filter commands
configure
— filter
— apply-groups reference
— apply-groups-exclude reference
— dhcp-filter number
— apply-groups reference
— apply-groups-exclude reference
— default-action
— bypass-host-creation
— drop
— description string
— entry number
— action
— bypass-host-creation
— drop
— apply-groups reference
— apply-groups-exclude reference
— option
— absent
— match
— exact boolean
— hex string
— invert boolean
— string string
— number number
— present
— dhcp6-filter number
— apply-groups reference
— apply-groups-exclude reference
— default-action
— bypass-host-creation
— na boolean
— pd boolean
— drop
— description string
— entry number
— action
— bypass-host-creation
— na boolean
— pd boolean
— drop
— apply-groups reference
— apply-groups-exclude reference
— option
— absent
— match
— exact boolean
— hex string
— invert boolean
— string string
— number number
— present
— gre-tunnel-template string
— apply-groups reference
— apply-groups-exclude reference
— description string
— ipv4
— destination-address string
— gre-key (keyword | number)
— skip-ttl-decrement boolean
— source-address string
— ipv6
— destination-address string
— gre-key keyword
— skip-hop-decrement boolean
— source-address string
— ip-exception string
— apply-groups reference
— apply-groups-exclude reference
— description string
— entry number
— apply-groups reference
— apply-groups-exclude reference
— description string
— match
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— mask string
— dst-port
— eq number
— gt number
— lt number
— range
— end number
— start number
— icmp
— code number
— type number
— protocol (number | keyword)
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— mask string
— src-port
— eq number
— gt number
— lt number
— range
— end number
— start number
— filter-id number
— ip-filter string
— apply-groups reference
— apply-groups-exclude reference
— chain-to-system-filter boolean
— default-action keyword
— description string
— embed
— filter reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— flowspec offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— group number
— router-instance string
— openflow reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— grt
— sap reference
— system
— vpls reference
— vprn reference
— entry number
— action
— accept
— accept-when
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— apply-groups reference
— apply-groups-exclude reference
— drop
— drop-when
— extracted-traffic
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— fc keyword
— forward
— bonding-connection number
— esi-l2
— esi-value string
— vpls reference
— esi-l3
— esi-value string
— sf-ip string
— vas-interface reference
— vprn reference
— gre-tunnel reference
— lsp string
— mpls-policy
— endpoint string
— next-hop
— interface-name string
— nh-ip
— address string
— indirect boolean
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— redirect-policy reference
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— srte-policy
— color number
— endpoint string
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— gtp-local-breakout
— http-redirect
— allow-override boolean
— url (keyword | http-redirect-url)
— ignore-match
— l2-aware-nat-bypass boolean
— nat
— nat-policy reference
— rate-limit
— extracted-traffic
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— pir (number | keyword)
— pps-pir (number | keyword)
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— reassemble
— remark
— dscp keyword
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— next-hop
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— remark
— dscp keyword
— tcp-mss-adjust
— apply-groups reference
— apply-groups-exclude reference
— description string
— egress-pbr keyword
— filter-sample boolean
— interface-sample boolean
— log reference
— match
— destination-class number
— dscp keyword
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— fragment keyword
— icmp
— code number
— type number
— ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— ip-option
— mask number
— type number
— multiple-option boolean
— option-present boolean
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— protocol (number | keyword)
— protocol-list reference
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— src-mac
— address string
— mask string
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-route-option boolean
— tcp-established
— tcp-flags
— ack boolean
— cwr boolean
— ece boolean
— fin boolean
— ns boolean
— psh boolean
— rst boolean
— syn boolean
— urg boolean
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— pbr-down-action-override keyword
— sample-profile reference
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— shared-policer boolean
— subscriber-mgmt
— host-specific-entry
— credit-control
— range
— end number
— start number
— filter-rule
— range
— end number
— start number
— watermark
— high number
— low number
— shared-entry
— filter-rule
— range
— end number
— start number
— pcc-rule
— range
— end number
— start number
— watermark
— high number
— low number
— type keyword
— ipv6-exception string
— apply-groups reference
— apply-groups-exclude reference
— description string
— entry number
— apply-groups reference
— apply-groups-exclude reference
— description string
— match
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— icmp
— code number
— type number
— next-header (number | keyword)
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— filter-id number
— ipv6-filter string
— apply-groups reference
— apply-groups-exclude reference
— chain-to-system-filter boolean
— default-action keyword
— description string
— embed
— filter reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— flowspec offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— group number
— router-instance string
— openflow reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— grt
— sap reference
— system
— vpls reference
— vprn reference
— entry number
— action
— accept
— accept-when
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— apply-groups reference
— apply-groups-exclude reference
— drop
— drop-when
— extracted-traffic
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— payload-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— fc keyword
— forward
— bonding-connection number
— esi-l2
— esi-value string
— vpls reference
— esi-l3
— esi-value string
— sf-ip string
— vas-interface reference
— vprn reference
— gre-tunnel reference
— lsp string
— mpls-policy
— endpoint string
— next-hop
— nh-ip
— address string
— indirect boolean
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— redirect-policy reference
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— srte-policy
— color number
— endpoint string
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— http-redirect
— allow-override boolean
— url (keyword | http-redirect-url)
— ignore-match
— nat
— nat-policy reference
— nat-type keyword
— rate-limit
— extracted-traffic
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— payload-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pir (number | keyword)
— pps-pir (number | keyword)
— remark
— dscp keyword
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— next-hop
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— remark
— dscp keyword
— tcp-mss-adjust
— apply-groups reference
— apply-groups-exclude reference
— description string
— egress-pbr keyword
— filter-sample boolean
— interface-sample boolean
— log reference
— match
— destination-class number
— dscp keyword
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— extension-header
— ah boolean
— esp boolean
— hop-by-hop boolean
— routing-type0 boolean
— flow-label
— mask number
— value number
— fragment keyword
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— icmp
— code number
— type number
— ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— next-header (number | keyword)
— next-header-list reference
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-mac
— address string
— mask string
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— tcp-established
— tcp-flags
— ack boolean
— cwr boolean
— ece boolean
— fin boolean
— ns boolean
— psh boolean
— rst boolean
— syn boolean
— urg boolean
— pbr-down-action-override keyword
— sample-profile reference
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— shared-policer boolean
— subscriber-mgmt
— host-specific-entry
— credit-control
— range
— end number
— start number
— filter-rule
— range
— end number
— start number
— watermark
— high number
— low number
— shared-entry
— filter-rule
— range
— end number
— start number
— pcc-rule
— range
— end number
— start number
— watermark
— high number
— low number
— type keyword
— log number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination
— memory
— max-entries number
— stop-on-full boolean
— syslog
— name reference
— summary
— admin-state keyword
— summary-crit keyword
— mac-filter string
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— description string
— embed
— entry number
— action
— accept
— apply-groups reference
— apply-groups-exclude reference
— drop
— forward
— esi-l2
— esi-value string
— vpls reference
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— http-redirect
— url string
— ignore-match
— rate-limit
— pir (number | keyword)
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— dot1p
— mask number
— priority number
— dst-mac
— address string
— mask string
— etype string
— frame-type keyword
— inner-tag
— mask number
— tag number
— isid
— range
— end number
— start number
— value number
— llc-dsap
— dsap number
— mask number
— llc-ssap
— mask number
— ssap number
— outer-tag
— mask number
— tag number
— snap-oui keyword
— snap-pid number
— src-mac
— address string
— mask string
— pbr-down-action-override keyword
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— type keyword
— match-list
— apply-groups reference
— apply-groups-exclude reference
— ip-prefix-list string
— apply-groups reference
— apply-groups-exclude reference
— apply-path
— bgp-peers number
— apply-groups reference
— apply-groups-exclude reference
— group string
— neighbor string
— router-instance string
— description string
— prefix string
— prefix-exclude string
— ipv6-prefix-list string
— apply-groups reference
— apply-groups-exclude reference
— apply-path
— bgp-peers number
— apply-groups reference
— apply-groups-exclude reference
— group string
— neighbor string
— router-instance string
— description string
— prefix string
— prefix-exclude string
— port-list string
— apply-groups reference
— apply-groups-exclude reference
— description string
— port number
— range start number end number
— protocol-list string
— apply-groups reference
— apply-groups-exclude reference
— description string
— protocol (number | keyword)
— md-auto-id
— filter-id-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— redirect-policy string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination (ipv4-address-no-zone | ipv6-address-no-zone)
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— ping-test
— apply-groups reference
— apply-groups-exclude reference
— drop-count number
— hold-down number
— interval number
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— timeout number
— priority number
— unicast-rt-test
— notify-dest-change boolean
— router-instance string
— sticky-dest (number | keyword)
— redirect-policy-binding string
— apply-groups reference
— apply-groups-exclude reference
— binding-operator keyword
— redirect-policy reference
— apply-groups reference
— apply-groups-exclude reference
— destination reference
— system-filter
— apply-groups reference
— apply-groups-exclude reference
— ip reference
— ipv6 reference
filter command descriptions
filter
dhcp-filter [filter-id] number
| Synopsis | Enter the dhcp-filter list instance | |
| Context | configure filter dhcp-filter number | |
| Tree | dhcp-filter | |
| Introduced | 16.0.R1 | |
Platforms | All |
[filter-id] number
| Synopsis | Unique DHCP filter policy ID | |
| Context | configure filter dhcp-filter number | |
| Tree | dhcp-filter | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
default-action
| Synopsis | Enable the default-action context | |
| Context | configure filter dhcp-filter number default-action | |
| Tree | default-action | |
| Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
| Synopsis | Host creation options to bypass | |
| Context | configure filter dhcp-filter number default-action bypass-host-creation | |
| Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
| Synopsis | DHCP host creation when the filter entry is matched | |
| Context | configure filter dhcp-filter number default-action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter dhcp-filter number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter dhcp-filter number entry number | |
| Tree | entry | |
| Max. Instances | 10 | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
[entry-id] number
| Synopsis | DHCP filter entry index | |
| Context | configure filter dhcp-filter number entry number | |
| Tree | entry | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
action
| Synopsis | Enable the action context | |
| Context | configure filter dhcp-filter number entry number action | |
| Tree | action | |
| Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
| Synopsis | Host creation options to bypass | |
| Context | configure filter dhcp-filter number entry number action bypass-host-creation | |
| Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
option
| Synopsis | Enable the option context | |
| Context | configure filter dhcp-filter number entry number option | |
| Tree | option | |
| Introduced | 16.0.R1 | |
Platforms | All |
absent
match
exact boolean
hex string
invert boolean
string string
number number
present
dhcp6-filter [filter-id] number
| Synopsis | Enter the dhcp6-filter list instance | |
| Context | configure filter dhcp6-filter number | |
| Tree | dhcp6-filter | |
| Introduced | 16.0.R1 | |
Platforms | All |
[filter-id] number
| Synopsis | Unique DHCP filter policy ID | |
| Context | configure filter dhcp6-filter number | |
| Tree | dhcp6-filter | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
default-action
| Synopsis | Enable the default-action context | |
| Context | configure filter dhcp6-filter number default-action | |
| Tree | default-action | |
| Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
| Synopsis | Enable the bypass-host-creation context | |
| Context | configure filter dhcp6-filter number default-action bypass-host-creation | |
| Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
na boolean
| Synopsis | Bypass the DHCPv6 NA host creation | |
| Context | configure filter dhcp6-filter number default-action bypass-host-creation na boolean | |
| Tree | na | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
pd boolean
| Synopsis | Bypass the DHCPv6 PD host creation | |
| Context | configure filter dhcp6-filter number default-action bypass-host-creation pd boolean | |
| Tree | pd | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
| Synopsis | Drop DHCPv6 message (do not process) | |
| Context | configure filter dhcp6-filter number default-action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter dhcp6-filter number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter dhcp6-filter number entry number | |
| Tree | entry | |
| Max. Instances | 10 | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
[entry-id] number
| Synopsis | DHCP filter entry index | |
| Context | configure filter dhcp6-filter number entry number | |
| Tree | entry | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
action
| Synopsis | Enable the action context | |
| Context | configure filter dhcp6-filter number entry number action | |
| Tree | action | |
| Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
| Synopsis | Enable the bypass-host-creation context | |
| Context | configure filter dhcp6-filter number entry number action bypass-host-creation | |
| Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
na boolean
| Synopsis | Bypass the DHCPv6 NA host creation | |
| Context | configure filter dhcp6-filter number entry number action bypass-host-creation na boolean | |
| Tree | na | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
pd boolean
| Synopsis | Bypass the DHCPv6 PD host creation | |
| Context | configure filter dhcp6-filter number entry number action bypass-host-creation pd boolean | |
| Tree | pd | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
option
| Synopsis | Enable the option context | |
| Context | configure filter dhcp6-filter number entry number option | |
| Tree | option | |
| Introduced | 16.0.R1 | |
Platforms | All |
absent
match
exact boolean
hex string
invert boolean
string string
number number
present
gre-tunnel-template [gre-tunnel-template-name] string
| Synopsis | Enter the gre-tunnel-template list instance | |
| Context | configure filter gre-tunnel-template string | |
| Tree | gre-tunnel-template | |
| Max. Instances | 8191 | |
| Introduced | 16.0.R1 | |
Platforms | All |
[gre-tunnel-template-name] string
| Synopsis | GRE tunnel template ID | |
| Context | configure filter gre-tunnel-template string | |
| Tree | gre-tunnel-template | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter gre-tunnel-template string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R2 | |
Platforms | All |
ipv4
| Synopsis | Enter the ipv4 context | |
| Context | configure filter gre-tunnel-template string ipv4 | |
| Tree | ipv4 | |
Notes | The following elements are part of a choice: ipv4 or ipv6. | |
| Introduced | 16.0.R1 | |
Platforms | All |
destination-address [address] string
| Synopsis | Add a list entry for destination-address | |
| Context | configure filter gre-tunnel-template string ipv4 destination-address string | |
| Tree | destination-address | |
Description | This command defines a destination for the GRE IP header used to encapsulate the matching IPv4/IPv6 packet. A single destination address can be specified for an IPv6 gre-tunnel-template. Traffic matching the associated IPv4 or IPv6 filter is hashed across any available ECMP or UCMP route next hop available to the destination address. If no destination address is available, then matching traffic follows the configured pbr-down-action-override action, if configured. If no pbr-down-action-override is configured traffic is discarded. | |
| Max. Instances | 32 | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
[address] string
| Synopsis | Destination IPv4 address | |
| Context | configure filter gre-tunnel-template string ipv4 destination-address string | |
| Tree | destination-address | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
gre-key (keyword | number)
| Synopsis | GRE key | |
| Context | configure filter gre-tunnel-template string ipv4 gre-key (keyword | number) | |
| Tree | gre-key | |
| Max. Range | 0 to 4294967295 | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
skip-ttl-decrement boolean
| Synopsis | Decrement TTL | |
| Context | configure filter gre-tunnel-template string ipv4 skip-ttl-decrement boolean | |
| Tree | skip-ttl-decrement | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
source-address string
| Synopsis | Source IP address of the GRE encapsulated | |
| Context | configure filter gre-tunnel-template string ipv4 source-address string | |
| Tree | source-address | |
| Introduced | 16.0.R1 | |
Platforms | All |
ipv6
| Synopsis | Enter the ipv6 context | |
| Context | configure filter gre-tunnel-template string ipv6 | |
| Tree | ipv6 | |
Notes | The following elements are part of a choice: ipv4 or ipv6. | |
| Introduced | 22.7.R1 | |
Platforms | All |
destination-address [address] string
| Synopsis | Add a list entry for destination-address | |
| Context | configure filter gre-tunnel-template string ipv6 destination-address string | |
| Tree | destination-address | |
| Max. Instances | 1 | |
| Introduced | 22.7.R1 | |
|
Platforms | All |
[address] string
| Synopsis | IPv6 destination address | |
| Context | configure filter gre-tunnel-template string ipv6 destination-address string | |
| Tree | destination-address | |
Notes | This element is part of a list key. | |
| Introduced | 22.7.R1 | |
Platforms | All |
gre-key keyword
| Synopsis | Include a key value in GRE header | |
| Context | configure filter gre-tunnel-template string ipv6 gre-key keyword | |
| Tree | gre-key | |
Description | This command includes a key value in the GRE header of ifIndex of the ingress interface. | |
| Options | ||
| Introduced | 22.7.R1 | |
Platforms | All |
skip-hop-decrement boolean
| Synopsis | Decrement TTL of the received packet | |
| Context | configure filter gre-tunnel-template string ipv6 skip-hop-decrement boolean | |
| Tree | skip-hop-decrement | |
Description | When configured to true, the system decrements the TTL of the IP packet matching the IPv4 or IPv6 filter when it is encapsulated into the GRE tunnel header. When configured to false, the system increases the TTL of the received packet. | |
| Default | false | |
| Introduced | 22.7.R1 | |
|
Platforms | All |
source-address string
| Synopsis | Source IPv6 address of the GRE encapsulated | |
| Context | configure filter gre-tunnel-template string ipv6 source-address string | |
| Tree | source-address | |
| Introduced | 22.7.R1 | |
Platforms | All |
ip-exception [filter-name] string
| Synopsis | Enter the ip-exception list instance | |
| Context | configure filter ip-exception string | |
| Tree | ip-exception | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
[filter-name] string
| Synopsis | Filter name | |
| Context | configure filter ip-exception string | |
| Tree | ip-exception | |
| String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
description string
| Synopsis | Text description | |
| Context | configure filter ip-exception string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter ip-exception string entry number | |
| Tree | entry | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
[entry-id] number
| Synopsis | ID for a match criteria and the corresponding action | |
| Context | configure filter ip-exception string entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
description string
| Synopsis | Text description | |
| Context | configure filter ip-exception string entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
match
| Synopsis | Enter the match context | |
| Context | configure filter ip-exception string entry number match | |
| Tree | match | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
dst-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
mask string
dst-port
eq number
gt number
lt number
range
end number
start number
icmp
code number
type number
protocol (number | keyword)
src-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
mask string
src-port
eq number
gt number
lt number
range
end number
start number
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Filter ID | |
| Context | configure filter ip-exception string filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 20.10.R1 | |
|
Platforms | VSR | |
ip-filter [filter-name] string
[filter-name] string
chain-to-system-filter boolean
| Synopsis | Chain filter policy to the active IPvX system filter policy | |
| Context | configure filter ip-filter string chain-to-system-filter boolean | |
| Tree | chain-to-system-filter | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
default-action keyword
| Synopsis | Action for packets that do not match any entry | |
| Context | configure filter ip-filter string default-action keyword | |
| Tree | default-action | |
| Default | drop | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter ip-filter string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
embed
| Synopsis | Enter the embed context | |
| Context | configure filter ip-filter string embed | |
| Tree | embed | |
Description | Commands in this context embed a previously defined IPv4 embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only. | |
| Introduced | 16.0.R1 | |
Platforms | All |
filter [name] reference offset number
[name] reference
offset number
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ip-filter string embed filter reference offset number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
flowspec offset number
offset number
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ip-filter string embed flowspec offset number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
group number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Interface group ID for an external configured set of flowspec rules | |
| Context | configure filter ip-filter string embed flowspec offset number group number | |
| Tree | group | |
| Range | 0 to 16383 | |
| Introduced | 16.0.R1 | |
|
Platforms | All | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Virtual router for an external configured set of flowspec rules | |
| Context | configure filter ip-filter string embed flowspec offset number router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
openflow [of-switch] reference offset number
[of-switch] reference
offset number
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ip-filter string embed openflow reference offset number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms | All |
grt
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Global routing context | |
| Context | configure filter ip-filter string embed openflow reference offset number grt | |
| Tree | grt | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
sap reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | SAP context | |
| Context | configure filter ip-filter string embed openflow reference offset number sap reference | |
| Tree | sap | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
system
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | System context | |
| Context | configure filter ip-filter string embed openflow reference offset number system | |
| Tree | system | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
vpls reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPLS context | |
| Context | configure filter ip-filter string embed openflow reference offset number vpls reference | |
| Tree | vpls | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
vprn reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPRN context | |
| Context | configure filter ip-filter string embed openflow reference offset number vprn reference | |
| Tree | vprn | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
entry [entry-id] number
[entry-id] number
action
accept
| Synopsis | Accept regular routing to forward a matching packet | |
| Context | configure filter ip-filter string entry number action accept | |
| Tree | accept | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
accept-when
| Synopsis | Enable the accept-when context | |
| Context | configure filter ip-filter string entry number action accept-when | |
| Tree | accept-when | |
| Introduced | 19.5.R1 | |
Platforms | All |
pattern
expression string
| Synopsis | Pattern expression to match | |
| Context | configure filter ip-filter string entry number action accept-when pattern expression string | |
| Tree | expression | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
mask string
offset-type keyword
| Synopsis | Starting point reference for offset value of pattern | |
| Context | configure filter ip-filter string entry number action accept-when pattern offset-type keyword | |
| Tree | offset-type | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
offset-value number
| Synopsis | Offset value for the pattern expression | |
| Context | configure filter ip-filter string entry number action accept-when pattern offset-value number | |
| Tree | offset-value | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
drop
| Synopsis | Drop a packet matching this entry | |
| Context | configure filter ip-filter string entry number action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
drop-when
extracted-traffic
| Synopsis | Drop traffic extracted to CPM | |
| Context | configure filter ip-filter string entry number action drop-when extracted-traffic | |
| Tree | extracted-traffic | |
| Introduced | 16.0.R1 | |
Platforms | All |
packet-length
| Synopsis | Enable the packet-length context | |
| Context | configure filter ip-filter string entry number action drop-when packet-length | |
| Tree | packet-length | |
Notes | The following elements are part of a choice: packet-length or ttl. | |
| Introduced | 16.0.R1 | |
Platforms | All |
eq number
gt number
lt number
range
end number
start number
pattern
expression string
| Synopsis | Pattern expression to match | |
| Context | configure filter ip-filter string entry number action drop-when pattern expression string | |
| Tree | expression | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
mask string
offset-type keyword
| Synopsis | Starting point reference for offset value of pattern | |
| Context | configure filter ip-filter string entry number action drop-when pattern offset-type keyword | |
| Tree | offset-type | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
| Synopsis | Offset value for the pattern expression | |
| Context | configure filter ip-filter string entry number action drop-when pattern offset-value number | |
| Tree | offset-value | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
ttl
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string entry number action drop-when ttl range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
start number
fc keyword
forward
| Synopsis | Enter the forward context | |
| Context | configure filter ip-filter string entry number action forward | |
| Tree | forward | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
bonding-connection number
| Synopsis | Connection ID over which packet is forwarded | |
| Context | configure filter ip-filter string entry number action forward bonding-connection number | |
| Tree | bonding-connection | |
| Range | 1 to 2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
esi-l2
| Synopsis | Enable the esi-l2 context | |
| Context | configure filter ip-filter string entry number action forward esi-l2 | |
| Tree | esi-l2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
vpls reference
esi-l3
| Synopsis | Enable the esi-l3 context | |
| Context | configure filter ip-filter string entry number action forward esi-l3 | |
| Tree | esi-l3 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | ESI of the first ESI-identified appliance | |
| Context | configure filter ip-filter string entry number action forward esi-l3 esi-value string | |
| Tree | esi-value | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
sf-ip string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IP address of the service function to forward traffic | |
| Context | configure filter ip-filter string entry number action forward esi-l3 sf-ip string | |
| Tree | sf-ip | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vas-interface reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Egress R-VPLS IP interface name | |
| Context | configure filter ip-filter string entry number action forward esi-l3 vas-interface reference | |
| Tree | vas-interface | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vprn reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPRN service name | |
| Context | configure filter ip-filter string entry number action forward esi-l3 vprn reference | |
| Tree | vprn | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
gre-tunnel reference
| Synopsis | GRE tunnel template ID that sets the location where an encapsulated matching packet is transported | |
| Context | configure filter ip-filter string entry number action forward gre-tunnel reference | |
| Tree | gre-tunnel | |
Reference | configure filter gre-tunnel-template string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lsp string
| Synopsis | LSP that is specified to forward a packet matching this entry | |
| Context | configure filter ip-filter string entry number action forward lsp string | |
| Tree | lsp | |
| String Length | 1 to 64 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
mpls-policy
| Synopsis | Enable the mpls-policy context | |
| Context | configure filter ip-filter string entry number action forward mpls-policy | |
| Tree | mpls-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 19.10.R1 | |
Platforms | All |
endpoint string
next-hop
| Synopsis | Enable the next-hop context | |
| Context | configure filter ip-filter string entry number action forward next-hop | |
| Tree | next-hop | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
interface-name string
| Synopsis | IP interface name that forwards matching packets | |
| Context | configure filter ip-filter string entry number action forward next-hop interface-name string | |
| Tree | interface-name | |
| String Length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: interface-name, nh-ip, or nh-ip-vrf. | |
| Introduced | 16.0.R1 | |
Platforms | All |
nh-ip
address string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv4 address of next hop to forward matching packets | |
| Context | configure filter ip-filter string entry number action forward next-hop nh-ip address string | |
| Tree | address | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
indirect boolean
nh-ip-vrf
address string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv4 address of next hop to forward matching packets | |
| Context | configure filter ip-filter string entry number action forward next-hop nh-ip-vrf address string | |
| Tree | address | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ip-filter string entry number action forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
redirect-policy reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Next hop or forward next hop router that forwards a packet that matches this entry | |
| Context | configure filter ip-filter string entry number action forward redirect-policy reference | |
| Tree | redirect-policy | |
Reference | configure filter redirect-policy string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Router name or VPRN service name | |
| Context | configure filter ip-filter string entry number action forward router-instance string | |
| Tree | router-instance | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
sap
| Synopsis | Enable the sap context | |
| Context | configure filter ip-filter string entry number action forward sap | |
| Tree | sap | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
sap-id reference
vpls reference
sdp
| Synopsis | Enable the sdp context | |
| Context | configure filter ip-filter string entry number action forward sdp | |
| Tree | sdp | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
sdp-bind-id string
| Synopsis | VPLS SDP bind ID used to forward matching packets | |
| Context | configure filter ip-filter string entry number action forward sdp sdp-bind-id string | |
| Tree | sdp-bind-id | |
| String Length | 3 to 16 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
srte-policy
| Synopsis | Enable the srte-policy context | |
| Context | configure filter ip-filter string entry number action forward srte-policy | |
| Tree | srte-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 19.10.R1 | |
Platforms | All |
color number
endpoint string
vprn-target
| Synopsis | Enable the vprn-target context | |
| Context | configure filter ip-filter string entry number action forward vprn-target | |
| Tree | vprn-target | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
adv-prefix string
| Synopsis | Advertised IP prefix for target destination | |
| Context | configure filter ip-filter string entry number action forward vprn-target adv-prefix string | |
| Tree | adv-prefix | |
| Introduced | 16.0.R1 | |
Platforms | All |
bgp-nh string
lsp string
vprn reference
gtp-local-breakout
| Synopsis | Break out matching traffic locally from a GTP tunnel for GTP-subscriber-hosts, or forward for other entities | |
| Context | configure filter ip-filter string entry number action gtp-local-breakout | |
| Tree | gtp-local-breakout | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
http-redirect
| Synopsis | Enable the http-redirect context | |
| Context | configure filter ip-filter string entry number action http-redirect | |
| Tree | http-redirect | |
Description | Commands in this context configure the filter entry action for HTTP redirection. | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
allow-override boolean
| Synopsis | Override the HTTP redirect URL by a RADIUS VSA | |
| Context | configure filter ip-filter string entry number action http-redirect allow-override boolean | |
| Tree | allow-override | |
Description | This command specifies whether the RADIUS VSA can override the configured HTTP redirect URL for this filter entry. When configured to true, the RADIUS VSA can override the HTTP redirect URL. When configured to false, the HTTP redirect URL is not overriden. This does not apply if the CPF option is specified for the URL. | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
url (keyword | http-redirect-url)
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | URL used for HTTP redirect action | |
| Context | configure filter ip-filter string entry number action http-redirect url (keyword | http-redirect-url) | |
| Tree | url | |
Description | This command specifies the URL to use for HTTP redirection for this filter entry. A URL can be specified or the CPF option can be used for BNG CUPS ESM sessions only. The following macro substitutions may be used: $URL — request-URI in the HTTP GET request received $MAC — a string that represents the MAC address of the subscriber host $IP — a string that represents the IP address of the subscriber host $SUB — a string that represents the subscriber ID $SAP — a string that represents a SAP ID $SAPDESC — description string configured on the SAP $CID — a string that represents the circuit ID or interface ID of the subscriber host (hexadecimal format) $RID — a string that represents the remote ID of the subscriber host (hexadecimal format) | |
| String Length | 1 to 255 | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
ignore-match
| Synopsis | Ignore match criteria for the entry | |
| Context | configure filter ip-filter string entry number action ignore-match | |
| Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
l2-aware-nat-bypass boolean
| Synopsis | Divert traffic from an L2-Aware NAT subscriber | |
| Context | configure filter ip-filter string entry number action l2-aware-nat-bypass boolean | |
| Tree | l2-aware-nat-bypass | |
Description | When configured to true, the filter action selectively diverts traffic from a L2-Aware NAT subscriber away from NAT. This action is only applicable to L2-Aware NAT subscribers and must be configured together with action accept. Traffic identified in the match condition bypasses L2-Aware NAT. An example is to bypass NAT for on-net destinations (within the customer network). For selective NAT bypass to take effect, in addition to IP filter configuration, the L2-Aware NAT subscriber must be specifically enabled for selective bypass via the allow-bypass configuration option in the configure subscriber-mgmt sub-profile nat allow-bypass context. When configured to false, traffic that is not classified for bypass automatically diverts to L2-Aware NAT, unless it is explicitly configured in the IP filter action to be dropped. | |
| Default | false | |
| Introduced | 20.5.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat
| Synopsis | Enable the nat context | |
| Context | configure filter ip-filter string entry number action nat | |
| Tree | nat | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-policy reference
|
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
| Synopsis | NAT policy name when action is NAT | |
| Context | configure filter ip-filter string entry number action nat nat-policy reference | |
| Tree | nat-policy | |
Reference | configure service nat nat-policy string | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
rate-limit
| Synopsis | Enable the rate-limit context | |
| Context | configure filter ip-filter string entry number action rate-limit | |
| Tree | rate-limit | |
| Introduced | 16.0.R1 | |
Platforms | All |
extracted-traffic
| Synopsis | Limit the rate of traffic extracted to the CPM | |
| Context | configure filter ip-filter string entry number action rate-limit extracted-traffic | |
| Tree | extracted-traffic | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
packet-length
| Synopsis | Enable the packet-length context | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length | |
| Tree | packet-length | |
Notes | The following elements are part of a choice: packet-length or ttl. | |
| Introduced | 16.0.R1 | |
Platforms | All |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length gt number | |
| Tree | gt | |
| Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length lt number | |
| Tree | lt | |
| Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
| Synopsis | Upper bound of the length range | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
start number
| Synopsis | Lower bound of the length range | |
| Context | configure filter ip-filter string entry number action rate-limit packet-length range start number | |
| Tree | start | |
| Range | 0 to 65534 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
pattern
expression string
| Synopsis | Pattern expression to match | |
| Context | configure filter ip-filter string entry number action rate-limit pattern expression string | |
| Tree | expression | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
mask string
offset-type keyword
| Synopsis | Starting point reference for offset value of pattern | |
| Context | configure filter ip-filter string entry number action rate-limit pattern offset-type keyword | |
| Tree | offset-type | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
| Synopsis | Offset value for the pattern expression | |
| Context | configure filter ip-filter string entry number action rate-limit pattern offset-value number | |
| Tree | offset-value | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
pir (number | keyword)
pps-pir (number | keyword)
| Synopsis | Peak information rate | |
| Context | configure filter ip-filter string entry number action rate-limit pps-pir (number | keyword) | |
| Tree | pps-pir | |
| Range | 0 to 100000000 | |
| Units | packets per second | |
| Options | ||
Notes | The following elements are part of a mandatory choice: pir or pps-pir. | |
| Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
ttl
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string entry number action rate-limit ttl range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
start number
reassemble
| Synopsis | Forward matching packets to reassembly function | |
| Context | configure filter ip-filter string entry number action reassemble | |
| Tree | reassemble | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
remark
dscp keyword
secondary
forward
next-hop
nh-ip-vrf
address string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv4 address of next hop to forward matching packets | |
| Context | configure filter ip-filter string entry number action secondary forward next-hop nh-ip-vrf address string | |
| Tree | address | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ip-filter string entry number action secondary forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
sap
sap-id reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | SAP ID used to forward packets matching the entry | |
| Context | configure filter ip-filter string entry number action secondary forward sap sap-id reference | |
| Tree | sap-id | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vpls reference
sdp
sdp-bind-id string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPLS SDP bind ID used to forward matching packets | |
| Context | configure filter ip-filter string entry number action secondary forward sdp sdp-bind-id string | |
| Tree | sdp-bind-id | |
| String Length | 3 to 16 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vpls reference
vprn-target
| Synopsis | Enable the vprn-target context | |
| Context | configure filter ip-filter string entry number action secondary forward vprn-target | |
| Tree | vprn-target | |
Notes | The following elements are part of a choice: next-hop, sap, sdp, or vprn-target. | |
| Introduced | 21.7.R1 | |
Platforms | All |
adv-prefix string
| Synopsis | Advertised IP prefix for the target destination | |
| Context | configure filter ip-filter string entry number action secondary forward vprn-target adv-prefix string | |
| Tree | adv-prefix | |
| Introduced | 21.7.R1 | |
Platforms | All |
bgp-nh string
lsp string
vprn reference
remark
dscp keyword
tcp-mss-adjust
| Synopsis | Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context | |
| Context | configure filter ip-filter string entry number action tcp-mss-adjust | |
| Tree | tcp-mss-adjust | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description string
| Synopsis | Text description | |
| Context | configure filter ip-filter string entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
egress-pbr keyword
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | PBR that has an effect when this filter is applied on egress | |
| Context | configure filter ip-filter string entry number egress-pbr keyword | |
| Tree | egress-pbr | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms | All | |
filter-sample boolean
| Synopsis | Sample matching traffic if IP interface is set to cflowd ACL mode | |
| Context | configure filter ip-filter string entry number filter-sample boolean | |
| Tree | filter-sample | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
interface-sample boolean
| Synopsis | Sample matching traffic if IP interface is set to cflowd interface mode | |
| Context | configure filter ip-filter string entry number interface-sample boolean | |
| Tree | interface-sample | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
log reference
match
| Synopsis | Enter the match context | |
| Context | configure filter ip-filter string entry number match | |
| Tree | match | |
Description | Commands in this context configure match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed. | |
| Introduced | 16.0.R1 | |
Platforms | All |
destination-class number
| Synopsis | Destination class as a match criterion | |
| Context | configure filter ip-filter string entry number match destination-class number | |
| Tree | destination-class | |
Description | This command configures the BGP destination class value as a match criterion. Filtering egress traffic on the destination class requires the destination-class-lookup command (under the ingress context for the service interface) to be enabled (set to true). | |
| Range | 1 to 255 | |
| Introduced | 20.7.R1 | |
|
Platforms | All |
dscp keyword
dst-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
ip-prefix-list reference
| Synopsis | IP4 address prefix list used as match criterion | |
| Context | configure filter ip-filter string entry number match dst-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
mask string
dst-port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ip-filter string entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
fragment keyword
icmp
code number
type number
ip
address (ipv4-prefix-with-host-bits | ipv4-address)
ip-prefix-list reference
| Synopsis | IP4 address prefix list used as match criterion | |
| Context | configure filter ip-filter string entry number match ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 21.10.R1 | |
Platforms | All |
mask string
ip-option
mask number
type number
multiple-option boolean
| Synopsis | Match based on presence of multiple options in header | |
| Context | configure filter ip-filter string entry number match multiple-option boolean | |
| Tree | multiple-option | |
| Introduced | 16.0.R1 | |
Platforms | All |
option-present boolean
| Synopsis | Match on the presence of any IP option in the packet | |
| Context | configure filter ip-filter string entry number match option-present boolean | |
| Tree | option-present | |
| Introduced | 16.0.R1 | |
Platforms | All |
packet-length
| Synopsis | Enable the packet-length context | |
| Context | configure filter ip-filter string entry number match packet-length | |
| Tree | packet-length | |
| Introduced | 19.5.R1 | |
Platforms | All |
eq number
gt number
lt number
range
end number
start number
port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ip-filter string entry number match port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
protocol (number | keyword)
protocol-list reference
| Synopsis | Name of the protocol list as a match criterion | |
| Context | configure filter ip-filter string entry number match protocol-list reference | |
| Tree | protocol-list | |
Reference | configure filter match-list protocol-list string | |
Notes | The following elements are part of a choice: protocol or protocol-list. | |
| Introduced | 20.7.R1 | |
Platforms | All |
src-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
ip-prefix-list reference
| Synopsis | IP4 address prefix list used as match criterion | |
| Context | configure filter ip-filter string entry number match src-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
mask string
src-mac
address string
mask string
src-port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ip-filter string entry number match src-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
src-route-option boolean
| Synopsis | Match based on presence of source route option | |
| Context | configure filter ip-filter string entry number match src-route-option boolean | |
| Tree | src-route-option | |
| Introduced | 16.0.R1 | |
Platforms | All |
tcp-established
| Synopsis | Match packets containing the TCP flag as ACK or RST | |
| Context | configure filter ip-filter string entry number match tcp-established | |
| Tree | tcp-established | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
| Introduced | 22.10.R1 | |
Platforms | All |
tcp-flags
ack boolean
cwr boolean
ece boolean
fin boolean
ns boolean
psh boolean
rst boolean
syn boolean
urg boolean
ttl
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string entry number match ttl range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 21.10.R1 | |
Platforms | All |
end number
start number
pbr-down-action-override keyword
| Synopsis | Action when PBR or PBF target for this entry is not available | |
| Context | configure filter ip-filter string entry number pbr-down-action-override keyword | |
| Tree | pbr-down-action-override | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
sample-profile reference
| Synopsis | Cflowd sample profile ID to match packets | |
| Context | configure filter ip-filter string entry number sample-profile reference | |
| Tree | sample-profile | |
Description | This command allows traffic matching an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample profile ID. This option is only compatible if the associated interface is configured for interface-based sampling and is only supported for ingress sampling. An IP filter can only specify a single alternate sample profile ID for cflowd sampling, but the ID can be used in multiple entries. | |
Reference | configure cflowd sample-profile number | |
| Introduced | 20.10.R1 | |
Platforms | All |
sticky-dest (number | keyword)
| Synopsis | Time before action with available PBR or PBF destination and highest priority | |
| Context | configure filter ip-filter string entry number sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
filter-id number
scope keyword
shared-policer boolean
| Synopsis | Share policer among active ports in the LAG | |
| Context | configure filter ip-filter string shared-policer boolean | |
| Tree | shared-policer | |
Description | When configured to true, and when the filter policy is configured on a LAG endpoint, the system programs the policer rates in the filter policy per line card FP of the LAG based on the number of active ports in the LAG for each FP. When configured to false, and when the filter policy is configured on a LAG endpoint, the system programs the same policer rate on each line card FP of the LAG. | |
| Default | false | |
| Introduced | 22.7.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
subscriber-mgmt
| Synopsis | Enter the subscriber-mgmt context | |
| Context | configure filter ip-filter string subscriber-mgmt | |
| Tree | subscriber-mgmt | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
host-specific-entry
| Synopsis | Enter the host-specific-entry context | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry | |
| Tree | host-specific-entry | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
credit-control
| Synopsis | Enter the credit-control context | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control | |
| Tree | credit-control | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of range for credit control filter entries | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of range for credit control filter entries | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
| Synopsis | Enter the filter-rule context | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule | |
| Tree | filter-rule | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of range for inserting filter rule entries | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of range for inserting filter rule entries | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
| Synopsis | Enter the watermark context | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry watermark | |
| Tree | watermark | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
| Synopsis | High watermark for host-specific entries, to raise a table full alarm | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry watermark high number | |
| Tree | high | |
| Range | 0 to 100 | |
| Default | 95 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
| Synopsis | Low watermark for host-specific entries, to clear a table full alarm | |
| Context | configure filter ip-filter string subscriber-mgmt host-specific-entry watermark low number | |
| Tree | low | |
| Range | 0 to 100 | |
| Default | 90 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
shared-entry
| Synopsis | Enter the shared-entry context | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry | |
| Tree | shared-entry | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
| Synopsis | Enter the filter-rule context | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule | |
| Tree | filter-rule | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of range for inserting shared host rules | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of range for inserting shared host rules | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
pcc-rule
| Synopsis | Enter the pcc-rule context | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule | |
| Tree | pcc-rule | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of the range for PCC rule filter entries | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of the range for PCC rule filter entries | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
| Synopsis | Enable the watermark context | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry watermark | |
| Tree | watermark | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
| Synopsis | Limit of RADIUS shared filters before generating high watermark notification | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry watermark high number | |
| Tree | high | |
| Range | 1 to 8000 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
| Synopsis | Limit of RADIUS or Diameter shared filters before clearing high watermark notification | |
| Context | configure filter ip-filter string subscriber-mgmt shared-entry watermark low number | |
| Tree | low | |
| Range | 0 to 7999 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
type keyword
ipv6-exception [filter-name] string
| Synopsis | Enter the ipv6-exception list instance | |
| Context | configure filter ipv6-exception string | |
| Tree | ipv6-exception | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
[filter-name] string
| Synopsis | Filter name | |
| Context | configure filter ipv6-exception string | |
| Tree | ipv6-exception | |
| String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
description string
| Synopsis | Text description | |
| Context | configure filter ipv6-exception string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter ipv6-exception string entry number | |
| Tree | entry | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
[entry-id] number
| Synopsis | ID for a match criteria and the corresponding action | |
| Context | configure filter ipv6-exception string entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
description string
| Synopsis | Text description | |
| Context | configure filter ipv6-exception string entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
match
| Synopsis | Enter the match context | |
| Context | configure filter ipv6-exception string entry number match | |
| Tree | match | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
dst-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-exception string entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-exception string entry number match dst-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
mask string
dst-port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-exception string entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
range
end number
start number
icmp
code number
type number
next-header (number | keyword)
| Synopsis | IP protocol to match | |
| Context | configure filter ipv6-exception string entry number match next-header (number | keyword) | |
| Tree | next-header | |
| Range | 0 to 255 | |
| Options | ||
| Introduced | 20.10.R1 | |
Platforms |
VSR |
port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-exception string entry number match port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
range
end number
start number
src-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-exception string entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-exception string entry number match src-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
mask string
src-port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-exception string entry number match src-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 20.10.R1 | |
Platforms | VSR |
range
end number
start number
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Filter ID | |
| Context | configure filter ipv6-exception string filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 20.10.R1 | |
|
Platforms | VSR | |
ipv6-filter [filter-name] string
| Synopsis | Enter the ipv6-filter list instance | |
| Context | configure filter ipv6-filter string | |
| Tree | ipv6-filter | |
| Introduced | 16.0.R1 | |
Platforms | All |
[filter-name] string
| Synopsis | Filter name | |
| Context | configure filter ipv6-filter string | |
| Tree | ipv6-filter | |
| String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
chain-to-system-filter boolean
| Synopsis | Chain filter policy to the active IPvX system filter policy | |
| Context | configure filter ipv6-filter string chain-to-system-filter boolean | |
| Tree | chain-to-system-filter | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
default-action keyword
| Synopsis | Action for packets that do not match any entry | |
| Context | configure filter ipv6-filter string default-action keyword | |
| Tree | default-action | |
| Default | drop | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter ipv6-filter string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
embed
| Synopsis | Enter the embed context | |
| Context | configure filter ipv6-filter string embed | |
| Tree | embed | |
Description | Commands in this context embed a previously defined IPv6 embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only. | |
| Introduced | 16.0.R1 | |
Platforms | All |
filter [name] reference offset number
[name] reference
| Synopsis | IPv6 policy to be embedded in the filter | |
| Context | configure filter ipv6-filter string embed filter reference offset number | |
| Tree | filter | |
Reference | configure filter ipv6-filter string | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
offset number
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ipv6-filter string embed filter reference offset number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
flowspec offset number
offset number
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ipv6-filter string embed flowspec offset number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
group number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Interface group ID for an external configured set of flowspec rules | |
| Context | configure filter ipv6-filter string embed flowspec offset number group number | |
| Tree | group | |
| Range | 0 to 16383 | |
| Introduced | 16.0.R1 | |
|
Platforms | All | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Virtual router for an external configured set of flowspec rules | |
| Context | configure filter ipv6-filter string embed flowspec offset number router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
openflow [of-switch] reference offset number
[of-switch] reference
offset number
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ipv6-filter string embed openflow reference offset number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms | All |
grt
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Global routing context | |
| Context | configure filter ipv6-filter string embed openflow reference offset number grt | |
| Tree | grt | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
sap reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | SAP context | |
| Context | configure filter ipv6-filter string embed openflow reference offset number sap reference | |
| Tree | sap | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
system
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | System context | |
| Context | configure filter ipv6-filter string embed openflow reference offset number system | |
| Tree | system | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
vpls reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPLS context | |
| Context | configure filter ipv6-filter string embed openflow reference offset number vpls reference | |
| Tree | vpls | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
vprn reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPRN context | |
| Context | configure filter ipv6-filter string embed openflow reference offset number vprn reference | |
| Tree | vprn | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter ipv6-filter string entry number | |
| Tree | entry | |
| Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
| Synopsis | ID for a match criteria and the corresponding action | |
| Context | configure filter ipv6-filter string entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
action
| Synopsis | Enable the action context | |
| Context | configure filter ipv6-filter string entry number action | |
| Tree | action | |
| Introduced | 16.0.R1 | |
Platforms | All |
accept
| Synopsis | Accept regular routing to forward a matching packet | |
| Context | configure filter ipv6-filter string entry number action accept | |
| Tree | accept | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
accept-when
| Synopsis | Enable the accept-when context | |
| Context | configure filter ipv6-filter string entry number action accept-when | |
| Tree | accept-when | |
| Introduced | 19.5.R1 | |
Platforms | All |
pattern
| Synopsis | Enable the pattern context | |
| Context | configure filter ipv6-filter string entry number action accept-when pattern | |
| Tree | pattern | |
| Introduced | 19.5.R1 | |
Platforms | All |
expression string
| Synopsis | Pattern expression to match | |
| Context | configure filter ipv6-filter string entry number action accept-when pattern expression string | |
| Tree | expression | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
mask string
| Synopsis | Mask for the pattern expression | |
| Context | configure filter ipv6-filter string entry number action accept-when pattern mask string | |
| Tree | mask | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
offset-type keyword
| Synopsis | Starting point reference for offset value of pattern | |
| Context | configure filter ipv6-filter string entry number action accept-when pattern offset-type keyword | |
| Tree | offset-type | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
offset-value number
| Synopsis | Offset value for the pattern expression | |
| Context | configure filter ipv6-filter string entry number action accept-when pattern offset-value number | |
| Tree | offset-value | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
drop
drop-when
extracted-traffic
| Synopsis | Drop traffic extracted to CPM | |
| Context | configure filter ipv6-filter string entry number action drop-when extracted-traffic | |
| Tree | extracted-traffic | |
| Introduced | 16.0.R1 | |
Platforms | All |
hop-limit
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string entry number action drop-when hop-limit range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
start number
pattern
expression string
| Synopsis | Pattern expression to match | |
| Context | configure filter ipv6-filter string entry number action drop-when pattern expression string | |
| Tree | expression | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
mask string
offset-type keyword
| Synopsis | Starting point reference for offset value of pattern | |
| Context | configure filter ipv6-filter string entry number action drop-when pattern offset-type keyword | |
| Tree | offset-type | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
| Synopsis | Offset value for the pattern expression | |
| Context | configure filter ipv6-filter string entry number action drop-when pattern offset-value number | |
| Tree | offset-value | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
payload-length
| Synopsis | Enable the payload-length context | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length | |
| Tree | payload-length | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
| Introduced | 16.0.R1 | |
Platforms | All |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length gt number | |
| Tree | gt | |
| Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length lt number | |
| Tree | lt | |
| Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
| Synopsis | Upper bound of the length range | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
start number
| Synopsis | Lower bound of the length range | |
| Context | configure filter ipv6-filter string entry number action drop-when payload-length range start number | |
| Tree | start | |
| Range | 0 to 65534 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
fc keyword
forward
bonding-connection number
| Synopsis | Connection ID over which packet is forwarded | |
| Context | configure filter ipv6-filter string entry number action forward bonding-connection number | |
| Tree | bonding-connection | |
| Range | 1 to 2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
esi-l2
| Synopsis | Enable the esi-l2 context | |
| Context | configure filter ipv6-filter string entry number action forward esi-l2 | |
| Tree | esi-l2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
vpls reference
esi-l3
| Synopsis | Enable the esi-l3 context | |
| Context | configure filter ipv6-filter string entry number action forward esi-l3 | |
| Tree | esi-l3 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | ESI of the first ESI-identified appliance | |
| Context | configure filter ipv6-filter string entry number action forward esi-l3 esi-value string | |
| Tree | esi-value | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
sf-ip string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IP address of the service function to forward traffic | |
| Context | configure filter ipv6-filter string entry number action forward esi-l3 sf-ip string | |
| Tree | sf-ip | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vas-interface reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Egress R-VPLS IP interface name | |
| Context | configure filter ipv6-filter string entry number action forward esi-l3 vas-interface reference | |
| Tree | vas-interface | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vprn reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPRN service name | |
| Context | configure filter ipv6-filter string entry number action forward esi-l3 vprn reference | |
| Tree | vprn | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All | |
gre-tunnel reference
| Synopsis | GRE tunnel template ID that sets the location where an encapsulated matching packet is transported | |
| Context | configure filter ipv6-filter string entry number action forward gre-tunnel reference | |
| Tree | gre-tunnel | |
Reference | configure filter gre-tunnel-template string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lsp string
| Synopsis | LSP that is specified to forward a packet matching this entry | |
| Context | configure filter ipv6-filter string entry number action forward lsp string | |
| Tree | lsp | |
| String Length | 1 to 64 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
mpls-policy
| Synopsis | Enable the mpls-policy context | |
| Context | configure filter ipv6-filter string entry number action forward mpls-policy | |
| Tree | mpls-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 19.10.R1 | |
Platforms | All |
endpoint string
| Synopsis | MPLS forwarding policy endpoint IPv6 address | |
| Context | configure filter ipv6-filter string entry number action forward mpls-policy endpoint string | |
| Tree | endpoint | |
Notes | This element is mandatory. | |
| Introduced | 19.10.R1 | |
Platforms | All |
next-hop
| Synopsis | Enable the next-hop context | |
| Context | configure filter ipv6-filter string entry number action forward next-hop | |
| Tree | next-hop | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
nh-ip
address string
| Synopsis | IPv6 address of next hop to forward matching packets | |
| Context | configure filter ipv6-filter string entry number action forward next-hop nh-ip address string | |
| Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
nh-ip-vrf
address string
| Synopsis | IPv6 address of next hop to forward matching packets | |
| Context | configure filter ipv6-filter string entry number action forward next-hop nh-ip-vrf address string | |
| Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ipv6-filter string entry number action forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
redirect-policy reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Next hop or forward next hop router that forwards a packet that matches this entry | |
| Context | configure filter ipv6-filter string entry number action forward redirect-policy reference | |
| Tree | redirect-policy | |
Reference | configure filter redirect-policy string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Router name or VPRN service name | |
| Context | configure filter ipv6-filter string entry number action forward router-instance string | |
| Tree | router-instance | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
sap
| Synopsis | Enable the sap context | |
| Context | configure filter ipv6-filter string entry number action forward sap | |
| Tree | sap | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
sap-id reference
vpls reference
sdp
| Synopsis | Enable the sdp context | |
| Context | configure filter ipv6-filter string entry number action forward sdp | |
| Tree | sdp | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
sdp-bind-id string
| Synopsis | VPLS SDP bind ID used to forward matching packets | |
| Context | configure filter ipv6-filter string entry number action forward sdp sdp-bind-id string | |
| Tree | sdp-bind-id | |
| String Length | 3 to 16 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
srte-policy
| Synopsis | Enable the srte-policy context | |
| Context | configure filter ipv6-filter string entry number action forward srte-policy | |
| Tree | srte-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 19.10.R1 | |
Platforms | All |
color number
| Synopsis | SR-TE policy color ID | |
| Context | configure filter ipv6-filter string entry number action forward srte-policy color number | |
| Tree | color | |
| Range | 0 to 4294967295 | |
Notes | This element is mandatory. | |
| Introduced | 19.10.R1 | |
Platforms | All |
endpoint string
| Synopsis | SR-TE policy endpoint IPv6 address | |
| Context | configure filter ipv6-filter string entry number action forward srte-policy endpoint string | |
| Tree | endpoint | |
Notes | This element is mandatory. | |
| Introduced | 19.10.R1 | |
Platforms | All |
vprn-target
| Synopsis | Enable the vprn-target context | |
| Context | configure filter ipv6-filter string entry number action forward vprn-target | |
| Tree | vprn-target | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
| Introduced | 16.0.R1 | |
Platforms | All |
adv-prefix string
| Synopsis | Advertised IP prefix for target destination | |
| Context | configure filter ipv6-filter string entry number action forward vprn-target adv-prefix string | |
| Tree | adv-prefix | |
| Introduced | 16.0.R1 | |
Platforms | All |
bgp-nh string
| Synopsis | Target BGP next hop IP address | |
| Context | configure filter ipv6-filter string entry number action forward vprn-target bgp-nh string | |
| Tree | bgp-nh | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lsp string
| Synopsis | LSP that is specified to forward a packet matching this entry | |
| Context | configure filter ipv6-filter string entry number action forward vprn-target lsp string | |
| Tree | lsp | |
| String Length | 1 to 64 | |
| Introduced | 16.0.R1 | |
Platforms | All |
vprn reference
| Synopsis | Routing context used for route lookup | |
| Context | configure filter ipv6-filter string entry number action forward vprn-target vprn reference | |
| Tree | vprn | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
http-redirect
| Synopsis | Enable the http-redirect context | |
| Context | configure filter ipv6-filter string entry number action http-redirect | |
| Tree | http-redirect | |
Description | Commands in this context configure the filter entry action for HTTP redirection. | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
allow-override boolean
| Synopsis | Override the HTTP redirect URL by a RADIUS VSA | |
| Context | configure filter ipv6-filter string entry number action http-redirect allow-override boolean | |
| Tree | allow-override | |
Description | This command specifies whether the RADIUS VSA can override the configured HTTP redirect URL for this filter entry. When configured to true, the RADIUS VSA can override the HTTP redirect URL. When configured to false, the HTTP redirect URL is not overriden. This does not apply if the CPF option is specified for the URL. | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
url (keyword | http-redirect-url)
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | URL used for HTTP redirect action | |
| Context | configure filter ipv6-filter string entry number action http-redirect url (keyword | http-redirect-url) | |
| Tree | url | |
Description | This command specifies the URL to use for HTTP redirection for this filter entry. A URL can be specified or the CPF option can be used for BNG CUPS ESM sessions only. The following macro substitutions may be used: $URL — request-URI in the HTTP GET request received $MAC — a string that represents the MAC address of the subscriber host $IP — a string that represents the IP address of the subscriber host $SUB — a string that represents the subscriber ID $SAP — a string that represents a SAP ID $SAPDESC — description string configured on the SAP $CID — a string that represents the circuit ID or interface ID of the subscriber host (hexadecimal format) $RID — a string that represents the remote ID of the subscriber host (hexadecimal format) | |
| String Length | 1 to 255 | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
ignore-match
| Synopsis | Ignore match criteria for the entry | |
| Context | configure filter ipv6-filter string entry number action ignore-match | |
| Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | All |
nat
| Synopsis | Enable the nat context | |
| Context | configure filter ipv6-filter string entry number action nat | |
| Tree | nat | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-policy reference
|
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
| Synopsis | NAT policy name when action is NAT | |
| Context | configure filter ipv6-filter string entry number action nat nat-policy reference | |
| Tree | nat-policy | |
Reference | configure service nat nat-policy string | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
nat-type keyword
|
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
| Synopsis | NAT type to assign when action is NAT | |
| Context | configure filter ipv6-filter string entry number action nat nat-type keyword | |
| Tree | nat-type | |
| Options | ||
Notes |
This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR | |
rate-limit
| Synopsis | Enable the rate-limit context | |
| Context | configure filter ipv6-filter string entry number action rate-limit | |
| Tree | rate-limit | |
| Introduced | 16.0.R1 | |
Platforms | All |
extracted-traffic
| Synopsis | Limit the rate of traffic extracted to the CPM | |
| Context | configure filter ipv6-filter string entry number action rate-limit extracted-traffic | |
| Tree | extracted-traffic | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
hop-limit
| Synopsis | Enable the hop-limit context | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit | |
| Tree | hop-limit | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
| Introduced | 16.0.R1 | |
Platforms | All |
eq number
| Synopsis | Equal to condition match value | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit eq number | |
| Tree | eq | |
| Range | 0 to 255 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
gt number
| Synopsis | Greater than condition match value | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit gt number | |
| Tree | gt | |
| Range | 0 to 254 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lt number
| Synopsis | Less than condition match value | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit lt number | |
| Tree | lt | |
| Range | 1 to 255 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
| Synopsis | Upper bound of the range | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit range end number | |
| Tree | end | |
| Range | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
start number
| Synopsis | Lower bound of the range | |
| Context | configure filter ipv6-filter string entry number action rate-limit hop-limit range start number | |
| Tree | start | |
| Range | 0 to 254 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
pattern
| Synopsis | Enable the pattern context | |
| Context | configure filter ipv6-filter string entry number action rate-limit pattern | |
| Tree | pattern | |
| Introduced | 16.0.R4 | |
Platforms | All |
expression string
| Synopsis | Pattern expression to match | |
| Context | configure filter ipv6-filter string entry number action rate-limit pattern expression string | |
| Tree | expression | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
mask string
| Synopsis | Mask for the pattern expression | |
| Context | configure filter ipv6-filter string entry number action rate-limit pattern mask string | |
| Tree | mask | |
| String Length | 3 to 18 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
offset-type keyword
| Synopsis | Starting point reference for offset value of pattern | |
| Context | configure filter ipv6-filter string entry number action rate-limit pattern offset-type keyword | |
| Tree | offset-type | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
| Synopsis | Offset value for the pattern expression | |
| Context | configure filter ipv6-filter string entry number action rate-limit pattern offset-value number | |
| Tree | offset-value | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R4 | |
Platforms | All |
payload-length
| Synopsis | Enable the payload-length context | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length | |
| Tree | payload-length | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
| Introduced | 16.0.R1 | |
Platforms | All |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length gt number | |
| Tree | gt | |
| Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length lt number | |
| Tree | lt | |
| Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
| Synopsis | Upper bound of the length range | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
start number
| Synopsis | Lower bound of the length range | |
| Context | configure filter ipv6-filter string entry number action rate-limit payload-length range start number | |
| Tree | start | |
| Range | 0 to 65534 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
pir (number | keyword)
| Synopsis | Peak information rate | |
| Context | configure filter ipv6-filter string entry number action rate-limit pir (number | keyword) | |
| Tree | pir | |
| Range | 0 to 2000000000 | |
| Units | kilobps | |
| Options | ||
|
Notes | The following elements are part of a mandatory choice: pir or pps-pir. | |
| Introduced | 16.0.R1 | |
Platforms | All |
pps-pir (number | keyword)
| Synopsis | Peak information rate | |
| Context | configure filter ipv6-filter string entry number action rate-limit pps-pir (number | keyword) | |
| Tree | pps-pir | |
| Range | 0 to 100000000 | |
| Units | packets per second | |
| Options | ||
Notes | The following elements are part of a mandatory choice: pir or pps-pir. | |
| Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
remark
dscp keyword
secondary
forward
next-hop
nh-ip-vrf
address string
| Synopsis | IPv6 address of next hop to forward matching packets | |
| Context | configure filter ipv6-filter string entry number action secondary forward next-hop nh-ip-vrf address string | |
| Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ipv6-filter string entry number action secondary forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
sap
sap-id reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | SAP ID used to forward packets matching the entry | |
| Context | configure filter ipv6-filter string entry number action secondary forward sap sap-id reference | |
| Tree | sap-id | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vpls reference
sdp
sdp-bind-id string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPLS SDP bind ID used to forward matching packets | |
| Context | configure filter ipv6-filter string entry number action secondary forward sdp sdp-bind-id string | |
| Tree | sdp-bind-id | |
| String Length | 3 to 16 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vpls reference
vprn-target
| Synopsis | Enable the vprn-target context | |
| Context | configure filter ipv6-filter string entry number action secondary forward vprn-target | |
| Tree | vprn-target | |
Notes | The following elements are part of a choice: next-hop, sap, sdp, or vprn-target. | |
| Introduced | 21.7.R1 | |
Platforms | All |
adv-prefix string
| Synopsis | Advertised IP prefix for the target destination | |
| Context | configure filter ipv6-filter string entry number action secondary forward vprn-target adv-prefix string | |
| Tree | adv-prefix | |
| Introduced | 21.7.R1 | |
Platforms | All |
bgp-nh string
| Synopsis | Target BGP next hop IP address | |
| Context | configure filter ipv6-filter string entry number action secondary forward vprn-target bgp-nh string | |
| Tree | bgp-nh | |
Notes | This element is mandatory. | |
| Introduced | 21.7.R1 | |
Platforms | All |
lsp string
| Synopsis | LSP that is specified to forward a packet matching this entry | |
| Context | configure filter ipv6-filter string entry number action secondary forward vprn-target lsp string | |
| Tree | lsp | |
| String Length | 1 to 64 | |
| Introduced | 21.7.R1 | |
Platforms | All |
vprn reference
remark
dscp keyword
tcp-mss-adjust
| Synopsis | Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context | |
| Context | configure filter ipv6-filter string entry number action tcp-mss-adjust | |
| Tree | tcp-mss-adjust | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description string
| Synopsis | Text description | |
| Context | configure filter ipv6-filter string entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
egress-pbr keyword
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | PBR that has an effect when this filter is applied on egress | |
| Context | configure filter ipv6-filter string entry number egress-pbr keyword | |
| Tree | egress-pbr | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms | All | |
filter-sample boolean
| Synopsis | Sample matching traffic if IP interface is set to cflowd ACL mode | |
| Context | configure filter ipv6-filter string entry number filter-sample boolean | |
| Tree | filter-sample | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
interface-sample boolean
| Synopsis | Sample matching traffic if IP interface is set to cflowd interface mode | |
| Context | configure filter ipv6-filter string entry number interface-sample boolean | |
| Tree | interface-sample | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
log reference
match
| Synopsis | Enter the match context | |
| Context | configure filter ipv6-filter string entry number match | |
| Tree | match | |
Description | Commands in this context provide match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed. | |
| Introduced | 16.0.R1 | |
Platforms | All |
destination-class number
| Synopsis | Destination class as a match criterion | |
| Context | configure filter ipv6-filter string entry number match destination-class number | |
| Tree | destination-class | |
Description | This command configures the BGP destination class value as a match criterion. Filtering egress traffic on the destination class requires the destination-class-lookup command (under the ingress context for the service interface) to be enabled (set to true). | |
| Range | 1 to 255 | |
| Introduced | 20.7.R1 | |
|
Platforms | All |
dscp keyword
dst-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-filter string entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-filter string entry number match dst-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
mask string
dst-port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-filter string entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
extension-header
| Synopsis | Enter the extension-header context | |
| Context | configure filter ipv6-filter string entry number match extension-header | |
| Tree | extension-header | |
| Introduced | 16.0.R1 | |
Platforms | All |
ah boolean
| Synopsis | Match a packet as per the existence of an AH Extension Header | |
| Context | configure filter ipv6-filter string entry number match extension-header ah boolean | |
| Tree | ah | |
| Introduced | 16.0.R1 | |
Platforms | All |
esp boolean
| Synopsis | Match a packet as per the existence of an Encapsulation security payload extension header | |
| Context | configure filter ipv6-filter string entry number match extension-header esp boolean | |
| Tree | esp | |
| Introduced | 16.0.R1 | |
Platforms | All |
hop-by-hop boolean
| Synopsis | Match on Hop-by-Hop Options Extension Header existence | |
| Context | configure filter ipv6-filter string entry number match extension-header hop-by-hop boolean | |
| Tree | hop-by-hop | |
| Introduced | 16.0.R2 | |
Platforms | All |
routing-type0 boolean
| Synopsis | Match a packet as per the existence of a routing Extension Header | |
| Context | configure filter ipv6-filter string entry number match extension-header routing-type0 boolean | |
| Tree | routing-type0 | |
| Introduced | 16.0.R1 | |
Platforms | All |
flow-label
| Synopsis | Enable the flow-label context | |
| Context | configure filter ipv6-filter string entry number match flow-label | |
| Tree | flow-label | |
| Introduced | 16.0.R1 | |
Platforms | All |
mask number
| Synopsis | Flow label mask for this policy IP filter entry | |
| Context | configure filter ipv6-filter string entry number match flow-label mask number | |
| Tree | mask | |
| Range | 1 to 1048575 | |
| Default | 1048575 | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
value number
| Synopsis | Flow label as match criterion | |
| Context | configure filter ipv6-filter string entry number match flow-label value number | |
| Tree | value | |
| Range | 0 to 1048575 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
fragment keyword
hop-limit
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string entry number match hop-limit range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 21.10.R1 | |
Platforms | All |
end number
start number
icmp
code number
type number
ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-filter string entry number match ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 21.10.R1 | |
Platforms | All |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-filter string entry number match ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 21.10.R1 | |
Platforms | All |
mask string
next-header (number | keyword)
| Synopsis | IP protocol to match | |
| Context | configure filter ipv6-filter string entry number match next-header (number | keyword) | |
| Tree | next-header | |
| Range | 0 to 255 | |
| Options | ||
Notes |
The following elements are part of a choice: next-header or next-header-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
next-header-list reference
| Synopsis | Name of the protocol list as a match criterion | |
| Context | configure filter ipv6-filter string entry number match next-header-list reference | |
| Tree | next-header-list | |
Reference | configure filter match-list protocol-list string | |
Notes | The following elements are part of a choice: next-header or next-header-list. | |
| Introduced | 20.7.R1 | |
Platforms | All |
packet-length
| Synopsis | Enable the packet-length context | |
| Context | configure filter ipv6-filter string entry number match packet-length | |
| Tree | packet-length | |
| Introduced | 19.5.R1 | |
Platforms | All |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ipv6-filter string entry number match packet-length eq number | |
| Tree | eq | |
| Range | 40 to 65575 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 19.5.R1 | |
Platforms | All |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ipv6-filter string entry number match packet-length gt number | |
| Tree | gt | |
| Range | 40 to 65574 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 19.5.R1 | |
Platforms | All |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ipv6-filter string entry number match packet-length lt number | |
| Tree | lt | |
| Range | 41 to 65575 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 19.5.R1 | |
Platforms | All |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string entry number match packet-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 19.5.R1 | |
Platforms | All |
end number
| Synopsis | Upper bound of packet length range as match criterion | |
| Context | configure filter ipv6-filter string entry number match packet-length range end number | |
| Tree | end | |
| Range | 41 to 65575 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
start number
| Synopsis | Lower bound of packet length range as match criterion | |
| Context | configure filter ipv6-filter string entry number match packet-length range start number | |
| Tree | start | |
| Range | 40 to 65574 | |
Notes | This element is mandatory. | |
| Introduced | 19.5.R1 | |
Platforms | All |
port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-filter string entry number match port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
src-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-filter string entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-filter string entry number match src-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 16.0.R1 | |
Platforms | All |
mask string
src-mac
address string
mask string
src-port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-filter string entry number match src-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
tcp-established
| Synopsis | Match packets containing the TCP flag as ACK or RST | |
| Context | configure filter ipv6-filter string entry number match tcp-established | |
| Tree | tcp-established | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
| Introduced | 22.10.R1 | |
Platforms | All |
tcp-flags
ack boolean
cwr boolean
ece boolean
fin boolean
ns boolean
psh boolean
rst boolean
syn boolean
urg boolean
pbr-down-action-override keyword
| Synopsis | Action when PBR or PBF target for this entry is not available | |
| Context | configure filter ipv6-filter string entry number pbr-down-action-override keyword | |
| Tree | pbr-down-action-override | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
sample-profile reference
| Synopsis | Cflowd sample profile ID to match packets | |
| Context | configure filter ipv6-filter string entry number sample-profile reference | |
| Tree | sample-profile | |
Description | This command allows traffic matching an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample profile ID. This option is only compatible if the associated interface is configured for interface-based sampling and is only supported for ingress sampling. An IP filter can only specify a single alternate sample profile ID for cflowd sampling, but the ID can be used in multiple entries. | |
Reference | configure cflowd sample-profile number | |
| Introduced | 20.10.R1 | |
Platforms | All |
sticky-dest (number | keyword)
| Synopsis | Time before action with available PBR or PBF destination and highest priority | |
| Context | configure filter ipv6-filter string entry number sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv6 filter identifier | |
| Context | configure filter ipv6-filter string filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 16.0.R1 | |
|
Platforms | All | |
scope keyword
| Synopsis | Scope of this filter definition | |
| Context | configure filter ipv6-filter string scope keyword | |
| Tree | scope | |
| Default | template | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
shared-policer boolean
| Synopsis | Share policer among active ports in the LAG | |
| Context | configure filter ipv6-filter string shared-policer boolean | |
| Tree | shared-policer | |
Description | When configured to true, and when the filter policy is configured on a LAG endpoint, the system programs the policer rates in the filter policy per line card FP of the LAG based on the number of active ports in the LAG for each FP. When configured to false, and when the filter policy is configured on a LAG endpoint, the system programs the same policer rate on each line card FP of the LAG. | |
| Default | false | |
| Introduced | 22.7.R1 | |
|
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
subscriber-mgmt
| Synopsis | Enter the subscriber-mgmt context | |
| Context | configure filter ipv6-filter string subscriber-mgmt | |
| Tree | subscriber-mgmt | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
host-specific-entry
| Synopsis | Enter the host-specific-entry context | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry | |
| Tree | host-specific-entry | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
credit-control
| Synopsis | Enter the credit-control context | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control | |
| Tree | credit-control | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of range for credit control filter entries | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of range for credit control filter entries | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
| Synopsis | Enter the filter-rule context | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule | |
| Tree | filter-rule | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of range for inserting filter rule entries | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of range for inserting filter rule entries | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
| Synopsis | Enter the watermark context | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark | |
| Tree | watermark | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
| Synopsis | High watermark for host-specific entries, to raise a table full alarm | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark high number | |
| Tree | high | |
| Range | 0 to 100 | |
| Default | 95 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
| Synopsis | Low watermark for host-specific entries, to clear a table full alarm | |
| Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark low number | |
| Tree | low | |
| Range | 0 to 100 | |
| Default | 90 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
shared-entry
| Synopsis | Enter the shared-entry context | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry | |
| Tree | shared-entry | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
| Synopsis | Enter the filter-rule context | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule | |
| Tree | filter-rule | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of range for inserting shared host rules | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of range for inserting shared host rules | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
pcc-rule
| Synopsis | Enter the pcc-rule context | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule | |
| Tree | pcc-rule | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range | |
| Tree | range | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
| Synopsis | Upper bound of the range for PCC rule filter entries | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range end number | |
| Tree | end | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
| Synopsis | Lower bound of the range for PCC rule filter entries | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range start number | |
| Tree | start | |
| Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
| Synopsis | Enable the watermark context | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry watermark | |
| Tree | watermark | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
| Synopsis | Limit of RADIUS shared filters before generating high watermark notification | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry watermark high number | |
| Tree | high | |
| Range | 1 to 8000 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
| Synopsis | Limit of RADIUS or Diameter shared filters before clearing high watermark notification | |
| Context | configure filter ipv6-filter string subscriber-mgmt shared-entry watermark low number | |
| Tree | low | |
| Range | 0 to 7999 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
type keyword
| Synopsis | Set of match criteria for the filter policy | |
| Context | configure filter ipv6-filter string type keyword | |
| Tree | type | |
Description | This command configures the filter policy type that defines the list of match criteria supported in a filter policy. | |
| Default | normal | |
| Options | ||
| Introduced | 19.5.R1 | |
Platforms | All |
log [log-id] number
[log-id] number
admin-state keyword
| Synopsis | Administrative state of filter logging | |
| Context | configure filter log number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter log number description string | |
| Tree | description | |
| String Length | 0 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
destination
| Synopsis | Enter the destination context | |
| Context | configure filter log number destination | |
| Tree | destination | |
| Introduced | 16.0.R1 | |
Platforms | All |
memory
| Synopsis | Enter the memory context | |
| Context | configure filter log number destination memory | |
| Tree | memory | |
Notes | The following elements are part of a choice: memory or syslog. | |
| Introduced | 16.0.R1 | |
Platforms | All |
max-entries number
| Synopsis | Maximum number of memory entries that the log can store | |
| Context | configure filter log number destination memory max-entries number | |
| Tree | max-entries | |
| Range | 1 to 50000 | |
| Default | 1000 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
stop-on-full boolean
| Synopsis | Stop logging when maximum number of memory entries is reached or wrap-around is used | |
| Context | configure filter log number destination memory stop-on-full boolean | |
| Tree | stop-on-full | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
syslog
| Synopsis | Enter the syslog context | |
| Context | configure filter log number destination syslog | |
| Tree | syslog | |
Notes | The following elements are part of a choice: memory or syslog. | |
| Introduced | 16.0.R1 | |
Platforms | All |
name reference
summary
admin-state keyword
| Synopsis | Administrative state of filter log summarization | |
| Context | configure filter log number destination syslog summary admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
summary-crit keyword
| Synopsis | Summary for filter log entries | |
| Context | configure filter log number destination syslog summary summary-crit keyword | |
| Tree | summary-crit | |
| Default | src-addr | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
mac-filter [filter-name] string
| Synopsis | Enter the mac-filter list instance | |
| Context | configure filter mac-filter string | |
| Tree | mac-filter | |
| Introduced | 16.0.R1 | |
Platforms | All |
[filter-name] string
| Synopsis | Filter name | |
| Context | configure filter mac-filter string | |
| Tree | mac-filter | |
| String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
default-action keyword
| Synopsis | Action for packets that do not match any entry | |
| Context | configure filter mac-filter string default-action keyword | |
| Tree | default-action | |
| Default | drop | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter mac-filter string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
embed
| Synopsis | Enter the embed context | |
| Context | configure filter mac-filter string embed | |
| Tree | embed | |
Description | Commands in this context embed a previously defined MAC embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only. | |
| Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter mac-filter string entry number | |
| Tree | entry | |
| Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
| Synopsis | ID for a match criteria and the corresponding action | |
| Context | configure filter mac-filter string entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
action
| Synopsis | Enable the action context | |
| Context | configure filter mac-filter string entry number action | |
| Tree | action | |
| Introduced | 16.0.R1 | |
Platforms | All |
accept
drop
forward
esi-l2
esi-value string
vpls reference
sap
sap-id reference
vpls reference
sdp
sdp-bind-id string
| Synopsis | VPLS SDP bind ID used to forward matching packets | |
| Context | configure filter mac-filter string entry number action forward sdp sdp-bind-id string | |
| Tree | sdp-bind-id | |
| String Length | 3 to 16 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
http-redirect
| Synopsis | Enable the http-redirect context | |
| Context | configure filter mac-filter string entry number action http-redirect | |
| Tree | http-redirect | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match. | |
| Introduced | 16.0.R1 | |
Platforms | All |
url string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | URL that is used for redirecting | |
| Context | configure filter mac-filter string entry number action http-redirect url string | |
| Tree | url | |
| String Length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
ignore-match
| Synopsis | Ignore match criteria for the entry | |
| Context | configure filter mac-filter string entry number action ignore-match | |
| Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match. | |
| Introduced | 16.0.R1 | |
Platforms | All |
rate-limit
| Synopsis | Enable the rate-limit context | |
| Context | configure filter mac-filter string entry number action rate-limit | |
| Tree | rate-limit | |
| Introduced | 16.0.R1 | |
Platforms | All |
pir (number | keyword)
| Synopsis | Peak information rate | |
| Context | configure filter mac-filter string entry number action rate-limit pir (number | keyword) | |
| Tree | pir | |
| Range | 0 to 2000000000 | |
| Units | kilobps | |
| Options | ||
|
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All |
secondary
forward
sap
sap-id reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | SAP ID used to forward packets matching the entry | |
| Context | configure filter mac-filter string entry number action secondary forward sap sap-id reference | |
| Tree | sap-id | |
Reference | ||
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vpls reference
sdp
sdp-bind-id string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | VPLS SDP bind ID used to forward matching packets | |
| Context | configure filter mac-filter string entry number action secondary forward sdp sdp-bind-id string | |
| Tree | sdp-bind-id | |
| String Length | 3 to 16 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
vpls reference
description string
| Synopsis | Text description | |
| Context | configure filter mac-filter string entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
log reference
match
| Synopsis | Enter the match context | |
| Context | configure filter mac-filter string entry number match | |
| Tree | match | |
| Introduced | 16.0.R1 | |
Platforms | All |
dot1p
mask number
priority number
dst-mac
address string
mask string
etype string
frame-type keyword
| Synopsis | MAC frame as match criteria | |
| Context | configure filter mac-filter string entry number match frame-type keyword | |
| Tree | frame-type | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
inner-tag
mask number
| Synopsis | Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value | |
| Context | configure filter mac-filter string entry number match inner-tag mask number | |
| Tree | mask | |
| Range | 1 to 4095 | |
| Default | 4095 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tag number
| Synopsis | Matching value against VID of the second or first VLAN tag in the packet carried transparently | |
| Context | configure filter mac-filter string entry number match inner-tag tag number | |
| Tree | tag | |
| Range | 0 to 4095 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
isid
range
end number
start number
value number
| Synopsis | Lowest value of 24-bit service instance identifier for the service matching this entry | |
| Context | configure filter mac-filter string entry number match isid value number | |
| Tree | value | |
| Range | 0 to 16777215 | |
Notes | The following elements are part of a choice: range or value. | |
| Introduced | 16.0.R1 | |
Platforms | All |
llc-dsap
dsap number
mask number
llc-ssap
mask number
ssap number
outer-tag
mask number
| Synopsis | Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value | |
| Context | configure filter mac-filter string entry number match outer-tag mask number | |
| Tree | mask | |
| Range | 1 to 4095 | |
| Default | 4095 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tag number
| Synopsis | Matching value against VID of the second or first VLAN tag in the packet carried transparently | |
| Context | configure filter mac-filter string entry number match outer-tag tag number | |
| Tree | tag | |
| Range | 0 to 4095 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
snap-oui keyword
snap-pid number
src-mac
address string
mask string
pbr-down-action-override keyword
| Synopsis | Action when PBR or PBF target for this entry is not available | |
| Context | configure filter mac-filter string entry number pbr-down-action-override keyword | |
| Tree | pbr-down-action-override | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
sticky-dest (number | keyword)
| Synopsis | Time before action with available PBR or PBF destination and highest priority | |
| Context | configure filter mac-filter string entry number sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | MAC filter ID | |
| Context | configure filter mac-filter string filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 16.0.R1 | |
|
Platforms | All | |
scope keyword
| Synopsis | Scope of this filter definition | |
| Context | configure filter mac-filter string scope keyword | |
| Tree | scope | |
| Default | template | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
type keyword
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | MAC filter policy | |
| Context | configure filter mac-filter string type keyword | |
| Tree | type | |
| Default | normal | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All | |
match-list
| Synopsis | Enter the match-list context | |
| Context | configure filter match-list | |
| Tree | match-list | |
| Introduced | 16.0.R1 | |
Platforms | All |
ip-prefix-list [prefix-list-name] string
| Synopsis | Enter the ip-prefix-list list instance | |
| Context | configure filter match-list ip-prefix-list string | |
| Tree | ip-prefix-list | |
| Introduced | 16.0.R1 | |
Platforms | All |
[prefix-list-name] string
| Synopsis | IP prefix list name | |
| Context | configure filter match-list ip-prefix-list string | |
| Tree | ip-prefix-list | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
apply-path
| Synopsis | Enter the apply-path context | |
| Context | configure filter match-list ip-prefix-list string apply-path | |
| Tree | apply-path | |
| Introduced | 16.0.R1 | |
Platforms | All |
bgp-peers [criterion-index] number
| Synopsis | Enter the bgp-peers list instance | |
| Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Introduced | 16.0.R1 | |
Platforms | All |
[criterion-index] number
| Synopsis | BGP peers auto-generation configuration index | |
| Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Range | 1 to 255 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
group string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance group configuration | |
| Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number group string | |
| Tree | group | |
| String Length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
neighbor string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance neighbor configuration | |
| Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number neighbor string | |
| Tree | neighbor | |
| String Length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Target routing instance | |
| Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number router-instance string | |
| Tree | router-instance | |
| Default | Base | |
| Introduced | 16.0.R1 | |
|
Platforms | All | |
description string
| Synopsis | Text description | |
| Context | configure filter match-list ip-prefix-list string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
prefix [ip-prefix] string
| Synopsis | Add a list entry for prefix | |
| Context | configure filter match-list ip-prefix-list string prefix string | |
| Tree | prefix | |
Description | Commands in this context add IPv4 prefixes to the prefix match list. Prefixes can overlap IPv4 address space. An IPv4 prefix addition is blocked if resource exhaustion is detected anywhere in the system due to filter policies that use the prefix list. | |
| Max. Instances | 8192 | |
| Introduced | 16.0.R1 | |
Platforms | All |
[ip-prefix] string
| Synopsis | IPv4 prefix to be added to the prefix list | |
| Context | configure filter match-list ip-prefix-list string prefix string | |
| Tree | prefix | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R3 | |
Platforms | All |
prefix-exclude [ip-prefix] string
| Synopsis | Add a list entry for prefix-exclude | |
| Context | configure filter match-list ip-prefix-list string prefix-exclude string | |
| Tree | prefix-exclude | |
Description | Commands in this context exclude IPv4 prefixes from the prefix match list. This command is mutually exclusive with the apply-path command. | |
| Max. Instances | 512 | |
| Introduced | 16.0.R4 | |
Platforms | All |
[ip-prefix] string
| Synopsis | IPv4 prefix to be added to the prefix list | |
| Context | configure filter match-list ip-prefix-list string prefix-exclude string | |
| Tree | prefix-exclude | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | All |
ipv6-prefix-list [prefix-list-name] string
| Synopsis | Enter the ipv6-prefix-list list instance | |
| Context | configure filter match-list ipv6-prefix-list string | |
| Tree | ipv6-prefix-list | |
| Introduced | 16.0.R1 | |
Platforms | All |
[prefix-list-name] string
| Synopsis | IP prefix list name | |
| Context | configure filter match-list ipv6-prefix-list string | |
| Tree | ipv6-prefix-list | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
apply-path
| Synopsis | Enter the apply-path context | |
| Context | configure filter match-list ipv6-prefix-list string apply-path | |
| Tree | apply-path | |
| Introduced | 16.0.R1 | |
Platforms | All |
bgp-peers [criterion-index] number
| Synopsis | Enter the bgp-peers list instance | |
| Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Introduced | 16.0.R1 | |
Platforms | All |
[criterion-index] number
| Synopsis | BGP peers auto-generation configuration index | |
| Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Range | 1 to 255 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
group string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance group configuration | |
| Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number group string | |
| Tree | group | |
| String Length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
neighbor string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance neighbor configuration | |
| Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number neighbor string | |
| Tree | neighbor | |
| String Length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Target routing instance | |
| Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number router-instance string | |
| Tree | router-instance | |
| Default | Base | |
| Introduced | 16.0.R1 | |
|
Platforms | All | |
description string
| Synopsis | Text description | |
| Context | configure filter match-list ipv6-prefix-list string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
prefix [ipv6-prefix] string
| Synopsis | Add a list entry for prefix | |
| Context | configure filter match-list ipv6-prefix-list string prefix string | |
| Tree | prefix | |
| Max. Instances | 8192 | |
| Introduced | 16.0.R1 | |
Platforms | All |
[ipv6-prefix] string
| Synopsis | IPv6 prefix to be added to the prefix list | |
| Context | configure filter match-list ipv6-prefix-list string prefix string | |
| Tree | prefix | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R3 | |
Platforms | All |
prefix-exclude [ipv6-prefix] string
| Synopsis | Add a list entry for prefix-exclude | |
| Context | configure filter match-list ipv6-prefix-list string prefix-exclude string | |
| Tree | prefix-exclude | |
Description | Commands in this context exclude IPv6 prefixes from the prefix match list. This command is mutually exclusive with the apply-path command. | |
| Max. Instances | 512 | |
| Introduced | 16.0.R4 | |
Platforms | All |
[ipv6-prefix] string
| Synopsis | IPv6 prefix to be added to the prefix list | |
| Context | configure filter match-list ipv6-prefix-list string prefix-exclude string | |
| Tree | prefix-exclude | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | All |
port-list [port-list-name] string
| Synopsis | Enter the port-list list instance | |
| Context | configure filter match-list port-list string | |
| Tree | port-list | |
| Max. Instances | 5120 | |
| Introduced | 16.0.R1 | |
Platforms | All |
[port-list-name] string
| Synopsis | Port list name | |
| Context | configure filter match-list port-list string | |
| Tree | port-list | |
Description | This command specifies the port list name. If special characters are used (#, $, spaces, and so on), the string must be enclosed within double quotes. | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter match-list port-list string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
port [value] number
| Synopsis | Add a list entry for port | |
| Context | configure filter match-list port-list string port number | |
| Tree | port | |
| Introduced | 16.0.R1 | |
Platforms | All |
[value] number
| Synopsis | Port value | |
| Context | configure filter match-list port-list string port number | |
| Tree | port | |
| Range | 0 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
range start number end number
start number
end number
protocol-list [protocol-list-name] string
| Synopsis | Enter the protocol-list list instance | |
| Context | configure filter match-list protocol-list string | |
| Tree | protocol-list | |
| Max. Instances | 512 | |
| Introduced | 20.7.R1 | |
Platforms | All |
[protocol-list-name] string
| Synopsis | Protocol list name | |
| Context | configure filter match-list protocol-list string | |
| Tree | protocol-list | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 20.7.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter match-list protocol-list string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.7.R1 | |
Platforms | All |
protocol [protocol-id] (number | keyword)
| Synopsis | Add a list entry for protocol | |
| Context | configure filter match-list protocol-list string protocol (number | keyword) | |
| Tree | protocol | |
| Max. Instances | 32 | |
| Introduced | 20.7.R1 | |
|
Platforms | All |
[protocol-id] (number | keyword)
| Synopsis | IP protocol identifier | |
| Context | configure filter match-list protocol-list string protocol (number | keyword) | |
| Tree | protocol | |
| Range | 0 to 255 | |
| Options | ||
Notes | This element is part of a list key. | |
| Introduced | 20.7.R1 | |
Platforms | All |
md-auto-id
| Synopsis | Enter the md-auto-id context | |
| Context | configure filter md-auto-id | |
| Tree | md-auto-id | |
| Introduced | 16.0.R1 | |
Platforms | All |
filter-id-range
| Synopsis | Enable the filter-id-range context | |
| Context | configure filter md-auto-id filter-id-range | |
| Tree | filter-id-range | |
| Introduced | 16.0.R1 | |
Platforms | All |
end number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Upper bound of the ID range | |
| Context | configure filter md-auto-id filter-id-range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
start number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Lower bound of the ID range | |
| Context | configure filter md-auto-id filter-id-range start number | |
| Tree | start | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R1 | |
Platforms | All | |
redirect-policy [redirect-policy-name] string
| Synopsis | Enter the redirect-policy list instance | |
| Context | configure filter redirect-policy string | |
| Tree | redirect-policy | |
| Introduced | 16.0.R1 | |
Platforms | All |
[redirect-policy-name] string
| Synopsis | Redirect policy name | |
| Context | configure filter redirect-policy string | |
| Tree | redirect-policy | |
Description | This command specifies the redirect policy name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
| Synopsis | Administrative state of the redirect policy | |
| Context | configure filter redirect-policy string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter redirect-policy string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
destination [destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | Enter the destination list instance | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | destination | |
| Introduced | 16.0.R1 | |
Platforms | All |
[destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address and type of destination | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | destination | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
| Synopsis | Administrative state of the destination | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
description string
| Synopsis | Text description | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms | All |
ping-test
| Synopsis | Enable the ping-test context | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test | |
| Tree | ping-test | |
| Introduced | 16.0.R1 | |
Platforms | All |
drop-count number
| Synopsis | Number of consecutive requests that fail before destination is declared unreachable | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test drop-count number | |
| Tree | drop-count | |
| Range | 1 to 60 | |
| Default | 3 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
hold-down number
| Synopsis | Time for the system to be held down if this test has marked it unreachable | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test hold-down number | |
| Tree | hold-down | |
| Range | 0 to 86400 | |
| Default | 0 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms | All |
interval number
| Synopsis | Time between consecutive requests which are sent to the far end host | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test interval number | |
| Tree | interval | |
| Range | 1 to 60 | |
| Default | 1 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms | All |
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | Source address to use in the IP packet of the ping test | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | source-address | |
| Introduced | 16.0.R4 | |
Platforms | All |
timeout number
| Synopsis | Time required to receive a response from the far end host | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test timeout number | |
| Tree | timeout | |
| Range | 1 to 60 | |
| Default | 1 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms | All |
priority number
| Synopsis | Priority for this destination | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) priority number | |
| Tree | priority | |
| Range | 1 to 255 | |
| Default | 100 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
unicast-rt-test
| Synopsis | Enable the unicast-rt-test context | |
| Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) unicast-rt-test | |
| Tree | unicast-rt-test | |
| Introduced | 16.0.R1 | |
Platforms | All |
notify-dest-change boolean
| Synopsis | Send notifications when the active destination changes | |
| Context | configure filter redirect-policy string notify-dest-change boolean | |
| Tree | notify-dest-change | |
Description | When configured to true, notifications (such as Log and SNMP) are sent when the active destination of a redirect policy changes. No notification is sent when there are no more active destinations (as this scenario is covered by another notification). When configured to false, the notification generation is disabled. | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms | All |
router-instance string
| Synopsis | Routing context to use for route lookup | |
| Context | configure filter redirect-policy string router-instance string | |
| Tree | router-instance | |
| Introduced | 16.0.R1 | |
Platforms | All |
sticky-dest (number | keyword)
| Synopsis | Time required by system before applying the current best destination as active destination | |
| Context | configure filter redirect-policy string sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms | All |
redirect-policy-binding [binding-name] string
| Synopsis | Enter the redirect-policy-binding list instance | |
| Context | configure filter redirect-policy-binding string | |
| Tree | redirect-policy-binding | |
| Max. Instances | 16 | |
| Introduced | 16.0.R4 | |
|
Platforms | All |
[binding-name] string
| Synopsis | Binding name | |
| Context | configure filter redirect-policy-binding string | |
| Tree | redirect-policy-binding | |
| String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | All |
binding-operator keyword
| Synopsis | Logical operator used to obtain the master test result | |
| Context | configure filter redirect-policy-binding string binding-operator keyword | |
| Tree | binding-operator | |
Description | This command configures the logical operator to use with the destinations' test results to obtain the master test result (the redirect policy binding test result). | |
| Default | and | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms | All |
redirect-policy [redirect-policy-name] reference
| Synopsis | Enter the redirect-policy list instance | |
| Context | configure filter redirect-policy-binding string redirect-policy reference | |
| Tree | redirect-policy | |
| Introduced | 16.0.R4 | |
Platforms | All |
[redirect-policy-name] reference
| Synopsis | Redirect policy name | |
| Context | configure filter redirect-policy-binding string redirect-policy reference | |
| Tree | redirect-policy | |
Reference | configure filter redirect-policy string | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | All |
destination [destination-address] reference
| Synopsis | Add a list entry for destination | |
| Context | configure filter redirect-policy-binding string redirect-policy reference destination reference | |
| Tree | destination | |
| Min. Instances | 1 | |
| Introduced | 16.0.R4 | |
|
Platforms | All |
[destination-address] reference
| Synopsis | IP address of redirect policy destination to binding | |
| Context | configure filter redirect-policy-binding string redirect-policy reference destination reference | |
| Tree | destination | |
Reference | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R4 | |
Platforms | All |
system-filter
| Synopsis | Enter the system-filter context | |
| Context | configure filter system-filter | |
| Tree | system-filter | |
| Introduced | 16.0.R1 | |
Platforms | All |
ip [ip-filter] reference
| Synopsis | Add a list entry for ip | |
| Context | configure filter system-filter ip reference | |
| Tree | ip | |
| Max. Instances | 1 | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
[ip-filter] reference
ipv6 [ipv6-filter] reference
| Synopsis | Add a list entry for ipv6 | |
| Context | configure filter system-filter ipv6 reference | |
| Tree | ipv6 | |
| Max. Instances | 1 | |
| Introduced | 16.0.R1 | |
|
Platforms | All |
[ipv6-filter] reference
| Synopsis | Active IPv6 system filter policy | |
| Context | configure filter system-filter ipv6 reference | |
| Tree | ipv6 | |
Reference | configure filter ipv6-filter string | |
Notes | This element is part of a list key. | |
| Introduced | 16.0.R3 | |
Platforms | All |