filter commands
configure
— filter
— apply-groups reference
— apply-groups-exclude reference
— dhcp-filter number
— apply-groups reference
— apply-groups-exclude reference
— default-action
— bypass-host-creation
— drop
— description string
— entry number
— action
— bypass-host-creation
— drop
— apply-groups reference
— apply-groups-exclude reference
— option
— absent
— match
— exact boolean
— hex string
— invert boolean
— string string
— number number
— present
— dhcp6-filter number
— apply-groups reference
— apply-groups-exclude reference
— default-action
— bypass-host-creation
— na boolean
— pd boolean
— drop
— description string
— entry number
— action
— bypass-host-creation
— na boolean
— pd boolean
— drop
— apply-groups reference
— apply-groups-exclude reference
— option
— absent
— match
— exact boolean
— hex string
— invert boolean
— string string
— number number
— present
— gre-tunnel-template string
— apply-groups reference
— apply-groups-exclude reference
— description string
— ipv4
— destination-address string
— gre-key (keyword | number)
— skip-ttl-decrement boolean
— source-address string
— ipv6
— destination-address string
— gre-key keyword
— skip-hop-decrement boolean
— source-address string
— ip-exception string
— apply-groups reference
— apply-groups-exclude reference
— description string
— entry number
— apply-groups reference
— apply-groups-exclude reference
— description string
— match
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— mask string
— dst-port
— eq number
— gt number
— lt number
— range
— end number
— start number
— icmp
— code number
— type number
— protocol (number | keyword)
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— mask string
— src-port
— eq number
— gt number
— lt number
— range
— end number
— start number
— filter-id number
— ip-filter string
— apply-groups reference
— apply-groups-exclude reference
— chain-to-system-filter boolean
— default-action keyword
— description string
— embed
— filter reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— flowspec offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— group number
— router-instance string
— openflow reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— grt
— sap reference
— system
— vpls reference
— vprn reference
— entry number
— action
— accept
— accept-when
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— apply-groups reference
— apply-groups-exclude reference
— drop
— drop-when
— extracted-traffic
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— fc keyword
— forward
— bonding-connection number
— esi-l2
— esi-value string
— vpls reference
— esi-l3
— esi-value string
— sf-ip string
— vas-interface reference
— vprn reference
— gre-tunnel reference
— lsp string
— mpls-policy
— endpoint string
— next-hop
— interface-name string
— nh-ip
— address string
— indirect boolean
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— redirect-policy reference
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— srte-policy
— color number
— endpoint string
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— gtp-local-breakout
— http-redirect
— allow-override boolean
— url (keyword | http-redirect-url)
— ignore-match
— l2-aware-nat-bypass boolean
— nat
— nat-policy reference
— rate-limit
— extracted-traffic
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— pir (number | keyword)
— pps-pir (number | keyword)
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— reassemble
— remark
— dscp keyword
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— next-hop
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— remark
— dscp keyword
— tcp-mss-adjust
— apply-groups reference
— apply-groups-exclude reference
— description string
— egress-pbr keyword
— filter-sample boolean
— interface-sample boolean
— log reference
— match
— destination-class number
— dscp keyword
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— fragment keyword
— icmp
— code number
— type number
— ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— ip-option
— mask number
— type number
— multiple-option boolean
— option-present boolean
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— protocol (number | keyword)
— protocol-list reference
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask string
— src-mac
— address string
— mask string
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-route-option boolean
— tcp-established
— tcp-flags
— ack boolean
— cwr boolean
— ece boolean
— fin boolean
— ns boolean
— psh boolean
— rst boolean
— syn boolean
— urg boolean
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— pbr-down-action-override keyword
— sample-profile reference
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— shared-policer boolean
— subscriber-mgmt
— host-specific-entry
— credit-control
— range
— end number
— start number
— filter-rule
— range
— end number
— start number
— watermark
— high number
— low number
— shared-entry
— filter-rule
— range
— end number
— start number
— pcc-rule
— range
— end number
— start number
— watermark
— high number
— low number
— type keyword
— ipv6-exception string
— apply-groups reference
— apply-groups-exclude reference
— description string
— entry number
— apply-groups reference
— apply-groups-exclude reference
— description string
— match
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— icmp
— code number
— type number
— next-header (number | keyword)
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— filter-id number
— ipv6-filter string
— apply-groups reference
— apply-groups-exclude reference
— chain-to-system-filter boolean
— default-action keyword
— description string
— embed
— filter reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— flowspec offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— group number
— router-instance string
— openflow reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— grt
— sap reference
— system
— vpls reference
— vprn reference
— entry number
— action
— accept
— accept-when
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— apply-groups reference
— apply-groups-exclude reference
— drop
— drop-when
— extracted-traffic
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— payload-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— fc keyword
— forward
— bonding-connection number
— esi-l2
— esi-value string
— vpls reference
— esi-l3
— esi-value string
— sf-ip string
— vas-interface reference
— vprn reference
— gre-tunnel reference
— lsp string
— mpls-policy
— endpoint string
— next-hop
— nh-ip
— address string
— indirect boolean
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— redirect-policy reference
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— srte-policy
— color number
— endpoint string
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— http-redirect
— allow-override boolean
— url (keyword | http-redirect-url)
— ignore-match
— nat
— nat-policy reference
— nat-type keyword
— rate-limit
— extracted-traffic
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— pattern
— expression string
— mask string
— offset-type keyword
— offset-value number
— payload-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pir (number | keyword)
— pps-pir (number | keyword)
— remark
— dscp keyword
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— next-hop
— nh-ip-vrf
— address string
— indirect boolean
— router-instance string
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— vprn-target
— adv-prefix string
— bgp-nh string
— lsp string
— vprn reference
— remark
— dscp keyword
— tcp-mss-adjust
— apply-groups reference
— apply-groups-exclude reference
— description string
— egress-pbr keyword
— filter-sample boolean
— interface-sample boolean
— log reference
— match
— destination-class number
— dscp keyword
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— extension-header
— ah boolean
— esp boolean
— hop-by-hop boolean
— routing-type0 boolean
— flow-label
— mask number
— value number
— fragment keyword
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— icmp
— code number
— type number
— ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— next-header (number | keyword)
— next-header-list reference
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-mac
— address string
— mask string
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— tcp-established
— tcp-flags
— ack boolean
— cwr boolean
— ece boolean
— fin boolean
— ns boolean
— psh boolean
— rst boolean
— syn boolean
— urg boolean
— pbr-down-action-override keyword
— sample-profile reference
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— shared-policer boolean
— subscriber-mgmt
— host-specific-entry
— credit-control
— range
— end number
— start number
— filter-rule
— range
— end number
— start number
— watermark
— high number
— low number
— shared-entry
— filter-rule
— range
— end number
— start number
— pcc-rule
— range
— end number
— start number
— watermark
— high number
— low number
— type keyword
— log number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination
— memory
— max-entries number
— stop-on-full boolean
— syslog
— name reference
— summary
— admin-state keyword
— summary-crit keyword
— mac-filter string
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— description string
— embed
— entry number
— action
— accept
— apply-groups reference
— apply-groups-exclude reference
— drop
— forward
— esi-l2
— esi-value string
— vpls reference
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— http-redirect
— url string
— ignore-match
— rate-limit
— pir (number | keyword)
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— sap
— sap-id reference
— vpls reference
— sdp
— sdp-bind-id string
— vpls reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— dot1p
— mask number
— priority number
— dst-mac
— address string
— mask string
— etype string
— frame-type keyword
— inner-tag
— mask number
— tag number
— isid
— range
— end number
— start number
— value number
— llc-dsap
— dsap number
— mask number
— llc-ssap
— mask number
— ssap number
— outer-tag
— mask number
— tag number
— snap-oui keyword
— snap-pid number
— src-mac
— address string
— mask string
— pbr-down-action-override keyword
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— type keyword
— match-list
— apply-groups reference
— apply-groups-exclude reference
— ip-prefix-list string
— apply-groups reference
— apply-groups-exclude reference
— apply-path
— bgp-peers number
— apply-groups reference
— apply-groups-exclude reference
— group string
— neighbor string
— router-instance string
— description string
— prefix string
— prefix-exclude string
— ipv6-prefix-list string
— apply-groups reference
— apply-groups-exclude reference
— apply-path
— bgp-peers number
— apply-groups reference
— apply-groups-exclude reference
— group string
— neighbor string
— router-instance string
— description string
— prefix string
— prefix-exclude string
— port-list string
— apply-groups reference
— apply-groups-exclude reference
— description string
— port number
— range start number end number
— protocol-list string
— apply-groups reference
— apply-groups-exclude reference
— description string
— protocol (number | keyword)
— md-auto-id
— filter-id-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— redirect-policy string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination (ipv4-address-no-zone | ipv6-address-no-zone)
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— ping-test
— apply-groups reference
— apply-groups-exclude reference
— drop-count number
— hold-down number
— interval number
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— timeout number
— priority number
— unicast-rt-test
— notify-dest-change boolean
— router-instance string
— sticky-dest (number | keyword)
— redirect-policy-binding string
— apply-groups reference
— apply-groups-exclude reference
— binding-operator keyword
— redirect-policy reference
— apply-groups reference
— apply-groups-exclude reference
— destination reference
— system-filter
— apply-groups reference
— apply-groups-exclude reference
— ip reference
— ipv6 reference
filter command descriptions
filter
dhcp-filter [filter-id] number
Synopsis | Enter the dhcp-filter list instance | |
Context | configure filter dhcp-filter number | |
Tree | dhcp-filter | |
Introduced | 16.0.R1 | |
Platforms | All |
[filter-id] number
Synopsis | Unique DHCP filter policy ID | |
Context | configure filter dhcp-filter number | |
Tree | dhcp-filter | |
Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
default-action
Synopsis | Enable the default-action context | |
Context | configure filter dhcp-filter number default-action | |
Tree | default-action | |
Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
Synopsis | Host creation options to bypass | |
Context | configure filter dhcp-filter number default-action bypass-host-creation | |
Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
Synopsis | DHCP host creation when the filter entry is matched | |
Context | configure filter dhcp-filter number default-action drop | |
Tree | drop | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter dhcp-filter number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure filter dhcp-filter number entry number | |
Tree | entry | |
Max. Instances | 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
Synopsis | DHCP filter entry index | |
Context | configure filter dhcp-filter number entry number | |
Tree | entry | |
Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
action
Synopsis | Enable the action context | |
Context | configure filter dhcp-filter number entry number action | |
Tree | action | |
Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
Synopsis | Host creation options to bypass | |
Context | configure filter dhcp-filter number entry number action bypass-host-creation | |
Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
option
Synopsis | Enable the option context | |
Context | configure filter dhcp-filter number entry number option | |
Tree | option | |
Introduced | 16.0.R1 | |
Platforms | All |
absent
match
exact boolean
hex string
invert boolean
string string
number number
present
dhcp6-filter [filter-id] number
Synopsis | Enter the dhcp6-filter list instance | |
Context | configure filter dhcp6-filter number | |
Tree | dhcp6-filter | |
Introduced | 16.0.R1 | |
Platforms | All |
[filter-id] number
Synopsis | Unique DHCP filter policy ID | |
Context | configure filter dhcp6-filter number | |
Tree | dhcp6-filter | |
Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
default-action
Synopsis | Enable the default-action context | |
Context | configure filter dhcp6-filter number default-action | |
Tree | default-action | |
Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
Synopsis | Enable the bypass-host-creation context | |
Context | configure filter dhcp6-filter number default-action bypass-host-creation | |
Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
na boolean
Synopsis | Bypass the DHCPv6 NA host creation | |
Context | configure filter dhcp6-filter number default-action bypass-host-creation na boolean | |
Tree | na | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
pd boolean
Synopsis | Bypass the DHCPv6 PD host creation | |
Context | configure filter dhcp6-filter number default-action bypass-host-creation pd boolean | |
Tree | pd | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
Synopsis | Drop DHCPv6 message (do not process) | |
Context | configure filter dhcp6-filter number default-action drop | |
Tree | drop | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter dhcp6-filter number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure filter dhcp6-filter number entry number | |
Tree | entry | |
Max. Instances | 10 | |
Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
Synopsis | DHCP filter entry index | |
Context | configure filter dhcp6-filter number entry number | |
Tree | entry | |
Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
action
Synopsis | Enable the action context | |
Context | configure filter dhcp6-filter number entry number action | |
Tree | action | |
Introduced | 16.0.R1 | |
Platforms | All |
bypass-host-creation
Synopsis | Enable the bypass-host-creation context | |
Context | configure filter dhcp6-filter number entry number action bypass-host-creation | |
Tree | bypass-host-creation | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
na boolean
Synopsis | Bypass the DHCPv6 NA host creation | |
Context | configure filter dhcp6-filter number entry number action bypass-host-creation na boolean | |
Tree | na | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
pd boolean
Synopsis | Bypass the DHCPv6 PD host creation | |
Context | configure filter dhcp6-filter number entry number action bypass-host-creation pd boolean | |
Tree | pd | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
drop
option
Synopsis | Enable the option context | |
Context | configure filter dhcp6-filter number entry number option | |
Tree | option | |
Introduced | 16.0.R1 | |
Platforms | All |
absent
match
exact boolean
hex string
invert boolean
string string
number number
present
gre-tunnel-template [gre-tunnel-template-name] string
Synopsis | Enter the gre-tunnel-template list instance | |
Context | configure filter gre-tunnel-template string | |
Tree | gre-tunnel-template | |
Max. Instances | 8191 | |
Introduced | 16.0.R1 | |
Platforms | All |
[gre-tunnel-template-name] string
Synopsis | GRE tunnel template ID | |
Context | configure filter gre-tunnel-template string | |
Tree | gre-tunnel-template | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter gre-tunnel-template string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R2 | |
Platforms | All |
ipv4
Synopsis | Enter the ipv4 context | |
Context | configure filter gre-tunnel-template string ipv4 | |
Tree | ipv4 | |
Notes | The following elements are part of a choice: ipv4 or ipv6. | |
Introduced | 16.0.R1 | |
Platforms | All |
destination-address [address] string
Synopsis | Add a list entry for destination-address | |
Context | configure filter gre-tunnel-template string ipv4 destination-address string | |
Tree | destination-address | |
Description | This command defines a destination for the GRE IP header used to encapsulate the matching IPv4/IPv6 packet. A single destination address can be specified for an IPv6 gre-tunnel-template. Traffic matching the associated IPv4 or IPv6 filter is hashed across any available ECMP or UCMP route next hop available to the destination address. If no destination address is available, then matching traffic follows the configured pbr-down-action-override action, if configured. If no pbr-down-action-override is configured traffic is discarded. | |
Max. Instances | 32 | |
Introduced | 16.0.R1 | |
Platforms | All |
[address] string
Synopsis | Destination IPv4 address | |
Context | configure filter gre-tunnel-template string ipv4 destination-address string | |
Tree | destination-address | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
gre-key (keyword | number)
Synopsis | GRE key | |
Context | configure filter gre-tunnel-template string ipv4 gre-key (keyword | number) | |
Tree | gre-key | |
Max. Range | 0 to 4294967295 | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
skip-ttl-decrement boolean
Synopsis | Decrement TTL | |
Context | configure filter gre-tunnel-template string ipv4 skip-ttl-decrement boolean | |
Tree | skip-ttl-decrement | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
source-address string
Synopsis | Source IP address of the GRE encapsulated | |
Context | configure filter gre-tunnel-template string ipv4 source-address string | |
Tree | source-address | |
Introduced | 16.0.R1 | |
Platforms | All |
ipv6
Synopsis | Enter the ipv6 context | |
Context | configure filter gre-tunnel-template string ipv6 | |
Tree | ipv6 | |
Notes | The following elements are part of a choice: ipv4 or ipv6. | |
Introduced | 22.7.R1 | |
Platforms | All |
destination-address [address] string
Synopsis | Add a list entry for destination-address | |
Context | configure filter gre-tunnel-template string ipv6 destination-address string | |
Tree | destination-address | |
Max. Instances | 1 | |
Introduced | 22.7.R1 | |
Platforms | All |
[address] string
Synopsis | IPv6 destination address | |
Context | configure filter gre-tunnel-template string ipv6 destination-address string | |
Tree | destination-address | |
Notes | This element is part of a list key. | |
Introduced | 22.7.R1 | |
Platforms | All |
gre-key keyword
Synopsis | Include a key value in GRE header | |
Context | configure filter gre-tunnel-template string ipv6 gre-key keyword | |
Tree | gre-key | |
Description | This command includes a key value in the GRE header of ifIndex of the ingress interface. | |
Options | ||
Introduced | 22.7.R1 | |
Platforms | All |
skip-hop-decrement boolean
Synopsis | Decrement TTL of the received packet | |
Context | configure filter gre-tunnel-template string ipv6 skip-hop-decrement boolean | |
Tree | skip-hop-decrement | |
Description | When configured to true, the system decrements the TTL of the IP packet matching the IPv4 or IPv6 filter when it is encapsulated into the GRE tunnel header. When configured to false, the system increases the TTL of the received packet. | |
Default | false | |
Introduced | 22.7.R1 | |
Platforms | All |
source-address string
Synopsis | Source IPv6 address of the GRE encapsulated | |
Context | configure filter gre-tunnel-template string ipv6 source-address string | |
Tree | source-address | |
Introduced | 22.7.R1 | |
Platforms | All |
ip-exception [filter-name] string
Synopsis | Enter the ip-exception list instance | |
Context | configure filter ip-exception string | |
Tree | ip-exception | |
Introduced | 20.10.R1 | |
Platforms | VSR |
[filter-name] string
Synopsis | Filter name | |
Context | configure filter ip-exception string | |
Tree | ip-exception | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
description string
Synopsis | Text description | |
Context | configure filter ip-exception string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.10.R1 | |
Platforms | VSR |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure filter ip-exception string entry number | |
Tree | entry | |
Introduced | 20.10.R1 | |
Platforms | VSR |
[entry-id] number
Synopsis | ID for a match criteria and the corresponding action | |
Context | configure filter ip-exception string entry number | |
Tree | entry | |
Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
description string
Synopsis | Text description | |
Context | configure filter ip-exception string entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.10.R1 | |
Platforms | VSR |
match
Synopsis | Enter the match context | |
Context | configure filter ip-exception string entry number match | |
Tree | match | |
Introduced | 20.10.R1 | |
Platforms | VSR |
dst-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
mask string
dst-port
eq number
gt number
lt number
range
end number
start number
icmp
code number
type number
protocol (number | keyword)
src-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
mask string
src-port
eq number
gt number
lt number
range
end number
start number
filter-id number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Filter ID | |
Context | configure filter ip-exception string filter-id number | |
Tree | filter-id | |
Range | 1 to 65535 | |
Introduced | 20.10.R1 | |
Platforms | VSR |
ip-filter [filter-name] string
[filter-name] string
chain-to-system-filter boolean
Synopsis | Chain filter policy to the active IPvX system filter policy | |
Context | configure filter ip-filter string chain-to-system-filter boolean | |
Tree | chain-to-system-filter | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
default-action keyword
Synopsis | Action for packets that do not match any entry | |
Context | configure filter ip-filter string default-action keyword | |
Tree | default-action | |
Default | drop | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter ip-filter string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
embed
Synopsis | Enter the embed context | |
Context | configure filter ip-filter string embed | |
Tree | embed | |
Description | Commands in this context embed a previously defined IPv4 embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only. | |
Introduced | 16.0.R1 | |
Platforms | All |
filter [name] reference offset number
[name] reference
offset number
admin-state keyword
Synopsis | Administrative state of the embedded filter | |
Context | configure filter ip-filter string embed filter reference offset number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
flowspec offset number
offset number
admin-state keyword
Synopsis | Administrative state of the embedded filter | |
Context | configure filter ip-filter string embed flowspec offset number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
group number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Interface group ID for an external configured set of flowspec rules | |
Context | configure filter ip-filter string embed flowspec offset number group number | |
Tree | group | |
Range | 0 to 16383 | |
Introduced | 16.0.R1 | |
Platforms | All |
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Virtual router for an external configured set of flowspec rules | |
Context | configure filter ip-filter string embed flowspec offset number router-instance string | |
Tree | router-instance | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
openflow [of-switch] reference offset number
[of-switch] reference
offset number
admin-state keyword
Synopsis | Administrative state of the embedded filter | |
Context | configure filter ip-filter string embed openflow reference offset number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R4 | |
Platforms | All |
grt
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Global routing context | |
Context | configure filter ip-filter string embed openflow reference offset number grt | |
Tree | grt | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
sap reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | SAP context | |
Context | configure filter ip-filter string embed openflow reference offset number sap reference | |
Tree | sap | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
system
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | System context | |
Context | configure filter ip-filter string embed openflow reference offset number system | |
Tree | system | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
vpls reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPLS context | |
Context | configure filter ip-filter string embed openflow reference offset number vpls reference | |
Tree | vpls | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
vprn reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPRN context | |
Context | configure filter ip-filter string embed openflow reference offset number vprn reference | |
Tree | vprn | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
entry [entry-id] number
[entry-id] number
action
accept
Synopsis | Accept regular routing to forward a matching packet | |
Context | configure filter ip-filter string entry number action accept | |
Tree | accept | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
accept-when
Synopsis | Enable the accept-when context | |
Context | configure filter ip-filter string entry number action accept-when | |
Tree | accept-when | |
Introduced | 19.5.R1 | |
Platforms | All |
pattern
expression string
Synopsis | Pattern expression to match | |
Context | configure filter ip-filter string entry number action accept-when pattern expression string | |
Tree | expression | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
mask string
offset-type keyword
Synopsis | Starting point reference for offset value of pattern | |
Context | configure filter ip-filter string entry number action accept-when pattern offset-type keyword | |
Tree | offset-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
offset-value number
Synopsis | Offset value for the pattern expression | |
Context | configure filter ip-filter string entry number action accept-when pattern offset-value number | |
Tree | offset-value | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
drop
Synopsis | Drop a packet matching this entry | |
Context | configure filter ip-filter string entry number action drop | |
Tree | drop | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
drop-when
extracted-traffic
Synopsis | Drop traffic extracted to CPM | |
Context | configure filter ip-filter string entry number action drop-when extracted-traffic | |
Tree | extracted-traffic | |
Introduced | 16.0.R1 | |
Platforms | All |
packet-length
Synopsis | Enable the packet-length context | |
Context | configure filter ip-filter string entry number action drop-when packet-length | |
Tree | packet-length | |
Notes | The following elements are part of a choice: packet-length or ttl. | |
Introduced | 16.0.R1 | |
Platforms | All |
eq number
gt number
lt number
range
end number
start number
pattern
expression string
Synopsis | Pattern expression to match | |
Context | configure filter ip-filter string entry number action drop-when pattern expression string | |
Tree | expression | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask string
offset-type keyword
Synopsis | Starting point reference for offset value of pattern | |
Context | configure filter ip-filter string entry number action drop-when pattern offset-type keyword | |
Tree | offset-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
Synopsis | Offset value for the pattern expression | |
Context | configure filter ip-filter string entry number action drop-when pattern offset-value number | |
Tree | offset-value | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
ttl
eq number
gt number
lt number
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string entry number action drop-when ttl range | |
Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
start number
fc keyword
forward
Synopsis | Enter the forward context | |
Context | configure filter ip-filter string entry number action forward | |
Tree | forward | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
bonding-connection number
Synopsis | Connection ID over which packet is forwarded | |
Context | configure filter ip-filter string entry number action forward bonding-connection number | |
Tree | bonding-connection | |
Range | 1 to 2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
esi-l2
Synopsis | Enable the esi-l2 context | |
Context | configure filter ip-filter string entry number action forward esi-l2 | |
Tree | esi-l2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
vpls reference
esi-l3
Synopsis | Enable the esi-l3 context | |
Context | configure filter ip-filter string entry number action forward esi-l3 | |
Tree | esi-l3 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | ESI of the first ESI-identified appliance | |
Context | configure filter ip-filter string entry number action forward esi-l3 esi-value string | |
Tree | esi-value | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
sf-ip string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IP address of the service function to forward traffic | |
Context | configure filter ip-filter string entry number action forward esi-l3 sf-ip string | |
Tree | sf-ip | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vas-interface reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Egress R-VPLS IP interface name | |
Context | configure filter ip-filter string entry number action forward esi-l3 vas-interface reference | |
Tree | vas-interface | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vprn reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPRN service name | |
Context | configure filter ip-filter string entry number action forward esi-l3 vprn reference | |
Tree | vprn | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
gre-tunnel reference
Synopsis | GRE tunnel template ID that sets the location where an encapsulated matching packet is transported | |
Context | configure filter ip-filter string entry number action forward gre-tunnel reference | |
Tree | gre-tunnel | |
Reference | configure filter gre-tunnel-template string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
lsp string
Synopsis | LSP that is specified to forward a packet matching this entry | |
Context | configure filter ip-filter string entry number action forward lsp string | |
Tree | lsp | |
String Length | 1 to 64 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
mpls-policy
Synopsis | Enable the mpls-policy context | |
Context | configure filter ip-filter string entry number action forward mpls-policy | |
Tree | mpls-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 19.10.R1 | |
Platforms | All |
endpoint string
next-hop
Synopsis | Enable the next-hop context | |
Context | configure filter ip-filter string entry number action forward next-hop | |
Tree | next-hop | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
interface-name string
Synopsis | IP interface name that forwards matching packets | |
Context | configure filter ip-filter string entry number action forward next-hop interface-name string | |
Tree | interface-name | |
String Length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: interface-name, nh-ip, or nh-ip-vrf. | |
Introduced | 16.0.R1 | |
Platforms | All |
nh-ip
address string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IPv4 address of next hop to forward matching packets | |
Context | configure filter ip-filter string entry number action forward next-hop nh-ip address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
nh-ip-vrf
address string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IPv4 address of next hop to forward matching packets | |
Context | configure filter ip-filter string entry number action forward next-hop nh-ip-vrf address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Routing context for route lookup for forwarding packets | |
Context | configure filter ip-filter string entry number action forward next-hop nh-ip-vrf router-instance string | |
Tree | router-instance | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
redirect-policy reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Next hop or forward next hop router that forwards a packet that matches this entry | |
Context | configure filter ip-filter string entry number action forward redirect-policy reference | |
Tree | redirect-policy | |
Reference | configure filter redirect-policy string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Router name or VPRN service name | |
Context | configure filter ip-filter string entry number action forward router-instance string | |
Tree | router-instance | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
sap
Synopsis | Enable the sap context | |
Context | configure filter ip-filter string entry number action forward sap | |
Tree | sap | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
sap-id reference
vpls reference
sdp
Synopsis | Enable the sdp context | |
Context | configure filter ip-filter string entry number action forward sdp | |
Tree | sdp | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
sdp-bind-id string
Synopsis | VPLS SDP bind ID used to forward matching packets | |
Context | configure filter ip-filter string entry number action forward sdp sdp-bind-id string | |
Tree | sdp-bind-id | |
String Length | 3 to 16 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
srte-policy
Synopsis | Enable the srte-policy context | |
Context | configure filter ip-filter string entry number action forward srte-policy | |
Tree | srte-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 19.10.R1 | |
Platforms | All |
color number
endpoint string
vprn-target
Synopsis | Enable the vprn-target context | |
Context | configure filter ip-filter string entry number action forward vprn-target | |
Tree | vprn-target | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
adv-prefix string
Synopsis | Advertised IP prefix for target destination | |
Context | configure filter ip-filter string entry number action forward vprn-target adv-prefix string | |
Tree | adv-prefix | |
Introduced | 16.0.R1 | |
Platforms | All |
bgp-nh string
lsp string
vprn reference
gtp-local-breakout
Synopsis | Break out matching traffic locally from a GTP tunnel for GTP-subscriber-hosts, or forward for other entities | |
Context | configure filter ip-filter string entry number action gtp-local-breakout | |
Tree | gtp-local-breakout | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
http-redirect
Synopsis | Enable the http-redirect context | |
Context | configure filter ip-filter string entry number action http-redirect | |
Tree | http-redirect | |
Description | Commands in this context configure the filter entry action for HTTP redirection. | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
allow-override boolean
Synopsis | Override the HTTP redirect URL by a RADIUS VSA | |
Context | configure filter ip-filter string entry number action http-redirect allow-override boolean | |
Tree | allow-override | |
Description | This command specifies whether the RADIUS VSA can override the configured HTTP redirect URL for this filter entry. When configured to true, the RADIUS VSA can override the HTTP redirect URL. When configured to false, the HTTP redirect URL is not overriden. This does not apply if the CPF option is specified for the URL. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
url (keyword | http-redirect-url)
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | URL used for HTTP redirect action | |
Context | configure filter ip-filter string entry number action http-redirect url (keyword | http-redirect-url) | |
Tree | url | |
Description | This command specifies the URL to use for HTTP redirection for this filter entry. A URL can be specified or the CPF option can be used for BNG CUPS ESM sessions only. The following macro substitutions may be used: $URL — request-URI in the HTTP GET request received $MAC — a string that represents the MAC address of the subscriber host $IP — a string that represents the IP address of the subscriber host $SUB — a string that represents the subscriber ID $SAP — a string that represents a SAP ID $SAPDESC — description string configured on the SAP $CID — a string that represents the circuit ID or interface ID of the subscriber host (hexadecimal format) $RID — a string that represents the remote ID of the subscriber host (hexadecimal format) | |
String Length | 1 to 255 | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
ignore-match
Synopsis | Ignore match criteria for the entry | |
Context | configure filter ip-filter string entry number action ignore-match | |
Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
l2-aware-nat-bypass boolean
Synopsis | Divert traffic from an L2-Aware NAT subscriber | |
Context | configure filter ip-filter string entry number action l2-aware-nat-bypass boolean | |
Tree | l2-aware-nat-bypass | |
Description | When configured to true, the filter action selectively diverts traffic from a L2-Aware NAT subscriber away from NAT. This action is only applicable to L2-Aware NAT subscribers and must be configured together with action accept. Traffic identified in the match condition bypasses L2-Aware NAT. An example is to bypass NAT for on-net destinations (within the customer network). For selective NAT bypass to take effect, in addition to IP filter configuration, the L2-Aware NAT subscriber must be specifically enabled for selective bypass via the allow-bypass configuration option in the configure subscriber-mgmt sub-profile nat allow-bypass context. When configured to false, traffic that is not classified for bypass automatically diverts to L2-Aware NAT, unless it is explicitly configured in the IP filter action to be dropped. | |
Default | false | |
Introduced | 20.5.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat
Synopsis | Enable the nat context | |
Context | configure filter ip-filter string entry number action nat | |
Tree | nat | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-policy reference
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
Synopsis | NAT policy name when action is NAT | |
Context | configure filter ip-filter string entry number action nat nat-policy reference | |
Tree | nat-policy | |
Reference | configure service nat nat-policy string | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
rate-limit
Synopsis | Enable the rate-limit context | |
Context | configure filter ip-filter string entry number action rate-limit | |
Tree | rate-limit | |
Introduced | 16.0.R1 | |
Platforms | All |
extracted-traffic
Synopsis | Limit the rate of traffic extracted to the CPM | |
Context | configure filter ip-filter string entry number action rate-limit extracted-traffic | |
Tree | extracted-traffic | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
packet-length
Synopsis | Enable the packet-length context | |
Context | configure filter ip-filter string entry number action rate-limit packet-length | |
Tree | packet-length | |
Notes | The following elements are part of a choice: packet-length or ttl. | |
Introduced | 16.0.R1 | |
Platforms | All |
eq number
Synopsis | Exact match criterion for the length | |
Context | configure filter ip-filter string entry number action rate-limit packet-length eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
gt number
Synopsis | Greater than match criterion for the length | |
Context | configure filter ip-filter string entry number action rate-limit packet-length gt number | |
Tree | gt | |
Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
lt number
Synopsis | Less than match criterion for the length | |
Context | configure filter ip-filter string entry number action rate-limit packet-length lt number | |
Tree | lt | |
Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string entry number action rate-limit packet-length range | |
Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
Synopsis | Upper bound of the length range | |
Context | configure filter ip-filter string entry number action rate-limit packet-length range end number | |
Tree | end | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
start number
Synopsis | Lower bound of the length range | |
Context | configure filter ip-filter string entry number action rate-limit packet-length range start number | |
Tree | start | |
Range | 0 to 65534 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
pattern
expression string
Synopsis | Pattern expression to match | |
Context | configure filter ip-filter string entry number action rate-limit pattern expression string | |
Tree | expression | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask string
offset-type keyword
Synopsis | Starting point reference for offset value of pattern | |
Context | configure filter ip-filter string entry number action rate-limit pattern offset-type keyword | |
Tree | offset-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
Synopsis | Offset value for the pattern expression | |
Context | configure filter ip-filter string entry number action rate-limit pattern offset-value number | |
Tree | offset-value | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
pir (number | keyword)
pps-pir (number | keyword)
Synopsis | Peak information rate | |
Context | configure filter ip-filter string entry number action rate-limit pps-pir (number | keyword) | |
Tree | pps-pir | |
Range | 0 to 100000000 | |
Units | packets per second | |
Options | ||
Notes | The following elements are part of a mandatory choice: pir or pps-pir. | |
Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
ttl
eq number
gt number
lt number
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string entry number action rate-limit ttl range | |
Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
start number
reassemble
Synopsis | Forward matching packets to reassembly function | |
Context | configure filter ip-filter string entry number action reassemble | |
Tree | reassemble | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
remark
dscp keyword
secondary
forward
next-hop
nh-ip-vrf
address string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IPv4 address of next hop to forward matching packets | |
Context | configure filter ip-filter string entry number action secondary forward next-hop nh-ip-vrf address string | |
Tree | address | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Routing context for route lookup for forwarding packets | |
Context | configure filter ip-filter string entry number action secondary forward next-hop nh-ip-vrf router-instance string | |
Tree | router-instance | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
sap
sap-id reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | SAP ID used to forward packets matching the entry | |
Context | configure filter ip-filter string entry number action secondary forward sap sap-id reference | |
Tree | sap-id | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
sdp
sdp-bind-id string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPLS SDP bind ID used to forward matching packets | |
Context | configure filter ip-filter string entry number action secondary forward sdp sdp-bind-id string | |
Tree | sdp-bind-id | |
String Length | 3 to 16 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
vprn-target
Synopsis | Enable the vprn-target context | |
Context | configure filter ip-filter string entry number action secondary forward vprn-target | |
Tree | vprn-target | |
Notes | The following elements are part of a choice: next-hop, sap, sdp, or vprn-target. | |
Introduced | 21.7.R1 | |
Platforms | All |
adv-prefix string
Synopsis | Advertised IP prefix for the target destination | |
Context | configure filter ip-filter string entry number action secondary forward vprn-target adv-prefix string | |
Tree | adv-prefix | |
Introduced | 21.7.R1 | |
Platforms | All |
bgp-nh string
lsp string
vprn reference
remark
dscp keyword
tcp-mss-adjust
Synopsis | Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context | |
Context | configure filter ip-filter string entry number action tcp-mss-adjust | |
Tree | tcp-mss-adjust | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description string
Synopsis | Text description | |
Context | configure filter ip-filter string entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
egress-pbr keyword
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | PBR that has an effect when this filter is applied on egress | |
Context | configure filter ip-filter string entry number egress-pbr keyword | |
Tree | egress-pbr | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
filter-sample boolean
Synopsis | Sample matching traffic if IP interface is set to cflowd ACL mode | |
Context | configure filter ip-filter string entry number filter-sample boolean | |
Tree | filter-sample | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
interface-sample boolean
Synopsis | Sample matching traffic if IP interface is set to cflowd interface mode | |
Context | configure filter ip-filter string entry number interface-sample boolean | |
Tree | interface-sample | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
log reference
match
Synopsis | Enter the match context | |
Context | configure filter ip-filter string entry number match | |
Tree | match | |
Description | Commands in this context configure match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed. | |
Introduced | 16.0.R1 | |
Platforms | All |
destination-class number
Synopsis | Destination class as a match criterion | |
Context | configure filter ip-filter string entry number match destination-class number | |
Tree | destination-class | |
Description | This command configures the BGP destination class value as a match criterion. Filtering egress traffic on the destination class requires the destination-class-lookup command (under the ingress context for the service interface) to be enabled (set to true). | |
Range | 1 to 255 | |
Introduced | 20.7.R1 | |
Platforms | All |
dscp keyword
dst-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
ip-prefix-list reference
Synopsis | IP4 address prefix list used as match criterion | |
Context | configure filter ip-filter string entry number match dst-ip ip-prefix-list reference | |
Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
mask string
dst-port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ip-filter string entry number match dst-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
fragment keyword
icmp
code number
type number
ip
address (ipv4-prefix-with-host-bits | ipv4-address)
ip-prefix-list reference
Synopsis | IP4 address prefix list used as match criterion | |
Context | configure filter ip-filter string entry number match ip ip-prefix-list reference | |
Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 21.10.R1 | |
Platforms | All |
mask string
ip-option
mask number
type number
multiple-option boolean
Synopsis | Match based on presence of multiple options in header | |
Context | configure filter ip-filter string entry number match multiple-option boolean | |
Tree | multiple-option | |
Introduced | 16.0.R1 | |
Platforms | All |
option-present boolean
Synopsis | Match on the presence of any IP option in the packet | |
Context | configure filter ip-filter string entry number match option-present boolean | |
Tree | option-present | |
Introduced | 16.0.R1 | |
Platforms | All |
packet-length
Synopsis | Enable the packet-length context | |
Context | configure filter ip-filter string entry number match packet-length | |
Tree | packet-length | |
Introduced | 19.5.R1 | |
Platforms | All |
eq number
gt number
lt number
range
end number
start number
port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ip-filter string entry number match port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
protocol (number | keyword)
protocol-list reference
Synopsis | Name of the protocol list as a match criterion | |
Context | configure filter ip-filter string entry number match protocol-list reference | |
Tree | protocol-list | |
Reference | configure filter match-list protocol-list string | |
Notes | The following elements are part of a choice: protocol or protocol-list. | |
Introduced | 20.7.R1 | |
Platforms | All |
src-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
ip-prefix-list reference
Synopsis | IP4 address prefix list used as match criterion | |
Context | configure filter ip-filter string entry number match src-ip ip-prefix-list reference | |
Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
mask string
src-mac
address string
mask string
src-port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ip-filter string entry number match src-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
src-route-option boolean
Synopsis | Match based on presence of source route option | |
Context | configure filter ip-filter string entry number match src-route-option boolean | |
Tree | src-route-option | |
Introduced | 16.0.R1 | |
Platforms | All |
tcp-established
Synopsis | Match packets containing the TCP flag as ACK or RST | |
Context | configure filter ip-filter string entry number match tcp-established | |
Tree | tcp-established | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
Introduced | 22.10.R1 | |
Platforms | All |
tcp-flags
ack boolean
cwr boolean
ece boolean
fin boolean
ns boolean
psh boolean
rst boolean
syn boolean
urg boolean
ttl
eq number
gt number
lt number
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string entry number match ttl range | |
Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 21.10.R1 | |
Platforms | All |
end number
start number
pbr-down-action-override keyword
Synopsis | Action when PBR or PBF target for this entry is not available | |
Context | configure filter ip-filter string entry number pbr-down-action-override keyword | |
Tree | pbr-down-action-override | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
sample-profile reference
Synopsis | Cflowd sample profile ID to match packets | |
Context | configure filter ip-filter string entry number sample-profile reference | |
Tree | sample-profile | |
Description | This command allows traffic matching an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample profile ID. This option is only compatible if the associated interface is configured for interface-based sampling and is only supported for ingress sampling. An IP filter can only specify a single alternate sample profile ID for cflowd sampling, but the ID can be used in multiple entries. | |
Reference | configure cflowd sample-profile number | |
Introduced | 20.10.R1 | |
Platforms | All |
sticky-dest (number | keyword)
Synopsis | Time before action with available PBR or PBF destination and highest priority | |
Context | configure filter ip-filter string entry number sticky-dest (number | keyword) | |
Tree | sticky-dest | |
Range | 0 to 65535 | |
Units | seconds | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
filter-id number
scope keyword
shared-policer boolean
Synopsis | Share policer among active ports in the LAG | |
Context | configure filter ip-filter string shared-policer boolean | |
Tree | shared-policer | |
Description | When configured to true, and when the filter policy is configured on a LAG endpoint, the system programs the policer rates in the filter policy per line card FP of the LAG based on the number of active ports in the LAG for each FP. When configured to false, and when the filter policy is configured on a LAG endpoint, the system programs the same policer rate on each line card FP of the LAG. | |
Default | false | |
Introduced | 22.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
subscriber-mgmt
Synopsis | Enter the subscriber-mgmt context | |
Context | configure filter ip-filter string subscriber-mgmt | |
Tree | subscriber-mgmt | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
host-specific-entry
Synopsis | Enter the host-specific-entry context | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry | |
Tree | host-specific-entry | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
credit-control
Synopsis | Enter the credit-control context | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control | |
Tree | credit-control | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of range for credit control filter entries | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of range for credit control filter entries | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
Synopsis | Enter the filter-rule context | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule | |
Tree | filter-rule | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of range for inserting filter rule entries | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of range for inserting filter rule entries | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
Synopsis | Enter the watermark context | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry watermark | |
Tree | watermark | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
Synopsis | High watermark for host-specific entries, to raise a table full alarm | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry watermark high number | |
Tree | high | |
Range | 0 to 100 | |
Default | 95 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
Synopsis | Low watermark for host-specific entries, to clear a table full alarm | |
Context | configure filter ip-filter string subscriber-mgmt host-specific-entry watermark low number | |
Tree | low | |
Range | 0 to 100 | |
Default | 90 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
shared-entry
Synopsis | Enter the shared-entry context | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry | |
Tree | shared-entry | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
Synopsis | Enter the filter-rule context | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule | |
Tree | filter-rule | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of range for inserting shared host rules | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of range for inserting shared host rules | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
pcc-rule
Synopsis | Enter the pcc-rule context | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule | |
Tree | pcc-rule | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of the range for PCC rule filter entries | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of the range for PCC rule filter entries | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
Synopsis | Enable the watermark context | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry watermark | |
Tree | watermark | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
Synopsis | Limit of RADIUS shared filters before generating high watermark notification | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry watermark high number | |
Tree | high | |
Range | 1 to 8000 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
Synopsis | Limit of RADIUS or Diameter shared filters before clearing high watermark notification | |
Context | configure filter ip-filter string subscriber-mgmt shared-entry watermark low number | |
Tree | low | |
Range | 0 to 7999 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
type keyword
ipv6-exception [filter-name] string
Synopsis | Enter the ipv6-exception list instance | |
Context | configure filter ipv6-exception string | |
Tree | ipv6-exception | |
Introduced | 20.10.R1 | |
Platforms | VSR |
[filter-name] string
Synopsis | Filter name | |
Context | configure filter ipv6-exception string | |
Tree | ipv6-exception | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
description string
Synopsis | Text description | |
Context | configure filter ipv6-exception string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.10.R1 | |
Platforms | VSR |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure filter ipv6-exception string entry number | |
Tree | entry | |
Introduced | 20.10.R1 | |
Platforms | VSR |
[entry-id] number
Synopsis | ID for a match criteria and the corresponding action | |
Context | configure filter ipv6-exception string entry number | |
Tree | entry | |
Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
description string
Synopsis | Text description | |
Context | configure filter ipv6-exception string entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.10.R1 | |
Platforms | VSR |
match
Synopsis | Enter the match context | |
Context | configure filter ipv6-exception string entry number match | |
Tree | match | |
Introduced | 20.10.R1 | |
Platforms | VSR |
dst-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure filter ipv6-exception string entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure filter ipv6-exception string entry number match dst-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
mask string
dst-port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ipv6-exception string entry number match dst-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
range
end number
start number
icmp
code number
type number
next-header (number | keyword)
Synopsis | IP protocol to match | |
Context | configure filter ipv6-exception string entry number match next-header (number | keyword) | |
Tree | next-header | |
Range | 0 to 255 | |
Options | ||
Introduced | 20.10.R1 | |
Platforms |
VSR |
port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ipv6-exception string entry number match port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
range
end number
start number
src-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure filter ipv6-exception string entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure filter ipv6-exception string entry number match src-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
mask string
src-port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ipv6-exception string entry number match src-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 20.10.R1 | |
Platforms | VSR |
range
end number
start number
filter-id number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Filter ID | |
Context | configure filter ipv6-exception string filter-id number | |
Tree | filter-id | |
Range | 1 to 65535 | |
Introduced | 20.10.R1 | |
Platforms | VSR |
ipv6-filter [filter-name] string
Synopsis | Enter the ipv6-filter list instance | |
Context | configure filter ipv6-filter string | |
Tree | ipv6-filter | |
Introduced | 16.0.R1 | |
Platforms | All |
[filter-name] string
Synopsis | Filter name | |
Context | configure filter ipv6-filter string | |
Tree | ipv6-filter | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
chain-to-system-filter boolean
Synopsis | Chain filter policy to the active IPvX system filter policy | |
Context | configure filter ipv6-filter string chain-to-system-filter boolean | |
Tree | chain-to-system-filter | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
default-action keyword
Synopsis | Action for packets that do not match any entry | |
Context | configure filter ipv6-filter string default-action keyword | |
Tree | default-action | |
Default | drop | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter ipv6-filter string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
embed
Synopsis | Enter the embed context | |
Context | configure filter ipv6-filter string embed | |
Tree | embed | |
Description | Commands in this context embed a previously defined IPv6 embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only. | |
Introduced | 16.0.R1 | |
Platforms | All |
filter [name] reference offset number
[name] reference
Synopsis | IPv6 policy to be embedded in the filter | |
Context | configure filter ipv6-filter string embed filter reference offset number | |
Tree | filter | |
Reference | configure filter ipv6-filter string | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
offset number
admin-state keyword
Synopsis | Administrative state of the embedded filter | |
Context | configure filter ipv6-filter string embed filter reference offset number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
flowspec offset number
offset number
admin-state keyword
Synopsis | Administrative state of the embedded filter | |
Context | configure filter ipv6-filter string embed flowspec offset number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
group number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Interface group ID for an external configured set of flowspec rules | |
Context | configure filter ipv6-filter string embed flowspec offset number group number | |
Tree | group | |
Range | 0 to 16383 | |
Introduced | 16.0.R1 | |
Platforms | All |
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Virtual router for an external configured set of flowspec rules | |
Context | configure filter ipv6-filter string embed flowspec offset number router-instance string | |
Tree | router-instance | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
openflow [of-switch] reference offset number
[of-switch] reference
offset number
admin-state keyword
Synopsis | Administrative state of the embedded filter | |
Context | configure filter ipv6-filter string embed openflow reference offset number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R4 | |
Platforms | All |
grt
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Global routing context | |
Context | configure filter ipv6-filter string embed openflow reference offset number grt | |
Tree | grt | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
sap reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | SAP context | |
Context | configure filter ipv6-filter string embed openflow reference offset number sap reference | |
Tree | sap | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
system
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | System context | |
Context | configure filter ipv6-filter string embed openflow reference offset number system | |
Tree | system | |
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
vpls reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPLS context | |
Context | configure filter ipv6-filter string embed openflow reference offset number vpls reference | |
Tree | vpls | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
vprn reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPRN context | |
Context | configure filter ipv6-filter string embed openflow reference offset number vprn reference | |
Tree | vprn | |
Reference | ||
Notes | The following elements are part of a choice: grt, system, (sap and vpls), or vprn. | |
Introduced | 16.0.R4 | |
Platforms | All |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure filter ipv6-filter string entry number | |
Tree | entry | |
Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
Synopsis | ID for a match criteria and the corresponding action | |
Context | configure filter ipv6-filter string entry number | |
Tree | entry | |
Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
action
Synopsis | Enable the action context | |
Context | configure filter ipv6-filter string entry number action | |
Tree | action | |
Introduced | 16.0.R1 | |
Platforms | All |
accept
Synopsis | Accept regular routing to forward a matching packet | |
Context | configure filter ipv6-filter string entry number action accept | |
Tree | accept | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
accept-when
Synopsis | Enable the accept-when context | |
Context | configure filter ipv6-filter string entry number action accept-when | |
Tree | accept-when | |
Introduced | 19.5.R1 | |
Platforms | All |
pattern
Synopsis | Enable the pattern context | |
Context | configure filter ipv6-filter string entry number action accept-when pattern | |
Tree | pattern | |
Introduced | 19.5.R1 | |
Platforms | All |
expression string
Synopsis | Pattern expression to match | |
Context | configure filter ipv6-filter string entry number action accept-when pattern expression string | |
Tree | expression | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
mask string
Synopsis | Mask for the pattern expression | |
Context | configure filter ipv6-filter string entry number action accept-when pattern mask string | |
Tree | mask | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
offset-type keyword
Synopsis | Starting point reference for offset value of pattern | |
Context | configure filter ipv6-filter string entry number action accept-when pattern offset-type keyword | |
Tree | offset-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
offset-value number
Synopsis | Offset value for the pattern expression | |
Context | configure filter ipv6-filter string entry number action accept-when pattern offset-value number | |
Tree | offset-value | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
drop
drop-when
extracted-traffic
Synopsis | Drop traffic extracted to CPM | |
Context | configure filter ipv6-filter string entry number action drop-when extracted-traffic | |
Tree | extracted-traffic | |
Introduced | 16.0.R1 | |
Platforms | All |
hop-limit
eq number
gt number
lt number
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string entry number action drop-when hop-limit range | |
Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
start number
pattern
expression string
Synopsis | Pattern expression to match | |
Context | configure filter ipv6-filter string entry number action drop-when pattern expression string | |
Tree | expression | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask string
offset-type keyword
Synopsis | Starting point reference for offset value of pattern | |
Context | configure filter ipv6-filter string entry number action drop-when pattern offset-type keyword | |
Tree | offset-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
Synopsis | Offset value for the pattern expression | |
Context | configure filter ipv6-filter string entry number action drop-when pattern offset-value number | |
Tree | offset-value | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
payload-length
Synopsis | Enable the payload-length context | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length | |
Tree | payload-length | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
Introduced | 16.0.R1 | |
Platforms | All |
eq number
Synopsis | Exact match criterion for the length | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
gt number
Synopsis | Greater than match criterion for the length | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length gt number | |
Tree | gt | |
Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
lt number
Synopsis | Less than match criterion for the length | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length lt number | |
Tree | lt | |
Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length range | |
Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
Synopsis | Upper bound of the length range | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length range end number | |
Tree | end | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
start number
Synopsis | Lower bound of the length range | |
Context | configure filter ipv6-filter string entry number action drop-when payload-length range start number | |
Tree | start | |
Range | 0 to 65534 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
fc keyword
forward
bonding-connection number
Synopsis | Connection ID over which packet is forwarded | |
Context | configure filter ipv6-filter string entry number action forward bonding-connection number | |
Tree | bonding-connection | |
Range | 1 to 2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
esi-l2
Synopsis | Enable the esi-l2 context | |
Context | configure filter ipv6-filter string entry number action forward esi-l2 | |
Tree | esi-l2 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
vpls reference
esi-l3
Synopsis | Enable the esi-l3 context | |
Context | configure filter ipv6-filter string entry number action forward esi-l3 | |
Tree | esi-l3 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
esi-value string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | ESI of the first ESI-identified appliance | |
Context | configure filter ipv6-filter string entry number action forward esi-l3 esi-value string | |
Tree | esi-value | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
sf-ip string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IP address of the service function to forward traffic | |
Context | configure filter ipv6-filter string entry number action forward esi-l3 sf-ip string | |
Tree | sf-ip | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vas-interface reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Egress R-VPLS IP interface name | |
Context | configure filter ipv6-filter string entry number action forward esi-l3 vas-interface reference | |
Tree | vas-interface | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vprn reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPRN service name | |
Context | configure filter ipv6-filter string entry number action forward esi-l3 vprn reference | |
Tree | vprn | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
gre-tunnel reference
Synopsis | GRE tunnel template ID that sets the location where an encapsulated matching packet is transported | |
Context | configure filter ipv6-filter string entry number action forward gre-tunnel reference | |
Tree | gre-tunnel | |
Reference | configure filter gre-tunnel-template string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
lsp string
Synopsis | LSP that is specified to forward a packet matching this entry | |
Context | configure filter ipv6-filter string entry number action forward lsp string | |
Tree | lsp | |
String Length | 1 to 64 | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
mpls-policy
Synopsis | Enable the mpls-policy context | |
Context | configure filter ipv6-filter string entry number action forward mpls-policy | |
Tree | mpls-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 19.10.R1 | |
Platforms | All |
endpoint string
Synopsis | MPLS forwarding policy endpoint IPv6 address | |
Context | configure filter ipv6-filter string entry number action forward mpls-policy endpoint string | |
Tree | endpoint | |
Notes | This element is mandatory. | |
Introduced | 19.10.R1 | |
Platforms | All |
next-hop
Synopsis | Enable the next-hop context | |
Context | configure filter ipv6-filter string entry number action forward next-hop | |
Tree | next-hop | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
nh-ip
address string
Synopsis | IPv6 address of next hop to forward matching packets | |
Context | configure filter ipv6-filter string entry number action forward next-hop nh-ip address string | |
Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
nh-ip-vrf
address string
Synopsis | IPv6 address of next hop to forward matching packets | |
Context | configure filter ipv6-filter string entry number action forward next-hop nh-ip-vrf address string | |
Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Routing context for route lookup for forwarding packets | |
Context | configure filter ipv6-filter string entry number action forward next-hop nh-ip-vrf router-instance string | |
Tree | router-instance | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
redirect-policy reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Next hop or forward next hop router that forwards a packet that matches this entry | |
Context | configure filter ipv6-filter string entry number action forward redirect-policy reference | |
Tree | redirect-policy | |
Reference | configure filter redirect-policy string | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Router name or VPRN service name | |
Context | configure filter ipv6-filter string entry number action forward router-instance string | |
Tree | router-instance | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
sap
Synopsis | Enable the sap context | |
Context | configure filter ipv6-filter string entry number action forward sap | |
Tree | sap | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
sap-id reference
vpls reference
sdp
Synopsis | Enable the sdp context | |
Context | configure filter ipv6-filter string entry number action forward sdp | |
Tree | sdp | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
sdp-bind-id string
Synopsis | VPLS SDP bind ID used to forward matching packets | |
Context | configure filter ipv6-filter string entry number action forward sdp sdp-bind-id string | |
Tree | sdp-bind-id | |
String Length | 3 to 16 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
srte-policy
Synopsis | Enable the srte-policy context | |
Context | configure filter ipv6-filter string entry number action forward srte-policy | |
Tree | srte-policy | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 19.10.R1 | |
Platforms | All |
color number
Synopsis | SR-TE policy color ID | |
Context | configure filter ipv6-filter string entry number action forward srte-policy color number | |
Tree | color | |
Range | 0 to 4294967295 | |
Notes | This element is mandatory. | |
Introduced | 19.10.R1 | |
Platforms | All |
endpoint string
Synopsis | SR-TE policy endpoint IPv6 address | |
Context | configure filter ipv6-filter string entry number action forward srte-policy endpoint string | |
Tree | endpoint | |
Notes | This element is mandatory. | |
Introduced | 19.10.R1 | |
Platforms | All |
vprn-target
Synopsis | Enable the vprn-target context | |
Context | configure filter ipv6-filter string entry number action forward vprn-target | |
Tree | vprn-target | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target. | |
Introduced | 16.0.R1 | |
Platforms | All |
adv-prefix string
Synopsis | Advertised IP prefix for target destination | |
Context | configure filter ipv6-filter string entry number action forward vprn-target adv-prefix string | |
Tree | adv-prefix | |
Introduced | 16.0.R1 | |
Platforms | All |
bgp-nh string
Synopsis | Target BGP next hop IP address | |
Context | configure filter ipv6-filter string entry number action forward vprn-target bgp-nh string | |
Tree | bgp-nh | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
lsp string
Synopsis | LSP that is specified to forward a packet matching this entry | |
Context | configure filter ipv6-filter string entry number action forward vprn-target lsp string | |
Tree | lsp | |
String Length | 1 to 64 | |
Introduced | 16.0.R1 | |
Platforms | All |
vprn reference
Synopsis | Routing context used for route lookup | |
Context | configure filter ipv6-filter string entry number action forward vprn-target vprn reference | |
Tree | vprn | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
http-redirect
Synopsis | Enable the http-redirect context | |
Context | configure filter ipv6-filter string entry number action http-redirect | |
Tree | http-redirect | |
Description | Commands in this context configure the filter entry action for HTTP redirection. | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
allow-override boolean
Synopsis | Override the HTTP redirect URL by a RADIUS VSA | |
Context | configure filter ipv6-filter string entry number action http-redirect allow-override boolean | |
Tree | allow-override | |
Description | This command specifies whether the RADIUS VSA can override the configured HTTP redirect URL for this filter entry. When configured to true, the RADIUS VSA can override the HTTP redirect URL. When configured to false, the HTTP redirect URL is not overriden. This does not apply if the CPF option is specified for the URL. | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
url (keyword | http-redirect-url)
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | URL used for HTTP redirect action | |
Context | configure filter ipv6-filter string entry number action http-redirect url (keyword | http-redirect-url) | |
Tree | url | |
Description | This command specifies the URL to use for HTTP redirection for this filter entry. A URL can be specified or the CPF option can be used for BNG CUPS ESM sessions only. The following macro substitutions may be used: $URL — request-URI in the HTTP GET request received $MAC — a string that represents the MAC address of the subscriber host $IP — a string that represents the IP address of the subscriber host $SUB — a string that represents the subscriber ID $SAP — a string that represents a SAP ID $SAPDESC — description string configured on the SAP $CID — a string that represents the circuit ID or interface ID of the subscriber host (hexadecimal format) $RID — a string that represents the remote ID of the subscriber host (hexadecimal format) | |
String Length | 1 to 255 | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
ignore-match
Synopsis | Ignore match criteria for the entry | |
Context | configure filter ipv6-filter string entry number action ignore-match | |
Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | All |
nat
Synopsis | Enable the nat context | |
Context | configure filter ipv6-filter string entry number action nat | |
Tree | nat | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-policy reference
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
Synopsis | NAT policy name when action is NAT | |
Context | configure filter ipv6-filter string entry number action nat nat-policy reference | |
Tree | nat-policy | |
Reference | configure service nat nat-policy string | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
nat-type keyword
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
Synopsis | NAT type to assign when action is NAT | |
Context | configure filter ipv6-filter string entry number action nat nat-type keyword | |
Tree | nat-type | |
Options | ||
Notes |
This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
rate-limit
Synopsis | Enable the rate-limit context | |
Context | configure filter ipv6-filter string entry number action rate-limit | |
Tree | rate-limit | |
Introduced | 16.0.R1 | |
Platforms | All |
extracted-traffic
Synopsis | Limit the rate of traffic extracted to the CPM | |
Context | configure filter ipv6-filter string entry number action rate-limit extracted-traffic | |
Tree | extracted-traffic | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
hop-limit
Synopsis | Enable the hop-limit context | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit | |
Tree | hop-limit | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
Introduced | 16.0.R1 | |
Platforms | All |
eq number
Synopsis | Equal to condition match value | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit eq number | |
Tree | eq | |
Range | 0 to 255 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
gt number
Synopsis | Greater than condition match value | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit gt number | |
Tree | gt | |
Range | 0 to 254 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
lt number
Synopsis | Less than condition match value | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit lt number | |
Tree | lt | |
Range | 1 to 255 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit range | |
Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
Synopsis | Upper bound of the range | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit range end number | |
Tree | end | |
Range | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
start number
Synopsis | Lower bound of the range | |
Context | configure filter ipv6-filter string entry number action rate-limit hop-limit range start number | |
Tree | start | |
Range | 0 to 254 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
pattern
Synopsis | Enable the pattern context | |
Context | configure filter ipv6-filter string entry number action rate-limit pattern | |
Tree | pattern | |
Introduced | 16.0.R4 | |
Platforms | All |
expression string
Synopsis | Pattern expression to match | |
Context | configure filter ipv6-filter string entry number action rate-limit pattern expression string | |
Tree | expression | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
mask string
Synopsis | Mask for the pattern expression | |
Context | configure filter ipv6-filter string entry number action rate-limit pattern mask string | |
Tree | mask | |
String Length | 3 to 18 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
offset-type keyword
Synopsis | Starting point reference for offset value of pattern | |
Context | configure filter ipv6-filter string entry number action rate-limit pattern offset-type keyword | |
Tree | offset-type | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
offset-value number
Synopsis | Offset value for the pattern expression | |
Context | configure filter ipv6-filter string entry number action rate-limit pattern offset-value number | |
Tree | offset-value | |
Range | 0 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R4 | |
Platforms | All |
payload-length
Synopsis | Enable the payload-length context | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length | |
Tree | payload-length | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
Introduced | 16.0.R1 | |
Platforms | All |
eq number
Synopsis | Exact match criterion for the length | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length eq number | |
Tree | eq | |
Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
gt number
Synopsis | Greater than match criterion for the length | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length gt number | |
Tree | gt | |
Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
lt number
Synopsis | Less than match criterion for the length | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length lt number | |
Tree | lt | |
Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length range | |
Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
Synopsis | Upper bound of the length range | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length range end number | |
Tree | end | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
start number
Synopsis | Lower bound of the length range | |
Context | configure filter ipv6-filter string entry number action rate-limit payload-length range start number | |
Tree | start | |
Range | 0 to 65534 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
pir (number | keyword)
Synopsis | Peak information rate | |
Context | configure filter ipv6-filter string entry number action rate-limit pir (number | keyword) | |
Tree | pir | |
Range | 0 to 2000000000 | |
Units | kilobps | |
Options | ||
Notes | The following elements are part of a mandatory choice: pir or pps-pir. | |
Introduced | 16.0.R1 | |
Platforms | All |
pps-pir (number | keyword)
Synopsis | Peak information rate | |
Context | configure filter ipv6-filter string entry number action rate-limit pps-pir (number | keyword) | |
Tree | pps-pir | |
Range | 0 to 100000000 | |
Units | packets per second | |
Options | ||
Notes | The following elements are part of a mandatory choice: pir or pps-pir. | |
Introduced | 22.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
remark
dscp keyword
secondary
forward
next-hop
nh-ip-vrf
address string
Synopsis | IPv6 address of next hop to forward matching packets | |
Context | configure filter ipv6-filter string entry number action secondary forward next-hop nh-ip-vrf address string | |
Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
indirect boolean
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Routing context for route lookup for forwarding packets | |
Context | configure filter ipv6-filter string entry number action secondary forward next-hop nh-ip-vrf router-instance string | |
Tree | router-instance | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
sap
sap-id reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | SAP ID used to forward packets matching the entry | |
Context | configure filter ipv6-filter string entry number action secondary forward sap sap-id reference | |
Tree | sap-id | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
sdp
sdp-bind-id string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPLS SDP bind ID used to forward matching packets | |
Context | configure filter ipv6-filter string entry number action secondary forward sdp sdp-bind-id string | |
Tree | sdp-bind-id | |
String Length | 3 to 16 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
vprn-target
Synopsis | Enable the vprn-target context | |
Context | configure filter ipv6-filter string entry number action secondary forward vprn-target | |
Tree | vprn-target | |
Notes | The following elements are part of a choice: next-hop, sap, sdp, or vprn-target. | |
Introduced | 21.7.R1 | |
Platforms | All |
adv-prefix string
Synopsis | Advertised IP prefix for the target destination | |
Context | configure filter ipv6-filter string entry number action secondary forward vprn-target adv-prefix string | |
Tree | adv-prefix | |
Introduced | 21.7.R1 | |
Platforms | All |
bgp-nh string
Synopsis | Target BGP next hop IP address | |
Context | configure filter ipv6-filter string entry number action secondary forward vprn-target bgp-nh string | |
Tree | bgp-nh | |
Notes | This element is mandatory. | |
Introduced | 21.7.R1 | |
Platforms | All |
lsp string
Synopsis | LSP that is specified to forward a packet matching this entry | |
Context | configure filter ipv6-filter string entry number action secondary forward vprn-target lsp string | |
Tree | lsp | |
String Length | 1 to 64 | |
Introduced | 21.7.R1 | |
Platforms | All |
vprn reference
remark
dscp keyword
tcp-mss-adjust
Synopsis | Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context | |
Context | configure filter ipv6-filter string entry number action tcp-mss-adjust | |
Tree | tcp-mss-adjust | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
description string
Synopsis | Text description | |
Context | configure filter ipv6-filter string entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
egress-pbr keyword
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | PBR that has an effect when this filter is applied on egress | |
Context | configure filter ipv6-filter string entry number egress-pbr keyword | |
Tree | egress-pbr | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
filter-sample boolean
Synopsis | Sample matching traffic if IP interface is set to cflowd ACL mode | |
Context | configure filter ipv6-filter string entry number filter-sample boolean | |
Tree | filter-sample | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
interface-sample boolean
Synopsis | Sample matching traffic if IP interface is set to cflowd interface mode | |
Context | configure filter ipv6-filter string entry number interface-sample boolean | |
Tree | interface-sample | |
Default | true | |
Introduced | 16.0.R1 | |
Platforms | All |
log reference
match
Synopsis | Enter the match context | |
Context | configure filter ipv6-filter string entry number match | |
Tree | match | |
Description | Commands in this context provide match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed. | |
Introduced | 16.0.R1 | |
Platforms | All |
destination-class number
Synopsis | Destination class as a match criterion | |
Context | configure filter ipv6-filter string entry number match destination-class number | |
Tree | destination-class | |
Description | This command configures the BGP destination class value as a match criterion. Filtering egress traffic on the destination class requires the destination-class-lookup command (under the ingress context for the service interface) to be enabled (set to true). | |
Range | 1 to 255 | |
Introduced | 20.7.R1 | |
Platforms | All |
dscp keyword
dst-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure filter ipv6-filter string entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure filter ipv6-filter string entry number match dst-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
mask string
dst-port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ipv6-filter string entry number match dst-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
extension-header
Synopsis | Enter the extension-header context | |
Context | configure filter ipv6-filter string entry number match extension-header | |
Tree | extension-header | |
Introduced | 16.0.R1 | |
Platforms | All |
ah boolean
Synopsis | Match a packet as per the existence of an AH Extension Header | |
Context | configure filter ipv6-filter string entry number match extension-header ah boolean | |
Tree | ah | |
Introduced | 16.0.R1 | |
Platforms | All |
esp boolean
Synopsis | Match a packet as per the existence of an Encapsulation security payload extension header | |
Context | configure filter ipv6-filter string entry number match extension-header esp boolean | |
Tree | esp | |
Introduced | 16.0.R1 | |
Platforms | All |
hop-by-hop boolean
Synopsis | Match on Hop-by-Hop Options Extension Header existence | |
Context | configure filter ipv6-filter string entry number match extension-header hop-by-hop boolean | |
Tree | hop-by-hop | |
Introduced | 16.0.R2 | |
Platforms | All |
routing-type0 boolean
Synopsis | Match a packet as per the existence of a routing Extension Header | |
Context | configure filter ipv6-filter string entry number match extension-header routing-type0 boolean | |
Tree | routing-type0 | |
Introduced | 16.0.R1 | |
Platforms | All |
flow-label
Synopsis | Enable the flow-label context | |
Context | configure filter ipv6-filter string entry number match flow-label | |
Tree | flow-label | |
Introduced | 16.0.R1 | |
Platforms | All |
mask number
Synopsis | Flow label mask for this policy IP filter entry | |
Context | configure filter ipv6-filter string entry number match flow-label mask number | |
Tree | mask | |
Range | 1 to 1048575 | |
Default | 1048575 | |
Introduced | 16.0.R1 | |
Platforms | All |
value number
Synopsis | Flow label as match criterion | |
Context | configure filter ipv6-filter string entry number match flow-label value number | |
Tree | value | |
Range | 0 to 1048575 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
fragment keyword
hop-limit
eq number
gt number
lt number
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string entry number match hop-limit range | |
Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 21.10.R1 | |
Platforms | All |
end number
start number
icmp
code number
type number
ip
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure filter ipv6-filter string entry number match ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 21.10.R1 | |
Platforms | All |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure filter ipv6-filter string entry number match ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 21.10.R1 | |
Platforms | All |
mask string
next-header (number | keyword)
Synopsis | IP protocol to match | |
Context | configure filter ipv6-filter string entry number match next-header (number | keyword) | |
Tree | next-header | |
Range | 0 to 255 | |
Options | ||
Notes |
The following elements are part of a choice: next-header or next-header-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
next-header-list reference
Synopsis | Name of the protocol list as a match criterion | |
Context | configure filter ipv6-filter string entry number match next-header-list reference | |
Tree | next-header-list | |
Reference | configure filter match-list protocol-list string | |
Notes | The following elements are part of a choice: next-header or next-header-list. | |
Introduced | 20.7.R1 | |
Platforms | All |
packet-length
Synopsis | Enable the packet-length context | |
Context | configure filter ipv6-filter string entry number match packet-length | |
Tree | packet-length | |
Introduced | 19.5.R1 | |
Platforms | All |
eq number
Synopsis | Exact match criterion for the length | |
Context | configure filter ipv6-filter string entry number match packet-length eq number | |
Tree | eq | |
Range | 40 to 65575 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 19.5.R1 | |
Platforms | All |
gt number
Synopsis | Greater than match criterion for the length | |
Context | configure filter ipv6-filter string entry number match packet-length gt number | |
Tree | gt | |
Range | 40 to 65574 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 19.5.R1 | |
Platforms | All |
lt number
Synopsis | Less than match criterion for the length | |
Context | configure filter ipv6-filter string entry number match packet-length lt number | |
Tree | lt | |
Range | 41 to 65575 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 19.5.R1 | |
Platforms | All |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string entry number match packet-length range | |
Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
Introduced | 19.5.R1 | |
Platforms | All |
end number
Synopsis | Upper bound of packet length range as match criterion | |
Context | configure filter ipv6-filter string entry number match packet-length range end number | |
Tree | end | |
Range | 41 to 65575 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
start number
Synopsis | Lower bound of packet length range as match criterion | |
Context | configure filter ipv6-filter string entry number match packet-length range start number | |
Tree | start | |
Range | 40 to 65574 | |
Notes | This element is mandatory. | |
Introduced | 19.5.R1 | |
Platforms | All |
port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ipv6-filter string entry number match port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
src-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
Synopsis | IPv6 address used as the match criterion | |
Context | configure filter ipv6-filter string entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
ipv6-prefix-list reference
Synopsis | IPv6 address prefix list used as match criterion | |
Context | configure filter ipv6-filter string entry number match src-ip ipv6-prefix-list reference | |
Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list string | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
Introduced | 16.0.R1 | |
Platforms | All |
mask string
src-mac
address string
mask string
src-port
eq number
gt number
lt number
port-list reference
Synopsis | Name of the port list as the match criterion | |
Context | configure filter ipv6-filter string entry number match src-port port-list reference | |
Tree | port-list | |
Reference | configure filter match-list port-list string | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
Introduced | 16.0.R1 | |
Platforms | All |
range
end number
start number
tcp-established
Synopsis | Match packets containing the TCP flag as ACK or RST | |
Context | configure filter ipv6-filter string entry number match tcp-established | |
Tree | tcp-established | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
Introduced | 22.10.R1 | |
Platforms | All |
tcp-flags
ack boolean
cwr boolean
ece boolean
fin boolean
ns boolean
psh boolean
rst boolean
syn boolean
urg boolean
pbr-down-action-override keyword
Synopsis | Action when PBR or PBF target for this entry is not available | |
Context | configure filter ipv6-filter string entry number pbr-down-action-override keyword | |
Tree | pbr-down-action-override | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
sample-profile reference
Synopsis | Cflowd sample profile ID to match packets | |
Context | configure filter ipv6-filter string entry number sample-profile reference | |
Tree | sample-profile | |
Description | This command allows traffic matching an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample profile ID. This option is only compatible if the associated interface is configured for interface-based sampling and is only supported for ingress sampling. An IP filter can only specify a single alternate sample profile ID for cflowd sampling, but the ID can be used in multiple entries. | |
Reference | configure cflowd sample-profile number | |
Introduced | 20.10.R1 | |
Platforms | All |
sticky-dest (number | keyword)
Synopsis | Time before action with available PBR or PBF destination and highest priority | |
Context | configure filter ipv6-filter string entry number sticky-dest (number | keyword) | |
Tree | sticky-dest | |
Range | 0 to 65535 | |
Units | seconds | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
filter-id number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | IPv6 filter identifier | |
Context | configure filter ipv6-filter string filter-id number | |
Tree | filter-id | |
Range | 1 to 65535 | |
Introduced | 16.0.R1 | |
Platforms | All |
scope keyword
Synopsis | Scope of this filter definition | |
Context | configure filter ipv6-filter string scope keyword | |
Tree | scope | |
Default | template | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
All |
shared-policer boolean
Synopsis | Share policer among active ports in the LAG | |
Context | configure filter ipv6-filter string shared-policer boolean | |
Tree | shared-policer | |
Description | When configured to true, and when the filter policy is configured on a LAG endpoint, the system programs the policer rates in the filter policy per line card FP of the LAG based on the number of active ports in the LAG for each FP. When configured to false, and when the filter policy is configured on a LAG endpoint, the system programs the same policer rate on each line card FP of the LAG. | |
Default | false | |
Introduced | 22.7.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS |
subscriber-mgmt
Synopsis | Enter the subscriber-mgmt context | |
Context | configure filter ipv6-filter string subscriber-mgmt | |
Tree | subscriber-mgmt | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
host-specific-entry
Synopsis | Enter the host-specific-entry context | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry | |
Tree | host-specific-entry | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
credit-control
Synopsis | Enter the credit-control context | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control | |
Tree | credit-control | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of range for credit control filter entries | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of range for credit control filter entries | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
Synopsis | Enter the filter-rule context | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule | |
Tree | filter-rule | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of range for inserting filter rule entries | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of range for inserting filter rule entries | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
Synopsis | Enter the watermark context | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark | |
Tree | watermark | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
Synopsis | High watermark for host-specific entries, to raise a table full alarm | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark high number | |
Tree | high | |
Range | 0 to 100 | |
Default | 95 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
Synopsis | Low watermark for host-specific entries, to clear a table full alarm | |
Context | configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark low number | |
Tree | low | |
Range | 0 to 100 | |
Default | 90 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
shared-entry
Synopsis | Enter the shared-entry context | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry | |
Tree | shared-entry | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
filter-rule
Synopsis | Enter the filter-rule context | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule | |
Tree | filter-rule | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of range for inserting shared host rules | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of range for inserting shared host rules | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
pcc-rule
Synopsis | Enter the pcc-rule context | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule | |
Tree | pcc-rule | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
range
Synopsis | Enable the range context | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range | |
Tree | range | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
end number
Synopsis | Upper bound of the range for PCC rule filter entries | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range end number | |
Tree | end | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
start number
Synopsis | Lower bound of the range for PCC rule filter entries | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range start number | |
Tree | start | |
Range | 1 to 2097151 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
watermark
Synopsis | Enable the watermark context | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry watermark | |
Tree | watermark | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
high number
Synopsis | Limit of RADIUS shared filters before generating high watermark notification | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry watermark high number | |
Tree | high | |
Range | 1 to 8000 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
low number
Synopsis | Limit of RADIUS or Diameter shared filters before clearing high watermark notification | |
Context | configure filter ipv6-filter string subscriber-mgmt shared-entry watermark low number | |
Tree | low | |
Range | 0 to 7999 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
type keyword
Synopsis | Set of match criteria for the filter policy | |
Context | configure filter ipv6-filter string type keyword | |
Tree | type | |
Description | This command configures the filter policy type that defines the list of match criteria supported in a filter policy. | |
Default | normal | |
Options | ||
Introduced | 19.5.R1 | |
Platforms | All |
log [log-id] number
[log-id] number
admin-state keyword
Synopsis | Administrative state of filter logging | |
Context | configure filter log number admin-state keyword | |
Tree | admin-state | |
Default | enable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter log number description string | |
Tree | description | |
String Length | 0 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
destination
Synopsis | Enter the destination context | |
Context | configure filter log number destination | |
Tree | destination | |
Introduced | 16.0.R1 | |
Platforms | All |
memory
Synopsis | Enter the memory context | |
Context | configure filter log number destination memory | |
Tree | memory | |
Notes | The following elements are part of a choice: memory or syslog. | |
Introduced | 16.0.R1 | |
Platforms | All |
max-entries number
Synopsis | Maximum number of memory entries that the log can store | |
Context | configure filter log number destination memory max-entries number | |
Tree | max-entries | |
Range | 1 to 50000 | |
Default | 1000 | |
Introduced | 16.0.R1 | |
Platforms |
All |
stop-on-full boolean
Synopsis | Stop logging when maximum number of memory entries is reached or wrap-around is used | |
Context | configure filter log number destination memory stop-on-full boolean | |
Tree | stop-on-full | |
Default | false | |
Introduced | 16.0.R1 | |
Platforms | All |
syslog
Synopsis | Enter the syslog context | |
Context | configure filter log number destination syslog | |
Tree | syslog | |
Notes | The following elements are part of a choice: memory or syslog. | |
Introduced | 16.0.R1 | |
Platforms | All |
name reference
summary
admin-state keyword
Synopsis | Administrative state of filter log summarization | |
Context | configure filter log number destination syslog summary admin-state keyword | |
Tree | admin-state | |
Default | disable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
summary-crit keyword
Synopsis | Summary for filter log entries | |
Context | configure filter log number destination syslog summary summary-crit keyword | |
Tree | summary-crit | |
Default | src-addr | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
mac-filter [filter-name] string
Synopsis | Enter the mac-filter list instance | |
Context | configure filter mac-filter string | |
Tree | mac-filter | |
Introduced | 16.0.R1 | |
Platforms | All |
[filter-name] string
Synopsis | Filter name | |
Context | configure filter mac-filter string | |
Tree | mac-filter | |
String Length | 1 to 64 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
default-action keyword
Synopsis | Action for packets that do not match any entry | |
Context | configure filter mac-filter string default-action keyword | |
Tree | default-action | |
Default | drop | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter mac-filter string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
embed
Synopsis | Enter the embed context | |
Context | configure filter mac-filter string embed | |
Tree | embed | |
Description | Commands in this context embed a previously defined MAC embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only. | |
Introduced | 16.0.R1 | |
Platforms | All |
entry [entry-id] number
Synopsis | Enter the entry list instance | |
Context | configure filter mac-filter string entry number | |
Tree | entry | |
Introduced | 16.0.R1 | |
Platforms | All |
[entry-id] number
Synopsis | ID for a match criteria and the corresponding action | |
Context | configure filter mac-filter string entry number | |
Tree | entry | |
Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
action
Synopsis | Enable the action context | |
Context | configure filter mac-filter string entry number action | |
Tree | action | |
Introduced | 16.0.R1 | |
Platforms | All |
accept
drop
forward
esi-l2
esi-value string
vpls reference
sap
sap-id reference
vpls reference
sdp
sdp-bind-id string
Synopsis | VPLS SDP bind ID used to forward matching packets | |
Context | configure filter mac-filter string entry number action forward sdp sdp-bind-id string | |
Tree | sdp-bind-id | |
String Length | 3 to 16 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
http-redirect
Synopsis | Enable the http-redirect context | |
Context | configure filter mac-filter string entry number action http-redirect | |
Tree | http-redirect | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match. | |
Introduced | 16.0.R1 | |
Platforms | All |
url string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | URL that is used for redirecting | |
Context | configure filter mac-filter string entry number action http-redirect url string | |
Tree | url | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
ignore-match
Synopsis | Ignore match criteria for the entry | |
Context | configure filter mac-filter string entry number action ignore-match | |
Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match. | |
Introduced | 16.0.R1 | |
Platforms | All |
rate-limit
Synopsis | Enable the rate-limit context | |
Context | configure filter mac-filter string entry number action rate-limit | |
Tree | rate-limit | |
Introduced | 16.0.R1 | |
Platforms | All |
pir (number | keyword)
Synopsis | Peak information rate | |
Context | configure filter mac-filter string entry number action rate-limit pir (number | keyword) | |
Tree | pir | |
Range | 0 to 2000000000 | |
Units | kilobps | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
secondary
forward
sap
sap-id reference
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | SAP ID used to forward packets matching the entry | |
Context | configure filter mac-filter string entry number action secondary forward sap sap-id reference | |
Tree | sap-id | |
Reference | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
sdp
sdp-bind-id string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | VPLS SDP bind ID used to forward matching packets | |
Context | configure filter mac-filter string entry number action secondary forward sdp sdp-bind-id string | |
Tree | sdp-bind-id | |
String Length | 3 to 16 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
vpls reference
description string
Synopsis | Text description | |
Context | configure filter mac-filter string entry number description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
log reference
match
Synopsis | Enter the match context | |
Context | configure filter mac-filter string entry number match | |
Tree | match | |
Introduced | 16.0.R1 | |
Platforms | All |
dot1p
mask number
priority number
dst-mac
address string
mask string
etype string
frame-type keyword
Synopsis | MAC frame as match criteria | |
Context | configure filter mac-filter string entry number match frame-type keyword | |
Tree | frame-type | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
All |
inner-tag
mask number
Synopsis | Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value | |
Context | configure filter mac-filter string entry number match inner-tag mask number | |
Tree | mask | |
Range | 1 to 4095 | |
Default | 4095 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tag number
Synopsis | Matching value against VID of the second or first VLAN tag in the packet carried transparently | |
Context | configure filter mac-filter string entry number match inner-tag tag number | |
Tree | tag | |
Range | 0 to 4095 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
isid
range
end number
start number
value number
Synopsis | Lowest value of 24-bit service instance identifier for the service matching this entry | |
Context | configure filter mac-filter string entry number match isid value number | |
Tree | value | |
Range | 0 to 16777215 | |
Notes | The following elements are part of a choice: range or value. | |
Introduced | 16.0.R1 | |
Platforms | All |
llc-dsap
dsap number
mask number
llc-ssap
mask number
ssap number
outer-tag
mask number
Synopsis | Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value | |
Context | configure filter mac-filter string entry number match outer-tag mask number | |
Tree | mask | |
Range | 1 to 4095 | |
Default | 4095 | |
Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tag number
Synopsis | Matching value against VID of the second or first VLAN tag in the packet carried transparently | |
Context | configure filter mac-filter string entry number match outer-tag tag number | |
Tree | tag | |
Range | 0 to 4095 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
snap-oui keyword
snap-pid number
src-mac
address string
mask string
pbr-down-action-override keyword
Synopsis | Action when PBR or PBF target for this entry is not available | |
Context | configure filter mac-filter string entry number pbr-down-action-override keyword | |
Tree | pbr-down-action-override | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
sticky-dest (number | keyword)
Synopsis | Time before action with available PBR or PBF destination and highest priority | |
Context | configure filter mac-filter string entry number sticky-dest (number | keyword) | |
Tree | sticky-dest | |
Range | 0 to 65535 | |
Units | seconds | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
filter-id number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | MAC filter ID | |
Context | configure filter mac-filter string filter-id number | |
Tree | filter-id | |
Range | 1 to 65535 | |
Introduced | 16.0.R1 | |
Platforms | All |
scope keyword
Synopsis | Scope of this filter definition | |
Context | configure filter mac-filter string scope keyword | |
Tree | scope | |
Default | template | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
All |
type keyword
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | MAC filter policy | |
Context | configure filter mac-filter string type keyword | |
Tree | type | |
Default | normal | |
Options | ||
Introduced | 16.0.R1 | |
Platforms |
All |
match-list
Synopsis | Enter the match-list context | |
Context | configure filter match-list | |
Tree | match-list | |
Introduced | 16.0.R1 | |
Platforms | All |
ip-prefix-list [prefix-list-name] string
Synopsis | Enter the ip-prefix-list list instance | |
Context | configure filter match-list ip-prefix-list string | |
Tree | ip-prefix-list | |
Introduced | 16.0.R1 | |
Platforms | All |
[prefix-list-name] string
Synopsis | IP prefix list name | |
Context | configure filter match-list ip-prefix-list string | |
Tree | ip-prefix-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
apply-path
Synopsis | Enter the apply-path context | |
Context | configure filter match-list ip-prefix-list string apply-path | |
Tree | apply-path | |
Introduced | 16.0.R1 | |
Platforms | All |
bgp-peers [criterion-index] number
Synopsis | Enter the bgp-peers list instance | |
Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number | |
Tree | bgp-peers | |
Introduced | 16.0.R1 | |
Platforms | All |
[criterion-index] number
Synopsis | BGP peers auto-generation configuration index | |
Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number | |
Tree | bgp-peers | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
group string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Regular expression to match against the base router BGP instance group configuration | |
Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number group string | |
Tree | group | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
neighbor string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Regular expression to match against the base router BGP instance neighbor configuration | |
Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number neighbor string | |
Tree | neighbor | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Target routing instance | |
Context | configure filter match-list ip-prefix-list string apply-path bgp-peers number router-instance string | |
Tree | router-instance | |
Default | Base | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter match-list ip-prefix-list string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
prefix [ip-prefix] string
Synopsis | Add a list entry for prefix | |
Context | configure filter match-list ip-prefix-list string prefix string | |
Tree | prefix | |
Description | Commands in this context add IPv4 prefixes to the prefix match list. Prefixes can overlap IPv4 address space. An IPv4 prefix addition is blocked if resource exhaustion is detected anywhere in the system due to filter policies that use the prefix list. | |
Max. Instances | 8192 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ip-prefix] string
Synopsis | IPv4 prefix to be added to the prefix list | |
Context | configure filter match-list ip-prefix-list string prefix string | |
Tree | prefix | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R3 | |
Platforms | All |
prefix-exclude [ip-prefix] string
Synopsis | Add a list entry for prefix-exclude | |
Context | configure filter match-list ip-prefix-list string prefix-exclude string | |
Tree | prefix-exclude | |
Description | Commands in this context exclude IPv4 prefixes from the prefix match list. This command is mutually exclusive with the apply-path command. | |
Max. Instances | 512 | |
Introduced | 16.0.R4 | |
Platforms | All |
[ip-prefix] string
Synopsis | IPv4 prefix to be added to the prefix list | |
Context | configure filter match-list ip-prefix-list string prefix-exclude string | |
Tree | prefix-exclude | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
ipv6-prefix-list [prefix-list-name] string
Synopsis | Enter the ipv6-prefix-list list instance | |
Context | configure filter match-list ipv6-prefix-list string | |
Tree | ipv6-prefix-list | |
Introduced | 16.0.R1 | |
Platforms | All |
[prefix-list-name] string
Synopsis | IP prefix list name | |
Context | configure filter match-list ipv6-prefix-list string | |
Tree | ipv6-prefix-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
apply-path
Synopsis | Enter the apply-path context | |
Context | configure filter match-list ipv6-prefix-list string apply-path | |
Tree | apply-path | |
Introduced | 16.0.R1 | |
Platforms | All |
bgp-peers [criterion-index] number
Synopsis | Enter the bgp-peers list instance | |
Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number | |
Tree | bgp-peers | |
Introduced | 16.0.R1 | |
Platforms | All |
[criterion-index] number
Synopsis | BGP peers auto-generation configuration index | |
Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number | |
Tree | bgp-peers | |
Range | 1 to 255 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
group string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Regular expression to match against the base router BGP instance group configuration | |
Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number group string | |
Tree | group | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
neighbor string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Regular expression to match against the base router BGP instance neighbor configuration | |
Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number neighbor string | |
Tree | neighbor | |
String Length | 1 to 255 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
router-instance string
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Target routing instance | |
Context | configure filter match-list ipv6-prefix-list string apply-path bgp-peers number router-instance string | |
Tree | router-instance | |
Default | Base | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter match-list ipv6-prefix-list string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
prefix [ipv6-prefix] string
Synopsis | Add a list entry for prefix | |
Context | configure filter match-list ipv6-prefix-list string prefix string | |
Tree | prefix | |
Max. Instances | 8192 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ipv6-prefix] string
Synopsis | IPv6 prefix to be added to the prefix list | |
Context | configure filter match-list ipv6-prefix-list string prefix string | |
Tree | prefix | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R3 | |
Platforms | All |
prefix-exclude [ipv6-prefix] string
Synopsis | Add a list entry for prefix-exclude | |
Context | configure filter match-list ipv6-prefix-list string prefix-exclude string | |
Tree | prefix-exclude | |
Description | Commands in this context exclude IPv6 prefixes from the prefix match list. This command is mutually exclusive with the apply-path command. | |
Max. Instances | 512 | |
Introduced | 16.0.R4 | |
Platforms | All |
[ipv6-prefix] string
Synopsis | IPv6 prefix to be added to the prefix list | |
Context | configure filter match-list ipv6-prefix-list string prefix-exclude string | |
Tree | prefix-exclude | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
port-list [port-list-name] string
Synopsis | Enter the port-list list instance | |
Context | configure filter match-list port-list string | |
Tree | port-list | |
Max. Instances | 5120 | |
Introduced | 16.0.R1 | |
Platforms | All |
[port-list-name] string
Synopsis | Port list name | |
Context | configure filter match-list port-list string | |
Tree | port-list | |
Description | This command specifies the port list name. If special characters are used (#, $, spaces, and so on), the string must be enclosed within double quotes. | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter match-list port-list string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
port [value] number
Synopsis | Add a list entry for port | |
Context | configure filter match-list port-list string port number | |
Tree | port | |
Introduced | 16.0.R1 | |
Platforms | All |
[value] number
Synopsis | Port value | |
Context | configure filter match-list port-list string port number | |
Tree | port | |
Range | 0 to 65535 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
range start number end number
start number
end number
protocol-list [protocol-list-name] string
Synopsis | Enter the protocol-list list instance | |
Context | configure filter match-list protocol-list string | |
Tree | protocol-list | |
Max. Instances | 512 | |
Introduced | 20.7.R1 | |
Platforms | All |
[protocol-list-name] string
Synopsis | Protocol list name | |
Context | configure filter match-list protocol-list string | |
Tree | protocol-list | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 20.7.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter match-list protocol-list string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 20.7.R1 | |
Platforms | All |
protocol [protocol-id] (number | keyword)
Synopsis | Add a list entry for protocol | |
Context | configure filter match-list protocol-list string protocol (number | keyword) | |
Tree | protocol | |
Max. Instances | 32 | |
Introduced | 20.7.R1 | |
Platforms | All |
[protocol-id] (number | keyword)
Synopsis | IP protocol identifier | |
Context | configure filter match-list protocol-list string protocol (number | keyword) | |
Tree | protocol | |
Range | 0 to 255 | |
Options | ||
Notes | This element is part of a list key. | |
Introduced | 20.7.R1 | |
Platforms | All |
md-auto-id
Synopsis | Enter the md-auto-id context | |
Context | configure filter md-auto-id | |
Tree | md-auto-id | |
Introduced | 16.0.R1 | |
Platforms | All |
filter-id-range
Synopsis | Enable the filter-id-range context | |
Context | configure filter md-auto-id filter-id-range | |
Tree | filter-id-range | |
Introduced | 16.0.R1 | |
Platforms | All |
end number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Upper bound of the ID range | |
Context | configure filter md-auto-id filter-id-range end number | |
Tree | end | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
start number
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
Synopsis | Lower bound of the ID range | |
Context | configure filter md-auto-id filter-id-range start number | |
Tree | start | |
Range | 1 to 65535 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R1 | |
Platforms | All |
redirect-policy [redirect-policy-name] string
Synopsis | Enter the redirect-policy list instance | |
Context | configure filter redirect-policy string | |
Tree | redirect-policy | |
Introduced | 16.0.R1 | |
Platforms | All |
[redirect-policy-name] string
Synopsis | Redirect policy name | |
Context | configure filter redirect-policy string | |
Tree | redirect-policy | |
Description | This command specifies the redirect policy name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the redirect policy | |
Context | configure filter redirect-policy string admin-state keyword | |
Tree | admin-state | |
Default | disable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter redirect-policy string description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
destination [destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Enter the destination list instance | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | destination | |
Introduced | 16.0.R1 | |
Platforms | All |
[destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address and type of destination | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | destination | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R1 | |
Platforms | All |
admin-state keyword
Synopsis | Administrative state of the destination | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) admin-state keyword | |
Tree | admin-state | |
Default | disable | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
description string
Synopsis | Text description | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) description string | |
Tree | description | |
String Length | 1 to 80 | |
Introduced | 16.0.R1 | |
Platforms | All |
ping-test
Synopsis | Enable the ping-test context | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test | |
Tree | ping-test | |
Introduced | 16.0.R1 | |
Platforms | All |
drop-count number
Synopsis | Number of consecutive requests that fail before destination is declared unreachable | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test drop-count number | |
Tree | drop-count | |
Range | 1 to 60 | |
Default | 3 | |
Introduced | 16.0.R1 | |
Platforms |
All |
hold-down number
Synopsis | Time for the system to be held down if this test has marked it unreachable | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test hold-down number | |
Tree | hold-down | |
Range | 0 to 86400 | |
Default | 0 | |
Units | seconds | |
Introduced | 16.0.R1 | |
Platforms | All |
interval number
Synopsis | Time between consecutive requests which are sent to the far end host | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test interval number | |
Tree | interval | |
Range | 1 to 60 | |
Default | 1 | |
Units | seconds | |
Introduced | 16.0.R1 | |
Platforms | All |
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | Source address to use in the IP packet of the ping test | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | source-address | |
Introduced | 16.0.R4 | |
Platforms | All |
timeout number
Synopsis | Time required to receive a response from the far end host | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test timeout number | |
Tree | timeout | |
Range | 1 to 60 | |
Default | 1 | |
Units | seconds | |
Introduced | 16.0.R1 | |
Platforms | All |
priority number
Synopsis | Priority for this destination | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) priority number | |
Tree | priority | |
Range | 1 to 255 | |
Default | 100 | |
Introduced | 16.0.R1 | |
Platforms |
All |
unicast-rt-test
Synopsis | Enable the unicast-rt-test context | |
Context | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) unicast-rt-test | |
Tree | unicast-rt-test | |
Introduced | 16.0.R1 | |
Platforms | All |
notify-dest-change boolean
Synopsis | Send notifications when the active destination changes | |
Context | configure filter redirect-policy string notify-dest-change boolean | |
Tree | notify-dest-change | |
Description | When configured to true, notifications (such as Log and SNMP) are sent when the active destination of a redirect policy changes. No notification is sent when there are no more active destinations (as this scenario is covered by another notification). When configured to false, the notification generation is disabled. | |
Default | false | |
Introduced | 16.0.R4 | |
Platforms | All |
router-instance string
Synopsis | Routing context to use for route lookup | |
Context | configure filter redirect-policy string router-instance string | |
Tree | router-instance | |
Introduced | 16.0.R1 | |
Platforms | All |
sticky-dest (number | keyword)
Synopsis | Time required by system before applying the current best destination as active destination | |
Context | configure filter redirect-policy string sticky-dest (number | keyword) | |
Tree | sticky-dest | |
Range | 0 to 65535 | |
Units | seconds | |
Options | ||
Introduced | 16.0.R1 | |
Platforms | All |
redirect-policy-binding [binding-name] string
Synopsis | Enter the redirect-policy-binding list instance | |
Context | configure filter redirect-policy-binding string | |
Tree | redirect-policy-binding | |
Max. Instances | 16 | |
Introduced | 16.0.R4 | |
Platforms | All |
[binding-name] string
Synopsis | Binding name | |
Context | configure filter redirect-policy-binding string | |
Tree | redirect-policy-binding | |
String Length | 1 to 32 | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
binding-operator keyword
Synopsis | Logical operator used to obtain the master test result | |
Context | configure filter redirect-policy-binding string binding-operator keyword | |
Tree | binding-operator | |
Description | This command configures the logical operator to use with the destinations' test results to obtain the master test result (the redirect policy binding test result). | |
Default | and | |
Options | ||
Introduced | 16.0.R4 | |
Platforms | All |
redirect-policy [redirect-policy-name] reference
Synopsis | Enter the redirect-policy list instance | |
Context | configure filter redirect-policy-binding string redirect-policy reference | |
Tree | redirect-policy | |
Introduced | 16.0.R4 | |
Platforms | All |
[redirect-policy-name] reference
Synopsis | Redirect policy name | |
Context | configure filter redirect-policy-binding string redirect-policy reference | |
Tree | redirect-policy | |
Reference | configure filter redirect-policy string | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
destination [destination-address] reference
Synopsis | Add a list entry for destination | |
Context | configure filter redirect-policy-binding string redirect-policy reference destination reference | |
Tree | destination | |
Min. Instances | 1 | |
Introduced | 16.0.R4 | |
Platforms | All |
[destination-address] reference
Synopsis | IP address of redirect policy destination to binding | |
Context | configure filter redirect-policy-binding string redirect-policy reference destination reference | |
Tree | destination | |
Reference | configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R4 | |
Platforms | All |
system-filter
Synopsis | Enter the system-filter context | |
Context | configure filter system-filter | |
Tree | system-filter | |
Introduced | 16.0.R1 | |
Platforms | All |
ip [ip-filter] reference
Synopsis | Add a list entry for ip | |
Context | configure filter system-filter ip reference | |
Tree | ip | |
Max. Instances | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ip-filter] reference
ipv6 [ipv6-filter] reference
Synopsis | Add a list entry for ipv6 | |
Context | configure filter system-filter ipv6 reference | |
Tree | ipv6 | |
Max. Instances | 1 | |
Introduced | 16.0.R1 | |
Platforms | All |
[ipv6-filter] reference
Synopsis | Active IPv6 system filter policy | |
Context | configure filter system-filter ipv6 reference | |
Tree | ipv6 | |
Reference | configure filter ipv6-filter string | |
Notes | This element is part of a list key. | |
Introduced | 16.0.R3 | |
Platforms | All |