-distinguisher or route-target is configured in the service, the following rules apply:

  • the route distinguisher is derived from <system_ip>:evi

  • the route target is derived from <autonomous-system>:evi

If VSI import and export policies are configured, the route target must be configured in the policies and those values take preference over the auto-derived route targets. If bgp-ad>vpls-id and bgp-evpn>evi are both configured on the same service, the VPLS ID auto-derived route target or route distinguisher takes precedence over the values auto-derived from the EVI. The operational route target for a service is displayed in the show service id bgp command.

The no form of this command sets the EVI value back to zero.

Parameters

value

Specifies the EVPN instance.

Values

1 to 16777215

Platforms

All

evi

Syntax

evi start [to to]

no evi start

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>service-carving>manual evi)

Full Context

configure service system bgp-evpn ethernet-segment service-carving manual evi

Description

This command configures the EVI ranges for which the PE is the primary Designated Forwarder, or uses the lowest preference algorithm.

Note:

Multiple individual EVI values and ranges are allowed.

There are two service-carving manual algorithms for DF election:

  • manual non-preference

    A preference command is not configured for this algorithm. The primary PE for the configured EVIs is determined by the EVI range. The manual non-preference algorithm only supports two PEs in the Ethernet Segment

  • manual preference-based

    If a preference command is configured, the algorithm uses the configured value to determine the DF election. For EVIs not defined in the range, the highest-preference algorithm is used. For configured EVIs, the lowest-preference algorithm is used.

The no form of this command removes the PE from the primary Designated Forwarder role for the range, or sets the preference algorithm back to highest preference.

Parameters

start

Specifies the initial EVI value of the range.

Values

1 to 65535

to

Specifies the end EVI value of the range. If not configured, only the individual start value is considered.

Values

1 to 16777215

Platforms

All

evi

Syntax

evi value

no evi

Context

[Tree] (config>service>vprn>bgp-evpn>srv6 evi)

[Tree] (config>service>vprn>bgp-evpn>mpls evi)

Full Context

configure service vprn bgp-evpn segment-routing-v6 evi

configure service vprn bgp-evpn mpls evi

Description

This command configures a 2-byte EVPN instance (EVI) unique in the system.

The router uses the EVI to identify the BGP EVPN instance in a VPRN (for the EVPN-IFL model) or an R-VPLS (for the EVPN-IFF model) that is associated with the Layer 3 Ethernet Segment (ES), for the purpose of IP Aliasing. This configuration is required on the PEs attached to the ES as well as on the remote PEs that need to create ES destinations to the multihoming Layer 3 ES.

The no form of this command removes the EVI value.

Default

no evi

Parameters

value

Specifies the EVPN instance.

Values

1 to 16777215

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service vprn bgp-evpn segment-routing-v6 evi

All

  • configure service vprn bgp-evpn mpls evi

evi

Syntax

evi

Context

[Tree] (config>service>system>bgp-evpn>eth-seg evi)

Full Context

configure service system bgp-evpn ethernet-segment evi

Description

Commands in this context configure the EVI range associated with the VPRN next hop.

Platforms

All

evi-range

evi-range

Syntax

[no] evi-range start

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>evi evi-range)

Full Context

configure service system bgp-evpn ethernet-segment evi evi-range

Description

This command configures the EVI starting range value.

The no form of this command removes the EVI range.

Parameters

start

Specifies the EVPN start value associated to the VPRN next hop.

Values

1 to 16777215

Platforms

All

evi-three-byte-auto-rt

evi-three-byte-auto-rt

Syntax

[no] evi-three-byte-auto-rt

Context

[Tree] (config>service>vpls>bgp-evpn>srv6 evi-three-byte-auto-rt)

[Tree] (config>service>epipe>bgp-evpn>mpls evi-three-byte-auto-rt)

[Tree] (config>service>epipe>bgp-evpn>vxlan evi-three-byte-auto-rt)

[Tree] (config>service>epipe>bgp-evpn>srv6 evi-three-byte-auto-rt)

[Tree] (config>service>vpls>bgp-evpn>vxlan evi-three-byte-auto-rt)

[Tree] (config>service>vpls>bgp-evpn>mpls evi-three-byte-auto-rt)

Full Context

configure service vpls bgp-evpn segment-routing-v6 evi-three-byte-auto-rt

configure service epipe bgp-evpn mpls evi-three-byte-auto-rt

configure service epipe bgp-evpn vxlan evi-three-byte-auto-rt

configure service epipe bgp-evpn segment-routing-v6 evi-three-byte-auto-rt

configure service vpls bgp-evpn vxlan evi-three-byte-auto-rt

configure service vpls bgp-evpn mpls evi-three-byte-auto-rt

Description

This command specifies that the BGP-EVPN instance import and export route target is auto-derived as described in RFC 8365 (Global-Administrator:A/Type/D-ID/Service-ID).

Where:

  • Global Administrator — is the configured 2-octet AS Number. If the configured ASN exceeds the 2 byte limit, the low order 16-bit value will be taken.

  • A=0 (for auto-derivation)

  • Type=4 (EVI-based route target)

  • D-ID= [1..2] — encodes the BGP instance. This allows the auto-derivation of different route targets in multi-instance services. The value is inherited from the corresponding BGP instance.

  • Service ID= 3-octet EVI

The no form of this command disallows the derivation of the route target.

Default

no evi-three-byte-auto-rt

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service vpls bgp-evpn segment-routing-v6 evi-three-byte-auto-rt
  • configure service epipe bgp-evpn segment-routing-v6 evi-three-byte-auto-rt

All

  • configure service vpls bgp-evpn vxlan evi-three-byte-auto-rt
  • configure service epipe bgp-evpn mpls evi-three-byte-auto-rt
  • configure service epipe bgp-evpn vxlan evi-three-byte-auto-rt
  • configure service vpls bgp-evpn mpls evi-three-byte-auto-rt

evpn

evpn

Syntax

evpn service-id [import-mode import-mode] [create]

no evpn service-id

Context

[Tree] (config>subscr-mgmt>isa-svc-chain evpn)

Full Context

configure subscriber-mgmt isa-service-chaining evpn

Description

This command configures the import mode for the service chaining EVPN service. The import-mode controls the EPVN route types that are imported by the EVPN system.

The no form of this command removes the configuration parameters.

Parameters

service-id

Specifies the service ID of the EVPN.

Values

1 to 2147483647

import-mode

Specifies the import mode of the EVPN.

Values

bridged — The specified EVPN instance imports EVPN route type-2 and type-1 from the peer.

routed — The specified EVPN instance imports EVPN type-1, type-2 and type-5 routes from the peer. Also, the EVPN instance can be configured to export EVPN type-5 routes for NAT pools to the peer.

none — The specified EVPN instance does not import any EVPN routes from the peer but can be configured with NAT pools that are exported to the peer in EVPN type-5 routes.

create

Keyword used to create the EVPN service instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

evpn

Syntax

evpn send send-limit

evpn send send-limit receive [ none]

no evpn

Context

[Tree] (config>router>bgp>add-paths evpn)

[Tree] (config>router>bgp>group>add-paths evpn)

[Tree] (config>router>bgp>group>neighbor>add-paths evpn)

Full Context

configure router bgp add-paths evpn

configure router bgp group add-paths evpn

configure router bgp group neighbor add-paths evpn

Description

This command configures the Add-Paths capability for EVPN routes.

The no form of this command disables Add-Paths support for EVPN routes. This causes sessions that are established using Add-Paths for EVPN to go down and come back up without the Add-Paths capability.

Default

no evpn

Parameters

send-limit

Specifies the maximum number of EVPN paths to send.

Values

1 to 16, none, multipaths

receive

Keyword used to allow multiple EVPN paths per prefix from a peer.

none

Keyword used to specify that the router does not negotiate to receive multiple unlabeled unicast routes per EVPN prefix.

Platforms

All

evpn

Syntax

evpn

Context

[Tree] (config>service>ies>if>vpls evpn)

[Tree] (config>service>vprn>if>vpls evpn)

Full Context

configure service ies interface vpls evpn

configure service vprn interface vpls evpn

Description

Commands in this context configure EVPN parameters.

Platforms

All

evpn

Syntax

[no] evpn

Context

[Tree] (config>router>ldp>import-pmsi-routes evpn)

Full Context

configure router ldp import-pmsi-routes evpn

Description

This command specifies that the SR OS is to cache inter-as EVPN PMSI AD routes for option B.

The no form of this command disables caching of EVPN PMSI AD routes. The default is disabled, however when an upgrade from a software load that does not supports this command is performed, this command will be enabled after the upgrade.

This command is not enabled if the user is using an older configuration file.

Default

no evpn

Platforms

All

evpn-etree-leaf-label

evpn-etree-leaf-label

Syntax

evpn-etree-leaf-label [[32..524256]]

no evpn-etree-leaf-label

Context

[Tree] (config>service>system>bgp-evpn evpn-etree-leaf-label)

Full Context

configure service system bgp-evpn evpn-etree-leaf-label

Description

This command enables EVPN Ethernet-Tree (E-Tree) VPLS services on the router (not B-VPLS). It allocates an E-Tree leaf label for the Provider Edge (PE) device and configures the ILM entry.

The command ensures that in-flight traffic can perform an ILM entry lookup at any time, and avoid the discards during shutdown or no shutdown services (or at least reduce the timing window so that it does not occur during normal operation or configuration).

The E-Tree leaf label can optionally be statically configured with a value. The label value must be in the static label range of the system.

Note:

The evpn-etree-leaf-label command must be configured to execute bgp-evpn mpls no shutdown.

The no form of this command removes the value from the configuration.

Default

no evpn-etree-leaf-label

Parameters

32..524256

Specifies the E-Tree leaf label

Values

32 to 524256

Platforms

All

evpn-link-bandwidth

evpn-link-bandwidth

Syntax

evpn-link-bandwidth

Context

[Tree] (config>service>vprn>bgp-evpn>mpls evpn-link-bandwidth)

[Tree] (config>service>vprn>bgp>group>neighbor evpn-link-bandwidth)

[Tree] (config>service>vprn>bgp>group evpn-link-bandwidth)

[Tree] (config>service>vprn>bgp-evpn>srv6 evpn-link-bandwidth)

Full Context

configure service vprn bgp-evpn mpls evpn-link-bandwidth

configure service vprn bgp group neighbor evpn-link-bandwidth

configure service vprn bgp group evpn-link-bandwidth

configure service vprn bgp-evpn segment-routing-v6 evpn-link-bandwidth

Description

Commands in these contexts configure the EVPN link bandwidth.

Platforms

All

  • configure service vprn bgp group neighbor evpn-link-bandwidth
  • configure service vprn bgp-evpn mpls evpn-link-bandwidth
  • configure service vprn bgp group evpn-link-bandwidth

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service vprn bgp-evpn segment-routing-v6 evpn-link-bandwidth

evpn-mcast-gateway

evpn-mcast-gateway

Syntax

evpn-mcast-gateway [create]

no evpn-mcast-gateway

Context

[Tree] (config>service>vpls>bind evpn-mcast-gateway)

Full Context

configure service vpls allow-ip-int-bind evpn-mcast-gateway

Description

Commands in this context configure the EVPN multicast gateway.

The no form of this command sets the PE back to a non-EVPN multicast gateway.

Parameters

create

Keyword used to create an EVPN multicast gateway.

Platforms

All

evpn-mpls

evpn-mpls

Syntax

[no] evpn-mpls

Context

[Tree] (debug>service>id>igmp-snooping evpn-mpls)

Full Context

debug service id igmp-snooping evpn-mpls

Description

This command shows IGMP packets for EVPN-MPLS destinations. The no form of this command disables the debugging for EVPN-MPLS destinations

Platforms

All

evpn-nd-advertise

evpn-nd-advertise

Syntax

evpn-nd-advertise {host | router | router-host}

Context

[Tree] (config>service>vpls>proxy-nd evpn-nd-advertise)

Full Context

configure service vpls proxy-nd evpn-nd-advertise

Description

This command enables the advertisement of static or dynamic entries that are learned as host, router, or host and router, (only one option is possible in a specified service). It also determines the R flag (host or router) when sending Neighbor Advertisement (NA) messages for existing EVPN entries in the proxy-ND table.

The router-host command option is only possible when the ARP/ND extended community is advertised along with the MAC/IP routes. It determines that both host and router (dynamic and static) entries are advertised in MAC/IP routes, with an indication whether the entry is host or router in the R flag. These EVPN entries are installed as host or router entries depending on the R flag of the route, and NA messages for them are sent with the proper host or router indication.

To modify this command you must shutdown the proxy ND.
configure service vpls proxy-nd shutdown

Default

evpn-nd-advertise router

Parameters

host

Enables the advertisement of static or dynamic entries that are learned as host.

router

Enables the advertisement of static or dynamic entries that are learned as routers.

router-host

Enables the advertisement of static or dynamic entries that are learned as router or host.

Platforms

All

evpn-proxy

evpn-proxy

Syntax

[no] evpn-proxy

Context

[Tree] (config>service>vpls>igmp-snooping evpn-proxy)

[Tree] (config>service>vpls>mld-snooping evpn-proxy)

Full Context

configure service vpls igmp-snooping evpn-proxy

configure service vpls mld-snooping evpn-proxy

Description

This command enables EVPN proxy for IGMP and MLD snooping.

This no form of this command disables EVPN proxy for IGMP and MLD snooping.

Platforms

All

evpn-route-tag

evpn-route-tag

Syntax

evpn-route-tag tag

no evpn-route-tag

Context

[Tree] (config>service>vpls>proxy-nd evpn-route-tag)

[Tree] (config>service>vpls>proxy-arp evpn-route-tag)

Full Context

configure service vpls proxy-nd evpn-route-tag

configure service vpls proxy-arp evpn-route-tag

Description

This command configures a local route tag that can be used on export policies to match MAC/IP routes generated by the proxy-ARP or proxy-ND module. For example, if a new active dynamic proxy-ARP entry is added to the proxy-ARP table and evpn-route-tag is 10, an export policy that matches on tag 10 and adds a site-of-origin community SOO-1, allows the router to advertise the MAC/IP route for the proxy-ARP entry with community SOO-1.

The no form of this command removes the route tag for the generated EVPN MAC/IP routes.

Parameters

tag

Specifies the route tag, in either decimal or hexadecimal form.

Values

1 to 255

Platforms

All

evpn-tunnel

evpn-tunnel

Syntax

evpn-tunnel [ipv6-gateway-address {ip | mac}] [supplementary-broadcast-domain]

no evpn-tunnel

Context

[Tree] (config>service>vprn>if>vpls evpn-tunnel)

Full Context

configure service vprn interface vpls evpn-tunnel

Description

This command sets the evpn-tunnel mode for the attached R-VPLS. When enabled for an IPv4 interface, no IPv4 address is required under the same interface. When enabled on an IPv6 interface, the ipv6-gateway-address parameter can be configured as ip or mac.

When configured as evpn-tunnel ipv6-gateway-address ip or simply evpn-tunnel, then:

  • on transmission, the router populates the GW IP field of the route type 5 with a Link-Local-Address (LLA) if an explicit global IPv6 address is not configured. Otherwise, the configured IPv6 address is used.

  • on reception of routes type 5 for IPv6 prefixes, only routes with non-zero GW IP are processed; the rest of the routes will be treated-as-withdraw.

When configured as evpn-tunnel ipv6-gateway-address mac, then:

  • on transmission, the router sends routes type 5 with zero GW IP field, and a MAC extended community of the router, containing the VPRN interface MAC.

  • on reception of IPv6 prefix routes, only routes with zero GW IP and non-zero router's MAC are processed; the rest of the routes will be treated-as-withdraw.

The supplementary-broadcast-domain option instructs the data path to exclude EVPN destinations in the Layer 3 lookup for packets coming from an RVPLS SAP and configures the entire set of VPRN as well as attached RVPLS services in OISM mode. Only one SBD RVPLS can exist in a given VPRN. In order to add or remove the supplementary-broadcast-domain option, the entire evpn-tunnel command must first be removed.

The configuration of evpn-tunnel without options is equivalent to the ipv6-gateway-address ip option.

The no form of this command disables the evpn-tunnel mode.

Default

no evpn-tunnel

Parameters

ipv6-gateway-address

Indicates whether the IPv6 Prefix route uses a GW IP or a GW MAC as gateway.

Values

ip, mac

supplementary-broadcast-domain

Specifies to use the EVPN tunnel as a Supplementary Broadcast Domain (SBD). The SBD is used in EVPN OISM to advertise the SMET routes and receive the multicast traffic on egress PEs that are not attached to the source R-VPLS service.

Platforms

All

evpn-type

evpn-type

Syntax

evpn-type type

no evpn-type

Context

[Tree] (config>router>policy-options>policy-statement>entry>from evpn-type)

Full Context

configure router policy-options policy-statement entry from evpn-type

Description

This command matches BGP routes based on the EVPN route type. The route types supported in SR OS are the following:

  • Type 1 or Auto-Discovery Ethernet Tag route, including both the AD per-ES and AD per-EVI routes Type 2 or MAC/IP route

  • Type 2 or MAC/IP route

  • Type 3 or IMET route, including Multicast Ethernet Tag

  • Type 4 or ES (Ethernet Segment) route Type 5 of IP-prefix route, including IPv4 and IPv6 prefixes

  • Type 6 or Selective Multicast Ethernet Tag route, including IPv4 and IPv6 multicast groups

  • Type 7 or Multicast Join Synch route, including IPv4 and IPv6 multicast group

  • Type 8 or Multicast Leave Synch route, including IPv4 and IPv6 multicast groups

The no form of this command removes the evpn-type matching.

Parameters

name

Specifies the EVPN route type.

Values

1 to 8

Platforms

All

exceed

exceed

Syntax

exceed

Context

[Tree] (config>qos>sap-egress>queue>drop-tail exceed)

Full Context

configure qos sap-egress queue drop-tail exceed

Description

Commands in this context configure the queue exceed drop tail parameters. The exceed drop tail defines the queue depth beyond which exceed-profile packets will not be accepted into the queue and will be discarded.

Platforms

All

exceed

Syntax

exceed

Context

[Tree] (cfg>qos>qgrps>egr>qgrp>queue>drop-tail exceed)

Full Context

configure qos queue-group-templates egress queue-group queue drop-tail exceed

Description

Commands in this context configure the queue exceed drop-tail parameters. The exceed drop tail defines the queue depth beyond which exceed-profile packets will not be accepted into the queue and will be discarded.

Platforms

All

exceed-action

exceed-action

Syntax

exceed-action {discard | low-priority | none}

Context

[Tree] (config>sys>security>dist-cpu-protection>policy>local-monitoring-policer exceed-action)

Full Context

configure system security dist-cpu-protection policy local-monitoring-policer exceed-action

Description

This command controls the action performed upon the extracted control packets when the configured policer rates are exceeded.

Default

exceed-action none

Parameters

discard

Discards packets that are nonconforming.

low-priority

Marks packets that are nonconforming as low-priority (discard eligible or out-profile). If there is congestion in the control plane of the SR OS then unmarked (green, hi-prio or in-profile) control packets are given preferential treatment.

none

no hold-down

Platforms

All

exceed-action

Syntax

exceed-action {discard [hold-down seconds] | low-priority [hold-down seconds] | none}

Context

[Tree] (config>sys>security>dist-cpu-protection>policy>protocol>dynamic-parameters exceed-action)

[Tree] (config>sys>security>dist-cpu-protection>policy>static-policer exceed-action)

Full Context

configure system security dist-cpu-protection policy protocol dynamic-parameters exceed-action

configure system security dist-cpu-protection policy static-policer exceed-action

Description

This command controls the action performed upon the extracted control packets when the configured policer rates are exceeded.

Default

exceed-action none

Parameters

discard

Discards packets that are nonconforming.

low-priority

Marks packets that are nonconforming as low-priority (for example, discard eligible or out-profile). If there is congestion in the control plane of the SR OS then unmarked (for example, green, hi-prio or in-profile) control packets are given preferential treatment.

hold-down seconds

When this optional parameter is specified, it causes the following "hold-down” behavior.

When the SR OS software detects that an enforcement policer has marked or discarded one or more packets (software may detect this some time after the packets are actually discarded), and an optional hold-down seconds value has been specified for the exceed-action, then the policer will be set into a "mark-all” or "drop-all” mode that cause the following:

  • the policer state to be updated as normal

  • all packets to be marked (if the action is "low-priority”) or dropped (action = discard) regardless of the results of the policing decisions/actions/state.

The hold-down is cleared after approximately the configured time in seconds after it was set. The hold-down seconds option should be selected for protocols that receive more than one packet in a complete handshake/negotiation (for example, DHCP, PPP). hold-down is not applicable to a local monitoring policer. The "detection-time” will only start after any hold-down is complete. During the hold-down (and the detection-time), the policer is considered as in an "exceed” state. The policer may re-enter the hold-down state if an exceed packet is detected during the detection-time countdown.

Configuring the indefinite parameter value will cause hold down to remain in place until the operator clears it manually using a tools command (tools perform security dist-cpu-protection release-hold-down) or removes the dist-cpu-protection policy from the object.

Configuring the none parameter value will disable hold down.

Values

1 to 10080, indefinite, none

Platforms

All

exceed-profile-octets-discarded-count

exceed-profile-octets-discarded-count

Syntax

[no] exceed-profile-octets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters exceed-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters exceed-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record policer e-counters exceed-profile-octets-discarded-count

configure log accounting-policy custom-record ref-policer e-counters exceed-profile-octets-discarded-count

Description

This command includes the exceed profile octets discarded count.

The no form of this command excludes the exceed profile octets discarded count.

Default

no exceed-profile-octets-discarded-count

Platforms

All

exceed-profile-octets-forwarded-count

exceed-profile-octets-forwarded-count

Syntax

[no] exceed-profile-octets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters exceed-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters exceed-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters exceed-profile-octets-forwarded-count

configure log accounting-policy custom-record policer e-counters exceed-profile-octets-forwarded-count

Description

This command includes the exceed profile octets forwarded count.

The no form of this command excludes the exceed profile octets forwarded count.

Default

no exceed-profile-octets-forwarded-count

Platforms

All

exceed-profile-octets-offered-count

exceed-profile-octets-offered-count

Syntax

[no] exceed-profile-octets-offered-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters exceed-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters exceed-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record policer e-counters exceed-profile-octets-offered-count

configure log accounting-policy custom-record ref-policer e-counters exceed-profile-octets-offered-count

Description

This command includes the exceed profile octets offered count.

The no form of this command excludes the exceed profile octets offered count.

Default

no exceed-profile-octets-offered-count

Platforms

All

exceed-profile-packets-discarded-count

exceed-profile-packets-discarded-count

Syntax

[no] exceed-profile-packets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters exceed-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters exceed-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters exceed-profile-packets-discarded-count

configure log accounting-policy custom-record policer e-counters exceed-profile-packets-discarded-count

Description

This command includes the exceed profile packets discarded count.

The no form of this command excludes the exceed profile packets discarded count.

Default

no exceed-profile-packets-discarded-count

Platforms

All

exceed-profile-packets-forwarded-count

exceed-profile-packets-forwarded-count

Syntax

[no] exceed-profile-packets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters exceed-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters exceed-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters exceed-profile-packets-forwarded-count

configure log accounting-policy custom-record policer e-counters exceed-profile-packets-forwarded-count

Description

This command includes the exceed profile packets forwarded count.

The no form of this command excludes the exceed profile packets forwarded count.

Default

no exceed-profile-packets-forwarded-count

Platforms

All

exceed-profile-packets-offered-count

exceed-profile-packets-offered-count

Syntax

[no] exceed-profile-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters exceed-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters exceed-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters exceed-profile-packets-offered-count

configure log accounting-policy custom-record policer e-counters exceed-profile-packets-offered-count

Description

This command includes the exceed profile packets offered count.

The no form of this command excludes the exceed profile packets offered count.

Default

no exceed-profile-packets-offered-count

Platforms

All

exceed-slope

exceed-slope

Syntax

[no] exceed-slope

Context

[Tree] (config>qos>slope-policy exceed-slope)

Full Context

configure qos slope-policy exceed-slope

Description

The exceed-slope context contains the commands and parameters for defining the exceed Random Early Detection (RED) slope graph. Each egress buffer pool supports an exceed RED slope for managing access to the shared portion of the buffer pool for exceed-profile packets.

The exceed-slope parameters can be changed at any time and the affected buffer pool exceed RED slopes are adjusted appropriately.

The no form of this command restores the exceed slope configuration commands to the default values. If the leaf commands within exceed-slope are set to the default parameters, the exceed-slope node will not appear in save config and show config output unless the detail parameter is present.

Platforms

All

exception

exception

Syntax

[no] exception

Context

[Tree] (debug>service>id>stp exception)

Full Context

debug service id stp exception

Description

This command enables STP debugging for exceptions.

The no form of the command disables debugging.

Platforms

All

exclude

exclude

Syntax

exclude

Context

[Tree] (config>service>vprn>isis>loopfree-alternates exclude)

Full Context

configure service vprn isis loopfree-alternates exclude

Description

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The user can exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.

Note:

Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action of the exclude command, when not explicitly specified by the user in the prefix policy, is a "reject”. Thus, regardless of whether the user has explicitly added the statement "default-action reject” to the prefix policy, a prefix that does not match any entry in the policy is accepted into LFA SPF.

The no form of this command deletes the exclude prefix policy.

Default

no exclude

Platforms

All

exclude

Syntax

exclude

Context

[Tree] (config>service>vprn>ospf3>loopfree-alternates exclude)

[Tree] (config>service>vprn>ospf>loopfree-alternates exclude)

Full Context

configure service vprn ospf3 loopfree-alternates exclude

configure service vprn ospf loopfree-alternates exclude

Description

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.

Note:

Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action of the exclude command, when not explicitly specified by the user in the prefix policy, is a "reject”. Thus, regardless if the user did or did not explicitly add the statement "default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form of this command deletes the exclude prefix policy.

Default

no exclude

Platforms

All

exclude

Syntax

exclude group-name [group-name]

no exclude [group-name [group-name]]

Context

[Tree] (config>router>mpls>lsp>primary exclude)

[Tree] (config>router>mpls>lsp exclude)

[Tree] (config>router>mpls>lsp-template exclude)

[Tree] (config>router>mpls>lsp>primary-p2mp-instance exclude)

[Tree] (config>router>mpls>lsp>secondary exclude)

Full Context

configure router mpls lsp primary exclude

configure router mpls lsp exclude

configure router mpls lsp-template exclude

configure router mpls lsp primary-p2mp-instance exclude

configure router mpls lsp secondary exclude

Description

This command specifies the admin groups to be excluded when an LSP is set up. Up to five groups per operation can be specified, up to 32 maximum. The admin groups are defined in the config>router>if-attribute>admin-group context.

The config>router>mpls>lsp>primary-p2mp-instance>exclude command is not supported on the 7450 ESS.

Use the no form of this command to remove the exclude command.

Default

no exclude

Parameters

group-name

Specifies the existing group-name to be excluded when an LSP is set up.

Platforms

All

exclude

Syntax

[no] exclude tag

Context

[Tree] (config>router>admin-tags>route-admin-tag-policy exclude)

Full Context

configure router admin-tags route-admin-tag-policy exclude

Description

This configures an admin tag to be excluded when matching a route against an LSP.

Up to eight exclusion statements are supported per policy.

The no form of this command removes the admin tag from the exclude statement.

Parameters

tag

Specifies the value of the admin tag, up to 32 characters.

Platforms

All

exclude

Syntax

exclude

Context

[Tree] (config>router>fad>flex-algo exclude)

Full Context

configure router flexible-algorithm-definitions flex-algo exclude

Description

Commands in this context configure administrative groups that will be excluded from the flexible algorithm topology graph.

If the defined FAD includes administrative groups link in its exclude list, the specified links are excluded from the topology graph.

Platforms

All

exclude

Syntax

exclude

Context

[Tree] (config>router>isis>loopfree-alternates exclude)

Full Context

configure router isis loopfree-alternates exclude

Description

Commands in this context configure a prefix policy for excluding specific prefixes in the LFA calculation by ISIS or OSPF.

Platforms

All

exclude

Syntax

exclude

Context

[Tree] (config>router>ospf>loopfree-alternates exclude)

[Tree] (config>router>ospf3>loopfree-alternates exclude)

Full Context

configure router ospf loopfree-alternates exclude

configure router ospf3 loopfree-alternates exclude

Description

Commands in this context configure a prefix policy for excluding specific prefixes in the LFA calculation by ISIS or OSPF.

Platforms

All

exclude-addresses

exclude-addresses

Syntax

[no] exclude-addresses start-ip-address [end-ip-address]

Context

[Tree] (config>router>dhcp>server>pool>subnet exclude-addresses)

[Tree] (config>service>vprn>dhcp>server>pool>subnet exclude-addresses)

Full Context

configure router dhcp local-dhcp-server pool subnet exclude-addresses

configure service vprn dhcp local-dhcp-server pool subnet exclude-addresses

Description

This command specifies a range of IP addresses that excluded from the pool of IP addresses in this subnet.

The no form of the removes the parameters from the configuration.

Parameters

start-ip-address

Specifies the start address of this range to exclude. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Values

a.b.c.d

end-ip-address

Specifies the end address of this range to exclude. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

exclude-avps

exclude-avps

Syntax

exclude-avps [calling-number] [ initial-rx-lcp-conf-req]

no exclude-avps

Context

[Tree] (config>router>l2tp exclude-avps)

[Tree] (config>service>vprn>l2tp exclude-avps)

Full Context

configure router l2tp exclude-avps

configure service vprn l2tp exclude-avps

Description

This command configures the L2TP AVPs to exclude.

Default

no exclude-avps

Parameters

calling-number

Specifies to exclude the AVP calling-number.

initial-rx-lcp-conf-req

Specifies to exclude the AVP initial-rx-lcp-conf-req.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

exclude-from-avg

exclude-from-avg

Syntax

exclude-from-avg {forward | backward | round-trip} bins bin-numbers

no exclude-from-avg (forward | backward | round-trip}

Context

[Tree] (config>oam-pm>bin-group>bin-type exclude-from-avg)

Full Context

configure oam-pm bin-group bin-type exclude-from-avg

Description

This optional command allows the results from probes that map to the specified bins within the bin type to be excluded from the average calculation. Individual counters are incremented in the bin, but the average is not affected by the value of the excluded delay metric for the individual probes in this bin. The bin group does not allow this command to be added, modified, or deleted when a test is actively referencing the bin group. Sessions that reference the bin group must have the bin group and tests shut down before changes can be made.

The no form of this command removes the exclusion, and all bins are included in the average calculation.

Default

no exclude-from-avg forward

no exclude-from-avg backward

no exclude-from-avg round-trip

Parameters

forward

Specifies the forward direction bin.

backward

Specifies the backward direction bin.

round-trip

Specifies the round-trip direction bin.

bin-numbers

Specifies the bin numbers to be excluded from the average calculation. The values typically represent, but are not restricted to, the highest and lowest configured bins in order to eliminate outlying results that are not representative of network performance.

A hyphen can be entered between bin numbers to include a continuous sequence of bins; for example, entering 7-9 would specify bins 7, 8, and 9. Commas can be entered between bin numbers to include separate or non-continuous bins; for example, entering 0,8,9 would specify bins 0, 8, and 9. Both hyphens and commas can be used in this manner in the same configuration; for example, entering 0,7-9 would include bins 0, 7, 8, and 9. All bin numbers specified as part of this command must be configured. If a specified bin does not exist, the command fails.

Values

0 to 9

Platforms

All

exclude-group

exclude-group

Syntax

[no] exclude-group ip-admin-group-name

Context

[Tree] (config>router>route-next-hop-policy>template exclude-group)

Full Context

configure router route-next-hop-policy template exclude-group

Description

This command configures the admin group constraint into the route next-hop policy template.

Each group is entered individually. The include-group statement instructs the LFA SPF selection algorithm to pick up a subset of LFA next-hops among the links that belong to one or more of the specified admin groups. A link that does not belong to at least one of the admin-groups is excluded. However, a link can still be selected if it belongs to one of the groups in an include-group statement but also belongs to other groups that are not part of any include-group statement in the route next-hop policy.

The pref option is used to provide a relative preference for the admin group to select. A lower preference value means that LFA SPF will first attempt to select an LFA backup next-hop that is a member of the corresponding admin group. If none is found, then the admin group with the next highest preference value is evaluated. If no preference is configured for a given admin group name, then it is supposed to be the least preferred, that is, numerically the highest preference value.

When evaluating multiple include-group statements within the same preference, any link that belongs to one or more of the included admin groups can be selected as an LFA next-hop. There is no relative preference based on how many of those included admin groups the link is a member of.

The exclude-group statement simply prunes all links belonging to the specified admin group before making the LFA backup next-hop selection for a prefix.

If the same group name is part of both include and exclude statements, the exclude statement will win. It other words, the exclude statement can be viewed as having an implicit preference value of zero (0).

The admin-group criteria are applied before running the LFA next-hop selection algorithm.

The no form deletes the admin group constraint from the route next-hop policy template.

Parameters

ip-admin-group-name

Specifies the name of the group, up to 32 characters.

Platforms

All

exclude-mac-policy

exclude-mac-policy

Syntax

exclude-mac-policy mac-policy-id

no exclude-mac-policy

Context

[Tree] (config>port>ethernet>dot1x>macsec exclude-mac-policy)

Full Context

configure port ethernet dot1x macsec exclude-mac-policy

Description

This command specifies the MAC policy to be excluded from MACsec encryption.

The no form of this command removes the policy from the MACsec and allows all destination MAC addresses.

Default

no exclude-mac-policy

Parameters

mac-policy-id

Specifies the MAC policy to exclude from the configuration.

Values

0 to 4294967295

Platforms

All

exclude-node

exclude-node

Syntax

exclude-node ip-address

no exclude-node

Context

[Tree] (config>router>mpls>lsp exclude-node)

Full Context

configure router mpls lsp exclude-node

Description

This command enables the option to include XRO object in the bypass LSP PATH message object. The exclude-node option is required for manual bypass LSP with XRO to FRR protect ABR node in a multi-vendor network deployment. This command must be configured on the PLR node that protects the ABR node. The ABR node IP address must be configured as exclude-node.

Default

no exclude-node

Platforms

All

exclude-prefix

exclude-prefix

Syntax

[no] exclude-prefix ipv6-prefix/prefix-length

Context

[Tree] (config>service>vprn>dhcp6>server>pool exclude-prefix)

[Tree] (config>router>dhcp6>server>pool exclude-prefix)

Full Context

configure service vprn dhcp6 local-dhcp-server pool exclude-prefix

configure router dhcp6 local-dhcp-server pool exclude-prefix

Description

This command defines a prefix that to be excluded from available prefix in the pool for DHCP6. The typical use case is to exclude the interface address.

  • A held lease is deleted if it got excluded by an exclude prefix.

  • An exclude range can never exclude only a part of an existing lease. If for example a /63 PD is assigned, an exclude of /64 which belongs to this /63 cannot be configured.

  • A single exclude prefix can never exclude a whole include prefix.

  • When applying or removing an exclude prefix, the threshold stats are adjusted to reflect the actual address space and its usage.

The no form of this command removes the prefix that is to be excluded from available prefix in the pool.

Parameters

ipv6-prefix/prefix-length

Specifies an IPv6 prefix and prefix length.

Values

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

prefix-length

0 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

exclude-protocol

exclude-protocol

Syntax

[no] exclude-protocol {protocol-name}

Context

[Tree] (config>port>ethernet>dot1x>macsec exclude-protocol)

Full Context

configure port ethernet dot1x macsec exclude-protocol

Description

Specifies protocols whose packets are not secured using Media Access Control Security (MACsec) when MACsec is enabled on a port.

When this option is enabled in a connectivity association that is attached to an interface, MACsec is not enabled for all packets of the specified protocols that are sent and received on the link.

When this option is enabled on a port where MACsec is configured, packets of the specified protocols are sent and accepted in cleartext.

The no form of this command secures the packets of the specified protocol.

Default

no exclude-protocol

Parameters

protocol-name

Specifies the protocol name.

Values

cdp, lacp, lldp, eapol-start, efm-oam, eth-cfm, ptp, ubfd

Platforms

All

exclude-tcp-retrans

exclude-tcp-retrans

Syntax

[no] exclude-tcp-retrans

Context

[Tree] (config>app-assure>group>statistics>aa-sub exclude-tcp-retrans)

Full Context

configure application-assurance group statistics aa-sub exclude-tcp-retrans

Description

This command is to only to EPC. When enabled, TCP errors and retransmission packets are not counted for the purpose of CBC. This setting has no impact on app/app-group aggregate AA stats.

Default

no exclude-tcp-retrans

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

exclusive-lock-time

exclusive-lock-time

Syntax

exclusive-lock-time seconds

no exclusive-lock

Context

[Tree] (config>router>policy-options exclusive-lock-time)

Full Context

configure router policy-options exclusive-lock-time

Description

This command specifies the inactivity timer for the exclusive lock time for policy editing. When a session is idle for greater than this time, the lock is removed and the configuration changes is aborted.

Default

exclusive-lock-time 300

Parameters

seconds

Specifies the duration the session with exclusive lock may be inactive.

Values

Values: 1 to 3600

Platforms

All

exec

exec

Syntax

exec [-echo] [-syntax] {file-name | eof-marker-string} [-argument [256 chars max] [[256 chars max]]

Context

[Tree] (exec)

Full Context

exec

Description

This command executes the contents of a text file as if they were CLI commands entered at the console.

exec commands do not have no versions.

Related Commands:

boot-bad-exec: Use this command to configure a URL for a CLI script to exec following a failed configuration boot.

boot-good-exec: Use this command to configure a URL for a CLI script to exec following a successful configuration boot.

stdin can be used as the source of commands for the exec command. When stdin is used as the exec command input, the command list is terminated with <Ctrl-C>, "EOF<Return>” or "eof_string<Return>”.

If an error occurs entering an exec file sourced from stdin, all commands after the command returning the error will be silently ignored. The exec command will indicate the command error line number when the stdin input is terminated with an end-of-file input.

Example:

Assume the test.cfg file has the following commands:

echo $(1)

echo $(2)

echo $(3)

Enter the following command:

exec test.cfg –arguments 10 20 30

The output from this command will be:

10
20
30

Parameters

-echo

Echoes the contents of the exec file to the session screen as it executes.

Default

echo disabled

-syntax

Performs a syntax check of the file without executing the commands. Syntax checking will be able to find invalid commands and keywords, but it will not be able to validate erroneous user- supplied parameters.

Default

execute file commands

file-name

Specifies the text file with CLI commands to execute, up to 256 characters.

eof-marker-string

Specifies the ASCII printable string used to indicate the end of the exec file when stdin is used as the exec file source. <Ctrl-C> and "EOF” can always be used to terminate an exec file sourced from stdin up to 254 characters.

Default

EOF

-argument

Specifies up to five arguments, each up to 256 characters.

Platforms

All

executed-cmd

executed-cmd

Syntax

[no] executed-cmd

Context

[Tree] (debug>dynsvc>scripts>script>event executed-cmd)

[Tree] (debug>dynsvc>scripts>event executed-cmd)

[Tree] (debug>dynsvc>scripts>inst>event executed-cmd)

Full Context

debug dynamic-services scripts script event executed-cmd

debug dynamic-services scripts event executed-cmd

debug dynamic-services scripts instance event executed-cmd

Description

This command enables/disables the generation of a specific dynamic data service script debugging event output: executed-cmd.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

exhausted-credit-service-level

exhausted-credit-service-level

Syntax

[no] exhausted-credit-service-level

Context

[Tree] (config>subscr-mgmt>cat-map>category exhausted-credit-service-level)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level

Description

Commands in this context configure the exhausted credit service level.

The no form of this command reverts to the default.

Default

exhausted-credit-service-level

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

exit

exit

Syntax

exit [all]

Context

[Tree] (exit)

Full Context

exit

Description

This command returns to the context from which the current level was entered. For example, to navigate to the current level on a context by context basis, then the exit command only moves the cursor back one level.

A:ALA-1# configure
A:ALA-1>config# router
A:ALA-1>config>router# ospf
A:ALA-1>config>router>ospf# exit
A:ALA-1>config>router# exit
A:ALA-1>config# exit

When navigating to the current level by entering a command string, the exit command returns the cursor to the context in which the command was initially entered.

A:ALA-1# configure router ospf
A:ALA-1>config>router>ospf# exit
A:ALA-1#

The exit all command moves the cursor all the way back to the root level.

A:ALA-1# configure
A:ALA-1>config# router
A:ALA-1>config>router# ospf
A:ALA-1>config>router>ospf# exit all
A:ALA-1#

Parameters

all

Exits back to the root CLI context.

Platforms

All

expected

expected

Syntax

expected auto-generated

expected bytes byte-string [byte-string (up to 64 bytes-strings max, 64 bytes max)]

expected string identifier

expected use-rx

Context

[Tree] (config>port>otu>pm-tti expected)

Full Context

configure port otu pm-tti expected

Description

This command allows the user to configure the expected RX trail trace identifier (TTI) for path monitoring (PM) in the ODU overhead. This identifier can be a string or a non-printable sequence of bytes. The length of the string or sequence of bytes cannot exceed 64 bytes. This trace should match the far-end port’s PM trace. When this trace does not match the received PM trace, the ODU-TIM alarm will be reported if enabled.

Default

Blank (all zeros)

Parameters

auto-generated

Sets the default.

identifier

Sets the PM TTI to the string provided by the user. If the string is less than 64 bytes, the remaining bytes will be set to 0. Up to 64 byte strings can be specified in a single statement.

byte-string

[byte1 byte2 to byte64]. Sets the PM TTI to the sequence of bytes provided by the user. If the user provides less than 64 bytes, the remaining bytes will be set to 0.

use-rx

Copies the received pm-tti to the expected either as a string or a sequence of bytes depending on the received pm-tti data.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

expected

Syntax

expected byte

expected auto

Context

[Tree] (config>port>otu>psi-payload expected)

Full Context

configure port otu psi-payload expected

Description

This command allows the user to configure the expected received payload type value in byte 0 of the Payload structure identifier (PSI) of the OPU overhead. When this values does not match the received value, the OPU-PLM alarm will be reported if it is enabled.

Default

3 for 10GE-LAN/WAN or OC192 with OTU encapsulation; 5 for GFP framed 10GE-LAN with OTU encapsulation.

Parameters

auto

Sets the expected value to the standard value in the payload type field.

byte

Specifies the expected received payload type value in bytes.

Values

[00 to FF] Hexadecimal notation

Default

00

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

expected

Syntax

expected auto-generated

expected bytes byte-string [byte-string...(up to 64 byte-strings max, 64 bytes max)]

expected string identifier

expected use-rx

Context

[Tree] (config>port>otu>sm-tti expected)

Full Context

configure port otu sm-tti expected

Description

This command enables the user to configure the expected RX Trail Trace Identifier (TTI) for Section Monitoring (SM) in the OTU overhead. This identifier can be a string or a non-printable sequence of bytes. The length of the string or sequence of bytes cannot exceed 64 bytes. This trace should match the expected far-end port’s SM trace. When this trace does not match the received SM trace, the OTU-TIM alarm will be reported if enabled.

Default

Blank (all zeros)

Parameters

auto-generated

Sets the default.

identifier

Sets the PM TTI to the string provided by the user. If the string is less than 64 bytes, the remaining bytes will be set to 0. Up to 64 byte strings can be specified in a single statement.

byte-string

[byte1 byte2 to byte64]. Sets the PM TTI to the sequence of bytes provided by the user. If the user provides less than 64 bytes, the remaining bytes will be set to 0.

use-rx

Copies the received pm-tti to the expected either as a string or a sequence of bytes depending on the received pm-tti data.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

expected-ttl

expected-ttl

Syntax

expected-ttl ttl-value

no expected-ttl ttl-value

Context

[Tree] (config>app-assure>group>tether-detect>sngl-dev expected-ttl)

Full Context

configure application-assurance group tethering-detection single-device expected-ttl

Description

This command configures the expected TTL values for single-device tethering detection.

Parameters

ttl-value

Specifies an expected TTL traffic value from host devices.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

expire-time

expire-time

Syntax

expire-time {seconds | forever}

Context

[Tree] (config>system>script-control>script-policy expire-time)

Full Context

configure system script-control script-policy expire-time

Description

This command is used to configure the maximum amount of time to keep the run history status entry from a script run.

Default

expire-time 3600

Parameters

seconds

Specifies the time to keep the run history status entry, in seconds.

Values

0 to 21474836

Default

3600 (1 hour)

forever

Specifies to keep the run history status entry indefinitely.

Platforms

All

expiry-time

expiry-time

Syntax

expiry-time expiry-time

no expiry-time

Context

[Tree] (config>subscr-mgmt>msap-policy>igmp-host-tracking expiry-time)

Full Context

configure subscriber-mgmt msap-policy igmp-host-tracking expiry-time

Description

This command configures the time that the system continues to track inactive hosts.

The no form of this command removes the values from the configuration.

Parameters

expiry-time

Specifies the time, in seconds, that this system continues to track an inactive host.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

expiry-time

Syntax

expiry-time expiry-time

no expiry-time

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>igmp-snooping expiry-time)

Full Context

configure service vprn subscriber-interface group-interface sap igmp-snooping expiry-time

Description

This command configures the time that the system continues to track inactive hosts.

The no form of this command removes the values from the configuration.

Parameters

expiry-time

Specifies the time, in seconds, that this system continues to track an inactive host.

Values

1 to 65535

expiry-time

Syntax

expiry-time expiry-time

no expiry-time

Context

[Tree] (config>service>vpls>igmp-host-tracking expiry-time)

[Tree] (config>service>vpls>sap>igmp-host-tracking expiry-time)

Full Context

configure service vpls igmp-host-tracking expiry-time

configure service vpls sap igmp-host-tracking expiry-time

Description

This command configures the time that the system continues to track inactive hosts.

The no form of this command removes the values from the configuration.

Default

no expiry-time

Parameters

expiry-time

Specifies the time, in seconds, that this system continues to track an inactive host

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

expiry-time

Syntax

expiry-time expiry-time

no expiry-time

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>igmp-host-tracking expiry-time)

[Tree] (config>service>ies>igmp-host-tracking expiry-time)

Full Context

configure service ies subscriber-interface group-interface sap igmp-host-tracking expiry-time

configure service ies igmp-host-tracking expiry-time

Description

This command configures the time that the system continues to track inactive hosts.

The no form of this command removes the values from the configuration.

Default

no expiry-time

Parameters

expiry-time

Specifies the time, in seconds, that this system continues to track an inactive host.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

expiry-time

Syntax

expiry-time expiry-time

no expiry-time

Context

[Tree] (config>service>vprn>sap>igmp-trk expiry-time)

[Tree] (config>service>vprn>igmp-trk expiry-time)

Full Context

configure service vprn sap igmp-trk expiry-time

configure service vprn igmp-host-tracking expiry-time

Description

This command configures the time that the system continues to track inactive hosts.

The no form of this command removes the values from the configuration.

Default

no expiry-time

Parameters

expiry-time

Specifies the time, in seconds, that this system continues to track an inactive host.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

explicit-sf-path

explicit-sf-path

Syntax

explicit-sf-path {primary | secondary}

no explicit-sf-path

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>source-override explicit-sf-path)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel explicit-sf-path)

Full Context

configure mcast-management multicast-info-policy bundle source-override explicit-sf-path

configure mcast-management multicast-info-policy bundle channel explicit-sf-path

Description

This command defines an explicit ingress switch fabric multicast path assigned to a multicast channel. When defined, the channel is setup with the explicit path as its inactive path. When an explicit path is not defined, all multicast channels are initialized on the secondary path and when they start to consume bandwidth, they are moved to the appropriate path based on the channel attributes and path limitations. Explicit path channels are not allowed to move from their defined path.

The explicit-sf-path command in the bundle context defines the initial path for all channels associated with the bundle unless the channel has an overriding explicit-sw-path defined in the channel context. The channel context may also be overridden by the explicit-sf-path command in the source-override context. The channel and source-override explicit-sf-path settings default to null (undefined) and have no effect unless explicitly set.

The no form of this command restores default path association behavior (dynamic or null depending on the context).

Parameters

primary

The primary and secondary keywords are mutually exclusive to one another. One keyword must be specified when executing the explicit-sf-path command. The primary keyword specifies that the primary ingress multicast path should be used as the explicit path for the channel.

secondary

The primary and secondary keywords are mutually exclusive to one another. One keyword must be specified when executing the explicit-sf-path command. The secondary keyword specifies that the secondary ingress multicast path should be used as the explicit path for the channel.

Override sequence — The channel setting overrides the bundle setting. The source-override setting overrides the channel and bundle settings.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

explicit-subscriber-map

explicit-subscriber-map

Syntax

explicit-subscriber-map

Context

[Tree] (config>subscriber-mgmt explicit-subscriber-map)

Full Context

configure subscriber-mgmt explicit-subscriber-map

Description

This command configures an explicit subscriber mapping.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

exponential-backoff

exponential-backoff

Syntax

[no] exponential-backoff

Context

[Tree] (config>system>login-control exponential-backoff)

Full Context

configure system login-control exponential-backoff

Description

This command enables the exponential-backoff of the login prompt. The exponential-backoff command is used to deter dictionary attacks, when a malicious user can gain access to the CLI by using a script to try admin with any conceivable password.

The no form of this command disables exponential-backoff.

Default

no exponential-backoff

Platforms

All

exponential-backoff-retry

exponential-backoff-retry

Syntax

exponential-backoff-retry

no exponential-backoff-retry

Context

[Tree] (config>router>mpls exponential-backoff-retry)

Full Context

configure router mpls exponential-backoff-retry

Description

This command enables the use of an exponential back-off timer when re-trying an LSP. When an LSP path establishment attempt fails, the path is put into retry procedures and a new attempt will be performed at the expiry of the user-configurable retry timer (config>router>mpls>lsp>retry-timer). By default, the retry time is constant for every attempt. The exponential back-off timer procedures will double the value of the user configured retry timer value at every failure of the attempt to adjust to the potential network congestion that caused the failure. An LSP establishment fails if no Resv message was received and the Path message retry timer expired or a PathErr message was received before the timer expired.

Platforms

All

export

export

Syntax

[no] export

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>evpn export)

Full Context

configure subscriber-mgmt isa-service-chaining evpn export

Description

Commands in this context configure information related to the export of EVPN BGP routes related to service chaining.

The no form of this command disables exporting EVPN BGP routes related to service chaining

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

export

Syntax

export policy [policy]

no export

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy export)

Full Context

configure subscriber-mgmt bgp-peering-policy export

Description

This command specifies the export policies to be used to control routes advertised to BGP neighbors.

When multiple policy names are specified, the policies are evaluated in the order they are specified. A maximum of five (5) policy names can be configured. The first policy that matches is applied.

Note:

If a non-existent route policy is applied to a VPRN instance, the CLI generates a warning message. This message is only generated at an interactive CLI session and the route policy association is made. No warning message is generated when a non-existent route policy is applied to a VPRN instance in a configuration file or when SNMP is used.

The no form of this command removes all route policy names from the export list.

Default

no export — BGP advertises routes from other BGP routes but does not advertise any routes from other protocols unless directed by an export policy.

Parameters

policy

Specifies a route policy statement name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

export

Syntax

export ip-prefix/length

no export

Context

[Tree] (config>service>ies>sub-if>wlan-gw>redundancy export)

Full Context

configure service ies subscriber-interface wlan-gw redundancy export

Description

This command specifies an IPv4 route (prefix/length) per subscriber-interface to be exported (announced) to indicate liveness of the subscriber-interface on the WLAN-GW. This route is the one that is monitored in routing by the peer WLAN-GW to decide its state with respect.

The no form of this command reverts to the default.

Parameters

ip-prefix/length

Specifies the IP prefix and length.

Values

ip-prefix:a.b.c.d

ip-prefix-length: 0 to 32

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

export

Syntax

export plcy-or-long-expr [plcy-or-expr]

no export

Context

[Tree] (config>service>vprn>bgp>group export)

[Tree] (config>service>vprn>bgp>group>neighbor export)

[Tree] (config>service>vprn>bgp export)

Full Context

configure service vprn bgp group export

configure service vprn bgp group neighbor export

configure service vprn bgp export

Description

This command is used to specify route policies that control how outbound routes transmitted to certain peers are handled. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used.

The export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple export commands are issued, the last command entered overrides the previous command.

When an export policy is not specified, BGP-learned routes are advertised by default; non-BGP routes are not advertised.

The no form of this command removes the policy association.

Default

no export

Parameters

plcy-or-long-expr

Specifies the route policy name, up to 64 characters in length, or a policy logical expression, up to 255 characters in length.

plcy-or-expr

Specifies the route policy name, up to 64 characters in length, or a policy logical expression, up to 255 characters in length.

Platforms

All

export

Syntax

[no] export policy-name [policy-name ...up to 5 max]

Context

[Tree] (config>service>vprn>isis export)

Full Context

configure service vprn isis export

Description

This command configures export routing policies that determine the routes exported from the routing table to IS-IS.

If no export policy is defined, non IS-IS routes are not exported from the routing table manager to IS-IS.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified.

If an aggregate command is also configured in the config>router context, then the aggregation is applied before the export policy is applied.

Routing policies are created in the config>router>policy-options context.

The no form of this command removes the specified policy-name or all policies from the configuration if no policy-name is specified.

Default

no export — No export policy name is specified.

Parameters

policy-name

The export policy name. Up to five policy-name arguments can be specified.

Platforms

All

export

Syntax

export policy-name [policy-name ...(up to 5 max)]

no export

Context

[Tree] (config>service>vprn>msdp>group>peer export)

[Tree] (config>service>vprn>msdp export)

[Tree] (config>service>vprn>msdp>peer export)

[Tree] (config>service>vprn>msdp>group export)

Full Context

configure service vprn msdp group peer export

configure service vprn msdp export

configure service vprn msdp peer export

configure service vprn msdp group export

Description

This command specifies the policies to export source active state from the source active list into Multicast Source Discovery Protocol (MSDP).

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no export

Parameters

policy-name

Specifies the export policy name, up to 32 characters. Up to five policy-name arguments can be specified.

If you configure an export policy at the global level, each individual peer inherits the global policy. If you configure an export policy at the group level, each individual peer in a group inherits the group’s policy. If you configure an export policy at the peer level, then policy only applies to the peer where it is configured.

Platforms

All

export

Syntax

export {unicast | ext-community}

Context

[Tree] (config>service>vprn>mvpn>vrf-target export)

Full Context

configure service vprn mvpn vrf-target export

Description

This command specifies communities to be sent to peers.

Parameters

unicast

Specifies to use unicast vrf-target ext-community for the multicast VPN.

ext-comm

An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.

Values

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

Platforms

All

export

Syntax

export ip-prefix/length

no export

Context

[Tree] (config>service>vprn>nat>outside>pool>redundancy export)

Full Context

configure service vprn nat outside pool redundancy export

Description

This command installs the export route in the routing table for active NAT pools.

Once the export route is in the routing table, it can be advertised in the network via a routing protocol. NAT pools in the standby or disabled state will not advertise the export route.

A NAT pool becomes active when it becomes operationally UP, and there is no monitoring route (which is also the export route from the peer) present in the routing node (as received from the network). The pool will transition into standby state in case that the monitoring route (or export route from the peer) is already present in the routing table. In other words, the monitoring route is already advertised as an export route from the peering node with active NAT pool.

The export route can be advertised only from:

  • The active lead pool.

  • Active pool for which fate-sharing is disabled.

Default

no export

Parameters

ip-prefix/length

Specifies the IP prefix and length.

Syntax:

ip-prefix/length:

ip-prefix

a.b.c.d

ip-prefix-length

0 to 32

Values

0, 4, 16

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

export

Syntax

export policy-name [policy-name]

no export

Context

[Tree] (config>service>vprn>ospf3>area export)

[Tree] (config>service>vprn>ospf>area export)

Full Context

configure service vprn ospf3 area export

configure service vprn ospf area export

Description

This command configures ABR export policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in to only permit the export of specified routes into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no export

Parameters

policy-name

Specifies the export route policy name. A maximum of five policy names may be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), enclose the entire string in double quotes.

The specified policy names must be predefined and already exist in the system.

Platforms

All

export

Syntax

export policy-name [policy-name]

no export

Context

[Tree] (config>service>vprn>ospf3 export)

[Tree] (config>service>vprn>ospf export)

Full Context

configure service vprn ospf3 export

configure service vprn ospf export

Description

This command associates export route policies to determine which routes are exported from the route table to OSPF. Export polices are only in effect if OSPF is configured as an ASBR.

If no export policy is specified, non-OSPF routes are not exported from the routing table manager to OSPF.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no export — No export route policies specified.

Parameters

policy-name

Specifies the export route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

The specified policy name(s) must be predefined and already exist in the system.

Platforms

All

export

Syntax

export policy-name [policy-name...(up to 5 max)]

no export

Context

[Tree] (config>service>vprn>rip>group export)

[Tree] (config>service>vprn>rip export)

[Tree] (config>service>vprn>rip>group>neighbor export)

[Tree] (config>service>vprn>ripng>group export)

[Tree] (config>service>vprn>ripng>group>neighbor export)

[Tree] (config>service>vprn>ripng export)

Full Context

configure service vprn rip group export

configure service vprn rip export

configure service vprn rip group neighbor export

configure service vprn ripng group export

configure service vprn ripng group neighbor export

configure service vprn ripng export

Description

This command specifies the export route policies used to determine routes that are exported to RIP. If no export policy is specified, non-RIP routes will not be exported from the routing table manager to RIP; RIP-learned routes will be exported to RIP neighbors.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no export

Parameters

policy-name

The export route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the string must be enclosed between double quotes. The specified names must already be defined.

Platforms

All

export

Syntax

export policy-name [policy-name]

no export

Context

[Tree] (config>router>ldp export)

Full Context

configure router ldp export

Description

This command specifies the export route policies used to determine which routes are exported to LDP. Policies are configured in the config>router>policy-options context.

If no export policy is specified, non-LDP routes will not be exported from the routing table manager to LDP. LDP-learned routes will be exported to LDP neighbors. Present implementation of export policy (outbound filtering) can be used "only” to add FECs for label propagation. The export policy does not control propagation of FECs that an LSR receives from its neighbors.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of 5 policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no export — No export route policies specified.

Parameters

policy-name

Specifies up to five export route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified name(s) must already be defined.

Platforms

All

export

Syntax

export ip-prefix/length

no export

Context

[Tree] (config>router>nat>outside>pool>redundancy export)

Full Context

configure router nat outside pool redundancy export

Description

This command configures the route to export to the peer. While the export prefix is configured and the value of the object tmnxNatPlLsnRedActive is equal to true, the system exports this prefix in the realm of the virtual router instance associated with this pool; to the NAT redundancy peer, the presence of this prefix is an indication that the Large Scale NAT function in this virtual router instance is active; hence, the export prefix of this system is the monitor prefix of the peer.

The export prefix must be different from the monitor prefix.

Default

no export

Parameters

ip-prefix/length

Specifies the IP address and length of the prefix to be exported.

Values

ip-prefix:

a.b.c.d

ip-prefix-length:

0 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

export

Syntax

export policy-name [policy-name]

no export

Context

[Tree] (config>router>msdp>peer export)

[Tree] (config>router>msdp export)

[Tree] (config>router>msdp>group export)

[Tree] (config>router>msdp>group>peer export)

Full Context

configure router msdp peer export

configure router msdp export

configure router msdp group export

configure router msdp group peer export

Description

This command specifies the policies to export source active state from the source active list into Multicast Source Discovery Protocol (MSDP).

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command applies no export policies and all SA entries are announced.

Default

no export

Parameters

policy-name

Specifies the export policy name, up to 32 characters. Up to five policy-name arguments can be specified.

If you configure an export policy at the global level, each individual peer inherits the global policy. If you configure an export policy at the group level, each individual peer in a group inherits the group’s policy. If you configure an export policy at the peer level, then policy only applies to the peer where it is configured.

Platforms

All

export

Syntax

export type {type} input filename output url-string format output-format [password [32 chars max]] [pkey filename]

Context

[Tree] (admin>certificate export)

Full Context

admin certificate export

Description

This command performs certificate operations.

Parameters

url-string

Specifies the local CF card url of the file.

Values

url-string

<local-url> [up to 99 characters]

local-url

<cflash-id>/<file-path>

cflash-id

cf1: | cf2: | cf3:

type

Specifies the type of input file.

Values

cert, key, crl

format

Specifies the format of output file.

Values

pkcs10, pkcs12, pkcs7-der, pkcs7-pem, pem, der

Platforms

All

export

Syntax

export plcy-or-long-expr [plcy-or-expr [ plcy-or-expr]

no export [plcy-or-long-expr]

Context

[Tree] (config>router>bgp>group export)

[Tree] (config>router>bgp export)

[Tree] (config>router>bgp>group>neighbor export)

Full Context

configure router bgp group export

configure router bgp export

configure router bgp group neighbor export

Description

This command specifies route policies that control the handling of outbound routes transmitted to all peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific level is used.

The export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters; the remaining 14 objects have a maximum length of 64 characters each.

When multiple export commands are issued, the last command entered overrides the previous command.

When an export policy is not specified, BGP-learned routes are advertised by default and non-BGP routes are not advertised.

The no form of this command removes the policy association.

Default

no export

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

plcy-or-expr

Specifies up to 14 route policy names (up to 64 characters each) or a policy logical expression (up to 64 characters long). Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

export

Syntax

[no] export policy-name [policy-name]

Context

[Tree] (config>router>isis export)

Full Context

configure router isis export

Description

This command configures export routing policies that determine the routes exported from the routing table to IS-IS.

If no export policy is defined, non IS-IS routes are not exported from the routing table manager to IS-IS.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified.

If an aggregate command is also configured in the config>router context, then the aggregation is applied before the export policy is applied.

Routing policies are created in the config>router>policy-options context.

The no form of this command removes the specified policy-name or all policies from the configuration if no policy-name is specified.

Parameters

policy-name

Specifies up to five export policy names.

Platforms

All

export

Syntax

export policy-name [policy-name]

no export

Context

[Tree] (config>router>ospf3 export)

[Tree] (config>router>ospf export)

Full Context

configure router ospf3 export

configure router ospf export

Description

This command associates export route policies to determine which routes are exported from the route table to OSPF. Export polices are only in effect if OSPF is configured as an ASBR.

If no export policy is specified, non-OSPF routes are not exported from the routing table manager to OSPF.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no export

Parameters

policy-name

Specifies up to 5 export route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

export

Syntax

[no] export policy-name [policy-name]

Context

[Tree] (config>router>ospf3>area export)

[Tree] (config>router>ospf>area export)

Full Context

configure router ospf3 area export

configure router ospf area export

Description

This command configures ABR export policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in order to only permit the specified routes from being exported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no export

Parameters

policy-name

Specifies up to five export route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

export

Syntax

export policy-name [policy-name]

no export

Context

[Tree] (config>router>ripng>group>neighbor export)

[Tree] (config>router>rip>group>neighbor export)

[Tree] (config>router>ripng export)

[Tree] (config>router>rip>group export)

[Tree] (config>router>rip export)

[Tree] (config>router>ripng>group export)

Full Context

configure router ripng group neighbor export

configure router rip group neighbor export

configure router ripng export

configure router rip group export

configure router rip export

configure router ripng group export

Description

This command specifies the export route policies used to determine which routes are exported to RIP.

If no export policy is specified, non-RIP routes will not be exported from the routing table manager to RIP. RIP-learned routes will be exported to RIP neighbors.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default

no export

Parameters

policy-name

Specifies up to five export route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on.), the entire string must be enclosed within double quotes.

The specified names must already be defined.

Platforms

All

export

Syntax

[no] export

Context

[Tree] (config>service>vprn>bgp-ipvpn>attribute-set export)

Full Context

configure service vprn bgp-ipvpn attribute-set export

Description

This command configures the router to add an ATTR_SET path attribute to all VPN-IP routes that come from the VRF export of BGP routes advertised by PE-CE peers of the VPRN. This attribute contains an exact copy of all BGP path attributes (post-import policy) of the PE-CE BGP route, excluding the NEXT_HOP, MP_REACH, and MP_UNREACH attributes, as well as the AS4_PATH or AS4_AGGREGATOR attributes. The origin AS in the ATTR_SET encodes the ASN (or confederation ID, if configured) of the exporting VPRN service. Neither the VRF export policy nor a regular BGP export policy is allowed to modify the contents of the ATTR_SET.

The no form of this command configures the router to not add an ATTR_SET path attribute to VPN-IP routes exported by the VPRN. Nokia recommends using the no form of this command, unless there is a requirement for the VPRN to deliver an independent domain Layer 3 VPN service.

Default

no export

Platforms

All

export-addresses

export-addresses

Syntax

export-addresses policy-name [policy-name]

no export-addresses

Context

[Tree] (config>router>ldp>session-params>peer export-addresses)

Full Context

configure router ldp session-parameters peer export-addresses

Description

This command specifies the export prefix policy to local addresses advertised to this peer.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies up to five export-prefix route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string. The specified name(s) must already be defined.

Platforms

All

export-filter

export-filter

Syntax

export-filter

Context

[Tree] (config>cflowd>collector export-filter)

Full Context

configure cflowd collector export-filter

Description

This command creates the CLI context to specify cflowd data filters. These filters allow the administrator to control which flows are sent or are not sent to an associated cflowd collector.

Platforms

All

export-grt

export-grt

Syntax

export-grt plcy-or-long-expr [ plcy-or-expr [plcy-or-expr]

no export-grt

Context

[Tree] (config>service>vprn>grt-lookup export-grt)

Full Context

configure service vprn grt-lookup export-grt

Description

This command uses the route policy to determine which routes are exported from the VRF to the GRT along with all the forwarding information. These entries are marked as BGP-VPN routes in the GRT. For proper routing to occur from the GRT to the VRF, the routes must be in the GRT.

Default

no export-grt

Parameters

plcy-or-long-expr

Specifies the route policy name, up to 64 characters, or a policy logical expression, up to 255 characters.

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Up to four policy names or logical expressions can be specified in a single statement.

Platforms

All

export-host-routes

export-host-routes

Syntax

[no] export-host-routes

Context

[Tree] (config>service>vprn>subscriber-interface export-host-routes)

[Tree] (config>service>ies>subscriber-interface export-host-routes)

Full Context

configure service vprn subscriber-interface export-host-routes

configure service ies subscriber-interface export-host-routes

Description

This command controls the export of subscriber management host routes from a retail service to the corresponding forwarding wholesale VPRN service.

By default, subscriber management host routes are not exported.

The presence of retail subscriber management host routes in the wholesale VPRN service is required for downstream traffic forwarding in multi-chassis redundancy scenarios with a redundant interface and when the retail subscriber subnets are not leaked in the wholesale VPRN service (allow-unmatching-subnets or unnumbered retail subscriber interface).

This command fails if the subscriber interface is not associated with a forwarding wholesale service subscriber interface or if the subscriber interface is not configured to support address allocation outside the provisioned subnets (allow-unmatching-subnets or unnumbered subscriber interface).

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

export-id

export-id

Syntax

export-id export-id

no export-id

Context

[Tree] (config>app-assure>group>policy>app-grp export-id)

[Tree] (config>app-assure>group>policy>application export-id)

[Tree] (config>app-assure>group>policy>application>charging-group export-id)

Full Context

configure application-assurance group policy app-group export-id

configure application-assurance group policy application export-id

configure application-assurance group policy application charging-group export-id

Description

This command assigns an export-id value to a charging group app-group or application to be used for accounting export identification in RADIUS accounting. This ID is encoded in the top 2 bytes of the RADIUS accounting VSA to identify which charging group the counter value represents.

If no export-id is assigned, that counter cannot be added to the aa-sub stats RADIUS export-type. Once a charging group index is referenced, it cannot be deleted without removing the reference.

The no form of this command removes the export-id from the configuration.

Default

no export-id

Parameters

export-id

Specifies an integer that identifies an export-id.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

export-inactive-bgp

export-inactive-bgp

Syntax

[no] export-inactive-bgp

Context

[Tree] (config>service>vprn export-inactive-bgp)

Full Context

configure service vprn export-inactive-bgp

Description

This command allows the preferred BGP route learned by a VPRN to be exported as the VPN route, even when if it is inactive in the route table because a preferred BGP VPRN route from another PE is present. This overrides the default state in which the VPRN cannot export an inactive BGP route.

For the BGP route to be exported, the VRF export policy must accept it.

This command applies to both MPLS VPN and SRv6 VPN routes. In SRv6 VPN routes the advertised instruction is an End.DT, while in MPLS VPN routes the advertised label is a per-next-hop label.

This "best-external” type of route advertisement is useful in active/standby multi-homing scenarios because it ensures that all PEs know about the backup path provided by the standby PE.

Default

no export-inactive-bgp

Platforms

All

export-inactive-bgp-enhanced

export-inactive-bgp-enhanced

Syntax

[no] export-inactive-bgp-enhanced

Context

[Tree] (config>service>vprn export-inactive-bgp-enhanced)

Full Context

configure service vprn export-inactive-bgp-enhanced

Description

This command configures the router to allow a BGP route that is inactive (because a better non-BGP route for the same prefix is present) to be exportable as a VPN-IP route.

A BGP route learned from a VPRN BGP peer is exportable as a VPN-IP route, only if it is the best route for the prefix and is installed in the route table of the VPRN. If the export-inactive-bgp command is enabled in the VPRN configuration, this rule is relaxed, and the best inactive VPRN BGP route is exportable as a VPN-IP route, provided that the active installed route for the prefix is an imported VPN-IP route.

The rule described in the preceding paragraph can be relaxed even further by enabling this command. When this command is enabled, the best inactive VPRN BGP route (best amongst all routes received from all CEs) is exportable as a VPN-IP route, regardless of the route type of the active installed route.

The configuration of this command overrides the export-inactive-bgp command. If this command is already enabled, do not enable the export-inactive-bgp command.

The no form of this command disables the router from allowing an inactive BGP route in the presence of a better non-BGP route to be exportable as a VPN-IP route.

Default

no export-inactive-bgp-enhanced

Platforms

All

export-limit

export-limit

Syntax

export-limit num-routes

no export-limit

Context

[Tree] (config>service>vprn>ospf3 export-limit)

[Tree] (config>service>vprn>ospf export-limit)

[Tree] (config>service>vprn>grt-lookup export-limit)

Full Context

configure service vprn ospf3 export-limit

configure service vprn ospf export-limit

configure service vprn grt-lookup export-limit

Description

This command limits the total number of routes exported from the VRF to the GRT. Configuring export-limit 0 disables the maximum limit for routes exported from the VRF to the GRT.

The no form of this command sets the export-limit to a default of five (5).

Default

export-limit 5

Parameters

num-routes

Specifies the maximum number of routes that can be exported. Configuring a num-routes value in a range of 1 to 1000 limits the number of routes to the specified value.

Values

0 to 1000

Platforms

All

export-limit

Syntax

export-limit number [log percentage]

no export-limit

Context

[Tree] (config>service>vprn>ripng export-limit)

[Tree] (config>service>vprn>rip export-limit)

Full Context

configure service vprn ripng export-limit

configure service vprn rip export-limit

Description

This command configures the maximum number of routes (prefixes) that can be exported into RIP from the route table.

The no form of this command removes the parameters from the configuration.

Default

no export-limit

Parameters

number

Specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table.

Values

1 to 4294967295

log percentage

Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.

Values

1 to 100

Platforms

All

export-limit

Syntax

export-limit number [log percentage]

no export-limit

Context

[Tree] (config>service>vprn>isis export-limit)

Full Context

configure service vprn isis export-limit

Description

This command configures the maximum number of routes (prefixes) that can be exported into IS-IS from the route table for the VPRN instance.

The no form of this command removes the parameters from the configuration.

Default

no export-limit - The export limit for routes or prefixes is disabled.

Parameters

number

Specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table.

Values

1 to 4294967295

log percentage

Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.

Values

1 to 100

Platforms

All

export-limit

Syntax

export-limit number [log percentage]

no export-limit

Context

[Tree] (config>router>isis export-limit)

Full Context

configure router isis export-limit

Description

This command configures the maximum number of routes (prefixes) that can be exported into IS-IS from the route table. After the maximum is reached, a warning log message is sent and additional routes are ignored.

The no form of this command removes the parameters from the configuration.

Parameters

number

Specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table.

Values

1 to 4294967295

percentage

Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.

Values

1 to 100

Platforms

All

export-limit

Syntax

export-limit number [log percentage]

no export-limit

Context

[Tree] (config>router>ospf3 export-limit)

[Tree] (config>router>ospf export-limit)

Full Context

configure router ospf3 export-limit

configure router ospf export-limit

Description

This command configures the maximum number of routes (prefixes) that can be exported into OSPF from the route table. After the maximum is reached, a warning log message is sent and additional routes are ignored.

The no form of this command removes the parameters from the configuration.

Default

no export-limit

Parameters

number

Specifies the maximum number of routes (prefixes) that can be exported into OSPF from the route table.

Values

1 to 4294967295

percentage

Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.

Values

1 to 100

Platforms

All

export-limit

Syntax

export-limit number [log percentage]

no export-limit

Context

[Tree] (config>router>rip export-limit)

[Tree] (config>router>ripng export-limit)

Full Context

configure router rip export-limit

configure router ripng export-limit

Description

This command configures the maximum number of routes (prefixes) that can be exported into RIP from the route table.

The no form of the command removes the parameters from the configuration.

Default

no export-limit

Parameters

number

Specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table.

Values

1 to 4294967295

percentage

Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.

Values

1 to 100

Platforms

All

export-mode

export-mode

Syntax

export-mode {automatic | manual}

Context

[Tree] (config>cflowd export-mode)

Full Context

configure cflowd export-mode

Description

This command can be used to control how exports are generated by the cflowd process. The default behavior is for flow data to be exported automatically based on the active and inactive time-out values. The alternative mode is manual in which case flow data is only exported when the command "tools perform cflowd manual-export” is issued. The only exception is if the cflowd cache overflows, in which case the normal automatic export process is used.

Default

export-mode automatic

Parameters

automatic

cflowd flow data is automatically generated.

manual

cflowd flow data is exported only when manually triggered.

Platforms

All

export-override

export-override

Syntax

export-override mode

no export-override

Context

[Tree] (configure>app-assure>group>cflowd export-override)

Full Context

configure application-assurance group cflowd export-override

Description

This command configures the AA sub-type used in cflowd record export. The cflowd stats exported to the cflowd collector to look identical to when AA is on the type of system defined by the mode. The following cflowd export fields are affected:

  1. cflowd export observation point (field 138), the mode will be derived from the export-override category that is selected.

  2. cflowd export AA_Subscriber_Type (field 12) modified as configured, using existing field types.

  3. cflowd interface name is used as the sub-ID field, optionally modified to use the export-override mode prefix as a global identifier.

All AA cflowd record types are affected by export-override. To change any of the export-override or prefix, cflowd must be shutdown first. When the export-override is set back to default (no export-override) the prefix is set back to the default.

The no form of this command removes the export override.

Default

no export-override

Parameters

mode

The type of system emulated by stats export.

Values

mobile(mobile gateway mode, cflowd field 138 = 2)

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

export-prefixes

export-prefixes

Syntax

[no] export-prefixes policy-name

Context

[Tree] (config>router>ldp>session-params>peer export-prefixes)

Full Context

configure router ldp session-parameters peer export-prefixes

Description

This command specifies the export route policy used to determine which prefixes received from other LDP and T-LDP peers are re-distributed to this LDP peer via the LDP/T-LDP session to this peer. A prefix that is filtered out (deny) is not exported. A prefix that is filtered in (accept) will be exported.

If no export policy is specified, all FEC prefixes learned will be exported to this LDP peer. This policy is applied in addition to the global LDP policy and targeted session policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified. Peer address has to be the peer LSR-ID address.

The no form of this command removes the policy from the configuration.

Default

no export-prefixes - no export route policy is specified

Parameters

policy-name

Specifies up to five export-prefix route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string. The specified name(s) must already be defined.

Platforms

All

export-prefixes

Syntax

export-prefixes policy-name [policy-name]

no export-prefixes

Context

[Tree] (config>router>ldp>targeted-session export-prefixes)

Full Context

configure router ldp targeted-session export-prefixes

Description

This command specifies the export route policy used to determine which FEC prefix label bindings are exported from a targeted LDP session. A route that is filtered out (deny) will not be exported. A route that is filtered in (accept) will be exported.

If no export policy is specified, all bindings learned through a targeted LDP session will be exported to all targeted LDP peers. This policy is applied in addition to the global LDP policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies up to five export policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

export-tunnel-table

export-tunnel-table

Syntax

export-tunnel-table policy-name [policy-name...(up to 5 max)]

no export-tunnel-table

Context

[Tree] (config>router>ldp export-tunnel-table)

Full Context

configure router ldp export-tunnel-table

Description

This command enables exports BGP label route and SR tunnels from the TTM into LDP for the purpose of stitching an LDP FEC to a BGP or SR tunnel for the same destination prefix.

To enable route stitching between LDP and BGP, separately configure tunnel table route export policies in both protocols and enable the advertisement of RFC 8277, Using BGP to Bind MPLS Labels to Address Prefixes, formatted labeled routes for prefixes learned from LDP FECs.

The BGP route export policy instructs BGP to listen to LDP route entries in the CPM Tunnel Table. If a /32 LDP FEC prefix matches an entry in the export policy, BGP originates a BGP labeled route, stitches it to the LDP FEC, and re-distributes the BGP labeled route to its Interior Border Gateway Protocol (IBGP) neighbors.

Using the following commands to add LDP FEC prefixes with the from protocol ldp statement in the existing BGP export policy configuration at the global level, peer-group level, or peer level:

  • config>router>bgp>export policy-name

  • config>router>bgp>group>export policy-name

  • config>router>bgp>group>neighbor>export policy-name

To indicate to BGP to evaluate the entries with the from protocol ldp statement in the export policy when applied to a specific BGP neighbor, use commands:

  • config>router>bgp>group>neighbor>family label-ipv4 and

  • config>router>bgp>group>neighbor>advertise-ldp-prefix

Without the latter configuration, only core IPv4 routes learned from RTM are advertised as BGP labeled routes to the neighbor. No stitching of LDP FEC to the BGP labeled route will be performed for this neighbor even if the same prefix was learned from LDP.

The LDP tunnel table route export policy instructs LDP to listen to BGP route entries in the CPM Tunnel Table. If a /32 BGP labeled route matches a prefix entry in the export policy, LDP originates an LDP FEC for the prefix, stitches it to the BGP labeled route, and re-distributes the LDP FEC to its IBGP neighbors.

The user can add BGP labeled route prefixes with the from protocol bgp statement in the configuration of the LDP tunnel table export policy. The from protocol statement is applied only when the protocol value is ldp. Policy entries with protocol values of rsvp, bgp, or any value other than ldp are ignored at the time the policy is applied to LDP.

In the LDP-to-SR data path direction, LDP listens to SR tunnel entries in the TTM. The user can restrict the export of SR tunnels to LDP from a specific prefix list. The user can also restrict the export to a specific IGP instance by optionally specifying the instance ID in the "from protocol” statement. The statement has an effect only when the protocol value is isis or bgp. Policy entries with any other protocol value are ignored at the time the policy is applied. If the user configures multiple from protocol statements in the same policy or does not include the from protocol statement but adds a default action of accept, then LDP will follow the TTM selection rules to select a tunnel to which it will stitch the LDP ILM:

  1. LDP selects the tunnel from the lowest TTM preference protocol.

  2. If two or more of IS-IS or OSPF protocol instances and BGP protocol have the same preference, then LDP selects the protocol using the default TTM protocol preference.

  3. Within the same IGP protocol, LDP selects the lowest instance ID.

If an LDP FEC primary next-hop cannot be resolved using an RTM route and a SR tunnel of type SR-ISIS to the same destination prefix matches a prefix entry in the export policy, LDP programs an LDP ILM and stitches it to the SR node-SID tunnel endpoint. LDP also originates an FEC for the prefix and re-distributes it to its LDP peers. When an LDP FEC is stitched to a SR tunnel, packets forwarded benefit from the protection of the LFA/remote LFA backup next-hop of the SR tunnel.

When resolving a FEC, LDP will prefer RTM over TTM when both resolutions are possible. That is, swapping the LDP ILM to a LDP NHLFE is preferred over stitching it to an SR tunnel endpoint.

Nokia recommends that the user should enable the bfd-enable option on the interfaces in LDP, IGP instance, and BGP contexts to speed up failure detection and activation of the SR LFA/remote-LFA backup next-hop or the BGP backup, depending on the stitching operation.

This feature is limited to IPv4 /32 prefixes in LDP, BGP and SR.

The no form of this command disables the export of BGP and SR tunnels to LDP.

Default

no export-tunnel-table

Parameters

policy-name

Specifies up to five export-tunnel-table route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string. The specified name(s) must already be defined.

Platforms

All

export-tunnel-table

Syntax

export-tunnel-table ldp

no export-tunnel-table

Context

[Tree] (config>router>isis>segment-routing export-tunnel-table)

Full Context

configure router isis segment-routing export-tunnel-table

Description

This command exports the LDP tunnels to an IGP instance for the purpose of stitching a SR tunnel to a LDP FEC for the same destination IPv4 /32 prefix.

In the SR-to-LDP data path direction, the SR mapping server provides a global policy for the prefixes corresponding to the LDP FECs the SR stitches to.

When this command is enabled in the segment-routing context of an IGP instance, IGP listens to LDP tunnel entries in the TTM. Whenever a LDP tunnel destination matches a prefix for which IGP received a prefix-SID sub-TLV from a mapping server, it instructs the SR module to program the SR ILM and to stitch it to the LDP tunnel endpoint. The LDP FEC can be resolved via a static route, a IS-IS instance, or an OSPF instance.

When an SR tunnel is stitched to a LDP FEC, packets forwarded will benefit from the protection of the LFA backup next-hop of the LDP FEC.

When resolving a node SID, IGP will prefer resolution of prefix SID received in a IP Reach TLV over a prefix SID received via the mapping server. That is, swapping the SR ILM to a SR NHLFE is preferred over stitching it to a LDP tunnel endpoint.

Nokia recommends that the user should enable the bfd-enable option on the interfaces in both LDP and IGP instance contexts to speed up the failure detection and the activation of the LFA/remote-LFA backup next-hop in either direction of the stitching.

This feature is limited to IPv4 /32 prefixes in both LDP and SR.

The no form of this command disables the exporting of LDP tunnels to the IGP instance.

Default

no export-tunnel-table

Parameters

ldp

Exports LDP tunnels from the tunnel table into an IGP instance.

Platforms

All

export-tunnel-table

Syntax

[no] export-tunnel-table ldp

Context

[Tree] (config>router>ospf>segm-rtng export-tunnel-table)

Full Context

configure router ospf segment-routing export-tunnel-table

Description

This command enables exporting, to an IGP instance, the LDP tunnels for the purpose of stitching a SR tunnel to a LDP FEC for the same destination IPv4 /32 prefix.

In the SR-to-LDP data path direction, the SR mapping server provides a global policy for the prefixes corresponding to the LDP FECs that the SR stitches to.

When this command is enabled in the segment-routing context of an IGP instance, IGP listens to LDP tunnel entries in the TTM. Whenever a LDP tunnel destination matches a prefix for which IGP received a prefix-SID sub-TLV from a mapping server, it instructs the SR module to program the SR ILM and to stitch it to the LDP tunnel endpoint. The LDP FEC can be resolved via a static route, a IS-IS instance, or an OSPF instance.

When an SR tunnel is stitched to a LDP FEC, packets forwarded will benefit from the protection of the LFA backup next hop of the LDP FEC.

When resolving a node SID, IGP will prefer resolution of prefix SID received in a IP Reach TLV over a prefix SID received via the mapping server. In other words, the swapping of the SR ILM to a SR NHLFE is preferred over stitching it to a LDP tunnel endpoint.

It is recommended to enable the bfd-enable option on the interfaces in both LDP and IGP instance contexts, to speed up the failure detection and the activation of the LFA/remote-LFA backup next hop in either direction of the stitching.

This feature is limited to IPv4 /32 prefixes in both LDP and SR.

The no form of this command disables the exporting of LDP tunnels to the IGP instance.

Platforms

All

export-v6-limit

export-v6-limit

Syntax

export-v6-limit num-routes

no export-v6-limit

Context

[Tree] (config>service>vprn>grt-lookup export-v6-limit)

Full Context

configure service vprn grt-lookup export-v6-limit

Description

This command limits the total number of IPv6 routes exported from the VPRN to the GRT. Configuring export-v6-limit 0 disables the maximum limit for IPv6 routes exported from the VPRN to the GRT.

The no form of this command sets the export-limit to a default of 5.

Default

export-v6-limit 5

Parameters

num-routes

Specifies the maximum number of IPv6 routes that can be exported. Configuring a num-routes value in a range of 1 to 1000 limits the number of IPv6 routes to the specified value.

Values

0 to 1000

Platforms

All

expression

expression

Syntax

expression expr-index expr-type {eq | neq} expr-string

no expression expr-index

Context

[Tree] (config>app-assure>group>policy>app-filter>entry expression)

Full Context

configure application-assurance group policy app-filter entry expression

Description

This command configures string values to use in the application definition.

Parameters

expr-index

Specifies an index value which represents expression substrings.

Values

1 to 4

expr-type

Represents a type (and thereby the expression substring).

http-host — Matches the string against the HTTP Host field or TLS Server Name Indicator (SNI).

http-uri — Matches the string against the HTTP URI field.

http-referer — Matches the string against the HTTP Referer field.

http-user-agent — Matches the string against the HTTP User Agent field.

sip-ua — Matches the string against the SIP UA field.

sip-uri — Matches the string against the SIP URI field.

sip-mt — Matches the string against the SIP MT field.

citrix-app — Matches the string against the Citrix app field.

h323-product-id — Matches the string against the h323-product-id field.

tls-cert-subj-org-name — Matches the TLS Certificate Subject Organization Name substring.

tls-cert-subj-common-name — Matches the TLS Certificate Subject Common Name substring.

rtsp-host — Matches the Real Time Streaming Protocol (RTSP) substring host.

rtsp-uri — Matches the RTSP URI substring.

rtsp-ua — Matches the RTSP UA substring.

rtmp-page-host — Matches against the RTMP Page Host field

rtmp-page-uri — Matches against the RTMP Page URI field

rtmp-swf-host — Matches against the RTMP Swf Host field

rtmp-swf-uri — Matches against the RTMP Swf URI field

dns-domain-name — Matches the string against the DNS Name field.

eq

Specifies the equal to comparison operator to match the specified HTTP string.

neq

Specifies the not equal to comparison operator to match the specified HTTP string.

expr-string

Specifies an expression string, up to 64 characters, used to define a pattern match. Denotes a printable ASCII substring used as input to an application assurance filter match criteria object.

The following syntax is permitted within the substring to define the pattern match criteria:

^<substring>* - matches when <substring> is at the beginning of the object.

*<substring>* - matches when <substring> is at any place within the object.

*<substring>$ - matches when <substring> is at the end of the object.

^<substring>$ - matches when <substring> is the entire object.

* - matches zero to many of any character. A single wildcard as infix in the expression is allowed.

\. - matches any single character

\d - matches any single decimal digit [0-9]

\I - forces case sensitivity (by default, the expression match are case insensitive), the \I can be specified anywhere between

the leading [^*] and trailing [$*]

\* - matches the asterisk character

Rules for <substring> characters:

<substring> must contain printable ASCII characters.

<substring> must not contain the "double quote” character or the " ” (space) character on its own.

<substring> match is case in sensitive by default.

<substring> must not include any regular expression meta-characters other than "*", "\I", "\.", "\*" and "\d".

The "\” (slash) character is used as an ESCAPE sequence. The following ESCAPE sequences are permitted within the <substring>:

Character to match <substring> input

Hexadecimal Octet YY \xYY

A <substring> that uses the '\' (backslash) ESCAPE character which is not followed by a "\” or "\x” and a 2-digit hex octet is not valid.

Operational notes:

  • When matching a TCP flow against HTTP-string based applications, the HTTP header fields are collected from the first HTTP request (for example a GET or a POST) for a given TCP flow. The collected strings are then evaluated against each HTTP flow created within the given TCP flow to determine whether a given HTTP flow matches the application. By not specifying a protocol, the HTTP expressions are matched against all protocols in the HTTP family. By specifying a specific HTTP protocol (for example, http_video) the expression match can be constrained to a subset of the HTTP protocols.

  • To uniquely identify a SIP-based application a protocol match is not required in the app-filter entry with the SIP expression. The SIP expression match is performed against any protocol in the SIP family (such as sip and rtp_sip). By specifying a specific SIP protocol (like rtp_sip) the expression match can be constrained to a subset of the SIP protocols.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

expression

Syntax

expression expr-index eq expr-string offset payload-octet-offset direction direction

no expression expr-index

Context

[Tree] (config>app-assure>group>policy>custom-protocol expression)

Full Context

configure application-assurance group policy custom-protocol expression

Description

This command configures an expression string value for pattern-based custom protocols match. A flow matches a custom protocol if the specified string is found at an offset of a TCP/UDP of the first payload packet.

Options:

  • client-to-server — A pattern will be matched against a flow from a TCP client.

  • server-to-client — A pattern will be matched against a flow from a TCP server.

  • any – A pattern will be matched against a TCP/UDP flow in any direction (towards or from AA subscriber)

The no form of this command deletes a specified string expression from the definition.

Parameters

expr-index

Specifies the expression substring index.

Values

1

expr-string

Denotes a printable ASCII string, up to 16 characters, used to define a custom protocol match. Rules for expr-string characters:

  • Must contain printable ASCII characters.

  • Must not contain the "double quote” character or the " ” (space) character on its own.

  • Match is case sensitive.

  • Must not include any regular expression meta-characters.

The "\” (slash) character is used as an ESCAPE sequence. The following ESCAPE sequences are permitted within the expr-string:

Character to match expr-string input

Hexadecimal Octet YY \xYY

An expr-string that uses the '\' (backslash) ESCAPE character which is not followed by a "\” or "\x” and a 2-digit hex octet is not valid.

offset payload-octet-offset

specifies the offset (in octets) into the protocol payload, where the expr-string match criteria will start.

Values

0 to 127

direction direction

Specifies the protocol direction to match against to resolve to a custom protocol.

Values

client-to-server, server-to-client, any

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

expression

Syntax

expression expr-index expr-type eq expr-string {record | no-record}

no expression expr-index

Context

[Tree] (debug>app-assure>group>http-host>filter expression)

Full Context

debug application-assurance group http-host-recorder filter expression

Description

This command configures the recorder filter expressions.

Parameters

expr-index

Specifies the expression index value.

Values

1 to 4

expr-type

Specifies the expression type.

Values

http-host

expr-string

Specifies the HTTP host filter expression string.

Values

format *<expression>$ (33 chars max)

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

expression

Syntax

expression regular-expression

no expression

Context

[Tree] (config>router>policy-options>as-path expression)

Full Context

configure router policy-options as-path expression

Description

This command configures a route policy AS path regular expression statement to use in the route policy entries.

An AS path in a BGP route matches an AS path regular expression, if the path matches the pattern of the regular expression. A regular expression incorporates terms and operators that use the terms. An individual AS number is an elementary term in the AS path regular expression. More complex terms can be built from elementary terms. The following are key operators supported by SR OS:

  • .

  • *

  • ?

  • {n}

  • {m,n}

  • {m, }

To reverse the match criteria when specifying a list of ranges or single values using square brackets, use the non-match operator (^) before the elements within the square brackets.

The no form of this command deletes the AS path regular expression statement.

Parameters

regular-expression

The AS path regular expression. Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must start and end with at signs (@); for example, "@variable@”.

null

The AS path expressed as an empty regular expression string.

Platforms

All

expression

Syntax

expression expression [exact]

no expression

Context

[Tree] (config>router>policy-options>community expression)

Full Context

configure router policy-options community expression

Description

This command creates a logical expression to match a route policy community.

The no form of this command deletes the logical expression.

Default

no expression

Parameters

expression expression

Specifies a logical expression containing terms and operators. It can contain sub-expressions enclosed in round brackets.

Values

up to 900 characters

<expression> is one of the following: <expression> {AND| OR} <expression> [NOT] ( <expression> ) [NOT] <comm-id>

For example:

from community expression "[community list A] OR ([community list B] AND [community list C])"

exact

All the communities indicated by the expression must be present in the route in order for a match to occur.

Platforms

All

expression-match

expression-match

Syntax

[no] expression-match

Context

[Tree] (config>app-assure>group>url-list expression-match)

Full Context

configure application-assurance group url-list expression-match

Description

This command configures a URL list that contains hostnames with wildcards.

The no form of this command removes the URL list containing hostnames with wildcards.

Default

no expression-match

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

extended-action

extended-action

Syntax

[no] extended-action

Context

[Tree] (config>filter>ipv6-filter>entry>action extended-action)

[Tree] (config>filter>ip-filter>entry>action extended-action)

Full Context

configure filter ipv6-filter entry action extended-action

configure filter ip-filter entry action extended-action

Description

Commands in this context configure an extended action for a filter entry's PBR action (configured under config>filter>ip-filter>entry>action and config>filter>ipv6-filter>entry>action contexts). The extended action is executed in addition to the configured PBR action.

The no form of the command removes the extended action.

Default

no extended-action

Platforms

All

extended-bw

extended-bw

Syntax

[no] extended-bw

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>features extended-bw)

Full Context

configure subscriber-mgmt diameter-application-policy gx features extended-bw

Description

This command specifies whether extended bandwidth AVPs are supported. Extended bandwidth AVPs are capable of supporting bandwidth values greater than (232 - 1) b/s. The extended AVPs allow bitrates in kb/s and are as follows:

  • Extended-GBR-DL (AVP code 2850)

  • Extended-GBR-UL (AVP code 2851)

  • Extended-Max-Requested-BW-DL (AVP code 554)

  • Extended-Max-Requested-BW-UL (AVP code 555)

  • Extended-APN-AMBR-DL (AVP code 2848)

  • Extended-APN-AMBR-UL (AVP code 2849)

The no form of this command disables the extended bandwidth AVP support.

Default

no extended-bw

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

extended-community

extended-community

Syntax

[no] extended-community

Context

[Tree] (config>router>bgp>group>neighbor>outbound-route-filtering extended-community)

[Tree] (config>router>bgp>outbound-route-filtering extended-community)

[Tree] (config>router>bgp>group>outbound-route-filtering extended-community)

Full Context

configure router bgp group neighbor outbound-route-filtering extended-community

configure router bgp outbound-route-filtering extended-community

configure router bgp group outbound-route-filtering extended-community

Description

The extended-community command opens the configuration tree for sending or accepting extended-community based BGP filters.

For the no version of the command to work, all sub-commands (send-orf, accept-orf) must be removed first.

Default

no extended-community

Platforms

All

extended-failure-handling

extended-failure-handling

Syntax

extended-failure-handling

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy extended-failure-handling)

Full Context

configure subscriber-mgmt diameter-application-policy gy extended-failure-handling

Description

Commands in this context configure Extended Failure Handling (EFH), a mechanism to establish a new Diameter Gy session with the Online Charging Server (OCS) after Credit Control Failure Handling (CCFH) CONTINUE is triggered.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

extended-lsa

extended-lsa

Syntax

extended-lsa {sparse | only}

no extended-lsa

Context

[Tree] (config>router>ospf3 extended-lsa)

Full Context

configure router ospf3 extended-lsa

Description

This command configures the use of extended LSA format in OSPFv3, as described in draft-ietf-ospf-ospfv3-lsa-extend.

Prior to this feature, SR OS used the fixed format LSA to carry the prefix and link information as described in RFC 5340, OSPF for IPv6. The fixed format is not extensible and the TLV format of the extended LSA must be used.

With this feature, the default mode of operation for OSPFv3 is referred to as sparse mode, meaning that the router will always advertise the fixed format for existing LSAs and will add the TLV-based extended LSA only when it needs to advertise new sub-TLVs. This mode of operation is similar to the way OSPFv2 advertises the segment routing information. It sends the prefix in the original fixed-format prefix LSA and then follows with the extended prefix TLV which is sent in an extended prefix opaque LSA containing the prefix SID sub-TLV.

The extended-lsa only value enables the full extended LSA mode. This causes all existing and new LSAs to use the extended LSA format.

The OSPFv3 instance must first be shut down before the user can change the mode of operation since the protocol must flush all LSAs and re-establish all adjacencies.

The no form of this command at the OSPFv3 instance level reverts the OSPFv3 instance to the default sparse mode of operation.

Default

extended-lsa sparse

Parameters

sparse

Enables the sparse mode of operation in an OSPFv3 instance.

only

Enables the full extended LSA mode of operation in an OSPFv3 instance.

Platforms

All

extended-lsa

Syntax

extended-lsa {inherit | only}

no extended-lsa

Context

[Tree] (config>router>ospf3>area extended-lsa)

Full Context

configure router ospf3 area extended-lsa

Description

This command configures the use of extended LSA format in a OSPFv3 area as described in draft-ietf-ospf-ospfv3-lsa-extend.

By default, the area inherits the instance-level configuration. The latter defaults to the sparse mode of operation. The extended-lsa only value enables the full extended LSA mode, which causes all existing and new LSAs to use the extended LSA format.

The OSPFv3 instance must first be shut down before the user can change the mode of operation since the protocol must flush all LSAs and reestablish all adjacencies.

The no form of this command at the area level returns the area to the default mode of inheriting the mode from the OSPFv3 instance level.

Default

extended-lsa inherit

Parameters

inherit

Configures the area to inherit the mode of operation enabled at the OSPFv3 instance level.

only

Enables the full extended LSA mode of operation in an OSPFv3 area.

Platforms

All

extended-nh-encoding

extended-nh-encoding

Syntax

extended-nh-encoding [ipv4]

no extended-nh-encoding

Context

[Tree] (config>service>vprn>bgp>group>neighbor extended-nh-encoding)

[Tree] (config>service>vprn>bgp extended-nh-encoding)

[Tree] (config>service>vprn>bgp>group extended-nh-encoding)

Full Context

configure service vprn bgp group neighbor extended-nh-encoding

configure service vprn bgp extended-nh-encoding

configure service vprn bgp group extended-nh-encoding

Description

This command configures BGP to advertise (at session OPEN) the capability to receive IPv4 or IPv4 routes with IPv4 or IPv6 next hops from the VPRN BGP peers included in the scope of the command. These peers should not send these routes unless they receive the capability. If the SR OS router receives an IPv4 route from a peer to which it did not advertise the necessary capability, the UPDATE message will be considered malformed and causes either a session reset or treat as withdraw behavior depending on the error handling settings.

The no form of this command causes the sending of an extended NH encoding BGP capability to the associated BGP peers to be inherited from a higher configuration level or disabled (if configured at the BGP level).

Default

no extended-nh-encoding

Parameters

ipv4

Specifies that the command should be applied to unlabeled unicast IPv4 routes.

Platforms

All

extended-nh-encoding

Syntax

extended-nh-encoding [label-ipv4] [vpn-ipv4] [ipv4]

no extended-nh-encoding

Context

[Tree] (config>router>bgp>group extended-nh-encoding)

[Tree] (config>router>bgp>group>neighbor extended-nh-encoding)

[Tree] (config>router>bgp extended-nh-encoding)

Full Context

configure router bgp group extended-nh-encoding

configure router bgp group neighbor extended-nh-encoding

configure router bgp extended-nh-encoding

Description

This command configures BGP to advertise (at session OPEN) the capability to receive label IPv4, VPN IPv4 routes, or IPv6 next hops from the peers. These peers should not send such routes unless they receive notification of this capability. If the SR OS router receives a label IPv4 or VPN IPv4 route from a peer to which it did not advertise the necessary capability, the UPDATE message will be considered malformed and this will cause either session reset or treat-as-withdraw behavior depending on the error handling settings.

The no form of this command causes the sending of an extended NH encoding BGP capability to the associated BGP peers to be inherited from a higher configuration level or disabled (if configured at the BGP level).

Default

no extended-nh-encoding

Parameters

label-ipv4

Instructs BGP to advertise an extended NH encoding capability for NLRI AFI=1, NLRI SAFI=4, and next-hop AFI=2.

vpn-ipv4

Instructs BGP to advertise an extended NH encoding capability for NLRI AFI=1, NLRI SAFI=128, and next-hop AFI=2.

ipv4

Instructs BGP to advertise an extended NH encoding capability for NLRI AFI=1, NLRI SAFI=1 and next-hop AFI=2.

Platforms

All

extended-sequence-number

extended-sequence-number

Syntax

[no] extended-sequence-number

Context

[Tree] (config>ipsec>ipsec-transform extended-sequence-number)

Full Context

configure ipsec ipsec-transform extended-sequence-number

Description

This command enables 64-bit extended sequence numbering support. This numbering is used for high throughput CHILD_SA to avoid frequent rekeying caused by sequence numbering wrap around.

The no form of this command disables extended sequence numbering support. Only 32-bit sequence numbering is supported.

Default

no extended-seq-number

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

extended-unicast

extended-unicast

Syntax

[no] extended-unicast

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if extended-unicast)

Full Context

configure mcast-management multicast-info-policy video-policy video-interface extended-unicast

Description

This command delays video unicast from switching over to multicast for 5 minutes. The unicast session can be extended further by sending an RTCP extension request, which resets the 5-minute timer. This is ideal for services that require unicast video and end devices that require extended time to switch over from unicast to multicast.

The no form of this command disables extended unicast. The unicast session switches over to multicast 1.5 seconds after the IGMP request is sent. Most Fast Channel Change deployments do not require a time extension.

Default

no extended-unicast

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

extension

extension

Syntax

[no] extension start [0 to 4095] end [0 to 4095]

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>extensions extension)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range extensions extension

Description

This command configures an additional VLAN range extension that is used for matching. Any traffic within the extension range is considered part of the same VLAN range for purposes of intra-SSID mobility.

Parameters

start [0 to 4095]

Specifies the start of the VLAN extension range

Values

0 to 4095

end[0 to 4095]

Specifies the end of VLAN extension range

Values

0 to 4095

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

extensions

extensions

Syntax

[no] extensions

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range extensions)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range extensions

Description

This command enables VLAN range extensions on this VLAN tag range.

The no form of the command disables VLAN extensions.

Default

no extensions

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

external

external

Syntax

[no] external

Context

[Tree] (config>router>policy-options>policy-statement>entry>from external)

Full Context

configure router policy-options policy-statement entry from external

Description

This command specifies the external route matching criteria for the entry.

Default

no external

Platforms

All

external-assignment

external-assignment

Syntax

[no] external-assignment

Context

[Tree] (config>router>nat>outside>pool external-assignment)

[Tree] (config>service>vprn>nat>outside>pool external-assignment)

Full Context

configure router nat outside pool external-assignment

configure service vprn nat outside pool external-assignment

Description

This command enables external allocation of L2-Aware NAT outside IP addresses from the pool.

The no form of the command disables the allocation.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

external-db-overflow

external-db-overflow

Syntax

external-db-overflow limit interval

no external-db-overflow

Context

[Tree] (config>service>vprn>ospf3 external-db-overflow)

[Tree] (config>service>vprn>ospf external-db-overflow)

Full Context

configure service vprn ospf3 external-db-overflow

configure service vprn ospf external-db-overflow

Description

This command enables limits on the number of non-default AS-external-LSA entries that can be stored in the LSDB and specifies a wait timer before processing these after the limit is exceeded.

The limit value specifies the maximum number of non-default AS-external-LSA entries that can be stored in the link-state database (LSDB). Placing a limit on the non-default AS-external-LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reach or exceed the limit, the table is in an overflow state. When in an overflow state, the router does not originate any new AS-external-LSAs and it withdraws all self-originated non-default external LSAs.

The interval specifies the amount of time to wait after an overflow state before regenerating and processing non-default AS-external-LSAs. The waiting period acts like a dampening period, which prevents the router from continuously running Shortest Path First (SPF) calculations caused by the excessive number of non-default AS-external LSAs.

The external-db-overflow must be set identically on all routers attached to any regular OSPF area. OSPF stub areas and not-so-stubby areas (NSSAs) are excluded.

The no form of this command disables limiting the number of non-default AS-external-LSA entries.

Default

no external-db-overflow — No limit on non-default AS-external-LSA entries.

Parameters

limit

The maximum number of non-default AS-external-LSA entries that can be stored in the LSDB before going into an overflow state expressed as a decimal integer.

Values

-1 to 2147483647

Note:

Setting a value of -1 is equivalent to no external-db-overflow.

interval

The number of seconds after entering an overflow state before attempting to process non-default AS-external-LSAs expressed as a decimal integer.

Values

0 to 2147483647

Platforms

All

external-db-overflow

Syntax

external-db-overflow limit interval

no external-db-overflow

Context

[Tree] (config>router>ospf3 external-db-overflow)

[Tree] (config>router>ospf external-db-overflow)

Full Context

configure router ospf3 external-db-overflow

configure router ospf external-db-overflow

Description

This command enables limits on the number of non-default AS-external-LSA entries that can be stored in the LSDB and specifies a wait timer before processing these after the limit is exceeded.

The limit value specifies the maximum number of non-default AS-external-LSA entries that can be stored in the link-state database (LSDB). Placing a limit on the non-default AS-external-LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reach or exceed the limit, the table is in an overflow state. When in an overflow state, the router will not originate any new AS-external-LSAs. In fact, it withdraws all the self-originated non-default external LSAs.

The interval specifies the amount of time to wait after an overflow state before regenerating and processing non-default AS-external-LSAs. The waiting period acts like a dampening period preventing the router from continuously running Shortest Path First (SPF) calculations caused by the excessive number of non-default AS-external LSAs.

The external-db-overflow must be set identically on all routers attached to any regular OSPF area. OSPF stub areas and not-so-stubby areas (NSSAs) are excluded.

The no form of this command disables limiting the number of non-default AS-external-LSA entries.

Default

no external-db-overflow

Parameters

limit

Specifies the maximum number of non-default AS-external-LSA entries that can be stored in the LSDB before going into an overflow state expressed as a decimal integer.

Values

0 to 2147483647

interval

The number of seconds after entering an overflow state before attempting to process non-default AS-external-LSAs expressed as a decimal integer.

Values

0 to 2147483647

Platforms

All

external-preference

external-preference

Syntax

external-preference preference

no external-preference

Context

[Tree] (config>service>vprn>isis>level external-preference)

Full Context

configure service vprn isis level external-preference

Description

This command configures the external route preference for the IS-IS level.

The external-preference command configures the preference level of either IS-IS level 1 or IS-IS level 2 external routes. By default, the preferences are as listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference decides the route to use.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is dependent on the default preference table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of the route to use is determined by the configuration of the ecmp in the config>router context.

Default

Default preferences are listed in Default Preferences.

Table 3. Default Preferences

Route Type

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

MPLS

7

OSPF internal routes

10

No

IS-IS Level 1 internal

15

Yes

IS-IS Level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS Level 1 external

160

Yes

IS-IS Level 2 external

165

Yes

BGP

170

Yes

BGP

170

Yes

Note:

  1. Internal preferences are changed using the preference command in the config>router>isis>level level-number context.

Parameters

preference

The preference for external routes at this level as expressed.

Values

1 to 255

Platforms

All

external-preference

Syntax

external-preference preference

no external-preference

Context

[Tree] (config>service>vprn>ospf3 external-preference)

[Tree] (config>service>vprn>ospf external-preference)

Full Context

configure service vprn ospf3 external-preference

configure service vprn ospf external-preference

Description

This command configures the preference for OSPF external routes.

A route can be learned by the router from different protocols, in which case the costs are not comparable. If this occurs, preference is used to decide which route is used.

Different protocols should not be configured with the same preference. If this occurs, the tiebreaker is per the default preference table as defined in Default External Route Preferences . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Table 4. Default External Route Preferences

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes1

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

1 Preference for OSPF internal routes is configured with the preference command.

Default

external-preference 150 — OSPF external routes have a default preference of 150.

Parameters

preference

The preference for external routes expressed as a decimal integer.

Values

1 to 255

Platforms

All

external-preference

Syntax

external-preference preference

no external-preference

Context

[Tree] (config>router>isis>level external-preference)

Full Context

configure router isis level external-preference

Description

This command configures the external route preference for the IS-IS level.

The external-preference command configures the preference level of either IS-IS level 1 or IS-IS level 2 external routes. By default, the preferences are as listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference decides the route to use.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is dependent on the default preference table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of the route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Default

external-preference (Level 1) — 160

external-preference (Level 2) — 165

Parameters

preference

Specifies the preference for external routes at this level as expressed.

Default preferences are listed in the following table.

Table 5. Default External Route Preferences

Route Type

Preference

Configurable

Direct attached

0

Static-route

5

Yes

OSPF internal routes

10

IS-IS Level 1 internal

15

Yes2

IS-IS Level 2 internal

18

Yes2

OSPF external

150

Yes

IS-IS Level 1 external

160

Yes

IS-IS Level 2 external

165

Yes

BGP

170

Yes

1 Internal preferences are changed using the preference command in the config>router>isis>level level-number context.
Values

1 to 255

Platforms

All

external-preference

Syntax

external-preference preference

no external-preference

Context

[Tree] (config>router>ospf3 external-preference)

[Tree] (config>router>ospf external-preference)

Full Context

configure router ospf3 external-preference

configure router ospf external-preference

Description

This command configures the preference for OSPF external routes.

A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in Route Preference Defaults by Route Type . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Default

external-preference 150

Parameters

preference

Specifies the preference for external routes expressed as a decimal integer. Defaults for different route types are listed in Route Preference Defaults by Route Type .

Table 6. Route Preference Defaults by Route Type

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes3

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

1 Preference for OSPF internal routes is configured with the preference command.
Values

1 to 255

Platforms

All

external-reference

external-reference

Syntax

external-reference

Context

[Tree] (config>service>vprn>if external-reference)

[Tree] (config>router>if external-reference)

Full Context

configure service vprn interface external-reference

configure router interface external-reference

Description

Commands in this context configure the external reference used to map a Nokia vendor-specific configuration and the OpenConfig state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

extranet

extranet

Syntax

extranet [detail]

no extranet

Context

[Tree] (debug>router>pim extranet)

Full Context

debug router pim extranet

Description

This command enables debugging for extranet PIM.

The no form of this command disables PIM extranet debugging.

Parameters

detail

Debugs detailed extranet PIM information.

Platforms

All