i Commands

i-counters

i-counters

Syntax

i-counters [all]

no i-counters

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue i-counters)

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue i-counters)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters

Description

This command configures ingress counter parameters for this custom record.

The no form of this command reverts to the default.

Parameters

all

Includes all counters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

i-counters

Syntax

i-counters [all]

no i-counters

Context

[Tree] (config>log>acct-policy>cr>policer i-counters)

[Tree] (config>log>acct-policy>cr>ref-policer i-counters)

[Tree] (config>log>acct-policy>cr>ref-queue i-counters)

[Tree] (config>log>acct-policy>cr>queue i-counters)

Full Context

configure log accounting-policy custom-record policer i-counters

configure log accounting-policy custom-record ref-policer i-counters

configure log accounting-policy custom-record ref-queue i-counters

configure log accounting-policy custom-record queue i-counters

Description

This command configures ingress counter parameters for this custom record.

The no form of this command reverts all ingress counters to their default value.

Default

i-counters

Parameters

all

Specifies that all ingress counters should be included.

Platforms

All

i-sid

i-sid

Syntax

i-sid i-sid

no i-sid

Context

[Tree] (config>test-oam>build-packet>header>pbb i-sid)

[Tree] (debug>oam>build-packet>packet>field-override>header>pbb i-sid)

Full Context

configure test-oam build-packet header pbb i-sid

debug oam build-packet packet field-override header pbb i-sid

Description

This command defines the iSID value to be used in the test PBB header.

The no form of this command reverts to the default value.

Default

i-sid 0

Parameters

i-sid

Specifies the iSID value to be used in the test PBB header.

Values

0 to 16777215

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ia-na

ia-na

Syntax

ia-na

Context

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client ia-na)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client ia-na)

Full Context

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na

Description

This command configures the IA-NA for the DHCPv6 client.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ibgp-multipath

ibgp-multipath

Syntax

[no] ibgp-multipath

Context

[Tree] (config>service>vprn>bgp ibgp-multipath)

Full Context

configure service vprn bgp ibgp-multipath

Description

This command defines the type of IBGP multipath to use when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

Platforms

All

ibgp-multipath

Syntax

[no] ibgp-multipath

Context

[Tree] (config>router>bgp ibgp-multipath)

Full Context

configure router bgp ibgp-multipath

Description

This command enables IBGP multipath load balancing when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

Default

no ibgp-multipath

Platforms

All

icmp

icmp

Syntax

icmp

Context

[Tree] (config>service>ies>sub-if>grp-if icmp)

[Tree] (config>service>ies>if icmp)

[Tree] (config>service>vprn>nw-if icmp)

[Tree] (config>service>vprn>if icmp)

Full Context

configure service ies subscriber-interface group-interface icmp

configure service ies interface icmp

configure service vprn network-interface icmp

configure service vprn interface icmp

Description

Commands in this context configure Internet Control Message Protocol (ICMP) parameters on a service.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface icmp

All

  • configure service ies interface icmp
  • configure service vprn interface icmp
  • configure service vprn network-interface icmp

icmp

Syntax

icmp

Context

[Tree] (config>subscr-mgmt>git>ipv4 icmp)

Full Context

configure subscriber-mgmt group-interface-template ipv4 icmp

Description

Commands in this context configure IPv4 Internet Control Message Protocol (ICMP) parameters.

Default

icmp

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

icmp

Syntax

icmp

Context

[Tree] (config>router>if icmp)

Full Context

configure router interface icmp

Description

This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

Platforms

All

icmp

Syntax

[no] icmp

Context

[Tree] (debug>router>ip icmp)

Full Context

debug router ip icmp

Description

This command enables ICMP debugging.

Platforms

All

icmp

Syntax

[no] icmp

Context

[Tree] (config>sys>security>cpu-protection>ip>included-protocols icmp)

Full Context

configure system security cpu-protection ip-src-monitoring included-protocols icmp

Description

This command includes the extracted IPv4 ICMP packets for ip-src-monitoring. IPv4 ICMP packets will be subject to the per-source-rate of CPU protection policies.

Default

no icmp

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

icmp

Syntax

icmp

Context

[Tree] (config>test-oam icmp)

Full Context

configure test-oam icmp

Description

Commands in this context configure test ICMP OAM parameters.

Platforms

All

icmp-code

icmp-code

Syntax

icmp-code icmp-code

no icmp-code

Context

[Tree] (config>filter>ipv6-filter>entry>match icmp-code)

[Tree] (config>filter>ipv6-exception>entry>match icmp-code)

[Tree] (config>filter>ip-exception>entry>match icmp-code)

[Tree] (config>filter>ip-filter>entry>match icmp-code)

Full Context

configure filter ipv6-filter entry match icmp-code

configure filter ipv6-exception entry match icmp-code

configure filter ip-exception entry match icmp-code

configure filter ip-filter entry match icmp-code

Description

Configures matching on /ICMPv6 code field in the /ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion or configures matching on the ICMP code field in the ICMP header of an IPv4 packet as an exception filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (for example, 2nd, 3rd) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly an entry containing " icmp-code 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-code

Parameters

icmp-code

Specifies the /ICMPv6 code value that must be present to match. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format, or even using keywords. The following value shows decimal integer only.

Values

0 to 255

Platforms

All

  • configure filter ipv6-filter entry match icmp-code
  • configure filter ip-filter entry match icmp-code

VSR

  • configure filter ipv6-exception entry match icmp-code
  • configure filter ip-exception entry match icmp-code

icmp-code

Syntax

icmp-code icmp-code

no icmp-code

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match icmp-code)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match icmp-code)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match icmp-code)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match icmp-code)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match icmp-code

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match icmp-code

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match icmp-code

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match icmp-code

Description

This command configures the ICMP code match condition.

The no form of this command reverts to the default.

Parameters

icmp-code

Specifies the ICMP code numbers accepted in DHB.

Values

[0 to 255]D, [0X0..0XFF]H, [0b0..0b11111111]B

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

icmp-code

Syntax

icmp-code icmp-code

no icmp-code

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match icmp-code)

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match icmp-code)

Full Context

configure system security cpm-filter ip-filter entry match icmp-code

configure system security cpm-filter ipv6-filter entry match icmp-code

Description

This command configures matching on ICMP code field in the ICMP header of an IP packet as an IP filter match criterion.

Note:

An entry containing Layer 4 match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information.

The behavior of the icmp-code value is dependent on the configured icmp-type value, therefore, a configuration with only an icmp-code value specified will have no effect. To match on the icmp-code, an associated icmp-type must also be specified.

The no form of this command removes the criterion from the match entry.

Default

no icmp-code

Parameters

icmp-code

Specifies the ICMP code values that must be present to match.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

icmp-echo-reply

icmp-echo-reply

Syntax

[no] icmp-echo-reply

Context

[Tree] (config>service>vprn>nat>outside>pool icmp-echo-reply)

[Tree] (config>router>nat>outside>pool icmp-echo-reply)

Full Context

configure service vprn nat outside pool icmp-echo-reply

configure router nat outside pool icmp-echo-reply

Description

IPv4 addresses in a NAT pool can be configured to respond to ICMP Echo Requests (PINGs). The configuration can be toggled online while the pool is in use.

In L2-aware NAT when port-block-extensions is disabled, the reply from an outside IP address is generated only when this IP address has at least one host (binding) behind it.

In L2-aware NAT when port-block-extensions is enabled, the reply from an outside IP address is generated regardless if a binding is present.

In LSN, the reply from an outside IP address is generated regardless if a binding is present.

The no form of the command disables ICMP echo replies.

Default

no icmp-echo-reply

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

icmp-generation

icmp-generation

Syntax

icmp-generation

Context

[Tree] (config>service>vprn>if>sap>ipsec-tunnel icmp-generation)

[Tree] (config>service>vprn>if>sap>ip-tunnel icmp-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel icmp-generation)

[Tree] (config>service>ies>if>sap>ip-tunnel icmp-generation)

[Tree] (config>ipsec>tunnel-template icmp-generation)

Full Context

configure service vprn interface sap ipsec-tunnel icmp-generation

configure service vprn interface sap ip-tunnel icmp-generation

configure router interface ipsec ipsec-tunnel icmp-generation

configure service ies interface sap ip-tunnel icmp-generation

configure ipsec tunnel-template icmp-generation

Description

This command enables the context to configure ICMP generation information.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template icmp-generation
  • configure service vprn interface sap ipsec-tunnel icmp-generation
  • configure service vprn interface sap ip-tunnel icmp-generation
  • configure service ies interface sap ip-tunnel icmp-generation

VSR

  • configure router interface ipsec ipsec-tunnel icmp-generation

icmp-ping

icmp-ping

Syntax

icmp-ping {ip-address | dns-name} [{bypass-routing | {interface interface-name} | {next-hop ip-address}}] [count requests] [do-not-fragment] [ fc fc-name] [interval { centisecs | secs}] [pattern pattern] [rapid] [{ router router-or-service | router-instance router-instance | service-name service-name}] [size bytes] [source ip-address] [ timeout timeout] [ tos type-of-service] [ttl time-to-live]

Context

[Tree] (config>saa>test>type icmp-ping)

Full Context

configure saa test type icmp-ping

Description

This command configures an ICMP traceroute test.

Parameters

ip-address | dns-name

Specifies the far-end IP address or DNS name to which to send the svc-ping request message in dotted-decimal notation.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

interface

up to 32 characters. This is mandatory for link local addresses.

dns-name

up to 128 characters

bypass-routing

Specifies whether to send the ping request to a host on a directly attached network bypassing the routing table.

interface-name

Specifies the name used to refer to the interface, up to 32 characters. The name must already exist in the config>router>interface context.

next-hop ip-address

Displays only static routes with the specified next-hop IP address.

Values

ipv4-address:

a.b.c.d (host bits must be 0)

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

requests

Specifies the number of times to perform an OAM ping probe operation. Each OAM echo message request must either time out or receive a reply before the next message request is sent.

Values

1 to 100000

Default

5

do-not-fragment

Sets the DF (Do Not Fragment) bit in the ICMP ping packet (does not apply to ICMPv6).

fc-name

Specifies the forwarding class of the SAA.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

interval {centisecs | secs}

Specifies the minimum amount of time, in seconds, that must expire before the next message request is sent. If the rapid parameter is configured, this value is measured in centiseconds (hundredths of a second) instead of seconds.

Values

1 to 10000

Default

1

pattern

Specifies the date portion in a ping packet is filled with the pattern value specified. If not specified, a system-generated sequential pattern is used.

Values

0 to 65535

rapid

Configures the interval parameter to use centiseconds (hundredths of a second) instead of seconds.

router-or-service

Specifies the numerical reference to the router instance or service. Well known router names "Base", "management", "vpm-vr-name”, and " vpls-management" are allowed for convenience, but are mapped numerically.

Values

{router-name | vprn-svc-id}

router-name:

Base, management, cmp-vr-name, vpls-management

vprn-svc-id:

1 to 2147483647

cpm-vr-name:

Up to 32 characters

The parameter router-instance is preferred for specifying the router or service.

Default

Base

router-instance

Specifies the preferred method for entering a service name. Stored as the service name. Only the service linking function is allowed for both mixed-mode and model-driven configuration modes.

Values

router-name, vprn-svc-name

router-name: Base, management, vpls-management, cpm-vr-name

vprn-svc-name: up to 64 characters

cpm-vr-name: up to 32 characters

service-name

Specifies the alias function that allows the service name to be used, converted and stored as a service ID, up to 64 characters.

The router-instance parameter is preferred for specifying the router or service.

bytes

Specifies the request packet size in bytes, expressed as a decimal integer.

Values

0 to 16384

Default

56

source ip-address

Specifies the IP address to be used.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

timeout

Specifies the override time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

type-of-service

Specifies the service type.

Values

0 to 255

Default

0

time-to-live

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 128

Default

64

Platforms

All

icmp-query

icmp-query

Syntax

icmp-query [min minutes] [ sec seconds]

no icmp-query

Context

[Tree] (config>service>nat>nat-policy>timeouts icmp-query)

[Tree] (config>service>nat>up-nat-policy>timeouts icmp-query)

Full Context

configure service nat nat-policy timeouts icmp-query

configure service nat up-nat-policy timeouts icmp-query

Description

This command configures the timeout applied to an ICMP query session.

Default

icmp-query min 1

Parameters

min minutes

Specifies the timeout, in minutes, applied to an ICMP query session.

Values

1 to 4

Default

1

sec seconds

Specifies the timeout, in seconds, applied to an ICMP query session.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

icmp-trace

icmp-trace

Syntax

icmp-trace [ip-address | dns-name] [router router-or-service | router-instance router-instance | service-name service-name] [source ip-address] [tos type-of-service] [ttl ttl] [wait milliseconds]

Context

[Tree] (config>saa>test>type icmp-trace)

Full Context

configure saa test type icmp-trace

Description

This command configures an ICMP traceroute test.

Parameters

ip-address

Specifies the far-end IP address to which to send the svc-ping request message in dotted-decimal notation.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

dns-name

up to 63 characters

dns-name

Specifies the DNS name of the far-end device to which to send the svc-ping request message, up to 63 characters.

router-instance

Specifies the preferred method for entering a service name. Stored as the service name. Only the service linking function is allowed for both mixed-mode and model-driven configuration modes.

Values

{router-name | vprn-svc-name}

router-name: Base, management, vpls-management, cpm-vr-name

vprn-svc-name: up to 64 characters

cpm-vr-name: up to 32 characters

Default

Base

router-or-service

Specifies the numerical reference to the router instance or service. Well known router names "Base", "management" and " vpls-management" are allowed for convenience, but are mapped numerically.

Values

{router-name | vprn-svc-id}

router-name:

Base, management, vpls-management

vprn-svc-id:

1 to 2147483647

The parameter router-instance is preferred for specifying the router or service.

Default

Base

service-name

Specifies the alias function that allows the service name to be used, converted and stored as service ID, up to 64 characters.

The parameter router-instance is preferred for specifying the router or service.

source ip-address

Specifies the IP address to be used.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

type-of-service

Specifies the service type.

Values

0 to 255

Default

0

ttl

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 255

Default

30

milliseconds

Specifies the time, in milliseconds, to wait for a response to a probe, expressed as a decimal integer.

Values

10 to 60000

Default

5000

Platforms

All

icmp-tunneling

icmp-tunneling

Syntax

[no] icmp-tunneling

Context

[Tree] (config>router icmp-tunneling)

Full Context

configure router icmp-tunneling

Description

This command enables the tunneling of ICMP reply packets over MPLS LSP at a LSR node as per RFC 3032.

The LSR part of this feature consists of crafting the reply ICMP packet of type=11- 'time exceeded', with a source address set to a local address of the LSR node, and appending the IP header and leading payload octets of the original datagram. The system skips the lookup of the source address of the sender of the label TTL expiry packet, which becomes the destination address of the ICMP reply packet. Instead, CPM injects the ICMP reply packet in the forward direction of the MPLS LSP the label TTL expiry packet was received from. The TTL of pushed labels should be set to 255.

The source address of the ICMP reply packet is determined as follows. The LSR uses the address of the outgoing interface for the MPLS LSP. With LDP LSP or BGP LSP multiple ECMP next-hops can exist and in such a case the first outgoing interface is selected. If that interface does not have an address of the same family (IPv4 or IPv6) as the ICMP packet, then the system address of the same family is selected. If one is not configured, the packet is dropped.

When the packet is received by the egress LER, it performs a regular user packet lookup in the data path in the GRT context for BGP shortcut, 6PE, and BGP label route prefixes, or in VPRN context for VPRN and 6VPE prefixes. It then forwards it to the destination, which is the sender of the original packet which TTL expired at the LSR.

If the egress LER does not have a route to the destination of the ICMP packet, it drops the packets.

The rate of the tunneled ICMP replies at the LSR can be directly or indirectly controlled by the existing IOM level and CPM levels mechanisms. Specifically, the rate of the incoming UDP traceroute packets received with a label stack can be controlled at ingress IOM using the distributed CPU protection feature. The rate of the ICMP replies by CPM can also be directly controlled by configuring a system wide rate limit for packets ICMP replies to MPLS expired packets which are successfully forwarded to CPM using the command 'configure system security vprn-network-exceptions'. While this command's name refers to VPRN service, this feature rate limits ICMP replies for packets received with any label stack, including VPRN and shortcuts.

The 7450 ESS, 7750 SR, and 7950 XRS implementation supports appending to the ICMP reply of type Time Exceeded the MPLS label stack object defined in RFC 4950. It does not include it in the ICMP reply type of Destination unreachable.

The new MPLS Label Stack object permits an LSR to include label stack information including label value, EXP, and TTL field values, from the encapsulation header of the packet that expired at the LSR node. The ICMP message continues to include the IP header and leading payload octets of the original datagram.

In order to include the MPLS Label Stack object, SR OS implementation adds support of RFC 4884 which defines extensions for a multi-part ICMPv4/v6 message of type Time Exceeded.

The no form of command disables the tunneling of ICMP reply packets over MPLS LSP at a LSR node.

Default

no icmp-tunneling

Platforms

All

icmp-type

icmp-type

Syntax

icmp-type icmp-type

no icmp-type

Context

[Tree] (config>filter>ipv6-exception>entry>match icmp-type)

[Tree] (config>filter>ipv6-filter>entry>match icmp-type)

[Tree] (config>filter>ip-filter>entry>match icmp-type)

[Tree] (config>filter>ip-exception>entry>match icmp-type)

Full Context

configure filter ipv6-exception entry match icmp-type

configure filter ipv6-filter entry match icmp-type

configure filter ip-filter entry match icmp-type

configure filter ip-exception entry match icmp-type

Description

This command configures matching on the /ICMPv6 type field in the /ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion or configures matching on the ICMP type field in the ICMP header of an IPv4 packet as an exception filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly an entry containing " icmp-type 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the /ICMPv6 type value that must be present to match. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format, or even using keywords. The following value shows decimal integer only.

Values

0 to 255

Platforms

VSR

  • configure filter ip-exception entry match icmp-type
  • configure filter ipv6-exception entry match icmp-type

All

  • configure filter ipv6-filter entry match icmp-type
  • configure filter ip-filter entry match icmp-type

icmp-type

Syntax

icmp-type icmp-type

no icmp-type

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match icmp-type)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match icmp-type)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match icmp-type)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match icmp-type)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match icmp-type

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match icmp-type

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match icmp-type

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match icmp-type

Description

This command configures the ICMP type match condition.

The no form of this command reverts to the default.

Parameters

icmp-type

Specifies the ICMP type numbers accepted in DHB.

Values

[0 to 255]D, [0X0..0XFF]H, [0b0..0b11111111]B

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

icmp-type

Syntax

icmp-type icmp-type

no icmp-type

Context

[Tree] (config>qos>network>egress>ip-criteria>entry>match icmp-type)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match icmp-type)

Full Context

configure qos network egress ip-criteria entry match icmp-type

configure qos network egress ipv6-criteria entry match icmp-type

Description

This command configures matching on the ICMP or ICMPv6 type field in the ICMP or ICMPv6 header of an IPv4 or IPv6 packet as a network QoS match criterion.

An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet since only the first fragment contains the Layer 4 information. Similarly, an entry containing " icmp-type 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the ICMP or ICMPv6 type value that must be present to match. Value can be expressed as a decimal integer, or in hexadecimal or binary format, or even using keywords.

Values

0 to 255 (Decimal)

0 to FF (Hexadecimal)

0 to 11111111 (Binary)

Platforms

All

icmp-type

Syntax

icmp-type icmp-type

no icmp-type

Context

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match icmp-type)

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match icmp-type)

Full Context

configure system security cpm-filter ipv6-filter entry match icmp-type

configure system security cpm-filter ip-filter entry match icmp-type

Description

This command configures matching on ICMP type field in the ICMP header of an IP packet as an IP filter match criterion.

Note:

An entry containing Layer 4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.

The no form of this command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the ICMP type values that must be present to match.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

icmp6

icmp6

Syntax

icmp6

Context

[Tree] (config>service>ies>if>ipv6 icmp6)

[Tree] (config>service>vprn>if>ipv6 icmp6)

Full Context

configure service ies interface ipv6 icmp6

configure service vprn interface ipv6 icmp6

Description

This command configures ICMPv6 parameters for the interface.

Platforms

All

icmp6

Syntax

icmp6

Context

[Tree] (config>router>if>ipv6 icmp6)

Full Context

configure router interface ipv6 icmp6

Description

Commands in this context configure ICMPv6 parameters for the interface.

Platforms

All

icmp6

Syntax

icmp6 [ip-int-name]

no icmp6

Context

[Tree] (debug>router>ip icmp6)

Full Context

debug router ip icmp6

Description

This command enables ICMPv6 debugging.

Platforms

All

icmp6-generation

icmp6-generation

Syntax

icmp6-generation

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn icmp6-generation)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>service>vprn>if>sap>ipsec-tun icmp6-generation)

[Tree] (config>ipsec>tnl-temp icmp6-generation)

[Tree] (config>service>vprn>if>sap>ip-tunnel icmp6-generation)

[Tree] (config>service>ies>if>sap>ip-tunnel icmp6-generation)

Full Context

configure router interface ipsec ipsec-tunnel dyn icmp6-generation

configure service ies interface ipsec ipsec-tunnel icmp6-generation

configure router interface ipsec ipsec-tunnel icmp6-generation

configure service vprn interface ipsec ipsec-tunnel icmp6-generation

configure service vprn interface sap ipsec-tunnel icmp6-generation

configure ipsec tunnel-template icmp6-generation

configure service vprn interface sap ip-tunnel icmp6-generation

configure service ies interface sap ip-tunnel icmp6-generation

Description

This command enables the ICMPv6 packet generation configuration context.

Platforms

VSR

  • configure service vprn interface ipsec ipsec-tunnel icmp6-generation
  • configure service ies interface ipsec ipsec-tunnel icmp6-generation
  • configure router interface ipsec ipsec-tunnel icmp6-generation

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ip-tunnel icmp6-generation
  • configure service ies interface sap ip-tunnel icmp6-generation
  • configure ipsec tunnel-template icmp6-generation
  • configure service vprn interface sap ipsec-tunnel icmp6-generation

icmp6-query

icmp6-query

Syntax

icmp6-query [min minutes] [ sec seconds]

no icmp6-query

Context

[Tree] (config>service>nat>firewall-policy>timeouts icmp6-query)

Full Context

configure service nat firewall-policy timeouts icmp6-query

Description

This command configures the timeout interval for ICMPv6 query mappings.

The no form of the command reverts the timeout interval to the default of 1 minute.

Default

icmp6-query min 1

Parameters

minutes

Specifies the number of minutes in the ICMP query mapping timeout interval.

Values

1 to 4

seconds

Specifies the number of seconds in the ICMP query mapping timeout interval.

Values

0 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

id

id

Syntax

[no] id service-id

Context

[Tree] (debug>service id)

Full Context

debug service id

Description

This command enables debugging for the specified service ID.

The no form of this command disables the debugging.

Parameters

service-id

The ID that uniquely identifies a service.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters in length

Platforms

All

id-permission

id-permission

Syntax

id-permission {chassis}

no id-permission

Context

[Tree] (cfg>eth-cfm>domain>assoc>bridge id-permission)

Full Context

configure eth-cfm domain association bridge-identifier id-permission

Description

This command allows the operator to include the sender-id TLV information that was specified under the config>eth>system>sender-id configuration for service MEPs and MIPs. When this option is present under the maintenance association, the specific MPs in the association includes the sender-id TLV information in ETH-CFM PDUs. MEPs include the sender-id TLV for CCM (not sub second CCM enabled MEPs), LBM/LBR, and LTM/LTR. MIPs includes this value in the LBR and LTR PDUs.

Note:

LBR functions reflect all TLVs received in the LBM unchanged including the SenderID TLV. Transmission of the Management Domain and Management Address fields are not supported in this TLV.

Parameters

chassis

Sends the configured chassis information defined under in the eth-cfm>system>sender-id context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

id-permission

Syntax

id-permission {chassis | defer}

no id-permission

Context

[Tree] (config>eth-cfm>default-domain>bridge-identifier id-permission)

Full Context

configure eth-cfm default-domain bridge-identifier id-permission

Description

This command enables the inclusion of the Sender ID TLV information specified under the config> eth>system>sender-id command for installed MEPs and MIPs. The inclusion of the Sender ID TLV is based on the configured value. The Sender ID TLV is supported for ETH-CC, ETH-LB, and ETH-LB PDUs.

Note: LBR functions reflect back all TLVs received in the LBM, unchanged, including the Sender ID TLV. Transmission of the Management Domain and Management Address fields are not supported in this TLV.

The no form of this command disables the inclusion of the Sender ID TLV.

Default

id-permission defer (config>eth-cfm>default-domain>bridge-identifier)

no id-permission (config>eth-cfm>domain>association>bridge)

Parameters

chassis

Keyword to include the Sender ID TLV with a value equal to the sender-id configured under the eth-cfm>system context.

defer

Keyword to specify that id-permission will inherit the value from the global read-only system values.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

identification-strings

identification-strings

Syntax

identification-strings option-number [create]

no identification-strings

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host identification-strings)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host identification-strings)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings

configure subscriber-mgmt local-user-db ppp host identification-strings

Description

This command specifies identification strings for the subscriber. This is useful when the server is centralized with Enhanced Subscriber Management (ESM) in a lower level in the network. These strings are parsed by a downstream Python script or they can be used literally if the strings-from-option option in the config>subscr-mgmt>sub-ident-policy context is set to this option number. In this case, the option number may be set to any allowed number (between 224 and 254 is suggested, as these are not dedicated to specific purposes). If the option number is not given, a default value of 254 is used. For PPPoE only, if the local user database is attached to the PPPoE node under the group interface and not to a local DHCP server, the strings are used internally so the option number is not used.

The no form of this command returns to the default.

Parameters

option-number

Specifies identification strings for the subscriber.

Values

1 to 254

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

identifier

identifier

Syntax

identifier identifier

no identifier

Context

[Tree] (config>system>bluetooth>module identifier)

Full Context

configure system bluetooth module identifier

Description

This command configures an identifier string used to advertise the Bluetooth module during pairing operations.

If no identifier is specified by the user, the default is derived from the platform type, the CPM slot, and the serial number of the chassis.

For example, a device with a platform field of 7750, SR-12 chassis, and a CPM serial number of NS23456 would have a Bluetooth identifier of "7750-SR-12-CPM-A-NS23456." for the CPM in slot A.

The no form of this command resets the identifier back to the default.

Parameters

identifier

Specifies string, up to 32 characters, using the values in the range 0-9, a-z, or A-Z.

Platforms

7750 SR-1, 7750 SR-s, 7950 XRS-20e

idi

idi

Syntax

idi any

idi ipv4-prefix {any | ipv4-prefix/ipv4-prefix-length}

idi ipv6-prefix {any | ipv6-prefix/ipv6-prefix-length}

idi string-type string-type string-value string-value

no idi

Context

[Tree] (config>ipsec>client-db>client>client-id idi)

Full Context

configure ipsec client-db client client-identification idi

Description

This command specifies a match criteria that uses the peer’s identification initiator (IDi) as the input, only one IDi criteria can be configured for a given client entry. This command supports the following matching methods:

  • idi any: Matches any type of IDi with any value.

  • idi ipv4-prefix: Matches an IDi with the type ID_IPV4_ADDR. If the any parameter is specified, then it will match any IPv4 address. If an IPv4 prefix is specified, then it will match an IPv4 address that is within the specified prefix.

  • idi ipv6-prefix: Matches an IDi with the type ID_IPV6_ADDR. If the any parameter is specified, then it will match any IPv6 address. If an IPv6 prefix is specified, then it will match an IPv6 address that is within the specified prefix.

  • idi string-type: Supports following type of IDi:

    • FQDN: Either a full match or a suffix match

    • RFC822: Either a full match or a suffix match

The no form of this command reverts to the default.

Default

no idi

Parameters

any

Matches any type of IDi with any value.

ipv4-prefix/ipv4-prefix-length

Matches any IPv4 address and prefix.

ipv6-prefix/ipv6-prefix-length

Matches any IPv6 address and prefix.

string-type

Matches the type of IDi value for this IPsec client entry.

Values

fqdn, fqdn-suffix, rfc822, rfc822-suffix

string-value

Matches the IDi value within the client ID for this IPsec client entry up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

idi

Syntax

[no] idi

Context

[Tree] (config>ipsec>client-db>match-list idi)

Full Context

configure ipsec client-db match-list idi

Description

This command enables the Identification Initiator (IDi) type in the IPsec client matching process.

The no form of this command disables the IDi matching process.

Default

no idi

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

idle-cycle-flag

idle-cycle-flag

Syntax

idle-cycle-flag {flags | ones}

no idle-cycle-flag

Context

[Tree] (config>port>tdm>ds3 idle-cycle-flag)

[Tree] (config>port>tdm>e3 idle-cycle-flag)

Full Context

configure port tdm ds3 idle-cycle-flag

configure port tdm e3 idle-cycle-flag

Description

This command configures the value that the HDLC TDM DS-0, E-3, or DS-3 interface transmits during idle cycles. For ATM ports/channels/channel-groups, the configuration does not apply and only the no form is accepted.

The no form of this command reverts the idle cycle flag to the default value.

Default

flags (0x7E)

no flags (ATM)

Parameters

flags

Specifies that 0x7E is used as the idle cycle flag.

ones

Specifies that 0xFF is used as the idle cycle flag.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

idle-filter

idle-filter

Syntax

[no] idle-filter

Context

[Tree] (config>service>vpls>gsmp>group idle-filter)

[Tree] (config>service>vprn>gsmp>group idle-filter)

Full Context

configure service vpls gsmp group idle-filter

configure service vprn gsmp group idle-filter

Description

This command when applied will filter out new incoming ANCP messages while the subscriber DSL-line-state is idle. The command takes effect at the time that it is applied. Existing subscribers already in idle state are not purged from the database.

The no form of this command reverts to the default.

Platforms

All

idle-filter

Syntax

[no] idle-filter

Context

[Tree] (config>service>vpls>gsmp idle-filter)

Full Context

configure service vpls gsmp idle-filter

Description

This command when applied will filter out new subscriber’s ANCP messages from subscriber with "DSL-line-state” IDLE.

Default

no idle-filter

Platforms

All

idle-filter

Syntax

idle-filter

no idle-filter

Context

[Tree] (config>service>vprn>gsmp idle-filter)

Full Context

configure service vprn gsmp idle-filter

Description

This command when applied will filter out new subscriber’s ANCP messages from subscriber with "DSL-line-state” IDLE.

Default

no idle-filter

Platforms

All

idle-payload-fill

idle-payload-fill

Syntax

idle-payload-fill {all-ones}

idle-payload-fill pattern pattern

no idle-payload-fill

Context

[Tree] (config>port>tdm>e1>channel-group idle-payload-fill)

[Tree] (config>port>tdm>ds1>channel-group idle-payload-fill)

Full Context

configure port tdm e1 channel-group idle-payload-fill

configure port tdm ds1 channel-group idle-payload-fill

Description

This command defines the data pattern to be transmitted when the circuit emulation service is not operational or temporarily experiences under-run conditions. This command is only valid for cesopsn and cesopsn-cas circuit emulation services. It is blocked with a warning for unstructured (satop) circuit emulation services.

Default

idle-payload-fill all-ones

Parameters

all-ones

Defines the 8 bit value to be transmitted as 11111111.

pattern

Transmits a user-defined pattern.

Values

0 to 255, accepted in decimal, hex or binary

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

idle-signal-fill

idle-signal-fill

Syntax

idle-signal-fill {all-ones}

idle-signal-fill pattern pattern

no idle-signal-fill

Context

[Tree] (config>port>tdm>e1>channel-group idle-signal-fill)

[Tree] (config>port>tdm>ds1>channel-group idle-signal-fill)

Full Context

configure port tdm e1 channel-group idle-signal-fill

configure port tdm ds1 channel-group idle-signal-fill

Description

This command defines the signaling pattern to be transmitted when the circuit emulation service is not operational or temporarily experiences under-run conditions. This command is only valid for cesopsn-cas circuit emulation services. It is blocked with a warning for unstructured (satop) and basic cesopsn circuit emulation services.

Default

idle-signal-fill all-ones

Parameters

all-ones

Defines the 8 bit value to be transmitted as 11111111.

pattern

Transmits a user-defined pattern.

Values

0 to 15, accepted in decimal, hex or binary

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

idle-time

idle-time

Syntax

idle-time idle

no idle-time

Context

[Tree] (config>system>telemetry>destination-group>tcp-keepalive idle-time)

[Tree] (config>system>grpc>tcp-keepalive idle-time)

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive idle-time)

Full Context

configure system telemetry destination-group tcp-keepalive idle-time

configure system grpc tcp-keepalive idle-time

configure system grpc-tunnel destination-group tcp-keepalive idle-time

Description

This command configures the amount of time, in seconds, that the connection must remain idle before TCP keepalive probes are sent.

The no form of this command reverts to the default value.

Default

idle-time 600

Parameters

idle

Specifies the number of seconds before the first TCP keepalive probe is sent.

Values

1 to 100000

Default

600

Platforms

All

idle-timeout

idle-timeout

Syntax

idle-timeout idle-timeout

idle-timeout infinite

no idle-timeout

Context

[Tree] (config>service>vprn>l2tp>group idle-timeout)

[Tree] (config>service>vprn>l2tp idle-timeout)

[Tree] (config>router>l2tp>group idle-timeout)

[Tree] (config>router>l2tp>group>tunnel idle-timeout)

[Tree] (config>service>vprn>l2tp>group>tunnel idle-timeout)

Full Context

configure service vprn l2tp group idle-timeout

configure service vprn l2tp idle-timeout

configure router l2tp group idle-timeout

configure router l2tp group tunnel idle-timeout

configure service vprn l2tp group tunnel idle-timeout

Description

This command configures the period of time that an established tunnel with no active sessions persists before being disconnected.

Enter the no form of this command to maintain a persistent tunnel.

The no form of this command removes the idle timeout from the configuration.

Default

no idle-timeout

Parameters

idle-timeout

Specifies the idle timeout value, in seconds until the group is removed.

Default

no idle-timeout

Values

0 to 3600

infinite

Specifies that the tunnel is not closed when idle.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

idle-timeout

Syntax

idle-timeout timeout

no idle-timeout

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map>category idle-timeout)

Full Context

configure subscriber-mgmt sla-profile category-map category idle-timeout

Description

This command defines the idle-timeout value.

The no form of this command reverts to the default.

Parameters

timeout

Specifies the idle-timeout, in seconds.

Values

60 to 15552000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

idle-timeout

Syntax

idle-timeout action idle-timeout-action

no idle-timeout

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range idle-timeout)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range idle-timeout)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range idle-timeout

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range idle-timeout

Description

This command specifies idle-timeout behavior for DSM UEs and UEs undergoing (ISA-based) portal authentication. This knob only specifies the desired action, idle-timeout is activated by RADIUS on a per-UE basis.

The no form of this command resets the idle-timeout to its default.

Default

idle-timeout action remove

Parameters

action

Specifies which action to perform when the idle-timeout timer goes off.

Values

remove, shcv

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

idle-timeout

Syntax

idle-timeout {minutes | disable}

no idle-timeout

Context

[Tree] (config>system>login-control idle-timeout)

Full Context

configure system login-control idle-timeout

Description

This command configures the idle timeout for console, Telnet, SSH, and FTP sessions before the session is terminated by the system.

By default, each idle console, Telnet, SSH, or FTP session times out after 30 minutes of inactivity.

The no form of this command reverts to the default value.

Default

idle-timeout 30

Parameters

minutes

Specifies the idle timeout in minutes. Allowed values are 1 to 1440.

Values

1 to 1440

disable

When the disable option is specified, a session will never timeout. To re-enable idle timeout, enter the command without the disable option.

Platforms

All

idle-timeout-action

idle-timeout-action

Syntax

idle-timeout-action {shcv-check | terminate}

no idle-timeout-action

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map>category idle-timeout-action)

Full Context

configure subscriber-mgmt sla-profile category-map category idle-timeout-action

Description

This command defines the action to be executed when the idle-timeout is reached. The action is performed for all hosts associated with the sla-profile instance.

The no form of this command reverts to the default.

Default

idle-timeout-action terminate

Parameters

shcv-check

Performs a subscriber host connectivity verification check (IPoE hosts only).

Note:

Host connectivity verification must be enabled on the group-interface where the host is connected.

If the check is successful, the hosts are not disconnected and the idle-timeout timer is reset.

If the check fails, the hosts are deleted, similar as for idle-timeout-action terminate.

terminate

Deletes the subscriber host from the system: for PPP hosts, a terminate request is send; for IPoE hosts a DHCP release is send to the DHCP server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ies

ies

Syntax

ies service-id [customer customer-id] [create] [ vpn vpn-id] [name name]

no ies service-id

Context

[Tree] (config>service ies)

Full Context

configure service ies

Description

This command creates or edits an IES service instance.

The ies command creates or maintains an Internet Ethernet Service (IES). If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IES services allow the creation of customer facing IP interfaces in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an IES service ID must have a SAP created as the access point to the subscriber network. This allows a combination of bridging and IP routing for redundancy purposes.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.

Multiple IES services are created to separate customer owned IP interfaces. More than one IES service may be created for a single customer ID. More than one IP interface may be created within a single IES service ID. All IP interfaces created within an IES service ID belongs to the same customer.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters

service-id

Specifies the unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn-id

Specifies the VPN ID number used to identify virtual private networks (VPNs) by a VPN identification number.

Values

1 to 2147483647

Default

null (0)

create

Keyword used to create the service ID. The create keyword requirement can be enabled or disabled in the environment>create context.

name name

This parameter configures an optional service name, up to 64 characters, which adds a name identifier to a given service to then use that service name in configuration references as well as display and use service names in show commands throughout the system. This helps the service provider or administrator to identify and manage services within the SR OS platforms.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a given service once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Service names may not begin with an integer (0 to 9).

Values

name: up to 64 characters

Platforms

All

ies

Syntax

ies service-id interface ip-int-name [direction {ingress | egress | both}]

no ies service-id interface ip-int-name

ies service-id subscriber-interface ip-int-name group-interface ip-int-name [direction {ingress | egress | both}]

no ies service-id subscriber-interface ip-int-name

Context

[Tree] (config>cflowd>collector>exp-filter>if-list>svc ies)

Full Context

configure cflowd collector export-filter interface-list service ies

Description

This command configures the IES service interface flow data sent to this collector.

The no form of this command removes the values from the configuration.

Parameters

service-id

Specifies the unique service ID number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number for every SR OS on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: 64 characters maximum

interface ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for configure router interface and configure service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters and must start with a letter. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

subscriber-interface ip-int-name

Specifies the interface name of a subscriber interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes and must start with a letter.

group-interface ip-int-name

Specifies the interface name of a group interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes and must start with a letter.

ingress

Keyword to specify that ingress flows are sent to the associated Cflowd Collector.

Default

both

egress

Keyword to specify that egress flows are sent to the associated Cflowd Collector.

Default

both

both

Keyword to specify that both ingress and egress flows are sent to the associated Cflowd Collector.

Default

both

Platforms

All

ies-vprn-only-sap-parameters

ies-vprn-only-sap-parameters

Syntax

ies-vprn-only-sap-parameters

Context

[Tree] (config>subscr-mgmt>msap-policy ies-vprn-only-sap-parameters)

Full Context

configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters

Description

Commands in this context configure managed SAP IES and VPRN properties. VPRN services are supported on the 7750 SR only.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

if-attribute

if-attribute

Syntax

if-attribute

Context

[Tree] (config>service>ies>interface if-attribute)

[Tree] (config>router if-attribute)

[Tree] (config>service>vprn>interface if-attribute)

[Tree] (config>router>interface if-attribute)

Full Context

configure service ies interface if-attribute

configure router if-attribute

configure service vprn interface if-attribute

configure router interface if-attribute

Description

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

Platforms

All

if-num

if-num

Syntax

if-num if-num

no if-num

Context

[Tree] (config>router>mpls>if>mpls-tp-mep if-num)

Full Context

configure router mpls interface mpls-tp-mep if-num

Description

This command configures the MPLS-TP interface number for the MPLS interface. This is a 32-bit unsigned integer that is node-wide unique.

Parameters

if-num

Specifies a 32-bit value that is unique to the node.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

if-num-validation

if-num-validation

Syntax

if-num-validation {enable | disable}

no if-num-validation

Context

[Tree] (config>router>mpls>if>mpls-tp-mep if-num-validation)

Full Context

configure router mpls interface mpls-tp-mep if-num-validation

Description

The if-num-validation command is used to enable or disable validation of the if-num in LSP Trace packet against the locally configured if-num for the interface over which the LSP Trace packet was received at the egress LER. This is because some third-party implementations may not perform interface validation for unnumbered MPLS-TP interfaces and instead set the if-num in the DSMAP TLV to 0. If the value is enable, the node performs the validation of the ingress and egress if-nums received in the LSP echo request messages that ingress on this MPLS-interface. It validates that the message arrives on the interface as identified by the ingress if-num, and is forwarded on the interface as identified by the egress if-num.

If the value is disable, no validation is performed for the ingress and egress if-nums received in the LSP echo request messages that ingress on this MPLS-interface.

Default

if-num-validation enable

Parameters

enable

Enables interface number validation.

disable

Disables interface number validation.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

if-policy

if-policy

Syntax

if-policy mcac-if-policy-name

no if-policy

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac if-policy)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac if-policy

Description

This command assigns an existing MCAC interface policy to this MSAP policy.

The no form of this command removes the MCAC interface policy association.

Parameters

mcac-if-policy-name

Specifies an existing MCAC interface policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

if-policy

Syntax

if-policy if-policy-name

no if-policy

Context

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>mcac if-policy)

[Tree] (config>service>vpls>sap>mld-snooping>mcac if-policy)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac if-policy)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>mcac if-policy)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>mcac if-policy)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>mcac if-policy)

Full Context

configure service vpls mesh-sdp igmp-snooping mcac if-policy

configure service vpls sap mld-snooping mcac if-policy

configure service vpls sap igmp-snooping mcac if-policy

configure service vpls spoke-sdp mld-snooping mcac if-policy

configure service vpls spoke-sdp igmp-snooping mcac if-policy

configure service vpls mesh-sdp mld-snooping mcac if-policy

Description

This command assigns existing MCAC interface policy to this interface. MCAC interface policy is not supported with MLD-snooping, therefore executing the command in the mld-snooping contexts will return an error.

The no form of this command removes the MCAC interface policy association.

Default

no if-policy

Parameters

mcac-if-policy-name

Specifies an existing MCAC interface policy

Platforms

All

if-policy

Syntax

if-policy if-policy-name

no if-policy

Context

[Tree] (config>service>vprn>igmp>grp-if>mcac if-policy)

[Tree] (config>service>vprn>pim>if>mcac if-policy)

[Tree] (config>service>vprn>igmp>if>mcac if-policy)

[Tree] (config>service>vprn>mld>grp-if>mcac if-policy)

[Tree] (config>service>vprn>mld>if>mcac if-policy)

Full Context

configure service vprn igmp group-interface mcac if-policy

configure service vprn pim interface mcac if-policy

configure service vprn igmp interface mcac if-policy

configure service vprn mld group-interface mcac if-policy

configure service vprn mld interface mcac if-policy

Description

This command assigns existing an MCAC interface policy to this interface.

The no form of this command removes the MCAC interface policy association.

Default

no if-policy

Parameters

if-policy-name

Specifies an existing MCAC interface policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn mld group-interface mcac if-policy
  • configure service vprn igmp group-interface mcac if-policy

All

  • configure service vprn mld interface mcac if-policy
  • configure service vprn pim interface mcac if-policy
  • configure service vprn igmp interface mcac if-policy

if-policy

Syntax

ip-policy if-policy-name

no if-policy

Context

[Tree] (config>router>igmp>if>mcac if-policy)

[Tree] (config>router>igmp>grp-if>mcac if-policy)

[Tree] (config>router>mld>if>mcac if-policy)

[Tree] (config>router>mld>grp-if>mcac if-policy)

[Tree] (config>router>pim>if>mcac if-policy)

Full Context

configure router igmp interface mcac if-policy

configure router igmp group-interface mcac if-policy

configure router mld interface mcac if-policy

configure router mld group-interface mcac if-policy

configure router pim interface mcac if-policy

Description

This command assigns an existing MCAC interface policy to the interface.

The no form removes the MCAC interface policy association.

Default

no if-policy

Parameters

if-policy-name

Specifies an existing MCAC interface policy, up to 32 characters.

Platforms

All

  • configure router igmp interface mcac if-policy
  • configure router mld interface mcac if-policy
  • configure router pim interface mcac if-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router mld group-interface mcac if-policy
  • configure router igmp group-interface mcac if-policy

if-policy

Syntax

[no] if-policy if-policy-name

Context

[Tree] (config>router>mcac if-policy)

Full Context

configure router mcac if-policy

Description

This command creates an MCAC interface policy and enables the context to configure parameters for the policy.

The no form of this command deletes the MCAC interface policy.

Parameters

if-policy-name

Specifies the name of the MCAC interface policy, up to 32 characters.

Platforms

All

ifdv-avg

ifdv-avg

Syntax

[no] ifdv-avg {forward | backward | round-trip}

Context

[Tree] (config>oam-pm>streaming>delay-template ifdv-avg)

Full Context

configure oam-pm streaming delay-template ifdv-avg

Description

This command specifies the sending of average inter-frame delay variation for a specified direction.

The no form of this command deletes the specified average direction.

Note:

All directions can be specified if all directions are important for reporting. However, only enable those directions that are required.

Parameters

forward

Specifies the measurement in the forward direction.

backward

Specifies the measurement in the backward direction.

round-trip

Specifies the measurement for the round trip.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

iff-attribute-uniform-propagation

iff-attribute-uniform-propagation

Syntax

[no] iff-attribute-uniform-propagation

Context

[Tree] (config>service>system>bgp-evpn>ip-prefix-routes iff-attribute-uniform-propagation)

Full Context

configure service system bgp-evpn ip-prefix-routes iff-attribute-uniform-propagation

Description

This command enables the uniform propagation of BGP attributes for EVPN Interface-ful (EVPN-IFF) routes. EVPN-IFF is used in R-VPLS services with bgp-evpn>ip-route-advertisement. When enabled, the received EVPN-IFF routes for the R-VPLS can be propagated with the original BGP path attributes into EVPN-IFL, IPVPN, EVPN-IFF (in other R-VPLS services), or BGP IP routes advertised for the attached VPRN. This command also enables the attribute propagation in the opposite direction; for example, from EVPN-IFL, IPVPN, IP, or EVPN-IFF routes into EVPN-IFF routes.

The propagation is in accordance with the uniform mode defined in draft-ietf-bess-evpn-ipvpn-interworking.

The no form of this command re-originates the BGP path attributes when propagating EVPN-IFF routes into other inter-subnet forwarding families.

Default

no iff-attribute-uniform-propagation

Platforms

All

iff-bgp-path-selection

iff-bgp-path-selection

Syntax

iff-bgp-path-selection [d-path-length-ignore]

no iff-bgp-path-selection

Context

[Tree] (config>service>system>bgp-evpn>ip-prefix-routes iff-bgp-path-selection)

Full Context

configure service system bgp-evpn ip-prefix-routes iff-bgp-path-selection

Description

This command enables BGP path selection for EVPN-IFF (Interface-ful) routes.

Once the command is enabled, the EVPN-IFF routes are ordered and selected in a similar manner as IPVPN or EVPN-IFL routes, that is, based on the regular BGP path selection process.

The no form of this command causes the system to order EVPN-IFF routes based on their {R-VPLS Ifindex, RD, Ethernet Tag}. For example, if two EVPN-IFF routes with different Route Distinguishers (RDs) are received for the same prefix on the same R-VPLS, the route with the lowest RD is selected.

Default

no iff-bgp-path-selection

Parameters

d-path-length-ignore

Keyword used to make EVPN ignore the D-PATH length when iff-bgp-path-selection is enabled.

Platforms

All

igmp

igmp

Syntax

[no] igmp [host ip-address] [ group grp-address]

Context

[Tree] (debug>mcast-mgmt>mcast-rprt-dest igmp)

Full Context

debug mcast-management mcast-reporting-dest igmp

Description

This command sets mcast reporting dest debug filtering options and applies only to the 7750 SR.

Platforms

All

igmp

Syntax

[no] igmp

Context

[Tree] (config>redundancy>multi-chassis>peer>sync igmp)

Full Context

configure redundancy multi-chassis peer sync igmp

Description

This command specifies whether IGMP protocol information should be synchronized with the multi-chassis peer.

Default

no igmp

Platforms

All

igmp

Syntax

[no] igmp

Context

[Tree] (config>service>vprn igmp)

Full Context

configure service vprn igmp

Description

Commands in this context configure IGMP parameters.

The no form of this command disables IGMP.

Default

no igmp

Platforms

All

igmp

Syntax

[no] igmp

Context

[Tree] (config>router igmp)

Full Context

configure router igmp

Description

This command enables the Internet Group Management Protocol (IGMP) context. When the context is created, the IGMP protocol is enabled.

The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their IP multicast group memberships to neighboring multicast routers. An IP multicast router can be a member of one or more multicast groups, in which case it performs both the "multicast router part” of the protocol which collects the membership information needed by its multicast routing protocol, and the "group member part” of the protocol which informs itself and other neighboring multicast routers of its memberships.

The no form of the command disables the IGMP instance. To start or suspend execution of IGMP without affecting the configuration, use the no shutdown command.

Platforms

All

igmp

Syntax

[no] igmp

Context

[Tree] (config>sys>security>cpu-protection>ip>included-protocols igmp)

Full Context

configure system security cpu-protection ip-src-monitoring included-protocols igmp

Description

This command includes the extracted IPv4 IGMP packets for ip-src-monitoring. IPv4 IGMP packets will be subject to the per-source-rate of CPU protection policies.

Default

no igmp

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

igmp-host-tracking

igmp-host-tracking

Syntax

igmp-host-tracking

Context

[Tree] (config>subscr-mgmt>msap-policy igmp-host-tracking)

Full Context

configure subscriber-mgmt msap-policy igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-host-tracking

Syntax

igmp-host-tracking

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap igmp-host-tracking)

Full Context

configure service vprn subscriber-interface group-interface sap igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-host-tracking

Syntax

igmp-host-tracking

Context

[Tree] (config>service>vpls>sap igmp-host-tracking)

[Tree] (config>service>vpls igmp-host-tracking)

Full Context

configure service vpls sap igmp-host-tracking

configure service vpls igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-host-tracking

Syntax

igmp-host-tracking

Context

[Tree] (config>service>ies>sub-if>grp-if>sap igmp-host-tracking)

[Tree] (config>service>ies igmp-host-tracking)

Full Context

configure service ies subscriber-interface group-interface sap igmp-host-tracking

configure service ies igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-host-tracking

Syntax

igmp-host-tracking

Context

[Tree] (config>service>vprn igmp-host-tracking)

[Tree] (config>service>vprn>sap igmp-host-tracking)

Full Context

configure service vprn igmp-host-tracking

configure service vprn sap igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-policy

igmp-policy

Syntax

igmp-policy policy-name [create]

no igmp-policy

Context

[Tree] (config>subscr-mgmt igmp-policy)

Full Context

configure subscriber-mgmt igmp-policy

Description

This command configures an IGMP policy.

The no form of this command reverts to the default value.

Parameters

policy-name

Specifies the policy name up to 32 characters.

create

Keyword used to create the IGMP policy. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-policy

Syntax

igmp-policy policy-name

no igmp-policy

Context

[Tree] (config>subscr-mgmt>sub-prof igmp-policy)

Full Context

configure subscriber-mgmt sub-profile igmp-policy

Description

This command will enable IGMP processing per subscriber host. Without this command IGMP states will not be maintained per subscriber hosts. The referenced policy is defined under the configure>subscr-mgmt context and can be only applied via the sub-profile.

The referenced policy contains entries such as:

  • description statement

  • import statement — IGMP filters

  • egress-rate-modify statement—HQoS Adjustment

  • mcast-redirection statement—redirection to alternate interface

  • static statement—definition of static IGMP groups

  • version statement —IGMP version

  • fast-leave statement

  • max-num-groups statement—the maximum number of multicast groups allowed

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the name of the IGMP policy for the subscriber. The policy itself is defined under the configure>sub-mgmt context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-snooping

igmp-snooping

Syntax

igmp-snooping

Context

[Tree] (config>service>vpls>sap igmp-snooping)

[Tree] (config>service>vpls>allow-ip-int-bind igmp-snooping)

[Tree] (config>service>vpls>spoke-sdp igmp-snooping)

[Tree] (config>service>vpls>mesh-sdp igmp-snooping)

[Tree] (config>service>vpls igmp-snooping)

Full Context

configure service vpls sap igmp-snooping

configure service vpls allow-ip-int-bind igmp-snooping

configure service vpls spoke-sdp igmp-snooping

configure service vpls mesh-sdp igmp-snooping

configure service vpls igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

All

igmp-snooping

Syntax

igmp-snooping

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only igmp-snooping)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping

Description

Commands in this context configure Internet Group Management Protocol (IGMP) snooping parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

igmp-snooping

Syntax

[no] igmp-snooping

Context

[Tree] (config>redundancy>multi-chassis>peer>sync igmp-snooping)

Full Context

configure redundancy multi-chassis peer sync igmp-snooping

Description

This command specifies whether IGMP snooping information should be synchronized with the multi-chassis peer.

Default

no igmp-snooping

Platforms

All

igmp-snooping

Syntax

igmp-snooping

Context

[Tree] (config>service>vpls>vxlan igmp-snooping)

Full Context

configure service vpls vxlan igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

All

igmp-snooping

Syntax

igmp-snooping

Context

[Tree] (config>service>vpls>pbb>bvpls igmp-snooping)

[Tree] (config>service>vpls>pbb>bvpls>sdp igmp-snooping)

[Tree] (config>service>vpls>pbb>bvpls>sap igmp-snooping)

Full Context

configure service vpls pbb backbone-vpls igmp-snooping

configure service vpls pbb backbone-vpls sdp igmp-snooping

configure service vpls pbb backbone-vpls sap igmp-snooping

Description

This command configures IGMP snooping attributes for I-VPLS.

Platforms

All

igmp-snooping

Syntax

[no] igmp-snooping

Context

[Tree] (debug>service>id igmp-snooping)

Full Context

debug service id igmp-snooping

Description

This command enables and configures IGMP-snooping debugging.

Platforms

All

igmp-snooping

Syntax

igmp-snooping

Context

[Tree] (config>service>pw-template igmp-snooping)

Full Context

configure service pw-template igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

All

ignore-app-profile

ignore-app-profile

Syntax

ignore-app-profile

no ignore-app-profile

Context

[Tree] (config subscr-mgmt http-redirect-policy ignore-app-profile)

Full Context

configure subscriber-mgmt http-redirect-policy ignore-app-profile

Description

When enabled, the Alc-App-Prof-Str VSA is ignored in a RADIUS Accept that enables portal redirection using this redirect policy. AA functionality is disabled during portal authentication.

The no form of this command allows an Alc-App-Prof-Str to be present and enables Application Assurance during portal authentication. In this case redirection rules defined in this policy are bypassed and it is assumed the AA function is configured for portal redirection.

Default

no ignore-app-profile

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ignore-attached-bit

ignore-attached-bit

Syntax

ignore-attached-bit

no ignore-attached-bit

Context

[Tree] (config>service>vprn>isis ignore-attached-bit)

Full Context

configure service vprn isis ignore-attached-bit

Description

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

Platforms

All

ignore-attached-bit

Syntax

ignore-attached-bit

[no] ignore-attached-bit

Context

[Tree] (config>router>isis ignore-attached-bit)

Full Context

configure router isis ignore-attached-bit

Description

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

Platforms

All

ignore-avps

ignore-avps

Syntax

ignore-avps [sequencing-required]

no ignore-avps

Context

[Tree] (config>router>l2tp ignore-avps)

[Tree] (config>service>vprn>l2tp ignore-avps)

Full Context

configure router l2tp ignore-avps

configure service vprn l2tp ignore-avps

Description

This command specifies the L2TP AVPs that should be ignored in L2TP session control.

The no form of this command reverts to the default.

Parameters

sequencing-required

Ignores the [39] Sequencing Required AVP on LNS when present in the L2TP ICCN message received from LAC. By default, the session at LNS would be disconnected, in this case with the Call Disconnect Notify (CDN) error code unknownMandatoryReceive(8). Note that when configured, to ignore the Sequencing Required AVP there is no Sequence Numbers inserted into the data channel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ignore-default

ignore-default

Syntax

[no] ignore-default

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6 ignore-default)

[Tree] (config>service>ies>if ignore-default)

[Tree] (config>service>vprn>sub-if>grp-if ignore-default)

[Tree] (config>service>ies>if>ipv6 ignore-default)

[Tree] (config>service>ies>sub-if>grp-if ignore-default)

Full Context

configure service ies subscriber-interface group-interface ipv6 ignore-default

configure service ies interface ignore-default

configure service vprn subscriber-interface group-interface ignore-default

configure service ies interface ipv6 ignore-default

configure service ies subscriber-interface group-interface ignore-default

Description

This command enables the default route when performing a uRPF check.

The no form of this command disables the default route.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface ipv6 ignore-default
  • configure service ies subscriber-interface group-interface ignore-default
  • configure service vprn subscriber-interface group-interface ignore-default

All

  • configure service ies interface ipv6 ignore-default
  • configure service ies interface ignore-default

ignore-default

Syntax

[no] ignore-default

Context

[Tree] (config>router>if>urpf-check ignore-default)

[Tree] (config>router>if>ipv6>urpf-check ignore-default)

Full Context

configure router interface urpf-check ignore-default

configure router interface ipv6 urpf-check ignore-default

Description

This command configures the uRPF check (if enabled) to ignore default routes for purposes of determining the validity of incoming packets. By default, default routes are considered eligible.

Platforms

All

ignore-df-bit

ignore-df-bit

Syntax

[no] ignore-df-bit

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ignore-df-bit)

Full Context

configure subscriber-mgmt local-user-db ppp host ignore-df-bit

Description

When this command is enabled for a subscriber host, the do-not-fragment (DF) bit in the IPv4 header for frames egressing the subscriber interface is ignored, the frames are fragmented according the applicable egress MTU. The DF bit is reset for frames that are fragmented.

This command applies to PPPoE PTA and L2TP LNS frames only. It is not applicable for L2TP LAC frames.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ignore-df-bit

Syntax

[no] ignore-df-bit

Context

[Tree] (config>service>vprn>sub-if>grp-if ignore-df-bit)

[Tree] (config>service>ies>sub-if>grp-if ignore-df-bit)

Full Context

configure service vprn subscriber-interface group-interface ignore-df-bit

configure service ies subscriber-interface group-interface ignore-df-bit

Description

This command enables the ignore-df-bit flag that ignores the do-not-fragment (DF) bit for frames egressing the WLAN-GW group interface and fragments the frame according to the applicable egress MTU. The DF bit is reset for the frames that are fragmented.

The no form of this command causes the router to fragment a packet larger than the MTU if the DF bit is set to 0 and drops the packet if the DF bit is set to 1.

Default

no ignore-df-bit

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ignore-dn-bit

ignore-dn-bit

Syntax

[no] ignore-dn-bit

Context

[Tree] (config>service>vprn>ospf ignore-dn-bit)

[Tree] (config>service>vprn>ospf3 ignore-dn-bit)

Full Context

configure service vprn ospf ignore-dn-bit

configure service vprn ospf3 ignore-dn-bit

Description

This command specifies whether to ignore the DN bit for OSPF LSA packets for this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets are ignored.

The no form of this command does not ignore the DN bit for OSPF LSA packets.

Default

no ignore-dn-bit

Platforms

All

ignore-efm-state

ignore-efm-state

Syntax

[no] ignore-efm-state

Context

[Tree] (config>port>ethernet>efm-oam ignore-efm-state)

Full Context

configure port ethernet efm-oam ignore-efm-state

Description

When the ignore-efm-state command is configured, any failure in the protocol state machine (discovery, configuration, timeout, loops, and so on) does not impact the state of the port. There is only be a protocol warning message on the port. If this optional command is not configured, the port state is affected by any existing EFM-OAM protocol fault condition.

Default

no ignore-efm-state

Platforms

All

ignore-l2vpn-mtu-mismatch

ignore-l2vpn-mtu-mismatch

Syntax

ignore-l2vpn-mtu-mismatch

no ignore-l2vpn-mtu-mismatch

Context

[Tree] (config>service>epipe ignore-l2vpn-mtu-mismatch)

Full Context

configure service epipe ignore-l2vpn-mtu-mismatch

Description

This command enables the router to bring up a BGP-VPWS service regardless of any MTU mismatch. The router does not check the value of the Layer 2 MTU in the Layer2 Info Extended Community received in a BGP update message against the local service MTU or locally signaled MTU.

The no form of this command disables the functionality. When this command is disabled, the router does not bring up a BGP-VPWS service if an MTU mismatch occurs.

Default

no ignore-l2vpn-mtu-mismatch

Platforms

All

ignore-l2vpn-mtu-mismatch

Syntax

ignore-l2vpn-mtu-mismatch

no ignore-l2vpn-mtu-mismatch

Context

[Tree] (config>service>vpls ignore-l2vpn-mtu-mismatch)

Full Context

configure service vpls ignore-l2vpn-mtu-mismatch

Description

This command enables the router to bring up a BGP-VPLS service regardless of any MTU mismatch. The router does not check the value of the Layer 2 MTU in the Layer2 Info Extended Community received in a BGP update message against the local service MTU or locally signaled MTU.

The no form of this command disables the functionality. When this command is disabled, the router does not bring up a BGP-VPLS service if an MTU mismatch occurs.

Default

no ignore-l2vpn-mtu-mismatch

Platforms

All

ignore-lsp-errors

ignore-lsp-errors

Syntax

[no] ignore-lsp-errors

Context

[Tree] (config>router>isis ignore-lsp-errors)

[Tree] (config>service>vprn>isis ignore-lsp-errors)

Full Context

configure router isis ignore-lsp-errors

configure service vprn isis ignore-lsp-errors

Description

This command specifies that for this VPRN instance, ISIS will ignore LSP packets with errors. When enabled, IS-IS LSP errors will be ignored and the associated record will not be purged.

This command enables ISIS to ignore the ATT bit and therefore suppress the installation of default routes.

The no form of this command specifies that ISIS will not ignore LSP errors.

Platforms

All

ignore-match

ignore-match

Syntax

ignore-match

Context

[Tree] (config>filter>ipv6-filter>entry>action ignore-match)

[Tree] (config>filter>mac-filter>entry>action ignore-match)

[Tree] (config>filter>ip-filter>entry>action ignore-match)

Full Context

configure filter ipv6-filter entry action ignore-match

configure filter mac-filter entry action ignore-match

configure filter ip-filter entry action ignore-match

Description

This command sets the filter entry action to ignore-match, as a result this filter entry is ignored and not programmed in hardware.

Platforms

All

ignore-mclt-on-takeover

ignore-mclt-on-takeover

Syntax

[no] ignore-mclt-on-takeover

Context

[Tree] (config>service>vprn>dhcp6>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp>server>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp6>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp6>server>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp>server>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp6>server>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp>server>pool>failover ignore-mclt-on-takeover)

Full Context

configure service vprn dhcp6 local-dhcp-server pool failover ignore-mclt-on-takeover

configure service vprn dhcp local-dhcp-server failover ignore-mclt-on-takeover

configure router dhcp6 server pool failover ignore-mclt-on-takeover

configure service vprn dhcp6 local-dhcp-server failover ignore-mclt-on-takeover

configure router dhcp server pool failover ignore-mclt-on-takeover

configure router dhcp local-dhcp-server failover ignore-mclt-on-takeover

configure router dhcp6 local-dhcp-server failover ignore-mclt-on-takeover

configure service vprn dhcp local-dhcp-server pool failover ignore-mclt-on-takeover

Description

With this flag enabled, the remote IP address or prefix can be taken over immediately upon entering the PARTNER-DOWN state of the intercommunication link, without having to wait for the Maximum Client Lead Time (MCLT) to expire. By setting this flag, the lease times of the existing DHCP clients, while the intercommunication link is in the PARTNER-DOWN state, will still be reduced to the MCLT over time and all new lease times are set to MCLT. This behavior remains the same as originally intended for MCLT.

Some deployments require that the remote IP address/prefix range starts delegating new IP addresses and prefixes upon the failure of the intercommunication link, without waiting for the intercommunication link to transition from the COMM-INT state into the PARTNER-DOWN state and the MCLT to expire while in PARTNER-DOWN state.

This can be achieved by enabling the ignore-mclt-on-takeover flag and by configuring the partner-down-delay to 0.

Enabling this functionality must be exercised with caution. One needs to keep in mind that the partner-down-delay and MCLT timers were originally introduced to prevent IP address duplication in cases where DHCP redundant nodes transition out-of-sync due to the failure of intercommunication link. These timers ( partner-down-delay and MCLT) would ensure that during their duration, the new IP addresses and prefixes are delegated only from one node, the one with local IP address-range/prefix. This causes the new IP address delegation to be delayed and the service is impacted.

If it can be assured that the intercommunication link is always available, then the DHCP nodes would stay in sync and the two timers would not be needed. Therefore, it is important that in this mode of operation, the intercommunication link is well protected by providing multiple paths between the two DHCP nodes. The only event that should cause intercommunication link to fail is the entire nodal failure. This failure is acceptable since in this case only one DHCP node is available to provide new IP addresses and prefixes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ignore-mtu-mismatch

ignore-mtu-mismatch

Syntax

[no] ignore-mtu-mismatch

Context

[Tree] (config>service>vpls>bgp-evpn ignore-mtu-mismatch)

Full Context

configure service vpls bgp-evpn ignore-mtu-mismatch

Description

This command enables the system to ignore the received Layer 2 MTU in the L2 attributes extended community of the IMET route for a peer.

The no form of this command configures the system to compare the local service MTU against the received Layer 2 MTU and if there is a mismatch, keep the EVPN destination to the peer with operational state down.

Default

no ignore-mtu-mismtach

Platforms

All

ignore-narrow-metric

ignore-narrow-metric

Syntax

[no] ignore-narrow-metric

Context

[Tree] (config>service>vprn>isis ignore-narrow-metric)

Full Context

configure service vprn isis ignore-narrow-metric

Description

This command specifies that IS-IS ignores links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS does not ignore these links.

Platforms

All

ignore-narrow-metric

Syntax

[no] ignore-narrow-metric

Context

[Tree] (config>router>isis ignore-narrow-metric)

Full Context

configure router isis ignore-narrow-metric

Description

This command specifies that IS-IS will ignore links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS will not ignore these links.

Platforms

All

ignore-nh-metric

ignore-nh-metric

Syntax

[no] ignore-nh-metric

Context

[Tree] (config>service>vprn>bgp>best-path-selection ignore-nh-metric)

[Tree] (config>router>bgp>best-path-selection ignore-nh-metric)

[Tree] (config>service>vprn ignore-nh-metric)

Full Context

configure service vprn bgp best-path-selection ignore-nh-metric

configure router bgp best-path-selection ignore-nh-metric

configure service vprn ignore-nh-metric

Description

This command instructs BGP to disregard the resolved distance to the BGP next-hop in its decision process for selecting the best route to a destination. When configured in the config>router>bgp>best-path-selection context, this command applies to the comparison of two BGP routes with the same NLRI learned from base router BGP peers. When configured in the config>service>vprn context, this command applies to the comparison of two BGP-VPN routes for the same IP prefix imported into the VPRN from the base router BGP instance. When configured in the config>service>vprn>bgp>best-path-selection context, this command applies to the comparison of two BGP routes for the same IP prefix learned from VPRN BGP peers.

The no form of this command (no ignore-nh-metric) restores the default behavior whereby BGP factors distance to the next-hop into its decision process.

Default

no ignore-nh-metric

Platforms

All

ignore-oper-down

ignore-oper-down

Syntax

[no] ignore-oper-down

Context

[Tree] (config>service>epipe>sap ignore-oper-down)

Full Context

configure service epipe sap ignore-oper-down

Description

This command enables the ability to ignore the operationally down status for service oper state calculation. An Epipe service does not transition to Oper State: Down when a SAP fails and when this optional command is configured under that specific SAP. Only a single SAP in an Epipe may have this optional command included. The command can be used in Epipes with or without EVPN enabled.

The no form of this command disables whether a service ignores the operationally down state of the SAP.

Default

no ignore-oper-down

Platforms

All

ignore-rapid-commit

ignore-rapid-commit

Syntax

[no] ignore-rapid-commit

Context

[Tree] (config>service>vprn>dhcp6>server ignore-rapid-commit)

[Tree] (config>router>dhcp6>server ignore-rapid-commit)

Full Context

configure service vprn dhcp6 local-dhcp-server ignore-rapid-commit

configure router dhcp6 local-dhcp-server ignore-rapid-commit

Description

This command enables the Rapid Commit Option for DHCP6.

The no form of this command disables the Rapid Commit Option.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ignore-received-srv6-tlvs

ignore-received-srv6-tlvs

Syntax

[no] ignore-received-srv6-tlvs

Context

[Tree] (config>router>bgp>srv6>family ignore-received-srv6-tlvs)

Full Context

configure router bgp segment-routing-v6 family ignore-received-srv6-tlvs

Description

This command specifies that SRv6 TLVs are ignored when present in received routes of the associated family. In this case the route resolution is only based on the BGP next hop.

The no form of this command specifies that the SRv6 TLV is processed when a route of the family is received with a prefix SID attribute carrying an SRv6 TLV. In this case, a route is resolved only if both its BGP next hop and the locator prefix are reachable. The datapath programming and IGP cost to reach the next hop (used by the BGP decision process) is based on the route to the locator prefix.

Default

ignore-received-srv6-tlvs

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ignore-router-id

ignore-router-id

Syntax

ignore-router-id include-internal family [ family]

[no] ignore-router-id

Context

[Tree] (config>service>vprn>bgp>best-path-selection ignore-router-id)

[Tree] (config>router>bgp>best-path-selection ignore-router-id)

Full Context

configure service vprn bgp best-path-selection ignore-router-id

configure router bgp best-path-selection ignore-router-id

Description

When the ignore-router-id command is present, and the current best path to a destination was learned from EBGP peer X with BGP identifier x and a new path is received from EBGP peer Y with BGP identifier y, the best path remains unchanged if the new path is equivalent to the current best path up to the BGP identifier comparison – even if y is less than x.

The no form of this command restores the default behavior of selecting the route with the lowest BGP identifier (y) as best.

Default

no ignore-router-id

Parameters

family

Specifies up to two internal families to be included in this configuration.

Values

mvpn-ipv4, mvpn-ipv6

include-internal

Specifies to ignore the router ID value even when comparing two IGBP paths or an EBGP and an IBGP path.

Platforms

All

ignore-standby-signaling

ignore-standby-signaling

Syntax

[no] ignore-standby-signaling

Context

[Tree] (config>service>vpls>spoke-sdp ignore-standby-signaling)

[Tree] (config>service>vpls>endpoint ignore-standby-signaling)

Full Context

configure service vpls spoke-sdp ignore-standby-signaling

configure service vpls endpoint ignore-standby-signaling

Description

When this command is enabled, the node ignores the standby-bit received from the TLDP peers for the specific spoke-SDP and performs internal tasks without taking it into account.

This command is present at the endpoint level and the spoke-SDP level. If the spoke-SDP is part of the explicit-endpoint, this setting cannot be changed at the spoke-SDP level. The existing spoke-SDP will become part of the explicit-endpoint only if the setting is not conflicting. The newly created spoke-SDP, which is a part of the specified explicit-endpoint, will inherit this setting from the endpoint configuration.

Default

no ignore-standby-signaling

Platforms

All

ignore-tos

ignore-tos

Syntax

[no] ignore-tos

Context

[Tree] (config>service>vprn>inside>nat64 ignore-tos)

Full Context

configure service vprn inside nat64 ignore-tos

Description

This command specifies if the IPv4 Type-of-Service (ToS) is ignored and the IPv6 traffic class bits set to zero.

If this command is disabled, the system copies the IPv4 ToS into the IPv6 traffic class.

Default

disabled

ignore-tos

Syntax

[no] ignore-tos

Context

[Tree] (config>router>nat>inside>nat64 ignore-tos)

[Tree] (config>service>vprn>nat>inside>nat64 ignore-tos)

Full Context

configure router nat inside nat64 ignore-tos

configure service vprn nat inside nat64 ignore-tos

Description

This command specifies whether the IPv4 ToS is ignored and the IPv6 traffic class bits set to zero.

When disabled, the system copies the IPv4 ToS into the IPv6 traffic class.

The no form of the command recognizes the IPv4 ToS.

Default

disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

igp-instance

igp-instance

Syntax

igp-instance igp-instance

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf igp-instance)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf3 igp-instance)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-isis igp-instance)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf igp-instance

configure oam-pm session ip tunnel mpls sr-ospf3 igp-instance

configure oam-pm session ip tunnel mpls sr-isis igp-instance

Description

This command configures the IGP instance to tunnel IP packets for the session test.

Default

igp-instance 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst

0 to 127

ospf-inst

0 to 31

ospf3-inst

0 to 31,64 to 95

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

igp-instance-id

igp-instance-id

Syntax

igp-instance-id igp-instance

Context

[Tree] (config>anysec>tnl-enc>enc-grp>peer-tnl-attrs igp-instance-id)

Full Context

configure anysec tunnel-encryption encryption-group peer-tunnel-attributes igp-instance-id

Description

This command configures the IGP instance ID. This ID must be a match for the outgoing tunnel. This IGP instance ID should match the IGP instance the LSP is being signaled on in order for ANYsec to encrypt the LSP.

Default

igp-instance-id 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst

0 to 127

ospf-inst

0 to 31

ospf3-inst

64 to 95

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

igp-instance-id

Syntax

igp-instance-id igp-instance

Context

[Tree] (config>anysec>tnl-enc>sec-term-pol igp-instance-id)

Full Context

configure anysec tunnel-encryption security-termination-policy igp-instance-id

Description

This command configures the IGP instance ID. This IGP instance ID must match the IGP instance that the incoming encrypted LSP was signaled on.

Default

igp-instance-id 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst

0 to 127

ospf-inst

0 to 31

ospf3-inst

64 to 95

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

igp-shortcut

igp-shortcut

Syntax

igp-shortcut [lfa-protect | lfa-only] [allow-sr-over-srte]

igp-shortcut relative-metric [offset] [allow-sr-over-srte]

no igp-shortcut

Context

[Tree] (config>router>mpls>lsp-template igp-shortcut)

[Tree] (config>router>mpls>lsp igp-shortcut)

Full Context

configure router mpls lsp-template igp-shortcut

configure router mpls lsp igp-shortcut

Description

This command enables the use of a specific RSVP LSP by IS-IS and OSPF routing protocols as a shortcut or as a forwarding adjacency for resolving IGP routes.

When the igp-shortcut or the advertise-tunnel-link option is enabled at the IGP instance level, all RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router-id of a remote node.

The lfa-protect option allows an LSP to be included in both the main SPF and the Loop-Free Alternate (LFA) SPF. For a given prefix, the LSP can be used either as a primary next-hop or as an LFA next-hop, but not both. If the main SPF computation selected a tunneled primary next-hop for a prefix, the LFA SPF will not select an LFA next-hop for this prefix and the protection of this prefix will rely on the RSVP LSP FRR protection. If the main SPF computation selected a direct primary next-hop, then the LFA SPF will select an LFA next-hop for this prefix but will prefer a direct LFA next-hop over a tunneled LFA next-hop.

The lfa-only option allows an LSP to be included in the LFA SPF only such that the introduction of IGP shortcuts does not impact the main SPF decision. For a given prefix, the main SPF always selects a direct primary next-hop. The LFA SPF selects an LFA next-hop for this prefix but will prefer a direct LFA next-hop over a tunneled LFA next-hop.

When the relative-metric option is enabled, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset (instead of the LSP operational metric) when computing the cost of a prefix which is resolved to the LSP. The offset value is optional and it defaults to zero. The minimum net cost for a prefix is one (1) after applying the offset. The TTM continues the show the LSP operational metric as provided by MPLS. In other words, applications such as LDP-over-RSVP (when IGP shortcut is disabled) and BGP and static route shortcuts will continue to use the LSP operational metric.

The relative-metric option is mutually exclusive with the lfa-protect or the lfa-only options. In other words, an LSP with the relative-metric option enabled cannot be included in the LFA SPF, and vice-versa, when the igp-shortcut option is enabled in the IGP.

Finally, the relative-metric option is ignored when forwarding adjacency is enabled in IS-IS or OSPF. In this case, IGP advertises the LSP as a point-to-point unnumbered link along with the LSP operational metric as returned by MPLS and capped to maximum link metric allowed in that IGP. Both the main SPF and the LFA SPFs will use the local IGP database to resolve the routes.

When the router performs local SPF, the SR-TE LSP is used as an eligible IGP shortcut for SRv4 or SRv6 only if the LSP is explicitly allowed using the allow-sr-over-srte option when the top SID in the SR-TE LSP is an adjacency SID.

The no form of this command disables the use of a specific RSVP LSP by IS-IS and OSPF routing protocols as a shortcut or a forwarding adjacency for resolving IGP routes.

Default

igp-shortcut. All RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP corresponds to a router-id of a remote node.

Parameters

lfa-protect

Specifies an LSP is included in both the main SPF and the LFA SPF.

lfa-only

Specifies an LSP is included in the LFA SPF only.

relative-metric [offset]

Specifies the shortest IGP cost between the endpoints of the LSP plus the configured offset, instead of the LSP operational metric returned by MPLS, is used when calculating the cost of prefix resolved to this LSP. The offset parameter is an integer and is optional. An offset value of zero is used when the relative-metric option is enabled without specifying the offset parameter value.

Values

[-10, +10]

allow-sr-over-srte

Specifies that the LSP or LSP template is eligible as an IGP shortcut.

Platforms

All

igp-shortcut

Syntax

igp-shortcut

Context

[Tree] (config>router>isis igp-shortcut)

Full Context

configure router isis igp-shortcut

Description

This command enables the use of an RSVP-TE or SR-TE shortcut for resolving IGP routes by OSPF or IS-IS routing protocols.

This command instructs IGP to include RSVP LSPs and SR-TE LSPs originating on this node and terminating on the router ID of a remote node as direct links with a metric equal to the metric provided by MPLS.

During the IP reach calculation to determine the reachability of nodes and prefixes, LSPs are overlaid and the LSP metric is used to determine the subset of paths that are equal lowest cost to reach a node or a prefix. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix that is resolved to the LSP.

When a prefix is resolved to a tunnel next-hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP-TE or SR-TE LSP, as well as the explicit-null IPv6 label at the bottom of the stack in the case of an IPv6 prefix. Any network event causing one or more IGP shortcuts to go down will trigger a full SPF computation, which may result in installing a new route over an updated set of tunnel next-hops and IP next-hops.

When igp-shortcut is enabled at the IGP instance level, all RSVP-TE and SR-TE LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router ID of a remote node. LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IGP. The user can, however, exclude a specific RSVP-TE or SR-TE LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in IGP only uses RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If two or more options are enabled in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

The SPF in IGP uses SR-TE LSPs as IGP shortcuts only.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of tunnel and IP next-hops to program in the data path.

  • Where a destination is a tunnel-endpoint (including external prefixes with tunnel-endpoint as the next-hop), the tunnel with lowest tunnel-index is selected (the IP next-hop is never used in this case).

  • Where a destination is not a tunnel-endpoint:

    • LSPs with metric higher than underlying IGP cost between the endpoint of the LSP are excluded

    • Tunnel next-hops are preferred over IP next-hops

    • Within tunnel next-hops, the following priority applies to selection:

      1. The lowest endpoint-to-destination cost is selected

      2. If the endpoint-to-destination costs are the same, the lowest endpoint node router ID is selected

      3. If the router IDs are the same, the lowest tunnel index is selected

    • Within IP next-hops, the following priority applies to selection:

      1. The lowest downstream router ID is selected

      2. If the downstream router IDs are the same, the lowest interface-index is selected

Note:

Although ECMP is not performed across both the IP and tunnel next-hops, the tunnel endpoint may lie in one of the shortest IGP paths for that prefix. In that case, the tunnel next-hop is always selected as long as the prefix cost using the tunnel is equal to or lower than the IGP cost.

When both RSVP-TE and SR-TE IGP shortcuts are available, the IP reach calculation, in the unicast routing table, will first follow the above ECMP tunnel and IP next-hop selection rules when resolving a prefix over IGP shortcuts. After the set of ECMP tunnel and IP next-hops have been selected, the preference of tunnel type is then applied based on the user setting for prefix family resolution. If the user enabled resolution of the prefix family to both RSVP-TE and SR-TE tunnel types, the TTM tunnel preference value is used to select one type for the prefix. In other words, an RSVP-TE LSP type is preferred to an SR-TE LSP type on a per-prefix basis.

The ingress IOM sprays the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next-hop when both the igp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still use the tunnel next-hop for the same prefix. The SPF keeps track of both the direct first hop and the tunneled first hop of a node, which is added to the Dijkstra tree.

Platforms

All

igp-shortcut

Syntax

igp-shortcut

Context

[Tree] (config>router>ospf3 igp-shortcut)

[Tree] (config>router>ospf igp-shortcut)

Full Context

configure router ospf3 igp-shortcut

configure router ospf igp-shortcut

Description

This command enables the use of an RSVP-TE or SR-TE shortcut for resolving IGP routes by OSPF or IS-IS routing protocols.

This command instructs IGP to include RSVP LSPs and SR-TE LSPs originating on this node and terminating on the router ID of a remote node as direct links with a metric equal to the metric provided by MPLS.

During the IP reach calculation to determine the reachability of nodes and prefixes, LSPs are overlaid and the LSP metric is used to determine the subset of paths that are equal lowest cost to reach a node or a prefix. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix that is resolved to the LSP.

When a prefix is resolved to a tunnel next hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP-TE or SR-TE LSP, as well as the explicit-null IPv6 label at the bottom of the stack in the case of an IPv6 prefix. Any network event causing one or more IGP shortcuts to go down will trigger a full SPF computation, which may result in installing a new route over an updated set of tunnel next-hops and IP next-hops.

When igp-shortcut is enabled at the IGP instance level, all RSVP-TE and SR-TE LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router ID of a remote node. LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IGP. The user can, however, exclude a specific RSVP-TE or SR-TE LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in IGP only uses RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If two or more options are enabled in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

The SPF in IGP uses SR-TE LSPs as IGP shortcuts only.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of tunnel and IP next-hops to program in the data path.

  • Where a destination is a tunnel-endpoint (including external prefixes with tunnel-endpoint as the next hop), the tunnel with lowest tunnel-index is selected (the IP next hop is never used in this case).

  • Where a destination is not a tunnel-endpoint:

    • LSPs with metric higher than underlying IGP cost between the endpoint of the LSP are excluded

    • Tunnel next-hops are preferred over IP next-hops

    • Within tunnel next-hops:

      1. The lowest endpoint-to-destination cost is selected

      2. If the endpoint-to-destination costs are the same, the lowest endpoint node router ID is selected

      3. If the router IDs are the same, the lowest tunnel index is selected

    • Within IP next-hops:

      1. The lowest downstream router ID is selected

      2. If the downstream router IDs are the same, the lowest interface-index is selected

Note:

Although ECMP is not performed across both the IP and tunnel next-hops, the tunnel endpoint may lie in one of the shortest IGP paths for that prefix. In that case, the tunnel next hop is always selected as long as the prefix cost using the tunnel is equal or lower than the IGP cost.

When both RSVP-TE and SR-TE IGP shortcuts are available, the IP reach calculation, in the unicast routing table, will first follow the above ECMP tunnel and IP next hop selection rules when resolving a prefix over IGP shortcuts. After the set of ECMP tunnel and IP next-hops have been selected, the preference of tunnel type is then applied based on the user setting of the resolution of the family of the prefix. If the user enabled resolution of the prefix family to both RSVP-TE and SR-TE tunnel types, the TTM tunnel preference value is used to select one type for the prefix. In other words, the RSVP-TE LSP type is preferred to an SR-TE LSP type on a per-prefix basis.

The ingress IOM sprays the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next hop when both the igp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still make use of the tunnel next hop for the same prefix. This change is made possible with the enhancement by which SPF keeps track of both the direct first hop and the tunneled first hop of a node which is added to the Dijkstra tree.

Platforms

All

iid-tlv-enable

iid-tlv-enable

Syntax

[no] iid-tlv-enable

Context

[Tree] (config>service>vprn>isis iid-tlv-enable)

Full Context

configure service vprn isis iid-tlv-enable

Description

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

Default

no iid-tlv-enable

Platforms

All

iid-tlv-enable

Syntax

[no] iid-tlv-enable

Context

[Tree] (config>router>isis iid-tlv-enable)

Full Context

configure router isis iid-tlv-enable

Description

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allows the formation of instance-specific adjacencies that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV that identifies the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

The no form of this command disables IS-IS MI.

Platforms

All

ike-auth-algorithm

ike-auth-algorithm

Syntax

ike-auth-algorithm {md5 | sha1 | sha256 | sha384 | sha512 | aes-xcbc | auth-encryption}

Context

[Tree] (config>ipsec>ike-transform ike-auth-algorithm)

Full Context

configure ipsec ike-transform ike-auth-algorithm

Description

This command specifies the IKE authentication algorithm for the IKE transform

Default

ike-auth-algorithm sha1

Parameters

auth-algorithm

Specifies the values used to identify the hashing algorithm

Values

md5 — Configures the use of the hmac-md5 algorithm for authentication

sha1 — Configures the use of the hmac-sha1 algorithm for authentication

sha256 — Configures the use of the hmac-sha256 algorithm for authentication.

sha384 — Configures the use of the hmac-sha384 algorithm for authentication

sha512 — Configures the use of the hmac-sha512 algorithm for authentication.

aes-xcbc — Configures the use of aes-xcbc (RFC 3566, The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec) algorithm for authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-encryption-algorithm

ike-encryption-algorithm

Syntax

ike-encryption-algorithm {des | 3des | aes128 | aes192 | aes256 | aes128-gcm8 | aes128-gcm16 | aes256-gcm8 | aes256-gcm16}

Context

[Tree] (config>ipsec>ike-transform ike-encryption-algorithm)

Full Context

configure ipsec ike-transform ike-encryption-algorithm

Description

This command specifies the IKE encryption algorithm to be used in the IKE transform instance.

Default

ike-encryption-algorithm aes128

Parameters

encryption-algorithm

Specifies the IKE encryption algorithm.

Values

des — Configures the 56-bit des algorithm for encryption. This is an older algorithm with relatively weak security. While better than nothing, it should only be used where a strong algorithm is not available on both ends at an acceptable performance level.

3des — Configures the 3-des algorithm for encryption. This is a modified application of the des algorithm which uses multiple des operations to make information more secure.

aes128 — Configures the aes algorithm with a block size of 128 bits. This is a mandatory implementation size for aes. This is a very strong algorithm choice.

aes192 — Configures the aes algorithm with a block size of 192 bits. This is a stronger version of aes.

aes256 — Configures the aes algorithm with a block size of 256 bits. This is the strongest available version of aes.

aes128-gcm8 - Configures ESP to use aes-gcm with a 128-bit key size and an 8-byte ICV for encryption and authentication.

aes128-gcm16 - Configures ESP to use aes-gcm with a 128-bit key size and a 16-byte ICV for encryption and authentication.

aes256-gcm8 - Configures ESP to use aes-gcm with a 256-bit key size and an 8-byte ICV for encryption and authentication.

aes256-gcm16 - This parameter configures ESP to use aes-gcm with a 256-bit key size and a 16-byte ICV for encryption and authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-mode

ike-mode

Syntax

ike-mode {main | aggressive}

no ike-mode

Context

[Tree] (config>ipsec>ike-policy ike-mode)

Full Context

configure ipsec ike-policy ike-mode

Description

This command specifies one of either two modes of operation. IKE version 1 can support main mode and aggressive mode. The difference lies in the number of messages used to establish the session.

The no form of this command reverts to the default.

Default

no ike-mode

Parameters

main

Specifies identity protection for the hosts initiating the IPsec session. This mode takes slightly longer to complete.

aggressive

Specifies that the aggressive mode provides no identity protection but is faster.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-policy

ike-policy

Syntax

ike-policy ike-policy-id [create]

no ike-policy ike-policy-id

Context

[Tree] (config>ipsec ike-policy)

Full Context

configure ipsec ike-policy

Description

Commands in this context configure an IKE policy.

The no form of this command

Parameters

ike-policy-id

Specifies a policy ID value to identify the IKE policy.

Values

1 to 2048

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-policy

Syntax

ike-policy ike-policy-id

no ike-policy

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw ike-policy)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>ipsec>trans-mode-prof>dyn ike-policy)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>service>ies>if>sap>ipsec-gw ike-policy)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn ike-policy)

Full Context

configure service vprn interface sap ipsec-gw ike-policy

configure service vprn interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure ipsec ipsec-transport-mode-profile dynamic-keying ike-policy

configure router interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure service ies interface sap ipsec-gw ike-policy

configure service ies interface ipsec ipsec-tunnel dynamic-keying ike-policy

Description

This command specifies the ID of the IKE policy used for IKE negotiation.

The no form of this command removes the IKE policy ID from the configuration.

Parameters

ike-policy-id

Specifies the IKE policy ID.

Values

1 to 2048

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies interface sap ipsec-gw ike-policy
  • configure ipsec ipsec-transport-mode-profile dynamic-keying ike-policy
  • configure service vprn interface sap ipsec-gw ike-policy

VSR

  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying ike-policy
  • configure router interface ipsec ipsec-tunnel dynamic-keying ike-policy
  • configure service ies interface ipsec ipsec-tunnel dynamic-keying ike-policy

ike-prf-algorithm

ike-prf-algorithm

Syntax

ike-prf-algorithm {md5 | sha1 | sha256 | sha384 | sha512 | aes-xcbc | same-as-auth}

Context

[Tree] (config>ipsec>ike-transform ike-prf-algorithm)

Full Context

configure ipsec ike-transform ike-prf-algorithm

Description

This command specifies the PRF algorithm to use for IKE security association.

Note:

If an authenticated encryption algorithm like AES-GCM is used for IKE encryption algorithm, same-as-auth cannot be used for ike-prf-algorithm.

Default

ike-prf-algorithm same-as-auth

Parameters

md5

This parameter configures IKE to use the hmac-md5 algorithm for PRF.

sha1

This parameter configures IKE to use the hmac-sha1 algorithm for PRF.

sha256

This parameter configures IKE to use the hmac-sha256 algorithm for PRF.

sha384

This parameter configures IKE to use the hmac-sha384 algorithm for PRF.

sha512

This parameter configures IKE to use the hmac-sha512 algorithm for PRF.

aes-xcbc

This parameter configures IKE to use the aes128-xcbc algorithm for PRF.

same-as-auth

This parameter configures the same algorithm as IKE authentication algorithm.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-transform

ike-transform

Syntax

ike-transform ike-transform-id [ike-transform-id ...(up to 4 max)]

no ike-transform

Context

[Tree] (config>ipsec>ike-policy ike-transform)

Full Context

configure ipsec ike-policy ike-transform

Description

This command specifies the IKE transform to be used in the IKE policy. Up to four IKE transforms can be specified. If multiple IDs are specified, the system selects an IKE transform based on the peer's proposal. If the system is a tunnel initiator, it uses the configured IKE transform to generate the SA payload.

Default

no ike-transform

Parameters

ike-transform-id

Specifies up to four existing IKE transform instances to be associated with this IKE policy.

Values

1 to 4096

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-transform

Syntax

ike-transform ike-transform-id [create]

no ike-transform ike-transform-id

Context

[Tree] (config>ipsec ike-transform)

Full Context

configure ipsec ike-transform

Description

This commands creates a new or enters an existing IKE transform instance. The IKE transform include following configuration for IKE SA:

  • DH Group

  • IKE authentication algorithm

  • IKE encryption algorithm

  • IKE SA lifetime

The ike-transform-id is referenced in the ike-policy configuration.

Parameters

ike-transform

Specifies a number used to uniquely identify an IKE transform instance.

Values

1 to 4096

create

Keyword used to create the ike-transform instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ike-version

ike-version

Syntax

ike-version {1 | 2}

Context

[Tree] (config>ipsec>ike-policy ike-version)

Full Context

configure ipsec ike-policy ike-version

Description

This command sets the IKE version (1 or 2) that the ike-policy will use.

Default

ike-version 1

Parameters

1 | 2

Specifies the version of IKE protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ikev1-ph1-responder-delete-notify

ikev1-ph1-responder-delete-notify

Syntax

[no] ikev1-ph1-responder-delete-notify

Context

[Tree] (config>ipsec>ike-policy ikev1-ph1-responder-delete-notify)

Full Context

configure ipsec ike-policy ikev1-ph1-responder-delete-notify

Description

This command specifies the system, when deleting an IKEv1 phase 1 SA for which it was the responder, to send a delete notification to the peer. This command only applies when the configured ike-version 1. This command is ignored with IKE version 2.

The no form of this command reverts to the default.

Default

ikev1-ph1-responder-delete-notify

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ikev2-fragment

ikev2-fragment

Syntax

ikev2-fragment mtu octets reassembly-timeout seconds

no ikev2-fragment

Context

[Tree] (config>ipsec>ike-policy ikev2-fragment)

Full Context

configure ipsec ike-policy ikev2-fragment

Description

This command enables IKEv2 protocol level fragmentation (RFC 7383). The specified MTU is the maximum size of IKEv2 packet.

Default

no ikev2-fragment

Parameters

octets

Specifies the MTU for IKEv2 messages.

Values

512 to 9000

seconds

Specifies the timeout for reassembly.

Values

1 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

imei

imei

Syntax

[no] imei

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute imei)

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute imei)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute imei

configure subscriber-mgmt authentication-policy include-radius-attribute imei

Description

This command enables the inclusion of the IMEI in AA protocols as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the attribute.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

imei

Syntax

[no] imei

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp imei)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp imei

Description

This command enables the inclusion of the IMEI AVP, as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the AVP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

implicit-generation

implicit-generation

Syntax

[no] implicit-generation

Context

[Tree] (config>subscr-mgmt>auto-sub-id-key implicit-generation)

Full Context

configure subscriber-mgmt auto-sub-id-key implicit-generation

Description

By default, the system automatically generates a subscriber identifier, using the characters A to Z and 0 to 9, that is used when a subscriber ID is not provided during the authentication of a subscriber host or session and when no explicit default def-sub-id is configured at the SAP or in the MSAP policy.

A subscriber ID obtained from authentication sources can conflict with the format of an implicit, automatically generated subscriber ID. When this happens, the subscriber host or session setup fails and generates the following message: "Non auto-generated sub-id 4574233754 with an auto sub-id format not allowed”. Therefore, when implicit subscriber ID generation is enabled (the default behavior), a 10-character string containing characters A to Z and 0 to 9 should not be returned from authentication sources.

The no form of this command disables the implicit automatic generation of subscriber IDs. When a subscriber ID is not provided in authentication and no explicit def-sub-id is configured, then the host or session setup fails and generates the following message: "Missing subscriber id”. A 10-character (A to Z and 0 to 9) subscriber ID format can be returned from authentication sources without the risk of conflicts.

Disabling the implicit automatic generation of subscriber IDs fail when there are active subscribers with an implicit automatically generated subscriber ID.

Enabling the implicit automatic generation of subscriber IDs fails when there are active subscribers.

Default

implicit-generation

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

implicit-null-label

implicit-null-label

Syntax

[no] implicit-null-label

Context

[Tree] (config>router>ldp implicit-null-label)

Full Context

configure router ldp implicit-null-label

Description

This command enables the use of the implicit null label. Use this command to signal the implicit null option for all LDP FECs for which this node is the egress LER.

The no form of this command disables the signaling of the implicit null label.

Default

no implicit-null-label

Platforms

All

implicit-null-label

Syntax

[no] implicit-null-label

Context

[Tree] (config>router>rsvp implicit-null-label)

Full Context

configure router rsvp implicit-null-label

Description

This command enables the use of the implicit null label.

Signaling the IMPLICIT NULL label value for all RSVP LSPs can be enabled for which this node is the egress LER. RSVP must be shut down before being able to change this configuration option.

The egress LER does not signal the implicit null label value on P2MP RSVP LSPs. However, the Penultimate Hop Popping (PHP) node can honor a Resv message with the label value set to the implicit null.

The no form of this command disables the signaling of the implicit null label.

Default

no implicit-null-label

Platforms

All

implicit-null-label

Syntax

implicit-null-label [enable | disable]

no implicit-null-label

Context

[Tree] (config>router>rsvp>interface implicit-null-label)

Full Context

configure router rsvp interface implicit-null-label

Description

This command enables the use of the implicit null label over a specific RSVP interface.

All LSPs for which this node is the egress LER and for which the path message is received from the previous hop node over this RSVP interface will signal the implicit null label. This means that if the egress LER is also the merge-point (MP) node, then the incoming interface for the path refresh message over the bypass dictates if the packet will use the implicit null label or not. The same for a 1-to-1 detour LSP.

The user must shut down the RSVP interface before being able to change the implicit null configuration option.

The no form of this command returns the RSVP interface to use the RSVP level configuration value.

Default

no implicit-null-label

Parameters

enable

Enables the implicit null label.

disable

Disables the implicit null label.

Platforms

All

import

import

Syntax

import policy-name

no import

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>mld-parameters import)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>mld-parameters import)

Full Context

configure subscriber-mgmt local-user-db ppp host mld-parameters import

configure subscriber-mgmt local-user-db ipoe host mld-parameters import

Description

This command configures an MLD import policy.

The LUDB allows a list of up to 14 MLD import policies per host. The MLD policy also allows the configuration of an additional import policy, providing a total of 15 MLD import policies per host. The import policy inside the MLD policy is always applied last, which determines if the list is a black list or a white list. To configure an MLD white list, the import policies in the LUDB should all be allowed or forward entries and the import policy in the MLD policy should have a default action to deny all. To configure a black list, the import policies inside the LUDB should drop entries and the MLD policy import policy default action should be to forward all. The 15 import policies can be configured to be a mixed white and black list. Since it is difficult to control the order of the import policies within the LUDB, it is recommended to provision the import policy inside the MLD policy first for deterministic behavior.

The no form of this command removes the specified import policy.

Parameters

policy-name

Specifies the MLD import policy, up to 32 characters, used to control the multicast group accessible for the subscriber host.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>vpls>spoke-sdp>mld-snooping import)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping import)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping import)

[Tree] (config>service>vpls>sap>igmp-snooping import)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping import)

[Tree] (config>service>vpls>sap>mld-snooping import)

Full Context

configure service vpls spoke-sdp mld-snooping import

configure service vpls mesh-sdp mld-snooping import

configure service vpls spoke-sdp igmp-snooping import

configure service vpls sap igmp-snooping import

configure service vpls mesh-sdp igmp-snooping import

configure service vpls sap mld-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Default

no import

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

All

import

Syntax

import policy [policy]

no import

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy import)

Full Context

configure subscriber-mgmt bgp-peering-policy import

Description

This command specifies the import policies to be used to control routes advertised to BGP neighbors. Route policies are configured in the config>router>policy-options context. When multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The no form of this command removes all route policy names from the import list.

Default

no import — BGP accepts all routes from configured BGP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

Parameters

policy

Specifies route policy statement name, up to 32 characters. Up to five policies can be specified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>subscr-mgmt>igmp-policy import)

Full Context

configure subscriber-mgmt igmp-policy import

Description

This command specifies the import policy to filter IGMP packets.

The no form of this command reverts to the default value.

Parameters

policy-name

Specifies the policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>subscr-mgmt>msap-policy>igmp-host-tracking import)

Full Context

configure subscriber-mgmt msap-policy igmp-host-tracking import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Parameters

policy-name

Specifies the routing policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp import)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>subscr-mgmt>mld-policy import)

Full Context

configure subscriber-mgmt mld-policy import

Description

This command specifies the import routing policy to be used. Only a single policy can be imported at a time.

The no form of this command removes the policy association.

Parameters

policy-name

Specifies the import policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>igmp-snooping import)

Full Context

configure service vprn subscriber-interface group-interface sap igmp-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>vpls>sap>igmp-host-tracking import)

Full Context

configure service vpls sap igmp-host-tracking import

Description

This command associates an import policy to filter IGMP packets.

The no form of this command removes the values from the configuration.

Default

no import

Parameters

policy-name

Specifies the import policy name

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>igmp-host-tracking import)

Full Context

configure service ies subscriber-interface group-interface sap igmp-host-tracking import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP.

Default

no import — No import policy is specified.

Parameters

policy-name

Specifies the import policy name. Values can be string up to 32 characters long of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. These policies are configured in the config>router> policy-options context. The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

import

Syntax

import plcy-or-long-expr [plcy-or-expr]

no import

Context

[Tree] (config>service>vprn>bgp>group>neighbor import)

[Tree] (config>service>vprn>bgp>group import)

[Tree] (config>service>vprn>bgp import)

Full Context

configure service vprn bgp group neighbor import

configure service vprn bgp group import

configure service vprn bgp import

Description

This command is used to specify route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default

no import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

Platforms

All

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>vprn>igmp>grp-if import)

[Tree] (config>service>vprn>igmp>if import)

Full Context

configure service vprn igmp group-interface import

configure service vprn igmp interface import

Description

This command imports a policy to filter IGMP packets.

The no form of this command removes the policy association from the IGMP instance.

Default

no import — No import policy specified.

Parameters

policy-name

Specifies the import route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn igmp group-interface import

All

  • configure service vprn igmp interface import

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>vprn>sap>igmp-trk import)

Full Context

configure service vprn sap igmp-trk import

Description

This command associates an import policy to filter IGMP packets.

The no form of this command removes the values from the configuration.

Default

no import

Parameters

policy-name

Specifies the import policy name.

import

Syntax

import policy-name [policy-name ... (up to 5 max)]

no import

Context

[Tree] (config>service>vprn>isis import)

Full Context

configure service vprn isis import

Description

This command applies one or more (up to five) route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Identifies the export route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. The specified name(s) must already be defined.

Platforms

All

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>vprn>mld>if import)

Full Context

configure service vprn mld interface import

Description

This command specifies the import route policy to be used for determining which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default

no import

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

import

Syntax

import policy-name [policy-name ...(up to 5 max)]

no import

Context

[Tree] (config>service>vprn>msdp import)

[Tree] (config>service>vprn>msdp>group import)

[Tree] (config>service>vprn>msdp>peer import)

[Tree] (config>service>vprn>msdp>group>peer import)

Full Context

configure service vprn msdp import

configure service vprn msdp group import

configure service vprn msdp peer import

configure service vprn msdp group peer import

Description

This command specifies the policies to import source active state from Multicast Source Discovery Protocol (MSDP) into source active list.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

If you configure an import policy at the global level, each individual peer inherits the global policy.

If you configure an import policy at the group level, each individual peer in a group inherits the group’s policy.

If you configure an import policy at the peer level, then policy only applies to the peer where it is configured.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies the import policy name. Up to five policy-name arguments can be specified.

Platforms

All

import

Syntax

import {unicast | ext-community}

Context

[Tree] (config>service>vprn>mvpn>vrf-target import)

Full Context

configure service vprn mvpn vrf-target import

Description

This command specifies communities to be accepted from peers.

Parameters

unicast

Specifies to use unicast vrf-target ext-community for the multicast VPN.

ext-comm

An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.

Values

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

Platforms

All

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>service>vprn>ospf3>area import)

[Tree] (config>service>vprn>ospf>area import)

Full Context

configure service vprn ospf3 area import

configure service vprn ospf area import

Description

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no import

Parameters

policy-name

Specifies the export route policy name. A maximum of five policy names can be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified policy names must be predefined and already exist in the system.

Platforms

All

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>service>vprn>ospf import)

[Tree] (config>service>vprn>ospf3 import)

Full Context

configure service vprn ospf import

configure service vprn ospf3 import

Description

This command applies one or more (up to five) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. This command only applies to the 7750 SR.

Default

If an OSPF route has the lowest preference value among all routes to a destination it is installed in the routing table.

Parameters

policy-name

Specifies the import route policy name. A maximum of five policy names can be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

The specified policy name(s) must be predefined and already exist in the system.

Platforms

All

import

Syntax

import {join-policy | register-policy} policy-name [policy-name ...( up to 5 max)]

no import {join-policy | register-policy}

Context

[Tree] (config>service>vprn>pim import)

Full Context

configure service vprn pim import

Description

This command specifies the import route policy to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association from the IGMP instance.

Default

no import join-policy

no import register-policy

Parameters

join-policy

Use this command to filter PIM join messages which prevents unwanted multicast streams from traversing the network.

register-policy

This keyword filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

import

Syntax

import policy-name [policy-name ...(up to 5 max)]

no import

Context

[Tree] (config>service>vprn>ripng import)

[Tree] (config>service>vprn>rip>group import)

[Tree] (config>service>vprn>rip>group>neighbor import)

[Tree] (config>service>vprn>ripng>group>neighbor import)

[Tree] (config>service>vprn>rip import)

[Tree] (config>service>vprn>ripng>group import)

Full Context

configure service vprn ripng import

configure service vprn rip group import

configure service vprn rip group neighbor import

configure service vprn ripng group neighbor import

configure service vprn rip import

configure service vprn ripng group import

Description

This command configures import route policies to determine routes that will be accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

The import route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. The specified names must already be defined.

Platforms

All

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>router>ldp import)

Full Context

configure router ldp import

Description

This command configures import route policies to determine which label bindings (FECs) are accepted from LDP neighbors. Policies are configured in the config>router>policy-options context.

If no import policy is specified, LDP accepts all label bindings from configured LDP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names, up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified name(s) must already be defined.

Platforms

All

import

Syntax

import policy-name

no import

Context

[Tree] (config>router>igmp>if import)

[Tree] (config>router>igmp>group-interface import)

Full Context

configure router igmp interface import

configure router igmp group-interface import

Description

This command applies the referenced IGMP policy (filter) to an interface subscriber or a group-interface. An IGMP filter is also known as a black/white list and it is defined under the config>router>policy-options.

When redirection is applied, only the import policy from the subscriber will be in effect. The import policy under the group interface is applicable only for IGMP states received directly on the SAP (AN in IGMP proxy mode).

The no form of the command removes the policy association from the IGMP instance.

Default

no import

Parameters

policy-name

The route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

  • configure router igmp interface import

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router igmp group-interface import

import

Syntax

import policy-name

no import

Context

[Tree] (config>router>mld>group-interface import)

[Tree] (config>router>mld>if import)

Full Context

configure router mld group-interface import

configure router mld interface import

Description

This command specifies the import route policy to determine which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default

no import

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router mld group-interface import

All

  • configure router mld interface import

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>router>msdp>group>peer import)

[Tree] (config>router>msdp import)

[Tree] (config>router>msdp>peer import)

[Tree] (config>router>msdp>group import)

Full Context

configure router msdp group peer import

configure router msdp import

configure router msdp peer import

configure router msdp group import

Description

This command specifies the policies to import source active state from Multicast Source Discovery Protocol (MSDP) into source active list.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

If an import policy is configured at the global level, each individual peer inherits the global policy.

If an import policy is configured at the group level, each individual peer in a group inherits the group’s policy.

If an import policy is configured at the peer level, then policy only applies to the peer where it is configured.

The no form of the command applies no import policies and all source active messages are allowed.

Default

no import

Parameters

policy-name

Specifies the import policy name, up to 32 characters. Up to five policy-name arguments can be specified.

Platforms

All

import

Syntax

import {join-policy | register-policy} [ policy-name [policy-name]]

no import {join-policy | register-policy}

Context

[Tree] (config>router>pim import)

Full Context

configure router pim import

Description

This command specifies the import route policy to be used. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, BGP routes are accepted by default. Up to five import policy names can be specified.

The no form of this command removes the policy association from the instance.

Default

no import

Parameters

join-policy

Filters PIM join messages which prevents unwanted multicast streams from traversing the network.

register-policy

Filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

Specifies the route policy name, up to 32 characters. Route policies are configured in the config>router>policy-options context.

Platforms

All

import

Syntax

import policy-name

no import

Context

[Tree] (config>service>pw-template>igmp-snooping import)

Full Context

configure service pw-template igmp-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets. Only a single policy can be imported at a time.

The no form of the command removes the policy association.

Default

no import

Parameters

policy-name

Specifies the import policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

All

import

Syntax

import type {cert | key | crl} input url-string output filename format input-format [password [32 chars max]]

Context

[Tree] (admin>certificate import)

Full Context

admin certificate import

Description

This command converts an input file (key/certificate/CRL) to a system format file. The following list summarizes the formats supported by this command:

  • Certificate

    • PKCS #12

    • PKCS #7 PEM encoded

    • PKCS #7 DER encoded

    • PEM

    • DER

  • Key

    • PKCS #12

    • PEM

    • DER

  • CRL

    • PKCS #7 PEM encoded

    • PKCS #7 DER encoded

    • PEM

    • DER

Note:

If there are multiple objects with the same type in the input file, only the first object is extracted and converted.

Parameters

input url-string

Specifies the URL for the input file. This URL could be either a local CF card URL file or a FP URL to download the input file.

Values

url-string

<local-url> up to 99 characters

local-url

<cflash-id>/<file-path>

cflash-id

cf1:| cf2:| cf3:

output filename

Specifies the name of output file up to 95 characters. The output directory depends on the file type like following:

  • Key: cf3:\system-pki\key

  • Cert: cf3:\system-pki\cert

  • CRL: cf3:\system-pki\CRL

type

The type of input file.

Values

cert, key, crl

format

Specifies the format of input file.

Values

pkcs12, pkcs7-der, pkcs7-pem, pem, der

password

Specifies the password to decrypt the input file in case that it is an encrypted PKCS#12 file.

Platforms

All

import

Syntax

import plcy-or-long-expr [plcy-or-expr [ plcy-or-expr]]

no import

Context

[Tree] (config>router>bgp import)

[Tree] (config>router>bgp>group>neighbor import)

[Tree] (config>router>bgp>group import)

Full Context

configure router bgp import

configure router bgp group neighbor import

configure router bgp group import

Description

This command specifies route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific level is used.

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters; the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default

no import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

plcy-or-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 64 characters long). Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>router>isis import)

Full Context

configure router isis import

Description

This command specifies up to five route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies the import route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>router>ospf import)

[Tree] (config>router>ospf3 import)

Full Context

configure router ospf import

configure router ospf3 import

Description

This command applies one or more (up to 5) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy, it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to 5 export route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

import

Syntax

[no] import policy-name [ policy-name]

Context

[Tree] (config>router>ospf>area import)

[Tree] (config>router>ospf3>area import)

Full Context

configure router ospf area import

configure router ospf3 area import

Description

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in order to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

import

Syntax

import policy-name [policy-name]

no import

Context

[Tree] (config>router>ripng>group>neighbor import)

[Tree] (config>router>rip>group>neighbor import)

[Tree] (config>router>rip>group import)

[Tree] (config>router>ripng import)

[Tree] (config>router>ripng>group import)

[Tree] (config>router>rip import)

Full Context

configure router ripng group neighbor import

configure router rip group neighbor import

configure router rip group import

configure router ripng import

configure router ripng group import

configure router rip import

Description

This command configures import route policies to determine which routes are accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified names must already be defined.

Platforms

All

import

Syntax

import {ignore | accept | drop}

Context

[Tree] (config>service>vprn>bgp-ipvpn>attribute-set import)

Full Context

configure service vprn bgp-ipvpn attribute-set import

Description

This command configures the reception behavior for ATTR_SETs in received VPN-IP routes.

Default

import ignore

Parameters

accept

Keyword to configure BGP to accept and process ATTR_SETs in received unicast VPN-IP routes (MPLS or SRv6) when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are used for best-path selection within the VPRN, instead of the outer-path attributes attached to the imported VPN-IP route. The path attributes inside the ATTR_SET determine the path attributes of BGP routes advertised to PE-CE peers of the VPRN. However, the ATTR_SET is removed at the time of advertisement. VPRN BGP routes with attributes derived from accept processing are only advertised to EBGP peers and IBGP route reflector client peers. VPRN BGP routes are not advertised to BGP confederation peers. If the origin AS in the ATTR_SET attribute does not match the configured ASN, VPRN BGP routes with attributes derived from accept processing are advertised to IBGP peers that are not covered by a cluster configuration.

drop

Keyword to configure BGP to ignore and silently discard ATTR_SETs in received VPN-IP routes when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are not used for best path selection within the VPRN. If a VPRN is not involved in an independent domain Layer 3 VPN service, Nokia recommends configuring the import command to drop.

ignore

Keyword to configure BGP to ignore ATTR_SETs in received VPN-IP routes when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are not used for best-path selection within the VPRN. With the ignore parameter, the ATTR_SET attribute is transmitted unchanged to the CE. Nokia does not recommend configuring the import command to ignore in most deployments.

Platforms

All

import-grt

import-grt

Syntax

import-grt plcy-or-long-expr [plcy-or-expr]

no import-grt

Context

[Tree] (config>service>vprn>grt import-grt)

Full Context

configure service vprn grt-lookup import-grt

Description

This command associates policies to control the leaking of GRT routes into the associated VPRN.

The GRT route must have first been leaked by a leak-export policy defined under the config>router context. Then the route must match a route entry in the specified import-grt policy with an accept action. Refer to the IP Router Configuration Command Reference section in the 7750 SR Extensible Routing System Virtualized Service Router.

The no form of this command removes route leaking policy associations and disables the leaking of GRT routes into the local VPRN.

Parameters

plcy-or-long-expr

Specifies route policy names, up to 64 characters, or a policy logical expression, up to 255 characters.

Values

plcy-or-long-expr: policy-name | long-expr

policy-name: up to 64 characters

long-expr: up to 255 characters

plcy-or-expr

Specifies up to four route policy names, up to 64 characters, or a policy logical expression, up to 64 characters.

Values

plcy-or-expr: policy-name | expr

policy-name: up to 64 characters

expr: up to 64 characters

Platforms

All

import-mcast-policy

import-mcast-policy

Syntax

import-mcast-policy policy-name [policy-name]

no import-mcast-policy

Context

[Tree] (config>router>ldp import-mcast-policy)

Full Context

configure router ldp import-mcast-policy

Description

This command configures an import policy for mLDP FECs arriving on the node. This command does not work for self-generated mLDP FECs. The action of the policy will accept or reject the FEC. If the FEC is rejected, it will be kept but is not resolved.

The no form of this command removes all policies from the configuration.

Default

no import-mcast-policy

Parameters

policy-name

Specifies up to five import route policy names, up to 32 characters, to be assigned to mLDP. The specified name(s) must already be defined.

Platforms

All

import-pmsi-routes

import-pmsi-routes

Syntax

import-pmsi-routes

Context

[Tree] (config>router>ldp import-pmsi-routes)

Full Context

configure router ldp import-pmsi-routes

Description

Commands in this context configure import-pmsi-routes.

For option B, the leafs or ABR/ASBR that are not directly connected to the root have no visibility of the root. As such, for LDP to build the recursive FEC it needs to cache the MVPN PMSI AD routes, this command gives the user the ability to manually enable caching of MVPN PMSI AD routes internally in LDP for EVPN or MVPN inter-as or mvpn_no_export_community intra-as.

Platforms

All

import-prefixes

import-prefixes

Syntax

[no] import-prefixes policy-name

Context

[Tree] (config>router>ldp>session-params>peer import-prefixes)

Full Context

configure router ldp session-parameters peer import-prefixes

Description

This command configures the import FEC prefix policy to determine which prefixes received from this LDP peer are imported and installed by LDP on this node. If resolved these FEC prefixes are then re-distributed to other LDP and T-LDP peers. A FEC prefix that is filtered out (deny) will not be imported. A FEC prefix that is filtered in (accept) will be imported.

If no import policy is specified, the node will import all prefixes received from this LDP/T-LDP peer. This policy is applied in addition to the global LDP policy and targeted session policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified. Peer address has to be the peer LSR-ID address.

The no form of the command removes the policy from the configuration.

Default

no import-prefixes - no import route policy is specified

Parameters

policy-name

Specifies up to five import-prefix route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string. The specified name(s) must already be defined.

Platforms

All

import-prefixes

Syntax

import-prefixes policy-name [policy-name]

no import-prefixes

Context

[Tree] (config>router>ldp>targeted-session import-prefixes)

Full Context

configure router ldp targeted-session import-prefixes

Description

This command configures the import route policy to determine which FEC prefix label bindings are accepted from targeted LDP neighbors into this node. A label binding that is filtered out (deny) will not be imported. A route that is filtered in (accept) will be imported.

If no import policy is specified, this node session will accept all bindings from configured targeted LDP neighbors. This policy is applied in addition to the global LDP policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies up to five import policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

import-tunnel-table

import-tunnel-table

Syntax

import-tunnel-table policy-name [policy-name]

no import-tunnel-table

Context

[Tree] (config>router>ldp import-tunnel-table)

Full Context

configure router ldp import-tunnel-table

Description

This command controls the import, in the tunnel table, of LDP tunnels to non-host prefixes. This command is only intended for importing tunnels; it cannot be used for preventing the import of any specific prefix and only non-host prefixes will be considered when evaluating this policy in this context. The LDP tunnels to these non-host prefixes must be created before they can be imported.

This command does not affect the automatic import of LDP tunnels to host prefixes.

The no version of this command removes all of the import policies and, by consequence, any tunnels to non-host prefixes from the tunnel table. If a non-host prefix tunnel is currently being used for forwarding, disabling this command may be service-impacting.

Default

no import-tunnel-table

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified policy names must already be defined.

Platforms

All

imported-format

imported-format

Syntax

imported-format {any | secure}

Context

[Tree] (config>system>security>pki imported-format)

Full Context

configure system security pki imported-format

Description

This command specifies the allowed format of imported certificates or keys in the cf3:/system-pki directory.

Default

imported-format any

Parameters

any

Allows any imported format.

secure

Only allows enhanced secure imported formats.

Platforms

All

improved-assert

improved-assert

Syntax

[no] improved-assert

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>pim improved-assert)

Full Context

configure service vprn mvpn provider-tunnel inclusive pim improved-assert

Description

This command enables improved assert procedure on the PIM inclusive provider tunnel.

The no form of this command disables improved assert procedure.

Default

enabled

Platforms

All

improved-assert

Syntax

[no] improved-assert

Context

[Tree] (config>service>vprn>pim>if improved-assert)

Full Context

configure service vprn pim interface improved-assert

Description

This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes.

The assert process is started when data is received on an outgoing interface. This could impact performance if data is continuously received on an outgoing interface.

When enabled, the PIM assert process is done entirely on the control-plane with no interaction between the control and forwarding plane.

Default

improved-assert

Platforms

All

improved-assert

Syntax

[no] improved-assert

Context

[Tree] (config>router>pim>interface improved-assert)

Full Context

configure router pim interface improved-assert

Description

This command enables improved assert processing. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes. The assert process is started when data is received on an outgoing interface meaning that duplicate traffic is forwarded to the LAN until the forwarder is negotiated among the routers.

When the improved-assert command is enabled, the PIM assert process is done entirely in the control plane. The advantages are that it eliminates duplicate traffic forwarding to the LAN. It also improves performance since it removes the required interaction between the control and data planes.

Note:

improved-assert is still fully interoperable with the RFC 4601, Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised) and RFC 2362, Protocol Independent Multicast-Sparse Mode (PIM-SM), implementations. However, there may be conformance tests that may fail if the tests expect control-data plane interaction in determining the assert winner. Disabling the improved-assert command when performing conformance tests is recommended.

Default

improved-assert

Platforms

All

imsi

imsi

Syntax

[no] imsi imsi

Context

[Tree] (debug>gtp imsi)

Full Context

debug gtp imsi

Description

This command restricts debugging to only data related to the specified IMSI. This command can be repeated multiple times, where only data for any of the specified IMSIs is debugged.

The no form of this command removes the filter for the specified IMSI. If the last IMSI filter is removed, all data is debugged again, but may be restricted by other filters.

Parameters

imsi

Specifies the mobile subscriber identity, as a string of up to 15 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

imsi

Syntax

[no] imsi

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute imsi)

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute imsi)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute imsi

configure subscriber-mgmt authentication-policy include-radius-attribute imsi

Description

This command includes the IMSI RADIUS attribute for FWA sessions.

The no form of this command excludes the RADIUS IMSI attribute.

Default

no imsi

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

imsi-apn-filter

imsi-apn-filter

Syntax

imsi-apn-filter

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-filter imsi-apn-filter)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter imsi-apn-filter

Description

This command configures a TCA for the counter capturing hits due to the GTP IMSI-APN filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

imsi-apn-filter

Syntax

imsi-apn-filter

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr imsi-apn-filter)

Full Context

configure application-assurance group gtp gtp-filter imsi-apn-filter

Description

Commands in this context configure IMSI and APN filtering. By default, no APN or IMSI filtering is performed.

The gtpc-inspection command must be enabled before using this command.

This command applies only to the GTP packets that contain IMSI or APN information elements (IEs).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

in-band-control-path

in-band-control-path

Syntax

in-band-control-path

Context

[Tree] (config>redundancy>mc>peer>mcr>ring in-band-control-path)

[Tree] (config>redundancy>mc>peer>mc>l3-ring in-band-control-path)

Full Context

configure redundancy multi-chassis peer mc-ring ring in-band-control-path

configure redundancy multi-chassis peer multi-chassis l3-ring in-band-control-path

Description

Commands in this context configure control path parameters.

The no form of this command reverts to the default.

Platforms

All

in-label

in-label

Syntax

in-label in-label out-label out-label out-link if-name [next-hop next-hop]

no in-label

Context

[Tree] (config>router>mpls>mpls-tp>transit-path>forward-path in-label)

[Tree] (config>router>mpls>mpls-tp>transit-path>reverse-path in-label)

Full Context

configure router mpls mpls-tp transit-path forward-path in-label

configure router mpls mpls-tp transit-path reverse-path in-label

Description

This command configures the label mapping associated with a forward path or reverse path of an MPLS-TP transit path to be configured.

The incoming label, outgoing label and outgoing interface must be configured, using the in-label, out-label and out-link parameters. If the out-link refers to a numbered IP interface, the user may optionally configure the next-hop parameter and the system will determine the interface to use to reach the configured next-hop, but will check that the user-entered value for the out-link corresponds to the link returned by the system. If they do not correspond, then the path will not come up.

Default

no in-label

Parameters

in-label

Specifies the in label.

Values

32 to 16415

out-label

Specifies the out label.

Values

32 to 16415

if-name

Specifies the name of the outgoing interface use for the path.

next-hop

Specifies the next-hop.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

in-label

Syntax

in-label in-label

no in-label

Context

[Tree] (config>router>mpls>lsp>protect-tp-path in-label)

[Tree] (config>router>mpls>lsp>working-tp-path in-label)

Full Context

configure router mpls lsp protect-tp-path in-label

configure router mpls lsp working-tp-path in-label

Description

This command configures the incoming label for the reverse path or the working path or the protect path of an MPLS-TP LSP. MPLS-TP LSPs are bidirectional, and so an incoming label value must be specified for each path.

Default

no in-label

Parameters

in-label

Specifies the in label.

Values

32 to 16415

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

in-plus-profile-octets-discarded-count

in-plus-profile-octets-discarded-count

Syntax

[no] in-plus-profile-octets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-octets-discarded-count

configure log accounting-policy custom-record policer e-counters in-plus-profile-octets-discarded-count

Description

This command includes the in-plus profile octets discarded count.

The no form of this command excludes the in-plus profile octets discarded count.

Default

no in-plus-profile-octets-discarded-count

Platforms

All

in-plus-profile-octets-forwarded-count

in-plus-profile-octets-forwarded-count

Syntax

[no] in-plus-profile-octets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-plus-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-octets-forwarded-count

Description

This command includes the in-plus profile octets forwarded count.

The no form of this command excludes the in-plus profile octets forwarded count.

Default

no in-plus-profile-octets-forwarded-count

Platforms

All

in-plus-profile-octets-offered-count

in-plus-profile-octets-offered-count

Syntax

[no] in-plus-profile-octets-offered-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-plus-profile-octets-offered-count

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-octets-offered-count

Description

This command includes the in-plus profile octets offered count.

The no form of this command excludes the in-plus profile octets offered count.

Default

no in-plus-profile-octets-offered-count

Platforms

All

in-plus-profile-packets-discarded-count

in-plus-profile-packets-discarded-count

Syntax

[no] in-plus-profile-packets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-packets-discarded-count

configure log accounting-policy custom-record policer e-counters in-plus-profile-packets-discarded-count

Description

This command includes the in-plus profile packets discarded count.

The no form of this command excludes the in-plus profile packets discarded count.

Default

no in-plus-profile-packets-discarded-count

Platforms

All

in-plus-profile-packets-forwarded-count

in-plus-profile-packets-forwarded-count

Syntax

[no] in-plus-profile-packets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-plus-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-packets-forwarded-count

Description

This command includes the in-plus profile packets forwarded count.

The no form of this command excludes the in-plus profile packets forwarded count.

Default

no in-plus-profile-packets-forwarded-count

Platforms

All

in-plus-profile-packets-offered-count

in-plus-profile-packets-offered-count

Syntax

[no] in-plus-profile-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-plus-profile-packets-offered-count

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-packets-offered-count

Description

This command includes the in-plus profile packets offered count.

The no form of this command excludes the in-plus profile packets offered count.

Default

no in-plus-profile-packets-offered-count

Platforms

All

in-profile-octets-discarded-count

in-profile-octets-discarded-count

Syntax

[no] in-profile-octets-discarded-count

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>e-counters in-profile-octets-discarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>e-counters in-profile-octets-discarded-count)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue e-counters in-profile-octets-discarded-count

configure subscriber-mgmt radius-accounting-policy custom-record queue e-counters in-profile-octets-discarded-count

Description

This command includes the in-profile octets discarded count.

For queues with stat-mode v4-v6, this command includes the IPv4 octets discarded count instead.

The no form of this command excludes the in-profile octets discarded count.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

in-profile-octets-discarded-count

Syntax

[no] in-profile-octets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record queue e-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record policer e-counters in-profile-octets-discarded-count

Description

This command includes the in-profile octets discarded count.

The no form of this command excludes the in-profile octets discarded count.

Default

no in-profile-octets-discarded-count

Platforms

All

in-profile-octets-discarded-count

Syntax

[no] in-profile-octets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record policer i-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-octets-discarded-count

Description

This command includes the in-profile octets discarded count.

The no form of this command excludes the in-profile octets discarded count.

Default

no in-profile-octets-discarded-count

Platforms

All

in-profile-octets-forwarded-count

in-profile-octets-forwarded-count

Syntax

[no] in-profile-octets-forwarded-count

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>e-count in-profile-octets-forwarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>e-count in-profile-octets-forwarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>i-count in-profile-octets-forwarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>i-count in-profile-octets-forwarded-count)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record queue e-counters in-profile-octets-forwarded-count

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue e-counters in-profile-octets-forwarded-count

configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters in-profile-octets-forwarded-count

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters in-profile-octets-forwarded-count

Description

This command includes the in-profile octets forwarded count. For queues with stat-mode v4-v6, this command includes the IPv4 octets forwarded count instead.

The no form of this command excludes the in-profile octets forwarded count.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

in-profile-octets-forwarded-count

Syntax

[no] in-profile-octets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record queue e-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record policer e-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-profile-octets-forwarded-count

Description

This command includes the in-profile octets forwarded count.

The no form of this command excludes the in-profile octets forwarded count.

Default

no in-profile-octets-forwarded-count

Platforms

All

in-profile-octets-forwarded-count

Syntax

[no] in-profile-octets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>queue>i-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record queue i-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-queue i-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record policer i-counters in-profile-octets-forwarded-count

Description

This command includes the in profile octets forwarded count.

The no form of this command excludes the in profile octets forwarded count.

Default

no in-profile-octets-forwarded-count

Platforms

All

in-profile-octets-offered-count

in-profile-octets-offered-count

Syntax

[no] in-profile-octets-offered-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-profile-octets-offered-count

configure log accounting-policy custom-record ref-policer e-counters in-profile-octets-offered-count

Description

This command includes the in profile octets offered count.

The no form of this command excludes the in-profile octets offered count.

Default

no in-profile-octets-offered-count

Platforms

All

in-profile-octets-offered-count

Syntax

[no] in-profile-octets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters in-profile-octets-offered-count

configure log accounting-policy custom-record policer i-counters in-profile-octets-offered-count

Description

This command includes the in-profile octets offered count.

The no form of this command excludes the in-profile octets offered count.

Default

no in-profile-octets-offered-count

Platforms

All

in-profile-packets-discarded-count

in-profile-packets-discarded-count

Syntax

[no] in-profile-packets-discarded-count

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>e-counters in-profile-packets-discarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>e-counters in-profile-packets-discarded-count)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record queue e-counters in-profile-packets-discarded-count

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue e-counters in-profile-packets-discarded-count

Description

This command includes the in-profile packets discarded count.

For queues with stat-mode v4-v6, this command includes the IPv4 packets discarded count instead.

The no form of this command excludes the in-profile packets discarded count.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

in-profile-packets-discarded-count

Syntax

[no] in-profile-packets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record ref-policer e-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record queue e-counters in-profile-packets-discarded-count

Description

This command includes the in-profile packets discarded count.

The no form of this command excludes the in-profile packets discarded count.

Default

no in-profile-packets-discarded-count

Platforms

All

in-profile-packets-discarded-count

Syntax

[no] in-profile-packets-discarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record policer i-counters in-profile-packets-discarded-count

Description

This command includes the in-profile packets discarded count.

The no form of this command excludes the in-profile packets discarded count.

Default

no in-profile-packets-discarded-count

Platforms

All

in-profile-packets-forwarded-count

in-profile-packets-forwarded-count

Syntax

[no] in-profile-packets-forwarded-count

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>e-count in-profile-packets-forwarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>e-count in-profile-packets-forwarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>i-count in-profile-packets-forwarded-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>i-count in-profile-packets-forwarded-count)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue e-counters in-profile-packets-forwarded-count

configure subscriber-mgmt radius-accounting-policy custom-record queue e-counters in-profile-packets-forwarded-count

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters in-profile-packets-forwarded-count

configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters in-profile-packets-forwarded-count

Description

This command includes the in-profile packets forwarded count.

For queues with stat-mode v4-v6, this command includes the IPv4 packets forwarded count instead.

The no form of this command excludes the in-profile packets forwarded count.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

in-profile-packets-forwarded-count

Syntax

[no] in-profile-packets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record ref-queue e-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record policer e-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record queue e-counters in-profile-packets-forwarded-count

Description

This command includes the in-profile packets forwarded count.

The no form of this command excludes the in-profile packets forwarded count.

Default

no in-profile-packets-forwarded-count

Platforms

All

in-profile-packets-forwarded-count

Syntax

[no] in-profile-packets-forwarded-count

Context

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters in-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record policer i-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-queue i-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record queue i-counters in-profile-packets-forwarded-count

Description

This command includes the in profile packets forwarded count.

The no form of this command excludes the in profile packets forwarded count.

Default

no in-profile-packets-forwarded-count

Platforms

All

in-profile-packets-offered-count

in-profile-packets-offered-count

Syntax

[no] in-profile-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-packets-offered-count

configure log accounting-policy custom-record policer e-counters in-profile-packets-offered-count

Description

This command includes the in profile packets offered count.

The no form of this command excludes the in profile packets offered count.

Default

no in-profile-packets-offered-count

Platforms

All

in-profile-packets-offered-count

Syntax

[no] in-profile-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters in-profile-packets-offered-count

configure log accounting-policy custom-record policer i-counters in-profile-packets-offered-count

Description

This command includes the in-profile packets offered count.

The no form of this command excludes the in-profile packets offered count.

Default

no in-profile-packets-offered-count

Platforms

All

in-remark

in-remark

Syntax

in-remark {dscp dscp-name | prec ip-prec-value}

no in-remark

Context

[Tree] (config>qos>sap-ingress>fc in-remark)

Full Context

configure qos sap-ingress fc in-remark

Description

This command is used in a SAP ingress QoS policy to define an explicit in-profile remark action for a forwarding class or subclass. While the SAP ingress QoS policy may be applied to any SAP, the remarking functions are only enforced when the SAP is associated with an IP or subscriber interface (in an IES or VPRN). When the policy is applied to a Layer 2 SAP (i.e., Epipe or VPLS), the remarking definitions are silently ignored.

In the case where the policy is applied to a Layer 3 SAP, the in-profile remarking definition will be applied to packets that have been classified to the forwarding class or subclass. It is possible for a packet to match a classification command that maps the packet to a particular forwarding class or subclass, only to have a more explicit (higher priority match) override the association. Only the highest priority match forwarding class or subclass association will drive the in-profile marking.

The in-remark command is only applicable to ingress IP routed packets that are considered in-profile. The profile of a SAP ingress packet is affected by either the explicit in-profile/out-of-profile definitions or the ingress policing function applied to the packet. Effect of In-Remark Command on Received SAP Ingress Packets shows the effect of the in-remark command on received SAP ingress packets. Within the in-profile IP packet’s ToS field, either the six DSCP bits or the three precedence bits are remarked.

Table 1. Effect of In-Remark Command on Received SAP Ingress Packets

SAP Ingress Packet State

in-remark Command Effect

Non-Routed, Policed In-Profile

No Effect (non-routed packet)

Non-Routed, Policed Out-of-Profile

No Effect (non-routed packet)

Non-Routed, Explicit In-Profile

No Effect (non-routed packet)

Non-Routed, Explicit Out-of-Profile

No Effect (non-routed packet)

IP Routed, Policed In-Profile

in-remark value applied to IP header ToS field

IP Routed, Policed Out-of-Profile

No Effect (out-of-profile packet)

IP Routed, Explicit In-Profile

in-remark value applied to IP header ToS field

IP Routed, Explicit Out-of-Profile

No Effect (out-of-profile packet)

The no form of this command disables ingress remarking of in-profile packets classified to the forwarding class or subclass.

Parameters

dscp dscp-name

Specifies that the matching packet’s DSCP bits should be overridden with the value represented by dscp-name.

The dscp-name parameter is a 6-bit value. It must be one of the predefined DSCP names defined on the system.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, c p35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

prec ip-prec-value

Specifies that the matching packet’s precedence bits should be overridden with the value represented by ip-prec-value.

Values

0 to 7

Platforms

All

inactive-flow-timeout

inactive-flow-timeout

Syntax

inactive-flow-timeout seconds

no inactive-flow-timeout

Context

[Tree] (config>cflowd inactive-flow-timeout)

Full Context

configure cflowd inactive-flow-timeout

Description

This command specifies the length of time, in seconds, that must elapse without a packet matching a flow before the flow is considered inactive.

The no form of this command resets the inactive flow timeout back to the default of 15 seconds.

Existing flows do not inherit the new inactive-flow-timeout value if this parameter is changed while cflowd is active. The inactive-flow-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

Default

inactive-flow-timeout 15

Parameters

seconds

Specifies the length of time, in seconds, without a packet matching a flow before the flow is considered inactive.

Values

10 to 600

Platforms

All

inactivity-mon

inactivity-mon

Syntax

[no] inactivity-mon

Context

[Tree] (config>app-assure>group>transit-ip-policy>transit-auto-create inactivity-mon)

Full Context

configure application-assurance group transit-ip-policy transit-auto-create inactivity-mon

Description

This command enables auto removal of inactive transit subscribers. Periodically AA removes any inactive auto-created subscriber where an inactive sub is defined as having no active flows in the last period.

The no form of this command disables the auto removal of inactive transit subscribers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

inactivity-timeout

inactivity-timeout

Syntax

inactivity-timeout seconds

no inactivity-timeout

Context

[Tree] (config>test-oam>twamp>server inactivity-timeout)

Full Context

configure test-oam twamp server inactivity-timeout

Description

This command configures the inactivity time out for all TWAMP-control connections. If no TWAMP control message is exchanged over the TCP connection for this duration of time the connection is closed and all in-progress tests are terminated.

The no form of this command returns the value to the default.

Default

inactivity-timeout 900

Parameters

seconds

Specifies the duration of the inactivity time out.

Values

60 to 3600

Default

900

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

inactivity-timeout

Syntax

inactivity-timeout seconds

no inactivity-timeout

Context

[Tree] (config>test-oam>twamp>twamp-light inactivity-timeout)

Full Context

configure test-oam twamp twamp-light inactivity-timeout

Description

This command configures the length of time to maintain stale state on the session reflector. Stale state is test data that has not been refreshed or updated by newly arriving probes for that specific test in a predetermined length of time. Any single reflector can maintain up state for a maximum of 12000 tests. If the maximum value is exceeded, the session reflector lacks memory to allocate to new tests.

The no form of this command returns the value to the default.

Default

inactivity-timeout 100

Parameters

seconds

Specifies the value in seconds for maintaining stale state.

Values

10 to 100

Default

100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

inactivity-timer

inactivity-timer

Syntax

inactivity-timer [days days] [hrs hours] [min minutes] [sec seconds]

no inactivity-timer

Context

[Tree] (config>service>ies>sub-if>ipv6>rtr-sol inactivity-timer)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-sol inactivity-timer)

[Tree] (config>service>vprn>sub-if>ipv6>rtr-sol inactivity-timer)

Full Context

configure service ies subscriber-interface ipv6 router-solicit inactivity-timer

configure service ies subscriber-interface group-interface ipv6 router-solicit inactivity-timer

configure service vprn subscriber-interface ipv6 router-solicit inactivity-timer

Description

This command specifies the time before an inactive host is removed.

The no form of this command reverts to the default.

Parameters

infinite

Specifies that the idle host is never removed.

days

Specifies that the idle host is removed if idle within the number of specified days.

hours

Specifies that the idle host is removed if idle within the number of specified hours.

minutes

Specifies that the idle host is removed if idle within the number of specified minutes.

seconds

Specifies that the idle host is removed if idle within the number of specified seconds.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

inactivity-timer

Syntax

inactivity-timer timer

no inactivity-timer

Context

[Tree] (config>eth-cfm>slm inactivity-timer)

Full Context

configure eth-cfm slm inactivity-timer

Description

The time the responder keeps a test active. Should the time between packets exceed this values within a test the responder will mark the previous test as complete. It will treat any new packets from a peer with the same test-id, source-mac and MEP-ID as a new test responding with the sequence number one.

The no form of the command reverts the timeout to the default value.

Default

inactivity-timer 100

Parameters

timer

Specifies the amount of time in seconds.

Values

10 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

inband

inband

Syntax

inband service-id

no inband

Context

[Tree] (config>system>security>vprn-aaa-server inband)

Full Context

configure system security vprn-aaa-server inband

Description

This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in the Base routing instance.

The no form of this command disables the use of servers for in-band management.

Default

no inband

Parameters

service-id

Specifies the VPRN server for AAA to use for in-band sessions.

Values

service-id: 1 to 2147483648

svc-name: 64 characters maximum

Platforms

All

inband-collector-export-only

inband-collector-export-only

Syntax

[no] inband-collector-export-only

Context

[Tree] (config>cflowd inband-collector-export-only)

Full Context

configure cflowd inband-collector-export-only

Description

This command, when the inband-collector-export-only command is enabled, allows only collectors that are reachable through inband interfaces and enables a higher flow export rate.

The no form of this command, the default, re-enables the use of the out-of-band management Ethernet port.

Platforms

All

inbound-max-sessions

inbound-max-sessions

Syntax

inbound-max-sessions number-of-sessions

no inbound-max-sessions

Context

[Tree] (config>system>login-control>ftp inbound-max-sessions)

Full Context

configure system login-control ftp inbound-max-sessions

Description

This command configures the maximum number of concurrent inbound FTP sessions.

This value is the combined total of inbound and outbound sessions.

The no form of this command reverts to the default value.

Default

inbound-max-sessions 3

Parameters

value

Specifies the maximum number of concurrent FTP sessions on the node.

Values

0 to 5

Platforms

All

inbound-max-sessions

Syntax

inbound-max-sessions number-of-sessions

no inbound-max-sessions

Context

[Tree] (config>system>login-control>ssh inbound-max-sessions)

[Tree] (config>system>login-control>telnet inbound-max-sessions)

Full Context

configure system login-control ssh inbound-max-sessions

configure system login-control telnet inbound-max-sessions

Description

This parameter limits the number of inbound Telnet and SSH sessions. A maximum of 30 telnet and ssh connections can be established to the router. The local serial port cannot be disabled.

Telnet and SSH maximum sessions can also use the combined total of both inbound sessions (SSH+Telnet). While it is acceptable to continue to internally limit the combined total of SSH and Telnet sessions to N, either SSH or Telnet sessions can use the inbound maximum sessions, if so required by the Operator.

The no form of this command reverts to the default value.

Default

inbound-max-sessions 5

Parameters

number-of-sessions

The maximum number of concurrent inbound Telnet sessions, expressed as an integer.

Values

0 to 50 (default = 5) or 0 to N where N is the new total number of SSH+Telnet sessions if they are scaled

Platforms

All

incl-mcast-l2-attributes-advertisement

incl-mcast-l2-attributes-advertisement

Syntax

[no] incl-mcast-l2-attributes-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn incl-mcast-l2-attributes-advertisement)

Full Context

configure service vpls bgp-evpn incl-mcast-l2-attributes-advertisement

Description

This command triggers the advertisement of the Layer 2 attributes extended community including:

  • the service MTU in the Layer 2 MTU field

  • the F bit, which is set to 1 if the hash-label command is set to true (in the configure service vpls bgp-evpn mpls context); otherwise, the F bit is set to 0

  • the C bit, which is set to 1 if the control-word command is set to true (in the configure service vpls bgp-evpn mpls context); otherwise, the C bit is set to 0

The router compares the received Layer 2 MTU from a peer with the local service MTU. If there is a mismatch, the operation state of the EVPN destination is set to down, except if the configure service vpls bgp-evpn ignore-mtu-mistmatch command is enabled.

A mismatch between the received C bit and the local control-word setting (in the configure service vpls bgp-evpn mpls context) results in the operational state of the EVPN destination being set to down.

A mismatch between the received F bit and the local F bit (via the hash label configuration) results in the operational state of the EVPN destination being set to down.

The no form of this command prevents the router from advertising the Layer 2 attributes extended community along with the IMET route for the service.

Default

no incl-mcast-l2-attributes-advertisement

Platforms

All

incl-mcast-orig-ip

incl-mcast-orig-ip

Syntax

incl-mcast-orig-ip ip-address

no incl-mcast-orig-ip

Context

[Tree] (config>service>vpls>bgp-evpn incl-mcast-orig-ip)

Full Context

configure service vpls bgp-evpn incl-mcast-orig-ip

Description

The IP address configured by the user in the incl-mcast-orig-ip command is encoded in the originating-ip field of EVPN Inclusive Multicast Routes with tunnel type Ingress Replication (value 6), mLDP (2), and Composite IR and mLDP (130).

The configured address does not need to be reachable in the base router or have an interface in the base router. The originating-ip address is used solely for BGP route-key selection.

The originating-ip is never changed for Inclusive Multicast Routes with tunnel type AR (Assisted Replication, value 10).

The no version of the command withdraws the affected Inclusive Multicast Routes and re-advertises it with the default system-ip address in the originating-ip field.

Default

incl-mcast-orig-ip 1

Parameters

ip-address

Specifies the IPv4 address value.

Values

a.b.c.d

Platforms

All

include

include

Syntax

include group-name [group-name]

no include [group-name [group-name]]

Context

[Tree] (config>router>mpls>lsp-template include)

[Tree] (config>router>mpls>lsp>primary-p2mp-instance include)

[Tree] (config>router>mpls>lsp>secondary include)

[Tree] (config>router>mpls>lsp>primary include)

[Tree] (config>router>mpls>lsp include)

Full Context

configure router mpls lsp-template include

configure router mpls lsp primary-p2mp-instance include

configure router mpls lsp secondary include

configure router mpls lsp primary include

configure router mpls lsp include

Description

This command specifies the admin groups to be included when an LSP is set up. Up to five groups per operation can be specified, up to 32 maximum. The include statement instructs the CSPF algorithm to pick TE links among the links which belong to one or more of the specified admin groups. A link that does not belong to at least one of the specified admin groups is excluded and thus pruned from the TE database before the CSPF computation. However, a link can still be selected if it belongs to one of the groups in a include statement but also belongs to other groups which are not part of any include statement in the LSP or primary/secondary path configuration. In other words, the include statements implements the "include-any” behavior.

The config>router>mpls>lsp>primary-p2mp-instance> include command is not supported on the 7450 ESS.

The no form of this command deletes the specified groups in the specified context.

Default

no include

Parameters

group-name

Specifies admin groups to be included when an LSP is set up.

Platforms

All

include

Syntax

[no] include

Context

[Tree] (config>service>nat>syslog>syslog-export-policy include)

Full Context

configure service nat syslog syslog-export-policy include

Description

Commands in this context specify the optional fields to include in the NAT syslog messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

include

Syntax

[no] include tag

Context

[Tree] (config>router>admin-tags>route-admin-tag-policy include)

Full Context

configure router admin-tags route-admin-tag-policy include

Description

This configures an admin tag to be included when matching a route against an LSP.

Up to eight inclusion statements are supported per policy.

The no form of this command removes the admin tag from the include statement.

Parameters

tag

Specifies the value of the admin tag, up to 32 characters.

Platforms

All

include-all

include-all

Syntax

include-all

Context

[Tree] (config>router>fad>flex-algo include-all)

Full Context

configure router flexible-algorithm-definitions flex-algo include-all

Description

Commands in this context configure administrative groups to include in the flexible algorithm topology graph. Administrative groups are attributes associated with a link and are generally referred to as link colors.

Flexible algorithms provide the possibility to restrict inclusion into the topology graph to links that have a pre-defined combination of associated administrative groups. The include-all command requires that all configured administrative groups must be present in a link before the link can be included in the topology graph.

Platforms

All

include-any

include-any

Syntax

include-any

Context

[Tree] (config>router>fad>flex-algo include-any)

Full Context

configure router flexible-algorithm-definitions flex-algo include-any

Description

Commands in this context configure administrative groups to include in the flexible algorithm topology graph. Administrative groups are attributes associated with a link and are generally referred to as link colors.

Flexible algorithms provide the possibility to restrict inclusion into the topology graph to links that have a pre-defined combination of associated administrative groups. The include-any command requires that one of the configured administrative groups must be present on a link before the link can be included in the topology graph.

Platforms

All

include-avp

include-avp

Syntax

[no] include-avp

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy include-avp)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx include-avp)

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq include-avp)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp

configure subscriber-mgmt diameter-application-policy gx include-avp

configure subscriber-mgmt diameter-application-policy nasreq include-avp

Description

Commands in this context configure AVPs and their format to be included in Diameter Gx, Gy, or NASREQ application messages. For full description each AVP, refer to the 7750 SR and VSR RADIUS Attributes Reference Guide.

AVP name:

  • an-gw-address

  • apn-ambr

  • called-station-id

  • calling-station-id

  • charging-characteristics

  • dynamic-address-flag

  • ip-can-type

  • logical-access-id

  • nas-port

  • nas-port-id

  • nas-port-type

  • pdn-connection-id

  • physical-access-id

  • rai

  • rat-type

  • selection-mode

  • sgsn-mcc-mnc

  • supported-features

  • user-equipment-info

  • user-location-info

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

include-dns

include-dns

Syntax

[no] include-dns

Context

[Tree] (config>subscr-mgmt>rtr-adv-plcy>dns-opt include-dns)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 include-dns)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6 include-dns)

[Tree] (config>service>ies>sub-if>ipv6>rtr-adv include-dns)

[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv include-dns)

Full Context

configure subscriber-mgmt router-advertisement-policy dns-options include-dns

configure service ies subscriber-interface group-interface ipv6 include-dns

configure service vprn subscriber-interface group-interface ipv6 include-dns

configure service ies subscriber-interface ipv6 rtr-adv include-dns

configure service vprn subscriber-interface ipv6 rtr-adv include-dns

Description

This command specifies to include the Recursive DNS Server (RDNSS) Option as defined in RFC 6106 in IPv6 router advertisements for DNS name resolution of IPv6 SLAAC hosts.

The no form of this command returns the command to the default setting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

include-dns

Syntax

[no] include-dns

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv>dns-opt include-dns)

[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv>dns-opt include-dns)

[Tree] (config>service>ies>sub-if>ipv6>rtr-adv>dns-opt include-dns)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv>dns-opt include-dns)

Full Context

configure service vprn subscriber-interface group-interface ipv6 router-advertisements dns-options include-dns

configure service vprn subscriber-interface ipv6 router-advertisements dns-options include-dns

configure service ies subscriber-interface ipv6 router-advertisements dns-options include-dns

configure service ies subscriber-interface group-interface ipv6 router-advertisements dns-options include-dns

Description

This command specifies to include the Recursive DNS Server (RDNSS) Option as defined in RFC 6106 in IPv6 Router Advertisements for DNS name resolution of IPv6 SLAAC hosts.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

include-dns

Syntax

[no] include-dns

Context

[Tree] (config>service>vprn>router-advert>if>dns-options include-dns)

Full Context

configure service vprn router-advertisement interface dns-options include-dns

Description

This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.

The no form of this command disables the RDNSS option in router advertisements.

Default

include-dns

Platforms

All

include-dns

Syntax

[no] include-dns

Context

[Tree] (config>router>router-advert>if>dns-opt include-dns)

Full Context

configure router router-advertisement interface dns-options include-dns

Description

This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.

The no form of this command disables the RDNSS option in router advertisements.

Default

include-dns

Platforms

All

include-group

include-group

Syntax

include-group ip-admin-group-name [pref preference]

no include-group ip-admin-group-name

Context

[Tree] (config>router>route-next-hop-policy>template include-group)

Full Context

configure router route-next-hop-policy template include-group

Description

This command configures the admin group constraint into the route next-hop policy template.

Each group is entered individually. The include-group statement instructs the LFA SPF selection algorithm to pick up a subset of LFA next-hops among the links which belong to one or more of the specified admin groups. A link which does not belong to at least one of the admin-groups is excluded. However, a link can still be selected if it belongs to one of the groups in a include-group statement but also belongs to other groups which are not part of any include-group statement in the route next-hop policy.

The pref option is used to provide a relative preference for the admin group to select. A lower preference value means that LFA SPF will first attempt to select a LFA backup next-hop which is a member of the corresponding admin group. If none is found, then the admin group with the next higher preference value is evaluated. If no preference is configured for a given admin group name, then it is supposed to be the least preferred, that is, numerically the highest preference value.

When evaluating multiple include-group statements within the same preference, any link which belongs to one or more of the included admin groups can be selected as an LFA next-hop. There is no relative preference based on how many of those included admin groups the link is a member of.

The exclude-group statement simply prunes all links belonging to the specified admin group before making the LFA backup next-hop selection for a prefix.

If the same group name is part of both include and exclude statements, the exclude statement will win. It other words, the exclude statement can be viewed as having an implicit preference value of 0.

The admin-group criteria are applied before running the LFA next-hop selection algorithm.

The no form deletes the admin group constraint from the route next-hop policy template.

Parameters

ip-admin-group-name

Specifies the name of the group, up to 32 characters.

preference

An integer specifying the relative preference of a group.

Values

1 to 255

Default

255

Platforms

All

include-radius-attribute

include-radius-attribute

Syntax

[no] include-radius-attribute

Context

[Tree] (config>aaa>l2tp-acct-plcy include-radius-attribute)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute

Description

Commands in this context specify the RADIUS attributes that the system should include into RADIUS Access-Request (for authentication) and Accounting-Request (for accounting) messages.

The no form of this command disables the RADIUS attributes to be included.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

include-radius-attribute

Syntax

[no] include-radius-attribute

Context

[Tree] (config>subscr-mgmt>auth-plcy include-radius-attribute)

[Tree] (config>subscr-mgmt>acct-plcy include-radius-attribute)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute

configure subscriber-mgmt radius-accounting-policy include-radius-attribute

Description

Commands in this context specify the RADIUS attributes that the system should include in RADIUS Access-Request (for authentication) and Accounting-Request (for accounting) messages.

The no form of this command reverts to the default values.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

include-radius-attribute

Syntax

[no] include-radius-attribute

Context

[Tree] (config>ipsec>rad-acct-plcy include-radius-attribute)

[Tree] (config>ipsec>rad-auth-plcy include-radius-attribute)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute

configure ipsec radius-authentication-policy include-radius-attribute

Description

Commands in this context specify the RADIUS attributes that the system should include into RADIUS Access-Request (for authentication) and Accounting-Request (for accounting) messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

include-system-info

include-system-info

Syntax

[no] include-system-info

Context

[Tree] (config>log>accounting-policy include-system-info)

Full Context

configure log accounting-policy include-system-info

Description

This command allows the operator to optionally include router information at the top of each accounting file generated for a given accounting policy.

The no form of this command configures the router to not include optional router information at the top of the file.

Default

no include-system-info

Platforms

All

included-protocols

included-protocols

Syntax

included-protocols

Context

[Tree] (config>sys>security>cpu-protection>ip included-protocols)

Full Context

configure system security cpu-protection ip-src-monitoring included-protocols

Description

This context allows configuration of which protocols are included for ip-src-monitoring. This is system-wide configuration that applies to cpu protection globally.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

inclusive

inclusive

Syntax

inclusive

Context

[Tree] (config>service>vpls>provider-tunnel inclusive)

Full Context

configure service vpls provider-tunnel inclusive

Description

Commands in this context configure the use of a P2MP LSP as the default tree for forwarding Broadcast, Unknown unicast, and Multicast (BUM) packets of a VPLS or B-VPLS instance. The P2MP LSP is referred to, in this case, as the Inclusive Provider Multicast Service Interface (I-PMSI).

When enabled, this feature relies on BGP Auto-Discovery (BGP-AD), BGP-VPLS or BGP-EVPN to discover the PE nodes participating in a specified VPLS/B-VPLS instance. In the case of BGP-AD or BGP-VPLS, the BGP route contains the information required to signal both point-to-point (P2P) PWs used to forward unicast known Ethernet frames, and the RSVP or mLDP P2MP LSP used to forward the BUM frames. In the case of BGP-EVPN, the EVPN IMET route contains the information to set up the mLDP P2MP LSP and may also contain the information that enables the remote leaf-only nodes to setup an EVPN destination to the sending PE.

Note:

The provider-tunnel for a specified service must be configured with an owner protocol (BGP-AD, BGP-VPLS or BGP-EVPN); only one owner must be configured. Use the owner {bgp-ad|bgp-vpls|bgp-evpn-mpls} command to configure an owner.

With an mLDP I-PMSI, each leaf node will initiate the signaling of the mLDP P2MP LSP upstream using the P2MP FEC information in the I-PMSI tunnel information discovered through the BGP.

If IGMP or PIM snooping are configured on the VPLS/B-VPLS instance, multicast packets matching an L2 multicast Forwarding Information Base (FIB) record will also be forwarded over the P2MP LSP.

Use the mldp command to enable the use of an LDP P2MP LSP as the I-PMSI for forwarding Ethernet BUM and IP multicast packets in a VPLS instance:

config>service>vpls [b-vpls]>provider-tunnel>inclusive>mldp

When a no shutdown is performed under the context of the inclusive node and the expiration of a delay timer, BUM packets will be forwarded over an automatically signaled mLDP P2MP LSP.

Use the root-and-leaf command to configure the node to operate as both root and leaf in the VPLS instance:

config>service>vpls [b-vpls]>provider-tunnel>inclusive>root-and-leaf

The node behaves as a leaf-only node by default. For the I-PMSI of type mLDP, the leaf-only node will join I-PMSI rooted at other nodes it discovered but will not include a PMSI Tunnel Attribute in BGP route update messages. This way a leaf-only node will forward packets to other nodes in the VPLS/B-VPLS using the point-to-point spoke-SDPs in the case of BGP-AD or BGP-VPLS, or using EVPN destinations in the case of BGP-EVPN.

Note:

Either BGP-AD/VPLS or BGP-EVPN must be enabled in the VPLS/B-VPLS instance otherwise the execution of the no shutdown command under the context of the inclusive node will fail and the I-PMSI will not come up.

If the P2MP LSP instance goes down, the VPLS/B-VPLS immediately reverts the forwarding of BUM packets to the P2P PWs or EVPN destinations (in the case of BGP-EVPN). Performing a shutdown under the context of the inclusive node will allow the user to restore BUM packet forwarding over the P2P PWs or EVPN destinations.

This feature is supported with VPLS and B-VPLS; it is not supported with I-VPLS. Although Routed VPLS is supported, routed traffic cannot be sent over the I-PMSI tree.

Platforms

All

inclusive

Syntax

inclusive

Context

[Tree] (config>service>vprn>mvpn>provider-tunnel inclusive)

Full Context

configure service vprn mvpn provider-tunnel inclusive

Description

Commands in this context specify inclusive provider tunnels.

Platforms

All

inclusive

Syntax

inclusive

Context

[Tree] (config>router>gtm>provider-tunnel inclusive)

Full Context

configure router gtm provider-tunnel inclusive

Description

Commands in this context configure inclusive provider tunnels parameters.

Platforms

All

incoming-sid

incoming-sid

Syntax

incoming-sid static label

no incoming-sid

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment incoming-sid)

Full Context

configure router p2mp-sr-tree replication-segment incoming-sid

Description

This command configures the incoming replication SID for this P2MP SR tree replication segment entry.

The no form of this command removes the incoming replication SID.

Parameters

static label

Specifies the incoming replication SID label.

Values

0 to 4294967295

Platforms

All

incremental-spf-wait

incremental-spf-wait

Syntax

incremental-spf-wait incremental-spf-wait

no incremental-spf-wait

Context

[Tree] (config>router>ospf>timers incremental-spf-wait)

[Tree] (config>router>ospf3>timers incremental-spf-wait)

Full Context

configure router ospf timers incremental-spf-wait

configure router ospf3 timers incremental-spf-wait

Description

This command sets the delay before an incremental SPF calculation is performed when LSA types 3, 4, 5, or 7 are received. This allows multiple updates to be processed in the same SPF calculation. Type 1 or type 2 LSAs are considered a topology change and will always trigger a full SPF calculation.

The no form of this command resets the timer value back to the default value.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default

incremental-spf-wait 1000

Parameters

incremental-spf-wait

Specifies the OSPF incremental SPF calculation delay, in milliseconds.

Values

0 to 1000

Platforms

All

index

index

Syntax

index index [create]

no index index

Context

[Tree] (config>service>dynsvc>ladb>user index)

Full Context

configure service dynamic-services local-auth-db user-name index

Description

This command creates an index entry containing authentication data for a dynamic service SAP. Up to 32 indexes can be created per user name entry, representing up to 32 dynamic service SAPs that can be instantiated with a single dynamic service data trigger. One of the dynamic service SAPs must be the data trigger SAP.

The no form of this command removes the index entry from the user name entry in the local authentication database configuration.

Parameters

index

Specifies the index entry identifier.

Values

1 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

indirect

indirect

Syntax

[no] indirect ip-address

Context

[Tree] (config>service>vprn>static-route-entry indirect)

Full Context

configure service vprn static-route-entry indirect

Description

This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address configured here can be either on the network side or the access side and is typically at least one hop away from this node.

Default

no indirect

Parameters

ip-address

The IP address of the IP interface.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

Platforms

All

indirect

Syntax

[no] indirect ip-address

Context

[Tree] (config>router>static-route-entry indirect)

Full Context

configure router static-route-entry indirect

Description

This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address configured here can be either on the network side or the access side and is typically at least one hop away from this node.

Default

no indirect

Parameters

ip-address

Specifies the IP address of the IP interface.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

Platforms

All

ine-identifier

ine-identifier

Syntax

ine-identifier identifier

no ine-identifier

Context

[Tree] (config>li>x-interfaces ine-identifier)

Full Context

configure li x-interfaces ine-identifier

Description

This command configures the Intercepting Network Element (INE).

The no form of this command reverts to the default.

Parameters

identifier

Specifies the INE name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

info

info

Syntax

info [detail] [objective]

info [detail] [objective] operational

Context

[Tree] (info)

Full Context

info

Description

This command displays the running configuration for the configuration context where it is entered and all branches below that context level. It can be used in any branch under configure, but not with configure itself.

By default, the command only enters the configuration parameters that vary from the default values.

The detail keyword causes all configuration parameters to be displayed. The include-dynamic objective keyword includes configuration parameters from dynamic sources such as dynamic data services Python scripts. These dynamic configuration parameters are not saved in the configuration file.

The operational keyword is available in edit-cfg mode only, in which case the keyword is mandatory when using the info command.

Example:

A:ALA-48>config>router>if-attr# info
------------------------------------
            admin-group "green" value 15
            admin-group "red" value 25
            admin-group "yellow" value 20
A:ALA-48>config>router>mpls# info
------------------------------------
            interface "system"
            exit
            interface "to-104"
                admin-group "green"
                admin-group "red"
                admin-group "yellow"
                label-map 35
                    swap 36 nexthop 10.10.10.91
                    no shutdown
                exit
            exit
            path "secondary-path"
                hop 1 10.10.0.111  strict
                hop 2 10.10.0.222  strict
                hop 3 10.10.0.123  strict
                no shutdown
            exit
            path "to-NYC"
                hop 1 10.10.10.104  strict
                hop 2 10.10.0.210  strict
                no shutdown
            exit
            path "to-104"
                no shutdown
            exit
            lsp "to-104"
                to 10.10.10.104
                from 10.10.10.103
                rsvp-resv-style ff
                cspf
...
----------------------------------------------
A:ALA-48>config>router>mpls#
A:ALA-48>config>router>mpls# info detail
----------------------------------------------
            frr-object
            no resignal-timer
            interface "system"
                no admin-group
                no shutdown
            exit
            interface "to-104"
                admin-group "green"
                admin-group "red"
                admin-group "yellow"
                label-map 35
                    swap 36 nexthop 10.10.10.91
                    no shutdown
                exit
                no shutdown
            exit
            path "secondary-path"
                hop 1 10.10.0.111  strict
                hop 2 10.10.0.222  strict
                hop 3 10.10.0.123  strict
                no shutdown
            exit
            path "to-NYC"
                hop 1 10.10.10.104  strict
                hop 2 10.10.0.210  strict
                no shutdown
            exit
            path "to-104"
                no shutdown
            exit
            lsp "to-104"
                to 10.10.10.104
                from 10.10.10.103
                rsvp-resv-style ff
                adaptive
                cspf
                include "red"
                exclude "green"
                adspec
                fast-reroute one-to-one
                    no bandwidth
                    no hop-limit
                    node-protect
                exit
                hop-limit 10
                retry-limit 0
                retry-timer 30
                secondary "secondary-path"
                    no standby
                    no hop-limit
                    adaptive
                    no include
                    no exclude
                    record
                    record-label
                    bandwidth 50000
                    no shutdown
                exit
                primary "to-NYC"
                    hop-limit 50
                    adaptive
                    no include
                    no exclude
                    record
                    record-label
                    no bandwidth
                    no shutdown
                exit
                no shutdown
            exit
...
----------------------------------------------
A:ALA-48>config>router>mpls#

Parameters

detail

Displays all configuration parameters including parameters at their default values.

objective

Provides an output objective that controls the configuration parameters to be displayed.

Values

include-dynamic: includes configuration parameters from dynamic sources such as dynamic data services Python scripts.

Platforms

All

info-notification

info-notification

Syntax

info-notification

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>local-sf-action info-notification)

Full Context

configure port ethernet efm-oam link-monitoring local-sf-action info-notification

Description

The context allows the operator to set different flags in the Information OAM PDU. The flags can be used to notify the peer that a local signal failure threshold has been exceeded within the configured window. This is useful when the local node supports the link monitoring function, but the remote peer does not support this capability. Information OAM PDUs are sent on the interval where the Event Notification OAM PDU is typically only sent on the initial sf-threshold crossing event. It is strongly suggested one of the Information OAM PDU Flag fields used to continually communicate current monitor state to the peer.

Interactions: The signal failure threshold will trigger these actions.

Platforms

All

ing-percentage-of-rate

ing-percentage-of-rate

Syntax

ing-percentage-of-rate ing-rate-percentage

no ing-percentage-of-rate

Context

[Tree] (config>port>modify-buffer-allocation-rate ing-percentage-of-rate)

Full Context

configure port modify-buffer-allocation-rate ing-percentage-of-rate

Description

This command increases or decreases the active bandwidth associated with the ingress port that affects the amount of ingress buffer space managed by the port. Changing a port’s active bandwidth using the ing-percentage-of-rate command is an effective means of artificially lowering the buffers managed by one ingress port and giving them to other ingress ports on the same MDA.

The ing-percentage-of-rate command accepts a percentage value that increases or decreases the active bandwidth based on the defined percentage. A value of 50% causes the active bandwidth to be reduced by 50%. A value of 150% causes the active bandwidth to be increased by 50%. Values from 1 to 1000 percent are supported.

A value of 100 (the default value) is equivalent to executing the no ing-percentage-of-rate command and restores the ingress active rate to the normal value.

The no form of this command removes any artificial increase or decrease of the ingress active bandwidth used for ingress buffer space allocation to the port. The no ing-percentage-of-rate command sets the ingress rate percentage to 100%.

Parameters

ing-rate-percentage

The ing-rate-percentage parameter is required and specifies the percentage value used to modify the current ingress active bandwidth of the port. This does not actually change the bandwidth available on the port in any way. The defined ing-rate-percentage parameter is multiplied by the ingress active bandwidth of the port. A value of 150 results in an increase of 50% (1.5 x Rate).

Values

1 to 1000

Default

100 (no change to active rate)

Platforms

All

ing-weight

ing-weight

Syntax

ing-weight access access-weight network network-weight

no ing-weight

Context

[Tree] (config>port>hybrid-buffer-allocation ing-weight)

Full Context

configure port hybrid-buffer-allocation ing-weight

Description

This command configures the sharing of the ingress buffers allocated to a hybrid port among the access and network contexts. By default, it is split equally between network and access.

The no form of this command reverts to the default values for the ingress access and network weights.

Parameters

access-weight

Specifies the access weight as an integer.

Values

0 to 100

Default

50

network-weight

Specifies the network weight as an integer.

Values

0 to 100

Default

50

Platforms

All

ingress

ingress

Syntax

ingress

Context

[Tree] (config>card>fp ingress)

Full Context

configure card fp ingress

Description

This command enables access to the ingress fp CLI context.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>subscr-mgmt>ancp>ancp-policy ingress)

Full Context

configure subscriber-mgmt ancp ancp-policy ingress

Description

Commands in this context configure ingress ANCP policy parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only ingress)

[Tree] (config>subscr-mgmt>msap-policy>ies-vprn ingress)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters ingress

configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters ingress

Description

Commands in this context configure ingress policies for Managed SAPs (MSAPs).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>subscr-mgmt>sla-profile ingress)

Full Context

configure subscriber-mgmt sla-profile ingress

Description

Commands in this context configure ingress parameters for the SLA profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>sub-if>grp-if ingress)

Full Context

configure service vprn subscriber-interface group-interface ingress

Description

Commands in this context configure ingress network filter parameters for the interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>ies>sub-if>grp-if>sap ingress)

[Tree] (config>service>vprn>sub-if>grp-if>sap ingress)

Full Context

configure service ies subscriber-interface group-interface sap ingress

configure service vprn subscriber-interface group-interface sap ingress

Description

Commands in this context configure ingress SAP Quality of Service (QoS) policies and filter policies.

If no SAP ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>vpls>spoke-sdp ingress)

[Tree] (config>service>ies>if>spoke-sdp ingress)

[Tree] (config>service>vpls>mesh-sdp ingress)

[Tree] (config>service>ies>if>sap ingress)

[Tree] (config>service>ies>red-if>spoke-sdp>egress ingress)

[Tree] (config>service>vpls>sap ingress)

Full Context

configure service vpls spoke-sdp ingress

configure service ies interface spoke-sdp ingress

configure service vpls mesh-sdp ingress

configure service ies interface sap ingress

configure service ies red-if spoke-sdp egress ingress

configure service vpls sap ingress

Description

Commands in this context configure ingress Quality of Service (QoS) policies and filter policies.

If no QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>card>mda>access ingress)

[Tree] (config>port>access ingress)

Full Context

configure card mda access ingress

configure port access ingress

Description

Commands in this context configure ingress buffer pool parameters which define the percentage of the pool buffers that are used for CBS calculations and specify the slope policy that is configured in the config>qos>slope-policy context.

On the MDA level, access ingress pools are only allocated on channelized MDAs.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>port>ethernet>access ingress)

Full Context

configure port ethernet access ingress

Description

This command configures Ethernet access ingress port parameters.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>cpipe>sap ingress)

[Tree] (config>service>epipe>sap ingress)

[Tree] (config>service>ipipe>sap ingress)

Full Context

configure service cpipe sap ingress

configure service epipe sap ingress

configure service ipipe sap ingress

Description

Commands in this context configure ingress SAP Quality of Service (QoS) policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress

All

  • configure service epipe sap ingress
  • configure service ipipe sap ingress

ingress

Syntax

ingress

Context

[Tree] (config>service>cpipe>spoke-sdp ingress)

[Tree] (config>service>epipe>spoke-sdp ingress)

[Tree] (config>service>ipipe>spoke-sdp ingress)

Full Context

configure service cpipe spoke-sdp ingress

configure service epipe spoke-sdp ingress

configure service ipipe spoke-sdp ingress

Description

This command configures the ingress SDP context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp ingress

All

  • configure service epipe spoke-sdp ingress
  • configure service ipipe spoke-sdp ingress

ingress

Syntax

ingress

Context

[Tree] (config>service>template>epipe-sap-template ingress)

Full Context

configure service template epipe-sap-template ingress

Description

Commands in this context configure ingress SAP Quality of Service (QoS) policies and filter policies.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>vpls>vxlan>network ingress)

Full Context

configure service vpls vxlan network ingress

Description

Commands in this context configure network ingress parameters for the VPLS VXLAN service.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>ies>aarp-interface>spoke-sdp ingress)

Full Context

configure service ies aarp-interface spoke-sdp ingress

Description

Commands in this context configure the ingress for a spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>ies>if>vpls ingress)

Full Context

configure service ies interface vpls ingress

Description

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>ies>if ingress)

Full Context

configure service ies interface ingress

Description

This command enters context to configure ingress parameters for network interfaces.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>network ingress)

Full Context

configure service vprn network ingress

Description

Commands in this context configure network ingress parameters for the VPRN service.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>aarp-interface>spoke-sdp ingress)

Full Context

configure service vprn aarp-interface spoke-sdp ingress

Description

Commands in this context configure the ingress for a spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>if ingress)

Full Context

configure service vprn interface ingress

Description

This command enters context to configure ingress parameters for network interfaces.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>if>sap ingress)

Full Context

configure service vprn interface sap ingress

Description

Commands in this context configure ingress SAP Quality of Service (QoS) policies and filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>if>vpls ingress)

Full Context

configure service vprn interface vpls ingress

Description

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>ies>aa-interface>sap ingress)

[Tree] (config>service>vprn>aa-interface>sap ingress)

Full Context

configure service ies aa-interface sap ingress

configure service vprn aa-interface sap ingress

Description

Commands in this context configure ingress parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ingress

Syntax

ingress

Context

[Tree] (config>card>mda>network ingress)

Full Context

configure card mda network ingress

Description

Commands in this context configure MDA-level IOM Quality of Service (QoS).

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>ies>video-interface>video-sap ingress)

[Tree] (config>service>vprn>video-interface>video-sap ingress)

Full Context

configure service ies video-interface video-sap ingress

configure service vprn video-interface video-sap ingress

Description

Commands in this context configure in parameters for the service’s video SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

ingress

Syntax

ingress

Context

[Tree] (config>service>vprn>ipmirrorif>spoke-sdp ingress)

[Tree] (config>service>vprn>red-if>spoke-sdp ingress)

[Tree] (config>mirror>mirror-dest>spoke-sdp ingress)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp ingress)

Full Context

configure service vprn ip-mirror-interface spoke-sdp ingress

configure service vprn redundant-interface spoke-sdp ingress

configure mirror mirror-dest spoke-sdp ingress

configure mirror mirror-dest remote-source spoke-sdp ingress

Description

Commands in this context configure spoke SDP ingress parameters.

Platforms

All

  • configure mirror mirror-dest remote-source spoke-sdp ingress
  • configure service vprn ip-mirror-interface spoke-sdp ingress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn redundant-interface spoke-sdp ingress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure mirror mirror-dest spoke-sdp ingress

ingress

Syntax

ingress

Context

[Tree] (config>qos>network ingress)

Full Context

configure qos network ingress

Description

This command is used to enter the CLI node that creates or edits policy entries that specify the DiffServ code points-to-forwarding class mapping for all IP packets and define the MPLS EXP bits-to-forwarding class mapping for all labeled packets.

When premarked IP or MPLS packets ingress on a network port, they get a Per Hop Behavior (that is, the QoS treatment through the router, based on the mapping defined under the current node).

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>qos>queue-group-templates ingress)

Full Context

configure qos queue-group-templates ingress

Description

Commands in this context create ingress queue group templates. Ingress queue group templates can be applied to ingress ports to create an ingress queue group of the same name.

An ingress template must be created for a group-name prior to creating a queue group with the same name on an ingress port.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>router>if ingress)

Full Context

configure router interface ingress

Description

This command enables access to the context to configure ingress network filter policies for the IP interface. If an ingress filter is not defined, no filtering is performed.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>cust>multi-service-site ingress)

Full Context

configure service customer multi-service-site ingress

Description

Commands in this context configure the ingress node associate an existing scheduler policy name with the customer site. The ingress node is an entity to associate commands that complement the association.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>pw-template ingress)

Full Context

configure service pw-template ingress

Description

Commands in this context configure spoke SDP binding ingress filter parameters.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>service>sdp>binding>pw-port ingress)

Full Context

configure service sdp binding pw-port ingress

Description

This command configures ingress parameters for the PW port.

Platforms

All

ingress

Syntax

ingress

Context

[Tree] (config>subscr-mgmt>sub-prof ingress)

Full Context

configure subscriber-mgmt sub-profile ingress

Description

Commands in this context configure subscriber profile ingress setting parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress-buffer-allocation

ingress-buffer-allocation

Syntax

ingress-buffer-allocation percentage

no ingress-buffer-allocation

Context

[Tree] (config>card>fp ingress-buffer-allocation)

Full Context

configure card fp ingress-buffer-allocation

Description

This command allows the user to configure an ingress buffer allocation percentage per forwarding plane from 20.00% to 80.00%. Ingress buffer allocation applies to user-accessible buffers (total buffers less those reserved for system use).

The ingress buffer allocation percentage determines how much of the user-accessible buffers will be available for ingress purposes. The remaining buffers will be available for egress purposes.

This command is supported on all 50G FP2-based and 100G/200G FP3-based hardware. It is not supported on other FP2 or FP3-based hardware, nor on FP4-based hardware.

The no form of this command reverts the ingress buffer allocation to the default value.

Default

ingress-buffer-allocation 50.00

Parameters

percentage

Specifies the buffer allocation percentage.

Values

20.00 to 80.00

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, 7950 XRS

ingress-counter-map

ingress-counter-map

Syntax

ingress-counter-map policer policer-id traffic-type { unicast | multicast | broadcast} [create]

ingress-counter-map queue queue-id traffic-type { unicast | multicast | broadcast} [create]

no ingress-counter-map policer policer-id

no ingress-counter-map queue queue-id

Context

[Tree] (config>sflow ingress-counter-map)

Full Context

configure sflow ingress-counter-map

Description

This command configures the ingress counter map for sFlow. The map must be configured so sFlow agent understands how to interpret data collected against SAP queues and policers. Multiple queues/policers can be mapped to the same traffic-type using separate line entries.

The no form of this command deletes a SAP policy queue/policer from the map.

Parameters

policer-id

Specifies the policer ID in a SAP ingress QoS policy. If the SAP policy does not have a policer with the specified ID, the map entry will be ignored for this SAP.

Values

1 to 32

queue-id

Specifies the queue ID in a SAP ingress QoS policy. If the SAP policy does not have a queue with the specified ID, the map entry will be ignored for this SAP.

Values

1 to 32

Platforms

7750 SR, 7750 SR-s, 7950 XRS

ingress-ip-filter-entries

ingress-ip-filter-entries

Syntax

[no] ingress-ip-filter-entries

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl ingress-ip-filter-entries)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries

Description

Commands in this context configure the ingress IP filter parameters.

The no form of this command reverts to the default.

Default

ingress-ip-filter-entries

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress-ipv6-filter-entries

ingress-ipv6-filter-entries

Syntax

[no] ingress-ipv6-filter-entries

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl ingress-ipv6-filter-entries)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries

Description

Commands in this context configure the ingress IPv6 filter parameters.

The no form of this command reverts to the default.

Default

ingress-ipv6-filter-entries

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ingress-label

ingress-label

Syntax

ingress-label label [label]

no ingress-label [label]

Context

[Tree] (debug>mirror-source ingress-label)

Full Context

debug mirror-source ingress-label

Description

This command enables ingress mirroring based on MPLS labels with the following limitations.

  • The ingress label provisioned must be a MPLS transport label and can be at any label stack as long as it is known by the system. Transport label distributed by LDP, RSVP, and segment routing are supported. For BGP-specific label distribution mirroring, the following are supported.

    • BGP label-unicast (RFC 8277, Using BGP to Bind MPLS Labels to Address Prefixes)

    • VPN service labels distributed by BGP for Carrier Supporting Carrier (CSC) VPNs (RFC 4364, BGP/MPLS IP Virtual Private Networks (VPNs))

    • VPN service labels distributed by BGP in an ASBR (inter-as-option-B)

    • VPN service labels distributed by BGP in a route reflector with next-hop-self (RR + NHS)

  • VPN service label mirroring is not supported in a provider edge (PE) router.

  • The ingress label can only be mirrored to a single mirror destination. If the same label is defined with multiple mirror destinations, an error is generated and the original mirror destination remains unchanged.

The ingress label mirror source overrides all other mirror source definitions. The MPLS frame is mirrored to the mirror destination as it is received on the ingress network port. The router MPLS label space is global for the system. A specific label is mirrored to a mirror destination regardless of the ingress interface. In addition to mirroring known labels, debug also allows pre-provisioning label values which are yet to be known by the system. Be aware that debug mirroring requires provisioning of static label values while labels distributed by label distribution protocols are dynamic in nature. Therefore, when label values change due to network changes, labels provisioned in debug mirroring must be changed or deleted manually.

By default, no ingress MPLS frames are mirrored. The ingress-label command must be executed to start mirroring on a specific MPLS label.

Parameters

label

Specifies up to eight transport labels received on ingress to be mirrored. Each label can only be mirrored to a single mirror destination.

If the label does not exist on any ingress network ports, no packets are mirrored for that label. An error will not occur. Once the label exists on a network port, ingress mirroring begins for that label.

Values

0 to 1048575

The local MPLS stack may not support portions of this range.

Platforms

All

ingress-percent-of-total

ingress-percent-of-total

Syntax

ingress-percent-of-total percent-of-total-queues

no ingress-percent-of-total

Context

[Tree] (config>qos>fp-resource-policy>queues ingress-percent-of-total)

Full Context

configure qos fp-resource-policy queues ingress-percent-of-total

Description

This command configures the percentage of the total number of queues on the FP on which the policy is applied that are allocated to ingress, with the remainder allocated to egress. The ingress and egress buffer pool sizes are not affected by the queue allocation.

The allocation is performed in sets of 8192 queues, with a minimum of 8192 queues at ingress and 8192 queues at egress. If the percentage configured results in the queue allocation not being a multiple of 8192, the number of queues at ingress is rounded down to the next 8192 boundary, and consequently the number of queues at egress is rounded up to the next 8192 boundary, both while respecting the minimum at ingress and egress.

If the FP resources policy being applied to any FP and the updated allocation is not achievable with the current ingress or egress queue consumption on any of the related FPs, then the command fails.

The configuration of ingress-percent-of-total command, including removing this parameter to return to its default configuration, causes the router to immediately reset the associated cards, XIOMs, and MDAs, except on the 7750 SR-1 where the configuration must be saved, and the router rebooted, immediately after committing the configuration transaction.

The no form of this command reverts the percentage of ingress queues, and consequently egress queues, to their default allocation.

Default

ingress-percent-of-total 50.00

Parameters

percent-of-total-queues

Specifies the percentage of total ingress queues as two fraction digits.

Values

4.00 to 97.00

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

ingress-policer

ingress-policer

Syntax

ingress-policer policer-name

no ingress-policer

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm ingress-policer)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm ingress-policer)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt ingress-policer

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt ingress-policer

Description

This command specifies the ingress policer applied to all UEs corresponding to default vlan-range (such as group-interface) or the specified vlan-range. The policer can be created in the config>subscr-mgmt>isa-policer context. The ingress policer can be overridden per UE from RADIUS via access-accept or COA.

The no form of this command reverts to the default.

Parameters

policer-name

Specifies the identifier of the distributed-sub-mgmt policer for ingress traffic.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ingress-rate

ingress-rate

Syntax

ingress-rate sub-rate

no ingress-rate

Context

[Tree] (config>port>ethernet ingress-rate)

Full Context

configure port ethernet ingress-rate

Description

This command configures the maximum amount of ingress bandwidth that this port can receive with the configured sub-rate using packet-based accounting.

The no form of this command returns the value to the default.

Default

no ingress-rate

Parameters

sub-rate

Specifies the ingress rate, in Mb/s.

Values

1 to 400000

Platforms

All

ingress-repl-inc-mcast-advertisement

ingress-repl-inc-mcast-advertisement

Syntax

[no] ingress-repl-inc-mcast-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn ingress-repl-inc-mcast-advertisement)

Full Context

configure service vpls bgp-evpn ingress-repl-inc-mcast-advertisement

Description

This command enables and disables the advertisement of the Inclusive Multicast Ethernet Tag route (IMET route) with tunnel-type Ingress-Replication in the PMSI Tunnel Attribute, or with the tunnel-type Composite Point-to-Multipoint and Ingress-Replication (P2MP+IR) in the root-and-leaf nodes. The following must be considered:

  • When no ingress-repl-inc-mcast-advertisement is configured, no IMET routes will be sent for the service unless the provider-tunnel is configured with owner bgp-evpn-mpls and root-and-leaf, in which case, an IMET-P2MP route is sent.

  • When ingress-repl-inc-mcast-advertisement and provider-tunnel are configured for bgp-evpn-mpls with root-and-leaf, the system will send an IMET-P2MP-IR route, that is, an IMET route with a composite P2MP+IR tunnel type.

  • When no ingress-repl-inc-mcast-advertisement and assisted-replication replicator are configured, the system will send IMET-AR routes, but IMET-IR routes will not be sent.

Default

ingress-repl-inc-mcast-advertisement

Platforms

All

ingress-replication-bum-label

ingress-replication-bum-label

Syntax

[no] no-ingress-replication-bum-label

Context

[Tree] (config>service>vpls>bgp-evpn>mpls ingress-replication-bum-label)

Full Context

configure service vpls bgp-evpn mpls ingress-replication-bum-label

Description

This command allows the user to configure the system so that a separate label is sent for BUM (Broadcast, Unknown unicast and Multicast) traffic in a specified service. By default ( no ingress-replication-bum-label), the same label is used for unicast and flooded BUM packets when for-warding traffic to remote PEs.

When saving labels, this might cause transient traffic duplication for all-active multi-homing. By enabling ingress-replication-bum-label, the system will advertise two labels per EVPN VPLS instance, one for unicast and one for BUM traffic. The ingress PE will use the BUM label for flooded traffic to the advertising egress PE, so that the egress PE can determine if the unicast traffic has been flooded by the ingress PE. Depending on the scale required in the network, the user may choose between saving label space or avoiding transient packet duplication sent to an all-active multi-homed CE for certain macs.

Default

no ingress-replication-bum-label

Platforms

All

ingress-statistics

ingress-statistics

Syntax

ingress-statistics

Context

[Tree] (config>router>mpls ingress-statistics)

Full Context

configure router mpls ingress-statistics

Description

Commands in this context enable ingress-statistics on an MPLS-TP LSP.

Platforms

All

ingress-statistics

Syntax

ingress-statistics

Context

[Tree] (config>router>mpls>lsp ingress-statistics)

Full Context

configure router mpls lsp ingress-statistics

Description

Commands in this context enter the LSP names for the purpose of enabling ingress data path statistics at the terminating node of the LSP, for example, egress LER.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ingress-statistics

Syntax

[no] ingress-statistics

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy ingress-statistics)

Full Context

configure router mpls forwarding-policies forwarding-policy ingress-statistics

Description

This command configures ingress statistics in an MPLS forwarding policy.

The ingress statistics are associated with a binding label, that is the ILM of the forwarding policy, and provides aggregate packet and byte counters for packets matching the binding label.

The no form of this command removes the statistics from the MPLS forwarding policy.

Platforms

All

ingress-statistics

Syntax

ingress-statistics

Context

[Tree] (config>router>isis>segm-rtng ingress-statistics)

[Tree] (config>router>ospf3>segm-rtng ingress-statistics)

[Tree] (config>router>ospf>segm-rtng ingress-statistics)

Full Context

configure router isis segment-routing ingress-statistics

configure router ospf3 segment-routing ingress-statistics

configure router ospf segment-routing ingress-statistics

Description

Commands in this context configure the ingress statistics for IGP SIDs.

Platforms

All

ingress-statistics

Syntax

[no] ingress-statistics

Context

[Tree] (config>router>segment-routing>sr-policies ingress-statistics)

Full Context

configure router segment-routing sr-policies ingress-statistics

Description

This command administratively enables the collection of ingress traffic statistics for all segment routing policies. The statistics provide counts for the number of incoming packets and bytes corresponding to each (color, endpoint) combination.

If there are any SR-MPLS interfaces on an FP2 or older line-cards, an attempt to enable this command will fail.

The no form of this command disables ingress stats collection for all segment routing policies.

Default

no ingress-statistics

Platforms

All

ingress-statistics

Syntax

[no] ingress-statistics

Context

[Tree] (config>router>policy-options>policy-statement>default-action ingress-statistics)

[Tree] (config>router>policy-options>policy-statement>entry>action ingress-statistics)

Full Context

configure router policy-options policy-statement default-action ingress-statistics

configure router policy-options policy-statement entry action ingress-statistics

Description

This command enables the allocation of statistical indexes to BGP-LU route entries that are programmed on ingress data paths. For effective operation, a prefix must be advertised with a label per prefix for ILM statistics.

The no form of this command disables the allocation of statistical indexes to BGP-LU route entries.

Default

no ingress-statistics

Platforms

All

ingress-xpl

ingress-xpl

Syntax

ingress-xpl

Context

[Tree] (config>card>mda ingress-xpl)

Full Context

configure card mda ingress-xpl

Description

Commands in this context configure ingress MDA XPL interface error parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

init

init

Syntax

init [detail]

no init

Context

[Tree] (debug>router>ldp>peer>packet init)

Full Context

debug router ldp peer packet init

Description

This command enables debugging for LDP Init packets.

The no form of the command disables the debugging output.

Parameters

detail

Displays detailed information.

Platforms

All

init-cwnd-size

init-cwnd-size

Syntax

init-cwnd-size init-cwnd-size

Context

[Tree] (config>app-assure>group>tcp-optimizer init-cwnd-size)

Full Context

configure application-assurance group tcp-optimizer init-cwnd-size

Description

This command configures the initial TCP congestion window (cwnd) used during the TCP Slow Start (SS) period.

Default

10

Parameters

init-cwnd-size

Specifies the initial TCP congestion window size value in maximum segment size (mss).

Values

1 to 256

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

init-delay

init-delay

Syntax

init-delay seconds

no init-delay

Context

[Tree] (config>service>ies>if>ipv6>vrrp init-delay)

Full Context

configure service ies interface ipv6 vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

All

init-delay

Syntax

init-delay seconds

no init-delay

Context

[Tree] (config>service>ies>if>vrrp init-delay)

Full Context

configure service ies interface vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

All

init-delay

Syntax

init-delay seconds

no init-delay

Context

[Tree] (config>service>vprn>if>vrrp init-delay)

[Tree] (config>service>vprn>if>ipv6>vrrp init-delay)

Full Context

configure service vprn interface vrrp init-delay

configure service vprn interface ipv6 vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

All

init-delay

Syntax

init-delay seconds

no init-delay

Context

[Tree] (config>router>if>ipv6>vrrp init-delay)

[Tree] (config>router>if>vrrp init-delay)

Full Context

configure router interface ipv6 vrrp init-delay

configure router interface vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

All

init-extract-prio-mode

init-extract-prio-mode

Syntax

init-extract-prio-mode {uniform | l3-classify}

Context

[Tree] (config>card>fp init-extract-prio-mode)

Full Context

configure card fp init-extract-prio-mode

Description

This command determines the scheme used to select the initial drop priority of extracted control plane traffic. The initial drop priority of extracted packets can be either low or high priority. The drop priority of the extracted packets can be subsequently altered by mechanisms such as CPU protection. High-priority traffic receives preferential treatment in control plane congestion situations over low-priority traffic.

Default

init-extract-prio-mode uniform

Parameters

uniform

Initializes the drop priority of all extracted control traffic as high priority. Drop priority can then be altered (marked low priority) by distributed CPU protection (DCP) or centralized CPU protection rate-limiting functions in order to achieve protocol and interface isolation.

l3-classify

Initializes the drop priority of Layer 3 extracted control traffic (BGP and OSPF) based on the QoS classification of the packets. This is useful in networks where the DSCP and EXP markings can be trusted as the primary method to distinguish, protect, and isolate good terminating protocol traffic from unknown or potentially harmful protocol traffic instead of using the rate-based DCP and centralized CPU protection traffic marking/coloring mechanisms (for example, out-profile-rate and exceed-action low-priority).

For network interfaces, the QoS classification profile result selects the drop priority (in = high priority, out = low priority) for extracted control traffic, and the default QoS classification maps different DSCP and EXP values to different in/out profile states.

For access interfaces, the QoS classification priority result typically selects the drop priority for extracted control traffic. The default access QoS classification ( default-priority) maps all traffic to low. If the queues in the access QoS policy are configured as profile-mode queues (rather than the default priority-mode) extracted traffic will use the QoS classification profile value configured against the associated FC (rather than the priority result) to select the drop priority.

Layer 2 extracted control traffic (ARP or ETH-CFM) and protocols that cannot always be QoS-classified, such as IS-IS, are initialized as low drop priority in order to protect Layer 2 protocol traffic on uniform interfaces (which would typically be subject to centralized CPU protection). Alternately, DCP can be used (by configuring a non-zero rate with exceed-action of low-priority for the all-unspecified protocol) to mark some of this traffic as high priority.

Platforms

All

init-ss-threshold

init-ss-threshold

Syntax

init-ss-threshold init-ss-threshold

Context

[Tree] (config>app-assure>group>tcp-optimizer init-ss-threshold)

Full Context

configure application-assurance group tcp-optimizer init-ss-threshold

Description

This command configures the initial Slow Start (SS) threshold for a given TCP optimizer policy. Nokia recommends to set the threshold close to the access network Bandwidth Delay Product (BDP).

Default

1000000

Parameters

init-ss-threshold

Specifies the initial SS threshold value in kilobytes.

Values

auto, 0 to 1000000

The auto value instructs the system to use an intelligent mechanism to set the optimum value for the initial SS threshold to dynamically track the BDP of the access network.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

initial-app-profile

initial-app-profile

Syntax

initial-app-profile app-profile-name

no initial-app-profile

Context

[Tree] (config service ies sub-if grp-if wpp initial-app-profile)

[Tree] (config subscr-mgmt loc-user-db ipoe host wpp initial-app-profile)

[Tree] (config service vprn sub-if grp-if wpp initial-app-profile)

Full Context

configure service ies subscriber-interface group-interface wpp initial-app-profile

configure subscriber-mgmt local-user-db ipoe host wpp initial-app-profile

configure service vprn subscriber-interface group-interface wpp initial-app-profile

Description

This command specifies the initial app-profile for the hosts created on the group-interface. This initial app-profile is replaced after hosts pass web portal authentication.

The no form of this command reverts to the default.

Default

no initial-app-profile

Parameters

app-profile-name

Specifies the initial application profile, up to 32 characters, to be used during the WPP authentication phase of the IPoE hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

initial-hold-time

initial-hold-time

Syntax

initial-hold-time seconds

initial-hold-time [min min] [ sec sec]

no initial-hold-time

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile initial-hold-time)

Full Context

configure subscriber-mgmt vrgw brg brg-profile initial-hold-time

Description

This hold time applies to BRG instances that are created without any hosts; for example, triggered due to proxy authentication. During this initial hold-time the BRG is not deleted and no connectivity-verification is started. When this timer expires, connectivity verification is started. If connectivity verification is disabled and no hosts are associated with the BRG upon expiry, the regular hold time is started and the BRG instance will be removed.

This command allows an operator to have fast BRG removal (no connectivity-verification and no hold-time) but still use BRG proxy authentication. Without an initial hold time the BRG would be removed immediately after creation.

This command does not apply to BRG instances that are created through host setup.

The no form of this command reverts to the default.

Default

initial-hold-time min 5

Parameters

seconds

Specifies the initial time, in seconds, to hold on to a BRG after the system considered it down.

Values

0 to 900

min

Specifies the initial time in minutes.

Values

1 to 15

sec

Specifies the initial time in seconds.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

initial-lease-time

initial-lease-time

Syntax

initial-lease-time [hrs hours] [min minutes] [sec seconds]

no initial-lease-time

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp initial-lease-time)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>dhcp initial-lease-time)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>dhcp initial-lease-time)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp initial-lease-time)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp initial-lease-time

configure service ies subscriber-interface group-interface wlan-gw dhcp initial-lease-time

configure service vprn subscriber-interface group-interface wlan-gw dhcp initial-lease-time

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp initial-lease-time

Description

This command configures the lease time for a user which is migrant (unauthenticated).

Default

initial-lease-time min 10

Parameters

hours

Specifies the number of initial lease time hours.

Values

1 to 1

minutes

Specifies the number of initial lease time minutes.

Values

5 to 59

seconds

Specifies the number of initial lease time.

Values

1 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

initial-preferred-lifetime

initial-preferred-lifetime

Syntax

initial-preferred-lifetime [hrs hours] [ min minutes] [sec seconds]

no initial-preferred-lifetime

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 initial-preferred-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac initial-preferred-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac initial-preferred-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 initial-preferred-lifetime)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 initial-preferred-lifetime

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac initial-preferred-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac initial-preferred-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 initial-preferred-lifetime

Description

This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC after full authentication (DSM and/or ESM).

The no form of this command reverts to the default.

Default

initial-preferred-lifetime min 5

Parameters

hours

Specifies the number of initial preferred lifetime hours.

Values

1 to 1

minutes

Specifies the number of initial preferred lifetime minutes.

Values

5 to 59

seconds

Specifies the number of initial preferred lifetime seconds.

Values

1 to 59

Combined values: min 5 – hrs 1

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

initial-registration

initial-registration

Syntax

initial-registration ca ca-profile-name key-to-certify key-filename protection-alg {password password reference ref-number | signature [ cert cert-file-name [send-chain [ with-ca ca-profile-name]]] [protection-key key-file-name] [hash-alg {md5 | sha1 | sha224 | sha256 | sha384 | sha512}]} subject-dn dn [ domain-name domain-names] [ip-addr ip-address | ipv6-address] save-as save-path-of-result-cert

Context

[Tree] (admin>certificate>cmpv2 initial-registration)

Full Context

admin certificate cmpv2 initial-registration

Description

This command request initial certificate from CA by using CMPv2 initial registration procedure.

The ca parameter specifies a CA-profile which includes CMP server information.

The key-to-certify is an imported key file to be certified by the CA.

The protection-key is an imported key file used to for message protection if protection-alg is signature.

The request is authenticated either of following methods:

  • A password and a reference number that pre-distributed by CA via out-of-band means.

  • The specified password and reference number are not necessarily in the cmp-keylist configured in the corresponding CA-Profile

  • A signature signed by the protection-key or key-to-certify, optionally along with the corresponding certificate. If the protection-key is not specified, system will use the key-to-certify for message protection. The hash algorithm used for signature is depends on key type:

  • DSA key: SHA1

  • RSA key: MD5/SHA1/SHA224 | SHA256 | SHA384 | SHA512, by default is SHA1

Optionally, the system could also send a certificate or a chain of certificates in extraCerts field. Certificate is specified by the "cert” parameter, it must include the public key of the key used for message protection.

Sending a chain is enabled by specify the send-chain parameter.

subject-dn specifies the subject of the requesting certificate.

save-as specifies full path name of saving the result certificate.

In some cases, CA may not return certificate immediately, due to reason like request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command could be used to poll the status of the request. If key-list is not configured in the corresponding ca-profile, then the system will use the existing password to authenticate the CMPv2 packets from server if it is in password protection.

If key-list is configured in the corresponding ca-profile and server does not send SenderKID, then the system will use lexicographical first key in the key-list to authenticate the CMPv2 packets from server in case it is in password protection.

Parameters

ca-profile-name

Specifies a ca-profile name which includes CMP server information up to 32 characters.

key-filename

Specifies the file name of the key to certify up to 95 characters.

password

Specifies an ASCII string up to 64 characters.

ref-number

Specifies the reference number for this CA initial authentication key up to 64 characters.

cert-file-name

specifies the certificate file up to 95 characters.

ca-profile-name

Specifies to send the chain.

key-file-name

Specifies the protection key associated with the action on the CA profile.

hash-algorithm

Specifies the hash algorithm for RSA key.

Values

md5,sha1,sha224,sha256,sha384,sha512

dn

Specifies the subject of the requesting certificate up to 256 characters.

Values

attr1 equals val1

attr2 equals val2 where: attrN equals {C | ST | O | OU | CN}

save-path-of-result-cert

Specifies the save full path name of saving the result certificate up to 200 characters.

domain-name domain-names

Specifies FQDNs for SubjectAltName of the requesting certificate, separated by commas, up to 512 characters.

ip-address | ipv6-address

Specifies an IPv4 or IPv6 address for SubjectAtName of the requesting certificate.

Platforms

All

initial-send-delay-zero

initial-send-delay-zero

Syntax

[no] initial-send-delay-zero

Context

[Tree] (config>service>vprn>bgp>group>neighbor initial-send-delay-zero)

[Tree] (config>service>vprn>bgp>group initial-send-delay-zero)

[Tree] (config>service>vprn>bgp initial-send-delay-zero)

Full Context

configure service vprn bgp group neighbor initial-send-delay-zero

configure service vprn bgp group initial-send-delay-zero

configure service vprn bgp initial-send-delay-zero

Description

This command configures BGP to send UPDATE messages announcing reachability information to a peer or set of peers immediately after the sessions come up (become established) with these peers.

The default behavior, provided by the no form of this command, is to wait for min-route-advertisement time after each session is established before sending the first set of UPDATE messages.

Platforms

All

initial-send-delay-zero

Syntax

[no] initial-send-delay-zero

Context

[Tree] (config>router>bgp>group initial-send-delay-zero)

[Tree] (config>router>bgp>group>neighbor initial-send-delay-zero)

[Tree] (config>router>bgp initial-send-delay-zero)

Full Context

configure router bgp group initial-send-delay-zero

configure router bgp group neighbor initial-send-delay-zero

configure router bgp initial-send-delay-zero

Description

This command configures BGP to send UPDATE messages announcing reachability information to a peer or set of peers immediately after the sessions become established with these peers.

The no form of this command waits for min-route-advertisement time after each session is established before sending the first set of UPDATE messages.

Platforms

All

initial-sla-profile

initial-sla-profile

Syntax

initial-sla-profile sla-profile-name

no initial-sla-profile

Context

[Tree] (config service vprn sub-if grp-if wpp initial-sla-profile)

[Tree] (config service ies sub-if grp-if wpp initial-sla-profile)

[Tree] (config subscr-mgmt loc-user-db ipoe host wpp initial-sla-profile)

Full Context

configure service vprn subscriber-interface group-interface wpp initial-sla-profile

configure service ies subscriber-interface group-interface wpp initial-sla-profile

configure subscriber-mgmt local-user-db ipoe host wpp initial-sla-profile

Description

This command specifies the initial sla-profile for the hosts created on the group-interface. This initial sla-profile is replaced after hosts pass web portal authentication.

The no form of this command reverts to the default.

Parameters

sla-profile-name

Specifies the initial SLA profile, up to 32 characters, to be used during the WPP authentication phase of the IPOE host.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

initial-sla-profile

Syntax

initial-sla-profile profile-name

no initial-sla-profile

Context

[Tree] (config router wpp initial-sla-profile)

Full Context

configure router wpp initial-sla-profile

Description

This command specifies the initial sla-profile for the hosts created on the group-interface. This initial sla-profile is replaced after hosts pass the web portal authentication.

Default

no initial-sla-profile

Parameters

profile-name

Specifies the name of sla-profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

initial-sub-profile

initial-sub-profile

Syntax

initial-sub-profile sub-profile-name

no initial-sub-profile

Context

[Tree] (config service vprn sub-if grp-if wpp initial-sub-profile)

[Tree] (config service ies sub-if grp-if wpp initial-sub-profile)

[Tree] (config subscr-mgmt loc-user-db ipoe host wpp initial-sub-profile)

Full Context

configure service vprn subscriber-interface group-interface wpp initial-sub-profile

configure service ies subscriber-interface group-interface wpp initial-sub-profile

configure subscriber-mgmt local-user-db ipoe host wpp initial-sub-profile

Description

This command specifies the initial sub-profile for the hosts created on the group-interface. This initial sub-profile is replaced after hosts pass web portal authentication.

The no form of this command reverts to the default.

Default

no initial-sub-profile

Parameters

sub-profile-name

Specifies the initial subscriber profile, up to 32 characters, to be used during the WPP authentication phase of the IPoE host.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

initial-valid-lifetime

initial-valid-lifetime

Syntax

initial-valid-lifetime [hrs hours] [min minutes] [sec seconds]

no initial-valid-lifetime

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac initial-valid-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 initial-valid-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac initial-valid-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 initial-valid-lifetime)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac initial-valid-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 initial-valid-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac initial-valid-lifetime

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 initial-valid-lifetime

Description

This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC during a migrant phase.

The no form of this command reverts to the default.

Default

initial-valid-lifetime min 5

Parameters

hours

Specifies the number of initial preferred lifetime hours.

Values

1 to 1

minutes

Specifies the number of initial preferred lifetime minutes.

Values

5 to 59

seconds

Specifies the number of initial preferred lifetime seconds.

Values

1 to 59

Combined values: min 5 – hrs 1

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

initiation-message

initiation-message

Syntax

initiation-message [initiation-message]

no initiation-message

Context

[Tree] (config>bmp>station initiation-message)

Full Context

configure bmp station initiation-message

Description

This command configures a free-form initiation message for a type 0 TLV to be sent to the BMP monitoring station. The message is transmitted when a BMP monitoring station establishes a connection to the device. Information can be provided to the BMP station system administrator (for example, a contact phone number). The initiation message includes a type 1 TLV containing the SNMP sysDescr value specified in RFC 1213, Management Information Base for Network Management of TCP/IP-based internets: MIB-II, and a type 2 TLV containing the SNMP sysName value also from RFC 1213. The string in the initiation-message is UTF-8 encoded.

The no form of this command removes initiation message from the configuration and causes a free-form message to be included in the type 0 information TLV and the corresponding tlv-length is made 0.

Parameters

initiation-message

Specifies an initiation message up to 256 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

inner-tag

inner-tag

Syntax

inner-tag value [vid-mask]

no inner-tag

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match inner-tag)

Full Context

configure qos sap-ingress mac-criteria entry match inner-tag

Description

This command configures the matching of the second tag that is carried transparently through the service. The inner tag on ingress is the second tag on the frame if there are no service delimiting tags. The inner tag is the second tag before any service delimiting tags on egress but is dependent in the ingress configuration and may be set to 0 even in cases where additional tags are on the frame. This allows matching VLAN tags for explicit filtering or QoS setting when using default or null encapsulations.

The inner tag is not applicable in ingress on dot1Q SAPs. The inner tag may be populated on egress depending on the ingress SAP type.

On QinQ SAPs of null and default that do not strip tags, the inner-tag will contain the second tag (which is still the second tag carried transparently through the service.) On ingress SAPs that strip any tags, the inner tag will contain 0 even if there are more than two tags on the frame.

The optional vid_mask is defaulted to 4095 (exact match) but may be specified to allow pattern matching. The masking operation is ((value and vid-mask) = = (tag and vid-mask)). A value of 6 and a mask of 7 would match all VIDs with the lower 3 bits set to 6.

For QoS, the VID type cannot be specified on the default QoS policy.

The default vid-mask is set to 4095 for exact match.

Platforms

All

inner-tag

Syntax

inner-tag value [vid-mask]

no inner-tag

Context

[Tree] (config>filter>mac-filter>entry>match inner-tag)

Full Context

configure filter mac-filter entry match inner-tag

Description

This command configures the matching of the second tag that is carried transparently through the service. The inner-tag on ingress is the second tag on the frame if there are no service delimiting tags. Inner tag is the second tag before any service delimiting tags on egress but is dependent in the ingress configuration and may be set to 0 even in cases where additional tags are on the frame. This allows matching VLAN tags for explicit filtering or QoS setting when using default or null encapsulations.

The inner-tag is not applicable in ingress on dot1Q SAPs. The inner-tag may be populated on egress depending on the ingress SAP type.

On QinQ SAPs of null and default that do not strip tags inner-tag will contain the second tag (which is still the second tag carried transparently through the service.) On ingress SAPs that strip any tags, inner-tag will contain 0 even if there are more than 2 tags on the frame.

The optional vid-mask is defaulted to 4095 (exact match) but may be specified to allow pattern matching. The masking operation is ((value and vid-mask) = = (tag and vid-mask)). A value of 6 and a mask of 7 would match all VIDs with the lower 3 bits set to 6.

For QoS the VID type cannot be specified on the default QoS policy.

The default vid-mask is set to 4095 for exact match.

Default

no inner-tag

Platforms

All

input

input

Syntax

input

Context

[Tree] (config>system>sync-if-timing>bits input)

Full Context

configure system sync-if-timing bits input

Description

This command provides a context to enable or disable the external BITS timing reference inputs to the central clock of the router. In redundant systems with BITS ports, there are two possible BITS-in interfaces, one for each CPM or CCM.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

input-power-mode

input-power-mode

Syntax

input-power-mode amperage

Context

[Tree] (cfg>sys>pwr-mgmt>peq input-power-mode)

Full Context

configure system power-management peq input-power-mode

Description

This command sets the input-power-mode of the APEQ for the designated APEQ slot.

Parameters

amperage

Sets the APEQ input power mode.

Values

60, 80

Default

60

Platforms

7750 SR-12e, 7950 XRS

insert

insert

Syntax

insert [line]

Context

[Tree] (candidate insert)

Full Context

candidate insert

Description

This command inserts the contents of the temporary buffer (populated by a previous copy or delete command) into the candidate configuration. The contents are inserted by default after the current edit point. Optional parameters allow the insertion after some other point of the candidate. The contents of the temporary buffer are deleted when the operator exits candidate edit mode.

Insertions are context-aware. The temporary buffer always stores the CLI context (such as the current CLI branch) for each line deleted or copied. If the lines to be inserted are supported at the context of the insertion point then the lines are simply inserted into the configuration. If the lines to be inserted are not supported at the context of the insertion point, then the context at the insertion point is first closed using multiple exit statements, the context of the lines to be inserted is built (added) into the candidate at the insertion point, then the lines themselves are added, the context of the inserted lines is closed using exit statements and finally the context from the original insertion point is built again leaving the context at the same point as it was before the insertion.

Parameters

line

Indicates where to insert the line starting at the point indicated by the following options.

Values

line, offset, first, edit-point, last

line

absolute line number

offset

relative line number to current edit point. Prefixed with '+' or '-'

first

keyword - first line

edit-point

keyword - current edit point

last

keyword - last line that is not 'exit'

Platforms

All

insert-ipv6-fragment-header

insert-ipv6-fragment-header

Syntax

[no] insert-ipv6-fragment-header

Context

[Tree] (config>service>vprn>inside>nat64 insert-ipv6-fragment-header)

Full Context

configure service vprn inside nat64 insert-ipv6-fragment-header

Description

This command specifies if the system always inserts an IPv6 fragment header, to indicate that the sender allows fragmentation.

The no form of the command does not allow the system to insert an IPv6 fragment header.

Default

disabled

insert-ipv6-fragment-header

Syntax

[no] insert-ipv6-fragment-header

Context

[Tree] (config>router>nat>inside>nat64 insert-ipv6-fragment-header)

[Tree] (config>service>vprn>nat>inside>nat64 insert-ipv6-fragment-header)

Full Context

configure router nat inside nat64 insert-ipv6-fragment-header

configure service vprn nat inside nat64 insert-ipv6-fragment-header

Description

This command specifies whether the NAT64 node will insert IPv6 fragment header to IPv6 packets for which the DF bit is not set in the corresponding IPv4 packet, and is not already a fragment.

The no form of the command disables the insertion.

Default

disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

insert-nsh

insert-nsh

Syntax

[no] insert-nsh

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry>action insert-nsh)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry action insert-nsh

Description

Commands in this context configure NSH parameters in the steered traffic.

The no form of this command removes insert NSA parameters from the configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

insert-subscriber-id

insert-subscriber-id

Syntax

[no] insert-subscriber-id

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry>action>insert-nsh>meta-data insert-subscriber-id)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry action insert-nsh meta-data insert-subscriber-id

Description

This command specifies that the metadata to be inserted in NSH (with MD-Type set to 1) must contain a subscriber identifier that is derived from the subscriber string that comes from the AAA server (in Alc-Subsc-Id-Str VSA). The subscriber string is truncated after the first 16 bytes, and therefore, the first 16 bytes should be unique. The insert-subscriber-id and insert-subscriber-id commands are mutually exclusive.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

inside

inside

Syntax

inside

Context

[Tree] (config>router>nat inside)

[Tree] (config>service>vprn>nat inside)

Full Context

configure router nat inside

configure service vprn nat inside

Description

Commands in this context the inside NAT instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

inside-service-id

inside-service-id

Syntax

[no] inside-service-id

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes inside-service-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes inside-service-id

Description

This command enables the inclusion of the NAT inside service ID attributes.

The no form of the command excludes NAT inside service ID attributes.

Default

no inside-service-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

install-backup-path

install-backup-path

Syntax

install-backup-path

no install-backup-path

Context

[Tree] (config>router>policy-options>policy-statement>default-action install-backup-path)

[Tree] (config>router>policy-options>policy-statement>entry>action install-backup-path)

Full Context

configure router policy-options policy-statement default-action install-backup-path

configure router policy-options policy-statement entry action install-backup-path

Description

When the best BGP route for an IPv4 or IPv6 prefix is matched by a policy entry or policy default action with this command, BGP attempts to find and install a preprogrammed backup path for the prefix in order to provide BGP fast reroute protection.

The install-backup-path command overrides and has no dependency on commands such as the BGP instance backup-path command or the VPRN-level enable-bgp-vpn-backup command, which enable BGP fast reroute for an entire address family. The install-backup-path command provides more precise control over which IP prefixes are supported with preprogrammed backup paths.

In VPRN, if the best path for an IP prefix is provided by a VPRN BGP route, the backup path can be provided by another VPRN BGP route or an imported VPN-IP route. If the best path for an IP prefix is provided by an imported VPN-IP route, the backup path can be provided by another VPN-IP route.

The install-backup-path command is supported only in BGP and VRF import policies and has no effect on other types. The install-backup-path command applies only to the following types of matched routes: IPv4, IPv6, label-IPv4, label-IPv6, VPN-IPv4, and VPN-IPv6.

The no form of this command disables the install-backup-path functionality.

Default

no install-backup-path

Platforms

All

instance

instance

Syntax

instance instance

Context

[Tree] (debug>dynsvc>scripts instance)

Full Context

debug dynamic-services scripts instance

Description

Commands in this context configure dynamic services script debugging for a specific instance.

Parameters

instance

Specifies the instance name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

instance

Syntax

instance instance-id instance-value instance-value

no instance instance-id

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path>instances instance)

Full Context

configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path instances instance

Description

This command configures the candidate path instance for the P2MP SR tree as primary or secondary, and the instance identifier.

The no form of this command removes the candidate path instance.

Parameters

instance-id

Specifies the instance as primary (1) or secondary (2).

Values

1, 2

instance-value

Specifies the instance identifier.

Values

1 to 4294967295

Platforms

All

instance-id

instance-id

Syntax

instance-id instance-id

no instance-id

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment instance-id)

Full Context

configure router p2mp-sr-tree replication-segment instance-id

Description

This command configures the instance ID for the P2MP SR tree replication segment entry.

The ID is a unique identifier for the P2MP LSP on the root. The combination of root ID, tree ID, and instance ID uniquely identifies a P2MP LSP throughout the network.

The no form of this command removes the instance.

Parameters

instance-id

Specifies the ID of the instance.

Values

1 to 4294967295

Platforms

All

instances

instances

Syntax

instances

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path instances)

Full Context

configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path instances

Description

Commands in this context configure the instance entries of the candidate path.

Multiple path instances can exist in a candidate path for the P2MP SR tree. Each path instance is a P2MP LSP and has an instance ID. Path instances are used for global optimization of the active candidate path.

Platforms

All

instant-prune-echo

instant-prune-echo

Syntax

[no] instant-prune-echo

Context

[Tree] (config>service>vprn>pim>if instant-prune-echo)

Full Context

configure service vprn pim interface instant-prune-echo

Description

This command enables PIM to send an instant prune echo when the router starts the prune pending timer for a group on the interface. All downstream routers will see the prune message immediately, and can send a join override if they are interested in receiving the group. Configuring instant-prune-echo is recommended on broadcast interfaces with more than one PIM neighbor to optimize multicast convergence.

The no form of this command disables instant Prune Echo on the PIM interface.

Default

no instant-prune-echo

Platforms

All

instant-prune-echo

Syntax

[no] instant-prune-echo

Context

[Tree] (config>router>pim>interface instant-prune-echo)

Full Context

configure router pim interface instant-prune-echo

Description

This command enables PIM to send an instant prune echo when the router starts the prune pending timer for a group on the interface. All downstream routers will see the prune message immediately, and can send a join override if they are interested in receiving the group. Configuring instant-prune-echo is recommended on broadcast interfaces with more than one PIM neighbor to optimize multicast convergence.

The no form of this command disables instant Prune Echo on the PIM interface.

Default

no instant-prune-echo

Platforms

All

int-dest-id

int-dest-id

Syntax

int-dest-id int-dest-id

no int-dest-id

Context

[Tree] (config>service>sdp>binding>pw-port>egress>shaper int-dest-id)

Full Context

configure service sdp binding pw-port egress shaper int-dest-id

Description

This command configures an intermediate destination identifier applicable to ESM PW SAPs.

The no form of the command removes the intermediate destination identifier from the configuration.

Default

no int-dest-id

Parameters

int-dest-id

Specifies the intermediate destination ID.

Platforms

All

int-dest-id

Syntax

int-dest-id name

no int-dest-id

Context

[Tree] (config>service>epipe>pw-port>egress>shaper int-dest-id)

Full Context

configure service epipe pw-port egress shaper int-dest-id

Description

This command configures an intermediate destination identifier applicable to ESM PW SAPs.

Parameters

name

Specifies the default intermediate destination identifier, up to 32 characters in length, on the egress side for this PW-port entry.

Platforms

All

inter-chassis-redundancy

inter-chassis-redundancy

Syntax

inter-chassis-redundancy

Context

[Tree] (config>isa>nat-group inter-chassis-redundancy)

Full Context

configure isa nat-group inter-chassis-redundancy

Description

Commands in this context configure inter-chassis redundancy parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

inter-dest-id

inter-dest-id

Syntax

inter-dest-id intermediate-destination-id

no inter-dest-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings inter-dest-id)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings inter-dest-id)

Full Context

configure subscriber-mgmt local-user-db ppp host identification-strings inter-dest-id

configure subscriber-mgmt local-user-db ipoe host identification-strings inter-dest-id

Description

This command specifies the intermediate destination identifier which is encoded in the identification strings.

The no form of this command returns to the default.

Parameters

intermediate-destination-id

Specifies the intermediate destination identifier, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

inter-dest-id

Syntax

inter-dest-id intermediate-destination-id

no inter-dest-id

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host inter-dest-id)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host inter-dest-id)

[Tree] (config>service>ies>if>sap>static-host inter-dest-id)

[Tree] (config>service>vprn>if>sap>static-host inter-dest-id)

[Tree] (config>service>vpls>sap>static-host inter-dest-id)

Full Context

configure service vprn subscriber-interface group-interface sap static-host inter-dest-id

configure service ies subscriber-interface group-interface sap static-host inter-dest-id

configure service ies interface sap static-host inter-dest-id

configure service vprn interface sap static-host inter-dest-id

configure service vpls sap static-host inter-dest-id

Description

This command specifies to which intermediate destination (for example a DSLAM) this host belongs.

The no form of this command reverts to the default.

Parameters

intermediate-destination-id

Specifies the intermediate destination identifier, up to 32 characters in length.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

inter-vlan

inter-vlan

Syntax

[no] inter-vlan

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>mobility inter-vlan)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>mobility inter-vlan)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw mobility inter-vlan

configure service ies subscriber-interface group-interface wlan-gw mobility inter-vlan

Description

This command enables mobility within different VLANs of the same range. When enabled, mobility between different VLANs in a single vlan-range is allowed for the configured mobility triggers.

The no form of this command disables mobility between VLANs.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

interactive-authentication

interactive-authentication

Syntax

[no] interactive-authentication

Context

[Tree] (config>service>vprn>aaa>remote-servers>radius interactive-authentication)

Full Context

configure service vprn aaa remote-servers radius interactive-authentication

Description

This command enables RADIUS interactive authentication for the system. Enabling interactive-authentication forces RADIUS to fall into challenge/response mode.

Default

no interactive-authentication

Platforms

All

interactive-authentication

Syntax

[no] interactive-authentication

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus interactive-authentication)

Full Context

configure service vprn aaa remote-servers tacplus interactive-authentication

Description

This configuration instructs the SR OS to send no username nor password in the TACACS+ start message, and to display the server_msg in the GETUSER and GETPASS response from the TACACS+ server. Interactive authentication can be used to support a One Time Password scheme (such as an S/Key). An example flow (such as with a telnet connection) is as follows:

  • The SR OS sends an authentication start request to the TACACS+ server with no username nor password.

  • TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETUSER and a server_msg.

  • The SR OS displays the server_msg, and collects the username.

  • The SR OS sends a continue message with the username.

  • TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETPASS and a server_msg.

  • The SR OS displays the server_msg (which may contain, for example, an S/Key for One Time Password operation), and collects the password.

  • The SR OS sends a continue message with the password.

  • TACACS+ server replies with PASS or FAIL.

When interactive-authentication is disabled the SR OS will send the username and password in the tacplus start message. An example flow (e.g. with a telnet connection) is as follows:

  • TAC_PLUS_AUTHEN_TYPE_ASCII.

    • the login username in the "user” field.

    • the password in the user_msg field (while this is non-standard, it does not cause interoperability problems).

  • TACACS+ server ignores the password and replies with TAC_PLUS_AUTHEN_STATUS_GETPASS.

  • The SR OS sends a continue packet with the password in the user_msg field.

  • TACACS+ server replies with PASS or FAIL.

When interactive-authentication is enabled, tacplus must be the first method specified in the authentication-order configuration.

Default

no interactive-authentication

Platforms

All

interactive-authentication

Syntax

[no] interactive-authentication

Context

[Tree] (config>system>security>radius interactive-authentication)

Full Context

configure system security radius interactive-authentication

Description

This command enables RADIUS interactive authentication for the system. Enabling interactive-authentication forces RADIUS to fall into challenge/response mode.

Default

no interactive-authentication

Platforms

All

interactive-authentication

Syntax

[no] interactive-authentication

Context

[Tree] (config>system>security>tacplus interactive-authentication)

Full Context

configure system security tacplus interactive-authentication

Description

This configuration instructs the SR OS to send no username nor password in the TACACS+ start message, and to display the server_msg in the GETUSER and GETPASS response from the TACACS+ server. Interactive authentication can be used to support a One Time Password scheme (e.g. S/Key). An example flow (e.g. with a telnet connection) is as follows:

  • The SR OS sends an authentication start request to the TACACS+ server with no username nor password.

  • TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETUSER and a server_msg.

  • The SR OS displays the server_msg, and collects the user name.

  • The SR OS sends a continue message with the user name.

  • TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETPASS and a server_msg.

  • The SR OS displays the server_msg (which may contain, for example, an S/Key for One Time Password operation), and collects the password.

  • The SR OS sends a continue message with the password.

  • TACACS+ server replies with PASS or FAIL.

When interactive-authentication is disabled the SR OS sends the username and password in the tacplus start message. An example flow (e.g. with a telnet connection) is as follows:

  • TAC_PLUS_AUTHEN_TYPE_ASCII.

    • the login username in the "user” field.

    • the password in the user_msg field (while this is non-standard, it does not cause interoperability problems).

  • TACACS+ server ignores the password and replies with TAC_PLUS_AUTHEN_STATUS_GETPASS.

  • The SR OS sends a continue packet with the password in the user_msg field.

  • TACACS+ server replies with PASS or FAIL.

When interactive-authentication is enabled, tacplus must be the first method specified in the authentication-order configuration.

Default

no interactive-authentication

Platforms

All

intercept-id

intercept-id

Syntax

intercept-id id

no intercept-id

Context

[Tree] (config>li>li-source>nat>ethernet-header intercept-id)

[Tree] (config>li>li-source>nat>l2-aware-sub intercept-id)

[Tree] (config>li>li-source>nat>nat64-lsn-sub intercept-id)

[Tree] (config>li>li-source>nat>classic-lsn-sub intercept-id)

[Tree] (config>li>li-source>nat>dslite-lsn-sub intercept-id)

Full Context

configure li li-source nat ethernet-header intercept-id

configure li li-source nat l2-aware-sub intercept-id

configure li li-source nat nat64-lsn-sub intercept-id

configure li li-source nat classic-lsn-sub intercept-id

configure li li-source nat dslite-lsn-sub intercept-id

Description

This command configures the intercept-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs.

For nat mirroring (a nat li-source entry type), when the mirror service is not configured with any routable encap (for example, no ip-udp-shim or ip-gre configured under config>mirror>mirror-dest>encap), the presence of a configured intercept-id against an li-source (nat) entry will cause the insertion of the intercept-id after a configurable mac-da, mac-sa and etype (configured under li-source>nat>ethernet-header), at the front of each packet mirrored for that particular li-source entry. If there is no intercept-id configured (for a nat entry using a mirror service without routable encap), then a configurable mac-da and mac-sa are added to the front of the packets (but no intercept-id). In both cases a non-configurable etype is also added immediately before the mirrored customer packet. Note that routable encapsulation configured in the mirror-dest takes precedence over the ethernet-header configuration in the li-source nat entries. If routable encapsulation is configured, then the ethernet-header config is ignored and no mac header is added to the packet (the encap is determined by the mirror-dest in this case).

For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept ID configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre routable encap, no intercept-id is inserted and none should be specified against the li-source entries.

The no form of this command removes the value from the configuration.

Default

no intercept-id (an id of 0, or no id)

Parameters

id

Specifies the intercept ID value to insert into the header of the mirrored packets.

Values

1 to 4294967295 (32b) For nat li-source entries that are using a mirror service that is not configured with routable encap

Values

1 to 1,073,741,824 (30b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encap and no direction-bit.

Values

1 to 536,870,912 (29b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encap and with the direction-bit enabled.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

intercept-id

Syntax

intercept-id [intercept-id]

no intercept-id

Context

[Tree] (config>li>li-source>wlan-gw intercept-id)

Full Context

configure li li-source wlan-gw intercept-id

Description

This command configures the intercept-id inserted in the packet header for all mirrored packets of the associated li-source. When the mirror service is configured with the ip-udp-shim routable encapsulation, the intercept-id field (as part of the routable encap) is always present in the mirrored packets. The intercept ID can be used by the LIG to identify a particular LI session to which the packet belongs.

Parameters

intercept-id

Specifies the intercept ID inserted in the LI header.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

interconnect

interconnect

Syntax

interconnect {ring-id ring-index | vpls}

no interconnect

Context

[Tree] (config>eth-ring>sub-ring interconnect)

Full Context

configure eth-ring sub-ring interconnect

Description

This command links the G.8032 sub-ring to a ring instance or to a VPLS instance. The ring instance must be a complete ring with two paths but may itself be a sub-ring or a major ring (declared by its configuration on another node).

When the interconnection is to another node, the sub-ring may have a virtual link or a non-virtual-link.

When the sub-ring is configured with a non-virtual link, the sub ring may be alternatively connected to a VPLS service.

This command is only valid on the interconnection node where a single sub-ring port connects to a major ring or terminates on a VPLS service.

The no form of this command removes the interconnect node.

Default

no interconnect

Parameters

ring-id

Specifies the identifier for the ring instance of the connection ring for this sub-ring on this node.

Values

0 to 128

vpls

Specifies that the sub-ring is connected to the VPLS instance that contains the sub-ring SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interface

interface

Syntax

interface ip-int-name service-id service-id

no interface

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host interface)

Full Context

configure subscriber-mgmt local-user-db ipoe host interface

Description

This command specifies the interface where IPoE sessions are terminated.

The no version of this command disables the parameter.

Parameters

ip-int-name

Specifies the name of the group interface.

service-id

Specifies the service ID or name where the group interface resides.

Values

service-id — 1 to 2147483647

service-name — up to 64 characters

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

interface ip-int-name service-id service-id

no interface

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host interface)

Full Context

configure subscriber-mgmt local-user-db ppp host interface

Description

This command configures the interface where PPP sessions are terminated.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies the name of the group interface, up to 32 characters, where the PPP sessions are established.

service-id

Specifies the service ID or name of the service where the PPP sessions are established.

Values

service-id: 1 to 2147483647

service-name: up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

interface ip-int-name

no interface

Context

[Tree] (config>service>vprn>dhcp6 interface)

[Tree] (config>service>vprn>dhcp interface)

Full Context

configure service vprn dhcp6 interface

configure service vprn dhcp interface

Description

Commands in this context configure interface parameters.

Parameters

ip-int-name

Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

interface ip-int-name [create]

interface ip-int-name [create] tunnel

no interface ip-int-name

Context

[Tree] (config>service>vprn interface)

[Tree] (config>service>ies interface)

Full Context

configure service vprn interface

configure service ies interface

Description

This command creates a logical IP routing interface. Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within service IDs. The interface command can be executed in the context of a service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for subscriber Internet access. An IP address cannot be assigned to an IES interface. Multiple SAPs can be assigned to a single group interface.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config>router>interface, config>service>ies>interface and config>service>vprn>interface (that is, the network core router instance). Interface names must not be in the dotted decimal notation of an IP address. For example, the name "1.1.1.1” is not allowed, but "int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shut down before issuing the no interface command.

The IP interface must be shut down before the SAP on that interface may be removed. IES and VPRN services do not have the shutdown command in the SAP CLI context. The service SAPs rely on the interface status to enable and disable them.

Parameters

ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

tunnel

Specifies that the interface is configured as tunnel interface, which could be used to terminate IPsec or GRE runnels in the private service.

create

Creates the IPsec interface instance. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>igmp interface)

Full Context

configure router igmp interface

Description

Commands in this context configure an IGMP interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of the command deletes the IGMP interface. The shutdown command in the config>router>igmp>interface context can be used to disable an interface without removing the configuration for the interface.

Default

no interface

Parameters

ip-int-name

The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>mld interface)

Full Context

configure router mld interface

Description

Commands in this context configure an Multicast Listener Discovery (MLD) interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of this command deletes the MLD interface. The shutdown command in the config>router>mld>interface context can be used to disable an interface without removing the configuration for the interface.

Default

no interface — No interfaces are defined.

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config>router>interface and config>service>ies>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

Platforms

All

interface

Syntax

interface interface-name [create]

no interface interface-name

Context

[Tree] (config>router>gtp>s11 interface)

[Tree] (config>service>vprn>gtp>s11 interface)

Full Context

configure router gtp s11 interface

configure service vprn gtp s11 interface

Description

This command activates GTP termination on the specified interface.

The no form of this command disables GTP termination on the specified interface, if there are no active sessions associated with the interface.

Parameters

interface-name

Specifies the name of the interface, up to 32 characters. The name must begin with a letter.

create

Creates an entry.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

interface ip-int-name

no interface

Context

[Tree] (config>redundancy>mc>peer>mc>l3-ring>in-band-control-path interface)

[Tree] (config>redundancy>mc>peer>mcr>ring>in-band-control-path interface)

Full Context

configure redundancy multi-chassis peer multi-chassis l3-ring in-band-control-path interface

configure redundancy multi-chassis peer mc-ring ring in-band-control-path interface

Description

This command specifies the name of the IP interface used for the inband control connection.

If an interface name is not configured, the ring cannot become operational.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies an interface name up to 32 characters.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>radius-proxy>server interface)

[Tree] (config>router>radius-proxy>server interface)

Full Context

configure service vprn radius-proxy server interface

configure router radius-proxy server interface

Description

This command configures the IP interface the RADIUS-proxy server will bind to. One RADIUS-proxy server could bind to multiple interfaces.

Parameters

ip-int-name

Specifies the name of an IP interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

interface router router-instance name interface-name

no interface

Context

[Tree] (config>subscr-mgmt>pfcp-association interface)

Full Context

configure subscriber-mgmt pfcp-association interface

Description

This command configures the interface from which PFCP messages are sent and on which PFCP messages are received.

The no form of this command removes the interface.

Default

no interface

Parameters

router-instance

Specifies the router instance.

Values

router-name | vprn-svc-id

router-name: Base Default - Base

vprn-svc-id: 1 to 2147483647

interface-name

Specifies the interface name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vpls interface)

Full Context

configure service vpls interface

Description

This command creates a logical IP routing interface for a VPLS service. Once created, attributes such as IP address and service access points (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within the VPLS service IDs. The IP interface created is associated with the VPLS management routing instance. This instance does not support routing.

Interface names are case-sensitive and must be unique within the group of defined IP interfaces defined for the network core router instance. Interface names in the dotted decimal notation of an IP address are not allowed. For example, the name "1.1.1.1” is not allowed, but "int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. Duplicate interface names can exist in different router instances.

Enter a new name to create a logical router interface. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, no default IP interface names are defined within the system. All VPLS IP interfaces must be explicitly defined in an enabled state.

The no form of this command removes the IP interface and the entire associated configuration. The interface must be administratively shut down before issuing the no interface command.

For VPLS services, the IP interface must be shut down before the SAP on that interface is removed.

For VPLS service, ping and traceroute are the only applications supported.

Parameters

ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP.

An interface name:

  • Should not be in the form of an IP address.

  • Can be from 1 to 32 alphanumeric characters.

  • If the string contains special characters (such as #,$,spaces), the entire string must be enclosed within double quotes.

If ip-int-name already exists within the service ID, the context changes to maintain that IP interface. If ip-int-name already exists within another service ID, an error occurs and the context does not change to that IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

Platforms

All

interface

Syntax

[no] interface [ip-int-name | ip-address]

Context

[Tree] (debug>router>igmp interface)

Full Context

debug router igmp interface

Description

This command enables debugging for IGMP interfaces.

The no form of this command disables the IGMP interface debugging for the specifies interface name or IP address.

Parameters

ip-int-name

Debugs the information associated with the specified IP interface name.

ip-address

Debugs the information associated with the specified IP address.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>igmp interface)

Full Context

configure service vprn igmp interface

Description

Commands in this context configure interface parameters.

Parameters

ip-int-name

Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>isis interface)

Full Context

configure service vprn isis interface

Description

This command creates the context to configure an IS-IS interface.

When an area is defined, the interfaces belong to that area. Interfaces cannot belong to separate areas.

When the interface is a POS channel, the OSI Network Layer Control Protocol (OSINLCP) is enabled when the interface is created and removed when the interface is deleted.

The no form of this command removes IS-IS from the interface.

The shutdown command in the config>router>isis>if context administratively disables IS-IS on the interface without affecting the IS-IS configuration.

Default

no interface — No IS-IS interfaces are defined.

Parameters

ip-int-name

Identify the IP interface name created in the config>router>if context. The IP interface name must already exist.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>mld interface)

Full Context

configure service vprn mld interface

Description

Commands in this context configure an Multicast Listener Discovery (MLD) interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of this command deletes the MLD interface. The shutdown command in the config>router>mld>if context can be used to disable an interface without removing the configuration for the interface.

Default

no interface

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

Platforms

All

interface

Syntax

interface ip-int-name [secondary]

no interface ip-int-name

Context

[Tree] (config>service>vprn>ospf>area interface)

[Tree] (config>service>vprn>ospf3>area interface)

Full Context

configure service vprn ospf area interface

configure service vprn ospf3 area interface

Description

This command creates a context to configure an OSPF interface.

By default interfaces are not activated in any interior gateway protocol, such as OSPF, unless explicitly configured.

The no form of this command deletes the OSPF interface configuration for this interface. The shutdown command in the config>router>ospf>if context can be used to disable an interface without removing the configuration for the interface.

Default

no interface

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

secondary

Keyword used to allow multiple secondary adjacencies, in addition to the primary adjacency, to be established over a single IP interface. This keyword can also be applied to the system interface and to loopback interfaces to allow them to participate in multiple areas, although no adjacencies are formed over these types of interfaces.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>pim interface)

Full Context

configure service vprn pim interface

Description

This command enables PIM on an interface and enables the context to configure interface-specific parameters. By default interfaces are activated in PIM based on the apply-to command, and do not have to be configured on an individual basis unless the default values must be changed.

The no form of this command deletes the PIM interface configuration for this interface. If the apply-to command parameter is configured, then the no interface form must be saved in the configuration to avoid automatic (re)creation after the next apply-to is executed as part of a reboot.

The shutdown command can be used to disable an interface without removing the configuration for the interface.

Default

Interfaces are activated in PIM based on the apply-to command.

Parameters

ip-int-name

Specifies the interface name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>router-advertisement interface)

Full Context

configure service vprn router-advertisement interface

Description

This command configures router advertisement properties on a specific interface. The interface must already exist in the config>router>if context.

Default

No interfaces are configured by default.

Parameters

ip-int-name

Specifies the interface name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

Platforms

All

interface

Syntax

[no] interface ip-int-name [dual-stack]

Context

[Tree] (config>router>ldp>interface-parameters interface)

Full Context

configure router ldp interface-parameters interface

Description

This command enables LDP on the specified IP interface.

The no form of the command deletes the LDP interface and all configuration information associated with the LDP interface.

The LDP interface must be disabled using the shutdown command before it can be deleted.

The user can configure different parameters for IPv4 and IPv6 LDP interfaces by entering ipv4 or ipv6 as the next command.

Parameters

ip-int-name

Specifies the name of an existing interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

dual-stack

This optional keyword allows the user to explicitly indicate if this interface should create the IPv4 context automatically or not. With the introduction of LDP IPv6, the creation of the interface does not automatically mean it is to be used for IPv4 like with legacy IPv4 only LDP interface. Thus the dual-stack keyword is an indication to the system that user will manually enable the IPv4, IPv6, or the dual-stack IPv4/IPv6 contexts manually.

The following are some of the key points for this keyword:

  • If the keyword is provided, then IPv4 interface context will not be created automatically. If it is not provided, the IPv4 interface context will be created like in the legacy single stack LDP IPv4 interface behavior.

  • This new keyword will always show in a configuration.

  • When entering an already configured interface, there is no need to provide the keyword, but it will be ignored if provided.

  • When deleting a configured interface, the keyword will not be accepted in the no version of the interface command.

Platforms

All

interface

Syntax

[no] interface interface-name family

Context

[Tree] (debug>router>ldp interface)

Full Context

debug router ldp interface

Description

Use this command for debugging an LDP interface.

Parameters

interface-name

The name of an existing interface.

family

Specifies the family type.

Values

ipv4, ipv6

Platforms

All

interface

Syntax

interface ip-address srlg-group group-name [group-name]

no interface ip-address [srlg-group group-name]

Context

[Tree] (config>router>mpls>srlg-database>router-id interface)

Full Context

configure router mpls srlg-database router-id interface

Description

This command allows the operator to manually enter the SRLG membership information for any link in the network, including links on this node, into the user SRLG database.

An interface can be associated with up to five SRLG groups for each execution of this command. The operator can associate an interface with up to 64 SRLG groups by executing the command multiple times.

CSPF will not use entered SRLG membership if an interface is not validated as part of a router ID in the routing table.

The no form of this command deletes a specific interface entry in this user SRLG database. The group-name must already exist in the config>router>if-attribute>srlg-group context.

Parameters

ip-address

Specifies the IPv4 address in a.b.c.d

srlg-group group-name

Specifies the SRLG group name. Up to 1024 group names can be defined in the config>router>if-attribute context. The SRLG group names must be identical across all routers in a single domain.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>mpls interface)

Full Context

configure router mpls interface

Description

This command specifies MPLS protocol support on an IP interface. No MPLS commands are executed on an IP interface where MPLS is not enabled. An MPLS interface must be explicitly enabled (no shutdown).

The no form of this command deletes all MPLS commands such as label-map which are defined under the interface. The MPLS interface must be shutdown first in order to delete the interface definition. If the interface is not shutdown, the no interface ip-int-name command does nothing except issue a warning message on the console indicating that the interface is administratively up.

Default

shutdown

Parameters

ip-int-name

Specifies the name of the network IP interface. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Values

1 to 32 alphanumeric characters.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>rsvp interface)

Full Context

configure router rsvp interface

Description

This command enables RSVP protocol support on an IP interface. No RSVP commands are executed on an IP interface where RSVP is not enabled.

The no form of this command deletes all RSVP commands such as hello-interval and subscription, which are defined for the interface. The RSVP interface must be shutdown it can be deleted. If the interface is not shut down, the no interface ip-int-name command does nothing except issue a warning message on the console indicating that the interface is administratively up.

Default

shutdown

Parameters

ip-int-name

Specifies the name of the network IP interface. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Values

1 to 32

Platforms

All

interface

Syntax

interface [ip-int-name | mt-int-name | ip-address] [detail]

no interface

Context

[Tree] (debug>router>pim interface)

Full Context

debug router pim interface

Description

This command enables debugging for PIM interface information.

The no form of this command disables PIM interface debugging.

Parameters

ip-int-name

Debugs the information associated with the specified IP interface name.

Values

IPv4 or IPv6 interface address

mt-int-name

Debugs the information associated with the specified VPRN ID and group address.

ip-address

Debugs the information associated with the specified IP address.

detail

Debugs detailed IP interface information.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>pim interface)

Full Context

configure router pim interface

Description

This command creates a PIM interface.

Interface names are case-sensitive and must be unique within the group of defined IP interfaces defined for config>router>interface, config>service>ies>interface, and config>service>ies>subscriber-interface>group-interface. Interface names must not be in the dotted decimal notation of an IP address. For example, the name "1.1.1.1” is not allowed, but "int-1.1.1.1” is allowed. Show commands for router interfaces use either the interface names or the IP addresses. Ambiguity can exist if an IP address is used as an IP address and an interface name. Duplicate interface names can exist in different router instances, although this is not recommended because it may be confusing.

By default, no interfaces or names are defined within PIM.

The no form of this command removes the IP interface and all the associated configurations.

Parameters

ip-int-name

Specifies the name of the IP interface, up to 32 characters. Interface names must be unique within the group of defined IP interfaces for config router interface, config service ies interface, and config service ies subscriber-interface group-interface commands. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, and so on.), the entire string must be enclosed within double quotes.

If the ip-int-name already exists, the context is changed to maintain that IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

Platforms

All

interface

Syntax

interface interface-name [unnumbered-mpls-tp]

interface interface-name pdn

no interface interface-name

Context

[Tree] (config>router interface)

Full Context

configure router interface

Description

This command creates a logical IP routing or unnumbered MPLS-TP interface. Once created, attributes like IP address, port, or system can be associated with the IP interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface. Interface names must not be in the dotted decimal notation of an IP address.; for example, the name "1.1.1.1” is not allowed, but "int-1.1.1.1” is allowed. Show commands for router interfaces use either the interface names or the IP addresses. Ambiguity can exist if an IP address is used as an IP address and an interface name. Duplicate interface names can exist in different router instances, although this is not recommended because it is confusing. Nokia recommends that names are meaningful and unique to remove ambiguity when displaying the state associated with IP interfaces through show commands.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

Although not a keyword, the ip-int-name "system” is associated with the network entity (such as a specific router), not a specific interface. The system interface is also referred to as the loopback address.

An unnumbered MPLS-TP interface is a special type of interface that is only intended for MPLS-TP LSPs. IP routing protocols are blocked on interfaces of this type. If an interface is configured as unnumbered-mpls-tp, then it can only be associated with an Ethernet port or VLAN, using the port command, then either a unicast, multicast, or broadcast remote MAC address may be configured. Only static ARP is supported.

The control-tunnel parameter creates a loopback interface representing a GRE tunnel. One IP tunnel can be created in this interface.

Only the primary IPv4 interface address and only one IP tunnel per interface are allowed. Multiple tunnels can be configured using up to four controlTunnel loopback interfaces. A static route can take the new controlTunnel interface as a next hop.

The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command.

Parameters

interface-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Values

1 to 32 alphanumeric characters

If the ip-int-name already exists, the context is changed to maintain that IP interface. If ip-int-name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and the context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

unnumbered-mpls-tp

Specifies that an interface is an unnumbered MPLS-TP. An unnumbered MPLS-TP interface is a special type of interface that is only intended for MPLS-TP LSPs. IP routing protocols are blocked on interfaces of this type. If an interface is configured as unnumbered-mpls-tp, then it can only be associated with an Ethernet port or VLAN, using the port command. A unicast, multicast, or broadcast remote MAC address can be configured using the static-arp command. Only static ARP is supported.

pdn

Specifies that the interface is a PDN.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>router-advert interface)

Full Context

configure router router-advertisement interface

Description

This command configures router advertisement properties on a specific interface. The interface must already exist in the config>router>if context.

Parameters

ip-int-name

Specifies the interface name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

interface

Syntax

[no] interface interface-name

Context

[Tree] (config>router>pcp-server>server interface)

Full Context

configure router pcp-server server interface

Description

This command associates an interface.

The no form of this command reverts to the default value.

Parameters

interface-name

Specifies the interface name, up to 32 characters. The interface name must start with a letter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

interface

Syntax

[no] interface [{ip-int-name | ip-address}]

Context

[Tree] (debug>router>ip interface)

Full Context

debug router ip interface

Description

This command displays the router IP interface table sorted by interface index.

Parameters

ip-int-name

Only displays the interface information associated with the specified IP interface name.

Values

32 characters maximum

ip-address

Only displays the interface information associated with the specified IP address.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Values

The following values apply to the 7450 ESS:

ipv4-address: a.b.c.d (host bits must be 0)

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>isis interface)

Full Context

configure router isis interface

Description

This command creates the context to configure an IS-IS interface.

When an area is defined, the interfaces belong to that area. Interfaces cannot belong to separate areas.

When the interface is a POS channel, the OSINLCP is enabled when the interface is created and removed when the interface is deleted.

The no form of this command removes IS-IS from the interface.

The shutdown command in the config>router>isis>interface context administratively disables IS-IS on the interface without affecting the IS-IS configuration.

Parameters

ip-int-name

Identify the IP interface name created in the config>router>interface context. The IP interface name must already exist.

Platforms

All

interface

Syntax

interface [ip-int-name | ip-address]

no interface

Context

[Tree] (debug>router>isis interface)

Full Context

debug router isis interface

Description

This command enables debugging for IS-IS interface.

The no form of the command disables debugging.

Parameters

ip-address

When specified, only the interface with the specified interface address is debugged.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

ip-int-name

When specified, only the interface with the specified interface name is debugged.

Platforms

All

interface

Syntax

interface ip-int-name [secondary]

no interface ip-int-name

Context

[Tree] (config>router>ospf>area interface)

[Tree] (config>router>ospf3>area interface)

Full Context

configure router ospf area interface

configure router ospf3 area interface

Description

This command configures an OSPF interface.

Unless they are explicitly configured, interfaces are not activated, by default, in any interior gateway protocol, such as OSPF.

The no form of this command deletes the OSPF interface configuration for this interface. Use the shutdown command in the config>router>ospf>interface context to disable an interface without removing the configuration for the interface.

Default

no interface

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for the configure router interface and configure service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured, an error message is returned.

If the IP interface exists in a different area it is moved to this area.

secondary

Keyword used to allow multiple secondary adjacencies, in addition to the primary adjacency, to be established over a single IP interface. This keyword can also be applied to the system interface and to loopback interfaces to allow them to participate in multiple areas, although no adjacencies are formed over these types of interfaces.

Platforms

All

interface

Syntax

interface [ip-int-name | ip-address]

interface [interface-name]

no interface

Context

[Tree] (debug>router>ospf3 interface)

[Tree] (debug>router>ospf interface)

Full Context

debug router ospf3 interface

debug router ospf interface

Description

This command enables debugging for an OSPF and OSPF3 interface.

Parameters

ip-int-name

Specifies the IP interface name, in the debug>router>ospf context. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

ip-address

Specifies the interface’s IP address, in the debug>router>ospf context.

interface-name

Specifies the interface name, in the debug>router>ospf3 context.

Platforms

All

interface

Syntax

interface interface-name

no interface

Context

[Tree] (config>router>policy-options>policy-statement>entry>from interface)

Full Context

configure router policy-options policy-statement entry from interface

Description

This command specifies the router interface, specified either by name or address, as a filter criterion.

The no form of this command removes the criterion from the configuration.

Default

no interface

Parameters

ip-int-name

Specifies the name of the interface as a match criterion for this entry. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

interface

Syntax

interface interface-name

no interface

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func>end-x interface)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-x interface

Description

This command configures an interface for the End.X function.

The no form of this command removes the interface name from the configuration.

Default

no interface

Parameters

interface-name

Specifies an existing interface name, up to 32 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

interface

Syntax

interface interface-name

no interface

Context

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func>ua interface)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua interface

Description

This command configures an interface for the uA function.

The no form of this command removes the interface name from the configuration.

Default

no interface

Parameters

interface-name

Specifies an existing interface name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>router>bgp>group>dynamic-neighbor interface)

Full Context

configure router bgp group dynamic-neighbor interface

Description

Commands in this context configure an unnumbered base router network interface for dynamic neighbors.

If this interface connects to a network with other BGP routers, sessions with the other routers can be set up automatically without explicitly configuring them as BGP neighbors. The interface must be IPv6 enabled, but because the interface is considered unnumbered, it does not require an IPv4 address or a global-unicast IPv6 address. The sessions are set up using IPv6 link-local addresses.

The BGP unnumbered feature supports all address families that allow IPv6 link-local BGP next-hop addresses. This includes IPv4 with the use of RFC 8950 extensions.

When an interface is added to the list of dynamic-neighbor interfaces, an outgoing connection attempt is initiated toward any directly connected router on the interface that announces itself using an ICMPv6 router advertisement message. The session attempt is unsuccessful if the peer type is not EBGP, the reported AS number of the peer does not match one of the allowed values, or the maximum session limit of the interface would be exceeded.

The no form of this command removes the interface from the list of dynamic-neighbor interfaces.

Parameters

ip-int-name

Specifies the name of a base router IP interface, up to 32 characters.

Platforms

All

interface

Syntax

[no] interface ip-int-name

Context

[Tree] (config>service>vprn>bgp>group>dynamic-neighbor interface)

Full Context

configure service vprn bgp group dynamic-neighbor interface

Description

Commands in this context configure an unnumbered VPRN access IP interface for dynamic neighbors.

If this interface connects to a network with other BGP routers, sessions with the other routers can be set up automatically without explicitly configuring them as BGP neighbors. The interface must be IPv6 enabled, but because the interface is considered unnumbered, it does not require an IPv4 address or a global-unicast IPv6 address. The sessions are set up using IPv6 link-local addresses.

The BGP unnumbered feature supports all address families that allow IPv6 link-local BGP next-hop addresses. This includes IPv4 with the use of RFC 8950 extensions.

When an interface is added to the list of dynamic-neighbor interfaces, an outgoing connection attempt is initiated toward any directly connected router on the interface that announces itself using an ICMPv6 router advertisement message. The session attempt is unsuccessful if the peer type is not EBGP, the reported AS number of the peer does not match one of the allowed values, or the maximum session limit of the interface would be exceeded.

The no form of this command removes the interface from the list of dynamic-neighbor interfaces.

Parameters

ip-int-name

Specifies the name of a VPRN access IP interface, up to 32 characters.

Platforms

All

interface-a

interface-a

Syntax

interface-a

Context

[Tree] (config>fwd-path-ext>fpe>pw-port-ext interface-a)

Full Context

configure fwd-path-ext fpe pw-port-extension interface-a

Description

Commands in this context configure the parameters of network interface A of the PW port extension FPE.

Platforms

All

interface-a

Syntax

interface-a

Context

[Tree] (config>fwd-path-ext>fpe>srv6 interface-a)

Full Context

configure fwd-path-ext fpe srv6 interface-a

Description

This command enables the context to configure the parameters of the network interface-a of the SRv6 FPE.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

interface-b

interface-b

Syntax

interface-b

Context

[Tree] (config>fwd-path-ext>fpe>pw-port-ext interface-b)

Full Context

configure fwd-path-ext fpe pw-port-extension interface-b

Description

Commands in this context configure the parameters of network interface B of the PW port extension FPE.

Platforms

All

interface-b

Syntax

interface-b

Context

[Tree] (config>fwd-path-ext>fpe>srv6 interface-b)

Full Context

configure fwd-path-ext fpe srv6 interface-b

Description

This command enables the context to configure the parameters of the network interface-b of the SRv6 FPE.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

interface-disable-sample

interface-disable-sample

Syntax

[no] interface-disable-sample

Context

[Tree] (config>filter>ipv6-filter>entry interface-disable-sample)

[Tree] (config>filter>ip-filter>entry interface-disable-sample)

Full Context

configure filter ipv6-filter entry interface-disable-sample

configure filter ip-filter entry interface-disable-sample

Description

This command disables cflowd sampling for packets matching this filter entry, for the IP interface set to cflowd interface mode. This allows the option to not sample specific types of traffic when interface sampling is enabled.

If the cflowd is either not enabled or set to cflowd acl mode, this command is ignored.

The no form of this command enables sampling.

Default

no interface-disable-sample

Platforms

All

interface-id

interface-id

Syntax

interface-id [ascii-tuple]

interface-id ifindex

interface-id sap-id

interface-id string string

no interface-id

Context

[Tree] (config>service>vprn>if>ipv6>dhcp6>option interface-id)

[Tree] (config>service>ies>if>ipv6>dhcp6>option interface-id)

Full Context

configure service vprn interface ipv6 dhcp6-relay option interface-id

configure service ies interface ipv6 dhcp6-relay option interface-id

Description

This command enables the sending of interface ID options in the DHCPv6 relay packet.

The no form of this command disables the sending of interface ID options in the DHCPv6 relay packet.

Parameters

ascii-tuple

Specifies that the ASCII-encoded concatenated tuple is used which consists of the access-node-identifier, service-id, and interface-name, separated by "| ”.

ifindex

Specifies that the interface index is used. The If Index of a router interface can be displayed using the show>router>interface>detail command.

sap-id

Specifies that the SAP identifier is used.

string

Specifies that a string is used.

string

Specifies a string of up to 80 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

interface-id

Syntax

interface-id [ascii-tuple]

interface-id ifindex

interface-id sap-id

interface-id string string

no interface-id

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>option interface-id)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 option interface-id

Description

This command enables the sending of interface ID options in the DHCPv6 relay packet.

The no form of this command disables the sending of interface ID options in the DHCPv6 relay packet.

Parameters

ascii-tuple

Specifies that the ASCII-encoded concatenated tuple is used which consists of the access-node-identifier, service-id, and interface-name, separated by "| ”.

ifindex

Specifies that the interface index is used (the If Index of a router interface can be displayed using the command show>router>if>detail).

sap-id

Specifies that the SAP identifier is used.

string

Specifies a string, up to 32 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interface-id

Syntax

interface-id [ascii-tuple]

interface-id [vlan-ascii-tuple]

no interface-id

Context

[Tree] (config>service>vpls>sap>dhcp6>ldra>options interface-id)

Full Context

configure service vpls sap dhcp6 ldra options interface-id

Description

This command enables the sending of interface ID options in the DHCPv6 LDRA.

The no form of this command disables the sending of interface ID options in the DHCPv6 LDRA.

Parameters

ascii-tuple

Specifies the use of the ASCII-encoded concatenated tuple, which consists of the system name, service-id, and sap-id separated by "| ”.

vlan-ascii-tuple

Specifies the use of the ASCII-encoded concatenated tuple enhanced with VLAN ID and dot1p bits, consisting of the system name, service-id, sap-id, dot1p-inner-vlan, and inner-vplan-id, separated by "| ”.

Platforms

All

interface-id-mapping

interface-id-mapping

Syntax

[no] interface-id-mapping

Context

[Tree] (config>service>vprn>dhcp6>server interface-id-mapping)

[Tree] (config>router>dhcp6>server interface-id-mapping)

Full Context

configure service vprn dhcp6 local-dhcp-server interface-id-mapping

configure router dhcp6 local-dhcp-server interface-id-mapping

Description

This command enables the behavior where unique /64 prefix is allocated per interface-id, and all clients having the same interface-id get an address allocated out of this /64 prefix for DHCP6. This is relevant for bridged clients behind the same local-loop (and same SAP), where sharing the same prefix allows communication between bridged clients behind the same local-loop to stay local. For SLAAC based assignment, downstream neighbor-discovery is automatically enabled to resolve the assigned address.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interface-list

interface-list

Syntax

interface-list

Context

[Tree] (config>cflowd>collector>exp-filter interface-list)

Full Context

configure cflowd collector export-filter interface-list

Description

Commands in this context allow the administrator to specify which interface’s flow data should be exported to the associated collector.

Cflowd Export Filter Precedence describes the cflowd export filter precedence.

Table 2. Cflowd Export Filter Precedence

Family Filter

Router Filter

Interface Filter

Export to Collector

0

0

0

export all

0

0

1

export if matched interface only

0

1

0

export if matched router only

0

1

1

export if router match *OR* interface match

1

0

0

not exported due to family exclusion filter

1

0

1

not exported due to family exclusion filter

1

1

0

not exported due to family exclusion filter

1

1

1

not exported due to family exclusion filter

Platforms

All

interface-parameters

interface-parameters

Syntax

interface-parameters

Context

[Tree] (config>router>ldp interface-parameters)

Full Context

configure router ldp interface-parameters

Description

Commands in this context configure LDP interfaces and parameters applied to LDP interfaces. The user can configure different default parameters for IPv4 and IPv6 LDP interfaces by entering ipv4 or ipv6 as the next command.

Platforms

All

interface-subnets

interface-subnets

Syntax

interface-subnets [service service-id] interface-name

no interface-subnets

Context

[Tree] (config>router>policy-options>policy-statement>entry>from interface-subnets)

Full Context

configure router policy-options policy-statement entry from interface-subnets

Description

This command configures the applied router instance and interfaces that are used as matching condition within each policy-statement entry. A maximum of 10 interface-name entries is supported, and all entries must belong to the same routing context (either base or service). The interface subnet policy-statement match criterion is applied to the following unicast use case contexts:

  • export, when used with OSPFv2, OSPFv3, IS-IS, RIP, RIPng, and BGP

  • route-table-import, when used with BGP

  • vrf-export, when used with MP-BGP

The no form of this command removes all policies from the configuration.

Default

no interface-subnets

Parameters

service

Specifies the context in which the configured interface exists. By default, the base routing instance is assumed. However, the configured service context is used only when the service is configured.

service-id

Specifies the service ID of the service to match.

Values

service-id — 1 to 2147483647

svc-name — 64 characters maximum

interface-name

Specifies the interface name, up to 32 characters, to match when exporting the IP address of the associated interface to a routing protocol.

Platforms

All

interface-support-enable

interface-support-enable

Syntax

[no] interface-support-enable

Context

[Tree] (config>port>ethernet>eth-cfm>mep>ais-enable interface-support-enable)

Full Context

configure port ethernet eth-cfm mep ais-enable interface-support-enable

Description

This command enables and disables the generation of AIS PDUs based on the associated endpoint state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interface-support-enable

Syntax

[no] interface-support-enable

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep>ais interface-support-enable)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>ais interface-support-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep>ais interface-support-enable)

[Tree] (config>service>epipe>sap>eth-cfm>mep>ais interface-support-enable)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>ais interface-support-enable)

Full Context

configure service epipe spoke-sdp eth-cfm mep ais-enable interface-support-enable

configure service vpls spoke-sdp eth-cfm mep ais-enable interface-support-enable

configure service vpls sap eth-cfm mep ais-enable interface-support-enable

configure service epipe sap eth-cfm mep ais-enable interface-support-enable

configure service vpls mesh-sdp eth-cfm mep ais-enable interface-support-enable

Description

This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on DOWN MEPs are triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled, then transmission of the AIS PDU is based on either the non-operational state of the entity or on any CCM defect condition. AIS generation ceases if both the operational state is UP and the CCM has no defect conditions. If the MEP is not CCM-enabled then the operational state of the entity is the only consideration, assuming this command is present for the MEP. By default, AIS is not generated or stopped based on the state of the entity on which the DOWN MEP is configured.

The no form of this command disables the AIS function to consider the operational state of the entity on which it is configured.

Default

no interface-support-enabled

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interface-support-enable

Syntax

[no] interface-support-enable

Context

[Tree] (config>service>ies>sap>eth-cfm>mep>ais-enable interface-support-enable)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>ais-enable interface-support-enable)

[Tree] (config>service>ies>spoke-sdp>eth-cfm>mep>ais-enable interface-support-enable)

Full Context

configure service ies sap eth-cfm mep ais-enable interface-support-enable

configure service ies subscriber-interface group-interface sap eth-cfm mep ais-enable interface-support-enable

configure service ies spoke-sdp eth-cfm mep ais-enable interface-support-enable

Description

This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on DOWN MEPs will be triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled then transmission of the AIS PDU will be based on either the non-operational state of the entity or on any CCM defect condition. AIS generation will cease if BOTH operational state is UP and CCM has no defect conditions. If the MEP is not CCM enabled then the operational state of the entity is the only consideration assuming this command is present for the MEP.

Default

no interface-support-enable (AIS will not be generated or stopped based on the state of the entity on which the DOWN MEP is configured).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

interface-support-enable

Syntax

[no] interface-support-enable

Context

[Tree] (config>service>vprn>spoke-sdp>eth-cfm>mep>ais-enable interface-support-enable)

[Tree] (config>service>vprn>sap>eth-cfm>mep>ais-enable interface-support-enable)

Full Context

configure service vprn spoke-sdp eth-cfm mep ais-enable interface-support-enable

configure service vprn sap eth-cfm mep ais-enable interface-support-enable

Description

This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on DOWN MEPs will be triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled then transmission of the AIS PDU will be based on either the non-operational state of the entity or on ANY CCM defect condition. AIS generation will cease if BOTH operational state is UP and CCM has no defect conditions. If the MEP is not CCM enabled then the operational state of the entity is the only consideration assuming this command is present for the MEP.

The no form of this command means that AIS will not be generated or stopped based on the state of the entity on which the DOWN MEP is configured.

Default

no interface-support-enable

interface-type

interface-type

Syntax

interface-type {gn | s2a | s2b | s11}

no interface-type

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile interface-type)

Full Context

configure subscriber-mgmt gtp peer-profile interface-type

Description

This command specifies the interface applicable for communications to the peer. If the interface type does not match the given context in an uplink context, the peer setup will fail.

The no form of this command reverts to the default value.

Default

interface-type s2a

Parameters

gn

Signaling interface with the peer is Gn as specified in 3GPP TS 29.060.

s2a

Signaling interface with the peer is s2a as specified in 3GPP TS 29.274.

s2b

Signaling interface with the peer is s2b as specified in 3GPP TS 29.274.

s11

Signaling interface with the peer is s11 as specified in 3GPP TS 29.274.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

interface-type

Syntax

interface-type {broadcast | point-to-point}

no interface-type

Context

[Tree] (config>service>vprn>isis>if interface-type)

Full Context

configure service vprn isis interface interface-type

Description

This command configures the IS-IS interface type as either broadcast or point-to-point.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the designated IS-IS overhead if the link is used as a point-to-point.

If the interface type is not known at the time the interface is added to IS-IS and subsequently the IP interface is bound (or moved) to a different interface type, then this command must be entered manually.

The no form of this command reverts to the default value.

Default

point-to-point — For IP interfaces on SONET channels.

broadcast — For IP interfaces on Ethernet or unknown type physical interfaces.

Parameters

broadcast

Configures the interface to maintain this link as a broadcast network.

point-to-point

Configures the interface to maintain this link as a point-to-point link.

Platforms

All

interface-type

Syntax

interface-type {broadcast | point-to-point | non-broadcast | p2mp-nbma}

no interface-type

Context

[Tree] (config>service>vprn>ospf>area>if interface-type)

[Tree] (config>service>vprn>ospf3>area>if interface-type)

Full Context

configure service vprn ospf area interface interface-type

configure service vprn ospf3 area interface interface-type

Description

This command configures the interface type to:

  • broadcast
  • non-broadcast
  • point-to-point
  • point-to-multipoint on a link without broadcast or multicast support

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead if the Ethernet link provided the link is used as a point-to-point.

For subscriber interfaces, configure the adjacent interface (CPE) with interface type point-to-point. For subscriber interfaces, when the interface is configured as P2MP-NBMA, the subscriber interface becomes an active OPSF interface, allowing it to both send and receive OSPF LSAs. For all other interface types, subscriber interfaces remain as passive OSPF interfaces by default.

The no form of this command reverts to the default value.

Default

point-to-point — If the physical interface is SONET.

broadcast — If the physical interface is Ethernet or unknown.

Parameters

broadcast

Specifies the interface as a broadcast network. To significantly improve adjacency forming and network convergence, configure the network as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.

point-to-point

Specifies the interface as a point-to-point link. Set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead if the Ethernet link provided is used as a point-to-point.

non-broadcast

Specifies the interface as a non-broadcast network.

p2mp-nbma

Specifies the interface as a point-to-multipoint on a link without broadcast or multicast support. No designated router or backup designated router is elected on this type of interface and all OSPF neighbors connect through individual point-to-point links. Only VPRN and IES services interfaces support this interface type.

Platforms

All

interface-type

Syntax

interface-type {ds1 [{esf | sf}] | e1 [{pcm30crc | pcm31crc}]}

no interface-type

Context

[Tree] (config>system>sync-if-timing>bits interface-type)

Full Context

configure system sync-if-timing bits interface-type

Description

This command configures the Building Integrated Timing Source (BITS) timing reference.

The no form of the command reverts to the default configuration.

Default

interface-type ds1 esf

Parameters

ds1 esf

Specifies Extended Super Frame (ESF). This is a framing type used on DS1 circuits that consists of 24 192-bit frames, The 193rd bit provides timing and other functions.

ds1 sf

Specifies Super Frame (SF), also called D4 framing. This is a common framing type used on DS1 circuits. SF consists of 12 192-bit frames. The 193rd bit provides error checking and other functions. ESF supersedes SF.

e1 pcm30crc

Specifies the pulse code modulation (PCM) type. PCM30CRC uses PCM to separate the signal into 30 user channels with CRC protection.

e1 pcm31crc

Specifies the pulse code modulation (PCM) type. PCM31CRC uses PCM to separate the signal into 31 user channels with CRC protection.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interface-type

Syntax

interface-type {broadcast | point-to-point}

no interface-type

Context

[Tree] (config>router>isis>interface interface-type)

Full Context

configure router isis interface interface-type

Description

This command configures the IS-IS interface type as either broadcast or point-to-point.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the designated IS-IS overhead if the link is used as a point-to-point.

If the interface type is not known at the time the interface is added to IS-IS and subsequently the IP interface is bound (or moved) to a different interface type, then this command must be entered manually.

The no form of this command reverts to the default value.

Default

interface-type point-to-point — For IP interfaces on SONET channels.

interface-type broadcast — For IP interfaces on Ethernet or unknown type physical interfaces.

Parameters

broadcast

Configures the interface to maintain this link as a broadcast network.

point-to-point

Configures the interface to maintain this link as a point-to-point link.

Platforms

All

interface-type

Syntax

interface-type {broadcast | point-to-point | non-broadcast | p2mp-nbma}

no interface-type

Context

[Tree] (config>router>ospf>area>interface interface-type)

[Tree] (config>router>ospf3>area>interface interface-type)

Full Context

configure router ospf area interface interface-type

configure router ospf3 area interface interface-type

Description

This command configures the interface type to:

  • broadcast
  • non-broadcast
  • point-to-point
  • point-to-multipoint on a link without broadcast or multicast support

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead of the Ethernet link provided the link is used as point-to-point.

For subscriber interfaces, configure the adjacent interface (CPE) with interface type point-to-point. For subscriber interfaces, when the interface is configured as P2MP-NBMA, the subscriber interface becomes an active OPSF interface, allowing it to both send and receive OSPF LSAs. For all other interface types, subscriber interfaces remain as passive OSPF interfaces by default.

The no form of this command returns the setting to the default value.

Default

interface-type point-to-point (if the physical interface is SONET)

interface-type broadcast (if the physical interface is Ethernet or unknown)

Parameters

broadcast

Specifies the interface as a broadcast network. To significantly improve adjacency forming and network convergence, configure a network as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.

point-to-point

Specifies the interface as a point-to-point link. Set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead if the Ethernet link provided is used as a point-to-point.

non-broadcast

Specifies the interface as a non-broadcast network.

p2mp-nbma

Specifies the interface as a point-to-multipoint on a link without broadcast or multicast support. No designated router or backup designated router is elected on this type of interface and all OSPF neighbors connect through individual point-to-point links. Only VPRN and IES services interfaces support this interface type.

Platforms

All

interface-type

Syntax

interface-type {client-facing | network-facing}

no interface-type

Context

[Tree] (config>service>vpls>sap>dhcp6>ldra interface-type)

Full Context

configure service vpls sap dhcp6 ldra interface-type

Description

This command configures LDRA interface type as either client or network facing.

The no form of this command reverts to the default value.

Default

no interface-type

Parameters

client-facing

Configures the SAP as an untrusted client-facing interface. Only DHCPv6 client messages are accepted and encapsulated in a Relay-Forward message. It is mandatory to configure an interface ID for client-facing SAPs. Relay-Forward, Relay-Reply, and DHCPv6 server messages are silently dropped when received on a client-facing SAP

network-facing

Configures the SAP as a network-facing interface. Only Relay-Reply messages are accepted: the server message is extracted from the Relay-Reply message and forwarded in the VPLS. All other DHCPv6 message types are silently dropped when received on a network-facing SAP.

Platforms

All

interim-credit

interim-credit

Syntax

interim-credit

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh interim-credit)

Full Context

configure subscriber-mgmt diameter-application-policy gy extended-failure-handling interim-credit

Description

Commands in this context configure interim credit parameters for Extended Failure Handling (EFH).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interim-update

interim-update

Syntax

interim-update

interim-update include-counters [hold-down seconds]

no interim-update

Context

[Tree] (config>service>vprn>wlan-gw>mobility-triggered-acct interim-update)

[Tree] (config>router>wlan-gw>mobility-triggered-acct interim-update)

Full Context

configure service vprn wlan-gw mobility-triggered-acct interim-update

configure router wlan-gw mobility-triggered-acct interim-update

Description

This command enables the inclusion of counters with a hold-down time option in mobility-triggered interim updates. When enabled, to disable the inclusion of counters, interim updates must be disabled and then re-enabled without the include-counters keyword. By default, the hold-down time is not imposed.

The no form of this command disables generation of flash interim accounting updates to RADIUS when change in location of the UE is detected.

Default

no interim-update

Parameters

include-counters

Specifies the inclusion of counters in mobility-triggered interim updates.

seconds

Specifies the time, in seconds, that must elapse after a mobility-triggered interim with counters sent for the next mobility-triggered interim with counters to be sent.

Values

60 to 864000

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

interim-update-interval

interim-update-interval

Syntax

interim-update-interval minutes

no interim-update-interval

Context

[Tree] (config>app-assure>rad-acct-plcy interim-update-interval)

Full Context

configure application-assurance radius-accounting-policy interim-update-interval

Description

This command configures the interim update interval.

The no form of this command reverts to the default.

Default

no interim-update-interval

Parameters

minutes

Specifies the interval at which subscriber accounting data will be updated. If set no value is specified then no interim updates will be sent.

Values

5 to 1080

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

interleave

interleave

Syntax

[no] interleave

Context

[Tree] (config>router>l2tp>group>mlppp interleave)

[Tree] (config>service>vprn>l2tp>group>mlppp interleave)

Full Context

configure router l2tp group mlppp interleave

configure service vprn l2tp group mlppp interleave

Description

This command is applicable only to LNS. Interleaving is supported only on MLPPPoX bundles that contain a single member link. If more than one link is present in the MLPPPoX bundle, interleaving is automatically disabled and a TRAP/log (tmnxMlpppBundleIndicatorsChange) is generated.

The minimum supported rate of the link on which interleaving is performed is 1 kb/s.

If configured at this level, interleaving is enabled on all tunnels within the group, unless it is explicitly disable per tunnel.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

interleave

Syntax

interleave {always | never}

no interleave

Context

[Tree] (config>service>vprn>l2tp>group>tunnel>mlppp interleave)

[Tree] (config>router>l2tp>group>tunnel>mlppp interleave)

Full Context

configure service vprn l2tp group tunnel mlppp interleave

configure router l2tp group tunnel mlppp interleave

Description

This command configures the user of link fragmentation and interleaving and is applicable only to LNS. Interleaving is supported only on MLPPPoX bundles that contain a single member link. If more than one link is present in the MLPPPoX bundle, interleaving is automatically disabled and a TRAP/log (tmnxMlpppBundleIndicatorsChange) is generated.

The minimum supported rate of the link on which interleaving is performed is 1 kb/s.

Interleaving configured on this level overwrites the configuration option under the group hierarchy. If the no form of this command is configured for interleaving at this level, the interleaving configuration inherits the configuration option configured under the L2TP group.

The no form of this command reverts to the default.

Parameters

always

Always perform interleaving on single linked MLPPPoX sessions within this tunnel, regardless of the configuration option for interleaving under the group level.

never

Never perform interleaving on single linked MLPPPoX sessions within this tunnel, regardless of the configuration option for interleaving under the group level.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

interleave

Syntax

[no] interleave

Context

[Tree] (config>service>vprn>if>sap>frame-relay>frf.12 interleave)

Full Context

configure service vprn interface sap frame-relay frf.12 interleave

Description

This command enables interleaving of high priority frames and low-priority frame fragments within a FR SAP using FRF.12 end-to-end fragmentation.

When this option is enabled, only frames of the FR SAP non expedited forwarding class queues are subject to fragmentation. The frames of the FR SAP expedited queues are interleaved, with no fragmentation header, among the fragmented frames. In effect, this provides a behavior like in MLPPP Link Fragment Interleaving (LFI).

When this option is disabled, frames of all the FR SAP forwarding class queues are subject to fragmentation. The fragmentation header is however not included when the frame size is smaller than the user configured fragmentation size. In this mode, the SAP transmits all fragments of a frame before sending the next full or fragmented frame.

The receive direction of the FR SAP supports both modes of operation concurrently, with and without fragment interleaving.

The no form of this command restores the default mode of operation.

Default

no interleave

internal-ip4-address

internal-ip4-address

Syntax

[no] internal-ip4-address

Context

[Tree] (config>ipsec>ike-policy>relay-unsol-attr internal-ip4-address)

Full Context

configure ipsec ike-policy relay-unsolicited-cfg-attribute internal-ip4-address

Description

This command will return IPv4 address from source (such as a RADIUS server) to IKEv2 remote-access tunnel client regardless if the client has requested it in the CFG_REQUEST payload.

Default

no internal-ip4-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

internal-ip4-dns

internal-ip4-dns

Syntax

[no] internal-ip4-dns

Context

[Tree] (config>ipsec>ike-policy>relay-unsol-attr internal-ip4-dns)

Full Context

configure ipsec ike-policy relay-unsolicited-cfg-attribute internal-ip4-dns

Description

This command will return IPv4 DNS server address from source (such as a RADIUS server) to IKEv2 remote-access tunnel client regardless if the client has requested it in the CFG_REQUEST payload.

Default

no internal-ip4-dns

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

internal-ip4-netmask

internal-ip4-netmask

Syntax

[no] internal-ip4-netmask

Context

[Tree] (config>ipsec>ike-policy>relay-unsol-attr internal-ip4-netmask)

Full Context

configure ipsec ike-policy relay-unsolicited-cfg-attribute internal-ip4-netmask

Description

This command will return IPv4 netmask from source (such as a RADIUS server) to IKEv2 remote-access tunnel client regardless if the client has requested it in the CFG_REQUEST payload.

Default

no internal-ip4-netmask

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

internal-ip6-address

internal-ip6-address

Syntax

[no] internal-ip6-address

Context

[Tree] (config>ipsec>ike-policy>relay-unsol-attr internal-ip6-address)

Full Context

configure ipsec ike-policy relay-unsolicited-cfg-attribute internal-ip6-address

Description

This command will return IPv6 address from source (such as a RADIUS server) to IKEv2 remote-access tunnel client regardless if the client has requested it in the CFG_REQUEST payload.

Default

no internal-ip6-address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

internal-ip6-dns

internal-ip6-dns

Syntax

[no] internal-ip6-dns

Context

[Tree] (config>ipsec>ike-policy>relay-unsol-attr internal-ip6-dns)

Full Context

configure ipsec ike-policy relay-unsolicited-cfg-attribute internal-ip6-dns

Description

This command will return IPv6 DNS server address from source (RADIUS server) to IKEv2 remote-access tunnel client regardless if the client has requested it in the CFG_REQUEST payload.

Default

no internal-ip6-dns

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

internal-lease-ipsec

internal-lease-ipsec

Syntax

[no] internal-lease-ipsec

Context

[Tree] (config>service>vprn>dhcp6>server>lease-hold-time-for internal-lease-ipsec)

[Tree] (config>router>dhcp>server>lease-hold-time-for internal-lease-ipsec)

[Tree] (config>router>dhcp6>server>lease-hold-time-for internal-lease-ipsec)

[Tree] (config>service>vprn>dhcp>server>lease-hold-time-for internal-lease-ipsec)

Full Context

configure service vprn dhcp6 local-dhcp-server lease-hold-time-for internal-lease-ipsec

configure router dhcp local-dhcp-server lease-hold-time-for internal-lease-ipsec

configure router dhcp6 local-dhcp-server lease-hold-time-for internal-lease-ipsec

configure service vprn dhcp local-dhcp-server lease-hold-time-for internal-lease-ipsec

Description

This command enables the server to hold up the lease of local IPsec clients.

The no form of this command disables the ability of the server to hold up the lease of local IPsec clients.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

internal-scheduler-weight-mode

internal-scheduler-weight-mode

Syntax

internal-scheduler-weight-mode {default | force-equal | offered-load | capped-offered-load}

no internal-scheduler-weight-mode

Context

[Tree] (config>card>virt-sched-adj internal-scheduler-weight-mode)

Full Context

configure card virtual-scheduler-adjustment internal-scheduler-weight-mode

Description

This command specifies the internal scheduler (tier 0) weight mode for all ingress queues on a LAG on the card on which it is applied.

Default

internal-scheduler-weight-mode default

Parameters

default

Specifies that ingress queues are weighted based on port speed or, if configured, the hash weight.

force-equal

Specifies that the ingress queues are always equally weighted.

offered-load

Specifies that the ingress queues are weighted based on observed offered load.

capped-offered-load

Specifies that the ingress queues are weighted based on observed offered load capped by PIR.

Platforms

All

internal-scheduler-weight-mode

Syntax

internal-scheduler-weight-mode {default | force-equal | offered-load | capped-offered-load}

no internal-scheduler-weight-mode

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution internal-scheduler-weight-mode)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution internal-scheduler-weight-mode

Description

This command specifies the internal scheduler (tier 0) weight mode for the queues on a LAG on which the advanced configuration policy is applied.

Default

internal-scheduler-weight-mode default

Parameters

default

Specifies that queues are weighted based on the port speed or, if configured, the hash weight.

force-equal

Specifies that the queues are always equally weighted.

offered-load

Specifies that the queues are weighted based on the observed offered load.

capped-offered-load

Specifies that the queues are weighted based on the observed offered load capped by PIR.

Platforms

All

intersite-shared

intersite-shared

Syntax

intersite-shared [persistent-type5-adv] [ kat-type5-adv-withdraw]

no intersite-shared

Context

[Tree] (config>service>vprn>mvpn intersite-shared)

Full Context

configure service vprn mvpn intersite-shared

Description

This command specifies whether to use inter-site shared C-trees or not. Optional parameters allow enabling additional inter-site shared functionality. Not specifying an optional parameter when executing the command disables that parameter.

Default

n/a

Parameters

persistent-type5-adv

When specified for inter-site shared trees enabled, this parameter ensures that Type 5 SA routes are generated for the multicast source even if no joins are present for that source. When the parameter is not specified, the Type 5 SA routes are withdrawn where the prune from the last receiver is received for the multicast source.

kat-type5-adv-withdraw

When specified for inter-site shared trees, this parameter allows operators to enable KeepAlive Timers (KAT) on source PEs for ng-MVPN inter-site shared deployments. On a multicast source failure, a KAT expiry on source PEs will trigger a withdrawal of Type-5 Source-Active (S-A) route and switch from (C-S,C-G) to (C-*,C-G). When receiver PEs process reflected Type-5 S-A route withdrawals, they will withdraw their Type-7 ng-MVPN routes to the failed multicast source. The following conditions apply:

  • KAT must only be enabled on source PEs.

  • Functionality is supported with mLDP and RSVP-TE in the P-instance.

  • Local receiver per (C-S, C-G) must be configured on source PEs running KAT.

Platforms

All

interval

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>ccrt-replay interval)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>ccrt-replay interval)

Full Context

configure subscriber-mgmt diameter-application-policy gy ccrt-replay interval

configure subscriber-mgmt diameter-application-policy gx ccrt-replay interval

Description

This command specifies the interval at which CCR-T messages for Diameter Gx or Gy sessions that belong to the Diameter application policy are replayed, until a valid CCA-t response is received or until the configured max-lifetime period expires.

The no form of this command resets the interval to the default setting.

Default

interval 3600

Parameters

seconds

Specifies the interval at which the CCR-T messages are replayed for a gx session. The messages are replayed until a valid CCA-t response is received or until a 24 hour period expires, whichever comes first.

Values

60 to 86400

Default

3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>ccrt-replay interval)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>ccrt-replay interval)

Full Context

configure subscriber-mgmt diameter-application-policy gy ccrt-replay interval

configure subscriber-mgmt diameter-application-policy gx ccrt-replay interval

Description

This command specifies the interval at which CCR-T messages for Diameter Gx or Gy sessions that belong to the Diameter application policy are replayed, until a valid CCA-t response is received or until the configured max-lifetime period expires.

The no form of this command resets the interval to the default setting.

Default

interval 3600

Parameters

seconds

Specifies the interval at which the CCR-T messages are replayed for a gx session. The messages are replayed until a valid CCA-t response is received or until a 24 hour period expires, whichever comes first.

Values

60 to 86400

Default

3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interval

Syntax

interval interval

Context

[Tree] (config>redundancy>mc>peer>mcr>ring>cv interval)

[Tree] (config>redundancy>mc>peer>mc>l3-ring>cv interval)

Full Context

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify interval

configure redundancy multi-chassis peer multi-chassis l3-ring cv interval

Description

This command specifies the polling interval of the ring-node connectivity verification of this ring node.

The no form of this command reverts to the default.

Default

interval 5

Parameters

interval

Specifies the polling interval of the ring-node connectivity verification of this ring node.

Values

1 to 6000

Platforms

All

interval

Syntax

interval minutes

no interval

Context

[Tree] (config>subscr-mgmt>shcv-policy>periodic interval)

Full Context

configure subscriber-mgmt shcv-policy periodic interval

Description

This command specifies the time interval which all known sources should be verified. The actual rate is dependent on the number of known hosts and intervals.

The no form of this command reverts to the default.

Default

interval 30 minutes

Parameters

minutes

Specifies the interval, in minutes, between periodic connectivity checks.

Values

1 to 6000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>aaa>radius-srv-plcy>servers>health-check>test-account interval)

Full Context

configure aaa radius-server-policy servers health-check test-account interval

Description

This command specifies the intervals at which the test account will send its access requests to probe the RADIUS servers.

Default

interval 3

Parameters

seconds

Specifies the probing interval.

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interval

Syntax

interval seconds

Context

[Tree] (config>subscr-mgmt>pfcp-association>heartbeat interval)

Full Context

configure subscriber-mgmt pfcp-association heartbeat interval

Description

This command configures the interval between successive, successful heartbeats.

Default

interval 60

Parameters

seconds

Specifies the time frame, in seconds, between successive, successful heartbeats. This interval must be identical on both the BNG UPF and CPF. For information about the BNG CUPS CPF configuration, refer to the CMG BNG CUPS Control Plane Function Guide and the 7750 SR MG and CMG CLI Reference Guide.

Values

60 to 180

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

interval

Syntax

interval {1 | 60}

no interval

Context

[Tree] (config>port>ethernet>eth-cfm>mep>ais-enable interval)

[Tree] (config>lag>eth-cfm>mep>ais-enable interval)

Full Context

configure port ethernet eth-cfm mep ais-enable interval

configure lag eth-cfm mep ais-enable interval

Description

This command specifies the transmission interval of AIS messages in seconds.

The no form of this command reverts to the default values.

Parameters

1 | 60

The transmission interval of AIS messages, in seconds.

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval deci-seconds

no interval

Context

[Tree] (config>service>mac-notification interval)

Full Context

configure service mac-notification interval

Description

This command controls the frequency of subsequent MAC notification messages.

Parameters

deci-seconds

Specifies the frequency of subsequent MAC notification messages, in deciseconds

Values

1 to 100

Platforms

All

interval

Syntax

interval {1 | 60}

no interval

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep>ais-enable interval)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>ais-enable interval)

Full Context

configure service epipe sap eth-cfm mep ais-enable interval

configure service epipe spoke-sdp eth-cfm ais-enable interval

Description

This command specifies the transmission interval of AIS messages in seconds.

Parameters

1 | 60

Specifies the transmission interval of AIS messages in seconds.

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval deci-seconds

no interval

Context

[Tree] (config>service>vpls>mac-notification interval)

Full Context

configure service vpls mac-notification interval

Description

This command controls the frequency of subsequent MAC notification messages.

By default, this command inherits the chassis level configuration from config>service> mac-notification.

Parameters

deci-seconds

Specifies the frequency of subsequent MAC notification messages, in deciseconds.

Values

1 to 100

Platforms

All

interval

Syntax

interval {1 | 60}

no interval

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>ais-enable interval)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>ais-enable interval)

Full Context

configure service vpls spoke-sdp eth-cfm mep ais-enable interval

configure service vpls mesh-sdp eth-cfm mep ais-enable interval

Description

This command specifies the transmission interval of AIS messages in seconds.

Parameters

1 | 60

The transmission interval of AIS messages in seconds

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>service>vprn>static-route-entry>indirect>cpe-check interval)

[Tree] (config>service>vprn>static-route-entry>next-hop>cpe-check interval)

Full Context

configure service vprn static-route-entry indirect cpe-check interval

configure service vprn static-route-entry next-hop cpe-check interval

Description

This optional parameter specifies the interval between ICMP pings to the target IP address.

Default

interval 1

Parameters

seconds

An integer interval value.

Values

1 to 255

Platforms

All

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>router>mpls>lsp-self-ping interval)

Full Context

configure router mpls lsp-self-ping interval

Description

This command configures the interval at which LSP Self Ping packets are periodically sent on a candidate path of an RSVP LSP. This value is used for all LSPs that have LSP Self Ping enabled.

The no form of this command reverts to the default value.

Default

interval 1

Parameters

seconds

Specifies the value, in seconds, used as the fast retry timer for a secondary path.

Values

1 to 10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval {one-time | minimum-interval}

Context

[Tree] (config>app-assure>group>http-notif interval)

Full Context

configure application-assurance group http-notification interval

Description

This command configures the minimum interval in between notification messages. It can be set to one-time or a value in minutes from 1 to 1440.

The no form of this command removes the interval from the http-notification policy.

Default

interval one-time

Parameters

minimum-interval

Represents the minimum interval value in minutes in between two http notifications.

Values

1 to 1440

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

interval

Syntax

interval seconds

Context

[Tree] (config>ipsec>tnl-temp>icmp6-gen>pkt-too-big interval)

[Tree] (config>router>if>ipsec-tunnel>icmp-gen>pkt-too-big interval)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>icmp6-gen>pkt-too-big interval)

Full Context

configure ipsec tunnel-template icmp6-generation pkt-too-big interval

configure router interface ipsec-tunnel icmp-gen pkt-too-big interval

configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval

Description

This command configures the maximum interval during which messages can be sent.

Parameters

seconds

Specifies the maximum interval during which messages can be sent, in seconds.

Values

1 to 60

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template icmp6-generation pkt-too-big interval

VSR

  • configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval

interval

Syntax

interval seconds

Context

[Tree] (config>ipsec>tnl-temp>icmp6-gen>pkt-too-big interval)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>icmp6-gen>pkt-too-big interval)

[Tree] (config>service>ies>if>ipsec-tunnel>icmp6-gen>pkt-too-big interval)

[Tree] (config>router>if>ipsec-tunnel>icmp6-gen>pkt-too-big interval)

[Tree] (config>service>vprn>if>sap>ipsec-tun>icmp6-gen>pkt-too-big interval)

Full Context

configure ipsec tunnel-template icmp6-generation pkt-too-big interval

configure service vprn interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval

configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval

configure router interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval

configure service vprn interface sap ipsec-tunnel icmp6-generation pkt-too-big interval

Description

This command configures the interval for sending ICMPv6 Packet Too Big (code 2) messages. The maximum number of messages that can be sent during the interval is configured by the message-count command.

The no form of the command reverts to the default value.

Default

interval 10

Parameters

seconds

Specifies the time, in seconds, for sending 'message-count’ ICMPv6 messages.

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template icmp6-generation pkt-too-big interval
  • configure service vprn interface sap ipsec-tunnel icmp6-generation pkt-too-big interval

VSR

  • configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval
  • configure router interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval
  • configure service vprn interface ipsec ipsec-tunnel icmp6-generation pkt-too-big interval

interval

Syntax

interval minutes

no interval

Context

[Tree] (config>test-oam>ldp-treetrace>path-discovery interval)

Full Context

configure test-oam ldp-treetrace path-discovery interval

Description

This command configures the frequency of the LDP ECMP OAM path discovery. Every interval, the node sends LSP trace messages to attempt to discover the entire ECMP path tree for a given destination FEC.

The no form of this command removes the value from the configuration.

Default

no interval

Parameters

minutes

Specifies the number of minutes to wait before repeating the LDP tree auto discovery process.

Values

60 to 1440

Platforms

All

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>test-oam>icmp>ping-template interval)

Full Context

configure test-oam icmp ping-template interval

Description

This command configures the packet transmit interval used when the interface is operational and possibly transitioning from up to down, but not down to up, because of the ping-template function.

The no form of this command reverts to the default value.

Default

interval 60

Parameters

seconds

Sets the packet transmit interval, in seconds, when the interface is operational.

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval minutes

no interval

Context

[Tree] (config>test-oam>ldp-treetrace>path-probing interval)

Full Context

configure test-oam ldp-treetrace path-probing interval

Description

This command configures the frequency of the LSP Ping messages used in the path probing phase to probe the paths of all LDP FECs discovered by the LDP tree trace path discovery.

The no form of this command resets the interval to its default value.

Default

no interval

Parameters

minutes

Specifies the number of minutes to probe all active ECMP paths for each LDP FEC.

Values

1 to 60

Platforms

All

interval

Syntax

interval interval

no interval

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy interval)

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy interval)

[Tree] (config>saa>test>type-multi-line>lsp-ping interval)

Full Context

configure saa test type-multi-line lsp-ping sr-policy interval

configure saa test type-multi-line lsp-trace sr-policy interval

configure saa test type-multi-line lsp-ping interval

Description

This command configures the number of seconds to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

The no form of this command reverts to the default value.

Default

interval 1

Parameters

interval

Specifies the number of seconds to wait before the next message request is sent.

Values

1 to 10

Default

1

Platforms

All

interval

Syntax

interval milliseconds

no interval

Context

[Tree] (config>oam-pm>session>ethernet>lmm interval)

[Tree] (config>oam-pm>session>ethernet>dmm interval)

Full Context

configure oam-pm session ethernet lmm interval

configure oam-pm session ethernet dmm interval

Description

This command defines the message period or probe spacing for the transmission of the DMM or LMM frame.

The no form of this command sets the interval to the default. If an LMM test is in no shutdown state, it always has timing parameters, whether default or operator configured.

Parameters

milliseconds

Specifies the number of milliseconds between the transmission of the DMM or LMM frames. The default value for the DMM or LMM interval is different than the default interval for SLM. This is intentional.

Values

50, 100, 200, 300, 400, 500, 600, 700, 800, 900, 1000, 10000

Default

1000

Platforms

All

interval

Syntax

interval milliseconds

no interval

Context

[Tree] (config>oam-pm>session>ip>twamp-light interval)

Full Context

configure oam-pm session ip twamp-light interval

Description

This command defines the message period, or probe spacing, for transmitting a TWAMP Light frame.

The no form of this command sets the interval to the default value.

Default

interval 1000

Parameters

milliseconds

Specifies the number of milliseconds between TWAMP Light frame transmission.

Values

50, 100, 200, 300, 400, 500, 600, 700, 800, 900, 1000, 10000

Default

1000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval milliseconds

no interval

Context

[Tree] (config>oam-pm>session>mpls>dm interval)

Full Context

configure oam-pm session mpls dm interval

Description

This command defines the message period, or probe spacing, to transmit a DM frame.

The no form of this command sets the interval to the default value.

Parameters

milliseconds

Specifies the number of milliseconds between DM frame transmissions.

Values

1000, 2000, 3000, 4000, 5000, 6000, 7000, 8000, 9000, 10000

Default

1000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval [seconds]

no interval

Context

[Tree] (config>filter>redirect-policy>dest>ping-test interval)

Full Context

configure filter redirect-policy destination ping-test interval

Description

This command specifies the amount of time, in seconds, between consecutive requests sent to the far end host.

Default

interval 1

Parameters

seconds

Specifies the amount of time, in seconds, between consecutive requests sent to the far end host.

Values

1 to 60

Platforms

All

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>router>static-route-entry>next-hop>cpe-check interval)

[Tree] (config>router>static-route-entry>indirect>cpe-check interval)

Full Context

configure router static-route-entry next-hop cpe-check interval

configure router static-route-entry indirect cpe-check interval

Description

This optional parameter specifies the interval between ICMP pings to the target IP address.

Default

interval 1

Parameters

seconds

Specifies the interval value, in seconds.

Values

1 to 255

Platforms

All

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>vrrp>priority-event>host-unreachable interval)

Full Context

configure vrrp priority-event host-unreachable interval

Description

This command configures the number of seconds between host unreachable priority event ICMP echo request messages directed to the host IP address.

The no form of the command reverts to the default value.

Default

interval 1

Parameters

seconds

Specifies the number of seconds between the ICMP echo request messages sent to the host IP address for the host unreachable priority event.

Values

1 to 60

interval

Syntax

interval seconds

no interval

Context

[Tree] (config>system>cron>sched interval)

Full Context

configure system cron schedule interval

Description

This command specifies the interval between runs of an event.

Default

no interval

Parameters

seconds

Specifies the interval, in seconds, between runs of an event.

Values

30 to 42949672

Platforms

All

interval

Syntax

interval interval

no interval

Context

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive interval)

[Tree] (config>system>telemetry>destination-group>tcp-keepalive interval)

[Tree] (config>system>grpc>tcp-keepalive interval)

Full Context

configure system grpc-tunnel destination-group tcp-keepalive interval

configure system telemetry destination-group tcp-keepalive interval

configure system grpc tcp-keepalive interval

Description

This command configures the amount of time, in seconds, between successive TCP keepalive probes sent by the router.

The no form of this command reverts to the default value.

Default

interval 15

Parameters

interval

Specifies the number of seconds between TCP keepalive probes.

Values

1 to 100000

Default

15

Platforms

All

interval

Syntax

interval seconds

Context

[Tree] (config>ipsec>tnl-temp>icmp-gen>frag-required interval)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel>icmp-generation>frag-required interval)

[Tree] (config>service>vprn>if>sap>ip-tunnel>icmp-generation>frag-required interval)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>icmp-generation>frag-required interval)

[Tree] (config>router>if>ipsec>ipsec-tunnel>icmp-generation>frag-required interval)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>icmp-generation>frag-required interval)

Full Context

configure ipsec tunnel-template icmp-generation frag-required interval

configure service vprn interface sap ipsec-tunnel icmp-generation frag-required interval

configure service vprn interface sap ip-tunnel icmp-generation frag-required interval

configure service vprn interface ipsec ipsec-tunnel icmp-generation frag-required interval

configure router interface ipsec ipsec-tunnel icmp-generation frag-required interval

configure service ies interface ipsec ipsec-tunnel icmp-generation frag-required interval

Description

This command configures the interval for sending ICMP Destination Unreachable "fragmentation needed and DF set" messages (type 3, code 4). The maximum number of messages that can be sent during the interval is configured by the message-count command.

The no form of the command reverts to the default value.

Default

interval 10

Parameters

seconds

Specifies the time, in seconds, for sending ICMPv6 Destination Unreachable "fragmentation needed and DF set" messages (type 3, code 4).

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ip-tunnel icmp-generation frag-required interval
  • configure service vprn interface sap ipsec-tunnel icmp-generation frag-required interval
  • configure ipsec tunnel-template icmp-generation frag-required interval

VSR

  • configure service vprn interface ipsec ipsec-tunnel icmp-generation frag-required interval
  • configure router interface ipsec ipsec-tunnel icmp-generation frag-required interval
  • configure service ies interface ipsec ipsec-tunnel icmp-generation frag-required interval

interval

Syntax

interval seconds

Context

[Tree] (config>test-oam>link-meas>template interval)

Full Context

configure test-oam link-measurement measurement-template interval

Description

This command configures the length of time between test packet transmission.

Default

interval 1

Parameters

seconds

Specifies the elapsed time between transmission of test packets for the specified template

Values

1 to 10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

interval

Syntax

interval seconds

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check interval)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check interval)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check interval

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check interval

Description

This command configures the interval between ICMP pings to the target CPE IP address.

Default

interval 1

Parameters

seconds

Specifies the interval value, in seconds.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

intervals-stored

intervals-stored

Syntax

intervals-stored intervals

no intervals-stored

Context

[Tree] (config>oam-pm>session>meas-interval intervals-stored)

Full Context

configure oam-pm session meas-interval intervals-stored

Description

This command defines the number of completed measurement intervals per session to be stored in volatile system memory. The entire block of memory is allocated for the measurement interval when the test is active ( no shutdown) to ensure memory is available. The numbers are increasing from 1 to the configured value + 1. The active pm data is stored in the interval number 1 and older runs are stored, in order, to the upper most number with the oldest rolling off when the number of completed measurement intervals exceeds the configured value+1. As new test measurement intervals complete for the session, the stored intervals are renumbered to maintain the described order. Use caution when setting this value. There must be a balance between completed runs stored in volatile memory and the use of the write-to-flash function of the accounting policy.

The 5-mins and 15-mins measurement intervals share the same (1 to 96) retention pool. In the event that both intervals are required, the sum total of both intervals cannot exceed 96. The 1-hour and 1-day measurement intervals utilize their own ranges.

If this command is omitted when configuring the measurement interval, the default value is used.

The no form of the command reverts to the default.

Default

intervals-stored 1

Parameters

intervals

Specifies the number of measurement intervals.

Values

5-mins: 1 to 96

15-mins: 1 to 96

1-hour: 1 to 24

1-day: 1

Default

5-mins: 32

15-mins: 32

1-hour: 8

1-day: 1

Platforms

All

invert-data

invert-data

Syntax

[no] invert-data

Context

[Tree] (config>port>tdm>ds1 invert-data)

[Tree] (config>port>tdm>e1 invert-data)

Full Context

configure port tdm ds1 invert-data

configure port tdm e1 invert-data

Description

This command causes all data bits to be inverted, to guarantee ones density. Typically used with AMI line encoding.

Default

no invert-data

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

invert-match

invert-match

Syntax

[no] invert-match

Context

[Tree] (config>app-assure>group>tether-detect>sngl-dev invert-match)

Full Context

configure application-assurance group tethering-detection single-device invert-match

Description

This command configures AA to classify flows with expected TTL values as coming from connected devices (tethered).

The no form of this command configures AA to classify flows with expected TTL values as coming from the host device (untethered).

Default

no invert-match

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

iom

iom

Syntax

iom slot-number type {[ load-balancer] [ue-anchor]}

no iom slot-number

Context

[Tree] (config>isa>wlan-gw-group iom)

Full Context

configure isa wlan-gw-group iom

Description

This command designates the specified IOM as a WLAN-GW IOM. Each WLAN-GW IOM must be provisioned with two ISA-BB modules on a hardware chassis and with an ISA-BB module in the first MDA slot in the VSR.

The no form of this command removes the IOM from the configuration.

Parameters

slot-number

Indicates the IOM slot to be used in the WLAN-GW group.

Values

1 to 10

type {[load-balancer] [ue-anchor]}

This parameter is supported on the VSR only. It determines if an IOM slot is used for load-balancing or UE anchoring and processing, or both. When the wlan-gw-group has only a single IOM, it is required to put this IOM in both modes at the same time.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

iom

Syntax

iom [detail]

no iom

Context

[Tree] (debug>router>mpls>event iom)

Full Context

debug router mpls event iom

Description

This command reports MPLS debug events originating from the XMA.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about MPLS events originating from the XMA.

Platforms

All

ip

ip

Syntax

ip address

no ip

Context

[Tree] (config>service>vpls>mcr-default-gtw ip)

Full Context

configure service vpls mcr-default-gtw ip

Description

This command relates to a system configured for Dual Homing in L2-TPSDA. It defines the IP address used when the system sends out a gratuitous ARP on an active SAP after a ring heals or fails in order to attract traffic from subscribers on the ring with connectivity to that SAP.

The no form of this command reverts to the default.

Default

no ip

Parameters

address

Specifies the IP address in a.b.c.d. format.

Platforms

All

ip

Syntax

ip ip-filter-id

no ip

Context

[Tree] (config>service>template>epipe-sap-template>ingress>filter ip)

[Tree] (config>service>template>epipe-sap-template>egress>filter ip)

Full Context

configure service template epipe-sap-template ingress filter ip

configure service template epipe-sap-template egress filter ip

Description

This command associates an existing IP filter policy with the template.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).

Parameters

ip-filter-id

Specifies the IP filter policy ID. The filter ID must already exist within the created IP filters.

Values

1 to 65535

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip

Syntax

ip name

no ip

Context

[Tree] (config>service>template>epipe-sap-template>egress>filter-name ip)

[Tree] (config>service>template>epipe-sap-template>ingress>filter-name ip)

Full Context

configure service template epipe-sap-template egress filter-name ip

configure service template epipe-sap-template ingress filter-name ip

Description

This command associates an existing IP filter policy with the template.

Parameters

name

Specifies the IP filter policy name, up to 64 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip

Syntax

ip name

no ip

Context

[Tree] (config>service>template>vpls-sap-template>egress>filter-name ip)

[Tree] (config>service>template>vpls-sap-template>ingress>filter-name ip)

Full Context

configure service template vpls-sap-template egress filter-name ip

configure service template vpls-sap-template ingress filter-name ip

Description

This command associates an existing IP filter policy with the template.

Parameters

name

Specifies the IP filter policy name, up to 64 characters.

Platforms

All

ip

Syntax

[no] ip ip-address

Context

[Tree] (debug>service>id>arp-host ip)

Full Context

debug service id arp-host ip

Description

This command displays ARP host events for a particular IP address.

Parameters

ip-address

The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip

Syntax

[no] ip ip-address

Context

[Tree] (debug>service>id>host-connectivity-verify ip)

Full Context

debug service id host-connectivity-verify ip

Description

This command displays Subscriber Host Connectivity Verification (SHCV) events for a particular IP address.

Parameters

ip-address

The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Values

ipv4-prefix: a.b.c.d (host bits must be 0)

ipv6-prefix:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip

Syntax

[no] ip ip-address[/mask]

Context

[Tree] (config>app-assure>group>policy>transit-ip-policy>static-aa-sub ip)

Full Context

configure application-assurance group policy transit-ip-policy static-aa-sub ip

Description

This command configures the /32 IP address for a static transit aa-sub.

The no form of this command deletes the ip address assigned to the static transit aa-sub from the configuration.

Parameters

ip-address

Specifies the IP address in a.b.c.d form.

Values

ipv6-address/prefix:

ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length /32 to /64

ip

Syntax

ip src ip-address dest ip-address

no ip

Context

[Tree] (config>mirror>mirror-dest>encap>layer-3-encap>gateway ip)

Full Context

configure mirror mirror-dest encap layer-3-encap gateway ip

Description

This command configures the source IPv4 address and destination IPv4 address to use in the IPv4 header part of the routable LI encapsulation.

Parameters

src ip-address

Specifies source IP address.

Values

a.b.c.d

dest ip-address

Specifies destination IP address.

Values

a.b.c.d

Platforms

All

ip

Syntax

ip

Context

[Tree] (config>oam-pm>session ip)

Full Context

configure oam-pm session ip

Description

Commands in this context configure the IP-specific source and destination information, the priority, and the IP test tools on the launch point.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ip

Syntax

[no] ip ip-filter-id

Context

[Tree] (config>filter>system-filter ip)

Full Context

configure filter system-filter ip

Description

This command activates an IPv4 system filter policy. Once activated, all IPv4 ACL filter policies that chain to the system filter ( config>filter>ip-filter>chain-to-system-filter) will automatically execute system filter policy rules first.

The no form of the command deactivates the system filter policy.

Parameters

ip-filter-id

Specifies the existing IPv4 filter policy with scope system. This parameter can either be expressed as a decimal integer, or as an ASCII string of up to 64 characters.

Values

1 to 65535 or the filter policy name (filter-name, 64 char max)

Platforms

All

ip

Syntax

[no] ip

Context

[Tree] (debug>router ip)

Full Context

debug router ip

Description

This command configures debugging for IP.

Platforms

All

ip

Syntax

ip

Context

[Tree] (config>system ip)

Full Context

configure system ip

Description

This command configures system-wide IP router parameters.

Platforms

All

ip

Syntax

ip ip-address netmask

ip ip-address/mask

ip ip-prefix-list ip-prefix-list-name

no ip

Context

[Tree] (config>filter>ip-filter>entry>match ip)

Full Context

configure filter ip-filter entry match ip

Description

This command configures a destination or source IP address to be used as an IP match criterion.

Parameters

ip-address/mask

Specifies the IPv4 address and mask.

Values

ip-address

a.b.c.d

netmask

Specifies the name of the IP prefix list, up to 256 characters.

ip-prefix-list-name

Specifies the name of an IP prefix list, up to 32 characters.

Platforms

All

ip

Syntax

ip ipv6-address ipv6-address-mask

ip ipv6-address/mask

ip ipv6-prefix-list prefix-list-name

no ip

Context

[Tree] (config>filter>ipv6-filter>entry>match ip)

Full Context

configure filter ipv6-filter entry match ip

Description

This command configures a destination or source IP address to be used as an IP match criterion.

Parameters

ipv6-address/mask

Specifies the IPv6 address and mask.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ip-prefix-list-name

Specifies the name of an IPv6 prefix list, up to 32 characters.

Platforms

All

ip-addr-backup

ip-addr-backup

Syntax

ip-addr-backup ip-address[:port]

no ip-addr-backup

Context

[Tree] (config>sflow>receiver ip-addr-backup)

Full Context

configure sflow receiver ip-addr-backup

Description

This command configures back-up IPv4 or IPv6 destination address for the sFlow agent to send sFlow datagrams to. Optionally a destination port can also be configured (by default port 6343 is used).

The no form of this command deletes backup sFlow receiver destination.

Parameters

ip-address

Specifies the IPv4 or IPv6 address to send the sFlow datagrams to.

Values

a.b.c.d

(IPv4)

x:x:x:x:x:x:x:x

(IPv6)

[x:x:x:x:x:x:x:x]

(IPv6)

x - [0 to FFFF]H

port

Specifies the UDP destination port to send the sFlow datagrams to.

Values

1 to 65535

Platforms

7750 SR, 7750 SR-s, 7950 XRS

ip-addr-primary

ip-addr-primary

Syntax

ip-addr-primary ip-address[:port]

no ip-addr-primary

Context

[Tree] (config>sflow>receiver ip-addr-primary)

Full Context

configure sflow receiver ip-addr-primary

Description

This command configures primary IPv4 or IPv6 destination address for the sFlow agent to send sFlow datagrams to. Optionally a destination port can also be configured (by default port 6343 is used).

The no form of this command deletes primary sFlow receiver destination.

Parameters

ip-address

Specifies the IPv4 or IPv6 address to send the sFlow datagrams.

Values

a.b.c.d

(IPv4)

x:x:x:x:x:x:x:x

(IPv6)

[x:x:x:x:x:x:x:x]

(IPv6)

x - [0..FFFF]H

port

Specifies the UDP destination port to send the sFlow datagrams.

Values

1 to 65535

Platforms

7750 SR, 7750 SR-s, 7950 XRS

ip-addr1

ip-addr1

Syntax

ip-addr1 {eq | neq} ip-address

no ip-addr1

Context

[Tree] (debug>app-assure>group>traffic-capture>match ip-addr1)

Full Context

debug application-assurance group traffic-capture match ip-addr1

Description

This command configures debugging on IP address 1.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-addr2

ip-addr2

Syntax

ip-addr2 {eq | neq} ip-address

no ip-addr2

Context

[Tree] (debug>app-assure>group>traffic-capture>match ip-addr2)

Full Context

debug application-assurance group traffic-capture match ip-addr2

Description

This command configures debugging on IP address 2.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-address

ip-address

Syntax

ip-address ipv6-address

no ip-address

Context

[Tree] (conf>router>segment-routing>sr-policies>policy>srv6>binding-sid ip-address)

Full Context

configure router segment-routing sr-policies static-policy segment-routing-v6 binding-sid ip-address

Description

This command configures an SRv6 binding SID for a remote SRv6 policy. It cannot be used with a local head-end location (defined with the head-end local command in the conf>router>segment-routing>sr-policies>policy).

This command and the locator or micro-segment-locator command in the conf>router>segment-routing>sr-policies>policy>srv6>binding-sid context are mutually exclusive.

If the remote head-end is an SR OS system, the binding SID can either be regular or uSID and, in the latter case, must be configured with the node ID in the following format: <block><uN><uB6>::.

The no form of this command removes the configuration.

Parameters

ipv6-address

Specifies the SRv6 binding SID as a 128 bit IPv6 address.

Values

x:x:x:x:x:x:x:x (16 eight-bit pieces) or x:x:x:x:x:x:d:d:d:d

x — [0 to FFFF]H

d — [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ip-address

Syntax

ip-address unicast-ip-address

no ip-address

Context

[Tree] (config>aaa>isa-radius-plcy>servers>server ip-address)

Full Context

configure aaa isa-radius-policy servers server ip-address

Description

This command configures the IP address of the RADIUS server.

The no form of this command removes the IP address.

Default

no ip-address

Parameters

unicast-ip-address

Specifies the unicast IPv4 or IPv6 address of the RADIUS server.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-advertise-routes

ip-advertise-routes

Syntax

ip-advertise-routes

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>evpn>export ip-advertise-routes)

Full Context

configure subscriber-mgmt isa-service-chaining evpn export ip-advertise-routes

Description

Commands in this context configure EVPN routes to be advertised to a BGP EVPN peer participating in service chaining.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-assigned

ip-assigned

Syntax

[no] ip-assigned

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state ip-assigned)

Full Context

configure subscriber-mgmt wlan-gw ue-query state ip-assigned

Description

This command enables matching on UEs in an IP-assigned state, meaning that the UE already has an IP assigned but it is not yet authorized. This usually only applies when auth-on-dhcp is not configured.

The no form of this command disables matching on UEs in an IP-assigned state, unless all state matching is disabled.

Default

no ip-assigned

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-assigned-authorized

ip-assigned-authorized

Syntax

[no] ip-assigned-authorized

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state ip-assigned-authorized)

Full Context

configure subscriber-mgmt wlan-gw ue-query state ip-assigned-authorized

Description

This command enables matching on UEs in an IP-assigned and authorized state, meaning that the UE already has an IP assigned and is authorized, but is not yet promoted to a final state such as ESM or DSM. This applies to UEs authenticated by distributed RADIUS proxy without auth-on-dhcp configured. UEs move to this state upon DHCP completion and continue to a more final state (such as DSM, ESM, or portal) upon receiving the first data packet.

The no form of this command disables matching on UEs in an IP-assigned and authorized state, unless all state matching is disabled.

Default

no ip-assigned-authorized

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-cache

ip-cache

Syntax

ip-cache

Context

[Tree] (config>app-assure>group>dns-ip-cache ip-cache)

Full Context

configure application-assurance group dns-ip-cache ip-cache

Description

This command configures the dns-ip-cache cache parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-can-type

ip-can-type

Syntax

[no] ip-can-type

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp ip-can-type)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp ip-can-type

Description

This command includes the ip-can-type.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-criteria

ip-criteria

Syntax

[no] ip-criteria

Context

[Tree] (config>qos>sap-egress ip-criteria)

[Tree] (config>qos>sap-ingress ip-criteria)

Full Context

configure qos sap-egress ip-criteria

configure qos sap-ingress ip-criteria

Description

IP criteria-based SAP ingress or egress policies are used to select the appropriate ingress or egress queue or policer and corresponding forwarding class and packet profile for matched traffic.

This command is used to enter the context to create or edit policy entries that specify IP criteria such as IP quintuple lookup or DiffServ code point.

The software implementation will exit on the first match found and execute the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit.

The no form of this command deletes all the entries specified under this node. When IP criteria entries are removed from a SAP ingress or egress policy, the IP criteria is removed from all services where that policy is applied.

Platforms

All

ip-criteria

Syntax

[no] ip-criteria

Context

[Tree] (config>qos>network>ingress ip-criteria)

[Tree] (config>qos>network>egress ip-criteria)

Full Context

configure qos network ingress ip-criteria

configure qos network egress ip-criteria

Description

IP criteria-based network ingress and egress policies are used to select the appropriate ingress or egress queue or policer, and the corresponding forwarding class and packet profile for matched traffic. This command is used to enter the context to create or edit policy entries that specify IP criteria such as IP quintuple lookup or DSCP.

The 7750 SR OS implementation will exit on the first match found and execute the actions in accordance with the accompanying action command. Entries must be sequenced correctly from most to least explicit.

The ingress classification only applies to the outer IP header of non-tunneled traffic. The only exception is for traffic received on a Draft Rosen tunnel, for which only classification on the outer IP header is supported.

Attempting to apply a network QoS policy containing an ip-criteria statement to any object except a network IP interface will result in an error.

The no form of this command deletes all entries specified under this node. When IP criteria entries are removed from a network policy, the IP criteria are removed from all network interfaces to which that policy is applied.

Platforms

All

ip-criteria

Syntax

[no] ip-criteria

Context

[Tree] (config>service>ies>if>sap>ingress>criteria-overrides ip-criteria)

[Tree] (config>service>vpls>sap>ingress>criteria-overrides ip-criteria)

[Tree] (config>service>ipipe>sap>ingress>criteria-overrides ip-criteria)

[Tree] (config>service>cpipe>sap>ingress>criteria-overrides ip-criteria)

[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides ip-criteria)

[Tree] (config>service>epipe>sap>ingress>criteria-overrides ip-criteria)

Full Context

configure service ies interface sap ingress criteria-overrides ip-criteria

configure service vpls sap ingress criteria-overrides ip-criteria

configure service ipipe sap ingress criteria-overrides ip-criteria

configure service cpipe sap ingress criteria-overrides ip-criteria

configure service vprn interface sap ingress criteria-overrides ip-criteria

configure service epipe sap ingress criteria-overrides ip-criteria

Description

Commands in this context configure IPv4 criteria overrides.

The no form of this command removes any existing IPv4 overrides from the SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ip-exception

ip-exception

Syntax

ip-exception filter-id

no ip-exception

Context

[Tree] (config>service>ies>if>ipsec ip-exception)

[Tree] (config>router>if>ipsec ip-exception)

[Tree] (config>service>vprn>if>ipsec ip-exception)

Full Context

configure service ies interface ipsec ip-exception

configure router interface ipsec ip-exception

configure service vprn interface ipsec ip-exception

Description

This command configures the IP exception filter for the secured interface. All ingress traffic matching by the specified filter bypasses IPsec processing.

The no form of this command removes the policy from the configuration.

Default

no ip-exception

Parameters

filter-id

Specifies IP filter policy that will be used to bypass encryption.

Platforms

VSR

ip-exception

Syntax

ip-exception filter-id [create]

no ip-exception filter-id

Context

[Tree] (config>filter ip-exception)

Full Context

configure filter ip-exception

Description

Commands in this context configure the specified IPv4 exception filter.

The no form of the command deletes the IPv4 exception filter.

Parameters

filter-id

Specifies the IPv4 filter policy ID expressed as a decimal integer.

Values

1 to 65535

create

This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.

Platforms

VSR

ip-exception

Syntax

ip-exception filter-id direction {inbound | outbound}

no ip-exception direction {inbound | outbound}

Context

[Tree] (config>router>if>group-encryption ip-exception)

Full Context

configure router interface group-encryption ip-exception

Description

This command associates an IP exception filter policy with an NGE-enabled router interface to allow packets matching the exception criteria to transit the NGE domain as clear text.

When an exception filter is added for inbound traffic, packets matching the criteria in the IP exception filter policy are allowed to be received in clear text even if an inbound key group is configured. If no inbound key group is configured, then associated inbound IP exception filter policies will be ignored.

When an exception filter is added for outbound traffic, packets matching the criteria in the IP exception filter policy are not encrypted when sent out of the router interface even if an outbound key group is configured. If no outbound key group is configured, then associated outbound IP exception filter policies will be ignored.

The no form of this command removes the IP exception filter policy from the specified direction.

Default

no ip-exception direction inbound

no ip-exception direction outbound

Parameters

filter-id

Specifies the IP exception filter policy. The IP exception ID or exception name must have already been created.

Values

1 to 6553, filter-name (64 characters maximum)

inbound

Binds the exception filter policy in the inbound direction.

outbound

Binds the exception filter policy in the outbound direction.

Platforms

VSR

ip-fast-reroute

ip-fast-reroute

Syntax

[no] ip-fast-reroute

Context

[Tree] (config>router ip-fast-reroute)

Full Context

configure router ip-fast-reroute

Description

This command enables IP Fast-Reroute (FRR) feature on the system.

This feature provides for the use of a Loop-Free Alternate (LFA) backup next-hop for forwarding in-transit and CPM generated IP packets when the primary next-hop is not available. IP FRR is supported on IPv4 and IPv6 OSPF/IS-IS prefixes forwarded in the base router instance to a network IP interface or to an IES SAP interface or spoke interface. It is also supported for VPRN VPN-IPv4 OSPF prefixes and VPN-IPv6 OSPF prefixes forwarded to a VPRN SAP interface or spoke interface.

IP FRR also provides a LFA backup next-hop for the destination prefix of a GRE tunnel used in an SDP or in VPRN auto-bind.

When any of the following events occurs, IGP instructs in the fast path on the XMAs to enable the LFA backup next-hop:

  • OSPF/IS-IS interface goes operationally down: physical or local admin shutdown.

  • Timeout of a BFD session to a next-hop when BFD is enabled on the OSPF/IS-IS interface

When the SPF computation determines there is more than one primary next-hop for a prefix, it will not program any LFA next-hop in RTM. Therefore, the IP prefix will resolve to the multiple equal-cost primary next-hops that provide the required protection.

The no form of this command disables the IP FRR feature on the system

Default

no ip-fast-reroute

Platforms

All

ip-filter

ip-filter

Syntax

ip-filter filter-id

no ip-filter [force]

Context

[Tree] (config>subscr-mgmt>sla-profile>egress ip-filter)

[Tree] (config>subscr-mgmt>sla-profile>ingress ip-filter)

Full Context

configure subscriber-mgmt sla-profile egress ip-filter

configure subscriber-mgmt sla-profile ingress ip-filter

Description

This command configures an egress or ingress IP filter.

The no form of this command reverts to the default.

Parameters

filter-id

Specifies an existing IP filter policy ID.

Values

1 to 65535, or name, up to 64 characters

force

Forces the exclusion of the IP filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-filter

Syntax

ip-filter ip-filter-id entry entry-id [entry-id]

no ip-filter ip-filter-id [entry entry-id]

Context

[Tree] (config>mirror>mirror-source ip-filter)

Full Context

configure mirror mirror-source ip-filter

Description

This command enables mirroring of packets that match specific entries in an existing IP filter.

The ip-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.

The IP filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IP filter does not exist, an error will occur. If the filter exists but has not been associated with a SAP or IP interface, an error is not generated but mirroring will not be enabled (there are no packets to mirror). Once the IP filter is defined to a SAP or IP interface, mirroring is enabled.

If the IP filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination prior to any ingress packet modifications.

If the IP filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.

An entry-id within an IP filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.

By default, no packets matching any IP filters are mirrored. Mirroring of IP filter entries must be explicitly defined.

The no ip-filter command, without the entry keyword, removes mirroring on all entry-id’s within the ip-filter-id.

When the no command is executed with the entry keyword and one or more entry-id’s, mirroring of that list of entry-id’s is terminated within the ip-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being mirrored, no error will occur for that entry-id and the command will execute normally.

Parameters

ip-filter-id

Specifies the IP filter ID whose entries are mirrored. If the ip-filter-id does not exist, an error will occur and the command will not execute. Mirroring of packets will commence once the ip-filter-id is defined on a SAP or IP interface.

Values

1 to 65535

name, up to 64 characters

entry-id

Specifies the IP filter entries to use as match criteria for packet mirroring. The entry keyword begins a list of entry-id’s for mirroring. Multiple entry-id entries may be specified with a single command. Each entry-id must be separated by a space.

If an entry-id does not exist within the IP filter, an error occurs and the command will not execute.

If the filter’s entry-id is renumbered within the IP filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.

Values

1 to 2097151

Platforms

All

ip-filter

Syntax

[no] ip-filter ip-filter-id

Context

[Tree] (config>li>li-filter-block-reservation>li-reserved-block ip-filter)

Full Context

configure li li-filter-block-reservation li-reserved-block ip-filter

Description

This command configures to which normal IPv4 address filters the entry reservation is applied.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).

The no form of this command removes the IPv4 filter ID from the configuration.

Parameters

ip-filter-id

Specifies the filter identification identifies the normal IPv4 address filters.

Values

{filter-id | filter-name}

filter-id:

1 to 65535

filter-name:

up to 64 characters (filter-name is an alias for input only. The filter-name gets replaced with an id automatically by SR OS in the configuration).

Platforms

All

ip-filter

Syntax

[no] ip-filter ip-filter-id

Context

[Tree] (config>li>li-filter-assoc>li-ip-fltr ip-filter)

Full Context

configure li li-filter-associations li-ip-filter ip-filter

Description

This command specifies the IP filter(s) into which the entries from the specified li-ip-filter are to be inserted. The li-ip-filter and ip-filter must already exist before the association is made. If the normal IP filter is deleted then the association is also removed (and not re-created if the IP filter comes into existence in the future).

The no form of this command removes the IP filter name from the configuration.

Parameters

ip-filter-id

Specifies an existing IP filter policy.

Values

filter-id — 1 to 65535

filter-name — up to 64 characters

Platforms

All

ip-filter

Syntax

ip-filter ip-filter-id entry entry-id [entry-id] [intercept-id intercept-id [intercept-id]] [ session-id session-id [session-id]]

no ip-filter ip-filter-id [entry entry-id [ entry-id]]

Context

[Tree] (config>li>li-source ip-filter)

Full Context

configure li li-source ip-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing IP filter.

The ip-filter command directs packets which match the defined list of entry IDs to be intercepted to the destination referenced by the mirror-dest-service-id of the mirror-source.

The IP filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IP filter does not exist, an error occurs. If the filter exists but has not been associated with a SAP or IP interface, an error is not generated but mirroring will not be enabled (there are no packets to mirror). Once the IP filter is defined to a SAP, IP interface or subscriber, mirroring is enabled.

If the IP filter is defined as ingress, only ingress packets are intercepted. Ingress packets are sent to the destination prior to any ingress packet modifications.

If the IP filter is defined as egress, only egress packets are intercepted. Egress packets are sent to the destination after all egress packet modifications.

An entry-id within an IP filter can only be intercepted to a single destination. If the same entry-id is defined multiple times, an error occurs and only the first definition is in effect.

By default, no packets matching any IP filters are intercepted. Interception of IP filter entries must be explicitly defined.

When the no command is executed with the entry keyword and one or more entry-id’s, interception of that list of entry-id’s is terminated within the ip-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being intercepted, no error will occur for that entry-id and the command will execute normally.

Parameters

ip-filter-id

Specifies the IP filter ID whose entries are to be intercepted. If the ip-filter-id does not exist, an error will occur and the command will not execute. Intercepting packets will commence when the ip-filter-id is defined on a SAP or IP interface.

entry-id

Specifies the IP filter entries to use as match criteria for lawful intercept (LI). The entry keyword begins a list of entry-id’s for interception. Multiple entry-id entries can be specified with a single command. Each entry-id must be separated by a space. Up to <N><n> 8 entry IDs may be specified in a single command.

If an entry-id does not exist within the IP filter, an error occurs and the command will not execute.

If the filter’s entry-id is renumbered within the IP filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.

intercept-id

Specifies the intercept ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept ID can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value is inserted. When the mirror service is configured with ip-gre routable encapsulation, no intercept-id is inserted and none should be specified against the li-source entries.

Values

1 to 4294967295 (32b) for nat li-source entries that are using a mirror service that is not configured with routable encap

1 to 1073741824 (30b) for all types of li-source entries that are using a mirror service with routable ip-udp-shim encap and no direction-bit.

1 to 536870912 (29b) for all types of li-source entries that are using a mirror service with routable ip-udp-shim encapsulation and with the direction-bit enabled.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap ( config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value is inserted. When a mirror service is configured with ip-gre routable encap, no session-id is inserted and none should be specified against the li-source entries.

Values

1 to 4,294,967,295 (32b)

Platforms

All

ip-filter

Syntax

ip-filter ip-filter-id entry entry-id [entry-id]

no ip-filter ip-filter-id [entry entry-id]

Context

[Tree] (debug>mirror-source ip-filter)

Full Context

debug mirror-source ip-filter

Description

This command enables mirroring of packets that match specific entries in an existing IP filter.

The ip-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.

The IP filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IP filter does not exist, an error will occur. If the filter exists but has not been associated with a SAP or IP interface, an error is not generated but mirroring will not be enabled (there are no packets to mirror). Once the IP filter is defined to a SAP or IP interface, mirroring is enabled.

If the IP filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination prior to any ingress packet modifications.

If the IP filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.

An entry-id within an IP filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.

By default, no packets matching any IP filters are mirrored. Mirroring of IP filter entries must be explicitly defined.

The no ip-filter command, without the entry keyword, removes mirroring on all entry-id’s within the ip-filter-id.

When the no command is executed with the entry keyword and one or more entry-id’s, mirroring of that list of entry-id’s is terminated within the ip-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being mirrored, no error will occur for that entry-id and the command will execute normally.

Parameters

ip-filter-id

The IP filter ID whose entries are mirrored. If the ip-filter-id does not exist, an error will occur and the command will not execute. Mirroring of packets will commence once the ip-filter-id is defined on a SAP or IP interface.

entry-id

The IP filter entries to use as match criteria for packet mirroring. The entry keyword begins a list of entry-id’s for mirroring. A maximum of eight entry-id entries may be specified with a single command. Each entry-id must be separated by a space.

If an entry-id does not exist within the IP filter, an error occurs and the command will not execute.

If the filter’s entry-id is renumbered within the IP filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.

Platforms

All

ip-filter

Syntax

ip-filter filter-id [name] [ create]

no ip-filter {filter-id | filter-name}

Context

[Tree] (config>filter ip-filter)

Full Context

configure filter ip-filter

Description

Commands in this context configure the specified IPv4 filter policy.

The no form of the command deletes the IPv4 filter policy. A filter policy cannot be deleted until it is removed from all objects where it is applied.

Parameters

filter-id

Specifies the IPv4 filter policy ID expressed as a decimal integer.

Values

1 to 65535

name

Configures an optional filter name, up to 64 characters in length, to a given filter. This filter name can then be used in configuration references, display, and show commands throughout the system. A defined filter name can help the service provider or administrator to identify and manage filters within the SR OS platforms.

To create a filter, you must assign a filter ID, however, after it is created, either the filter ID or filter name can be used to identify and reference a filter.

If a name is not specified at creation time, then SR OS assigns a string version of the filter-id as the name.

Filter names may not begin with an integer (0 to 9).

filter-name

Specifies a string, up to 64 characters, uniquely identifying this IPv4 filter policy.

create

This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.

Platforms

All

ip-filter

Syntax

[no] ip-filter

Context

[Tree] (config>system>security>mgmt-access-filter ip-filter)

Full Context

configure system security management-access-filter ip-filter

Description

Commands in this context configure management access IP filter parameters.

Platforms

All

ip-filter

Syntax

[no] ip-filter

Context

[Tree] (config>system>security>cpm-filter ip-filter)

Full Context

configure system security cpm-filter ip-filter

Description

Commands in this context configure CPM IP filter parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ip-filter

Syntax

ip-filter src-filter-id [src-entry src-entry-id] to dst-filter-id [ dst-entry dst-entry-id] [overwrite]

Context

[Tree] (config>filter>copy ip-filter)

Full Context

configure filter copy ip-filter

Description

This command copies an existing filter entry for a specific filter ID to another filter ID. The command is a configuration level maintenance tool used to create new entries using an existing filter policy. If overwrite is not specified, an error will occur if the destination filter entry exists.

Parameters

src-filter-id

Identifies the source filter policy from which the copy command will attempt to copy. The filter policy must exist within the context of the preceding keyword ( ip-filter).

dst-filter-id

Identifies the destination filter policy to which the copy command will attempt to copy. If the overwrite keyword is not specified, the filter entry ID cannot already exist in the destination filter policy. If the overwrite keyword is present, the destination entry ID may or may not exist.

overwrite

Specifies that the destination filter entry may exist. If it does, everything in the existing destination filter entry will be completely overwritten with the contents of the source filter entry. If the destination filter entry exists, either overwrite must be specified or an error message will be returned. If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.

Platforms

All

ip-filter-max-size

ip-filter-max-size

Syntax

ip-filter-max-size {value | default}

Context

[Tree] (config>service>vprn>flowspec ip-filter-max-size)

Full Context

configure service vprn flowspec ip-filter-max-size

Description

This command configures the maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy for a specified routing instance. FlowSpec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and "offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv4 filter that embeds IPv4 FlowSpec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv4 FlowSpec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by FlowSpec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default

ip-filter-max-size default

Parameters

value

The maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy.

Values

0 to 262143

default

Configures the maximum size as 512.

Platforms

All

ip-filter-max-size

Syntax

ip-filter-max-size {value | default}

Context

[Tree] (config>router>flowspec ip-filter-max-size)

Full Context

configure router flowspec ip-filter-max-size

Description

This command configures the maximum number of FlowSpec routes or rules that can be embedded into the auto-created embedded filter (fSpec- X). FlowSpec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between "embedding offset + 1” and "embedding offset + ip-filter-max-size”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv4 filter that embeds IPv4 FlowSpec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv4 FlowSpec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by FlowSpec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default

ip-filter-max-size 512

Parameters

value

Specifies the maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy.

Values

0 to 262143

default

Keyword to configure the maximum size as 512.

Platforms

All

ip-filter-name

ip-filter-name

Syntax

[no] ip-filter-name filter-name

Context

[Tree] (config>li>li-filter-block-reservation>li-reserved-block ip-filter-name)

Full Context

configure li li-filter-block-reservation li-reserved-block ip-filter-name

Description

This command configures an IP filter in which the reservation is done through name.

The no form of this command removes the IP filter name.

Parameters

filter-name

Specifies the IP filter name, up to 64 characters.

Platforms

All

ip-filter-name

Syntax

[no] ip-filter-name filter-name

Context

[Tree] (config>li>li-filter-assoc>li-ip-fltr ip-filter-name)

Full Context

configure li li-filter-associations li-ip-filter ip-filter-name

Description

This command associates an IP filter with a specified LI IP filter through its name.

The no form of this command removes the IP filter name.

Parameters

filter-name

Specifies the IP filter name, up to 64 characters.

Platforms

All

ip-fragmentation

ip-fragmentation

Syntax

ip-fragmentation {disabled | fragment-ipv6 | fragment-ipv6-unless-ipv4-df-set}

no ip-fragmentation

Context

[Tree] (config>router>nat>inside>dslite>address ip-fragmentation)

[Tree] (config>router>nat>inside>nat64 ip-fragmentation)

[Tree] (config>service>vprn>nat>inside>dslite>addressip-fragmentation ip-fragmentation)

[Tree] (config>service>vprn>nat>inside>nat64 ip-fragmentation)

Full Context

configure router nat inside dual-stack-lite address ip-fragmentation

configure router nat inside nat64 ip-fragmentation

configure service vprn nat inside dslite addressip-fragmentation ip-fragmentation

configure service vprn nat inside nat64 ip-fragmentation

Description

This command configures downstream IPv6 fragmentation behavior in DS-Lite and NAT64. IPv6 fragmentation is performed in the ISA. IPv4 fragmentation is not affected by this command. If desired, downstream IPv4 packet can be fragmented in the carrier IOM before the packet reaches ISA (and the NAT function). The IPv4 fragmentation in the downstream direction can be set by the config>router/vprn>nat>outside>mtu command.

DS-Lite IPv6 Fragmentation in Downstream Direction (IPv4 to IPv6)

In case that the length of the received IPv4 packet is larger than the configured tunnel-mtu value while fragmentation is allowed, the resulting IPv6 packet will be fragmented (IPv4 is tunneled within IPv6). The maximum size of the of the fragmented IPv6 packet will be 48bytes larger than the configured tunnel-mtu value. This is due to the size of the tunneling IPv6 header: 40bytes basic IPv6 header + 8 bytes of extended fragmentation IPv6 header.

In case that fragmentation is not allowed while the IPv4 packet size is larger than configured tunnel-mtu size, the IPv4 packet will be dropped and an ICMPv4 Datagram Too Big message will be generated towards the source. The advertised mtu size in that ICMP message will be set to configured tunnel-mtu value.

NAT64 IPv6 Fragmentation in Downstream Direction (IPv4to IPv6)

In contrast to DS-Lite, NAT64 transport is not based on tunneling. Instead, IP headers are translated between IPv4 and IPv6. Consequently, NAT64 fragmentation operates based on the ipv6-mtu, as opposed to tunnel-mtu in DS-Lite which represents the size of the tunnel payload (IPv4 packet).

In case that the length of the translated IPv6 packet exceeds the size of the configured ipv6-mtu value while fragmentation is allowed, the resulting IPv6 packet will be fragmented. The maximum size of the of the fragmented IPv6 packet will be the configured ipv6-mtu value.

In case that fragmentation is not allowed while the translated IPv6 packet size is larger than configured ipv6-mtu size, the IPv4 packet (that is supposed to be translated into IPv6) will be dropped and an ICMPv4 Datagram Too Big message will be generated towards the source. The advertised mtu size in that ICMP message will be set to the ipv6-mtu value minus 28bytes. The 28bytes comes from the size of the IPv6 overhead of the translated packet (20bytes difference between the IP header sizes 40bytes in IPv6 vs 20bytes in IPv4; 8 bytes for extended IPv6 fragmentation header).

Default

disabled

Parameters

disabled

IPv6 Fragmentation is disabled. In case that the packet size is larger

than what is set by the mtu value (tunnel-mtu or ipv6-mtu) the IPv4 packet will be dropped and ICPMv4 Datagram Too Big messages will be sent back to the source.

fragment-ipv6

IPv6 fragmentation will be performed in all cases, regardless of the DF bit setting in the tunneled/translated IPv4 packet.

fragment-ipv6-unless-ipv4-df-set

IPv6 Fragmentation will be performed only in cases when DF bit in tunneled/translated IPv4 packet is cleared.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-helper-address

ip-helper-address

Syntax

ip-helper-address gateway-address

no ip-helper-address

Context

[Tree] (config>service>ies>if ip-helper-address)

Full Context

configure service ies interface ip-helper-address

Description

This command enables broadcast UDP packets received on the associated interface to be redirected to the specified gateway address and then forwarded on to the gateway.

The no form of this command removes the gateway address from the interface configuration and stops the UDP broadcast redirect function.

Parameters

gateway-address

Specifies the IPv4 address of the target UDP broadcast gateway.

Platforms

All

ip-helper-address

Syntax

ip-helper-address gateway-address

no ip-helper-address

Context

[Tree] (config>service>vprn>if ip-helper-address)

Full Context

configure service vprn interface ip-helper-address

Description

This command enables broadcast UDP packets received on the associated interface to be redirected to the specified gateway address and then forwarded on to the gateway.

The no form of this command removes the gateway address from the interface configuration and stops the UDP broadcast redirect function.

Parameters

gateway-address

Specifies the IPv4 address of the target UDP broadcast gateway.

Platforms

All

ip-helper-address

Syntax

ip-helper-address gateway-address

no ip-helper-address

Context

[Tree] (config>router>if ip-helper-address)

Full Context

configure router interface ip-helper-address

Description

This command enables broadcast UDP packets received on the associated interface to be redirected to the specified gateway address and then forwarded on to the gateway.

The no form of this command removes the gateway address from the interface configuration and stops the UDP broadcast redirect function.

Parameters

gateway-address

Specifies the IPv4 address of the target UDP broadcast gateway.

Platforms

All

ip-identification-assist

ip-identification-assist

Syntax

ip-identification-assist

Context

[Tree] (config>app-assure>group ip-identification-assist)

Full Context

configure application-assurance group ip-identification-assist

Description

Commands in this context configure the IP identification assist feature, which uses IP addresses to assist in traffic identification.

This optional mechanism is enabled by default and consults an internally generated and stored database when app-filters fail to classify the traffic as one of the configured applications from the AppDB.

Use the configure application-assurance group ip-identification-assist shutdown command to administratively disable the IP identification assist feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-identification-assist

Syntax

[no] ip-identification-assist

Context

[Tree] (config>app-assure>group>policy>app-filter>entry ip-identification-assist)

Full Context

configure application-assurance group policy app-filter entry ip-identification-assist

Description

This command configures the router to perform a network IP address lookup that overrides the assigned application if it finds the network IP address in its internal application-IP database.

If an IP match is found, the application assigned from the app-filter is overridden with the application from the IP lookup. This also affects the app-group and charging group.

If an IP match is not found, the application assigned from the app-filter is not overridden and remains (including the app-group and charging group).

The no form of this command disables the router from performing a network IP address lookup and overriding the assigned application.

Default

no ip-identification-assist

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-identification-contribute

ip-identification-contribute

Syntax

[no] ip-identification-contribute

Context

[Tree] (config>app-assure>group ip-identification-contribute)

Full Context

configure application-assurance group ip-identification-contribute

Description

This command configures the router to collect information from traffic in the partition and contribute it to the database that is built by the IP identification assist feature.

The no form of this command disables the router from contributing traffic information in this partition to the database.

Default

ip-identification-contribute

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-mirror

ip-mirror

Syntax

ip-mirror

Context

[Tree] (config>mirror>mirror-dest>sap>egress ip-mirror)

Full Context

configure mirror mirror-dest sap egress ip-mirror

Description

This command configures IP mirror information.

Platforms

All

ip-mirror-interface

ip-mirror-interface

Syntax

ip-mirror-interface ip-int-name [create]

no ip-mirror-interface ip-int-name

Context

[Tree] (config>service>vprn ip-mirror-interface)

Full Context

configure service vprn ip-mirror-interface

Description

This command is used for remote mirroring, where the mirror source is a separate system then the mirror destination. The mirror source can only be of IP type and is only supported for the following services: IES, VPRN, VPLS and Ipipe. The mirror destination on a remote system will configure an interface on a VPRN as ip-mirror-interface. This interface only supports spoke sdp termination. The IP mirror interface requires PBR to determine the next outgoing interface for the mirror packet to be delivered to.

The no form of this command removes the interface name from the configuration.

Parameters

ip-int-name

Specifies the name of the IP interface, up to 32 characters. An interface name cannot be in the form of an IP address.

create

Keyword used to create an IP mirror interface.

Platforms

All

ip-mtu

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>ies>sub-if>grp-if ip-mtu)

[Tree] (config>service>vprn>sub-if>grp-if ip-mtu)

Full Context

configure service ies subscriber-interface group-interface ip-mtu

configure service vprn subscriber-interface group-interface ip-mtu

Description

This command specifies the maximum size of IP packets on this group interface. Packets larger than this are fragmented.

The ip-mtu applies to all IPoE host types (dhcp, arp, static). For PPP/L2TP sessions, the ip-mtu is not considered for the MTU negotiation. The ppp-mtu in the ppp-policy should be used instead.

The no form of this command reverts to the default.

Parameters

octets

Specifies the largest frame size (in octets) that this interface can handle.

Values

512 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>vprn>if ip-mtu)

Full Context

configure service vprn interface ip-mtu

Description

This command specifies the maximum size of IP packets on this group interface. Packets larger than this are fragmented.

The ip-mtu applies to all IPoE host types (DHCP, ARP, or static). For PPP/L2TP sessions, the ip-mtu is not considered for the MTU negotiation. The ppp-mtu in the PPP policy should be used instead.

The no form of this command reverts to the default.

Default

no ip-mtu

Parameters

octets

Specifies the largest frame size (in octets) that this interface can handle.

Values

512 to 9000

Platforms

All

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>ies>if>sap>ip-tunnel ip-mtu)

[Tree] (config>service>ies>if ip-mtu)

Full Context

configure service ies interface sap ip-tunnel ip-mtu

configure service ies interface ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for this interface.

Because this connects a Layer 2 to a Layer 3 service, this parameter can be adjusted under the IES interface.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

The no form of this command returns the default value.

Default

no ip-mtu

Parameters

octets

Specifies the maximum number of octets that can be transmitted.

Values

512 to 9786 (for IES interface)

512 to 9000 (for ip-tunnel interface)

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies interface sap ip-tunnel ip-mtu

All

  • configure service ies interface ip-mtu

ip-mtu

Syntax

ip-mtu bytes

no ip-mtu

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel ip-mtu)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel ip-mtu)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel ip-mtu)

[Tree] (config>router>if>ipsec>ipsec-tunnel ip-mtu)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel ip-mtu)

Full Context

configure service vprn interface sap ip-tunnel ip-mtu

configure service ies interface ipsec ipsec-tunnel ip-mtu

configure service vprn interface sap ipsec-tunnel ip-mtu

configure router interface ipsec ipsec-tunnel ip-mtu

configure service vprn interface ipsec ipsec-tunnel ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for this interface.

Because this connects a Layer 2 to a Layer 3 service, this parameter can be adjusted under the IES interface.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

By default (for the Ethernet network interface), if no ip-mtu is configured it is (1568 - 14) equals 1554.

The ip-mtu command instructs the MS-ISA to perform IP packet fragmentation, prior to IPsec encryption and encapsulation, based on the configured MTU value. In particular:

If the length of a payload IP packet (including its header) exceeds the configured MTU value and the DF flag is clear (due to the presence of the clear-df-bit command or because the original DF value was 0) then the MS-ISA fragments the payload packet as efficiently as possible (i.e. it creates the minimum number of fragments each less than or equal to the configured MTU size); in each created fragment the DF bit shall be 0.

If the length of a payload IP packet (including its header) exceeds the configured MTU value and the DF flag is set (because the original DF value was 1 and the tunnel has no clear-df-bit in its configuration) then the MS-ISA discards the payload packet without sending an ICMP type 3/code 4 message back to the packet’s source address.

The effective MTU for packets entering a tunnel is the minimum of the private tunnel SAP interface IP MTU value (used by the IOM) and the tunnel IP MTU value (configured using the above command and used by the MS-ISA). To fragment IP packets larger than X bytes with DF set, rather than discarding them, the tunnel IP MTU should be set to X and the private tunnel SAP interface IP MTU should be set to a value larger than X.

The no ip-mtu command, corresponding to the default behavior, disables fragmentation of IP packets by the MS-ISA; all IP packets, regardless of size or DF bit setting, are allowed into the tunnel.

Default

no ip-mtu

Parameters

bytes

Specifies the IP maximum transmit unit (packet) for this interface.

Values

512 to 9000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ip-tunnel ip-mtu
  • configure service vprn interface sap ipsec-tunnel ip-mtu

VSR

  • configure service ies interface ipsec ipsec-tunnel ip-mtu
  • configure service vprn interface ipsec ipsec-tunnel ip-mtu
  • configure router interface ipsec ipsec-tunnel ip-mtu

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>ies>subscriber-interface ip-mtu)

[Tree] (config>service>vprn>subscriber-interface ip-mtu)

Full Context

configure service ies subscriber-interface ip-mtu

configure service vprn subscriber-interface ip-mtu

Description

This command specifies the maximum size of frames on this group-interface. Packets larger than this will get fragmented.

The no form of this command removes this functionality.

Parameters

octets.

Specifies the largest frame size (in octets) that this interface can handle.

Values

512 to 9000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>subscr-mgmt>git ip-mtu)

Full Context

configure subscriber-mgmt group-interface-template ip-mtu

Description

This command configures the maximum size of outgoing IP packets on this group interface. Packets larger than this are fragmented.

The no form of this command removes the configuration.

Default

no ip-mtu

Parameters

octets

Specifies the largest frame size (in octets) that this interface can handle.

Values

512 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>ies>aarp-interface ip-mtu)

Full Context

configure service ies aarp-interface ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of this command returns the default value.

Default

no ip-mtu

By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

Parameters

octets

Specifies the maximum number of octets that can be transmitted.

Values

512 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>ies>red-if ip-mtu)

Full Context

configure service ies redundant-interface ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for the associated router IP interface.

The configured IP-MTU cannot be larger than the calculated IP MTU based on the port MTU configuration.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

The no form of this command returns the associated IP interfaces MTU to its default value, which is calculated based on the port MTU setting. For Ethernet ports this will typically be 1554.

Default

no ip-mtu

Parameters

octets

Specifies the octets.

Values

512 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no up-mtu

Context

[Tree] (config>service>vprn>aarp-interface ip-mtu)

Full Context

configure service vprn aarp-interface ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of this command returns the default value. By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

Default

no ip-mtu

Parameters

octets

Specifies the maximum number of octets that can be transmitted.

Values

512 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>vprn>nw-if ip-mtu)

[Tree] (config>service>vprn>red-if ip-mtu)

Full Context

configure service vprn network-interface ip-mtu

configure service vprn redundant-interface ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for the associated router IP interface.

The configured IP-MTU cannot be larger than the calculated IP MTU based on the port MTU configuration.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

The no form of this command returns the associated IP interfaces MTU to its default value, which is calculated based on the port MTU setting. For Ethernet ports this will typically be 1554.

Default

no ip-mtu

Parameters

octets

Specifies the octets.

Values

512 to 9786

Platforms

All

  • configure service vprn network-interface ip-mtu

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn redundant-interface ip-mtu

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>service>ies>aa-interface ip-mtu)

[Tree] (config>service>vprn>aa-interface ip-mtu)

Full Context

configure service ies aa-interface ip-mtu

configure service vprn aa-interface ip-mtu

Description

This command configures the AA interface IP MTU.

Default

no ip-mtu

Parameters

octets

Specifies the MTU value.

Values

512 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>ipsec>tnl-temp ip-mtu)

Full Context

configure ipsec tunnel-template ip-mtu

Description

This command configures the template IP MTU.

Default

no ip-mtu

Parameters

octets

Specifies the maximum size in octets.

Values

512 to 9000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu bytes

Context

[Tree] (config>isa>nat-group>inter-chassis-redundancy ip-mtu)

Full Context

configure isa nat-group inter-chassis-redundancy ip-mtu

Description

This command configures the IP-MTU size that is used to transport flow synchronization records between the ISAs. Multiple flow synchronization events can be packed into a single frame up to the IP-MTU size.

Default

ip-mtu 1500

Parameters

bytes

Specifies the IP-MTU size in bytes.

Values

512 to 9000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (config>router>if ip-mtu)

Full Context

configure router interface ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for the associated router IP interface.

The operational IP MTU that is used for the interface is determined based on both the configured IP MTU and the port MTU of the port bound to this interface.

The MTU that is used is:

MINIMUM((Port_MTU - EthernetHeaderSize), (configured ip-mtu))

The no form of this command returns the associated IP interfaces MTU to its default value, which is calculated based on the port MTU setting. (For Ethernet ports the default IP MTU is 1500 octets.)

Default

no ip-mtu

Parameters

octets

Specifies the IP MTU value associated with the IP interface, specified in octets. If the interface supports IPv6 packets, the IP-MTU must be set to a value greater than or equal to ( ≥) 1280 in accordance with RFC 2460 Internet Protocol, Version 6 (IPv6) Specification.

Values

512 to 9786

Platforms

All

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

[Tree] (bof ip-mtu)

Full Context

bof ip-mtu

Description

This command configures the IP maximum transmit unit (packet) for the management router instance.

The operational IP MTU that is used for the interface is determined based on both the configured IP MTU and the port MTU of the port bound to this interface.

The MTU that is used is:

MINIMUM((Port_MTU - EthernetHeaderSize), (configured ip-mtu))

For the management port, the port MTU is fixed at 1514 and the EthernetHeaderSize is 14 so the first element of the equation above is 1500 octets.

The no form of this command returns the associated IP interfaces MTU to its default value, which is calculated based on the port MTU setting. (For the management port the default IP MTU is 1500 octets.)

Default

ip-mtu 1500

Parameters

octets

Specifies the IP MTU value associated with the IP interface, specified in octets. If the interface supports IPv6 packets, the IP-MTU must be set to a value greater than or equal to ( ≥) 1280 in accordance with RFC 2460 Internet Protocol, Version 6 (IPv6) Specification.

Values

512 to 9786

Platforms

All

ip-option

ip-option

Syntax

ip-option ip-option-value [ip-option-mask]

no ip-option

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match ip-option)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match ip-option)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match ip-option

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match ip-option

Description

This command configures the IP option match condition.

The no form of this command reverts to the default.

Parameters

ip-option-value

Specifies the IP option value as a decimal hex or binary.

Values

0 to 255

ip-option-mask

Specifies the IP option mask as a decimal hex or binary.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-option

Syntax

ip-option ip-option-value [ip-option-mask]

no ip-option

Context

[Tree] (config>filter>ip-filter>entry>match ip-option)

Full Context

configure filter ip-filter entry match ip-option

Description

This command configures matching packets with a specific IP option or a range of IP options in the first option of the IP header as an IP filter match criterion.

The option-type octet contains 3 fields:

  • 1 bit copied flag (copy options in all fragments)

  • 2 bits option class

  • 5 bits option number

The no form of the command removes the match criterion.

Default

no ip-option

Parameters

ip-option-value

Specifies the 8 bit option-type as a decimal integer, binary, or hexadecimal format. The mask is applied as an AND to the option byte, the result is compared with the option-value.

The decimal value entered for the match should be a combined value of the eight bit option type field and not just the option number. Therefore, to match on IP packets that contain the Router Alert option (option number = 20), enter the option type of 148 (10010100).

Values

0 to 255

ip-option-mask

Specifies an optional parameter that can be used when specifying a range of option numbers to use as the match criteria.

This 8 bit mask can be configured using the following formats:

Table 3. ip-option-mask Formats

Format Style

Format Syntax

Example

Decimal

DDD

20

Hexadecimal

0xHH

0x14

Binary

0bBBBBBBBB

0b0010100

Default

255 (decimal) (exact match)

Values

1 to 255 (decimal)

Platforms

All

ip-option

Syntax

ip-option ip-option-value ip-option-mask

no ip-option

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match ip-option)

Full Context

configure system security cpm-filter ip-filter entry match ip-option

Description

This command configures matching packets with a specific IP option or a range of IP options in the IP header as an IP filter match criterion.

The option-type octet contains 3 fields:

  • 1 bit copied flag (copy options in all fragments)

  • 2 bits option class

  • 5 bits option number

The no form of this command removes the match criterion.

Default

no ip-option

Parameters

ip-option-value

Enter the 8 bit option-type as a decimal integer. The mask is applied as an AND to the option byte, the result is compared with the option-value.

The decimal value entered for the match should be a combined value of the eight bit option type field and not just the option number. Thus to match on IP packets that contain the Router Alert option (option number =20), enter the option type of 148 (10010100).

Values

0 to 255

ip-option-mask

Specifies a range of option numbers to use as the match criteria.

This 8 bit mask can be configured using the formats described in ip-option-mask Formats:

Table 4. ip-option-mask Formats

Format Style

Format Syntax

Example

Decimal

DDD

20

Hexadecimal

0xHH

0x14

Binary

0bBBBBBBBB

0b0010100

Default

255 (decimal) (exact match)

Values

1 to 255 (decimal)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ip-prefix

ip-prefix

Syntax

ip-prefix ip-prefix/ip-prefix-length

no ip-prefix

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident ip-prefix)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification ip-prefix

Description

This command specifies the source IPv4/IPv6 address/prefix of the data trigger packet as the host identification.

Note:

This command is only used when ip is configured as one of the match-list parameters.

The no form of this command removes the IP prefix from the configuration.

Parameters

ip-prefix/ip-prefix-length

Specifies the IPv4 address, IPv6 address, or IPv6 prefix.

Values

ipv4-prefix a.b.c.d

ipv4-prefix-length 0 to 32

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x to [0 to FFFF]H

d to [0 to 255]D

ipv6-prefix-length 0 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ip-prefix

Syntax

ip-prefix ipv6-prefix/prefix-length

no ip-prefix

Context

[Tree] (conf>router>segment-routing>srv6>loc>prefix ip-prefix)

Full Context

configure router segment-routing segment-routing-v6 locator prefix ip-prefix

Description

This command configures the IPv6 prefix and prefix length for an SRv6 locator.

The locator prefix length is the sum of the lengths of the block field and that of the node ID field.

The no form of this command deletes the IPv6 prefix from this locator.

Default

no ip-prefix

Parameters

ipv6-prefix/prefix-length

Specifies an IPv6 address prefix written as hexadecimal numbers separated by colons with host bits set to 0.

Values

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

ipv6-prefix-length

4 to 96

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ip-prefix

Syntax

ip-prefix ipv6-prefix/prefix-length

no ip-prefix

Context

[Tree] (conf>router>sr>srv6>ms>block>prefix ip-prefix)

Full Context

configure router segment-routing segment-routing-v6 micro-segment block prefix ip-prefix

Description

This command configures the IPv6 prefix and prefix length for an SRv6 micro-segment locator.

For micro-segment SRv6, the locator prefix length must be equal to the micro-segment block length.

The no form of this command deletes the IPv6 prefix from this micro-segment locator.

Default

no ip-prefix

Parameters

ipv6-prefix/prefix-length

Specifies an IPv6 address prefix written as hexadecimal numbers separated by colons with host bits set to 0.

Values

ipv6-prefix

x:x:x:x:x:x:x:x (eight 4-hexadecimal pieces)

ipv6-prefix-length

8 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ip-prefix-list

ip-prefix-list

Syntax

ip-prefix-list ip-prefix-list-name [create]

no ip-prefix-list ip-prefix-list-name

Context

[Tree] (config>app-assure>group ip-prefix-list)

Full Context

configure application-assurance group ip-prefix-list

Description

This command configures an IP prefix list.

Parameters

ip-prefix-list-name

Specifies the name of the IP prefix list, up to 32 characters.

create

Mandatory keyword used when creating an application profile. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-prefix-list

Syntax

ip-prefix-list ip-prefix-list-name [create]

no ip-prefix-list ip-prefix-list-name

Context

[Tree] (config>qos>match-list ip-prefix-list)

Full Context

configure qos match-list ip-prefix-list

Description

This command creates a list of IPv4 prefixes for match criteria in QoS policies.

An IP prefix list must contain only IPv4 address prefixes created using the prefix command and cannot be deleted if it is referenced by a QoS policy.

The no form of this command deletes the specified list.

Parameters

ip-prefix-list-name

A string of up to 32 characters of printable ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The name default (case insensitive) is reserved by the system.

Platforms

All

ip-prefix-list

Syntax

ip-prefix-list ip-prefix-list-name [create]

no ip-prefix-list ip-prefix-list-name

Context

[Tree] (config>filter>match-list ip-prefix-list)

Full Context

configure filter match-list ip-prefix-list

Description

This command creates a list of IPv4 prefixes for match criteria in IPv4 ACL and CPM filter policies.

The no form of this command deletes the specified list.

Operational Notes:

An ip-prefix-list must contain only IPv4 address prefixes.

An IPv4 prefix match list cannot be deleted if it is referenced by a filter policy.

See general description related to match-list usage in filter policies.

Parameters

ip-prefix-list-name

Specifies a string of up to 32 printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

All

ip-prefix-routes

ip-prefix-routes

Syntax

ip-prefix-routes

Context

[Tree] (config>service>system>bgp-evpn ip-prefix-routes)

Full Context

configure service system bgp-evpn ip-prefix-routes

Description

Commands in this context configure attribute uniform propagation and BGP path selection.

Platforms

All

ip-protocol-num

ip-protocol-num

Syntax

ip-protocol-num {eq | neq} protocol-id

no ip-protocol-num

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match ip-protocol-num)

[Tree] (config>app-assure>group>policy>app-filter>entry ip-protocol-num)

Full Context

configure application-assurance group policy app-qos-policy entry match ip-protocol-num

configure application-assurance group policy app-filter entry ip-protocol-num

Description

This command configures the IP protocol to use in the application definition.

The no form of this command restores the default (removes IP protocol number from application criteria defined by this app-filter entry).

Default

no ip-protocol-num

Parameters

eq

Specifies that the value configured and the value in the flow must be equal.

neq

Specifies that the value configured differs from the value in the flow.

protocol-id

Specifies the decimal value representing the IP protocol to be used as an IP filter match criterion. Well known protocol numbers include ICMP (1), TCP (6), UDP (17).

The no form the command removes the protocol from the match criteria.

Values

1 to 255 (Decimal, Hexadecimal, or Binary representation).

Supported IANA IP protocol names:

none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-frag, ipv6-icmp, ipv6-no-nxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pim, pnni, ptp, rdp, rsvp, sctp, stp, tcp, udp, vrrp

* - udp/tcp wildcard

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-protocol-num

Syntax

ip-protocol-num ip-protocol number

no ip-protocol-num

Context

[Tree] (config>app-assure>group>policy>sess-fltr>entry>match ip-protocol-num)

Full Context

configure application-assurance group policy session-filter entry match ip-protocol-num

Description

This command configures the IP protocol to use in the application definition.

The no form of this command restores the default (removes IP protocol number from application criteria defined by this app-filter entry).

Default

no ip-protocol-num

Parameters

ip-protocol-number

Specifies the decimal value representing the IP protocol to be used as an IP filter match criterion. Well known protocol numbers include ICMP (1), TCP (6), UDP (17).

The no form the command removes the protocol from the match criteria.

Values

protocol-number: 0 to 255 (decimal, hexadecimal, or binary representation)

protocol-name: Supported IANA IP protocol names:

none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-frag, ipv6-icmp, ipv6-no-nxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pim, pnni, ptp, rdp, rsvp, sctp, stp, tcp, udp, vrrp

* - udp/tcp wildcard

ip-protocol-num

Syntax

ip-protocol-num {eq | neq} protocol-id

no ip-protocol-num

Context

[Tree] (debug>app-assure>group>traffic-capture>match ip-protocol-num)

Full Context

debug application-assurance group traffic-capture match ip-protocol-num

Description

This command configures debugging on an IP protocol number.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-route-advertisement

ip-route-advertisement

Syntax

ip-route-advertisement [incl-host] [domain-id global-field:local-field]

no ip-route-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn ip-route-advertisement)

Full Context

configure service vpls bgp-evpn ip-route-advertisement

Description

This command enables and disables the advertisement of IP prefixes in EVPN. If enabled, any active route in the R-VPLS VPRN route table are advertised in EVPN using the VPLS BGP configuration. The interface host addresses are not advertised in EVPN unless the ip-route-advertisement incl-host command is enabled.

The no form of this command disables IP prefixes advertisement in EVPN.

Default

no ip-route-advertisement

Parameters

incl-host

Specifies to advertise the interface host addresses in EVPN.

global-field:local-field

Specifies the domain ID.

Values

4byte-GlobalAdminValue:2byte-LocalAdminValue

4byte-GlobalAdminValue:

0 to 4294967295

2byte-LocalAdminValue

0 to 65535

Platforms

All

ip-route-link-bandwidth

ip-route-link-bandwidth

Syntax

ip-route-link-bandwidth

Context

[Tree] (config>service>vpls>bgp-evpn ip-route-link-bandwidth)

Full Context

configure service vpls bgp-evpn ip-route-link-bandwidth

Description

Commands in this context configure the IP route link bandwidth.

Platforms

All

ip-src

ip-src

Syntax

ip-src ip-address

no ip-src

Context

[Tree] (config>li>mirror-dest-template>layer-3-encap ip-src)

Full Context

configure li mirror-dest-template layer-3-encap ip-src

Description

This command configures the source IPv4 address to use in the IPv4 header part of the routable LI encapsulation.

Parameters

ip-address

Specifies the source IPv4 address.

Values

a.b.c.d

Platforms

All

ip-ttl

ip-ttl

Syntax

ip-ttl hops

no ip-ttl

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile ip-ttl)

Full Context

configure subscriber-mgmt gtp peer-profile ip-ttl

Description

This command configures the value to put in the IP header’s TTL field for GTP control messages.

The no form of this command reverts to the default value.

Default

ip-ttl 255

Parameters

hops

Specifies the IP TTL.

Values

1 to 255

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ip-tunnel

ip-tunnel

Syntax

ip-tunnel name [create]

no ip-tunnel name

Context

[Tree] (config>service>vprn>if>sap ip-tunnel)

[Tree] (config>service>ies>if>sap ip-tunnel)

Full Context

configure service vprn interface sap ip-tunnel

configure service ies interface sap ip-tunnel

Description

This command is used to configure an IP-GRE or IP-IP tunnel and associate it with a private tunnel SAP within an IES or VPRN service.

The no form of this command deletes the specified IP/GRE or IP-IP tunnel from the configuration. The tunnel must be administratively shutdown before issuing the no ip-tunnel command.

Default

no-ip tunnel name

Parameters

name

Specifies the name of the IP tunnel. Tunnel names can be from 1 to 32 alphanumeric characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

Platforms

All

ipcp-subnet-negotiation

ipcp-subnet-negotiation

Syntax

no ipcp-subnet-negotiation

Context

[Tree] (config>router>l2tp>group>ppp ipcp-subnet-negotiation)

[Tree] (config>service>vprn>l2tp>group>ppp ipcp-subnet-negotiation)

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp ipcp-subnet-negotiation)

[Tree] (config>router>l2tp>group>tunnel>ppp ipcp-subnet-negotiation)

Full Context

configure router l2tp group ppp ipcp-subnet-negotiation

configure service vprn l2tp group ppp ipcp-subnet-negotiation

configure service vprn l2tp group tunnel ppp ipcp-subnet-negotiation

configure router l2tp group tunnel ppp ipcp-subnet-negotiation

Description

This command configures the IPCP subnet negotiation using PPP IPCP Subnet-Mask option (0x90) if requested by the client. The subnet can be obtained from RADIUS (Framed-IP-Netmask attribute) or local user database. The subnet is installed as a managed route of the PPP session. This requires the anti-spoof type on the SAP to be configured to nh-mac.

By default, an IPCP Config Request with IPCP Subnet-Mask option (0x90) is rejected.

The no form of this command reverts to the default value.

Default

no ipcp-subnet-negotiation

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipcp-subnet-negotiation

Syntax

[no] ipcp-subnet-negotiation

Context

[Tree] (config>subscr-mgmt>ppp-policy ipcp-subnet-negotiation)

Full Context

configure subscriber-mgmt ppp-policy ipcp-subnet-negotiation

Description

This command enables subnet negotiation using PPP IPCP Subnet-Mask option (0x90) if requested by the client. The subnet can be obtained from RADIUS (Framed-IP-Netmask attribute) or local user database. The subnet is installed as a managed route of the PPP session. This requires the anti-spoof type on the SAP to be configured to nh-mac.

By default, an IPCP Config Request with IPCP Subnet-Mask option (0x90) is rejected.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipfix

ipfix

Syntax

ipfix

Context

[Tree] (config>service ipfix)

Full Context

configure service ipfix

Description

Commands in this context configure IPFIX parameters.

Platforms

All

ipfix-export-policy

ipfix-export-policy

Syntax

ipfix-export-policy policy-name

no ipfix-export-policy

Context

[Tree] (config>service>nat>nat-policy ipfix-export-policy)

[Tree] (config>service>nat>up-nat-policy ipfix-export-policy)

Full Context

configure service nat nat-policy ipfix-export-policy

configure service nat up-nat-policy ipfix-export-policy

Description

This command configures the IP flow information export policy.

The no form of the command removes the IP flow information export policy.

Default

no ipfix-export-policy

Parameters

policy-name

Specifies the name of the policy, up to 32 characters. The specified policy must be created in the config>service>ipfix ipfix-export-policy context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipfix-export-policy

Syntax

ipfix-export-policy policy-name [create]

no ipfix-export-policy policy-name

Context

[Tree] (config>service>ipfix ipfix-export-policy)

Full Context

configure service ipfix ipfix-export-policy

Description

This command creates an IPFIX export policy with a set of transport parameters that will be used to transmit IPFIX records generated by an application within 7750 SR node to an external collector node. This policy name can be referenced from each application within 7750 SR that requires flow logging.

Parameters

policy-name

Specifies the name of the policy that can be referenced within an application in 7750 SR node that requires flow logging.

create

Keyword used to create the policy.

Platforms

All

ipipe

ipipe

Syntax

ipipe service-id [customer customer-id] [ create] [vpn vpn-id] [vc-switching] [ name name]

no ipipe service-id

Context

[Tree] (config>service ipipe)

Full Context

configure service ipipe

Description

This command configures an IP-Pipe service.

Parameters

service-id

The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7450 ESS or 7750 SR on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: up to 64 characters

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn vpn-id

Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN identification number.

Values

1 to 2147483647

Default

null (0)

vc-switching

Specifies if the pseudowire switching signaling is used for the spoke SDPs configured in this service.

create

Keyword used to create the Ipipe service instance. The create keyword requirement can be enabled/disabled in the environment>create context.

name name

Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values

name: up to 64 characters

Platforms

All

ipoe

ipoe

Syntax

ipoe

Context

[Tree] (config>subscr-mgmt>loc-user-db ipoe)

Full Context

configure subscriber-mgmt local-user-db ipoe

Description

Commands in this context configure IPoE host parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe

Syntax

ipoe

Context

[Tree] (debug>call-trace ipoe)

Full Context

debug call-trace ipoe

Description

Commands in this context set up call trace debugging for IP over Ethernet (IPoE) sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe

Syntax

ipoe origin

Context

[Tree] (config>li>x-interfaces>correlation-id ipoe)

Full Context

configure li x-interfaces correlation-id ipoe

Description

This command specifies the type of RADIUS accounting session ID to use for IPoE subscriber correlation.

Default

host

Parameters

origin

Specifies the correlation identifier origin type for IPoE.

Values

host, queue, session

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipoe

Syntax

ipoe max-nr-of-sessions

no ipoe

Context

[Tree] (config>subscr-mgmt>sub-profile>session-limits ipoe)

[Tree] (config>subscr-mgmt>sla-profile>session-limits ipoe)

Full Context

configure subscriber-mgmt sub-profile session-limits ipoe

configure subscriber-mgmt sla-profile session-limits ipoe

Description

This command configures the maximum number of IPoE sessions per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPoE sessions limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of IPoE sessions.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe-bridged-mode

ipoe-bridged-mode

Syntax

[no] ipoe-bridged-mode

Context

[Tree] (config>service>ies>sub-if>ipv6 ipoe-bridged-mode)

[Tree] (config>service>vprn>sub-if>ipv6 ipoe-bridged-mode)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6 ipoe-bridged-mode)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 ipoe-bridged-mode)

Full Context

configure service ies subscriber-interface ipv6 ipoe-bridged-mode

configure service vprn subscriber-interface ipv6 ipoe-bridged-mode

configure service vprn subscriber-interface group-interface ipv6 ipoe-bridged-mode

configure service ies subscriber-interface group-interface ipv6 ipoe-bridged-mode

Description

This command enables IPv6 IPoE bridged mode.

The no form of this command disables the IPv6 IPoE bridged mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe-linking

ipoe-linking

Syntax

ipoe-linking

Context

[Tree] (config>service>vprn>sub-if>grp-if ipoe-linking)

[Tree] (config>service>vprn>sub-if ipoe-linking)

[Tree] (config>service>ies>sub-if ipoe-linking)

[Tree] (config>service>ies>sub-if>grp-if ipoe-linking)

Full Context

configure service vprn subscriber-interface group-interface ipoe-linking

configure service vprn subscriber-interface ipoe-linking

configure service ies subscriber-interface ipoe-linking

configure service ies subscriber-interface group-interface ipoe-linking

Description

Commands in this context configure IPoE host linking.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe-session

ipoe-session

Syntax

[no] ipoe-session

Context

[Tree] (config>service>vprn>sub-if ipoe-session)

[Tree] (config>service>vpls>sap ipoe-session)

[Tree] (config>service>ies>sub-if>grp-if ipoe-session)

[Tree] (config>service>ies>sub-if ipoe-session)

[Tree] (config>service>vprn>sub-if>grp-if ipoe-session)

Full Context

configure service vprn subscriber-interface ipoe-session

configure service vpls sap ipoe-session

configure service ies subscriber-interface group-interface ipoe-session

configure service ies subscriber-interface ipoe-session

configure service vprn subscriber-interface group-interface ipoe-session

Description

Commands in this context configure IPoE session parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe-session-policy

ipoe-session-policy

Syntax

ipoe-session-policy policy-name [create]

no ipoe-session-policy policy-name

Context

[Tree] (config>subscr-mgmt ipoe-session-policy)

Full Context

configure subscriber-mgmt ipoe-session-policy

Description

This command configures an IPoE session policy. The policies are referenced from subscriber interfaces, group interfaces and capture SAPs. Multiple IPoE session policies can be configured.

The no form of this command removes the policy name from the configuration.

Parameters

policy-name

Specifies the IPoE policy name up to 32 characters.

create

Keyword required to create the configuration context

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe-session-policy

Syntax

ipoe-session-policy policy-name

no ipoe-session-policy

Context

[Tree] (config>service>vpls>sap>ipoe-session ipoe-session-policy)

[Tree] (config>service>ies>sub-if>grp-if>ipoe-session ipoe-session-policy)

[Tree] (config>service>vprn>sub-if>grp-if>ipoe-session ipoe-session-policy)

Full Context

configure service vpls sap ipoe-session ipoe-session-policy

configure service ies subscriber-interface group-interface ipoe-session ipoe-session-policy

configure service vprn subscriber-interface group-interface ipoe-session ipoe-session-policy

Description

This command specifies the IPoE session policy applicable for this group interface or capture SAP.

On WLAN GW group interfaces, it is not possible to change this value.

The no form of this command reverts to the default.

Default

no ipoe-session-policy ipoe-session-policy default on WLAN GW group interfaces

Parameters

policy-name

Specifies the IPoE session policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipoe-sub-id-key

ipoe-sub-id-key

Syntax

ipoe-sub-id-key sub-id-key [sub-id-key]

no ipoe-sub-id-key

Context

[Tree] (config>subscr-mgmt>auto-sub-id-key ipoe-sub-id-key)

Full Context

configure subscriber-mgmt auto-sub-id-key ipoe-sub-id-key

Description

This command enables certain fields to become the base for auto-generation of the default sub-id name. The sub-id name is auto generated if there is not a more specific method available. Such more specific methods would be a default sub-id name as a sap-id, a preconfigured static string or explicit mappings based on RADIUS/LUDB returned strings.

In case that a more specific sub-id name generation method is not available and the auto-id keyword is defined under the def-sub-id hierarchy, the sub-id name is generated by concatenating fields defined in this command separated by a "|” character.

The maximum length of the auto-generated sub-id name is 64 characters while the concatenation of subscriber identification fields can exceed 64 characters. Subscriber host instantiation fails if the sub-id name is based on subscriber identification fields whose concatenated length exceeds 64 characters. Failing the host creation rather than truncating the sub-id name on a 64 character boundary prevents collision of sub-ids (subscriber name duplication).

If the more specific sub-id name generation method is not available and the auto-id keyword is not defined under the def-sub-id hierarchy, the sub-id name is a random 10 character encoded string based on the fields defined under this command.

There is only one set of identification fields allowed per host type (IPoE or PPP) per chassis.

The no form of this command reverts to the default.

Default

ipoe-sub-id-key mac sap-id

Parameters

sub-id-key

Specifies the auto-generated sub-id keys for IPoE hosts.

Values

mac — Specifies that the MAC address can be combined with other subscriber host identification fields (circuit-id, remote-id, session-id, sap-id, or service-name) to form a sub-id name in a user readable format or as a random 10 character encoded value.

In case that the mac address is used as a concatenation field in the sub-id name, then its format becomes a string xx:xx:xx:xx:xx:xx with the length 17B.

The MAC address as the subscriber host identification field is not applicable to static hosts.

circuit-id — Specifies that the circuit-id can be combined with other subscriber host identification fields (mac, remote-id, session-id, sap-id, or service-name) to form a sub-id name in a user readable format or as a random 10 character encoded value.

In case that the circuit-id is used as a concatenation field in the sub-id name, then its format becomes access-node-id eth slot/port:[vlan-id] or access-node-id atm slot/port:vpi.vci with a variable length.

Note:

If circuit-id contains any non-printable ASCII characters, the entire circuit-id string is formatted in hex in the sub-id name output. Otherwise all characters in circuit-id is converted to ASCII. ASCII printable characters contain bytes in range 0x20 to 0x7E.

The circuit-id as the subscriber identification field is not applicable to ARP hosts or static hosts.

remote-id — Specifies that the remote-id can be combined with other subscriber host identification fields (mac, circuit-id, session-id, sap-id, or service-name) to form a sub-id name in a user readable format or as a random 10 character encoded value.

In case that the remote-id is used as a concatenation field in the sub-id name, then its format becomes a remote-id string with a variable length.

Note:

If remote-id contains any non-printable ASCII characters, the entire remote-id string is formatted in hex in the sub-id name output. Otherwise all characters in remote-id is converted to ASCII. ASCII printable characters contain bytes in range 0x20 to 0x7E.

The remote-id as the subscriber identification field is not applicable to ARP hosts or static hosts.

sap-id — Specifies that the sap-id can be combined with other subscriber host identification fields (mac, circuit-id, remote-id, session-id, or service-name) to form a sub-id name in a user readable format or as a random 10 character encoded value.

If a circuit-id is used as a concatenation field in the sub-id name, then its format becomes: slot/mda:[outer-vlan].[inner-vlan] with a variable length.

The sap-id as the subscriber identification field is applicable to all hosts types with exception of static hosts.

dual-stack-remote-id — Specifies that the dual stack remote ID is used as the base for the auto-generated subscriber identification

service-name — Specifies that the service name that terminates the subscriber is used as the base for auto-generated subscriber identification.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipsec

ipsec

Syntax

ipsec

Context

[Tree] (admin ipsec)

Full Context

admin ipsec

Description

Commands in this context perform Internet Protocol Security (IPsec) operations. IPsec is a structure of open standards to ensure private, secure communications over Internet Protocol (IP) networks by using cryptographic security services.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec

Syntax

[no] ipsec

Context

[Tree] (config>redundancy>multi-chassis>peer>sync ipsec)

Full Context

configure redundancy multi-chassis peer sync ipsec

Description

This command enables multi-chassis synchronization of IPsec states on system level.

Default

no ipsec

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec

Syntax

ipsec

Context

[Tree] (config ipsec)

Full Context

configure ipsec

Description

Commands in this context configure Internet Protocol Security (IPsec) parameters. IPsec is a structure of open standards to ensure private, secure communications over Internet Protocol (IP) networks by using cryptographic security services.

Platforms

All

ipsec

Syntax

ipsec [tunnel-group ipsec-group-id] [ public-sap public-sap]

no ipsec

Context

[Tree] (config>service>ies>if ipsec)

[Tree] (config>service>vprn ipsec)

[Tree] (config>service>ies ipsec)

[Tree] (config>router>if ipsec)

Full Context

configure service ies interface ipsec

configure service vprn ipsec

configure service ies ipsec

configure router interface ipsec

Description

Commands in this context configure IPsec policies on a VSR.

Parameters

ipsec-group-id

Specifies the IPsec group ID used for the IPsec tunnels configured under this context.

Values

1 to 16

public-sap

Specifies the public SAP ID used for the IPsec tunnels configured under this context.

Values

0 to 4096

Platforms

VSR

  • configure service ies interface ipsec
  • configure router interface ipsec

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn ipsec

All

  • configure service ies ipsec

ipsec-auth

ipsec-auth

Syntax

ipsec-auth

Context

[Tree] (debug>oam>build-packet>packet>field-override>header ipsec-auth)

[Tree] (config>test-oam>build-packet>header ipsec-auth)

Full Context

debug oam build-packet packet field-override header ipsec-auth

configure test-oam build-packet header ipsec-auth

Description

This command causes the associated header to be defined as an IPsec header template and enters the context to define the IPsec parameters. This same context can be used for IPv4 and IPv6 packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipsec-domain

ipsec-domain

Syntax

ipsec-domain ipsec-domain-id [create]

no ipsec-domain ipsec-domain-id

Context

[Tree] (config>redundancy>multi-chassis ipsec-domain)

Full Context

configure redundancy multi-chassis ipsec-domain

Description

Commands in this context configure parameters for the multi-chassis IPsec domain configured on this system.

The no form of this command removes the ID from the configuration.

Parameters

ipsec-domain-id

Specifies IPsec domain ID.

Values

1 to 255

create

Keyword used to create the command instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-gw

ipsec-gw

Syntax

ipsec-gw name

no ipsec-gw

Context

[Tree] (config>service>ies>if>sap ipsec-gw)

[Tree] (config>service>vprn>if>sap ipsec-gw)

Full Context

configure service ies interface sap ipsec-gw

configure service vprn interface sap ipsec-gw

Description

This command configures an IPsec gateway.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-lifetime

ipsec-lifetime

Syntax

ipsec-lifetime ipsec-lifetime

no ipsec-lifetime

Context

[Tree] (config>ipsec>ike-policy ipsec-lifetime)

Full Context

configure ipsec ike-policy ipsec-lifetime

Description

This command specifies the lifetime of the Phase 2 IKE key.

The no form of this command reverts to the default, which is 3600 seconds.

Default

no ipsec-lifetime

Parameters

ipsec-lifetime

Specifies the Phase 2 lifetime for this IKE policy in seconds.

Values

1200 to 31536000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-lifetime

Syntax

ipsec-lifetime seconds

ipsec-lifetime inherit

Context

[Tree] (config>ipsec>ipsec-transform ipsec-lifetime)

Full Context

configure ipsec ipsec-transform ipsec-lifetime

Description

This command specifies the CHILD_SA. If the inherit parameter is specified, then the system uses the IPsec lifetime configuration in the corresponding IKE policy configured in the same IPsec gateway or IPsec tunnel.

Default

ipsec-lifetime inherit

Parameters

seconds

Specifies the lifetime of the Phase 2 IKE key in seconds.

Values

1200 to 31536000

inherit

Specifies that the system uses the ipsec-lifetime configuration in the corresponding IKE policy that is configured for the same IPsec gateway or IPsec tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-responder-only

ipsec-responder-only

Syntax

[no] ipsec-responder-only

Context

[Tree] (config>isa>tunnel-group ipsec-responder-only)

Full Context

configure isa tunnel-group ipsec-responder-only

Description

With this command configured, system will only act as IKE responder except for the automatic CHILD_SA re-key upon MC-IPsec switchover.

Default

no ipsec-responder-only

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-transform

ipsec-transform

Syntax

ipsec-transform transform-id [create]

no ipsec-transform transform-id

Context

[Tree] (config>ipsec ipsec-transform)

Full Context

configure ipsec ipsec-transform

Description

Commands in this context create an ipsec-transform policy. IPsec transforms policies can be shared. A change to the ipsec-transform is allowed at any time. The change will not impact tunnels that have been established until they are renegotiated. If the change is required immediately the tunnel must be cleared (reset) for force renegotiation.

IPsec transform policy assignments to a tunnel require the tunnel to be shutdown.

The no form of this command removes the ID from the configuration.

Parameters

transform-id

Specifies a policy ID value to identify the IPsec transform policy.

Values

1 to 2048

create

This keyword is mandatory when creating an ipsec-transform policy. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-transport-mode-profile

ipsec-transport-mode-profile

Syntax

ipsec-transport-mode-profile name [create]

no ipsec-transport-mode-profile name

Context

[Tree] (config ipsec ipsec-transport-mode-profile)

Full Context

configure ipsec ipsec-transport-mode-profile

Description

Commands in this context configure an IPsec transport mode profile.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies the name of the IPsec transport mode profile, up to 32 characters.

create

Keyword used to create the IPsec transport mode profile instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-transport-mode-profile

Syntax

ipsec-transport-mode-profile name

no ipsec-transport-mode-profile

Context

[Tree] (config service ies if sap ip-tunnel ipsec-transport-mode-profile)

[Tree] (config service vprn if sap ip-tunnel ipsec-transport-mode-profile)

Full Context

configure service ies interface sap ip-tunnel ipsec-transport-mode-profile

configure service vprn interface sap ip-tunnel ipsec-transport-mode-profile

Description

This command specifies an IPsec transport mode profile name to the SAP.

The no form of this command removes the profile name from the service configuration.

Parameters

name

Specifies the name of an existing IPsec transport mode profile, up to 32 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipsec-tunnel

ipsec-tunnel

Syntax

ipsec-tunnel ipsec-tunnel-name

no ipsec-tunnel [ipsec-tunnel-name]

Context

[Tree] (config>service>vprn>static-route-entry ipsec-tunnel)

Full Context

configure service vprn static-route-entry ipsec-tunnel

Description

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default

no ipsec-tunnel

Parameters

ipsec-tunnel-name

IPsec tunnel name; maximum length up to 32 characters.

Platforms

All

ipsec-tunnel

Syntax

ipsec-tunnel name [ private-sap [ 0..4094]] [private-service-name private-service-name] [create]

no ipsec-tunnel ipsec-tunnel-name

Context

[Tree] (config>service>ies>if>ipsec ipsec-tunnel)

[Tree] (config>service>vprn>if>sap ipsec-tunnel)

[Tree] (config>router>if>ipsec ipsec-tunnel)

Full Context

configure service ies interface ipsec ipsec-tunnel

configure service vprn interface sap ipsec-tunnel

configure router interface ipsec ipsec-tunnel

Description

This command configures a secured interface IPsec tunnel. If the private-service-name is not specified, the private service is the secured interface service.

The no form of this command removes the IPsec tunnel from the configuration.

Parameters

name

Specifies the name of the IPsec tunnel.

private-sap

Specifies the private SAP ID.

Values

0 to 4094

private-service-name

Specifies the private service name.

create

Keyword used to create the IPsec tunnel instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

VSR

  • configure service ies interface ipsec ipsec-tunnel
  • configure router interface ipsec ipsec-tunnel

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-tunnel

ipv4

ipv4

Syntax

ipv4

Context

[Tree] (config>subscr-mgmt>git ipv4)

Full Context

configure subscriber-mgmt group-interface-template ipv4

Description

Commands in this context configure IPv4 parameters.

Default

ipv4

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4

Syntax

ipv4

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>to-client-options ipv4)

Full Context

configure subscriber-mgmt local-user-db ipoe host to-client-options ipv4

Description

Commands in this context configure DHCPv4 options.

Default

ipv4

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4

Syntax

ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict { same-neighbor-as | exact-as-path}] [unequal-cost]

no ipv4

Context

[Tree] (config>service>vprn>bgp>multi-path ipv4)

Full Context

configure service vprn bgp multi-path ipv4

Description

This command sets ECMP multipath parameters that apply only to the (unlabeled) IPv4 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  • The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).

  • The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.

  • If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.

  • The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.

  • The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64).

  • The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.

  • The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.

  • The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command removes IPv4-specific overrides.

Default

no ipv4

Parameters

max-paths

Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.

Values

1 to 64

egp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path-as

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (config>router>ldp>if-params>if ipv4)

Full Context

configure router ldp interface-parameters interface ipv4

Description

Commands in this context configure LDP interfaces and parameters applied to an IPv4 LDP interface.

Platforms

All

ipv4

Syntax

[no] ipv4

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy>family ipv4)

Full Context

configure subscriber-mgmt bgp-peering-policy family ipv4

Description

This command configures Multiprotocol Border Gateway Protocol (MPBGP) support for the IPv4 address family.

The no form of this command removes the IPv4 configuration.

Default

no ipv4

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4

Syntax

[no] ipv4

Context

[Tree] (config>router>ldp>if-params ipv4)

Full Context

configure router ldp interface-parameters ipv4

Description

Commands in this context configure IPv4 LDP parameters applied to the interface.

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (config>router>ldp>targeted-session ipv4)

Full Context

configure router ldp targeted-session ipv4

Description

Commands in this context configure parameters applied to targeted sessions to all IPv4 LDP peers.

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (config>router>ldp>targeted-session>auto-rx ipv4)

[Tree] (config>router>ldp>targeted-session>auto-tx ipv4)

Full Context

configure router ldp targeted-session auto-rx ipv4

configure router ldp targeted-session auto-tx ipv4

Description

Commands in this context configure IPv4 parameters of an automatic targeted LDP session.

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>lcl-addr-assign ipv4)

[Tree] (config>service>vprn>if>sap>ipsec-gw>lcl-addr-assign ipv4)

Full Context

configure service ies interface sap ipsec-gw local-address-assignment ipv4

configure service vprn interface sap ipsec-gw local-address-assignment ipv4

Description

Commands in this context configure IPv4 local address assignment parameters for the IPsec gateway.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv4

Syntax

ipv4

Context

[Tree] (debug>oam>build-packet>packet>field-override>header ipv4)

[Tree] (config>test-oam>build-packet>header ipv4)

Full Context

debug oam build-packet packet field-override header ipv4

configure test-oam build-packet header ipv4

Description

This command causes the associated header to be defined as an IPv4 header template and enables the context to define the IPv4 parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv4

Syntax

[no] ipv4

Context

[Tree] (config>cflowd>collector>export-filter>family ipv4)

Full Context

configure cflowd collector export-filter family ipv4

Description

This command filters IPv4 flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing IPv4 flow data to be sent to the associated collector.

Default

no ipv4

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (config>filter>gre-tun-tmp ipv4)

Full Context

configure filter gre-tunnel-template ipv4

Description

Commands in this context configure GRE tunnel template IPv4 parameters.

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (bof>autoconfigure ipv4)

Full Context

bof autoconfigure ipv4

Description

Commands in this context autoconfigure the IPv4 DHCP client.

Platforms

7450 ESS-7, 7750 SR-1, 7750 SR-7, 7750 SR-1e, 7750 SR-2e, 7750 SR-s

ipv4

Syntax

ipv4 ip-address

ipv4 auto-generate [vendor-id-value vendor-id-value]

no ipv4

Context

[Tree] (config>system>ned>prof>neip ipv4)

Full Context

configure system network-element-discovery profile neip ipv4

Description

This command configures the IPv4 NEIP for this profile. The NEIP can be configured manually or set to be automatically generated using the NEID. If the NEID option is set, the first most significant byte of the IPv4 NEIP is set to 140 and the remaining 3 bytes are set to the NEID value. The NEID can be configured with a vendor ID value, in which case the first most significant byte of the IPv4 NEIP is set to this vendor ID value.

The no form of this command removes the IPv4 address association for this profile.

Default

no ipv4

Parameters

ip-address

Specifies the IPv4 address of the NEIP.

auto-generate

Specifies that the NEIP is automatically generated using the NEID.

vendor-id-value

Specifies the vendor ID value.

Values

1 to 255

Platforms

All

ipv4

Syntax

ipv4 send send-limit receive [none]

ipv4 send send-limit

no ipv4

Context

[Tree] (config>router>bgp>add-paths ipv4)

[Tree] (config>router>bgp>group>neighbor>add-paths ipv4)

[Tree] (config>router>bgp>group>add-paths ipv4)

Full Context

configure router bgp add-paths ipv4

configure router bgp group neighbor add-paths ipv4

configure router bgp group add-paths ipv4

Description

This command configures the add-paths capability for unlabeled IPv4 unicast routes. By default, add-paths is not enabled for unlabeled IPv4 unicast routes.

The maximum number of unlabeled unicast paths per IPv4 prefix to send is the configured send limit, which is a mandatory parameter. The capability to receive multiple unlabeled IPv4 unicast paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command the receive capability is enabled by default.

The no form of this command disables add-paths support for unlabeled IPv4 unicast routes, causing sessions established using add-paths for unlabeled IPv4 unicast to go down and come back up without the add-paths capability.

Default

no ipv4

Parameters

send-limit

Specifies the maximum number of paths per unlabeled IPv4 unicast prefix that are allowed to be advertised to add-paths peers, the actual number of advertised routes may be less. If the value is none, the router does not negotiate the send capability with respect to IPv4 AFI/SAFI. If the value is multipaths, then BGP advertises all of the used BGP multipaths for each IPv4 NLRI if the peer has signaled support to receive multiple add-paths.

Values

1 to 16, none, multipaths

receive

Specifies that the router negotiates to receive multiple unlabeled unicast routes per IPv4 prefix.

none

Specifies that the router does not negotiate to receive multiple unlabeled unicast routes per IPv4 prefix.

Platforms

All

ipv4

Syntax

ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict { same-neighbor-as | exact-as-path}] [unequal-cost]

no ipv4

Context

[Tree] (config>router>bgp>multi-path ipv4)

Full Context

configure router bgp multi-path ipv4

Description

This command sets ECMP multipath parameters that apply only to the (unlabeled) IPv4 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

The no form of this command removes IPv4-specific overrides.

Default

no ipv4

Parameters

max-paths

Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.

Values

1 to 64

ebgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

ipv4

Syntax

ipv4

Context

[Tree] (config>router>if>if-attr>delay>dyn>twamp ipv4)

Full Context

configure router interface if-attribute delay dynamic twamp-light ipv4

Description

Commands in this context select, enable, and specify the IPv4 addressing used to carry the TWAMP Light test packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv4-address

ipv4-address

Syntax

ipv4-address ip-address

no ipv4-address

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query ipv4-address)

Full Context

configure subscriber-mgmt wlan-gw ue-query ipv4-address

Description

This command enables matching on UEs with the specified IPv4 address.

The no form of this command disables matching on the IPv4 address.

Default

no ipv4-address

Parameters

ip-address

Specifies the IPv4 address.

Values

a.b.c.d

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv4-adjacency-sid

ipv4-adjacency-sid

Syntax

ipv4-adjacency-sid label value

no ipv4-adjacency-sid

Context

[Tree] (config>router>isis>interface ipv4-adjacency-sid)

Full Context

configure router isis interface ipv4-adjacency-sid

Description

This command allows a static value to be assigned to an IPv4 adjacency SID in IS-IS segment routing.

The label option specifies that the value is assigned to an MPLS label.

The no form of this command removes the adjacency SID.

Parameters

value

Specifies the adjacency SID label.

Values

18432 to 5248 | 1048575 (FP4 or FP5 only)

Platforms

All

ipv4-arp

ipv4-arp

Syntax

ipv4-arp max-nr-of-hosts

no ipv4-arp

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv4-arp)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv4-arp)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv4-arp

configure subscriber-mgmt sub-profile host-limits ipv4-arp

Description

This command configures the maximum number of IPv4 ARP hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv4 ARP hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv4 ARP hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4-dhcp

ipv4-dhcp

Syntax

ipv4-dhcp max-nr-of-hosts

no ipv4-dhcp

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv4-dhcp)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv4-dhcp)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv4-dhcp

configure subscriber-mgmt sub-profile host-limits ipv4-dhcp

Description

This command limits the number of IPv4 DHCP hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv4 DHCP hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv4 DHCP hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4-mtu

ipv4-mtu

Syntax

ipv4-mtu bytes

no ipv4-mtu

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile ipv4-mtu)

Full Context

configure subscriber-mgmt gtp peer-profile ipv4-mtu

Description

This command configures the value of the IPv4-MTU PCO sent in S11 GTP messages. This is the MTU a device should honor when sending data toward the SGW/PGW. For IPv6, this value is signaled in the RA message and which can be configured in the grp-if> ipv6>rtr-adv>mtu context.

The no form of this command resets the signaled IPv4 MTU to the default.

Default

ipv4-mtu 1400

Parameters

bytes

Specifies the MTU value in bytes.

Values

512 to 9000

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv4-multicast

ipv4-multicast

Syntax

[no] ipv4-multicast

Context

[Tree] (config>service>vprn>isis>multi-topology ipv4-multicast)

Full Context

configure service vprn isis multi-topology ipv4-multicast

Description

This command enables support for the IPv4 topology (MT3) within the associate IS-IS instance.

The no form of this command disables support for the IPv4 topology (MT3) within the associated IS-IS instance.

Default

no ipv4-multicast

Platforms

All

ipv4-multicast

Syntax

[no] ipv4-multicast

Context

[Tree] (config>router>isis>multi-topology ipv4-multicast)

Full Context

configure router isis multi-topology ipv4-multicast

Description

This command enables support for the IPv4 topology (MT3) within the associate IS-IS instance.

The no form of this command disables support for the IPv4 topology (MT3) within the associated IS-IS instance.

Default

no ipv4-multicast

Platforms

All

ipv4-multicast-disable

ipv4-multicast-disable

Syntax

[no] ipv4-multicast-disable

Context

[Tree] (config>service>vpls>pim-snooping ipv4-multicast-disable)

Full Context

configure service vpls pim-snooping ipv4-multicast-disable

Description

This command disables PIM snooping for IPv4 multicast traffic within a VPLS service.

The no form of this command enables PIM snooping for IPv4 multicast traffic within a VPLS service. To fully remove PIM snooping from a VPLS service it is necessary to issue the no pim-snooping command.

Default

no ipv4-multicast-disable

Platforms

All

ipv4-multicast-disable

Syntax

[no] ipv4-multicast-disable

Context

[Tree] (config>service>vprn>isis>if ipv4-multicast-disable)

Full Context

configure service vprn isis interface ipv4-multicast-disable

Description

This command administratively disables/enables ISIS operation for IPv4.

Default

no ipv4-multicast-disable

Platforms

All

ipv4-multicast-disable

Syntax

[no] ipv4-multicast-disable

Context

[Tree] (config>service>vprn>pim ipv4-multicast-disable)

[Tree] (config>service>vprn>pim>if ipv4-multicast-disable)

Full Context

configure service vprn pim ipv4-multicast-disable

configure service vprn pim interface ipv4-multicast-disable

Description

This command administratively disables/enables PIM operation for IPv4.

Default

no ipv4-multicast-disable

Platforms

All

ipv4-multicast-disable

Syntax

[no] ipv4-multicast-disable

Context

[Tree] (config>router>pim>interface ipv4-multicast-disable)

[Tree] (config>router>pim ipv4-multicast-disable)

Full Context

configure router pim interface ipv4-multicast-disable

configure router pim ipv4-multicast-disable

Description

This command administratively enables PIM operation for IPv4.

IPv4 multicast must be enabled to enable MLDP in-band signaling for IPv4 PIM joins; see config>router>pim>interface p2mp-ldp-tree-join.

The no form of this command disables the PIM operation for IPv4.

Default

no ipv4-multicast-disable

Platforms

All

ipv4-multicast-disable

Syntax

[no] ipv4-multicast-disable

Context

[Tree] (config>router>isis>interface ipv4-multicast-disable)

Full Context

configure router isis interface ipv4-multicast-disable

Description

This command disables IS-IS IPv4 multicast routing for the interface.

The no form of this command enables IS-IS IPv4 multicast routing for the interface.

Platforms

All

ipv4-multicast-metric

ipv4-multicast-metric

Syntax

ipv4-multicast-metric metric

no ipv4-multicast-metric

Context

[Tree] (config>service>vprn>isis>if>level ipv4-multicast-metric)

Full Context

configure service vprn isis interface level ipv4-multicast-metric

Description

This command configures IS-IS interface metric for IPv4 multicast for the VPRN instance.

The no form of this command removes the metric from the configuration.

Parameters

metric

Specifies the IS-IS interface metric for IPv4 multicast.

Values

1 to 16777215

Platforms

All

ipv4-multicast-metric

Syntax

ipv4-multicast-metric metric

no ipv4-multicast-metric

Context

[Tree] (config>router>isis>if>level ipv4-multicast-metric)

Full Context

configure router isis interface level ipv4-multicast-metric

Description

This command configures the IS-IS interface metric for IPv4 multicast.

The no form of this command removes the metric from the configuration.

Parameters

metric

Specifies the IS-IS interface metric for IPv4 multicast.

Values

1 to 16777215

Platforms

All

ipv4-multicast-metric-offset

ipv4-multicast-metric-offset

Syntax

ipv4-multicast-metric-offset offset-value

no ipv4-multicast-metric-offset

Context

[Tree] (config>service>vprn>isis>link-group>level ipv4-multicast-metric-offset)

Full Context

configure service vprn isis link-group level ipv4-multicast-metric-offset

Description

This command sets the offset value for the IPv4 multicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv4 multicast topology

The no form of this command reverts the offset value to 0.

Default

no ipv4-multicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.

Values

0 to 6777215

Platforms

All

ipv4-multicast-metric-offset

Syntax

ipv4-multicast-metric-offset offset-value

no ipv4-multicast-metric-offset

Context

[Tree] (config>router>isis>link-group>level ipv4-multicast-metric-offset)

Full Context

configure router isis link-group level ipv4-multicast-metric-offset

Description

This command sets the offset value for the IPv4 multicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv4 multicast topology.

The no form of this command reverts the offset value to 0.

Default

no ipv4-multicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold

Values

0 to 6777215

Platforms

All

ipv4-multicast-routing

ipv4-multicast-routing

Syntax

ipv4-multicast-routing {native | mt}

[no] ipv4-multicast-routing

Context

[Tree] (config>service>vprn>isis ipv4-multicast-routing)

Full Context

configure service vprn isis ipv4-multicast-routing

Description

The multicast RTM is used for Reverse Path Forwarding checks. This command controls which IS-IS topology is used to populate the IPv4 multicast RTM.

The no ipv4-multicast-routing form of this command results in none of the IS-IS routes being populated in the IPv4 multicast RTM and would be used if multicast is configured to use the unicast RTM for the RPF check.

Default

ipv4-multicast-routing native

Parameters

native

Causes IPv4 routes from the MT0 topology to be added to the multicast RTM for RPF checks.

mt

Causes IPv4 routes from the MT3 topology to be added to the multicast RTM for RPF checks.

Platforms

All

ipv4-multicast-routing

Syntax

ipv4-multicast-routing {native | mt}

[no] ipv4-multicast-routing

Context

[Tree] (config>router>isis ipv4-multicast-routing)

Full Context

configure router isis ipv4-multicast-routing

Description

The multicast RTM is used for Reverse Path Forwarding checks. This command controls which IS-IS topology is used to populate the IPv4 multicast RTM.

The no form of this command results in none of the IS-IS routes being populated in the IPv4 multicast RTM and would be used if multicast is configured to use the unicast RTM for the RPF check.

Default

ipv4-multicast-routing native

Parameters

native

Causes IPv4 routes from the MT0 topology to be added to the multicast RTM for RPF checks.

mt

Causes IPv4 routes from the MT3 topology to be added to the multicast RTM for RPF checks.

Platforms

All

ipv4-node-sid

ipv4-node-sid

Syntax

ipv4-node-sid index index-value [clear-n-flag]

ipv4-node-sid label label-value [clear-n-flag]

no ipv4-node-sid

Context

[Tree] (config>router>isis>interface ipv4-node-sid)

Full Context

configure router isis interface ipv4-node-sid

Description

This command assigns a node SID index or label value to the prefix representing the primary address of an IPv4 network interface of type loopback. Only a single node SID can be assigned to an interface. The secondary address of an IPv4 interface cannot be assigned a node SID index and does not inherit the SID of the primary IPv4 address.

The command fails if the network interface is not of type loopback or if the interface is defined in an IES or a VPRN context. Also, assigning the same SID index or label value to the same interface in two different IGP instances is not allowed within the same node.

The value of the label or index SID is taken from the range configured for this IGP instance. When using the global mode of operation, a new segment routing module checks that the same index or label value cannot be assigned to more than one loopback interface address. When using the per-instance mode of operation, this check is not required since the index and thus label ranges of the various IGP instance are not allowed to overlap.

The clear-n-flag option allows the user to clear the N-flag (node-sid flag) in an IS-IS prefix SID sub-TLV originated for the IPv4 prefix of a loopback interface on the system.

By default, the prefix SID sub-TLV for the prefix of a loopback interface is tagged as a node SID, meaning that it belongs to this node only. However, when the user wants to configure and advertise an anycast SID using the same loopback interface prefix on multiple nodes, you must clear the N-flag to assure interoperability with third party implementations, which may perform a strict check on the receiving end and drop duplicate prefix SID sub-TLVs when the N-flag is set.

The SR OS implementation is relaxed on the receiving end and accepts duplicate prefix SIDs with the N-flag set or cleared. SR OS will resolve to the closest owner, or owners if ECMP is configured, of the prefix SID according to its cost.

Default

no ipv4-node-sid

Parameters

index index-value

Specifies the index value.

Values

0 to 4294967295

label label-value

Specifies the label value.

Values

0 to 4294967295

clear-n-flag

Clears the node SID flag.

Default

no clear-n-flag

Platforms

All

ipv4-overall

ipv4-overall

Syntax

ipv4-overall max-nr-of-hosts

no ipv4-overall

Context

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv4-overall)

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv4-overall)

Full Context

configure subscriber-mgmt sub-profile host-limits ipv4-overall

configure subscriber-mgmt sla-profile host-limits ipv4-overall

Description

This command configures the maximum number of IPv4 hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv4 hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv4 hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4-ppp

ipv4-ppp

Syntax

ipv4-ppp max-nr-of-hosts

no ipv4-ppp

Context

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv4-ppp)

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv4-ppp)

Full Context

configure subscriber-mgmt sub-profile host-limits ipv4-ppp

configure subscriber-mgmt sla-profile host-limits ipv4-ppp

Description

This command configures the maximum number of IPv4 PPP hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv4 PPP hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv4 PPP hosts.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv4-prefix

ipv4-prefix

Syntax

ipv4-prefix ipv4-prefix

no ipv4-prefix

Context

[Tree] (config>service>nat>map-domain>mapping-rule ipv4-prefix)

Full Context

configure service nat map-domain mapping-rule ipv4-prefix

Description

This command configures an IPv4 MAP rule prefix.

Parameters

ipv4-prefix

Specifies the IPv4 MAP prefix.

Values

<ipv4-prefix>/<ipv4-prefix-length>

<ipv4-prefix> : a.b.c.d (host bits must be 0)

<ipv4-prefix-length> : [0..32]

Platforms

VSR

ipv4-prefix

Syntax

[no] ipv4-prefix

Context

[Tree] (debug>router>rpki-session>packet ipv4-prefix)

Full Context

debug router rpki-session packet ipv4-prefix

Description

This command enables debugging for IPv4 prefix RPKI packets.

The no form of this command disables debugging for IPv4 prefix RPKI packets.

Platforms

All

ipv4-routing

ipv4-routing

Syntax

[no] ipv4-routing

Context

[Tree] (config>service>vprn>isis ipv4-routing)

Full Context

configure service vprn isis ipv4-routing

Description

This command specifies whether this IS-IS instance supports IPv4.

The no form of this command disables IPv4 on the IS-IS instance.

Default

ipv4-routing

Platforms

All

ipv4-routing

Syntax

[no] ipv4-routing

Context

[Tree] (config>router>isis ipv4-routing)

Full Context

configure router isis ipv4-routing

Description

This command specifies whether this IS-IS instance supports IPv4.

The no form of this command disables IPv4 on the IS-IS instance.

Default

ipv4-routing

Platforms

All

ipv4-sid

ipv4-sid

Syntax

ipv4-sid index index-id

ipv4-sid label label-id

no ipv4-sid

Context

[Tree] (config>router>segment-routing>sr-mpls>prefix-sids ipv4-sid)

Full Context

configure router segment-routing sr-mpls prefix-sids ipv4-sid

Description

This command is used to configure the IPv4 segment routing SID associated with the primary IPv4 address of the loopback or system interface.

The no form of this command removes the configuration of the IPv4 segment routing SID associated with the primary IPv4 interface address.

Default

no ipv4-sid

Parameters

index index-id

Specifies the node SID index for this interface.

Values

0 to 4294967295

label label-id

Specifies the label value for the node SID.

Values

32 to 1048575

Platforms

All

ipv4-source-address

ipv4-source-address

Syntax

ipv4-source-address ipv4-address

no ipv4-source-address

Context

[Tree] (config>service>vprn>dns ipv4-source-address)

Full Context

configure service vprn dns ipv4-source-address

Description

This command configures the IPv4 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv4 DNS server address by other means, can use this for DNS name resolution.

The ipv4-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of this command reverts to the default.

Parameters

ipv4-address

Specifies the IPv4 address of the default secondary DNS server.

Values

ipv4-address - a.b.c.d

Platforms

All

ipv4-source-address

Syntax

ipv4-source-address ip-address

no ipv4-source-address

Context

[Tree] (config>system>file-trans-prof ipv4-source-address)

Full Context

configure system file-transmission-profile ipv4-source-address

Description

This command specifies the IPv4 source address used for transport protocol.

The no form of this command uses the default source address which typically is the address of the egress interface.

Default

no ipv4-source-address

Parameters

ip-address

Specifies a unicast v4 address. This should be a local interface address.

Platforms

All

ipv4-source-address

Syntax

ipv4-source-address ip-address

no ipv4-source-address

Context

[Tree] (config>service>nat>syslog>syslog-export-policy>collector ipv4-source-address)

Full Context

configure service nat syslog syslog-export-policy collector ipv4-source-address

Description

This command configures the IPv4 source address from which the UDP streams containing syslog flow records are sourced.

The no form of the command removes the IPv4 address from the configuration.

Parameters

ip-address

Specifies the source IPv4 address from which UDP streams are sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv4-unicast-metric-offset

ipv4-unicast-metric-offset

Syntax

ipv4-unicast-metric-offset offset-value

no ipv4-unicast-metric-offset

Context

[Tree] (config>service>vprn>isis>link-group>level ipv4-unicast-metric-offset)

Full Context

configure service vprn isis link-group level ipv4-unicast-metric-offset

Description

This command sets the offset value for the IPv4 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric.

The no form of this command reverts the offset value to 0.

Default

no ipv4-unicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.

Values

0 to 6777215

Platforms

All

ipv4-unicast-metric-offset

Syntax

ipv4-unicast-metric-offset offset-value

no ipv4-unicast-metric-offset

Context

[Tree] (config>router>isis>link-group>level ipv4-unicast-metric-offset)

Full Context

configure router isis link-group level ipv4-unicast-metric-offset

Description

This command sets the offset value for the IPv4 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric.

The no form of this command reverts the offset value to 0.

Default

no ipv4-unicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.

Values

0 to 6777215

Platforms

All

ipv6

ipv6

Syntax

[no] ipv6

Context

[Tree] (config>service>vprn>if ipv6)

[Tree] (config>service>ies>sub-if>lcl-addr-assign ipv6)

[Tree] (config>service>vprn>sub-if>grp-if ipv6)

[Tree] (config>service>vprn>sub-if ipv6)

[Tree] (config>service>vprn>sub-if>lcl-addr-assign ipv6)

[Tree] (config>service>ies>if ipv6)

[Tree] (config>service>ies>sub-if>grp-if ipv6)

[Tree] (config>service>ies>sub-if ipv6)

Full Context

configure service vprn interface ipv6

configure service ies subscriber-interface local-address-assignment ipv6

configure service vprn subscriber-interface group-interface ipv6

configure service vprn subscriber-interface ipv6

configure service vprn subscriber-interface local-address-assignment ipv6

configure service ies interface ipv6

configure service ies subscriber-interface group-interface ipv6

configure service ies subscriber-interface ipv6

Description

Commands in this context configure IPv6 parameters for the interface.

Platforms

All

  • configure service vprn interface ipv6
  • configure service ies interface ipv6

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface ipv6
  • configure service vprn subscriber-interface group-interface ipv6
  • configure service ies subscriber-interface local-address-assignment ipv6
  • configure service vprn subscriber-interface local-address-assignment ipv6
  • configure service vprn subscriber-interface ipv6
  • configure service ies subscriber-interface ipv6

ipv6

Syntax

[no] ipv6

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy>family ipv6)

Full Context

configure subscriber-mgmt bgp-peering-policy family ipv6

Description

This command configures Multiprotocol Border Gateway Protocol (MPBGP) support for the IPv6 address family.

The no form of this command removes the IPv6 configuration.

Default

no ipv6

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6

Syntax

ipv6 ipv6-filter-id

no ipv6

Context

[Tree] (config>service>template>epipe-sap-template>egress>filter ipv6)

[Tree] (config>service>template>epipe-sap-template>ingress>filter ipv6)

Full Context

configure service template epipe-sap-template egress filter ipv6

configure service template epipe-sap-template ingress filter ipv6

Description

This command associates an existing IPv6 filter policy with the template.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).

Parameters

ipv6-filter-id

Specifies the IPv6 filter policy. The filter ID must already exist within the created IPv6 filters.

Values

1 to 65535

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6

Syntax

ipv6 name

no ipv6

Context

[Tree] (config>service>template>epipe-sap-template>ingress>filter-name ipv6)

[Tree] (config>service>template>epipe-sap-template>egress>filter-name ipv6)

Full Context

configure service template epipe-sap-template ingress filter-name ipv6

configure service template epipe-sap-template egress filter-name ipv6

Description

This command associates an existing IP filter policy with the template.

Parameters

name

Specifies the IPv6 filter policy name, up to 64 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6

Syntax

ipv6 name

no ipv6

Context

[Tree] (config>service>template>vpls-sap-template>ingress>filter-name ipv6)

[Tree] (config>service>template>vpls-sap-template>egress>filter-name ipv6)

Full Context

configure service template vpls-sap-template ingress filter-name ipv6

configure service template vpls-sap-template egress filter-name ipv6

Description

This command associates an existing IP filter policy with the template.

Parameters

name

Specifies the IPv6 filter policy name, up to 64 characters.

Platforms

All

ipv6

Syntax

ipv6 max-paths [ebgp ebgp-max-paths] [ ibgp ibgp-max-paths] [restrict { same-neighbor-as | exact-as-path}] [unequal-cost]

no ipv6

Context

[Tree] (config>service>vprn>bgp>multi-path ipv6)

Full Context

configure service vprn bgp multi-path ipv6

Description

This command sets ECMP multipath parameters that apply only to the (unlabeled) IPv6 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  • The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).

  • The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.

  • If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.

  • The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.

  • The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64)

  • The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.

  • The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.

  • The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command removes IPv6-specific overrides.

Default

no ipv6

Parameters

max-paths

Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.

Values

1 to 64

egp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path-as

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

When enabled, the Alc-App-Prof-Str VSA is ignored in a radius Accept that enables portal redirection using this redirect policy. AA functionality will be disabled during portal authentication.

The no version of this command allows an Alc-App-Prof-Str to be present and will enable Application Assurance during portal authentication. In this case redirection rules defined in this policy are bypassed and it is assumed the AA function is configured for portal redirection.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>to-client-options ipv6)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>to-server-options ipv6)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>to-client-options ipv6)

Full Context

configure subscriber-mgmt local-user-db ipoe host to-client-options ipv6

configure subscriber-mgmt local-user-db ipoe host to-server-options ipv6

configure subscriber-mgmt local-user-db ppp host to-client-options ipv6

Description

This command enables the context to configure DHCPv6 options.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6

Syntax

ipv6

Context

[Tree] (config>subscr-mgmt>isa-filter ipv6)

Full Context

configure subscriber-mgmt isa-filter ipv6

Description

Commands in this context configure IPv6 parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6

Syntax

ipv6

Context

[Tree] (config>service>vprn>mvpn>red-source-list ipv6)

Full Context

configure service vprn mvpn red-source-list ipv6

Description

This command enables context to configure list of redundant IPv6 source prefixes for preferred source selection.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>service>vprn>pim>rp ipv6)

Full Context

configure service vprn pim rp ipv6

Description

This command enables access to the context to configure the rendezvous point (RP) of a PIM IPv6 protocol instance.

A Nokia IPv6 PIM router acting as an RP must respond to an IPv6 PIM register message specifying an SSM multicast group address by sending to the first hop router stop register message(s). It does not build an (S, G) shortest path tree toward the first hop router. An SSM multicast group address can be either from the SSM default range or from a multicast group address range that was explicitly configured for SSM.

Default

ipv6 RP enabled when IPv6 PIM is enabled.

Platforms

All

ipv6

Syntax

[no] ipv6

Context

[Tree] (config>router>ldp>if-params>if ipv6)

Full Context

configure router ldp interface-parameters interface ipv6

Description

Commands in this context configure IPv6 LDP parameters applied to the interface.

This command is not supported on the 7450 ESS.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>router>ldp>if-params ipv6)

Full Context

configure router ldp interface-parameters ipv6

Description

Commands in this context configure LDP interfaces and parameters applied to an IPv6 LDP interface.

This command is not supported on the 7450 ESS.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>router>ldp>targeted-session ipv6)

Full Context

configure router ldp targeted-session ipv6

Description

Commands in this context configure parameters applied to targeted sessions to all IPv6 LDP peers.

This command is not supported on the 7450 ESS.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>lcl-addr-assign ipv6)

[Tree] (config>service>vprn>if>sap>ipsec-gw>lcl-addr-assign ipv6)

Full Context

configure service ies interface sap ipsec-gw local-address-assignment ipv6

configure service vprn interface sap ipsec-gw local-address-assignment ipv6

Description

Commands in this context configure IPv6 local address assignment parameters for the IPsec gateway.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6

Syntax

ipv6

Context

[Tree] (config>router>pim>rp ipv6)

Full Context

configure router pim rp ipv6

Description

Commands in this context configure IPv6 parameters.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (debug>oam>build-packet>packet>field-override>header ipv6)

[Tree] (config>test-oam>build-packet>header ipv6)

Full Context

debug oam build-packet packet field-override header ipv6

configure test-oam build-packet header ipv6

Description

This command causes the associated header to be defined as an IPv6 header template and enters the context to define the IPv6 parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv6

Syntax

[no] ipv6

Context

[Tree] (config>cflowd>collector>export-filter>family ipv6)

Full Context

configure cflowd collector export-filter family ipv6

Description

This command filters IPv6 flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing IPv6 flow data to be sent to the associated collector.

Default

no ipv6

Platforms

All

ipv6

Syntax

[no] ipv6 ipv6-filter-id

Context

[Tree] (config>filter>system-filter ipv6)

Full Context

configure filter system-filter ipv6

Description

This command activates an IPv6 system filter policy. Once activated, all IPv6 ACL filter policies that chain to the system filter ( config>filter>ipv6-filter>chain-to-system-filter) will automatically execute system filter policy rules first.

The no form of the command deactivates the system filter policy.

Parameters

ipv6-filter-id

Specifies the existing IPv6 filter policy with scope system. This parameter can either be expressed as a decimal integer, or as an ASCII string of up to 64 characters in length.

Values

1 to 65535 or the filter policy name

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>router ipv6)

Full Context

configure router ipv6

Description

Commands in this context configure the IPv6 interface of the router.

Default

ipv6

Platforms

All

ipv6

Syntax

[no] ipv6

Context

[Tree] (config>router>if ipv6)

Full Context

configure router interface ipv6

Description

This command configures IPv6 for a router interface.

The no form of this command disables IPv6 on the interface.

Default

no ipv6

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (bof>autoconfigure ipv6)

Full Context

bof autoconfigure ipv6

Description

Commands in this context autoconfigure the IPv6 DHCP client.

Platforms

7450 ESS-7, 7750 SR-1, 7750 SR-7, 7750 SR-1e, 7750 SR-2e, 7750 SR-s

ipv6

Syntax

ipv6 ipv6-address

ipv6 auto-generate [vendor-id-value vendor-id]

no ipv6

Context

[Tree] (config>system>ned>prof>neip ipv6)

Full Context

configure system network-element-discovery profile neip ipv6

Description

This command configures the IPv6 NEIP for this profile. The NEIP can be configured manually or set to be automatically generated. If the NEIP is set to be automatically generated, the NEID is used for the subnet and host portion of the IPv6 address and the vendor ID value is set to 140 by default. The vendor ID value can be configured.

The no form of this command removes the IPv6 address association for this profile.

Default

no ipv6

Parameters

ipv6-address

Specifies the IPv6 address of the NEIP.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

auto-generate

Specifies that the NEIP is automatically generated using the NEID.

vendor-id-value

Specifies the vendor ID value.

Values

1 to 255

Platforms

All

ipv6

Syntax

ipv6 send send-limit receive [ none]

ipv6 send send-limit

no ipv6

Context

[Tree] (config>router>bgp>group>neighbor>add-paths ipv6)

[Tree] (config>router>bgp>add-paths ipv6)

[Tree] (config>router>bgp>group>add-paths ipv6)

Full Context

configure router bgp group neighbor add-paths ipv6

configure router bgp add-paths ipv6

configure router bgp group add-paths ipv6

Description

This command configures the add-paths capability for unlabeled IPv6 unicast routes. By default, add-paths is not enabled for unlabeled IPv6 unicast routes.

The maximum number of unlabeled unicast paths per IPv6 prefix to send is the configured send limit, which is a mandatory parameter. The capability to receive multiple unlabeled IPv6 unicast paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command the receive capability is enabled by default.

The no form of this command disables add-paths support for unlabeled IPv6 unicast routes, causing sessions established using add-paths for unlabeled IPv6 unicast to go down and come back up without the add-paths capability.

Default

no ipv6

Parameters

send send-limit

Specifies the maximum number of paths per unlabeled IPv6 unicast prefix that are allowed to be advertised to add-paths peers. (The actual number of advertised routes may be less.) If the value is none, the router does not negotiate the send capability with respect to IPv6 AFI/SAFI. If the value is multipaths, then BGP advertises all the used BGP multipaths for each IPv6 NLRI if the peer has signaled support to receive multiple add-paths.

Values

1 to 16, none, multipaths

receive

Specifies the router negotiates to receive multiple unlabeled unicast routes per IPv6 prefix.

none

Specifies the router does not negotiate to receive multiple unlabeled unicast routes per IPv6 prefix.

Platforms

All

ipv6

Syntax

ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict { same-neighbor-as | exact-as-path}] [unequal-cost]

no ipv6

Context

[Tree] (config>router>bgp>multi-path ipv6)

Full Context

configure router bgp multi-path ipv6

Description

This command sets ECMP multipath parameters that apply only to the (unlabeled) IPv6 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

The no form of this command removes IPv6-specific overrides.

Default

no ipv6

Parameters

max-paths

Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.

Values

1 to 64

ebgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

ipv6

Syntax

[no] ipv6

Context

[Tree] (config>router>isis>traffic-engineering-options ipv6)

Full Context

configure router isis traffic-engineering-options ipv6

Description

This command enables the advertisement of IPv6 TE in the IS-IS instance. When this command is enabled, traffic engineering behavior with IPv6 TE links is enabled. This IS-IS instance automatically begins advertising the new RFC 6119 IPv6 and TE TLVs and sub-TLVs.

The no form of this command disables IPv6 TE in this ISIS instance.

Default

no ipv6

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>router>if>if-attr>delay>dyn>twamp ipv6)

Full Context

configure router interface if-attribute delay dynamic twamp-light ipv6

Description

Commands in this context select, enable, and specify the IPv6 addressing used to carry the TWAMP Light test packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv6

Syntax

ipv6

Context

[Tree] (config>test-oam>icmp ipv6)

Full Context

configure test-oam icmp ipv6

Description

Commands in this context configure IPv6 traceroute packet handling.

Platforms

All

ipv6

Syntax

ipv6

Context

[Tree] (config>aaa>isa-radius-plcy>servers ipv6)

Full Context

configure aaa isa-radius-policy servers ipv6

Description

Commands in this context configure how to communicate with IPv6 RADIUS servers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-address

ipv6-address

Syntax

ipv6-address ipv6-address

no ipv6-address

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-address)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-address)

Full Context

configure subscriber-mgmt local-user-db ppp host ipv6-address

configure subscriber-mgmt local-user-db ipoe host ipv6-address

Description

This command configures static DHCPv6 IA-NA address for the host. This address is delegated to the client as /128 via DHCPv6 proxy function within the router. This IP address must not be part of any DHCP pool within internal DHCP server.

The no form of this command removes the IPv6 address from the host configuration.

Parameters

ipv6-address

Specifies the IPv6 address.

Values

ipv6-address:

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-address

Syntax

ipv6-address ipv6-address

no ipv6-address

Context

[Tree] (config>service>vprn>radius-proxy>server>wlan-gw ipv6-address)

[Tree] (config>router>radius-proxy>server>wlan-gw ipv6-address)

Full Context

configure service vprn radius-proxy server wlan-gw ipv6-address

configure router radius-proxy server wlan-gw ipv6-address

Description

This command configures the IPv6 address of the distributed RADIUS proxy server for use by the access points.

The no form of this command removes the address from the configuration.

Parameters

ipv6-address

Specifies the destination IPv6 address of the RADIUS proxy server.

Values

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-address

Syntax

[no] framed-ipv6-address

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute ipv6-address)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute ipv6-address

Description

This command enables the generation of the ipv6-address RADIUS attribute.

The no form of this command disables the generation of the ipv6-address RADIUS attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-address

Syntax

[no] ipv6-address

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes ipv6-address)

Full Context

configure aaa isa-radius-policy auth-include-attributes ipv6-address

Description

This attribute defines if the ipv6 address of the UE is present during authentication if the datatrigger packet is IPv6.

Default

no ipv6-address

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-address

Syntax

[no] ipv6-address

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes ipv6-address)

Full Context

configure aaa isa-radius-policy acct-include-attributes ipv6-address

Description

If an active IA_NA lease exists, this attribute defines if the IA_NA address of the UE is present in accounting.

Default

no ipv6-address

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-address-prefix-length

ipv6-address-prefix-length

Syntax

ipv6-address-prefix-length IPv6-prefix-length

no ipv6-address-prefix-length

Context

[Tree] (config>app-assure>group>transit-ip-policy ipv6-address-prefix-length)

Full Context

configure application-assurance group transit-ip-policy ipv6-address-prefix-length

Description

This command configures a transit IP policy IPv6 address prefix length.

Default

no ipv6-address-prefix-length

Parameters

IPv6-prefix-length

Specifies the prefix length of IPv6 addresses in this policy for both static and dynamic transits.

Values

32 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-adjacency-sid

ipv6-adjacency-sid

Syntax

ipv6-adjacency-sid label value

no ipv6-adjacency-sid

Context

[Tree] (config>router>isis>interface ipv6-adjacency-sid)

Full Context

configure router isis interface ipv6-adjacency-sid

Description

This command allows a static value to be assigned to an IPv6 adjacency SID in IS-IS segment routing.

The label option specifies that the value is assigned to an MPLS label.

The no form of this command removes the adjacency SID.

Parameters

value

Specifies the adjacency SID label.

Values

18432 to 5248, 1048575 (FP4 or FP5 only)

Platforms

All

ipv6-criteria

ipv6-criteria

Syntax

[no] ipv6-criteria

Context

[Tree] (config>qos>sap-ingress ipv6-criteria)

[Tree] (config>qos>sap-egress ipv6-criteria)

Full Context

configure qos sap-ingress ipv6-criteria

configure qos sap-egress ipv6-criteria

Description

IPv6 criteria-based SAP egress or ingress policies are used to select the appropriate ingress or egress queue or policer and corresponding forwarding class and packet profile for matched traffic.

This command is used to enter the node to create or edit policy entries that specify IPv6 criteria such as IP quintuple lookup or DiffServ code point.

The OS implementation will exit on the first match found and execute the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit.

The no form of this command deletes all the entries specified under this node. When ipv6-criteria entries are removed from a SAP ingress policy, the ipv6-criteria is removed from all services where that policy is applied.

Platforms

All

ipv6-criteria

Syntax

[no] ipv6-criteria

Context

[Tree] (config>qos>network>ingress ipv6-criteria)

[Tree] (config>qos>network>egress ipv6-criteria)

Full Context

configure qos network ingress ipv6-criteria

configure qos network egress ipv6-criteria

Description

IPv6 criteria-based network ingress and egress policies are used to select the appropriate ingress or egress queue or policer, and the corresponding forwarding class and packet profile for matched traffic. This command is used to enter the context to create or edit policy entries that specify IPv6 criteria such as IP quintuple lookup or DSCP.

The 7750 SR OS implementation will exit on the first match found and execute the actions in accordance with the accompanying action command. Entries must be sequenced correctly from most to least explicit.

The ingress classification only applies to the outer IPv6 header of non-tunneled traffic.

Attempting to apply a network QoS policy containing an ipv6-criteria statement to any object except a network IP interface will result in an error.

The no form of this command deletes all entries specified under this node. When IP criteria entries are removed from a network policy, the IPv6 criteria are removed from all network interfaces to which that policy is applied.

Platforms

All

ipv6-criteria

Syntax

[no] ipv6-criteria

Context

[Tree] (config>service>ies>if>sap>ingress>criteria-overrides ipv6-criteria)

[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides ipv6-criteria)

[Tree] (config>service>cpipe>sap>ingress>criteria-overrides ipv6-criteria)

[Tree] (config>service>ipipe>sap>ingress>criteria-overrides ipv6-criteria)

[Tree] (config>service>epipe>sap>ingress>criteria-overrides ipv6-criteria)

[Tree] (config>service>vpls>sap>ingress>criteria-overrides ipv6-criteria)

Full Context

configure service ies interface sap ingress criteria-overrides ipv6-criteria

configure service vprn interface sap ingress criteria-overrides ipv6-criteria

configure service cpipe sap ingress criteria-overrides ipv6-criteria

configure service ipipe sap ingress criteria-overrides ipv6-criteria

configure service epipe sap ingress criteria-overrides ipv6-criteria

configure service vpls sap ingress criteria-overrides ipv6-criteria

Description

Commands in this context configure IPv6 criteria overrides.

The no form of this command removes any existing IPv6 overrides from the SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv6-delegated-prefix

ipv6-delegated-prefix

Syntax

ipv6-delegated-prefix ipv6-prefix/prefix-length

no ipv6-delegated-prefix

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-delegated-prefix)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-delegated-prefix)

Full Context

configure subscriber-mgmt local-user-db ipoe host ipv6-delegated-prefix

configure subscriber-mgmt local-user-db ppp host ipv6-delegated-prefix

Description

This command configures static DHCPv6 IA-PD prefix for the host. This prefix can be further delegated by the host itself to its clients. The prefix length is restricted to 48 to 64 bits. This prefix must not be part of any DHCP pool within internal DHCP server.

Parameters

ipv6-address

Specifies the IPv6 address.

Values

ipv6-address:

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

48 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-delegated-prefix-length

ipv6-delegated-prefix-length

Syntax

ipv6-delegated-prefix-length bits

no ipv6-delegated-prefix-length

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-delegated-prefix-length)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-delegated-prefix-length)

Full Context

configure subscriber-mgmt local-user-db ppp host ipv6-delegated-prefix-length

configure subscriber-mgmt local-user-db ipoe host ipv6-delegated-prefix-length

Description

This command allows configuration of delegated prefix length via local user database.

The no form of this command reverts to the default.

Parameters

bits

Specifies the delegated prefix length, in bits.

Values

48 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-delegated-prefix-pool

ipv6-delegated-prefix-pool

Syntax

ipv6-delegated-prefix-pool pool-name

no ipv6-delegated-prefix-pool

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-delegated-prefix-pool)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-delegated-prefix-pool)

Full Context

configure subscriber-mgmt local-user-db ipoe host ipv6-delegated-prefix-pool

configure subscriber-mgmt local-user-db ppp host ipv6-delegated-prefix-pool

Description

This command configures the pool name that is used in DHCPv6 server for DHCPv6 IA-PD prefix selection.

The no form of this command removes the pool name from the configuration.

Parameters

pool-name

Specifies the pool name, up to 32 characters, to be assigned to the delegated prefix pool.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-destination-discovery

ipv6-destination-discovery

Syntax

ipv6-destination-discovery

Context

[Tree] (config>test-oam>link-meas>template>twl ipv6-destination-discovery)

Full Context

configure test-oam link-measurement measurement-template twamp-light ipv6-destination-discovery

Description

Commands in this context configure IPv6 discovery of a directly-connected IPv6 peer address.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv6-eh

ipv6-eh

Syntax

ipv6-eh {max | limited}

no ipv6-eh

Context

[Tree] (config>system>ip ipv6-eh)

Full Context

configure system ip ipv6-eh

Description

This command defines the maximum number of IPv6 extension headers parsed in the line cards. The system parses up to six extension headers when ipv6-eh max is configured.

When the ipv6-eh limited command is configured, the system does not parse IPv6 extension headers and provides consistent ipv6-filter matches for the next-header value found in the IPv6 packet header. LAG and ECMP hashing of IPv6 packets with extension headers is limited to Layer 3 IP addresses. Layer 4 ports, TEID, and SPI values are not available for hashing. MLD snooping on Layer 2 services is also not supported in this mode.

The no form of this command reverts to the default value.

Default

ipv6-eh max

Parameters

max

Specifies that the maximum number of IPv6 extension headers is parsed in the line cards.

limited

Specifies that the system does not parse IPv6 extension headers and provides consistent ipv6-filter matches for the next-header value found in the IPv6 packet header.

Platforms

All

ipv6-error

ipv6-error

Syntax

[no] ipv6-error

Context

[Tree] (debug>router>ip>event ipv6-error)

Full Context

debug router ip event ipv6-error

Description

This command enables debugging for IPv6 error events.

The no form of this command disables debugging for IPv6 error events

Platforms

All

ipv6-exception

ipv6-exception

Syntax

ipv6-exception exception

no ipv6-exception

Context

[Tree] (config>router>if>ipsec ipv6-exception)

[Tree] (config>service>vprn>if>ipsec ipv6-exception)

[Tree] (config>service>ies>if>ipsec ipv6-exception)

Full Context

configure router interface ipsec ipv6-exception

configure service vprn interface ipsec ipv6-exception

configure service ies interface ipsec ipv6-exception

Description

This command configures the IPv6 filter exception for an IPsec-secured IPv6 interface. When an IPv6 filter exception is added, clear text packets that match the exception criteria in the IPv6 filter exception policy can ingress the interface, even when IPsec is enabled on that interface.

The no form of this command removes the IPv6 filter exception.

Default

no ipv6-exception

Parameters

exception

Specifies the IPv6 filter exception that is used to bypass encryption.

Values

exception-id: 1 to 65535

exception-name: An existing IPv6 filter exception name up to 64 characters.

Platforms

VSR

ipv6-exception

Syntax

ipv6-exception exception-id [name exception-name] [create]

no ipv6-exception {exception-id | exception-name}

Context

[Tree] (config>filter ipv6-exception)

Full Context

configure filter ipv6-exception

Description

Commands in this context configure the specified IPv6 exception filter.

The no form of the command deletes the IPv6 exception filter.

Parameters

exception-id

Specifies the IPv6 filter exception ID expressed as a decimal integer.

Values

1 to 65535

name exception-name

Specifies the IPv6 filter exception as a name, up to 64 characters.

create

This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.

Platforms

VSR

ipv6-filter

ipv6-filter

Syntax

ipv6-filter ipv6-filter-id

no ipv6-filter [force]

Context

[Tree] (config>subscr-mgmt>sla-profile>egress ipv6-filter)

[Tree] (config>subscr-mgmt>sla-profile>ingress ipv6-filter)

Full Context

configure subscriber-mgmt sla-profile egress ipv6-filter

configure subscriber-mgmt sla-profile ingress ipv6-filter

Description

This command configures an egress or ingress IPv6 filter.

The no form of this command reverts to the default.

Parameters

ipv6-filter-id

Specifies an existing IPv6 filter policy ID.

Values

1 to 65535, or name, up to 64 characters

force

Forces the exclusion of the IPv6 filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-filter

Syntax

ipv6-filter ipv6-filter-id entry entry-id [entry-id]

no ipv6-filter ipv6-filter-id [entry entry-id]

Context

[Tree] (config>mirror>mirror-source ipv6-filter)

Full Context

configure mirror mirror-source ipv6-filter

Description

This command enables mirroring of packets that match specific entries in an existing IPv6 filter.

The ipv6-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.

The IPv6 filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IPv6 filter does not exist, an error will occur. If the filter exists but has not been associated with a SAP or IPv6 interface, an error is not generated but mirroring will not be enabled (there are no packets to mirror). Once the IPv6 filter is defined to a SAP or IPv6 interface, mirroring is enabled.

If the IPv6 filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination prior to any ingress packet modifications.

If the IPv6 filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.

An entry-id within an IPv6 filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.

By default, no packets matching any IPv6 filters are mirrored. Mirroring of IPv6 filter entries must be explicitly defined.

The no ipv6-filter command, without the entry keyword, removes mirroring on all entry-id’s within the ip-filter-id.

When the no form of this command is executed with the entry keyword and one or more entry-id’s, mirroring that entry-id list is terminated within the ip-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being mirrored, no error will occur for that entry-id and the command will execute normally.

Parameters

ipv6-filter-id

Specifies the IPv6 filter ID whose entries are mirrored. If the ipv6-filter-id does not exist, an error will occur and the command will not execute. Mirroring of packets will commence once the ipv6-filter-id is defined on a SAP or IPv6 interface.

entry-id

Specifies the IP filter entries to use as match criteria for packet mirroring. The entry keyword begins a list of entry-id’s for mirroring. Multiple entry-id entries may be specified with a single command. Each entry-id must be separated by a space.

If an entry-id does not exist within the IP filter, an error occurs and the command will not execute.

If the filter’s entry-id is renumbered within the IP filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.

Platforms

All

ipv6-filter

Syntax

[no] ipv6-filter ipv6-filter-id

Context

[Tree] (config>li>li-filter-block-reservation>li-reserved-block ipv6-filter)

Full Context

configure li li-filter-block-reservation li-reserved-block ipv6-filter

Description

This command configures to which normal IPv6 address filters the entry reservation is applied.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).

The no form of this command removes the IPv6 filter ID from the configuration.

Parameters

ipv6-filter-id

Specifies the filter identification identifies the normal IPv6 address filters.

Values

{filter-id | filter-name}

filter-id:

1 to 65535

filter-name:

up to 64 characters (filter-name is an alias for input only. The filter-name gets replaced with an id automatically by SR OS in the configuration).

Platforms

All

ipv6-filter

Syntax

[no] ipv6-filter ipv6-filter-id

Context

[Tree] (config>li>li-fltr-assoc>li-ipv6-fltr ipv6-filter)

Full Context

configure li li-filter-associations li-ipv6-filter ipv6-filter

Description

This command specifies the IP filter(s) into which the entries from the specified li-ipv6-filter are to be inserted. The li-ipv6-filter and ipv6-filter must already exist before the association is made. If the normal IPv6 filter is deleted then the association is also removed (and not re-created if the IPv6 filter comes into existence in the future).

The no form of this command removes the IPv6 filter ID from the configuration.

Parameters

ipv6-filter-id

Specifies an existing IPv6 filter policy.

Values

filter-id — 1 to 65535

filter-name — up to 64 characters

Platforms

All

ipv6-filter

Syntax

ipv6-filter ipv6-filter-id entry entry-id [entry-id] [intercept-id intercept-id [intercept-id]] [ session-id session-id [session-id]]

no ipv6-filter ipv6-filter-id [entry entry-id [entry-id]]

Context

[Tree] (config>li>li-source ipv6-filter)

Full Context

configure li li-source ipv6-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing IPv6 filter.

The ipv6-filter command directs packets which match the defined list of entry IDs to be intercepted to the destination referenced by the mirror-dest-service-id of the mirror-source.

The IPv6 filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IPv6 filter does not exist, an error will occur. If the filter exists but has not been associated with a SAP or IPv6 interface, an error is not generated but mirroring will not be enabled (there are no packets to mirror). Once the IPv6 filter is defined to a SAP, IPv6 interface or subscriber, mirroring is enabled (subscriber mirroring applies only to the 7750 SR).

If the IPv6 filter is defined as ingress, only ingress packets are intercepted. Ingress packets are sent to the destination prior to any ingress packet modifications.

If the IPv6 filter is defined as egress, only egress packets are intercepted. Egress packets are sent to the destination after all egress packet modifications.

An entry-id within an IPv6 filter can only be intercepted to a single destination. If the same entry-id is defined multiple times, an error occurs and only the first definition is in effect.

By default, no packets matching any IPv6 filters are intercepted. Interception of IPv6 filter entries must be explicitly defined.

When the no command is executed with the entry keyword and one or more entry-id’s, interception of that list of entry-id’s is terminated within the ipv6-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being intercepted, no error will occur for that entry-id and the command will execute normally.

Parameters

ipv6-filter-id

Specifies the IPv6 filter ID whose entries are to be intercepted. If the ipv6-filter-id does not exist, an error will occur and the command will not execute. Intercepting packets will commence when the ipv6-filter-id is defined on a SAP or IPv6 interface.

entry-id

Specifies the IPv6 filter entries to use as match criteria for lawful intercept (LI). The entry keyword begins a list of entry-id’s for interception. Multiple entry-id entries can be specified with a single command. Each entry-id must be separated by a space. Up to <N><n> 8 entry IDs may be specified in a single command.

If an entry-id does not exist within the IPv6 filter, an error occurs and the command will not execute.

If the filter’s entry-id is renumbered within the IPv6 filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.

intercept-id

Specifies the intercept ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept ID can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept ID configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre routable encapsulation, no intercept-id is inserted and none should be specified against the li-source entries.

Values

1 to 4294967295 (32b) For nat li-source entries that are using a mirror service that is not configured with routable encap

Values

1 to 1,073,741,824 (30b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encap and no direction-bit.

Values

1 to 536,870,912 (29b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encap and with the direction-bit enabled.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap ( config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encapsulation, a session-id field (as part of the routable encapsulation) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre routable encap, no session-id is inserted and none should be specified against the li-source entries.

Values

1 to 4,294,967,295 (32b)

Platforms

All

ipv6-filter

Syntax

ipv6-filter filter-id [name filter-name] [create]

no ipv6-filter {filter-id | filter-name}

Context

[Tree] (config>filter ipv6-filter)

Full Context

configure filter ipv6-filter

Description

Commands in this context configure the specified IPv6 filter policy.

The no form of the command deletes the IPv6 filter policy. A filter policy cannot be deleted until it is removed from all objects where it is applied.

Parameters

filter-id

Specifies the IPv6 filter policy ID expressed as a decimal integer.

Values

1 to 65535

name

Configures an optional filter name, up to 64 characters in length, to a given filter. This filter name can then be used in configuration references, display, and show commands throughout the system. A defined filter name can help the service provider or administrator to identify and manage filters within the SR OS platforms.

To create a filter, you must assign a filter ID, however, after it is created, either the filter ID or filter name can be used to identify and reference a filter.

If a name is not specified at creation time, then SR OS assigns a string version of the filter-id as the name.

Filter names may not begin with an integer (0 to 9).

Values

name: 64 characters maximum

filter-name

Specifies a string of up to 64 characters uniquely identifying this IPv6 filter policy.

create

This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.

Platforms

All

ipv6-filter

Syntax

[no] ipv6-filter

Context

[Tree] (config>system>security>mgmt-access-filter ipv6-filter)

Full Context

configure system security management-access-filter ipv6-filter

Description

Commands in this context configure management access IPv6 filter parameters. This command only applies to the 7750 SR and 7950 XRS.

Platforms

All

ipv6-filter

Syntax

[no] ipv6-filter

Context

[Tree] (config>system>security>cpm-filter ipv6-filter)

Full Context

configure system security cpm-filter ipv6-filter

Description

Commands in this context configure CPM IPv6 filter parameters. This command applies only to the 7750 SR and 7950 XRS.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv6-filter

Syntax

ipv6-filter src-filter-id [src-entry src-entry-id] to dst-filter-id [ dst-entry dst-entry-id] [overwrite]

Context

[Tree] (config>filter>copy ipv6-filter)

Full Context

configure filter copy ipv6-filter

Description

This command copies an existing filter entry for a specific filter ID to another filter ID. The command is a configuration level maintenance tool used to create new entries using an existing filter policy. If overwrite is not specified, an error will occur if the destination filter entry exists.

Parameters

src-filter-id

Identifies the source filter policy from which the copy command will attempt to copy. The filter policy must exist within the context of the preceding keyword ( ipv6-filter).

dst-filter-id

Identifies the destination filter policy to which the copy command will attempt to copy. If the overwrite keyword is not specified, the filter entry ID cannot already exist in the destination filter policy. If the overwrite keyword is present, the destination entry ID may or may not exist.

overwrite

Specifies that the destination filter entry may exist. If it does, everything in the existing destination filter entry will be completely overwritten with the contents of the source filter entry. If the destination filter entry exists, either overwrite must be specified or an error message will be returned. If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.

Platforms

All

ipv6-filter-max-size

ipv6-filter-max-size

Syntax

ipv6-filter-max-size {value | default}

Context

[Tree] (config>service>vprn>flowspec ipv6-filter-max-size)

Full Context

configure service vprn flowspec ipv6-filter-max-size

Description

This command configures the maximum number of IPv6 FlowSpec routes or rules that can be embedded into an ingress IPv6 filter policy for a specified routing instance. Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and "offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv6 filter that embeds IPv6 FlowSpec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv6 FlowSpec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by FlowSpec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default

ipv6-filter-max-size default

Parameters

value

The maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy.

Values

0 to 262143

default

Configures the maximum size as 512.

Platforms

All

ipv6-filter-max-size

Syntax

ipv6-filter-max-size {value | default}

Context

[Tree] (config>router>flowspec ipv6-filter-max-size)

Full Context

configure router flowspec ipv6-filter-max-size

Description

This command configures the maximum number of IPv6 FlowSpec routes or rules that can be embedded into the auto-created embedded filter (fSpec- X). FlowSpec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between "embedding offset + 1” and "embedding offset + ip-filter-max-size”.

The sum of the ipv6-filter-max-size value parameter and the highest offset in any IPv6 filter that embeds IPv6 FlowSpec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ipv6-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv6 FlowSpec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by FlowSpec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default

ipv6-filter-max-size 512

Parameters

value

Specifies the maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy.

Values

0 to 262143

default

Keyword to configure the maximum size as 512.

Platforms

All

ipv6-filter-name

ipv6-filter-name

Syntax

[no] ipv6-filter-name filter-name

Context

[Tree] (config>li>li-filter-block-reservation>li-reserved-block ipv6-filter-name)

Full Context

configure li li-filter-block-reservation li-reserved-block ipv6-filter-name

Description

This command configures an IPv6 filter in which the reservation is done through name.

The no form of this command removes the IPv6 filter name.

Parameters

filter-name

Specifies the IPv6 filter name, up to 64 characters.

Platforms

All

ipv6-filter-name

Syntax

[no] ipv6-filter-name filter-name

Context

[Tree] (config>li>li-fltr-assoc>li-ipv6-fltr ipv6-filter-name)

Full Context

configure li li-filter-associations li-ipv6-filter ipv6-filter-name

Description

This command associates an IPv6 filter with a specified LI IPv6 filter through its name.

The no form of this command removes the IPv6 filter name.

Parameters

filter-name

Specifies the IPv6 filter name, up to 64 characters.

Platforms

All

ipv6-fragment

ipv6-fragment

Syntax

ipv6-fragment

Context

[Tree] (config>test-oam>build-packet>header ipv6-fragment)

Full Context

configure test-oam build-packet header ipv6-fragment

Description

This command causes the associated header to be defined as an IPv6 fragment header template.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ipv6-lease-times

ipv6-lease-times

Syntax

[no] ipv6-lease-times

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-lease-times)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-lease-times)

Full Context

configure subscriber-mgmt local-user-db ipoe host ipv6-lease-times

configure subscriber-mgmt local-user-db ppp host ipv6-lease-times

Description

Commands in this context configure lease times for DHCPv6.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-mtu

ipv6-mtu

Syntax

ipv6-mtu ipv6-mtu

no ipv6-mtu

Context

[Tree] (config>service>vprn>nat>inside>nat64 ipv6-mtu)

[Tree] (config>router>nat>inside>nat64 ipv6-mtu)

Full Context

configure service vprn nat inside nat64 ipv6-mtu

configure router nat inside nat64 ipv6-mtu

Description

This command sets the size of the IPv6 downstream packet in NAT64. This packet is translated from IPv4.

The no form of the command reverts to the default.

Default

ipv6-mtu 1520

Parameters

ipv6-mtu

Specifies the IPv6 MTU.

Values

1280 to 9212

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-multicast

ipv6-multicast

Syntax

[no] ipv6-multicast

Context

[Tree] (config>router>isis>multi-topology ipv6-multicast)

Full Context

configure router isis multi-topology ipv6-multicast

Description

This command enables support for the IPv6 topology (MT4) within the associate IS-IS instance.

The no form of this command disables support for the IPv6 topology (MT4) within the associated IS-IS instance.

Default

no ipv6-multicast

Platforms

All

ipv6-multicast-disable

ipv6-multicast-disable

Syntax

[no] ipv6-multicast-disable

Context

[Tree] (config>service>vpls>pim-snooping ipv6-multicast-disable)

Full Context

configure service vpls pim-snooping ipv6-multicast-disable

Description

This command disables PIM snooping for IPv6 multicast traffic within a VPLS service.

The no form of this command enables PIM snooping for IPv6 multicast traffic within a VPLS service. To fully remove PIM snooping from a VPLS service it is necessary to issue the no pim-snooping command.

Default

ipv6-multicast-disable

Platforms

All

ipv6-multicast-disable

Syntax

ipv6-multicast-disable

Context

[Tree] (config>service>vprn>pim ipv6-multicast-disable)

[Tree] (config>service>vprn>pim>if ipv6-multicast-disable)

Full Context

configure service vprn pim ipv6-multicast-disable

configure service vprn pim interface ipv6-multicast-disable

Description

This command administratively disables/enables PIM operation for IPv6.

Default

ipv6-multicast-disable (config>service>vprn>pim)

no ipv6-multicast-disable (config>service>vprn>pim>if)

Platforms

All

ipv6-multicast-disable

Syntax

[no] ipv6-multicast-disable

Context

[Tree] (config>router>pim ipv6-multicast-disable)

[Tree] (config>router>pim>interface ipv6-multicast-disable)

Full Context

configure router pim ipv6-multicast-disable

configure router pim interface ipv6-multicast-disable

Description

This command administratively enables PIM operation for IPv6.

IPv6 multicast must be enabled to enable MLDP in-band signaling for IPv6 PIM joins; see config>router>pim>interface p2mp-ldp-tree-join.

The no form of this command disables the PIM operation for IPv6.

Default

ipv6-multicast-disable

Platforms

All

ipv6-multicast-disable

Syntax

[no] ipv6-multicast-disable

Context

[Tree] (config>router>isis>interface ipv6-multicast-disable)

Full Context

configure router isis interface ipv6-multicast-disable

Description

This command disables IS-IS IPv6 multicast routing for the interface.

The no form of this command enables IS-IS IPv6 multicast routing for the interface.

Platforms

All

ipv6-multicast-metric

ipv6-multicast-metric

Syntax

ipv6-multicast-metric metric

no ipv6-multicast-metric

Context

[Tree] (config>router>isis>if>level ipv6-multicast-metric)

Full Context

configure router isis interface level ipv6-multicast-metric

Description

This command configures the IS-IS interface metric for IPv6 multicast.

The no form of this command removes the metric from the configuration.

Default

no ipv6-multicast-metric

Parameters

metric

Specifies the IS-IS interface metric for IPv6 multicast.

Values

1 to 16777215

Platforms

All

ipv6-multicast-metric-offset

ipv6-multicast-metric-offset

Syntax

ipv6-multicast-metric-offset offset-value

no ipv6-multicast-metric-offset

Context

[Tree] (config>router>isis>link-group>level ipv6-multicast-metric-offset)

Full Context

configure router isis link-group level ipv6-multicast-metric-offset

Description

This command sets the offset value for the IPv6 multicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv6 multicast topology.

The no form of this command reverts the offset value to 0.

Default

no ipv6-multicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold

Values

0 to 6777215

Platforms

All

ipv6-multicast-routing

ipv6-multicast-routing

Syntax

ipv6-multicast-routing {native | mt}

[no] ipv6-multicast-routing

Context

[Tree] (config>router>isis ipv6-multicast-routing)

Full Context

configure router isis ipv6-multicast-routing

Description

The multicast RTM is used for Reverse Path Forwarding checks. This command controls which IS-IS topology is used to populate the IPv6 multicast RTM.

The no form of this command results in none of the IS-IS routes being populated in the IPv4 multicast RTM and would be used if multicast is configured to use the unicast RTM for the RPF check.

Default

ipv6-multicast-routing native

Parameters

native

Causes IPv6 routes from the MT0 topology to be added to the multicast RTM for RPF checks.

mt

Causes IPv6 routes from the MT3 topology to be added to the multicast RTM for RPF checks.

Platforms

All

ipv6-node-sid

ipv6-node-sid

Syntax

ipv6-node-sid index index-value [clear-n-flag]

ipv6-node-sid label label-value [clear-n-flag]

no ipv6-node-sid

Context

[Tree] (config>router>isis>interface ipv6-node-sid)

Full Context

configure router isis interface ipv6-node-sid

Description

This command assigns a node SID index or label value to the prefix representing the primary address of an IPv6 network interface of type loopback. Only a single node SID can be assigned to an IPv6 interface. When an IPv6 interface has multiple global addresses, the primary address is always the first one in the list, as displayed by the interface info command.

The command fails if the network interface is not of loopback type or if the interface is defined in an IES or a VPRN context. Assigning the same SID index/label value to the same interface in two different IGP instances is not allowed within the same node.

The value of the label or index SID is taken from the range configured for this IGP instance. When using the global mode of operation, a new segment routing module checks that the same index or label value cannot be assigned to more than one loopback interface address. When using the per-instance mode of operation, this check is not required since the index and thus label ranges of the various IGP instance are not allowed to overlap.

The clear-n-flag option allows the user to clear the N-flag (node-sid flag) in an IS-IS prefix SID sub-TLV originated for the IPv6 prefix of a loopback interface on the system.

By default, the prefix SID sub-TLV for the prefix of a loopback interface is tagged as a node SID, meaning that it belongs to this node only. However, when the user wants to configure and advertise an anycast SID using the same loopback interface prefix on multiple nodes, you must clear the N-flag to assure interoperability with third-party implementations, which may perform a strict check on the receiving end and drop duplicate prefix SID sub-TLVs when the N-flag is set.

The SR OS implementation is relaxed on the receiving end and accepts duplicate prefix SIDs with the N-flag set or cleared. SR OS will resolve to the closest owner, or owners if ECMP is configured, of the prefix SID according to its cost.

Default

no ipv6-node-sid

Parameters

index-value

Specifies the index value.

Values

0 to 4294967295

label-value

Specifies the label value.

Values

0 to 4294967295

clear-n-flag

Clears the node SID flag.

Default

no clear-n-flag

Platforms

All

ipv6-overall

ipv6-overall

Syntax

ipv6-overall max-nr-of-hosts

no ipv6-overall

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-overall)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-overall)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv6-overall

configure subscriber-mgmt sub-profile host-limits ipv6-overall

Description

This command configures the maximum number of IPv6 hosts per SLA profile instance or subscriber.

The no form of this command removes the maximum number of IPv6 hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-pd-ipoe-dhcp

ipv6-pd-ipoe-dhcp

Syntax

ipv6-pd-ipoe-dhcp max-nr-of-hosts

no ipv6-pd-ipoe-dhcp

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-pd-ipoe-dhcp)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-pd-ipoe-dhcp)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv6-pd-ipoe-dhcp

configure subscriber-mgmt sub-profile host-limits ipv6-pd-ipoe-dhcp

Description

This command configures the maximum number of IPv6 IPoE DHCP Prefix Delegation hosts (IA-PD) per SLA profile instance or per subscriber.

Note:

Prefix delegation hosts that are modeled as a managed route do not count against this limit.

The no form of this command removes the maximum number of IPv6 IPoE DHCP Prefix Delegation hosts (IA-PD) limit.

Parameters

max-nr-of-hosts

Specifies the total number of IPv6 IPoE DHCP Prefix Delegation hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-pd-overall

ipv6-pd-overall

Syntax

ipv6-pd-overall max-nr-of-hosts

no ipv6-pd-overall

Context

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-pd-overall)

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-pd-overall)

Full Context

configure subscriber-mgmt sub-profile host-limits ipv6-pd-overall

configure subscriber-mgmt sla-profile host-limits ipv6-pd-overall

Description

This command configures the maximum number of IPv6 DHCP Prefix Delegation hosts (IA-PD) per SLA profile instance or per subscriber.

Note:

Prefix delegation hosts that are modeled as a managed route do not count against this limit.

The no form of this command removes the maximum number of IPv6 Prefix Delegation hosts (IA-PD) limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 Prefix Delegation hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-pd-ppp-dhcp

ipv6-pd-ppp-dhcp

Syntax

ipv6-pd-ppp-dhcp max-nr-of-hosts

no ipv6-pd-ppp-dhcp

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-pd-ppp-dhcp)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-pd-ppp-dhcp)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv6-pd-ppp-dhcp

configure subscriber-mgmt sub-profile host-limits ipv6-pd-ppp-dhcp

Description

This command configures the maximum number of IPv6 PPPoE DHCP Prefix Delegation hosts (IA-PD) per SLA profile instance or per subscriber.

Note:

Prefix delegation hosts that are modeled as a managed route do not count against this limit.

The no form of this command removes the maximum number of IPv6 PPPoE DHCP Prefix Delegation hosts (IA-PD) limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 PPPoE DHCP Prefix Delegation hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-prefix

ipv6-prefix

Syntax

[no] ipv6-prefix

Context

[Tree] (debug>router>rpki-session>packet ipv6-prefix)

Full Context

debug router rpki-session packet ipv6-prefix

Description

This command enables debugging for IPv6 prefix RPKI packets.

The no form of this command disables debugging for IPv6 prefix RPKI packets.

Platforms

All

ipv6-prefix-list

ipv6-prefix-list

Syntax

ipv6-prefix-list ipv6-prefix-list-name [create]

no ipv6-prefix-list ipv6-prefix-list-name

Context

[Tree] (config>qos>match-list ipv6-prefix-list)

Full Context

configure qos match-list ipv6-prefix-list

Description

This command creates a list of IPv6 prefixes for match criteria in QoS policies. An ipv6-prefix-list must contain only IPv6 address prefixes created using the prefix command and cannot be deleted if it is referenced by a QoS policy.

The no form of this command deletes the specified list.

Parameters

ipv6-prefix-list-name

A string of up to 32 characters of printable ASCII characters. If special characters are used (#, $, spaces, and so on), the string must be enclosed within double quotes. The name default (case insensitive) is reserved by the system.

create

Creates IPv6 prefixes for match criteria in QoS policies.

Platforms

All

ipv6-prefix-list

Syntax

ipv6-prefix-list ipv6-prefix-list-name [ create]

no ipv6-prefix-list ipv6-prefix-list-name

Context

[Tree] (config>filter>match-list ipv6-prefix-list)

Full Context

configure filter match-list ipv6-prefix-list

Description

This command creates a list of IPv6 prefixes for match criteria in ACL and CPM IPv6 filter policies.

The no form of this command deletes the specified list.

Operational Notes:

An IPv6 prefix list must contain only IPv6 address prefixes.

An IPv6 prefix list cannot be deleted if it is referenced by a filter policy.

See general description related to match-list usage in filter policies.

Parameters

ipv6-prefix-list-name

Specifies a string of up to 32 printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

All

ipv6-routing

ipv6-routing

Syntax

[no] ipv6-routing {native | mt}

Context

[Tree] (config>service>vprn>isis ipv6-routing)

Full Context

configure service vprn isis ipv6-routing

Description

This command enables IPv6 routing.

The no form of this command disables support for IS-IS IPv6 TLVs for IPv6 routing.

Default

no ipv6-routing

Parameters

native

Enables IS-IS IPv6 TLVs for IPv6 routing and enables support for native IPv6 TLVs.

mt

Enables IS-IS multi-topology TLVs for IPv6 routing. When this parameter is specified, the support for native IPv6 TLVs is disabled.

Platforms

All

ipv6-routing

Syntax

[no] ipv6-routing {native | mt}

Context

[Tree] (config>router>isis ipv6-routing)

Full Context

configure router isis ipv6-routing

Description

This command enables IPv6 routing.

The no form of this command disables support for IS-IS IPv6 TLVs for IPv6 routing.

Default

no ipv6-routing

Parameters

native

Enables IS-IS IPv6 TLVs for IPv6 routing and enables support for native IPv6 TLVs.

mt

Enables IS-IS multi-topology TLVs for IPv6 routing. When this parameter is specified, the support for native IPv6 TLVs is disabled.

Platforms

All

ipv6-sid

ipv6-sid

Syntax

ipv6-sid index index-id

ipv6-sid label label-id

no ipv6-sid

Context

[Tree] (config>router>segment-routing>sr-mpls>prefix-sids ipv6-sid)

Full Context

configure router segment-routing sr-mpls prefix-sids ipv6-sid

Description

This command is used to configure the IPv6 segment routing SID associated with the primary IPv6 address of the loopback or system interface.

The no form of this command removes the configuration of the IPv6 segment routing SID associated with the primary IPv6 interface address.

Default

no ipv6-sid

Parameters

index index-id

Specifies the node SID index for this interface.

Values

0 to 4294967295

label label-id

Specifies the label value for the node SID.

Values

32 to 1048575

Platforms

All

ipv6-slaac-prefix

ipv6-slaac-prefix

Syntax

ipv6-slaac-prefix ipv6-prefix/prefix-length

no ipv6-slaac-prefix

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-slaac-prefix)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-slaac-prefix)

Full Context

configure subscriber-mgmt local-user-db ppp host ipv6-slaac-prefix

configure subscriber-mgmt local-user-db ipoe host ipv6-slaac-prefix

Description

This command configures static IPv6 SLAAC prefix (PIO) for the host. The host will assign an IPv6 address to itself based on this prefix. The prefix length is 64 bits.

The no form of this command removes the static IPv6 SLAAC prefix (PIO) for the host from the configuration.

Default

no ipv6-slaac-prefix

Parameters

ipv6-prefix/prefix-length

Specifies the IPv6 address and prefix length.

Values

ipv6-prefix/prefix-length : ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-slaac-prefix-pool

ipv6-slaac-prefix-pool

Syntax

ipv6-slaac-prefix-pool pool

no ipv6-slaac-prefix-pool

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-slaac-prefix-pool)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-slaac-prefix-pool)

Full Context

configure subscriber-mgmt local-user-db ipoe host ipv6-slaac-prefix-pool

configure subscriber-mgmt local-user-db ppp host ipv6-slaac-prefix-pool

Description

This command configures the IPv6 SLAAC prefix pool of this host.

The no form of this command reverts to the default.

Parameters

pool

Specifies the pool name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-source-address

ipv6-source-address

Syntax

ipv6-source-address ipv6-address [allow-connections]

no ipv6-source-address

Context

[Tree] (config>aaa>diam>node ipv6-source-address)

Full Context

configure aaa diameter node ipv6-source-address

Description

This command configures IPv6 source address that the SR OS node will use for its peering connection.

The no form of this command removes the IPv6 source address from the configuration.

Parameters

ipv6-address

Specifies the source IPv6 address to use for outgoing diameter messages to an IPv6-reachable peer.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

allow-connections

Specifies to accept peering connections on the configured source IPv6 address. The peer initiating the connection can only be an inter-chassis peer.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-source-address

Syntax

ipv6-source-address ipv6-address

no ipv6-source-address

Context

[Tree] (config>aaa>radius-srv-plcy>servers ipv6-source-address)

Full Context

configure aaa radius-server-policy servers ipv6-source-address

Description

This command configures the source address of an IPv6 RADIUS packet.

When no ipv6-source-address is configured, the system IPv6 address (inband RADIUS server connection) or Boot Option File (BOF) IPv6 address (outband RADIUS server connection) must be configured in order for the RADIUS client to work with an IPv6 RADIUS server.

This address is also used in the NAS-IPv6-Address attribute.

The no form of this command reverts to the default value.

Parameters

ipv6-address

Specifies the source address of an IPv6 RADIUS packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-source-address

Syntax

ipv6-source-address ipv6-address

no ipv6-source-address

Context

[Tree] (config>service>vprn>dns ipv6-source-address)

Full Context

configure service vprn dns ipv6-source-address

Description

This command configures the IPv6 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv6 DNS server address by other means, can use this for DNS name resolution.

The ipv6-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the IPv6 address of the default secondary DNS server.

Values

ipv6-address - a.b.c.d

Platforms

All

ipv6-source-address

Syntax

ipv6-source-address ipv6-address

no ipv6-source-address

Context

[Tree] (config>system>file-trans-prof ipv6-source-address)

Full Context

configure system file-transmission-profile ipv6-source-address

Description

This command specifies the IPv6 source address used for transport protocol.

The no form of this command uses the default source address which typically is the address of egress interface.

Default

no ipv6-source-address

Parameters

Ipv6-address

Specifies a unicast v6 address. This should be a local interface address.

Platforms

All

ipv6-tcp-mss-adjust

ipv6-tcp-mss-adjust

Syntax

ipv6-tcp-mss-adjust segment-size

no ipv6-tcp-mss-adjust

Context

[Tree] (config>service>vprn>wlan-gw>dsm ipv6-tcp-mss-adjust)

[Tree] (config>router>wlan-gw>dsm ipv6-tcp-mss-adjust)

Full Context

configure service vprn wlan-gw distributed-sub-mgmt ipv6-tcp-mss-adjust

configure router wlan-gw distributed-sub-mgmt ipv6-tcp-mss-adjust

Description

This command specifies the value used for TCP-MSS-adjust in the IPv6 upstream direction for DSM. The downstream direction for both IPv4 and IPv6 are both configured under the group-interface. The upstream direction for IPv4 NAT hosts is configured under the NAT policy.

The defined segment size is inserted in a TCP SYN message if there is no existing MSS option or the value in the MSS option is bigger than the configured value.

The no form of this command disables upstream TCP MSS adjust for IPv6 DSM.

Default

no ipv6-tcp-mss-adjust

Parameters

segment-size

Specifies the segment size to be inserted.

Values

160 to 10240

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ipv6-te-router-id

ipv6-te-router-id

Syntax

ipv6-te-router-id interface interface-name

no ipv6-te-router-id

Context

[Tree] (config>router ipv6-te-router-id)

Full Context

configure router ipv6-te-router-id

Description

This command configures the IPv6 TE Router ID. The IPv6 TE Router ID, when configured, uniquely identifies the router as being IPv6 TE capable to other routers in an IGP TE domain.

IS-IS advertises this information using the IPv6 TE Router ID TLV.

If this command is not configured, the IPv6 TE Router ID will use the global unicast address of the system interface by default. The user can specify the system interface using this command to achieve the same result. If a different interface is specified, the preferred primary global unicast address of that interface is used instead

The no form of this command reverts the IPv6 TE Router ID to the default value.

Parameters

interface interface-name

Specifies the name of the interface to be added or removed. Only system and loopback interfaces are accepted.

Platforms

All

ipv6-unicast

ipv6-unicast

Syntax

[no] ipv6-unicast

Context

[Tree] (config>service>vprn>isis>multi-topology ipv6-unicast)

Full Context

configure service vprn isis multi-topology ipv6-unicast

Description

This command enables multi-topology TLVs.

The no form of this command disables multi-topology TLVs.

Platforms

All

ipv6-unicast

Syntax

[no] ipv6-unicast

Context

[Tree] (config>router>isis>multi-topology ipv6-unicast)

Full Context

configure router isis multi-topology ipv6-unicast

Description

This command enables multi-topology TLVs.

The no form of this command disables multi-topology TLVs.

Default

no ipv6-unicast

Platforms

All

ipv6-unicast-disable

ipv6-unicast-disable

Syntax

[no] ipv6-unicast-disable

Context

[Tree] (config>router>isis>if ipv6-unicast-disable)

[Tree] (config>service>vprn>isis>if ipv6-unicast-disable)

Full Context

configure router isis interface ipv6-unicast-disable

configure service vprn isis interface ipv6-unicast-disable

Description

This command disables IS-IS IPv6 unicast routing for the interface.

By default IPv6 unicast on all interfaces is enabled. However, IPv6 unicast routing on IS-IS is in effect when the config>router>isis>ipv6-routing mt command is configured.

The no form of this command enables IS-IS IPv6 unicast routing for the interface.

Platforms

All

ipv6-unicast-metric

ipv6-unicast-metric

Syntax

ipv6-unicast-metric metric

no ipv6-unicast-metric

Context

[Tree] (config>service>vprn>isis>if>level ipv6-unicast-metric)

Full Context

configure service vprn isis interface level ipv6-unicast-metric

Description

This command configures IS-IS interface metric for IPv6 unicast.

The no form of this command removes the metric from the configuration.

Parameters

metric

Specifies the IS-IS interface metric for IPv6 unicast.

Values

1 to 16777215

Platforms

All

ipv6-unicast-metric

Syntax

ipv6-unicast-metric metric

no ipv6-unicast-metric

Context

[Tree] (config>router>isis>if>level ipv6-unicast-metric)

Full Context

configure router isis interface level ipv6-unicast-metric

Description

This command configures the IS-IS interface metric for IPv6 unicast.

The no form of this command removes the metric from the configuration.

Default

no ipv6-unicast-metric

Parameters

metric

Specifies the IS-IS interface metric for IPv6 unicast.

Values

1 to 16777215

Platforms

All

ipv6-unicast-metric-offset

ipv6-unicast-metric-offset

Syntax

ipv6-unicast-metric-offset offset-value

no ipv6-unicast-metric-offset

Context

[Tree] (config>service>vprn>isis>link-group>level ipv6-unicast-metric-offset)

Full Context

configure service vprn isis link-group level ipv6-unicast-metric-offset

Description

This command sets the offset value for the IPv6 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv6 topology.

The no form of this command reverts the offset value to 0.

Default

no ipv6-unicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.

Values

0 to 6777215

Platforms

All

ipv6-unicast-metric-offset

Syntax

ipv6-unicast-metric-offset offset-value

no ipv6-unicast-metric-offset

Context

[Tree] (config>router>isis>link-group>level ipv6-unicast-metric-offset)

Full Context

configure router isis link-group level ipv6-unicast-metric-offset

Description

This command sets the offset value for the IPv6 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv6 topology.

The no form of this command reverts the offset value to 0.

Default

no ipv6-unicast-metric-offset

Parameters

offset-value

Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.

Values

0 to 6777215

Platforms

All

ipv6-wan-address-pool

ipv6-wan-address-pool

Syntax

ipv6-wan-address-pool pool-name

no ipv6-wan-address-pool

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host ipv6-wan-address-pool)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ipv6-wan-address-pool)

Full Context

configure subscriber-mgmt local-user-db ipoe host ipv6-wan-address-pool

configure subscriber-mgmt local-user-db ppp host ipv6-wan-address-pool

Description

This command configures the pool name that is used in the DHCPv6 server for DHCPv6 IA-PA address selection.

The no form of this command removes the pool name from the configuration.

Parameters

pool-name

Specifies the WAN address pool, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-wan-ipoe-dhcp

ipv6-wan-ipoe-dhcp

Syntax

ipv6-wan-ipoe-dhcp max-nr-of-hosts

no ipv6-wan-ipoe-dhcp

Context

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-wan-ipoe-dhcp)

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-wan-ipoe-dhcp)

Full Context

configure subscriber-mgmt sub-profile host-limits ipv6-wan-ipoe-dhcp

configure subscriber-mgmt sla-profile host-limits ipv6-wan-ipoe-dhcp

Description

This command configures the maximum number of IPv6 IPoE DHCP WAN hosts (IA-NA) per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv6 IPoE DHCP WAN hosts (IA-NA) limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 IPoE DHCP WAN hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-wan-ipoe-slaac

ipv6-wan-ipoe-slaac

Syntax

ipv6-wan-ipoe-slaac max-nr-of-hosts

no ipv6-wan-ipoe-slaac

Context

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-wan-ipoe-slaac)

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-wan-ipoe-slaac)

Full Context

configure subscriber-mgmt sub-profile host-limits ipv6-wan-ipoe-slaac

configure subscriber-mgmt sla-profile host-limits ipv6-wan-ipoe-slaac

Description

This command configures the maximum number of IPv6 IPoE SLAAC WAN hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv6 IPoE SLAAC WAN hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 IPoE SLAAC WAN hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-wan-overall

ipv6-wan-overall

Syntax

ipv6-wan-overall max-nr-of-hosts

no ipv6-wan-overall

Context

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-wan-overall)

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-wan-overall)

Full Context

configure subscriber-mgmt sub-profile host-limits ipv6-wan-overall

configure subscriber-mgmt sla-profile host-limits ipv6-wan-overall

Description

This command configures the maximum number of IPv6 WAN hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPV6 WAN hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 WAN hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-wan-ppp-dhcp

ipv6-wan-ppp-dhcp

Syntax

ipv6-wan-ppp-dhcp max-nr-of-hosts

no ipv6-wan-ppp-dhcp

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-wan-ppp-dhcp)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-wan-ppp-dhcp)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv6-wan-ppp-dhcp

configure subscriber-mgmt sub-profile host-limits ipv6-wan-ppp-dhcp

Description

This command configures the maximum number of IPv6 PPPoE DHCP WAN hosts (IA-NA) per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv6 PPPoE DHCP WAN hosts (IA-NA) limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 PPPoE DHCP WAN hosts (IA-NA).

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ipv6-wan-ppp-slaac

ipv6-wan-ppp-slaac

Syntax

ipv6-wan-ppp-slaac max-nr-of-hosts

no ipv6-wan-ppp-slaac

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits ipv6-wan-ppp-slaac)

[Tree] (config>subscr-mgmt>sub-profile>host-limits ipv6-wan-ppp-slaac)

Full Context

configure subscriber-mgmt sla-profile host-limits ipv6-wan-ppp-slaac

configure subscriber-mgmt sub-profile host-limits ipv6-wan-ppp-slaac

Description

This command configures the maximum number of IPv6 PPPoE SLAAC WAN hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of IPv6 PPPoE SLAAC WAN hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of IPv6 PPPoE SLAAC WAN hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

isa

isa

Syntax

isa

Context

[Tree] (config isa)

Full Context

configure isa

Description

Commands in this context configure Integrated Services Adapter (ISA) parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-aa-group

isa-aa-group

Syntax

isa-aa-group aa-group-id

no isa-aa-group

Context

[Tree] (config>isa>wlan-gw-group>distributed-sub-mgmt isa-aa-group)

Full Context

configure isa wlan-gw-group distributed-sub-mgmt isa-aa-group

Description

This command configures an ISA application assurance group for WLAN gateway DSM subscribers.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-aa-group

Syntax

isa-aa-group isa-aa-group-id {all | unknown}

no isa-aa-group isa-aa-group-id

Context

[Tree] (debug>mirror-source isa-aa-group)

Full Context

debug mirror-source isa-aa-group

Description

This command configures AA ISA group as a mirror source for this mirror service. Traffic is mirrored after AA processing takes place on AA ISAs of the group, therefore, any packets dropped as part of that AA processing are not mirrored.

Parameters

isa-aa-group-id

Specifies the ISA ISA-AA group ID.

Values

1 to 255

all

Specifies that all traffic after AA processing will be mirrored.

unknown

Specifies that all traffic during the identification phase (may match policy entry or entries that have mirror action configured) and traffic that had been identified as unknown_tcp or unknown_udp after AA processing will be mirrored.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-aa-oversubscription-factor

isa-aa-oversubscription-factor

Syntax

isa-aa-oversubscription-factor factor

no isa-aa-oversubscription-factor

Context

[Tree] (config>isa>wlan-gw-group>distributed-sub-mgmt isa-aa-oversubscription-factor)

Full Context

configure isa wlan-gw-group distributed-sub-mgmt isa-aa-oversubscription-factor

Description

This command specifies by how much an AA ISA is oversubscribed when linked to a WLAN-GW group. A factor of 1 indicates that each AA ISA is linked to a single WLAN-GW ISA, while a factor of 10 indicates that each AA ISA is linked to up to 10 WLAN-GW ISAs. The factor must be an integer but poses an oversubscription limit, not an exact ratio. For example, for 2 AA ISAs and 5 WLAN-GW ISAs, a factor of 3 or higher is valid. Additional standby ISAs can be added until the oversubscription limit is reached.

The no form of this command resets the configuration to the default value.

Default

isa-aa-oversubscription-factor 1

Parameters

factor

The number of WLAN GW ISAs that can be served by a single AA ISA.

Values

1 to 10

Platforms

7750 SR, 7750 SR-e, 7750 SR-s

isa-capacity-cost-high-threshold

isa-capacity-cost-high-threshold

Syntax

isa-capacity-cost-high-threshold threshold

no isa-capacity-cost-high-threshold

Context

[Tree] (config>isa>aa-grp isa-capacity-cost-high-threshold)

Full Context

configure isa application-assurance-group isa-capacity-cost-high-threshold

Description

This command configures the ISA-AA capacity cost high threshold.

The no form of this command reverts the threshold to the default value.

Default

isa-capacity-cost-high-threshold 4294967295

Parameters

threshold

Specifies the capacity cost high threshold for the ISA-AA group.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-capacity-cost-low-threshold

isa-capacity-cost-low-threshold

Syntax

isa-capacity-cost-low-threshold threshold

no isa-capacity-cost-low-threshold

Context

[Tree] (config>isa>aa-grp isa-capacity-cost-low-threshold)

Full Context

configure isa application-assurance-group isa-capacity-cost-low-threshold

Description

This command configures the ISA-AA capacity cost low threshold.

The no form of this command reverts the threshold to the default value.

Default

isa-capacity-cost-low-threshold 0

Parameters

threshold

Specifies the capacity cost low threshold for the ISA-AA group.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-dp-cpu-usage

isa-dp-cpu-usage

Syntax

[no] isa-dp-cpu-usage

Context

[Tree] (config>isa>tunnel-grp>stats-collection isa-dp-cpu-usage)

Full Context

configure isa tunnel-group stats-collection isa-dp-cpu-usage

Description

This command enables the system to collect statistics used to derive ISA CPU data plane usage. When enabled, this command impacts the ISA performance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-filter

isa-filter

Syntax

isa-filter name [type {dsm}] [ create]

no isa-filter name

Context

[Tree] (config>subscr-mgmt isa-filter)

Full Context

configure subscriber-mgmt isa-filter

Description

Commands in this context configure ISA filter parameters.

Parameters

name

Specifies the name of the filter.

type dsm

Selects DSM as the type.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

isa-overload-cut-through

isa-overload-cut-through

Syntax

[no] isa-overload-cut-through

Context

[Tree] (config>isa>aa-grp isa-overload-cut-through)

Full Context

configure isa application-assurance-group isa-overload-cut-through

Description

This command configures the ISA group to enable cut-through of traffic if an overload event occurs, triggered when the IOM weighted average queues depth exceeds the wa-shared-high-wmark. In this ISA state, packets are cut-through from application analysis but retain subscriber context with default subscriber policy applied.

The no form of this command disables cut-through processing on overload.

Default

no isa-overload-cut-through

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-policer

isa-policer

Syntax

isa-policer policer-name [type policer-type] [ create]

no isa-policer policer-name

Context

[Tree] (config>subscr-mgmt isa-policer)

Full Context

configure subscriber-mgmt isa-policer

Description

This command creates the context to configure an ISA policer. When creating a policer for the first time, both the create and type parameters are required.

The no form of this command reverts to the default.

Parameters

policer-name

Specifies the name by which this policer is referenced up to 32 characters.

policer-type

Specifies the policer type. The dual-bucket-bandwidth policer applies both a CIR and PIR.

Values

single-bucket-bandwidth, dual-bucket-bandwidth

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

isa-radius-policy

isa-radius-policy

Syntax

isa-radius-policy name [create]

no isa-radius-policy name

Context

[Tree] (config>aaa isa-radius-policy)

Full Context

configure aaa isa-radius-policy

Description

This command creates a policy template related to transport of accounting messages from the BB-ISA card to the accounting server. It also defines accounting attributes that will be included in accounting messages. The policy template will be instantiated once it is applied to the BB-ISA cards in the nat-group.

The no form of the command removes the policy name from the configuration.

Parameters

name

Specifies the name of the ISA RADIUS policy that can be referenced by a NAT application.

create

Keyword used to create the policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-service-chaining

isa-service-chaining

Syntax

[no] isa-service-chaining

Context

[Tree] (config>router isa-service-chaining)

Full Context

configure router isa-service-chaining

Description

Commands in this context configure ISA service chaining parameters.

The no form of this command disables ISA service chaining parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isa-service-chaining

Syntax

isa-service-chaining

Context

[Tree] (config>subscr-mgmt isa-service-chaining)

Full Context

configure subscriber-mgmt isa-service-chaining

Description

Commands in this context configure ISA-based service chaining for subscribers with L2-Aware NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isakmp-lifetime

isakmp-lifetime

Syntax

isakmp-lifetime seconds

Context

[Tree] (config>ipsec>ike-transform isakmp-lifetime)

Full Context

configure ipsec ike-transform isakmp-lifetime

Description

This command specifies the lifetime of the IKE SA.

Default

isakmp-lifetime 86400

Parameters

seconds

Specifies the Phase 1 life time for this IKE transform.

Values

1200 to 31536000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

isid

isid

Syntax

isid start [to to]

no isid start

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>service-carving>manual isid)

Full Context

configure service system bgp-evpn ethernet-segment service-carving manual isid

Description

This command configures the ISID ranges for which the PE is primary, or uses the lowest preference algorithm.

Note:

Multiple individual ISID values and ranges are allowed.

The following service-carving manual algorithms are supported for DF election:

  • Manual non-preference

    A preference command is not configured for this algorithm. The primary PE for the configured ISIDs is determined by the ISID range. The manual non-preference algorithm only supports two PEs in the Ethernet Segment

  • Manual preference-based

    If a preference command is configured, the algorithm uses the configured value to determine the DF election. For ISIDs not defined in the range, the highest-preference algorithm is used. For configured ISIDs, the lowest-preference algorithm is used.

Parameters

start

Specifies the initial isid value of the range.

Values

1 to 16777215

to

Specifies the end isid value of the range. If not configured, only the individual start value is considered.

Values

1 to 16777215

Platforms

All

isid

Syntax

isid value [to higher-value]

no isid

Context

[Tree] (config>filter>mac-filter>entry>match isid)

Full Context

configure filter mac-filter entry match isid

Description

This command configures an ISID value or a range of ISID values to be matched by the mac-filter parent. The pbb-etype value for the related SAP (inherited from the ethernet port configuration) or for the related SDP binding (inherited from SDP configuration) will be used to identify the ISID tag.

The no form of this command removes the ISID match criterion.

Default

no isid

Parameters

value

Specifies the ISID value, 24 bits as a decimal integer. When just one present identifies a specific ISID to be used for matching.

Values

0 to 16777215

higher-value

Identifies a range of ISIDs to be used as matching criteria.

Platforms

All

isid

Syntax

isid value [to higher-value]

no isid

no isid value [to higher-value]

Context

[Tree] (config>serv>mrp>mrp-policy>entry>match isid)

Full Context

configure service mrp mrp-policy entry match isid

Description

This command configures an ISID value or a range of ISID values to be matched by the mrp-policy parent when looking at the related MMRP attributes (Group B-MACs). The pbb-etype value for the related SAP (inherited from the ethernet port configuration) or for the related SDP binding (inherited from SDP configuration) will be used to identify the ISID tag.

Multiple ISID statements are allowed under a match node. The following rules govern the usage of multiple ISID statements:

  • Overlapping values are allowed:

    • isid from 1 to 10

    • isid from 5 to 15

    • isid 16

  • The minimum and maximum values from overlapping ranges are considered and displayed. The above entries will be equivalent with the "isid from 1 to 16” statement.

  • There is no consistency check with the content of ISID statements from other entries. The entries are evaluated in the order of their IDs and the first match causes the implementation to execute the associated action for that entry and then to exit the mrp-policy.

  • If there are no ISID statements under a match criteria but the mac-filter type is isid the following behaviors apply for different actions:

    • For end-station, it treats any ISID value as no match and goes to next entry or default action which must be "block” in this case

    • For allow, it treats any ISID value as a match and allows it

    • For block, it treats any ISID value as a match and blocks it

The no form of the command can be used in two ways:

no isid removes all the previous statements under one match node.

no isid value | from value to higher-value removes a specific ISID value or range. It must match a previously used positive statement: for example if the command isid 16 to 100 was used using no isid 16 to 50 will not work but no isid 16 to 100 will be successful.

Default

no isid

Parameters

value or higher-value

Specifies the ISID value in 24 bits. When just one value is present, it identifies a particular ISID to be used for matching.

Values

0 to 16777215

from value to higher-value

Identifies a range of ISIDs to be used as matching criteria.

Platforms

All

isid-policy

isid-policy

Syntax

isid-policy

Context

[Tree] (config>service>vpls isid-policy)

Full Context

configure service vpls isid-policy

Description

This command configures ISID policies for individual ISIDs or ISID ranges in a B-VPLS using SPBM. The ISIDs may belong to I-VPLS services or may be static-isids defined on this node. Multiple entry statements are allowed under a isid-policy. ISIDs that are declared as static do not require and isid-policy unless the ISIDs are not to be advertised.

isid-policy allows finer control of ISID multicast but is not typically required for SPBM operation. Use of ISID policies can cause additional flooding of multicast traffic.

Platforms

All

isid-range

isid-range

Syntax

isid-range from [to to] {auto-rt | route-target rt}

no isid-range from

Context

[Tree] (config>service>vpls>bgp-evpn>isid-route-target isid-range)

Full Context

configure service vpls bgp-evpn isid-route-target isid-range

Description

This command creates a range of ISIDs associated with a specified route-target that is advertised with BMAC-ISID and IMET-ISID routes for the ISID. The route-target can be explicitly configured or automatically assigned by the system if the auto-rt option is configured. Auto routes assignment is based on RFC 7623 as follows:

<2-byte-as-number>:<4-byte-value>, where 4-byte-value = 0x30+ISID

The no form of the command deletes the isid-range and its association with the route-target.

The no form is the default action, which advertises the BMAC-ISID and IMET-ISID routes with the B-VPLS configured route-target.

Default

no isid-range

Parameters

from

Specifies the start of the ISID range.

Values

1 to 16777215

to

Specifies the end of the ISID range. If it is not configured, the range is comprised of (only) the ISID specified in the to option.

Values

1 to 16777215

auto-rt

Automatically generates an ISID-derived route-target in the format: AS_number:0x30+ISID.

route-target

Specifies an explicit route target.

Values

rt - target:{<ip-addr:comm-val>| <2byte-as-number:extcomm-val>| <4byte-asnumber:comm-val>}

ip-addr: a.b.c.d

comm-val: [0 to 65535]

2byte-as-number: [0 to 65535]

ext-comm-val: [0 to 4294967295]

4byte-asnumber: [0 to 4294967295]

Platforms

All

isid-route-target

isid-route-target

Syntax

isid-route-target

Context

[Tree] (config>service>vpls>bgp-evpn isid-route-target)

Full Context

configure service vpls bgp-evpn isid-route-target

Description

Commands in this context configure the isid-range to route-target associations.

Platforms

All

isis

isis

Syntax

[no] isis isis-instance

Context

[Tree] (config>service>vprn isis)

Full Context

configure service vprn isis

Description

Commands in this context configure the Intermediate-System-to-Intermediate-System (IS-IS) protocol instance in the VPRN.

The IS-IS protocol instance is enabled with the no shutdown command in the config>service>vprn>isis context. Alternatively, the IS-IS protocol instance is disabled with the shutdown command in the config>service>vprn>isis context.

IS-IS instances are shutdown when created, so that all parameters can be configured prior to the instance being enabled.

The no form of this command disables the ISIS protocol instance from the given VPRN service.

Default

0

Parameters

isis-instance

Specifies the instance ID for an IS-IS instance.

Values

0 to 127

Platforms

All

isis

Syntax

[no] isis [isis-instance]

Context

[Tree] (config>router isis)

Full Context

configure router isis

Description

Commands in this context configure the Intermediate-System-to-Intermediate-System (IS-IS) protocol instance.

The IS-IS protocol instance is enabled with the no shutdown command in the config>router>isis context. Alternatively, the IS-IS protocol instance is disabled with the shutdown command in the config>router>isis context.

IS-IS instances are shutdown when created, so that all parameters can be configured prior to the instance being enabled.

The no form of this command deletes the IS-IS protocol instance. Deleting the protocol instance removes all configuration parameters for this IS-IS instance.

Parameters

isis-instance

Specifies the instance ID for an IS-IS instance.

Values

0 to 127

Platforms

All

isis

Syntax

isis [isis-instance]

Context

[Tree] (debug>router isis)

Full Context

debug router isis

Description

Commands in this context debug IS-IS protocol entities.

Parameters

isis-instance

Specifies the IS-IS instance.

Values

0 to 127

Platforms

All

Output

The following output is an example of the debugging information.

Output Example
*A:Dut-C# /tools dump router isis sr-database  prefix 10.20.1.5 detail 
===============================================================================
Rtr Base ISIS Instance 0 SR Database
===============================================================================
103   474390 10.20.1.5       LfaNhops  1   0  15      1000    1    1    
  1492   1500    1500   0 0  1  1   0100.2000.1005 SR_ERR_OK 
        IP:10.10.5.5 gifId:3 ifId:4 protectId:7 numLabels:1 outLbl:474390 isAdv:1 is
LfaX:0
        IP:10.10.12.2 gifId:5 ifId:6 protectId:0 numLabels:2 outLbl1:474389 outLbl2:
474390 numLfaNhops:1 isAdv:0
-------------------------------------------------------------------------------
D = duplicate pending 
xL = exclude from LFA 
rL = remote LFA 
Act = tunnel active 
LDP = LDP FEC is the SID NH for SR-LDP stitching 
===============================================================================
*A:Dut-C# /tools dump router isis sr-database nh-type ldp  detail 
===============================================================================
Rtr Base ISIS Instance 0 SR Database
===============================================================================
SID   Label  Prefix          Last-act  Lev MT TnlPref Metric  IpNh SrNh 
  Mtu    MtuPrim MtuBk  D xL rL Act AdvSystemId    SrErr 
-------------------------------------------------------------------------------
1000  475287 10.20.1.4       AddTnl    1   0  15      0       1    1    
  0      0       0      0 0  0  1   0100.2000.1004 SR_ERR_OK 
        LDP: IP:10.20.1.4 tnlId:65546 tnlTyp:2 
1001  475288 10.20.1.5       AddTnl    1   0  15      0       1    1    
  0      0       0      0 0  0  1   0100.2000.1005 SR_ERR_OK 
        LDP: IP:10.20.1.5 tnlId:65548 tnlTyp:2 
1002  475289 10.20.1.6       AddTnl    1   0  15      0       1    1    
  0      0       0      0 0  0  1   0100.2000.1006 SR_ERR_OK 
        LDP: IP:10.20.1.6 tnlId:65549 tnlTyp:2 
-------------------------------------------------------------------------------
D = duplicate pending 
xL = exclude from LFA 
rL = remote LFA 
Act = tunnel active 
LDP = LDP FEC is the SID NH for SR-LDP stitching 
===============================================================================