a Commands

aa-admit-deny

aa-admit-deny

Syntax

aa-admit-deny

Context

[Tree] (config>app-assure>group>statistics aa-admit-deny)

Full Context

configure application-assurance group statistics aa-admit-deny

Description

Commands in this context configure admit-deny statistics generation.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-interface

aa-interface

Syntax

aa-interface aa-if-name [create]

no aa-interface aa-if-name

Context

[Tree] (config>service>vprn aa-interface)

[Tree] (config>service>ies aa-interface)

Full Context

configure service vprn aa-interface

configure service ies aa-interface

Description

This commands creates a new AA interface within an IES or VPRN service. It is used by the aa-isa to send/receive IPv4 traffic. In the context of ICAP url-filtering this interface is used by the ISA to establish ICAP TCP connections to the ICAP servers.

This interface supports /31 subnet only, and uses by default .1q encapsulation.

The system will automatically configure the ISA IP address based on the address configured by the operator under the aa-interface object (which represents the ISA sap facing interface on the ISA).

Parameters

aa-if-name

specifies the name of the AA Interface.

create

Keyword that specifies to create the interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-specific

aa-specific

Syntax

[no] aa-specific

Context

[Tree] (config>log>acct-policy>cr aa-specific)

Full Context

configure log accounting-policy custom-record aa-specific

Description

Commands in this context configure information for this custom record.

The no form of this command excludes aa-specific attributes in the AA subscriber's custom record.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub

aa-sub

Syntax

aa-sub esm {eq | neq} sub-ident-string

aa-sub esm-mac {eq | neq} esm-mac-name

aa-sub sap {eq | neq} sap-id

aa-sub spoke-sdp {eq | neq} sdp-id:vc-id

aa-sub transit {eq | neq} transit-aasub-name

no aa-sub

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match aa-sub)

Full Context

configure application-assurance group policy app-qos-policy entry match aa-sub

Description

This command specifies a Service Access Point (SAP) or an ESM subscriber as matching criteria.

The no form of this command removes the SAP or ESM matching criteria.

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

sub-ident-string

Specifies the name of an existing application assurance subscriber.

esm-mac-name

Specifies the name of an ESM-MAC subscriber.

sap-id

Specifies the SAP ID.

sap sap-id

Specifies the physical port identifier portion of the SAP definition.

sdp-id:vc-id

Specifies the spoke SDP ID and VC ID.

Values

1 to 32767

1 to 4294967295

transit-aasub-name

Specifies the name of a transit AA subscriber.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub

Syntax

aa-sub

Context

[Tree] (config>app-assure>group>statistics aa-sub)

Full Context

configure application-assurance group statistics aa-sub

Description

Commands in this context configure accounting and statistics collection parameters per application assurance subscribers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub

Syntax

[no] aa-sub {esm sub-ident-string | sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name | esm-mac esm-mac-name }

Context

[Tree] (config>app-assure>group>statistics>aa-sub-study aa-sub)

Full Context

configure application-assurance group statistics aa-sub-study aa-sub

Description

This command adds an existing subscriber identification to a group of special study subscribers (for example, subscribers for which per subscriber statistics and accounting records can be collected for protocols and applications of application assurance).

The no form of this command removes the subscriber from the special study subscribers.

Up to 100 subscribers can be configured into the special study group for protocols and up to a 100 potentially different subscribers can be configured into the special study group for applications.

When adding a subscriber to the special study group, accounting records and statistics generation will commence immediately. When removing a subscriber from the group, special study statistics and accounting records for that subscriber in the current interval will be lost.

Parameters

sub-ident-string

Specifies the name of a subscriber ID. The subscriber does not need to be currently active. Any sub-ident-string will be accepted. When the subscriber becomes active, statistics generation will start automatically at that time.

sap-id

Specifies the physical port identifier portion of the SAP definition.

spoke-id sdp-id:vc-id

Specifies the spoke SDP ID and VC ID.

Values

1 to 32767

1 to 4294967295

transit-aasub-name

Specifies an existing transit subscriber name string, up to 32 characters in length.

esm-mac-name

Specifies an existing ESM-MAC subscriber name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub

Syntax

aa-sub transit-aasub-name

no aa-sub

Context

[Tree] (config>app-assure>group>transit-prefix-policy>entry aa-sub)

Full Context

configure application-assurance group transit-prefix-policy entry aa-sub

Description

This command configures a transit prefix policy entry subscriber.

The no form of this command removes the transit subscriber name from the transit prefix policy configuration.

Parameters

transit-aasub-name

specifies the name of the transit prefix AA subscriber up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-attributes

aa-sub-attributes

Syntax

aa-sub-attributes [all]

no aa-sub-attributes

Context

[Tree] (config>log>acct-policy>cr>aa aa-sub-attributes)

Full Context

configure log accounting-policy custom-record aa-specific aa-sub-attributes

Description

Commands in this context configure aa-specific attributes such as aa-sub-attributes and counters that will be available in the AA subscriber's custom record.

The no form of this command excludes aa specific attributes from the AA subscriber's custom record.

Parameters

all

Specifies all counters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-congestion-detection

aa-sub-congestion-detection

Syntax

aa-sub-congestion-detection

Context

[Tree] (config>app-assure>group aa-sub-congestion-detection)

Full Context

configure application-assurance group aa-sub-congestion-detection

Description

Commands in this context configure Non-Location Based DEM (NLB-DEM) parameters.

Note:

NLB-DEM and Access-Network Location (ANL) DEM mode are mutually exclusive, and cannot operate simultaneously.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-counters

aa-sub-counters

Syntax

aa-sub-counters [all]

no aa-sub-counters

Context

[Tree] (config>log>acct-policy>cr>aa aa-sub-counters)

Full Context

configure log accounting-policy custom-record aa-specific aa-sub-counters

Description

Commands in this context configure subscriber counter information. This command only applies to the 7750 SR.

The no form of this command excludes the aa-sub-counters attributes in the AA subscriber's custom record.

Parameters

all

Specifies all counters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-ip

aa-sub-ip

Syntax

aa-sub-ip ip-address[/mask]

no aa-sub-ip

Context

[Tree] (config>app-assure>group>transit-prefix-policy>entry>match aa-sub-ip)

Full Context

configure application-assurance group transit-prefix-policy entry match aa-sub-ip

Description

This command configures a transit prefix subscriber ip address prefix. It is used when the site is on the local side, being the same side of the system as the parent SAP. The local aa-sub-ip addresses represent the src-IP in the from-SAP direction and dest-IP in the to-SAP direction.

The no form of this command deletes the aa-sub-ip address assigned from the entry configuration.

Default

no aa-sub-ip

Parameters

ip-address[/mask]

Specifies the address type of the subscriber address prefix associated with this transit prefix policy entry.

Values

ip-address[/mask] :

ipv4-address - a.b.c.d[/mask]

mask - [1..32]

ipv6-address - x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-remote

aa-sub-remote

Syntax

[no] aa-sub-remote

Context

[Tree] (config>app-assure>group aa-sub-remote)

Full Context

configure application-assurance group aa-sub-remote

Description

This command specifies whether or not the from subscriber and to subscriber traffic direction is reversed for this group-partition.

Default

no aa-sub-remote

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-study

aa-sub-study

Syntax

aa-sub-study study-type

Context

[Tree] (config>app-assure>group>statistics aa-sub-study)

Full Context

configure application-assurance group statistics aa-sub-study

Description

Commands in this context configure accounting and statistics collection parameters per application assurance special study subscribers.

Parameters

study-type

Specifies special study protocol subscriber stats.

Values

application, protocol

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-suppressible

aa-sub-suppressible

Syntax

aa-sub-suppressible

no aa-sub-suppressible

Context

[Tree] (config>app-assure>group>policy>app-profile aa-sub-suppressible)

Full Context

configure application-assurance group policy app-profile aa-sub-suppressible

Description

This command configures an app-profile as "aa-sub-suppressible”, this function is used in the context of an SRRP group interface. If an SRRP group interface is configured as "suppress-aa-sub” then subscribers with an app-profile configured as "aa-sub-suppressible” will not be diverted to Application Assurance.

The no form of this command restores the default behavior.

Default

no aa-sub-suppressible

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-sub-tethering-state

aa-sub-tethering-state

Syntax

aa-sub-tethering-state {detected | not-detected}

no aa-sub-tethering-state

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match aa-sub-tethering-state)

Full Context

configure application-assurance group policy app-qos-policy entry match aa-sub-tethering-state

Description

This command specifies the tethering state of the subscriber where the AQP match entry will be applied.

The tethering state match condition is meaningful when configured in non-default subscriber policy AQP. Default subscriber policy consists of those AQPs that include match criteria based on the subscriber’s configuration. Tethering state match condition is also applicable in those AQPs that include matching criteria that are derived from actual subscriber’s traffic.

The no form of this command removes detection of sub-tethering state from the configuration.

Default

no aa-sub-tethering-state

Parameters

detected

Specifies that the subscriber is in the tethering state.

not-detected

Specifies that the subscriber is not in the tethering state.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aa-url-parameter

aa-url-parameter

Syntax

aa-url-parameter url-param-string

Context

[Tree] (config>subscr-mgmt>http-rdr-plcy aa-url-parameter)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm aa-url-parameter)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm aa-url-parameter)

Full Context

configure subscriber-mgmt http-redirect-policy aa-url-parameter

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt aa-url-parameter

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt aa-url-parameter

Description

This command configures the AA URL parameter that is used for HTTP portal redirect.

Parameters

url-param-string

Specifies an AA URL parameter, up to 247 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

aaa

aaa

Syntax

aaa

Context

[Tree] (config aaa)

Full Context

configure aaa

Description

Commands in this context configure authentication, authorization, and accounting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

aaa

Syntax

aaa

Context

[Tree] (config>service>vprn aaa)

Full Context

configure service vprn aaa

Description

Commands in this context configure AAA on the VPRN.

Platforms

All

aarp

aarp

Syntax

aarp aarpId type type

no aarp

Context

[Tree] (config>service>epipe>spoke-sdp aarp)

[Tree] (config>service>epipe>sap aarp)

Full Context

configure service epipe spoke-sdp aarp

configure service epipe sap aarp

Description

This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.

The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.

The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.

Default

no aarp

Parameters

aarpid

Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.

Values

1 to 65535

type

Specifies the role of the SAP referenced by the AARP instance.

Values

dual-homed — The primary dual-homed AA subscriber side service-point of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

dual-homed-secondary — One of the secondary dual-homed AA subscriber side service-points of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp

Syntax

aarp aarp-id type {subscriber-side-shunt | network-side-shunt}

no aarp

Context

[Tree] (config>service>ipipe>spoke-sdp aarp)

Full Context

configure service ipipe spoke-sdp aarp

Description

This command associates an AARP instance to an Ipipe spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.

The no form of this command removes the association.

Default

no aarp

Parameters

aarp-id

An integer that identifies an AARP instance.

Values

1 to 65535

subscriber-side-shunt

Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.

network-side-shunt

Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp

Syntax

aarp aarp-id type {subscriber-side-shunt | network-side-shunt}

no aarp

Context

[Tree] (config>service>ies>aarp-interface>spoke-sdp aarp)

Full Context

configure service ies aarp-interface spoke-sdp aarp

Description

This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.

The no form of this command removes the association.

Default

no aarp

Parameters

aarp-id

Specifies an integer that identifies an AARP instance.

Values

1 to 65535

subscriber-side-shunt

Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.

network-side-shunt

Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp

Syntax

aarp aarpId type type

no aarp

Context

[Tree] (config>service>ies>if>spoke-sdp aarp)

[Tree] (config>service>ies>if>sap aarp)

Full Context

configure service ies interface spoke-sdp aarp

configure service ies interface sap aarp

Description

This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.

The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.

The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.

Default

no aarp

Parameters

aarpId

Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.

Values

1 to 65535

type

Specifies the role of the SAP referenced by the AARP instance.

Values

dual-homed — The primary dual-homed AA subscriber side service-point of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

dual-homed-secondary — One of the secondary dual-homed AA subscriber side service-points of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp

Syntax

aarp aarp-id type {subscriber-side-shunt | network-side-shunt}

no aarp

Context

[Tree] (config>service>vprn>aarp-interface>spoke-sdp aarp)

Full Context

configure service vprn aarp-interface spoke-sdp aarp

Description

This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.

The no form of this command removes the association.

Default

no aarp

Parameters

aarp-id

An integer that identifies an AARP instance.

Values

1 to 65535

subscriber-side-shunt

Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.

network-side-shunt

Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp

Syntax

aarp aarpId type type

no aarp

Context

[Tree] (config>service>vprn>if>sap aarp)

[Tree] (config>service>vprn>if>spoke-sdp aarp)

Full Context

configure service vprn interface sap aarp

configure service vprn interface spoke-sdp aarp

Description

This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.

The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.

The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.

Default

no aarp

Parameters

aarpId

Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.

Values

1 to 65535

type

Specifies the role of the SAP referenced by the AARP instance.

Values

dual-homed — The primary dual-homed AA subscriber side service-point of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

dual-homed-secondary — One of the secondary dual-homed AA subscriber side service-points of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp

Syntax

aarp aarpId [create]

no aarp aarpId

Context

[Tree] (config>application-assurance aarp)

Full Context

configure application-assurance aarp

Description

This command defines an Application Assurance Redundancy Protocol (AARP) instance. This instance is paired with the same aarpId in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.

The no form of this command removes the instance from the configuration.

Parameters

aarpid

An integer that identifies an AARP instance.

Values

1 to 65535

create

Keyword used to create the AARP instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp-interface

aarp-interface

Syntax

aarp-interface aarp-interface-name [create]

no aarp-interface aarp-interface-name

Context

[Tree] (config>service>ies aarp-interface)

Full Context

configure service ies aarp-interface

Description

This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.

The no form of this command deletes the interface.

Default

no aarp-interface

Parameters

aarp-interface-name

Specifies a string of up to 32 characters identifying the interface.

create

Keyword used to create the AARP interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

aarp-interface

Syntax

aarp-interface aarp-interface-name [create]

no aarp-interface aarp-interface-name

Context

[Tree] (config>service>vprn aarp-interface)

Full Context

configure service vprn aarp-interface

Description

This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.

The no form of this command deletes the interface.

Default

no aarp-interface

Parameters

aarp-interface-name

Specifies the AARP interface name.

create

Keyword used to create the AARP interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

abandon-tcp-optimization

abandon-tcp-optimization

Syntax

[no] abandon-tcp-optimization

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action abandon-tcp-optimization)

Full Context

configure application-assurance group policy app-qos-policy entry action abandon-tcp-optimization

Description

This command causes TCPO to stop for flows matching this AQP entry. The flows are counted as TCPO abandoned by policy flows.

The no form of this command removes abandon TCPO from actions on flows matching this AQP entry.

Default

no abandon-tcp-optimization

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

abort

abort

Syntax

abort

Context

[Tree] (config>app-assure>group>policy abort)

Full Context

configure application-assurance group policy abort

Description

This command ends the current editing session and aborts any changes entered during this policy editing session.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

abort

Syntax

abort

Context

[Tree] (config>router>bfd abort)

Full Context

configure router bfd abort

Description

This command discards the changes made to a BFD template during an active session.

Platforms

All

abort

Syntax

abort

Context

[Tree] (config>router>route-next-hop-policy abort)

Full Context

configure router route-next-hop-policy abort

Description

This command discards the changes made to route next-hop templates during an active session.

Platforms

All

abort

Syntax

abort

Context

[Tree] (config>system>sync-if-timing abort)

Full Context

configure system sync-if-timing abort

Description

This command is required to discard changes that have been made to the synchronous interface timing configuration during a session.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

abort

Syntax

abort

Context

[Tree] (config>router>policy-options abort)

Full Context

configure router policy-options abort

Description

This command is required to discard changes made to a route policy.

Platforms

All

above-offered-allowance

above-offered-allowance

Syntax

[no] above-offered-allowance

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution above-offered-allowance)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution above-offered-allowance

Description

Commands in this context edit the parameters that control the child's above-offered-allowance bandwidth. These parameters are only applicable when the port scheduler is configured to use the above-offered-allowance-control algorithm, otherwise they are ignored.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

above-offered-cap

above-offered-cap

Syntax

above-offered-cap {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}

no above-offered-cap

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution above-offered-cap)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution above-offered-cap

Description

This command is used to limit the operationally configured shaping or policing rate on the child associated with the policy. After the parent virtual scheduler or policer control policy determines the appropriate rate for a specific child, a separate operation decides the actual PIR that should be configured for that child. When the parent determines that the distributed rate is equal to or less than the child’s offered rate, the configured operational PIR will be equal to that determined rate. But when the parent determines that the child’s offered rate is less than the available bandwidth the child could consume, the operational PIR may be set to a value larger than the distributed bandwidth. This extra rate is not currently used by the child because the offered rate is less. The system provides this extra bandwidth in case the child’s offered rate increases before the next sampling interval is complete, to mitigate the periodic nature of the child’s operational PIR adjustments. The increase in the offered rate is not subtracted from the parent’s remaining distribution bandwidth for lower priority children, only the determined rate is considered consumed by the parent virtual scheduler or policer control policy instance. The actual operationally configured PIR will never be greater than the child’s administratively defined PIR.

This 'fair share’ PIR configuration behavior may result in the sum of the children’s PIRs exceeding the aggregate rate of the parent. If this behavior violates the downstream QoS requirements, the above-offered-cap command may be used to minimize or eliminate the increase in the child’s configured PIR.

If the above-offered-cap command is used with a percent-based value, the increase is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not needed. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.

If the child’s administrative PIR is modified while a percent based above-offered-cap is in effect, the system automatically uses the new relative limit value the next time the child’s operational PIR is distributed.

When this command is not specified or removed, the child’s operational 'fair share’ operational PIR may be configured up to the child’s administrative PIR, based on the actual parental bandwidth available at the child’s priority level.

The no form of this command is used to remove a fair share operational PIR rate increase limit from all child policers and queues associated with the policy.

Parameters

percent-of-admin-pir

When the percent qualifier is used, the following percent-of-admin-pir parameter specifies the percentage of the child’s administrative PIR that is used as the fair share increase limit. The new operational PIR result is capped by the child’s PIR. If a value of 0 or 0.00 is used, the system will disable the fair share increase function and only configure the actual distribution rate. If a value of 100 or 100.00 is used, the system will interpret this equivalent to executing the no above-offered-cap command and return the fair-share operation to the default behavior.

Values

0.00 to 100.00

rate-in-kilobits-per-second

When the rate qualifier is used, the rate-in-kilobits-per-second parameter specifies an explicit rate, in kb/s, that are used as the limit to the child’s fair share increase to the operational PIR. The new operational PIR result is capped by the child’s PIR. If a value of 0 is used, the system will disable the fair share increase function and only configure the actual distribution rate.

Values

0 to 100,000,000

Platforms

All

absolute

absolute

Syntax

absolute microseconds

no absolute

Context

[Tree] (config>test-oam>link-meas>template>asw>thr absolute)

[Tree] (config>test-oam>link-meas>template>sw>thr absolute)

Full Context

configure test-oam link-measurement measurement-template aggregate-sample-window threshold absolute

configure test-oam link-measurement measurement-template sample-window threshold absolute

Description

This command specifies the delta, in microseconds, that a new delay measurement must differ from the previously reported measurement to be reported directly to the routing engine.

The no form of this command reverts to the default value.

Default

absolute 0

Parameters

microseconds

Specifies the difference, in microseconds.

A value of 0 (zero) indicates that the absolute threshold is not used for reporting.

Values

0 to 100000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ac-df-capability

ac-df-capability

Syntax

ac-df-capability {include | exclude}

Context

[Tree] (config>service>system>bgp-evpn>eth-seg ac-df-capability)

Full Context

configure service system bgp-evpn ethernet-segment ac-df-capability

Description

This command configures the inclusion or exclusion of the Attachment Circuit-influenced (AC-Influenced) designated forwarder (DF) election capability (AC-DF) capability into the DF Election for the Ethernet Segment.

The SR OS supports the AC-DF capability, in accordance with RFC8584. The include option is the default command setting. The AC-DF capability is enabled by default to support the EVPN auto-discovery per EVI/ES (AD per EVI/ES) routes for a specific PE, which ensures that the PE is included in the candidate DF election list.

Configuring the exclude option disables the AC-DF capability. When ac-df-capability exclude is configured on a specific Ethernet Segment (ES), the presence or absence of the AD per EVI/ES routes from the ES peers do not modify the candidate DF Election list for the ES. The exclude option is recommended in ESs that use an oper-group monitored by the access LAG to signal standby lacp or power-off.

All PE routers attached to the same ES must be configured consistently for the AC-DF capability.

Default

ac-df-capability include

Parameters

include

Specifies that AC-DF capability is enabled.

exclude

Specifies that AC-DF capability is disabled.

Platforms

All

accept-authorization-change

accept-authorization-change

Syntax

[no] accept-authorization-change

Context

[Tree] (config>subscr-mgmt>auth-policy accept-authorization-change)

Full Context

configure subscriber-mgmt authentication-policy accept-authorization-change

Description

This command specifies whether or not the system should handle the CoA messages initiated by the RADIUS server, and provide for mid-session interval changes of policies applicable to subscriber hosts.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accept-coa

accept-coa

Syntax

[no] accept-coa

Context

[Tree] (config>service>vprn>radius-server>server accept-coa)

[Tree] (config>router>radius-server>server accept-coa)

Full Context

configure service vprn radius-server server accept-coa

configure router radius-server server accept-coa

Description

This command configures this server for Change of Authorization messages. The system will process the CoA request from the external server if configured with this command; otherwise the CoA request is dropped.

The no form of this command disables the command.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accept-from-ebgp

accept-from-ebgp

Syntax

accept-from-ebgp family [family]

no accept-from-ebgp

Context

[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth accept-from-ebgp)

[Tree] (config>service>vprn>bgp>group>link-bandwidth accept-from-ebgp)

Full Context

configure service vprn bgp group neighbor link-bandwidth accept-from-ebgp

configure service vprn bgp group link-bandwidth accept-from-ebgp

Description

This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to three families may be configured.

The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.

Default

no accept-from-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

Platforms

All

accept-from-ebgp

Syntax

accept-from-ebgp family [family]

no accept-from-ebgp

Context

[Tree] (config>router>bgp>group>neighbor>link-bandwidth accept-from-ebgp)

[Tree] (config>router>bgp>group>link-bandwidth accept-from-ebgp)

Full Context

configure router bgp group neighbor link-bandwidth accept-from-ebgp

configure router bgp group link-bandwidth accept-from-ebgp

Description

This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to six families may be configured.

The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.

Default

no accept-from-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

vpn-ipv4 — Adds a link-bandwidth extended community to IPv4 VPN (SAFI 128) routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

label-ipv6 — Adds a link-bandwidth extended community to labeled-unicast IPv6 routes.

vpn-ipv6 — Adds a link-bandwidth extended community to IPv6 VPN (SAFI 128) routes.

Platforms

All

accept-ivpls-evpn-flush

accept-ivpls-evpn-flush

Syntax

[no] accept-ivpls-evpn-flush

Context

[Tree] (config>service>vpls>bgp-evpn accept-ivpls-evpn-flush)

Full Context

configure service vpls bgp-evpn accept-ivpls-evpn-flush

Description

This command enables the system to accept non-zero Ethernet tag MAC routes and process them only for C-MAC flushing. This command can be changed on the fly without shutting down BGP-EVPN MPLS.

The no version of the command prevents the router from processing B-MAC/ISID routes for cmac-flush.

Default

no accept-ivpls-evpn-flush

Platforms

All

accept-mrru

accept-mrru

Syntax

[no] accept-mrru

Context

[Tree] (config>subscr-mgmt>ppp-policy>mlppp accept-mrru)

Full Context

configure subscriber-mgmt ppp-policy mlppp accept-mrru

Description

This command is applicable only to LAC. MRRU option is an indication that the session is of MLPPPoX type. The 7750 SR LAC never initiates the MRRU option in LCP negotiation process. However, it responds to MRRU negotiation request by the client.

This command provides an option to specifically enable or disable negotiation of MLPPPoX on a capture SAP level or on a group interface level.

The no form of this command causes the MRRU option in LCP to not be negotiated by LAC.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

accept-orf

accept-orf

Syntax

[no] accept-orf

Context

[Tree] (config>router>bgp>group>neighbor>outbound-route-filtering>extended-community accept-orf)

[Tree] (config>router>bgp>outbound-route-filtering>extended-community accept-orf)

[Tree] (config>router>bgp>group>outbound-route-filtering>extended-community accept-orf)

Full Context

configure router bgp group neighbor outbound-route-filtering extended-community accept-orf

configure router bgp outbound-route-filtering extended-community accept-orf

configure router bgp group outbound-route-filtering extended-community accept-orf

Description

This command instructs the router to negotiate the receive capability in the BGP ORF negotiation with a peer, and accept filters that the peer wants to send.

The no form of this command causes the router to remove the accept capability in the BGP ORF negotiation with a peer, and to clear any existing ORF filters that are currently in place.

Default

no accept-orf

Platforms

All

accept-remote-loopback

accept-remote-loopback

Syntax

[no] accept-remote-loopback

Context

[Tree] (config>port>ethernet>efm-oam accept-remote-loopback)

Full Context

configure port ethernet efm-oam accept-remote-loopback

Description

This command enables reactions to loopback control OAM PDUs from peers.

The no form of this command disables reactions to loopback control OAM PDUs.

Default

no accept-remote-loopback

Platforms

All

accept-script-policy

accept-script-policy

Syntax

accept-script-policy policy-name

no accept-script-policy

Context

[Tree] (config>aaa>radius-srv-plcy accept-script-policy)

Full Context

configure aaa radius-server-policy accept-script-policy

Description

This command specifies the RADIUS script policy used to change the RADIUS attributes of the incoming Access-Accept messages.

Parameters

policy-name

Specifies the name of the Python script to modify Access-Accept messages, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accept-script-policy

Syntax

accept-script-policy policy-name

no accept-script-policy

Context

[Tree] (config>subscr-mgmt>auth-policy accept-script-policy)

Full Context

configure subscriber-mgmt authentication-policy accept-script-policy

Description

This command specifies the RADIUS script policy used to change the RADIUS attributes of the incoming Access-Accept messages.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the name of the Python script to modify Access-Accept messages, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accept-unprotected-errormsg

accept-unprotected-errormsg

Syntax

[no] accept-unprotected-errormsg

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 accept-unprotected-errormsg)

Full Context

configure system security pki ca-profile cmpv2 accept-unprotected-errormsg

Description

This command enables the system to accept both protected and unprotected CMPv2 error message. Without this command, system will only accept protected error messages.

The no form of this command causes the system to only accept protected PKI confirmation message.

Default

no accept-unprotected-errormsg

Platforms

All

accept-unprotected-pkiconf

accept-unprotected-pkiconf

Syntax

[no] accept-unprotected-pkiconf

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 accept-unprotected-pkiconf)

Full Context

configure system security pki ca-profile cmpv2 accept-unprotected-pkiconf

Description

This command enables the system to accept both protected and unprotected CMPv2 PKI confirmation messages. Without this command, the system will only accept protected PKI confirmation message.

The no form of this command causes the system to only accept protected PKI confirmation message.

Default

no accept-unprotected-pkiconf

Platforms

All

access

access

Syntax

access router router-instance

access service service-name

no access

Context

[Tree] (config>subscr-mgmt>steering-profile access)

Full Context

configure subscriber-mgmt steering-profile access

Description

This command specifies a routing instance to be used as a network VAS router in the steering profile.

The no form of this command removes the router instance.

Parameters

router-instance

Specifies the router instance to be used as an access VAS router.

Values

router-instance:

router-name | vprn-svc-id

router-name:

"Base”

vprn-svc-id:

1 to 2147483647

service-name

Specifies the service name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

access

Syntax

access

Context

[Tree] (config>port>ethernet access)

Full Context

configure port ethernet access

Description

This command configures Ethernet access port parameters.

Platforms

All

access

Syntax

[no] access

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext access)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext access)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access

Description

Commands in this context configure the access side of HLE for the VLAN range.

The no form of this command disables the vRGW parameters enabled in this context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

access

Syntax

access

Context

[Tree] (config>port access)

[Tree] (config>card>mda access)

Full Context

configure port access

configure card mda access

Description

This command enables the access context to configure egress and ingress pool policy parameters.

On the MDA level, access egress and ingress pools are only allocated on channelized MDAs.

Platforms

All

access

Syntax

access

Context

[Tree] (config>card>fp>ingress access)

Full Context

configure card fp ingress access

Description

This CLI node contains the access forwarding-plane parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

access

Syntax

access

Context

[Tree] (config>lag access)

Full Context

configure lag access

Description

Commands in this context configure access parameters.

Platforms

All

access

Syntax

access

Context

[Tree] (config>eth-tunnel>lag-emulation access)

Full Context

configure eth-tunnel lag-emulation access

Description

Commands in this context configure eth-tunnel loadsharing access parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

access

Syntax

[no] access

Context

[Tree] (config>service>vprn>snmp access)

Full Context

configure service vprn snmp access

Description

This command enables SNMP access using VPRN interface addresses. This command allows SNMP messages destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router. SNMP messages that arrive on VPRN interfaces but are destined to IP addresses in the Base routing context that can be accessed in the VPRN (for example, the router system address via grt leaking) do not require snmp access to be enabled but do require allow-local-management to be enabled.

Using an SNMP community defined inside the VPRN context (configure service vprn snmp community) allows access to a subset of the full SNMP data model. This subset can be seen in the output of show system security view "vprn-view".

Using an SNMP community defined in the system context (configure system security snmp community) allows access to the full SNMP data model (unless otherwise restricted used SNMP views).

Alternatively, grt leaking and a Base routing IP address can be used (along with an SNMP community defined at the system context) to get access to the entire SNMP data model (see the allow-local-management command).

The Nokia NSP cannot discover or fully manage an SR OS router using an SNMP community defined inside the VPRN context. Full SNMP access requires using one of the approaches described above.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for detailed information about SNMP.

Platforms

All

access

Syntax

[no] access [ftp] [snmp] [ console] [li] [netconf] [grpc]

Context

[Tree] (config>system>security>user access)

[Tree] (config>system>security>user-template access)

Full Context

configure system security user access

configure system security user-template access

Description

This command grants a user permission for FTP, SNMP, console, lawful intercept (LI), NETCONF, or gRPC access.

If a user requires access to more than one application, then multiple applications can be specified in a single command. Multiple commands are treated additively.

The no form of this command removes access for a specific application, and denies permission for all management access methods.

To deny a single access method, enter the no form of this command followed by the method to be denied, for example, no access FTP denies FTP access.

Default

no access

Parameters

ftp

Specifies FTP permission.

snmp

Specifies SNMP permission. This keyword is only configurable in the config>system>security>user context.

console

Specifies console access (serial port or Telnet) permission.

li

Specifies CLI command access in the lawful intercept (LI) context.

netconf

Specifies NETCONF session access for the user defined in the specified user context. Because of the Base-R13 SR OS YANG data models, console access is also necessary in both classic and mixed configuration modes. console access is not required for the Nokia SR OS YANG data models in model-driven mode.

grpc

Specifies gRPC access.

Platforms

All

access

Syntax

[no] access group group-name security-model security-model security-level security-level [context context-name [prefix -match]] [read view-name-1] [write view-name-2] [notify view-name-3]

Context

[Tree] (config>system>security>snmp access)

Full Context

configure system security snmp access

Description

This command creates an association between a user group, a security model, and the views that the user group can access. Access parameters must be configured unless security is limited to the preconfigured access groups and views for SNMPv1 and SNMPv2. An access group is defined by a unique combination of the group name, security model and security level.

Access groups are used by the usm-community command.

Access must be configured unless security is limited to SNMPv1/SNMPv2c with community strings. See the community command.

Default access group configurations cannot be modified or deleted.

To remove the user group with associated, security model(s), and security level(s), use:

no access group group-name

To remove a security model and security level combination from a group, use:

no access group group-name security-model {snmpv1 | snmpv2c | usm} security-level {no-auth-no-privacy | auth-no-privacy | privacy}

Parameters

group-name

Specify a unique group name up to 32 characters.

security-model {snmpv1 | snmpv2c | usm}

Specifies the security model required to access the views configured in this node. A group can have multiple security models. For example, one view may only require SNMPv1/ SNMPv2c access while another view may require USM (SNMPv3) access rights.

security-level {no-auth-no-priv | auth-no-priv | privacy}

Specifies the required authentication and privacy levels to access the views configured in this node.

security-level no-auth-no-privacy

Specifies that no authentication and no privacy (encryption) is required. When configuring the user’s authentication, select the none option.

security-level auth-no-privacy

Specifies that authentication is required but privacy (encryption) is not required. When this option is configured, both the group and the user must be configured for authentication.

security-level privacy

Specifies that both authentication and privacy (encryption) is required. When this option is configured, both the group and the user must be configured for authentication. The user must also be configured for privacy.

context-name

Specifies a set of SNMP objects that are associated with the context-name.

The context-name is treated as either a full context-name string or a context name prefix depending on the keyword specified (exact or prefix).

prefix-match

Specifies the context name prefix-match keywords, exact or prefix. This parameter applies only to the 7750 SR.

The VPRN context names begin with a vprn prefix. The numerical value is associated with the service ID that the VPRN was created with and identifies the service in the service domain. For example, when a new VPRN service is created such as config>service>vprn 2345 customer 1, a VPRN with context name vprn2345 is created.

The exact keyword specifies that an exact match between the context name and the prefix value is required. For example, when context vprn2345 exact is entered, matches for only vprn2345 are considered.

The prefix keyword specifies that only a match between the prefix and the starting portion of context name is required. If only the prefix keyword is specified, simple wildcard processing is used. For example, when context vprn prefix is entered, all vprn contexts are matched.

Default

exact

view-name-1

Specifies the SNMP view used to control which MIB objects can be accessed using a read (get) operation.

view-name-2

Specifies the SNMP view used to control which MIB objects can be accessed using a write (set) operation.

view-name-3

Specifies the SNMP view used to control which MIB objects can be accessed for notifications.

Values

none

Platforms

All

access-algorithm

access-algorithm

Syntax

access-algorithm {direct | round-robin}

no access-algorithm

Context

[Tree] (config>aaa>l2tp-acct-plcy>radius-acct-server access-algorithm)

Full Context

configure aaa l2tp-accounting-policy radius-accounting-server access-algorithm

Description

This command configures the algorithm used to access the list of configured RADIUS servers.

The no form of this command reverts to the default.

Default

access-algorithm direct

Parameters

direct

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

access-algorithm

Syntax

access-algorithm {direct | round-robin}

Context

[Tree] (config>app-assure>rad-acct-plcy>server access-algorithm)

Full Context

configure application-assurance radius-accounting-policy radius-accounting-server access-algorithm

Description

This command configures the algorithm used to access the list of configured RADIUS servers.

Default

access-algorithm direct

Parameters

direct

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

access-algorithm

Syntax

access-algorithm {direct | round-robin}

no access-algorithm

Context

[Tree] (config>subscr-mgmt>acct-plcy>server access-algorithm)

[Tree] (config>subscr-mgmt>auth-plcy>radius-auth-server access-algorithm)

Full Context

configure subscriber-mgmt radius-accounting-policy radius-accounting-server access-algorithm

configure subscriber-mgmt authentication-policy radius-authentication-server access-algorithm

Description

This command configures the algorithm used to access the list of configured RADIUS servers.

The no form of this command reverts to the default.

Parameters

direct

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

access-algorithm

Syntax

access-algorithm {direct | round-robin | hash-based}

no access-algorithm

Context

[Tree] (config>aaa>radius-srv-plcy>servers access-algorithm)

Full Context

configure aaa radius-server-policy servers access-algorithm

Description

This command configures the algorithm used to select a RADIUS server from the pool of configured RADIUS servers.

Default

access-algorithm direct

Parameters

direct

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

hash-based

Select a RADIUS server based on the calculated hash result of the configured load-balance-key under the radius-proxy server hierarchy. This parameter is only applicable for radius-proxy server scenarios and results in an unpredictable RADIUS server selection if used in other scenarios.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

access-algorithm

Syntax

access-algorithm {direct | round-robin}

no access-algorithm

Context

[Tree] (config>service>vprn>aaa>remote-servers>radius access-algorithm)

Full Context

configure service vprn aaa remote-servers radius access-algorithm

Description

This command indicates the algorithm used to access the set of RADIUS servers.

Default

access-algorithm direct

Parameters

direct

The first server will be used as primary server for all requests, the second as secondary and so on.

round-robin

The first server will be used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

Platforms

All

access-algorithm

Syntax

access-algorithm {direct | round-robin | hash-based | direct-priority}

no access-algorithm

Context

[Tree] (config>aaa>isa-radius-plcy>servers access-algorithm)

Full Context

configure aaa isa-radius-policy servers access-algorithm

Description

This command defines the algorithm used to access the list of available RADIUS servers. A RADIUS server is considered available initially and marked as unavailable if no response packets are received in a period equal to the configured packet timeout multiplied by the retry count after sending a request. A server is always marked as available when any valid RADIUS packet is received from that server. Some access algorithms periodically probe unavailable servers by sending a single request. If the server responds to the request, it is immediately marked as available.

Default

access-algorithm direct

Parameters

direct

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

hashed-based

Specifies that the selection is based on the hash-based procedures.

direct-priority

Specifies that the first server is used for all requests. If that server is not available, the second server is used, and so on. This method periodically probes and falls back to higher-priority servers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

access-algorithm

Syntax

access-algorithm {direct | round-robin}

no access-algorithm

Context

[Tree] (config>system>security>radius access-algorithm)

Full Context

configure system security radius access-algorithm

Description

This command indicates the algorithm used to access the set of RADIUS servers.

Default

access-algorithm direct

Parameters

direct

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

Platforms

All

access-loop-encapsulation

access-loop-encapsulation

Syntax

[no] access-loop-encapsulation

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host access-loop-encapsulation)

Full Context

configure subscriber-mgmt local-user-db ppp host access-loop-encapsulation

Description

Commands in this context configure access loop information.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

access-loop-information

access-loop-information

Syntax

access-loop-information

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host access-loop-information)

Full Context

configure subscriber-mgmt local-user-db ppp host access-loop-information

Description

Commands in this context configure access loop information in the local user database.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

access-loop-options

access-loop-options

Syntax

[no] access-loop-options

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute access-loop-options)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute access-loop-options)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute access-loop-options

configure subscriber-mgmt radius-accounting-policy include-radius-attribute access-loop-options

Description

This command enables inclusion of access loop information: Broadband Forum (BBF) access loop characteristics, DSL line state and DSL type. The BBF access loop characteristics are returned as BBF specific RADIUS attributes where DSL line state and DSL type are returned as Nokia-specific RADIUS VSAs.

Information obtained via the ANCP protocol has precedence over information received in PPPoE Vendor Specific BBF tags or DHCP Vendor Specific BBF Options.

If ANCP is utilized and interim accounting update is enabled, any Port Up event from GSMP will initiate in an interim update. Port Up messages can include information such as an update on the current subscriber actual-upstream-speed. The next interim accounting message is from port up triggering point.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

access-network-location

access-network-location

Syntax

access-network-location

Context

[Tree] (config>app-assure>group access-network-location)

Full Context

configure application-assurance group access-network-location

Description

Commands in this context configure parameters related to dynamic experience management, also known as Access Network Location (ANL).

These parameters include location source type congestion point and congestion detection parameters (such as roundtrip delay thresholds), if applicable.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

access-operation-cmd

access-operation-cmd

Syntax

[no] access-operation-cmd access-operation

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus>req access-operation-cmd)

[Tree] (config>system>security>tacplus>request-format access-operation-cmd)

Full Context

configure service vprn aaa remote-servers tacplus request-format access-operation-cmd

configure system security tacplus request-format access-operation-cmd

Description

This command sends an operation argument in authorization requests.

In model-driven interfaces, this command configures the system to send the operation in the cmd argument, and the path in the cmd-args argument, in TACACS+ authorization requests. This command does not apply to authorization requests in classic interfaces.

The no form of this command removes the operation from the configuration.

Default

no access-operation-cmd

Parameters

access-operation

Specifies that an operation in the authorization request is sent.

Values

delete — Keyword that sends the operation "cmd=delete" and "cmd-args=path".

Platforms

All

accounting

accounting

Syntax

accounting {1 | 2} [create]

no accounting {1 | 2}

Context

[Tree] (config>service>dynsvc>ladb>user>idx accounting)

Full Context

configure service dynamic-services local-auth-db user-name index accounting

Description

This command creates a context for one of the two accounting destinations specified in the dynamic services policy. In this context, overrides of RADIUS accounting parameters can be specified.

The no form of this command removes the RADIUS accounting overrides context from the configuration.

Parameters

{1 | 2}

Indicates one of the two RADIUS accounting destinations.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accounting

Syntax

[no] accounting

Context

[Tree] (config>service>vprn>aaa>remote-servers>radius accounting)

Full Context

configure service vprn aaa remote-servers radius accounting

Description

This command enables RADIUS accounting.

The no form of this command disables RADIUS accounting.

Default

no accounting

Platforms

All

accounting

Syntax

accounting [record-type { start-stop | stop-only}]

no accounting

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus accounting)

Full Context

configure service vprn aaa remote-servers tacplus accounting

Description

This command configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent.

Default

no accounting

Parameters

record-type start-stop

Specifies that a TACACS+ start packet is sent whenever the user executes a command and a TACACS+ stop packet when command execution is complete.

record-type stop-only

Specifies that only a TACACS+ stop packet is sent whenever the command execution is complete.

Platforms

All

accounting

Syntax

accounting [port udp-port]

no accounting

Context

[Tree] (config>aaa>isa-radius-plcy>servers>server accounting)

Full Context

configure aaa isa-radius-policy servers server accounting

Description

This command configures accounting for this server.

Parameters

udp-port

Specifies the UDP port number on which to contact the RADIUS server for authentication.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

accounting

Syntax

[no] accounting

Context

[Tree] (config>system>security>radius accounting)

Full Context

configure system security radius accounting

Description

This command enables RADIUS accounting.

The no form of this command disables RADIUS accounting.

Default

no accounting

Platforms

All

accounting

Syntax

accounting [record-type { start-stop | stop-only}]

no accounting

Context

[Tree] (config>system>security>tacplus accounting)

Full Context

configure system security tacplus accounting

Description

This command configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent.

Default

no accounting

Parameters

record-type start-stop

Specifies that a TACACS+ start packet is sent whenever the user executes a command and a TACACS+ stop packet when command execution is complete.

record-type stop-only

Specifies that only a TACACS+ stop packet is sent whenever the command execution is complete.

Platforms

All

accounting-1

accounting-1

Syntax

accounting-1

Context

[Tree] (config>service>dynsvc>policy accounting-1)

Full Context

configure service dynamic-services dynamic-services-policy accounting-1

Description

Commands in this context configure the first RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accounting-2

accounting-2

Syntax

accounting-2

Context

[Tree] (config>service>dynsvc>policy accounting-2)

Full Context

configure service dynamic-services dynamic-services-policy accounting-2

Description

Commands in this context configure the second RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accounting-files-total-size

accounting-files-total-size

Syntax

accounting-files-total-size megabytes

Context

[Tree] (config>log>storage accounting-files-total-size)

Full Context

configure log file-storage-control accounting-files-total-size

Description

This command configures the limit for the total space that all accounting files can occupy on each storage device on the active CPM.

When this threshold is reached, new accounting files are no longer created in the \act-collect directory of the storage device until SR OS removes older accounting files from the \act directory and the occupancy is below the limit. Currently open, in-progress accounting files in the \act-collect directory are not affected by this limit and are completed.

When unconfigured, there is no specific limit for the total size of all accounting files.

Only accounting files in the \act directory with system generated names (including no file extension) are applicable toward the total size limit.

If a user manually adds or deletes accounting files from the \act directory, the size of the files is not taken into account for up to 1 hour.

The configured total size limit is not validated against the actual size of the installed storage devices. If the configured limit is larger than the installed compact flash (CF) device, the limit is never reached.

The no form of this command removes the total size limit for accounting files.

Default

no accounting-files-total-size

Parameters

megabytes

Specifies the total size limit for accounting files, in MB.

Values

50 to 4,194,304 MBytes (4 TBytes, 222 MB)

Default

0

Platforms

All

accounting-policy

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>subscr-mgmt>sub-prof accounting-policy)

Full Context

configure subscriber-mgmt sub-profile accounting-policy

Description

This command specifies the policy to use to collect accounting statistics on this subscriber profile.

A maximum of one accounting policy can be associated with a profile at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association.

Parameters

acct-policy-id

Specifies the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>service>vpls>spoke-sdp accounting-policy)

[Tree] (config>service>vprn>if>spoke-sdp accounting-policy)

[Tree] (config>service>ies>if>sap accounting-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap accounting-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap accounting-policy)

[Tree] (config>service>vpls>sap accounting-policy)

[Tree] (config>service>vpls>mesh-sdp accounting-policy)

[Tree] (config>service>vprn>if>sap accounting-policy)

Full Context

configure service vpls spoke-sdp accounting-policy

configure service vprn interface spoke-sdp accounting-policy

configure service ies interface sap accounting-policy

configure service ies subscriber-interface group-interface sap accounting-policy

configure service vprn subscriber-interface group-interface sap accounting-policy

configure service vpls sap accounting-policy

configure service vpls mesh-sdp accounting-policy

configure service vprn interface sap accounting-policy

Description

This command creates the accounting policy context that can be applied to an interface SAP or interface SAP spoke SDP.

An accounting policy must be defined before it can be associated with a SAP or SDP.

If the policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP or SDP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP or SDP, and the accounting policy reverts to the default.

Default

no accounting policy

Parameters

acct-policy-id

Specifies the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

  • configure service vprn interface spoke-sdp accounting-policy
  • configure service vpls sap accounting-policy
  • configure service vpls spoke-sdp accounting-policy
  • configure service ies interface sap accounting-policy
  • configure service vpls mesh-sdp accounting-policy
  • configure service vprn interface sap accounting-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface sap accounting-policy
  • configure service vprn subscriber-interface group-interface sap accounting-policy

accounting-policy

Syntax

accounting-policy isa-radius-policy-name

no accounting-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-policy)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-policy)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-policy

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-policy

Description

This command configures the ISA RADIUS accounting policy for the cross-connect.

The no form of this command removes the ISA RADIUS accounting policy from the cross-connect UE.

Parameters

isa-radius-policy-name

Specifies the identifier of the ISA RADIUS policy name, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

accounting-policy

Syntax

accounting-policy policy-name

no accounting-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-policy)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-policy)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-policy

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-policy

Description

This command specifies the isa-radius-policy used for accounting messages originated from the ISAs in the wlan-gw group. The policy can specify up to five accounting servers and configuration-specific to these accounting servers. It also specifies configuration specific to RADIUS client on ISAs and RADIUS attributes to be included in accounting messages.

Parameters

policy-name

Specifies the name of the account policy up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>card>fp>ingress>network>queue-group accounting-policy)

[Tree] (config>card>fp>ingress>access>queue-group accounting-policy)

Full Context

configure card fp ingress network queue-group accounting-policy

configure card fp ingress access queue-group accounting-policy

Description

This command configures an accounting policy that can apply to a queue-group on the forwarding plane.

An accounting policy must be configured before it can be associated to an interface. If the accounting policy-id does not exist, an error is returned.

Accounting policies associated with service billing can only be applied to SAPs. The accounting policy can be associated with an interface at a time.

The no form of this command removes the accounting policy association from the queue-group.

Default

No accounting policies are specified by default. You must explicitly specify a policy. If configured, the accounting policy configured as the default is used.

Parameters

acct-policy-id

Specifies the name of the accounting policy to use for the queue-group.

Values

1 to 99

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

accounting-policy

Syntax

accounting-policy policy-id

no accounting-policy

Context

[Tree] (config>port>ethernet>network accounting-policy)

[Tree] (config>port>tdm>ds1>channel-group>network accounting-policy)

[Tree] (config>port>sonet-sdh>path>network accounting-policy)

[Tree] (config>port>ethernet>network>egr>qgrp accounting-policy)

[Tree] (config>port>tdm>e3>network accounting-policy)

[Tree] (config>port>tdm>ds3>network accounting-policy)

[Tree] (config>port>ethernet>access>egr>qgrp accounting-policy)

[Tree] (config>port>ethernet>access>ing>qgrp accounting-policy)

[Tree] (config>port>tdm>e1>channel-group>network accounting-policy)

[Tree] (config>port>ethernet accounting-policy)

Full Context

configure port ethernet network accounting-policy

configure port tdm ds1 channel-group network accounting-policy

configure port sonet-sdh path network accounting-policy

configure port ethernet network egress queue-group accounting-policy

configure port tdm e3 network accounting-policy

configure port tdm ds3 network accounting-policy

configure port ethernet access egress queue-group accounting-policy

configure port ethernet access ingress queue-group accounting-policy

configure port tdm e1 channel-group network accounting-policy

configure port ethernet accounting-policy

Description

This command configures an accounting policy that can apply to an interface.

An accounting policy must be configured before it can be associated to an interface. If the accounting policy-id does not exist, an error is returned.

Accounting policies associated with service billing can only be applied to SAPs. Accounting policies associated with network ports can only be associated with interfaces. Only one accounting policy can be associated with an interface at a time.

The no form of this command removes the accounting policy association from the network interface, and the accounting policy reverts to the default.

Default

No accounting policies are specified by default. You must explicitly specify a policy. If configured, the accounting policy configured as the default is used.

Parameters

policy-id

The accounting policy-id of an existing policy. Accounting policies record either service (access) or network information. A network accounting policy can only be associated with the network port configurations. Accounting policies are configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

  • configure port ethernet network accounting-policy
  • configure port ethernet access ingress queue-group accounting-policy
  • configure port ethernet accounting-policy
  • configure port ethernet network egress queue-group accounting-policy
  • configure port ethernet access egress queue-group accounting-policy

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm e3 network accounting-policy
  • configure port tdm e1 channel-group network accounting-policy
  • configure port tdm ds3 network accounting-policy
  • configure port tdm ds1 channel-group network accounting-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path network accounting-policy

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy [acct-policy-id]

Context

[Tree] (config>service>epipe>sap accounting-policy)

[Tree] (config>service>cpipe>sap accounting-policy)

[Tree] (config>service>epipe>spoke-sdp accounting-policy)

[Tree] (config>service>ipipe>sap accounting-policy)

Full Context

configure service epipe sap accounting-policy

configure service cpipe sap accounting-policy

configure service epipe spoke-sdp accounting-policy

configure service ipipe sap accounting-policy

Description

This command creates the accounting policy context that can be applied to a SAP.

An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default

no accounting policy

Parameters

acct-policy-id

Enter the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

  • configure service ipipe sap accounting-policy
  • configure service epipe sap accounting-policy
  • configure service epipe spoke-sdp accounting-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap accounting-policy

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>service>ies>if>spoke-sdp accounting-policy)

Full Context

configure service ies interface spoke-sdp accounting-policy

Description

This command configures an accounting-policy.

Parameters

acct-policy-id

Specifies an accounting policy ID.

Values

1 to 99

Platforms

All

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>router>ldp>egr-stats>fec-pfx accounting-policy)

Full Context

configure router ldp egress-statistics fec-prefix accounting-policy

Description

This command associates an accounting policy to the MPLS instance.

An accounting policy must be defined before it can be associated else an error message is generated.

The no form of this command removes the accounting policy association.

Parameters

acct-policy-id

Enter the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>router>mpls>ingr-stats>lsp accounting-policy)

[Tree] (config>router>mpls>lsp-template>egr-stats accounting-policy)

[Tree] (config>router>mpls>ingr-stats>p2p-template-lsp accounting-policy)

[Tree] (config>router>mpls>ingr-stats>p2mp-template-lsp accounting-policy)

[Tree] (config>router>mpls>lsp>egr-stats accounting-policy)

[Tree] (config>router>mpls>lsp>ingr-stats accounting-policy)

Full Context

configure router mpls ingress-statistics lsp accounting-policy

configure router mpls lsp-template egress-statistics accounting-policy

configure router mpls ingress-statistics p2p-template-lsp accounting-policy

configure router mpls ingress-statistics p2mp-template-lsp accounting-policy

configure router mpls lsp egress-statistics accounting-policy

configure router mpls lsp ingress-statistics accounting-policy

Description

This command associates an accounting policy to the MPLS instance.

The config>router>mpls>ingr-stats>p2mp-template-lsp>accounting-policy command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.

An accounting policy must be defined before it can be associated else an error message is generated.

The no form of this command removes the accounting policy association.

Parameters

acct-policy-id

Specifies the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

  • configure router mpls ingress-statistics lsp accounting-policy
  • configure router mpls lsp egress-statistics accounting-policy
  • configure router mpls lsp-template egress-statistics accounting-policy
  • configure router mpls ingress-statistics p2mp-template-lsp accounting-policy
  • configure router mpls ingress-statistics p2p-template-lsp accounting-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure router mpls lsp ingress-statistics accounting-policy

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>app-assure>group>statistics>app accounting-policy)

[Tree] (config>app-assure>group>statistics>aa-sub-study accounting-policy)

[Tree] (config>app-assure>group>statistics>aa-sub accounting-policy)

[Tree] (config>app-assure>group>statistics>aa-admit-deny accounting-policy)

[Tree] (config>app-assure>group>statistics>app-grp accounting-policy)

[Tree] (config>app-assure>group>statistics>protocol accounting-policy)

[Tree] (config>isa>aa-grp>statistics>perform accounting-policy)

[Tree] (config>app-assure>group>statistics>aa-part accounting-policy)

Full Context

configure application-assurance group statistics application accounting-policy

configure application-assurance group statistics aa-sub-study accounting-policy

configure application-assurance group statistics aa-sub accounting-policy

configure application-assurance group statistics aa-admit-deny accounting-policy

configure application-assurance group statistics app-group accounting-policy

configure application-assurance group statistics protocol accounting-policy

configure isa application-assurance-group statistics performance accounting-policy

configure application-assurance group statistics aa-partition accounting-policy

Description

This command specifies the existing accounting policy to use for AA. Accounting policies are configured in the config>log>accounting-policy context.

Parameters

acct-policy-id

Specifies the existing accounting policy to use for applications.

Values

1 to 99

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>saa>test accounting-policy)

Full Context

configure saa test accounting-policy

Description

This command associates an accounting policy to the SAA test. The accounting policy must already be defined before it can be associated otherwise an error message is generated.

A notification (trap) is issued whenever a test is completed or terminates.

The no form of this command removes the accounting policy association.

Parameters

acct-policy-id

Specifies the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>oam-pm>session>meas-interval accounting-policy)

Full Context

configure oam-pm session meas-interval accounting-policy

Description

This optional command allows the operator to assign an accounting policy and the policy-id (configured under the config>log>accounting-policy) with a record-type of complete-pm. This runs the data collection process for completed measurement intervals in memory, file storage, and maintenance functions moving data from memory to flash. A single accounting policy can be applied to a measurement interval.

The no form of this command removes the accounting policy.

Parameters

acct-policy-id

Specifies the accounting policy to be applied to the measurement interval.

Values

1 to 99

Platforms

All

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy

Context

[Tree] (config>service>sdp accounting-policy)

[Tree] (config>service>pw-template accounting-policy)

Full Context

configure service sdp accounting-policy

configure service pw-template accounting-policy

Description

This command creates the accounting policy context that can be applied to an SDP. An accounting policy must be defined before it can be associated with a SDP. If the acct-policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SDP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SDP, and the accounting policy reverts to the default.

Default

no accounting-policy

Parameters

acct-policy-id

Specifies the accounting policy-id as configured in the config>log>accounting-policy context.

Values

1 to 99

Platforms

All

accounting-policy

Syntax

accounting-policy policy-id [interval minutes]

no accounting-policy policy-id

Context

[Tree] (config>log accounting-policy)

Full Context

configure log accounting-policy

Description

This command creates an access or network accounting policy. An accounting policy defines the accounting records that are created.

Access accounting policies are policies that can be applied to one or more SAPs. Changes made to an existing policy, using any of the sub-commands, are applied immediately to all SAPs where this policy is applied.

If an accounting policy is not specified on a SAP, then accounting records are produced in accordance with the access policy designated as the default. If a default access policy is not specified, then no accounting records are collected other than the records for the accounting policies that are explicitly configured.

Only one policy can be regarded as the default access policy. If a policy is configured as the default policy, then a no default command must be used to allow the data that is currently being collected to be written before a new access default policy can be configured.

Network accounting policies are policies that can be applied to one or more network ports or SONET/SDH channels. Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all network ports or SONET/SDH channels where this policy is applied.

If no accounting policy is defined on a network port, accounting records will be produced in accordance with the default network policy as designated with the default command. If no network default policy is created, then no accounting records will be collected other than the records for the accounting policies explicitly configured. Default accounting policies cannot be explicitly applied. For example, for accounting-policy 10, if default is set, then that policy cannot be used:

*A:75>config>service>vpls>spoke-sdp# accounting-policy 10

Only one policy can be regarded as the default network policy. If a policy is configured as the default policy, then a no default command must be used to allow the data that is currently being collected to be written before a new network default policy can be configured.

The no form of this command deletes the policy from the configuration. The accounting policy cannot be removed unless it is removed from all the SAPs, network ports or channels where the policy is applied.

Parameters

policy-id

Specifies the policy ID that uniquely identifies the accounting policy, expressed as a decimal integer.

Values

1 to 99

Platforms

All

accounting-port

accounting-port

Syntax

accounting-port port

no accounting-port

Context

[Tree] (config>service>vprn>aaa>remote-servers>radius accounting-port)

Full Context

configure service vprn aaa remote-servers radius accounting-port

Description

This command specifies a UDP port number on which to contact the RADIUS server for accounting requests.

Default

accounting-port 1813

Parameters

port

Specifies the UDP port number.

Values

1 to 65535

Default

1813

Platforms

All

accounting-port

Syntax

accounting-port port

no accounting-port

Context

[Tree] (config>system>security>radius accounting-port)

Full Context

configure system security radius accounting-port

Description

This command specifies a UDP port number on which to contact the RADIUS server for accounting requests.

Default

accounting-port 1813

Parameters

port

Specifies the UDP port number.

Values

1 to 65535

Default

1813

Platforms

All

accounting-type

accounting-type

Syntax

accounting-type [session] [tunnel]

no accounting-type

Context

[Tree] (config>aaa>l2tp-acct-plcy accounting-type)

Full Context

configure aaa l2tp-accounting-policy accounting-type

Description

This command specifies the accounting type for the L2TP tunnel accounting policy.

The no form of this command reverts to the default.

Default

accounting-type session tunnel

Parameters

session

Enables tunnel level accounting, including:

Tunnel-Link-Start

Tunnel-Link-Stop

Tunnel-Link-Reject

tunnel

Enables link level accounting, including:

Tunnel-Start

Tunnel-Stop

Tunnel-Reject

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accounting-update-interval

accounting-update-interval

Syntax

accounting-update-interval [interval]

no accounting-update-interval

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-update-interval)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-update-interval)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-update-interval

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-update-interval

Description

This command configures the time interval between consecutive interim accounting update messages. If not configured, the system does not send interim accounting update messages.

The no form of this command removes the value from the cross-connect configuration.

Parameters

interval

Specifies the time interval between consecutive interim accounting update messages in minutes.

Values

5 to 259200

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

accounting-update-interval

Syntax

accounting-update-interval [interval]

no accounting-update-interval

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-update-interval)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-update-interval)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-update-interval

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-update-interval

Description

This command enables the interim accounting and specifies the interim accounting interval.

Parameters

interval

Specifies the interim accounting interval in seconds.

Values

5 to 259200

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

acct-authentic

acct-authentic

Syntax

[no] acct-authentic

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute acct-authentic)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute acct-authentic

Description

This command enables the generation of the acct-authentic RADIUS attribute.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-delay-time

acct-delay-time

Syntax

[no] acct-delay-time

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute acct-delay-time)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute acct-delay-time

Description

This command enables the generation of the acct-delay-time RADIUS attribute.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-delay-time

Syntax

[no] acct-delay-time

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes acct-delay-time)

Full Context

configure aaa isa-radius-policy acct-include-attributes acct-delay-time

Description

This command enables the acct-delay-time.

Default

no acct-delay-time

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

acct-include-attributes

acct-include-attributes

Syntax

[no] acct-include-attributes

Context

[Tree] (config>aaa>isa-radius-plcy acct-include-attributes)

Full Context

configure aaa isa-radius-policy acct-include-attributes

Description

This command configures attributes to be included in RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

acct-interim

acct-interim

Syntax

acct-interim min min-val max max-val lifetime lifetime

no acct-interim

Context

[Tree] (config>aaa>radius-srv-plcy>servers>buffering acct-interim)

Full Context

configure aaa radius-server-policy servers buffering acct-interim

Description

This command enables RADIUS accounting interim update message buffering.

  1. The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server

  2. If after retry*timeout seconds no RADIUS accounting response is received for the interim update then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.

  3. Repeat step 2 until for one of the following:

    1. a RADIUS accounting response is received.

    2. the lifetime of the buffered message expires.

    3. a new RADIUS accounting interim-update or a RADIUS accounting stop for the same accounting session-id and radius-server-policy is stored in the buffer.

    4. the message is manually purged from the message buffer via a clear command.

  4. The message is purged from the buffer.

The no form of this command disables RADIUS accounting interim update message buffering.

Parameters

min-val

Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting interim update.

Values

1 to 3600

max-val

Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting interim update.

Values

1 to 3600

lifetime

Specifies the lifetime in hours.

Values

1 to 25

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-on-off

acct-on-off

Syntax

acct-on-off

acct-on-off monitor-group group-name

acct-on-off oper-state-change [group group-name]

Context

[Tree] (config>aaa>radius-srv-plcy acct-on-off)

Full Context

configure aaa radius-server-policy acct-on-off

Description

This command controls the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy:

acct-on-off: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is always not blocked.

acct-on-off oper-state-change [group group-name]: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is function of the Accounting-response received for the Accounting-On and Accounting-Off. Optionally, sets the acct-on-off oper-state of the acct-on-off-group.

acct-on-off monitor-group group-name: no Accounting-On and Accounting-Off messages are sent for this radius-server-policy. The acct-on-off oper-state is inherited from the acct-on-off-group.

The no form of this command disables the sending of Accounting-On and Accounting-Off messages.

Parameters

group-name

Specifies the name of an acct-on-off group up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-on-off-group

acct-on-off-group

Syntax

acct-on-off-group group-name [create]

no acct-on-off-group group-name

Context

[Tree] (config>aaa acct-on-off-group)

Full Context

configure aaa acct-on-off-group

Description

This command creates an acct-on-off-group.

An acct-on-off-group can be referenced by:

  • A single radius-server-policy as controller — The acct-on-off oper-state of the acct-on-off-group is set to the acct-on-off oper-state of the radius-server-policy.

  • Multiple radius-server-policies as monitor — The acct-on-off oper-state of the radius-server-policy is inherited from the acct-on-off oper-state of the acct-on-off group.

The no form of this command deletes the acct-on-off-group.

Parameters

group-name

Specifies the name of an acct-on-off group up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-policy

acct-policy

Syntax

acct-policy acct-policy-name [duplicate acct-policy-name]

no acct-policy

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host acct-policy)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host acct-policy)

Full Context

configure subscriber-mgmt local-user-db ipoe host acct-policy

configure subscriber-mgmt local-user-db ppp host acct-policy

Description

This command specifies the accounting policy used for sending an Accounting Stop message to report RADIUS authentication failures of PPPoE sessions. A duplicate policy can be specified if a copy of the Accounting Stop message must be sent to another destination.

Reporting RADIUS authentication failures with an Accounting Stop message must be enabled in the RADIUS authentication policy ("send-acct-stop-on-fail”).

A duplicate RADIUS accounting policy can be specified if the accounting stop resulting from a RADIUS authentication failure must also be sent to a second RADIUS destination.

The no form of this command reverts to the default.

Parameters

acct-policy-name

Specifies the name of a RADIUS accounting policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-port

acct-port

Syntax

acct-port port

no acct-port

Context

[Tree] (config>service>vprn>radius-server>server acct-port)

[Tree] (config>router>radius-server>server acct-port)

Full Context

configure service vprn radius-server server acct-port

configure router radius-server server acct-port

Description

This command specifies the UDP listening port for RADIUS accounting requests.

The no form of this commands resets the UDP port to its default value (1813)

Default

acct-port 1813

Parameters

port

Specifies the UDP listening port for accounting requests of the external RADIUS server.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-request-script-policy

acct-request-script-policy

Syntax

acct-request-script-policy policy-name

no acct-request-script-policy

Context

[Tree] (config>subscr-mgmt>acct-plcy acct-request-script-policy)

Full Context

configure subscriber-mgmt radius-accounting-policy acct-request-script-policy

Description

This command configures the Python script policy to modify Accounting-Request messages.

The no form of this command removes the policy name from the configuration.

Parameters

policy-name

Specifies the Python script policy to modify Accounting-Request messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-request-script-policy

Syntax

acct-request-script-policy policy-name

no acct-request-script-policy

Context

[Tree] (config>aaa>radius-srv-plcy acct-request-script-policy)

Full Context

configure aaa radius-server-policy acct-request-script-policy

Description

This command specifies the name of the RADIUS script policy used to change the RADIUS attributes of the Accounting-Request messages.

Parameters

policy-name

Specifies the name of the Python script to modify Accounting-Request messages, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-session-id

acct-session-id

Syntax

acct-session-id [session-id-type]

no acct-session-id

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute acct-session-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute acct-session-id

Description

The acct-session-id attribute for each subscriber host is generated at the very beginning of the session initiation. This command will enable or disable sending this attribute to the RADIUS server in the Access-Request messages regardless of whether the accounting is enabled or not. The acct-session-id attribute can be used to address the subscriber hosts from the RADIUS server in the CoA Request.

The acct-session-id attribute is unique per subscriber host network wide. It is a 22 byte field comprised of the system MAC address along with the creation time and a sequence number in a hex format.

The no form of this command reverts to the default.

Default

no acct-session-id

Parameters

session-id-type

Specifies the format for the acct-session-id attribute used in RADIUS accounting requests.

Values

host, session

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-stats

acct-stats

Syntax

[no] acct-stats

Context

[Tree] (config>ipsec>rad-acct-plcy>include acct-stats)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute acct-stats

Description

This command enables the system to include accounting attributes in RADIUS acct-stop and interim-update packets.

The no form of this command disables the system from including accounting attributes in RADIUS acct-stop and interim-update packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

acct-stop

acct-stop

Syntax

acct-stop min min-val max max-val lifetime lifetime

no acct-stop

Context

[Tree] (config>aaa>radius-srv-plcy>servers>buffering acct-stop)

Full Context

configure aaa radius-server-policy servers buffering acct-stop

Description

This command enables RADIUS accounting stop message buffering.

  1. The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server

  2. If after retry*timeout seconds no RADIUS accounting response is received for the accounting stop, then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.

  3. Repeat step 2 until one of the following events occurs:

    1. A RADIUS accounting response is received.

    2. The lifetime of the buffered message expires.

    3. The message is manually purged from the message buffer via a clear command.

  4. The message is purged from the buffer.

The no form of this command disables RADIUS accounting stop message buffering.

Parameters

min-val

Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting stop.

Values

1 to 3600

max-val

Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting stop.

Values

1 to 3600

lifetime

Specifies the lifetime in hours.

Values

1 – 25

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-trigger-reason

acct-trigger-reason

Syntax

[no] acct-trigger-reason

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes acct-trigger-reason)

Full Context

configure aaa isa-radius-policy acct-include-attributes acct-trigger-reason

Description

This command enables the acct-trigger-reason.

Default

no acct-trigger-reason

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

acct-tunnel-connection-fmt

acct-tunnel-connection-fmt

Syntax

acct-tunnel-connection-fmt ascii-spec

no acct-tunnel-connection-fmt

Context

[Tree] (config>aaa>l2tp-acct-plcy acct-tunnel-connection-fmt)

Full Context

configure aaa l2tp-accounting-policy acct-tunnel-connection-fmt

Description

This command configures the accounting tunnel connection ascii-specification.

Default

no acct-tunnel-connection-fmt

Parameters

ascii-spec

Specifies the ASCII specifications.

<ascii-spec>

<char-specification> <ascii-spec>

char-specification

<ascii-char> | <char-origin>

ascii-char

a printable ASCII character

char-origin

%<origin>

origin

n | s | S | t | T | c | C

n

Call Serial Number

s | S

Local (s) or Remote (S) Session Id

t | T

Local (t) or Remote (T) Tunnel Id

c | C

Local (c) or Remote (C) Connection Id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-tunnel-connection-fmt

Syntax

acct-tunnel-connection-fmt ascii-spec

no acct-tunnel-connection-fmt

Context

[Tree] (config>subscr-mgmt>acct-plcy acct-tunnel-connection-fmt)

Full Context

configure subscriber-mgmt radius-accounting-policy acct-tunnel-connection-fmt

Description

This command specifies the string that is sent in the accounting message.

Default

no acct-tunnel-connection-fmt

Parameters

ascii-spec

Specifies the accounting tunnel connection ASCII specification.

Values

asci-spec

<char-specification> <ascii-spec>

char-specification

<ascii-char> | <char-origin>

ascii-char

A printable ASCII character

char-origin

%<origin>

origin

n | s | S | t | T | c | C

n

Call Serial Number

s | S

Local (s) or Remote (S) Session Id

t | T

Local (t) or Remote (T) Tunnel Id

c | C

Local (c) or Remote (C) Connection Id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acct-update-triggers

acct-update-triggers

Syntax

acct-update-triggers

Context

[Tree] (config>aaa>isa-radius-plcy acct-update-triggers)

Full Context

configure aaa isa-radius-policy acct-update-triggers

Description

Commands in this context enable or disable the sending of triggered interim-updates, with the exception of the following:

  • After an update interval change, an interim update is always sent to indicate the start of the new interval.

  • Mobility-triggered updates are configured in the (service vprn <svc-id> | router) wlan-gw mobility-triggered-acct context.

  • NAT port block allocation depends on the inclusion of NAT-related attributes (port-range, outside-service, outside-ip).

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

accu-stats-policy

accu-stats-policy

Syntax

accu-stats-policy policy-name [create]

no accu-stats-policy policy-name

Context

[Tree] (config>subscr-mgmt accu-stats-policy)

Full Context

configure subscriber-mgmt accu-stats-policy

Description

This command creates a storage policy for cumulative statistics for subscribers. The policy defines the specific direction for the policer or the queue to be stored and performs the following functions.

  • The policy stores subscriber statistics even if the subscriber session has ended. The subscriber statistics can be viewed even if the subscriber is offline.

  • When the subscriber session ends, the statistics are added to the past statistics stored in memory so that all previous session statistics are accumulated. The accumulated statistics are not persistent; they are only stored in memory and reset to zero when the chassis reboots.

The no form of this command deletes the policy only when it is no longer referenced by a subscriber profile.

Parameters

policy-name

Specifies the name for the policy, up to 32 characters.

create

Configures an entry for the policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

accu-stats-policy

Syntax

accu-stats-policy policy-name

no accu-stats-policy

Context

[Tree] (config>subscr-mgmt>sub-profile accu-stats-policy)

Full Context

configure subscriber-mgmt sub-profile accu-stats-policy

Description

This command associates an accumulated statistics policy with a subscriber profile.

The no form of this command removes the association of the accu-stats-policy from the subscriber profile. It is possible to remove the policy from the subscriber profile while the subscriber is still online, however, the statistics remain in memory and must be cleared manually, using the clear subscriber-mgmt accu-stats active-subs no-accu-stats-policy command.

Parameters

policy-name

Specifies the name of the accumulated statistics policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ack

ack

Syntax

ack [detail]

no ack

Context

[Tree] (debug>router>rsvp>packet ack)

Full Context

debug router rsvp packet ack

Description

This command debugs ack events.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about ack events.

Platforms

All

ack-auth-retry-count

ack-auth-retry-count

Syntax

ack-auth-retry-count [value]

no ack-auth-retry-count

Context

[Tree] (config>router>wpp>portals>portal ack-auth-retry-count)

[Tree] (config>service>vprn>wpp>portals>portal ack-auth-retry-count)

Full Context

configure router wpp portals portal ack-auth-retry-count

configure service vprn wpp portals portal ack-auth-retry-count

Description

This command configures the number of retransmissions of an ACK_OUT message.

The no form of this command reverts to the default.

Default

ack-auth-retry-count 5

Parameters

value

Specifies the number of retransmissions of an ACK_OUT message.

Values

0 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

acknowledgment

acknowledgment

Syntax

[no] acknowledgment

Context

[Tree] (config>service>cpipe>spoke-sdp>control-channel-status acknowledgment)

[Tree] (config>service>vpls>spoke-sdp>control-channel-status acknowledgment)

[Tree] (config>service>epipe>spoke-sdp>control-channel-status acknowledgment)

Full Context

configure service cpipe spoke-sdp control-channel-status acknowledgment

configure service vpls spoke-sdp control-channel-status acknowledgment

configure service epipe spoke-sdp control-channel-status acknowledgment

Description

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp control-channel-status acknowledgment

All

  • configure service epipe spoke-sdp control-channel-status acknowledgment
  • configure service vpls spoke-sdp control-channel-status acknowledgment

acknowledgment

Syntax

[no] acknowledgment

Context

[Tree] (config>service>ies>if>spoke-sdp>control-channel-status acknowledgment)

[Tree] (config>service>ies>red-if>spoke-sdp>control-channel-status acknowledgment)

Full Context

configure service ies interface spoke-sdp control-channel-status acknowledgment

configure service ies redundant-interface spoke-sdp control-channel-status acknowledgment

Description

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

Default

no acknowledgment

Platforms

All

  • configure service ies interface spoke-sdp control-channel-status acknowledgment

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies redundant-interface spoke-sdp control-channel-status acknowledgment

acknowledgment

Syntax

[no] acknowledgment

Context

[Tree] (config>service>vprn>if>spoke-sdp>control-channel-status acknowledgment)

[Tree] (config>service>vprn>red-if>spoke-sdp>control-channel-status acknowledgment)

Full Context

configure service vprn interface spoke-sdp control-channel-status acknowledgment

configure service vprn redundant-interface spoke-sdp control-channel-status acknowledgment

Description

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

Platforms

All

  • configure service vprn interface spoke-sdp control-channel-status acknowledgment

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn redundant-interface spoke-sdp control-channel-status acknowledgment

acknowledgment

Syntax

[no] acknowledgment

Context

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>control-channel-status acknowledgment)

[Tree] (config>mirror>mirror-dest>spoke-sdp>control-channel-status acknowledgment)

Full Context

configure mirror mirror-dest remote-source spoke-sdp control-channel-status acknowledgment

configure mirror mirror-dest spoke-sdp control-channel-status acknowledgment

Description

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

action

action

Syntax

action bypass-host-creation

action drop

no action

Context

[Tree] (config>filter>dhcp-filter>entry action)

Full Context

configure filter dhcp-filter entry action

Description

This command specifies the action to take on DHCP host creation when the filter entry matches.

The no form of this command reverts to the default wherein the host creation proceeds as normal.

Parameters

bypass-host-creation

Specifies that the host creation is bypassed.

drop

Specifies that the DHCP message is dropped.

Platforms

All

action

Syntax

action bypass-host-creation [na] [pd]

action drop

no action

Context

[Tree] (config>filter>dhcp6-filter>entry action)

Full Context

configure filter dhcp6-filter entry action

Description

This command specifies the action to take on DHCP6 host creation when the filter entry matches.

The no form of this command reverts to the default wherein the host creation proceeds as normal.

Parameters

bypass-host-creation

Specifies that the host creation is bypassed.

Values

na — Bypasses the DHCP6 NA hosts creation.

pd — Bypasses the DHCP6 PD hosts creation.

drop

Specifies that the DHCP6 message is dropped.

Platforms

All

action

Syntax

action {accept | next-entry | next-policy | drop | reject}

no action

Context

[Tree] (config>router>policy-options>policy-statement>entry action)

Full Context

configure router policy-options policy-statement entry action

Description

This command creates the context to configure actions to take for routes matching a route policy statement entry.

This command is required and must be entered for the entry to be active.

Any route policy entry without the action command will be considered incomplete and will be inactive.

The no form of this command deletes the action context from the entry.

Default

no action

Parameters

accept

Specifies that routes matching the entry match criteria will be accepted and propagated.

next-entry

Specifies that the actions specified would be made to the route attributes and then policy evaluation would continue with next policy entry (if any others are specified).

next-policy

Specifies that the actions specified would be made to the route attributes and then policy evaluation would continue with next route policy (if any others are specified).

drop

Specifies that routes matching the entry match criteria should be rejected. This parameter provides a context for modifying route properties.

reject

Specifies that routes matching the entry match criteria should be rejected. This parameter does not provide a context for modifying route properties.

Platforms

All

action

Syntax

action dhcp-action

no action

Context

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option action)

[Tree] (config>service>vpls>sap>dhcp>option action)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option action)

[Tree] (config>service>vprn>if>dhcp>option action)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option action)

[Tree] (config>service>ies>if>dhcp>option action)

Full Context

configure service vprn subscriber-interface group-interface dhcp option action

configure service vpls sap dhcp option action

configure service ies subscriber-interface group-interface dhcp option action

configure service vprn interface dhcp option action

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option action

configure service ies interface dhcp option action

Description

This command configures the processing required when the SR-Series receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.

The no form of this command returns the system to the default value.

Default

action keep — Per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests. The default is to keep the existing information intact. The exception to this is if the giaddr of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.

Parameters

replace

In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (towards the user) the Option 82 field is stripped (in accordance with RFC 3046).

drop

Specifies that the packet is dropped, and an error is logged.

keep

Specifies that the existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on towards the client.

The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router inserts its own VSO into the Option 82 field. This is only done when the incoming message has already an Option 82 field.

If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO is added to the message.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface dhcp option action
  • configure service ies subscriber-interface group-interface dhcp option action
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option action

All

  • configure service ies interface dhcp option action
  • configure service vprn interface dhcp option action
  • configure service vpls sap dhcp option action

action

Syntax

action {drop | forward}

no action

Context

[Tree] (config>log>filter>entry action)

[Tree] (config>service>vprn>log>filter>entry action)

Full Context

configure log filter entry action

configure service vprn log filter entry action

Description

This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.

Multiple action statements entered will overwrite previous actions.

The no form of this command removes the specified action statement.

Default

Action specified by the default-action command will apply.

Parameters

drop

Specifies packets matching the entry criteria will be dropped.

forward

Specifies packets matching the entry criteria will be forwarded.

Platforms

All

action

Syntax

action {drop | forward}

no action

Context

[Tree] (config>log>filter>entry action)

Full Context

configure log filter entry action

Description

This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.

Multiple action statements entered will overwrite previous actions.

The no form of this command removes the specified action statement.

Default

no action

Parameters

drop

Specifies packets matching the entry criteria will be dropped.

forward

Specifies packets matching the entry criteria will be forwarded.

Platforms

All

action

Syntax

action direction [create]

no action direction

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry action)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry action

Description

Commands in this context configure an action to be performed for traffic that matches a configured match criteria in the filter entry. The action can be configured as being applicable to upstream traffic, downstream traffic, or both.

The no form of this command removes the direction from the configuration.

Parameters

direction

Specifies the direction for the action in a VAS filter entry.

Values

upstream, downstream

create

Keyword used to create the action’s direction. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action drop

action forward

action http-redirect url [allow-override]

no action

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry action)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry action)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry action)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry action)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry action

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry action

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry action

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry action

Description

This command configures the action for the filter entry.

The no form of this command reverts to the default.

Default

action drop

Parameters

drop

Specifies to drop the packets matching the IP filter entry.

forward

Specifies to forward the packets matching the IP filter entry.

http-redirect url [allow-override]

Specifies the HTTP web address, up to 255 characters, that is sent to the user’s browser for redirection.

Note:

This action is not supported for IPv6 filter entries.

The specified URL can be overridden by a Diameter Credit Control Server when the following conditions are met:

  • a Final-Unit-Indication AVP is present in the Multiple-Services-Credit-Control AVP of a CCA message

  • the Final-Unit-Action AVP is set to REDIRECT (1)

  • a Redirect-Server AVP is included with the following:

    • the Redirect-Address-Type AVP set to URL (2)

    • the Redirect-Server-Address AVP containing the URL to use for this rating group (category-map)

  • the out of credit action for the corresponding rating group is set to change-service-level using one of the following commands:

    • configure>subscriber-mgmt>credit-control-policy policy-name>out-of-credit-action change-service-level

    • configure>subscriber-mgmt>category-map category-map-name category category-name>out-of-credit-action-override change-service-level

  • an IPv4 HTTP redirect action with allow-override is specified in the exhausted credit service level context for the corresponding rating group using the command configure>subscriber-mgmt>category-map category-map-name category category-name>exhausted-credit-service-level>ingress-ip-filter-entries> entry entry-id>action http-redirect url allow-override

In all other cases, the URL specified in the Redirect-Server-Address AVP is ignored and the configured URL is used. The URL received from the Credit Control Server is included in the output of show>service>active-subscribers>credit-control. The allow-override is ignored for RADIUS credit control.

The following variables can optionally be added in the configured URL (http-redirect url) and in the override URL from the Credit Control Server (Redirect-Server-Address AVP):

  • $IP – Customer’s IP address

  • $MAC – Customer’s MAC address

  • $URL – Original requested URL

  • $SAP – Customer’s SAP

  • $SUB – Customer’s subscriber identification string

  • $CID – string that represents the circuit-id or interface-id of the subscriber host (hexadecimal format)

  • $RID – string that represents the remote-id of the subscriber host (hexadecimal format)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {alarm | remove}

no action

Context

[Tree] (config>subscr-mgmt>shcv-policy>periodic action)

Full Context

configure subscriber-mgmt shcv-policy periodic action

Description

This command configures the action to take when the periodic connectivity verification failed.

The no form of this command reverts to the default.

Default

action alarm

Parameters

alarm

Raises an alarm indicating that the host is disconnected.

remove

Raises an alarm and releases all allocated resources (addresses, prefixes, queues, table entries, and so on). Static hosts are removed.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {drop | forward | none}

action http-redirect rdr-url-string

no action

Context

[Tree] (config>subscr-mgmt>isa-filter>entry action)

[Tree] (config>subscr-mgmt>isa-filter>ipv6>entry action)

Full Context

configure subscriber-mgmt isa-filter entry action

configure subscriber-mgmt isa-filter ipv6 entry action

Description

This command specifies what should happen to packets that do match this entry.

The no form of this command reverts to the default value.

Default

action none

Parameters

drop

Specifies to drop the packet.

forward

Specifies to forward the packet.

none

Specifies to ignore the entry and continue processing with subsequent entries.

rdr-url-string

Specifies the URL to which matching HTTP flows are redirected, up to 255 characters. The URL can be overridden by AAA. Non-HTTP packets are dropped. The URL supports the $URL, $MAC, and $IP variables. For other macro substitutions, the string is not modified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {permit-deny | priority-mark}

no action

Context

[Tree] (config>subscr-mgmt>isa-policer action)

Full Context

configure subscriber-mgmt isa-policer action

Description

This command specifies what happens to packets that are in-profile and out-of-profile.

The no form of this command reverts to the default value.

Default

action permit-deny

Parameters

permit-deny

Drops all packets that are out of profile (they do not conform to the PIR).

priority-mark

Currently not supported. The policer will take no action.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {log-only | reset-mda | fail-mda}

no action

Context

[Tree] (config>card>mda>event action)

Full Context

configure card mda event action

Description

This command defines the action to be taken when a specific hardware error event is raised against the target mda.

Only one action can be enabled at a time. Entering a new action will override a previously defined action.

The no form of this command sets the action to the default value.

Default

action log-only

Parameters

log-only

Specifies to pass the log event to log management. No other action is taken.

reset-mda

Specifies to reset the mda.

fail-mda

Specifies to set the operational state of the mda to Failed. This Failed state will persist until the clear mda command is issued (reset) or the mda is removed and re-inserted (re-seat).

Platforms

All

action

Syntax

[no] action

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization action)

Full Context

configure system security profile netconf base-op-authorization action

Description

This command enables the NETCONF action operation.

The no form of this command disables the operation.

Default

no action

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

action

Syntax

action {priority-mark | permit-deny}

Context

[Tree] (config>app-assure>group>policer action)

Full Context

configure application-assurance group policer action

Description

This command configures the action to be performed by single-bucket bandwidth policers for non-conformant traffic.

Dual bucket bandwidth policers cannot have their action configured and always mark traffic below CIR in profile, between CIR and PIR out of profile, and drop traffic above PIR. Flow policers always discard non-conformant traffic.

When multiple application assurance policers are configured against a single flow (including policers at both subscriber and system), the final action done to the flow/packet will be a logical OR of all policers actions. For example, if only of the policers requires the packet to be discarded, the packet will be dropped regardless of the action of the other policers.

Default

action permit-deny

Parameters

priority-mark

Non-conformant traffic will be marked out of profile and the conformant traffic will be marked in profile. The new marking will overwrite any previous IOM QoS marking done to a packet.

permit-deny

Non-conformant traffic will be dropped.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action

Context

[Tree] (config>app-assure>group>policy>aqp>entry action)

Full Context

configure application-assurance group policy app-qos-policy entry action

Description

Commands in this context configure AQP actions to be performed on flows that match the AQP entry’s match criteria.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {permit | deny} [event-log event-log-name]

action http-redirect http-redirect-name [event-log event-log-name]

action tcp-optimizer tcp-optimizer-name

Context

[Tree] (config>app-assure>group>sess-fltr>entry action)

Full Context

configure application-assurance group session-filter entry action

Description

This command configures the action for this entry.

Parameters

deny

Packets matching the criteria are denied.

permit

Packets matching the criteria are permitted.

event-log-name

Specifies the event log name, up to 32 characters.

http-redirect-name

Specifies the HTTP redirect name, up to 32 characters.

tcp-optimizer

Specifies to use TCP Optimization (TCPO) on the matching flows.The TCPO policy referenced within this session filter entry is configured under the AA group. If the TCPO action is removed from a session-filter entry, the existing flows are not affected. However, no new TCP flows are optimized.

tcp-optimizer-name

Specifies the name of the TCPO policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {permit | deny}

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr>entry action)

Full Context

configure application-assurance group gtp gtp-filter imsi-apn-filter entry action

Description

This command configures an action for the IMSI-APN filter entry.

Default

action permit

Parameters

permit

Specifies to permit packets that do not match any message entries.

deny

Specifies to deny packets that do not match any message entries.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

action {dnat | forward} [ip-address ip-address]

no action

Context

[Tree] (config>service>nat>nat-classifier>entry action)

Full Context

configure service nat nat-classifier entry action

Description

This command specifies the action to take for packets that match this nat-classifier entry. The no form of the command removes the specified action statement. By default, the entry is ignored (skipped). Consequently, the action from another matching entry is applied. If there are no other matching entries found, the default-action is applied.

Default

no action.

Parameters

dnat

Performs the DNAT function. The destination IP address of the packet traversing the router in the direction from inside to outside is replaced by the configured IP address. Destination port is not translated. In the opposite direction (from outside to inside), the source address in the returning packet is restored to the original value.

forward

Specifies that the forward action ensures that the packet is transparently passed through the nat-classifier.

ip-address ip-address

Specifies that the destination IP address replaces the original IP address in the packet traveling from inside to outside.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

action

Syntax

[no] action [secondary]

Context

[Tree] (config>filter>mac-filter>entry action)

[Tree] (config>filter>ip-filter>entry action)

[Tree] (config>filter>ipv6-filter>entry action)

Full Context

configure filter mac-filter entry action

configure filter ip-filter entry action

configure filter ipv6-filter entry action

Description

Commands in this context configure a primary (no option specified) or secondary (secondary option specified) action to be performed on packets matching this filter entry. An ACL filter entry remains inactive (is not programmed in hardware) until a specific action is configured for that entry.

A primary action supports any filter entry action, a secondary action is used for redundancy and defines a redundant Layer 3 PBR action for an Layer 3 PBR primary action or a redundant L2 PBF action for a Layer 2 PBF primary action.

The no form of this command removes the specific action configured in the context of the action command. The primary action cannot be removed if a secondary action exists.

Default

no action

Parameters

secondary

Specifies a secondary action to be performed on packets matching this filter entry. A secondary action can only be configured if a primary action is configured.

Platforms

All

action

Syntax

action [fc fc-name] [priority {high | low}] [policer policer-id]

no action

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry action)

[Tree] (config>qos>sap-ingress>mac-criteria>entry action)

[Tree] (config>qos>sap-ingress>ip-criteria>entry action)

Full Context

configure qos sap-ingress ipv6-criteria entry action

configure qos sap-ingress mac-criteria entry action

configure qos sap-ingress ip-criteria entry action

Description

This mandatory command associates the forwarding class or enqueuing priority with specific IP, IPv6, or MAC criteria entry ID. The action command supports setting the forwarding class parameter to a subclass. Packets that meet all match criteria within the entry have their forwarding class and enqueuing priority overridden based on the parameters included in the action parameters. When the forwarding class is not specified in the action command syntax, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy. When the enqueuing priority is not specified in the action, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.

When a policer is specified in the action, a matching packet is directed to the configured policer instead of the policer/queue assigned to the forwarding class of the packet.

The action command must be executed for the match criteria to be added to the active list of entries. If the entry is designed to prevent more explicit (higher entry ID) entries from matching certain packets, the fc fc-name and match protocol fields should not be defined when executing action. This allows packets matching the entry to preserve the forwarding class and enqueuing priority derived from previous classification rules.

Each time action is executed on a specific entry ID, the previously entered values for fc fc-name and priority are overridden with the newly defined parameters or inherit previous matches when a parameter is omitted.

The no form of this command removes the entry from the active entry list. Removing an entry on a policy immediately removes the entry from all SAPs using the policy. All previous parameters for the action is lost.

If no action is specified, the action specified by the default-fc command will be used.

Parameters

fc fc-name

The value given for fc fc-name must be one of the predefined forwarding classes in the system. Specifying the fc fc-name is required. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.

The subclass-name parameter is optional and used with the fc-name parameter to define a pre-existing subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.

Values

fc:

class[.subclass]

class: be, l2, af, l1, h2, ef, h1, nc

subclass: 29 characters max

Default

Inherit (When fc fc-name is not defined, the rule preserves the previous forwarding class of the packet.)

priority

The priority parameter overrides the default enqueuing priority for all packets received on a SAP using this policy that match this rule. Specifying the priority (high or low) is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.

Default

Inherit (When the priority (high or low) is not defined, the rule preserves the previous enqueuing priority of the packet)

high

The high parameter is used in conjunction with the priority parameter. Setting the priority enqueuing parameter to high for a packet increases the likelihood to enqueue the packet when the queue is congested. The enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the queue, the significance of the enqueuing priority is lost.

low

The low parameter is used in conjunction with the priority parameter. Setting the priority enqueuing parameter to low for a packet decreases the likelihood to enqueue the packet when the queue is congested. The enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

Default

Inherit

policer-id

A valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.

Values

1 to 63

Platforms

All

action

Syntax

action [fc fc-name] [profile {in | out | exceed | inplus}] [policer policer-id] [port-redirect-group-queue] [queue queue-id] [use-fc-mapped-queue]

no action

Context

[Tree] (config>qos>sap-egress>ip-criteria>entry action)

[Tree] (config>qos>sap-egress>ipv6-criteria>entry action)

Full Context

configure qos sap-egress ip-criteria entry action

configure qos sap-egress ipv6-criteria entry action

Description

This command defines the reclassification actions that should be performed on any packet matching the defined IP flow criteria within the entries match node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.

If an egress packet on the SAP matches the specified IP flow entry, the forwarding class, or profile or egress queue accounting behavior may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all IP precedence- or DSCP-based reclassification rule actions when an explicit reclassification action is defined for the entry.

It is also possible to redirect the egress packet to a configured policer. The forwarding class or profile can also be optionally specified.

When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. In show and info commands, the entry will display no action as the specified reclassification action for the entry. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate packets egressing a SAP with the SAP egress policy defined. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed either with explicit reclassification entries or without any actions defined. Specifying action without any trailing reclassification actions allows packets matching the entry to exit the evaluation list without matching entries lower in the list. Executing no action on an entry removes the entry from the evaluation list and also removes any explicitly defined reclassification actions associated with the entry.

The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions.

The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior.

The policer keyword is optional. When specified, the egress packet will be redirected to the configured policer. Optional parameters allow the user to control how the forwarded policed traffic exits the egress port. By default, the policed forwarded traffic will use a queue in the egress port’s policer-output-queue queue group; alternatively, a queue in an instance of a user-configured queue group can be used or a local SAP egress queue.

The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any packets egress a SAP associated with the SAP egress QoS policy.

Parameters

fc fc-name

The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.

Values

fc

class

class

be, l2, af, l1, h2, ef, h1, nc

profile {in | out | exceed | inplus}

The profile reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of the ingress profiling decision. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.

in

The in parameter is mutually exclusive to the exceed, inplus, and out parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When in is specified, any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.

out

The out parameter is mutually exclusive to the exceed, inplus, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When out is specified, any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.

exceed

The exceed parameter is mutually exclusive to the out, inplus, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When exceed is specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.

inplus

The inplus parameter is mutually exclusive to the out, exceed, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When inplus is specified, any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.

policer policer-id

When the action policer command is executed, a valid policer ID must be specified. The parameter policer ID references a policer ID that has already been created within the SAP egress QoS policy.

Values

1 to 63

port-redirect-group-queue queue queue-id

Used to override the forwarding class default egress queue destination to an egress port queue group. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the SAP. Therefore, this parameter is only valid if SAP-based redirection is required. The queue parameter overrides the policer’s default egress queue destination to a specified queue-id in the egress port queue group instance.

Values

1 to 8

queue queue-id

This parameter overrides the policer’s default egress queue destination to a specified local SAP queue of that queue-id. A queue of ID queue-id must exist within the egress QoS policy.

Values

1 to 8

use-fc-mapped-queue

This parameter overrides the policer’s default egress queue destination to the queue mapped by the traffic’s forwarding class.

Platforms

All

action

Syntax

action [fc fc-name profile {in | out | exceed | inplus}] [port-redirect-group {queue queue-id | policer policer-id [queue queue-id]}]

Context

[Tree] (config>qos>network>egress>ipv6-criteria>entry action)

[Tree] (config>qos>network>egress>ip-criteria>entry action)

Full Context

configure qos network egress ipv6-criteria entry action

configure qos network egress ip-criteria entry action

Description

This command defines the reclassification actions that are performed on any packet matching the defined IP flow criteria within the entry’s matched node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.

If an egress packet matches the specified IP flow entry, the forwarding class and profile may be overridden. By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all IP precedence-based or DSCP-based reclassification rule actions when an explicit reclassification action is defined for the entry.

When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate egress packets. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed.

The fc and profile keywords are optional. When specified, the egress classification rule will overwrite the forwarding class and profile derived from ingress. The new forwarding class and profile are used for egress remarking, queue mapping decisions, and queue congestion behavior.

The port-redirect-group keyword is optional. When specified, the egress packet will be redirected to the configured queue or policer in the specified egress network queue group. By default, the policed forwarded traffic will use the regular network queue to which the packet's forwarding class is mapped. Alternatively, a queue in the network egress queue group instance can be used for post-policed traffic by specifying a queue after the policer parameter. The port-redirect-group keyword requires that the network egress queue group instance is specified when this network QoS policy is applied to a network interface. The port-redirect-group is not supported on a 7750 SR-a4/a8.

The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any egress packets.

Default

no action

Parameters

fc fc-name

The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. The profile reclassification action is mandatory when an fc is specified. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.

Values

be, l2, af, l1, h2, ef, h1, nc

profile {in | out | exceed | inplus}

The profile reclassification action is mandatory when an fc is specified, otherwise it is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of the ingress profiling decision. In, exceed, inplus, or out must be specified when the profile keyword is present. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.

in

When specified, any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.

out

When specified, any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.

exceed

When specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.

inplus

When specified, any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.

queue queue-id

Used to override the forwarding class default egress queue destination to the specified network egress queue group instance queue. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the network interface.

Values

1 to 8

policer policer-id

Specifies a valid policer ID that has already been created within the network egress queue group instance.

Values

1 to 16

queue queue-id

The queue following the configured policer overrides the default policed traffic egress queue destination to a specified queue in the network egress queue group instance.

Values

1 to 8

Platforms

All

action

Syntax

action fc fc-name profile {in | out}

no action

Context

[Tree] (config>qos>network>ingress>ipv6-criteria>entry action)

[Tree] (config>qos>network>ingress>ip-criteria>entry action)

Full Context

configure qos network ingress ipv6-criteria entry action

configure qos network ingress ip-criteria entry action

Description

This command defines the reclassification actions that are performed on any packet matching the defined IP flow criteria within the entry’s matched node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.

If an ingress packet matches the specified IP flow entry, the forwarding class and profile may be overridden. By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all non-criteria reclassification rule actions when an explicit reclassification action is defined for the entry.

When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate ingress packets. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed.

The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any ingress packets.

Default

no action

Parameters

fc fc-name

The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. The profile reclassification action is mandatory when an fc is specified. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.

Values

be, l2, af, l1, h2, ef, h1, nc

profile {in | out}

The profile reclassification action is mandatory. Packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of other ingress profiling decisions. In or out must be specified when the profile keyword is present. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.

in

When specified, any packets matching the reclassification rule will be treated as in-profile by the ingress forwarding plane.

out

When specified, any packets matching the reclassification rule will be treated as out-of-profile by the ingress forwarding plane.

Platforms

All

action

Syntax

action {replace | drop | keep}

no action

Context

[Tree] (config>router>if>dhcp>option action)

Full Context

configure router interface dhcp option action

Description

This command configures the processing required when the SR-Series router receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.

The no form of this command returns the system to the default value.

Default

Per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this is if the GI address of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.

Parameters

replace

In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).

drop

The packet is dropped, and an error is logged.

keep

The existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on toward the client.

The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert his own VSO into the Option 82 field. This will only be done when the incoming message has already an Option 82 field.

If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO will be added to the message.

Platforms

All

action

Syntax

action {action}

no action

Context

[Tree] (config>serv>mrp>mrp-policy>entry action)

Full Context

configure service mrp mrp-policy entry action

Description

This command specifies the action to be applied to the MMRP attributes (Group B-MACs) whose ISIDs match the specified ISID criteria in the related entry.

The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and will be inactive. If neither keyword is specified (no action is used), this is considered a No-Op policy entry used to explicitly set an entry inactive without modifying match criteria or removing the entry itself. Multiple action statements entered will overwrite previous actions parameters when defined. To remove a parameter, use the no form of the action command with the specified parameter.

The no form of the command removes the specified action statement. The entry is considered incomplete and hence rendered inactive without the action keyword.

Default

no action

Parameters

action

Specifies the action for the MRP policy entry.

block

Specifies that the matching MMRP attributes will not be declared or registered on this SAP or SDP.

allow

Specifies that the matching MMRP attributes will be declared and registered on this SAP or SDP.

end-station

Specifies that an end-station emulation is present on this SAP or SDP for the MMRP attributes related with matching ISIDs. Equivalent action with the block keyword on that SAP or SDP. The attributes associated with the matching ISIDs are not declared or registered on the SAP or SDP. The matching attributes on the other hand are mapped as static MMRP entries on the SAP or SDP which implicitly instantiates in the data plane as a MFIB entry associated with that SAP or SDP for the related Group B-MAC. For the other SAPs/SDPs in the BVPLS with MRP enabled (no shutdown). This means that the permanent declaration of the matching attributes, as in the case when the IVPLS instances associated with these ISIDs were locally configured.

If an MRP policy has end-station action in one entry, the only default action allowed in the policy is block. Also no other actions are allowed to be configured in other entry configured under the policy.

This policy will apply even if the MRP is shutdown on the local SAP or SDP or for the whole BVPLS to allow for manual creation of MMRP entries in the data plane. Specifically the following rules apply:

  • If service vpls mrp shutdown is executed, and the MMRP on all SAP or SDPs is shutdown, then MRP PDUs pass-through transparently.

  • If service vpls mrp no shutdown, and the endstation statement (even with no ISID values in the related match statement) is used in an MRP policy applied to SAP or SDP, then no declaration is sent on SAP or SDP. The provisioned ISIDs in the match statement are registered on that SAP or SDP and are propagated on all the other MRP enabled endpoints.

Platforms

All

action

Syntax

action {permit | deny | deny-host-unreachable}

no action

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry action)

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry action)

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry action)

Full Context

configure system security management-access-filter ip-filter entry action

configure system security management-access-filter mac-filter entry action

configure system security management-access-filter ipv6-filter entry action

Description

This command creates the action associated with the management access filter match criteria entry.

The action keyword is required. If no action is defined, the filter is ignored. If multiple action statements are configured, the last one overwrites previous configured actions.

If the packet does not meet any of the match criteria the configured default action is applied.

Parameters

permit

Specifies that packets matching the configured criteria will be permitted.

deny

Specifies that packets matching the configured selection criteria will be denied and that a ICMP host unreachable message will not be issued.

deny-host-unreachable

Specifies that packets matching the configured selection criteria will be denied and that a host unreachable message will not be issued.

The deny-host-unreachable parameter only applies to ip-filter and ipv6-filter.

Platforms

All

action

Syntax

action [accept | drop | queue queue-id]

no action

Context

[Tree] (config>sys>security>cpm-filter>ip-filter>entry action)

[Tree] (config>sys>security>cpm-filter>ipv6-filter>entry action)

[Tree] (config>sys>security>cpm-filter>mac-filter>entry action)

Full Context

configure system security cpm-filter ip-filter entry action

configure system security cpm-filter ipv6-filter entry action

configure system security cpm-filter mac-filter entry action

Description

This command specifies the action to take for packets that match this filter entry.

Default

action drop

Parameters

accept

Specifies packets matching the entry criteria will be forwarded.

drop

Specifies packets matching the entry criteria will be dropped.

queue queue-id

Specifies packets matching the entry criteria will be forward to the specified CPM hardware queue.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

action

Syntax

action {deny | permit | read-only}

Context

[Tree] (config>system>security>profile>entry action)

Full Context

configure system security profile entry action

Description

This command configures the action associated with the profile entry.

Parameters

deny

Specifies that commands matching the entry command match criteria are to be denied.

permit

Specifies that commands matching the entry command match criteria is permitted.

read-only

Specifies the commands matching the entry command match criteria is available with read-only access.

Platforms

All

action-list

action-list

Syntax

action-list

Context

[Tree] (config>log>event-handling>handler action-list)

Full Context

configure log event-handling handler action-list

Description

Commands in this context configure the EHS handler action list.

Platforms

All

action-on-fail

action-on-fail

Syntax

action-on-fail {drop | passthrough}

no action-on-fail

Context

[Tree] (config>python>py-script action-on-fail)

Full Context

configure python python-script action-on-fail

Description

This command specifies the action taken when Python fails to modify the given message.

The no form of this command reverts to the default.

Default

action-on-fail drop

Parameters

drop

Specifies that the packet will be dropped.

passthrough

Specifies that the packet that is sent out without any modifications.

Platforms

All

action-on-fail

Syntax

action-on-fail {drop | passthrough}

no action-on-fail

Context

[Tree] (config>aaa>radius-scr-plcy action-on-fail)

Full Context

configure aaa radius-script-policy action-on-fail

Description

specifies the action taken when Python fails to modify the RADIUS message.

The no form of this command reverts to the default.

Default

action-on-fail drop

Parameters

drop

Specifies that the packet will be dropped.

passthrough

Specifies that the packet will be sent out without any modifications.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

activate

activate

Syntax

activate [file-url] [now]

Context

[Tree] (admin>system>license activate)

Full Context

admin system license activate

Description

This command performs an activation on the license file pointed to by the command line argument. The file is first validated as described in the admin>system>license>validate command and upon success, replaces the existing license attributes in the system with the information in the new license file.

The license attributes that are active on a system can be viewed with the show>licensing>entitlements command.

Note:

If the CLM tool is being used for license management, it shall perform the validation and activation and there is no need to enter these commands manually.

Parameters

file-url

Specifies the file URL location to read the license file.

Values

local-url, remote-url

Note:

IPv6 addresses apply only to 7750 SR and 7950 XRS.

now

If the now keyword is not present, the operator is prompted to confirm the activation. With the now keyword the license file is activated without the additional prompt.

Platforms

All

activate-entry-tag

activate-entry-tag

Syntax

activate-entry-tag activate-entry-tag

no activate-entry-tag

Context

[Tree] (config>service>ipipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)

[Tree] (config>service>cpipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)

[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)

[Tree] (config>service>vpls>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)

[Tree] (config>service>ipipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)

[Tree] (config>service>cpipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)

[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)

[Tree] (config>service>vpls>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)

[Tree] (config>service>ies>if>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)

[Tree] (config>service>ies>if>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)

[Tree] (config>service>epipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)

[Tree] (config>service>epipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)

Full Context

configure service ipipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag

configure service cpipe sap ingress criteria-overrides ip-criteria activate-entry-tag

configure service vprn interface sap ingress criteria-overrides ipv6-criteria activate-entry-tag

configure service vpls sap ingress criteria-overrides ip-criteria activate-entry-tag

configure service ipipe sap ingress criteria-overrides ip-criteria activate-entry-tag

configure service cpipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag

configure service vprn interface sap ingress criteria-overrides ip-criteria activate-entry-tag

configure service vpls sap ingress criteria-overrides ipv6-criteria activate-entry-tag

configure service ies interface sap ingress criteria-overrides ipv6-criteria activate-entry-tag

configure service ies interface sap ingress criteria-overrides ip-criteria activate-entry-tag

configure service epipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag

configure service epipe sap ingress criteria-overrides ip-criteria activate-entry-tag

Description

This command activates the entry tag.

The no form of this command removes any existing entry tags from the SAP.

Parameters

activate-entry-tag

Specifies the tag identifier value for activation.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

active-cpm-protocols

active-cpm-protocols

Syntax

[no] active-cpm-protocols

Context

[Tree] (config>service>vprn>if active-cpm-protocols)

Full Context

configure service vprn interface active-cpm-protocols

Description

This command enables CPM protocols on this interface.

Platforms

All

active-flow-timeout

active-flow-timeout

Syntax

active-flow-timeout seconds

no active-flow-timeout

Context

[Tree] (config>cflowd active-flow-timeout)

Full Context

configure cflowd active-flow-timeout

Description

This command configures the maximum amount of time before an active flow is aged out of the active cache. If an individual flow is active for the specified amount of time, the flow is aged out and a new flow is created on the next packet sampled for that flow.

Existing flows do not inherit the new active-flow-timeout value if this parameter is changed while cflowd is active. The active-flow-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

The no form of this command resets the timeout back to the default value.

Default

active-flow-timeout 1800

Parameters

seconds

Specifies the value, in seconds, before an active flow is exported.

Values

30 to 36000

Platforms

All

active-hold-delay

active-hold-delay

Syntax

active-hold-delay active-hold-delay

no active-hold-delay

Context

[Tree] (config>service>cpipe>endpoint active-hold-delay)

[Tree] (config>service>ipipe>endpoint active-hold-delay)

[Tree] (config>service>epipe>endpoint active-hold-delay)

Full Context

configure service cpipe endpoint active-hold-delay

configure service ipipe endpoint active-hold-delay

configure service epipe endpoint active-hold-delay

Description

This command specifies that the node will delay sending the change in the T-LDP status bits for the VLL endpoint when the MC-LAG transitions the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby or when any object in the endpoint. For example, SAP, ICB, or regular spoke SDP, transitions from up to down operational state.

By default, when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of "standby” over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.

There is no delay applied to the VLL endpoint status bit advertisement when the MC-LAG transitions the LAG subgroup which hosts the SAP from standby to active or when any object in the endpoint transitions to an operationally up state.

Default

active-hold-delay 0

Parameters

active-hold-delay

Specifies the active hold delay in 100s of milliseconds.

A value of zero means that when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of standby over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.

Values

0 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe endpoint active-hold-delay

All

  • configure service epipe endpoint active-hold-delay
  • configure service ipipe endpoint active-hold-delay

active-instance

active-instance

Syntax

active-instance instance-id

no active-instance

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path active-instance)

Full Context

configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path active-instance

Description

This command configures the active instance of a P2MP candidate path for the P2MP SR tree as a primary or a secondary instance. Before configuring the active instance ID, the candidate path instance must be configured using the instance command.

The no form of this command removes the active instance.

Parameters

instance-id

Specifies the active instance as primary (1) or secondary (2).

Values

1, 2

Platforms

All

active-iom-limit

active-iom-limit

Syntax

active-iom-limit number

no active-iom-limit

Context

[Tree] (config>isa>wlan-gw-group active-iom-limit)

Full Context

configure isa wlan-gw-group active-iom-limit

Description

This command specifies the number of WLAN-GW IOMs used as active IOMs from the total number of configured WLAN-GW IOMs. If there are more configured IOM than active-iom-limit, then the remaining number of IOMs is designated as backup(s).

The no form of this command removes the number from the configuration.

Parameters

number

Specifies the number of IOMs in this WLAN Gateway ISA group that are intended for active use.

Values

1 to 3

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

active-lease-time

active-lease-time

Syntax

active-lease-time [hrs hours] [min minutes] [sec seconds]

no active-lease-time

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp active-lease-time)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp active-lease-time)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp active-lease-time

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp active-lease-time

Description

This command configures the lease time for an authenticated user.

Default

active-lease-time min 10

Parameters

hours

Specifies the number of active lease time hours.

Values

1 to 1

minutes

Specifies the number of active lease time minutes.

Values

5 to 59

seconds

Specifies the number of active lease time seconds.

Values

1 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

active-mda-limit

active-mda-limit

Syntax

active-mda-limit number

no active-mda-limit

Context

[Tree] (config>isa>wlan-gw-group active-mda-limit)

Full Context

configure isa wlan-gw-group active-mda-limit

Description

This command specifies how many ISAs may be in active use by the WLAN-GW group at the same time. If the maximum number of active ISAs is reached and more ISAs are added to the group, the new ISAs are considered to be in standby mode.

The no form of this command removes the limit on the maximum number of active ISAs.

Parameters

number

Specifies the number of WLAN-GW ISAs intended for active use.

Values

1 to 14

Platforms

7750 SR, 7750 SR-e, 7750 SR-s

active-mda-limit

Syntax

active-mda-limit number

no active-mda-limit

Context

[Tree] (config>isa>nat-group active-mda-limit)

Full Context

configure isa nat-group active-mda-limit

Description

This command configures the number of active ISAs in active-standby ISA redundancy model for NAT. The active ISAs are automatically selected by the system and any the remaining ISA beyond the number of active limit will automatically assume the standby role. An ISA in the standby mode is idle until the failure of an active ISA occurs. Standby ISA can accept traffic from exactly one failed active ISA. Multiple standby ISAs can be configured in the system to protect against multiple simultaneous failures.

Once the active ISA fails, the standby ISA will start forwarding traffic. NAT translations from the failed ISA will have to be re-initiated by the clients and consequently setup on the newly active ISA.

In order for this command to take effect, the intra-chassis redundancy mode must be set to active-standby (config>isa>nat-group>redundancy active-standby).

Default

no active-mda-limit

Parameters

number

Specifies the active MDA limit.

Values

1 to 14

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

active-mda-number

active-mda-number

Syntax

active-mda-number number

no active-mda-number

Context

[Tree] (config>isa>tunnel-grp active-mda-number)

Full Context

configure isa tunnel-group active-mda-number

Description

This command specifies the number of active MS-ISA within all configured MS-ISA in the tunnel-group with multi-active enabled. IPsec traffic will be load balanced across all active MS-ISAs. If the number of configured MS-ISA is greater than the active-mda-number then the delta number of MS-ISA will be backup.

Default

active-mda-number 1

Parameters

number

Specifies the number of active MDAs.

Values

1 to 16

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

active-outbound-sa

active-outbound-sa

Syntax

active-outbound-sa spi

no active-outbound-sa

Context

[Tree] (config>grp-encryp>encryp-keygrp active-outbound-sa)

Full Context

configure group-encryption encryption-keygroup active-outbound-sa

Description

This command specifies the Security Association, referenced by the Security Parameter Index (SPI), to use when performing encryption and authentication on NGE packets egressing the node for all services configured using this key group.

The no form of the command returns the parameter to its default value and is the same as removing this key group from all outbound direction key groups in all services configured with this key group (that is, all packets of services using this key group will egress the node in without being encrypted).

Parameters

spi

Specifies the SPI to use for packets of services using this key group when egressing the node.

Values

1 to 127

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

active-preferred-lifetime

active-preferred-lifetime

Syntax

active-preferred-lifetime [hrs hours] [min minutes] [sec seconds]

no active-preferred-lifetime

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac active-preferred-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-preferred-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-preferred-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac active-preferred-lifetime)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-preferred-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-preferred-lifetime

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-preferred-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-preferred-lifetime

Description

This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.

The no form of this command reverts to the default.

Default

active-preferred-lifetime min 10

Parameters

hours

Specifies the number of active preferred lifetime hours.

Values

1 to 1

minutes

Specifies the number of active preferred lifetime minutes.

Values

5 to 59

seconds

Specifies the number of active preferred lifetime seconds.

Values

1 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

active-psk

active-psk

Syntax

active-psk active-pre-shared-key

no active-psk

Context

[Tree] (config>macsec>conn-assoc>static-cak active-psk)

Full Context

configure macsec connectivity-association static-cak active-psk

Description

This command specifies the active transmitting pre-shared-key. If two pre-shared-keys are configured, the arriving MACsec MKA can be decrypted via CAKs of both pre-shared keys; however, only the active-psk will be used for TX encryption of MKA PDUs.

Default

active-psk 1

Parameters

active-pre-shared-key

Specifies the value of the pre-shared-key.

Values

1 or 2

Platforms

All

active-source-limit

active-source-limit

Syntax

active-source-limit number

no active-source-limit

Context

[Tree] (config>service>vprn>msdp>peer active-source-limit)

[Tree] (config>service>vprn>msdp>group active-source-limit)

[Tree] (config>service>vprn>msdp>source active-source-limit)

[Tree] (config>service>vprn>msdp active-source-limit)

[Tree] (config>service>vprn>msdp>group>peer active-source-limit)

Full Context

configure service vprn msdp peer active-source-limit

configure service vprn msdp group active-source-limit

configure service vprn msdp source active-source-limit

configure service vprn msdp active-source-limit

configure service vprn msdp group peer active-source-limit

Description

This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.

The no form of this command reverts the number of source message limit to default operation.

Default

no active-source-limit

Parameters

number

Defines how many active sources can be maintained by MSDP.

Values

0 to 1000000

Platforms

All

active-source-limit

Syntax

active-source-limit number

no active-source-limit

Context

[Tree] (config>router>msdp>peer active-source-limit)

[Tree] (config>router>msdp>group>peer active-source-limit)

[Tree] (config>router>msdp>source active-source-limit)

[Tree] (config>router>msdp>group active-source-limit)

[Tree] (config>router>msdp active-source-limit)

Full Context

configure router msdp peer active-source-limit

configure router msdp group peer active-source-limit

configure router msdp source active-source-limit

configure router msdp group active-source-limit

configure router msdp active-source-limit

Description

This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.

The no form of this command sets no limit on the number of source active records.

Default

no active-source-limit

Parameters

number

Specifies the number of active sources that can be maintained by MSDP.

Values

0 to 1000000

Platforms

All

active-valid-lifetime

active-valid-lifetime

Syntax

active-valid-lifetime [hrs hours] [min minutes] [sec seconds]

no active-valid-lifetime

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac active-valid-lifetime)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-valid-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac active-valid-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-valid-lifetime)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-valid-lifetime

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-valid-lifetime

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-valid-lifetime

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-valid-lifetime

Description

This command specifies the signaled valid lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.

The no form of this command reverts to the default.

Default

active-valid-lifetime min 10

Parameters

hours

Specifies the number of active-valid-lifetime hours.

Values

1 to 1

minutes

Specifies the number of active-valid-lifetime minutes.

Values

5 to 59

seconds

Specifies the number of active-valid-lifetime seconds.

Values

1 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

activity-threshold

activity-threshold

Syntax

activity-threshold kilobits-per-second

no activity-threshold

Context

[Tree] (config>subscr-mgmt>cat-map activity-threshold)

Full Context

configure subscriber-mgmt category-map activity-threshold

Description

This command configures the threshold that is applied to determine whether or not there is activity. This is only valid for credit-type = time (not volume).

The no form of this command reverts to the default.

Parameters

kilobits-per-second

Specifies the activity threshold value, in kilobits per second.

Values

1 to 100000000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ad-per-es-route-target

ad-per-es-route-target

Syntax

ad-per-es-route-target evi-rt

ad-per-es-route-target evi-rt-set route-distinguisher ip-address [extended-evi-range]

Context

[Tree] (config>service>system>bgp-evpn ad-per-es-route-target)

Full Context

configure service system bgp-evpn ad-per-es-route-target

Description

This command controls how Ethernet AD per-ES routes are generated.

The system can either send a separate Ethernet AD per-ES route per service, or an Ethernet AD per-ES route aggregating the route-targets for multiple services. While both alternatives can interoperate, RFC 7432 states that the EVPN Auto-Discovery per-ES route must be sent with a set of route-targets corresponding to all the EVIs defined on the Ethernet Segment. This command supports both options.

The default ad-per-es-route-target evi-rt option configures the system to send a separate AD per-ES route per service.

When enabled, the evi-rt-set option allows the aggregation of routes: a single AD per-ES route with the associated RD (ip-address:1) and a set of EVI route-targets are advertised (to a maximum of 128). When a significant number of EVIs are defined in the Ethernet Segment (hence the number of route-targets), the system sends more than one route. For example:

  • AD per-ES route for evi-rt-set 1 will be sent with RD ip-address:1

  • AD per-ES route for evi-rt-set 2 will be sent with RD ip-address:2

Default

ad-per-es-route-target evi-rt

Parameters

evi-rt

Specifies the option to advertise a separate AD per-ES route per service.

evi-rt-set

Specifies the option to advertise a set of AD per-ES routes aggregating the route-targets for all the services in the Ethernet Segment.

ip-address

Specifies the ip-address part of the route-distinguisher being used in the evi-rt-set option.

extended-evi-range

Specifies that the system reserves the RD comm-val 1 to 65535 out of the type 1 RD that is used for AD per-ES routes.

Platforms

All

ad-validation

ad-validation

Syntax

ad-validation {fall-through | drop}

no ad-validation

Context

[Tree] (config>system>dns>dnssec ad-validation)

Full Context

configure system dns dnssec ad-validation

Description

This command enables validation of the presence of the AD-bit in responses from the DNS servers, and reports a warning to the SECURITY log if DNSSEC validation was not possible.

This command requires either the fall-through or drop parameters be configured. When the fall-through parameter is supplied, the system will allow DNS responses that do not pass DNSSEC validation to be accepted and logged. When the drop parameter is specified, the system will reject and log DNS responses that do not pass DNSSEC validation and the resolution will appear to fail.

Default

no ad-validation

Parameters

fall-through

Specifies that the DNSSEC validator should allow non-DNSSEC responses to fall-through to permit resolution in case of validation failure.

drop

Specifies that the DNSSEC validator should drop non-DNSSEC responses in case of validation failure.

Platforms

All

adapt-qos

adapt-qos

Syntax

adapt-qos {link | port-fair | distribute [include-egr-hash-cfg]}

Context

[Tree] (config>lag>access adapt-qos)

Full Context

configure lag access adapt-qos

Description

This command specifies how the LAG SAP queue and virtual scheduler buffering and rate parameters are adapted over multiple active XMAs/MDAs. This command applies only to access LAGs.

Default

adapt-qos distribute

Parameters

link

Specifies that the LAG will create the SAP queues and virtual schedulers with the actual parameters on each LAG member port.

port-fair

Places the LAG instance into a mode that enforces QoS bandwidth constraints in the following manner:

  • all egress QoS objects associated with the LAG instance are created on a per port basis

  • bandwidth is distributed over these per port objects based on the proportion of the port's bandwidth relative to the total of all active ports bandwidth within the LAG

  • the include-egr-hash-cfg behavior is automatically enabled allowing the system to detect objects that hash to a single egress link in the lag and enabling full bandwidth for that object on the appropriate port

distribute

Creates an additional internal virtual scheduler per IOM/XCM as parent of the configured SAP queues and virtual schedulers per LAG member port on that IOM/XCM. This internal virtual scheduler limits the total amount of egress bandwidth for all member ports on the IOM/XCM to the bandwidth specified in the egress qos policy.

include-egr-hash-cfg

Specifies whether explicitly configured hashing should factor into the egress buffering and rate distribution.

When this parameter is configured, all SAPs on this LAG which have explicit hashing configured, the egress HQoS and HPol (including queues, policers, schedulers and arbiters) will receive 100% of the configured bandwidth (essentially operating in adapt-qos link mode). For any Multi-Service-Sites assigned to such a LAG, bandwidth will continue to be divided according to adapt-qos distribute mode.

A LAG instance that is currently in adapt-qos link mode may be placed at any time in port-fair mode. Similarly, a LAG instance that is currently in adapt-qos port-fair mode may be placed at any time in link mode. However, a LAG instance in adapt-qos distribute mode may not be placed into port-fair (or link) mode while QoS objects are associated with the LAG instance. To move from distribute to port-fair mode it is necessary to remove all QoS objects from the LAG instance.

Platforms

All

adapt-qos

Syntax

adapt-qos {distribute | link | port-fair}

no adapt-qos

Context

[Tree] (config>eth-tunnel>lag-emulation>access adapt-qos)

Full Context

configure eth-tunnel lag-emulation access adapt-qos

Description

This command specifies how the emulated LAG queue and virtual scheduler buffering and rate parameters are adapted over multiple active MDAs.

The no form of the command reverts to the default.

Parameters

distribute

Creates an additional internal virtual scheduler per line card as parent of the configured SAP queues and virtual schedulers per member path on that line card. This internal virtual scheduler limits the total amount of egress bandwidth for all member paths on the line card to that line card’s share of the bandwidth specified in the egress qos policy. This mode is not supported together with an egress port scheduler or the use of egress queue groups.

link

Specifies that the emulated LAG will create the SAP queues and virtual schedulers with the bandwidth specified in the egress QoS policy on each member path.

port-fair

Specifies that the emulated LAG will create the SAP queues and virtual schedulers on each member path based on the bandwidth specified in the egress QoS policy divided by the number of active paths.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

adaptation-rule

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>qos>sap-egress>queue adaptation-rule)

Full Context

configure qos sap-egress queue adaptation-rule

Description

This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When a specific adaptation-rule is removed, the default constraints for pir and cir apply.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.

Default

adaptation-rule pir closest cir closest

Parameters

pir

Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default constraint applies.

Values

max — Specifies that the operational PIR for the queue will be equal to or less than the requested rate.

min — Specifies that the operational PIR for the queue will be equal to or greater than the requested rate.

closest — Specifies that the operational PIR for the queue will be the rate closest to the requested rate.

cir

Defines the constraints enforced when adapting the queue's CIR defined. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

Values

max — Specifies that the operational rate for the queue will be equal to or less than the requested rate.

min — Specifies that the operational rate for the queue will be equal to or greater than the requested rate.

closest — Specifies that the operational rate for the queue will be the rate closest to the requested rate.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>qos>sap-egress>queue adaptation-rule)

Full Context

configure qos sap-egress queue adaptation-rule

Description

This command defines the method used by the system to derive the operational FIR, CIR, and PIR settings when the queue is provisioned in hardware. For the FIR, CIR, and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When a specific adaptation-rule is removed, the default constraints for pir, cir, and fir apply.

The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR, and PIR created by the application of the policy.

Default

adaptation-rule pir closest cir closest fir closest

Parameters

pir adaptation-rule

Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.

Values

max - The max option is mutually exclusive to the min and closest options. When max is specified, the operational rate for the queue will be equal to or less than the requested rate.

min - The min option is mutually exclusive to the max and closest options. When min is specified, the operational PIR for the queue will be equal to or greater than the requested rate.

closest - The closest parameter is mutually exclusive to the min and max parameter. When closest is specified, the operational PIR for the queue will be the rate closest to the requested rate.

cir adaptation-rule

Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

max

Specifies that the operational rate for the queue will be equal to or less than the requested rate.

min

Specifies that the operational PIR for the queue will be equal to or greater than the requested rate.

closest

Specifies that the operational PIR for the queue will be the rate closest to the requested rate.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

Context

[Tree] (config>service>vpls>sap>ingress>queue-override>queue adaptation-rule)

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue adaptation-rule)

[Tree] (config>service>ies>sub-if>grp-if>sap>egress>queue-override>queue adaptation-rule)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue adaptation-rule)

[Tree] (config>service>vpls>sap>egress>queue-override>queue adaptation-rule)

Full Context

configure service vpls sap ingress queue-override queue adaptation-rule

configure service ies interface sap ingress queue-override queue adaptation-rule

configure service ies subscriber-interface group-interface sap egress queue-override queue adaptation-rule

configure service ies interface sap egress queue-override queue adaptation-rule

configure service vpls sap egress queue-override queue adaptation-rule

Description

This command overrides specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default

no adaptation-rule

Parameters

pir

Specifies the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.

cir

Specifies the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

adaptation-rule

Specifies the CIR and PIR adaptation rules.

Values

max — The max (maximum) option is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue is equal to or less than the administrative rate specified using the rate command.

min — The min (minimum) option is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue is equal to or greater than the administrative rate specified using the rate command.

closest — The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue is the rate closest to the rate specified using the rate command.

Platforms

All

adaptation-rule

Syntax

adaptation-rule pir adaptation-rule [cir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>subscr-mgmt>isa-policer adaptation-rule)

Full Context

configure subscriber-mgmt isa-policer adaptation-rule

Description

For operational efficiency, the operational rate of a policer cannot take on every value in the configurable range. This configuration defines a rule that must be followed when mapping a configured rate to an operational rate.

The cir adaptation-rule can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

Default

adaptation-rule pir closest cir closest

Parameters

pir adaptation-rule

Configures the rules to compute the PIR operational rates.

Values

min — Specifies that the operational rate must minimally be the configured rate. The first operational value bigger or equal to the configured rate is chosen.

max — Specifies that the operational rate may maximally be the configured rate. The first operational value smaller or equal to the configured rate is chosen.

closest — Chooses the operational value closest to the configured value, lower or higher.

cir adaptation-rule

Configures the rules to compute the CIR operational rates.

Values

adaptation-rule

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir {max | min | closest}]

no adaptation-rule

Context

[Tree] (config>port>ethernet>network>egr>qover>q adaptation-rule)

[Tree] (config>port>ethernet>access>ing>qgrp>qover>q adaptation-rule)

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q adaptation-rule)

Full Context

configure port ethernet network egress queue-overrides queue adaptation-rule

configure port ethernet access ingress queue-group queue-overrides queue adaptation-rule

configure port ethernet access egress queue-group queue-overrides queue adaptation-rule

Description

This command specifies the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default

adaptation-rule pir closest cir closest

Parameters

pir

Defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.

cir

Defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

adaptation-rule

Specifies the adaptation rule to be used while computing the operational CIR or PIR value.

Values

max — The max (maximum) option is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.

min — The min (minimum) option is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the rate command.

closest — The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the rate command.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

no adaption-rule

Context

[Tree] (config>service>ipipe>sap>egress>queue-override>queue adaptation-rule)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue adaptation-rule)

[Tree] (config>service>epipe>sap>ingress>queue-override>queue adaptation-rule)

[Tree] (config>service>epipe>sap>egress>queue-override>queue adaptation-rule)

Full Context

configure service ipipe sap egress queue-override queue adaptation-rule

configure service ipipe sap ingress queue-override queue adaptation-rule

configure service epipe sap ingress queue-override queue adaptation-rule

configure service epipe sap egress queue-override queue adaptation-rule

Description

This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default

no adaptation-rule

Parameters

pir

The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.

cir

The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

adaptation-rule

Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.

Values

max — The max (maximum) keyword is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.

min — The min (minimum) keyword is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the rate command.

closest — The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the rate command.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue adaptation-rule)

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue adaptation-rule)

Full Context

configure service vprn interface sap egress queue-override queue adaptation-rule

configure service vprn interface sap ingress queue-override queue adaptation-rule

Description

This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default

no adaptation-rule

Parameters

pir

The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.

cir

The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

adaptation-rule

Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.

Values

max — The max (maximum) keyword is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.

min — The min (minimum) keyword is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the rate command.

closest — The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the rate command.

Platforms

All

adaptation-rule

Syntax

adaptation-rule pir adaptation-rule [cir {adaptation-rule}]

no adaptation-rule

Context

[Tree] (config>app-assure>group>policer adaptation-rule)

Full Context

configure application-assurance group policer adaptation-rule

Description

This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined option. To change the CIR adaptation rule only, the current PIR rule must be part of the command executed.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default

adaptation-rule pir closest cir closest

Parameters

max

The operational PIR or CIR for the queue will be equal to or less than the administrative rate specified using the rate command.

min

The operational PIR or CIR for the queue will be equal to or greater than the administrative rate specified using the rate command.

closest

The operational PIR or CIR for the queue will be the rate closest to the rate specified using the rate command.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>qos>sap-egress>policer adaptation-rule)

[Tree] (config>qos>sap-ingress>policer adaptation-rule)

Full Context

configure qos sap-egress policer adaptation-rule

configure qos sap-ingress policer adaptation-rule

Description

This command is used to define how the policer’s configuration parameters are translated into the underlying hardware capabilities used to implement each policer instance. For instance, the configured rates for the policer need to be mapped to the timers and decrement granularity used by the hardware's leaky bucket functions that actually perform the traffic metering. If a rate is defined that cannot be exactly matched by the hardware, the adaptation-rule setting provides guidance for which hardware rate should be used.

The hardware also needs to adapt the given mbs and cbs values into the PIR bucket violate threshold (discard) and the CIR bucket exceed threshold (out-of-profile). The hardware may not have an exact threshold match that it can use. The system treats the mbs and cbs values as minimum threshold values.

The no form of this command is used to return the policer’s metering and profiling hardware adaptation rules to closest.

Parameters

pir adaptation-rule

When the optional pir parameter is specified, the max, min, or closest keyword qualifier must follow.

Values

max — Specifies that the metering rate defined for the policer is the maximum allowed rate. The system will choose a hardware supported rate that is closest but not exceeding the specified rate.

min — Specifies that the metering rate defined for the policer is the minimum allowed rate. The system will choose a hardware supported rate that is closest but not lower than the specified rate.

closest — Specifies that the metering rate defined for the policer is the target rate. The system will choose a hardware supported rate that is closest to the specified rate.

Default

closest

cir adaptation-rule

When the optional cir parameter is specified, the max, min, or closest keyword qualifier must follow.

Values

max — Specifies that the profiling rate defined for the policer is the maximum allowed rate. The system will choose a hardware supported rate that is closest but not exceeding the specified rate.

min — Specifies that the profiling rate defined for the policer is the minimum allowed rate. The system will choose a hardware supported rate that is closest but not lower than the specified rate.

closest — Specifies that the profiling rate defined for the policer is the target rate. The system will choose a hardware supported rate that is closest to the specified rate.

Default

closest

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule] [fir {max | min | closest}]

no adaptation-rule

Context

[Tree] (config>qos>sap-ingress>queue adaptation-rule)

Full Context

configure qos sap-ingress queue adaptation-rule

Description

This command defines the method used by the system to derive the operational FIR, CIR and PIR settings when the queue is provisioned in hardware. For the FIR, CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When a specific adaptation-rule is removed, the default constraints for pir, cir and fir apply.

The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR and PIR created by the application of the policy.

Default

adaptation-rule pir closest cir closest fir closest

Parameters

pir adaptation-rule

Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.

cir adaptation-rule

Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

fir

Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

max

Specifies that the operational rate for the queue will be equal to or less than the requested rate.

min

Specifies that the operational rate for the queue will be equal to or greater than the requested rate.

closest

Specifies that the operational rate for the queue will be the rate closest to the requested rate.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>qos>network-queue>hs-wrr-group adaptation-rule)

Full Context

configure qos network-queue hs-wrr-group adaptation-rule

Description

This command specifies how the system should resolve differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The min, max, and closest mutually exclusive keywords specify whether the next highest rate, next lowest rate, or closest rate should be selected by the system.

The no form of the command reverts to the default value.

Default

adaptation-rule pir closest

Parameters

adaptation-rule

Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.

Values

min — When min is specified, the queue’s rate parameter is treated as the minimum rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queues shaping rate is the closest possible value without going under the specified rate.

max — When max is specified, the queue’s rate parameter is treated as the maximum rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queue’s shaping rate is the closest possible value without going over the specified rate.

closest — When closest is specified, the queue’s rate parameter is treated as the target rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queues shaping rate is the closest possible value and can be higher or lower than the specified rate.

Platforms

7750 SR-7/12/12e

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>qos>sap-egress>hs-wrr-group adaptation-rule)

Full Context

configure qos sap-egress hs-wrr-group adaptation-rule

Description

This command specifies how the system resolves differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The mutually exclusive min, max, and closest keywords specify whether the next highest rate, next lowest, or closest rate should be selected by the system.

The no form of the command reverts to the default value.

Default

adaptation-rule pir closest

Parameters

pir

Defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.

adaptation-rule

Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.

Values

min — When min is specified, the queue’s rate parameter is treated as the minimum rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queues shaping rate is the closest possible value without going under the specified rate.

max — When max is specified, the queue’s rate parameter is treated as the maximum rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queue’s shaping rate is the closest possible value without going over the specified rate.

closest — When closest is specified, the queue’s rate parameter is treated as the target rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queues shaping rate is the closest possible value and can be higher or lower than the specified rate.

Platforms

7750 SR-7/12/12e

adaptation-rule

Syntax

adaptation-rule [pir adaptation-rule]

no adaptation-rule

Context

[Tree] (config>qos>qgrps>egr>qgrp>hs-wrr-group adaptation-rule)

Full Context

configure qos queue-group-templates egress queue-group hs-wrr-group adaptation-rule

Description

This command specifies how the system should resolve differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The mutually exclusive min, max, and closest keywords specify whether the next highest rate, next lowest rate, or closest rate should be selected by the system.

The no form of the command reverts to the default value.

Default

adaptation-rule pir closest

Parameters

adaptation-rule

Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.

Values

min — When min is specified, the queue’s rate parameter is treated as the minimum rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queues shaping rate is the closest possible value without going under the specified rate.

max — When max is specified, the queue’s rate parameter is treated as the maximum rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queue’s shaping rate is the closest possible value without going over the specified rate.

closest — When closest is specified, the queue’s rate parameter is treated as the target rate to shape the queue. The hardware chooses the appropriate timers and PIR leaky bucket behavior to ensure that the queues shaping rate is the closest possible value and can be higher or lower than the specified rate.

Platforms

7750 SR-7/12/12e

adaptation-rule

Syntax

adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]

no adaptation-rule

Context

[Tree] (config>qos>queue-group-templates>egress>queue-group>policer adaptation-rule)

Full Context

configure qos queue-group-templates egress queue-group policer adaptation-rule

Description

This command defines the method used by the system to derive the operational CIR and PIR settings when the policer is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When configured on an egress HSQ queue group queue, the cir keywords are ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.

When a specific adaptation-rule is removed, the default constraints for pir and cir apply.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.

Default

adaptation-rule pir closest cir closest

Parameters

pir

Defines the constraints enforced when adapting the policer’s PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the policer. When the pir parameter is not specified, the default constraint applies.

cir

Defines the constraints enforced when adapting the policer’s CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the policer. When the cir parameter is not specified, the default constraint applies.

max

Specifies that the operational rate for the policer will be equal to or less than the requested rate.

min

Specifies that the operational rate for the policer will be equal to or greater than the requested rate.

closest

Specifies that the operational rate for the policer will be the rate closest to the requested rate.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

adaptation-rule

Syntax

adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}] [fir {max | min | closest}]

no adaptation-rule

Context

[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue adaptation-rule)

Full Context

configure qos queue-group-templates ingress queue-group queue adaptation-rule

Description

This command defines the method used by the system to derive the operational FIR, CIR and PIR settings when the queue is provisioned in hardware. For the FIR, CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When a specific adaptation-rule is removed, the default constraints for pir, cir and fir apply.

The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR and PIR created by the application of the policy.

Default

adaptation-rule pir closest cir closest fir closest

Parameters

pir

Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default constraint applies.

cir

Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

fir

Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

max

Specifies that the operational rate for the queue will be equal to or less than the requested rate.

min

Specifies that the operational rate for the queue will be equal to or greater than the requested rate.

closest

Specifies that the operational rate for the queue will be the rate closest to the requested rate.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]

no adaptation-rule

Context

[Tree] (config>qos>queue-group-templates>egress>queue-group>queue adaptation-rule)

Full Context

configure qos queue-group-templates egress queue-group queue adaptation-rule

Description

This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When configured on an egress HSQ queue group queue, the cir keywords are ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.

When a specific adaptation-rule is removed, the default constraints for pir and cir apply.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.

Default

adaptation-rule pir closest cir closest

Parameters

pir

Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.

cir

Defines the constraints enforced when adapting the queue's CIR defined. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

max

Specifies that the operational rate for the queue will be equal to or less than the requested rate.

min

Specifies that the operational rate for the queue will be equal to or greater than the requested rate.

closest

Specifies that the operational rate for the queue will be the rate closest to the requested rate.

Platforms

All

adaptation-rule

Syntax

adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}] [fir {max | min | closest}]

no adaptation-rule

Context

[Tree] (config>qos>network-queue>queue adaptation-rule)

Full Context

configure qos network-queue queue adaptation-rule

Description

This command defines the method used by the system to derive the operational FIR, CIR, and PIR settings when the queue is provisioned in hardware. For the FIR, CIR, and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

When configured on an egress HSQ queue group queue, the cir keyword is ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation-rule is performed under the hs-wrr-group within the network queue policy.

The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR, and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for fir, cir, and pir apply.

Default

adaptation-rule pir closest cir closest fir closest

Parameters

pir

Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.

cir

Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

fir

Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational FIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

max

Specifies that the operational rate for the queue will be equal to or less than the requested rate.

min

Specifies that the operational rate for the queue will be equal to or greater than the administrative rate specified using the rate command.

closest

Specifies that the operational rate for the queue will be the rate closest to the requested rate.

Platforms

All

adaptive

adaptive

Syntax

[no] adaptive

Context

[Tree] (config>router>mpls>lsp>primary adaptive)

[Tree] (config>router>mpls>lsp-template adaptive)

[Tree] (config>router>mpls>lsp>primary-p2mp-instance adaptive)

[Tree] (config>router>mpls>lsp adaptive)

[Tree] (config>router>mpls>lsp>secondary adaptive)

Full Context

configure router mpls lsp primary adaptive

configure router mpls lsp-template adaptive

configure router mpls lsp primary-p2mp-instance adaptive

configure router mpls lsp adaptive

configure router mpls lsp secondary adaptive

Description

This command enables the make-before-break functionality for an LSP or LSP path. When enabled for the LSP, make-before-break will be performed for primary path and all the secondary paths of the LSP.

The config>router>mpls>lsp>primary-p2mp-instance> adaptive command is not supported on the 7450 ESS.

Default

adaptive

Platforms

All

adaptive-load-balancing

adaptive-load-balancing

Syntax

adaptive-load-balancing [tolerance tolerance-value] [interval interval] [bandwidth-threshold percent]

no adaptive-load-balancing

Context

[Tree] (config>lag adaptive-load-balancing)

Full Context

configure lag adaptive-load-balancing

Description

This command enables adaptive load balancing between LAG links. The tolerance value defines the percentage threshold between the most and the least used link in the LAG. If the tolerance value is exceeded, adaptive load balancing optimizes traffic distribution between LAG links. The bandwidth threshold defines the minimum bandwidth percentage of the most loaded LAG port egress. If the bandwidth threshold value is exceeded, adaptive load balancing optimization is performed.

The no form of this command disables adaptive load balancing.

Default

no adaptive-load-balancing

Parameters

tolerance-value

Specifies the allowed tolerance value expressed as a percentage.

Values

1 to 100

Default

20

interval

Specifies the statistics pooling interval value, in seconds, for the LAG ports.

Values

15, 30, 60, 120

Default

30

percent

Specifies the bandwidth threshold expressed as a percentage.

Values

0 to 100

Default

10 on PXC LAG, 30 on other LAG types

Platforms

All

add

add

Syntax

add percent percentage [min-only] [ active-min-only]

add rate rate [min-only] [active-min-only]

no add

Context

[Tree] (config>qos>adv-config-policy>child-control>offered-measurement add)

Full Context

configure qos adv-config-policy child-control offered-measurement add

Description

This command is used to increase the measured rate of the policer or queue associated with the policy. The offered rate (capped by the administrative PIR configured on the queue or policer) is usually used unaltered by the parent virtual scheduler. The add command allows this measured rate to be increased by the specified amount or by a percentage of the administrative PIR. The resulting rate will not exceed the administrative PIR.

The parent scheduler uses the modified measured rate as the available work load for the queue or policer in determining how much bandwidth the child should receive from the bandwidth distribution algorithm.

One example of when an increase in the measured offered rate may be desired is when a queue or policer is handling VoIP traffic. A characteristic of VoIP is the step nature in how traffic is used. Each call typically adds a certain maximum amount to the overall load. By using the add command, the bandwidth required for the next added call may be included in the current measured rate. This allows the virtual scheduler to allocate sufficient bandwidth to the queue or policer so that when the call is made the scheduling algorithm does not need to run to increase the bandwidth.

A side effect of increasing the measured offered rate is that if the extra bandwidth is allocated by the virtual scheduler, the available bandwidth to lower priority queues or policers is diminished even though the extra allocated bandwidth may not be in use. If this is the case, the effect will be seen as an underrun in the aggregate output of the virtual scheduler.

If the add command is used with a percent-based value, the increase is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.

Except for the overall cap on the offered input into the virtual scheduler, the child’s administrative PIR has no effect on the calculated increase if an explicit rate is specified.

If the child’s administrative PIR is modified while a percent based add is in effect, the system automatically uses the new relative increase value the next time the child’s offered rate is determined.

When the add command is not specified or removed, the child’s offered rate used by the child’s virtual scheduler is not increased.

The no form of this command is used to remove an offered rate increase from all child policers and queues associated with the policy.

Parameters

percent-of-admin-pir

When the percent qualifier is used, this parameter specifies the percentage of the child’s administrative PIR that should be added to the child’s offered rate. The new offered rate result is capped by the child’s PIR. If a value of 0 or 0.00 is used, the system interprets this equivalent to no add.

Values

1.00 to 100.00

rate-in-kilobits-per-second

When the rate qualifier is used, this parameter specifies an explicit rate, in kb/s, that should be added to the child’s offered rate. The new offered rate result is capped by the child’s PIR. If a rate increase of 0 is specified, the system interprets this equivalent to no add.

Values

0 to 100,000,000

min-only

This optional parameter is used to reinterpret the increase as a minimum offered rate. When this option is enabled, the system uses the specified increase as a minimum offered rate even for inactive queues or policers associated with the policy.

active-min-only

When this optional parameter is specified, the respective rate or percentage is treated as the minimum offered rate for a queue only when the queue has an actual non-zero offered rate. This is intended to limit the artificial increase in offered rate to queues that are currently active. When a queue’s measured offered rate drops to zero, the system stops enforcing the minimum value.

Platforms

All

add-paths

add-paths

Syntax

[no] add-paths

Context

[Tree] (config>router>bgp>group>neighbor add-paths)

[Tree] (config>router>bgp add-paths)

[Tree] (config>router>bgp>group add-paths)

Full Context

configure router bgp group neighbor add-paths

configure router bgp add-paths

configure router bgp group add-paths

Description

This command allows the add-paths node to be the configured for one or more families of the BGP instance, a group or a neighbor. The BGP add-paths capability allows the router to send and/or receive multiple paths per prefix to/from a peer. The add-paths command without additional parameters is equivalent to removing Add-Paths support for all address families, which causes sessions that previously negotiated the add-paths capability for one or more address families to go down and come back up without the add-paths capability.

The no form of this command (no add-paths) removes add-paths from the configuration of BGP, the group or the neighbor, causing sessions established using add-paths to go down and come back up without the add-paths capability.

Default

no add-paths

Platforms

All

add-paths-send-limit

add-paths-send-limit

Syntax

add-paths-send-limit send-limit

no add-paths-send-limit

Context

[Tree] (config>router>policy-options>policy-statement>default-action add-paths-send-limit)

[Tree] (config>router>policy-options>policy-statement>entry add-paths-send-limit)

Full Context

configure router policy-options policy-statement default-action add-paths-send-limit

configure router policy-options policy-statement entry add-paths-send-limit

Description

This command sets the send-limit to a specific value for all routes matched by the policy entry or default action. Add-paths allows a BGP router to send multiple paths for the same NLRI/prefix to a peer advertising the add-paths receive capability. The send-limit dictates the maximum number of paths that can be advertised.

The default send-limit is controlled by the instance, group or neighbor level configuration and applies to all prefixes in a particular address family. Using route policies allows the default send-limit to be overridden to use a larger or smaller maximum value on a per-prefix basis. For example, if, for most prefixes advertised to a peer, at most 1 path should be advertised but for a few exceptional prefixes up to 4 paths should be advertised, then the neighbor-level send-limit can be set to a value of 1 and the add-paths-send-limit in the policy entry that matches the exceptional routes can be set to a value of 4.

Default

no add-paths-send-limit

Parameters

send-limit

Specifies the maximum number of paths to advertise for matched routes to an Add-Paths peer. If the value is multipaths, then BGP advertises all of the used BGP multipaths for each matched route that is the best path for its prefix (NLRI). Add paths can be advertised only if the peer has signaled support for receiving multiple add paths.

Values

1 to 16, none, multipaths

Platforms

All

add-srv6-tlvs

add-srv6-tlvs

Syntax

add-srv6-tlvs locator locator-name

add-srv6-tlvs micro-segment-locator ms-locator-name

no add-srv6-tlvs

Context

[Tree] (config>router>bgp>srv6>family add-srv6-tlvs)

Full Context

configure router bgp segment-routing-v6 family add-srv6-tlvs

Description

This command adds a prefix SID attribute containing an SRv6 TLV to routes belonging to the family that are redistributed from another protocol into BGP. This command also adds a prefix SID attribute with SRv6 TLV to BGP routes received from other peers without the SRv6 TLV and that are propagated to other peers with next-hop-self applied.

The no form of this command reverts to the default value which does not append the SRv6 TLV.

Default

no add-srv6-tlvs

Parameters

locator-name

Specifies an existing locator name, up to 64 characters.

ms-locator-name

Specifies a micro-segment locator name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

add-to-received-bgp

add-to-received-bgp

Syntax

add-to-received-bgp weight

no add-to-received-bgp

Context

[Tree] (config>service>vprn>bgp>group>neighbor>evpn-link-bandwidth add-to-received-bgp)

[Tree] (config>service>vprn>bgp>group>evpn-link-bandwidth add-to-received-bgp)

Full Context

configure service vprn bgp group neighbor evpn-link-bandwidth add-to-received-bgp

configure service vprn bgp group evpn-link-bandwidth add-to-received-bgp

Description

This command configures the weight value added to all BGP PE-CE routes for the purpose of weighted ECMP if EVPN-IFL and BGP PE-CE routes are combined into the same ECMP set.

For the load-balancing between EVPN-IFL and BGP PE-CE routes the configure service vprn bgp eibgp-loadbalance command must already be configured on the system.

The no form of this command disables the weight value added to all BGP PE-CE routes.

Default

no add-to-received-bgp

Parameters

weight

Specifies the weight value added to all BGP PE-CE routes.

Values

1 to 128

Platforms

All

add-to-received-ebgp

add-to-received-ebgp

Syntax

add-to-received-ebgp family [family]

no add-to-received-ebgp

Context

[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth add-to-received-ebgp)

[Tree] (config>service>vprn>bgp>group>link-bandwidth add-to-received-ebgp)

Full Context

configure service vprn bgp group neighbor link-bandwidth add-to-received-ebgp

configure service vprn bgp group link-bandwidth add-to-received-ebgp

Description

This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.

The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.

Up to three families may be configured.

The no form of this command removes the link-bandwidth extended community added to received BGP routes.

Default

no add-to-received-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

Platforms

All

add-to-received-ebgp

Syntax

add-to-received-ebgp family [family]

no add-to-received-ebgp

Context

[Tree] (config>router>bgp>group>neighbor>link-bandwidth add-to-received-ebgp)

[Tree] (config>router>bgp>group>link-bandwidth add-to-received-ebgp)

Full Context

configure router bgp group neighbor link-bandwidth add-to-received-ebgp

configure router bgp group link-bandwidth add-to-received-ebgp

Description

This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.

The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.

Up to six families may be configured.

The no form of this command removes the link-bandwidth extended community added to received BGP routes.

Default

no add-to-received-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

vpn-ipv4 — Adds a link-bandwidth extended community to IPv4 VPN (SAFI 128) routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

label-ipv6 — Adds a link-bandwidth extended community to labeled-unicast IPv6 routes.

vpn-ipv6 — Adds a link-bandwidth extended community to IPv6 VPN (SAFI 128) routes.

Platforms

All

add-tunnel

add-tunnel

Syntax

add-tunnel never

add-tunnel on reason [reason]

no add-tunnel

Context

[Tree] (config>service>vprn>l2tp>tunnel-selection-blacklist add-tunnel)

[Tree] (config>router>l2tp>tunnel-selection-blacklist add-tunnel)

Full Context

configure service vprn l2tp tunnel-selection-blacklist add-tunnel

configure router l2tp tunnel-selection-blacklist add-tunnel

Description

This command will force the tunnel to the denylist and render it unavailable for new sessions for the duration of preconfigured time. Peers are always forced to the denylist in case they time out (failure to receive response to control packets). In addition to time outs, certain events can be used to trigger placement of the tunnel on the denylist.

Default

add-tunnel never

Parameters

never

When specified, no tunnels will be placed on the denylist under any circumstance. This parameter will available to preserve backward compatibility.

reason

Specifies the return codes or events that determine which tunnels are added to the denylist. A maximum of eight reasons can be specified in a single statement.

Table 1. Return codes

Return code

Tunnels added to denylist

cdn-err-code

A tunnel is forced to the denylist if that CDN message with the Result Code 2 (Call disconnected for the reasons indicated in error code) is received.

cdn-inv-dest

A tunnel is forced to the denylist if that CDN message with the Result Codes 6 (Invalid destination) is received.

cdn-tmp-no-facilities

A tunnel is forced to the denylist if that CDN message with the Result Code 4 is received (Call failed due to lack of appropriate facilities being available - temporary condition) is received.

cdn-perm-no-facilities

A tunnel is forced to the denylist if that CDN message with the Result Codes 5 (Call failed due to lack of appropriate facilities being available - permanent condition) is received.

tx-cdn-not-established-in-time

A tunnel is forced to the denylist if that CDN message with the Result Code 10 (Call was not established within time allotted by LAC) is sent from the LAC to the LNS.

stop-ccn-err-code

A tunnel is forced to the denylist if that StopCCN message with the Result Code 2 (General error – Error Code indicates the problem) is sent or received.

stop-ccn-other

A tunnel is forced to the denylist if that StopCCN message with the following Result Codes is received:

(1) General request to clear control connection

(4) Requester is not authorized to establish a control channel

(5) Protocol version not supported

(6) Requester is being shutdown

Or in the case that the StopCCN with the following result codes is transmitted:

(4) Requester is not authorized to establish a control channel.

(5) Protocol version not supported

The receipt of the following Result Codes will never denylist a tunnel:

(0) Reserved

(3) Control channel already exist

(7) Finite state machine error

(8) Undefined

Transmission of the following Result Codes will never denylist a tunnel:

(1) General request to clear control connection

(3) Control channel already exist

(6) Requester is being shutdown

(7) Finite state machine error

addr-change-timeout

A timed-out tunnel for which the peer IP address has changed mid-session (from the one that is provided initially during configuration) is forced to the denylist. In absence of this configuration option, only the configured peer for the tunnel is, but not the tunnel itself which now has a different peer address than the one initially configured.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

address

address

Syntax

address gi-address [scope scope]

address ip-address[/prefix-length]

address pool pool-name [secondary-pool sec-pool-name] [delimiter delimiter]

address use-pool-from-client [delimiter delimiter]

no address

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host address)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host address)

Full Context

configure subscriber-mgmt local-user-db ppp host address

configure subscriber-mgmt local-user-db ipoe host address

Description

This command configures how the IP address is defined for this host.

When the user database is used from a local DHCP server, then this command defines how to define the IP address the server offers to the DHCP-client.

When the user-db is used for PPPoE authentication, the gi-address parameter cannot be used. A fixed IP address causes PPPoE to use this IP address. If no IP address is specified, the PPPoE looks for IP address by other means (DHCP). If a pool name is given, this pool is sent in the DHCP request so it can be used in by the DHCP server to determine which address to give to the host.

The no form of this command causes no IP address to be assigned to this host. In a user database referred to from a local DHCP server, creating a host without address information causes the matching client never to get an IP address.

The no form of this command reverts to the default.

Parameters

gi-address

When specified, the gi-address of the DHCP message is taken to look for a subnet in the local DHCP server. The first available free address of the subnet is taken and "offered” to the host. When local-user-db is used for PPPoE authentication, this has the same result as no address.

ip-address

Specifies the fixed IP address to use for this host.

Values

a.b.c.d

pool-name/sec-pool-name

Specifies the primary (and secondary) pool (in the local DHCP server), up to 32 characters, to look for an available address. The first available IP address from any subnet in the pool is used. When the local user database is used for PPPoE authentication, this causes the specified pool name to be sent to the DHCP server in a vendor-specific sub-option under Option 82.

use-pool-from-client

Use the pool-name in the Option 82 vendor-specific sub-option.

delimiter

Specifies a single ASCII character specifies the delimiter of separating primary and secondary pool names in option82 VSO.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

address

Syntax

address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]

no address ipv6-address/prefix-length

Context

[Tree] (config>service>vprn>if>ipv6 address)

[Tree] (config>service>ies>if>ipv6 address)

Full Context

configure service vprn interface ipv6 address

configure service ies interface ipv6 address

Description

This command assigns an IPv6 address/subnet to the interface.

Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

The no form of this command removes the IPv6 address from the interface.

Parameters

ipv6-address/prefix-length

Specifies the IPv6 address on the interface.

Values

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

eui-64

When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.

srrp-instance

Specifies the SRRP instance ID that this interface route needs to track.

Values

1 to 4294967295

cga-modifier

Specifies the modifier in 32 hexadecimal nibbles.

Values

0x0–0xFFFFFFFF

dad-disable

Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.

primary-preference

Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.

When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.

The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.

Values

1 to 4294967295

Platforms

All

address

Syntax

address ipv6-address/prefix-length [pd] [wan-host] [track-srrp srrp-instance] [holdup-time milli-seconds]

no address ipv6-address/prefix-length

Context

[Tree] (config>service>ies>sub-if>ipv6 address)

[Tree] (config>service>vprn>sub-if>ipv6 address)

Full Context

configure service ies subscriber-interface ipv6 address

configure service vprn subscriber-interface ipv6 address

Description

This command assigns an IPv6 address/subnet to the subscriber interface.

SRRP and an IPv6 Global Unicast Address on a subscriber interface are mutual exclusive:

  • track-srrp cannot be enabled on a subscriber interface ipv6 address

  • when an ipv6 address is configured on a subscriber interface, SRRP cannot be enabled on its group interfaces

The no form of this command removes the IPv6 address from the interface.

Parameters

ipv6-address

Specifies the 128-bit IPv6 address.

Values

128-bit hexadecimal IPv6 address in compressed form

prefix-length

Specifies the length of any associated aggregate prefix.

Values

32 to 127

pd

Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.

wan-host

Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.

srrp-instance

Specifies the SRRP instance number.

Values

1 to 4294967295

milli-seconds

Specifies the time to wait, in milli-seconds, for the route before it accepts the new state attribute. This timer is used to prevent fluctuations in route advertisement caused by short lived SRRP instabilities, in the case that such condition arises.

Values

100 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

address

Syntax

address ip-prefix/ip-prefix-length [peer-profile profile-name]

no address ip-prefix/ip-prefix-length

Context

[Tree] (config>service>vprn>gtp>uplink>peer-profile-map address)

[Tree] (config>service>vprn>gtp>s11>peer-profile-map address)

[Tree] (config>router>gtp>uplink>peer-profile-map address)

[Tree] (config>router>gtp>s11>peer-profile-map address)

Full Context

configure service vprn gtp uplink peer-profile-map address

configure service vprn gtp s11 peer-profile-map address

configure router gtp uplink peer-profile-map address

configure router gtp s11 peer-profile-map address

Description

This command configures a mapping of an IP address or subnet to a peer profile. If one peer profile is used for the entire router, it is possible to map the entire IPv4 subnet using 0.0.0.0/0.

If no match is found, the default or default S11 peer profile is used.

The no form of this command removes the peer profile mapping, affecting only the setup of new peers.

Parameters

ip-prefix/ip-prefix-length

Specifies the IP prefix and prefix length of the subnet.

Values

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

[0 to 32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

ipv6-prefix-le

[0 to 128]

profile-name

Specifies the GTP peer profile associated with the address prefix, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

address

Syntax

address [ip-address | ipv6-address]

no address

Context

[Tree] (config>aaa>diam>node>peer address)

Full Context

configure aaa diameter node peer address

Description

This command configures IPv4 or IPv6 address for a Diameter peer.

The no form of this command removes the IPv4 or IPv6 from the peer configuration.

Parameters

ip-address

Specifies the IPv4 address in the a.b.c.d form

ipv6-address

Specifies the IPv6 address in the form:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

where:

x - [0..FFFF]H

d - [0 to 255] D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

address

Syntax

address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] [track-srrp srrp-instance]

no address [ip-address/mask | ip-address netmask]

Context

[Tree] (config>service>vprn>nw-if address)

[Tree] (config>service>ies>if address)

[Tree] (config>service>vprn>if address)

Full Context

configure service vprn network-interface address

configure service ies interface address

configure service vprn interface address

Description

This command assigns an IP address, IP subnet, and broadcast address format to an IES IP router interface. Only one IP address can be associated with an IP interface. Use the secondary command to assign multiple addresses.

An IP address must be assigned to each IES or VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

Table 2. Address Admin and Operational States

Address

Admin State

Oper State

No address

up

down

No address

down

down

1.1.1.1

up

up

1.1.1.1

down

down

The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface are reinitialized.

The no form of this command removes the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.

Parameters

ip-address

Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

/

The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.

mask-length

Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.

Note:

A mask length of 32 is reserved for loopback addresses (includes system addresses).

Default

0 to 31

mask

The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254.

Note:

A mask of 255.255.255.255 is reserved for system IP addresses.

broadcast

Overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) is received by the IP interface.

Default

host-ones

all-ones

Specifies the broadcast address used by the IP interface for this IP address is 255.255.255.255, also known as the local broadcast.

host-ones

Specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

srrp-instance

Tracks the specified SRRP instance state on the IPv6 address.

Platforms

All

address

Syntax

address {ip-address/mask | ip-address netmask} [remote-ip ip-address]

no address

Context

[Tree] (config>service>vprn>red-if address)

Full Context

configure service vprn redundant-interface address

Description

This command assigns an IP address mask or netmask and a remote IP address to the interface.

The no form of this command removes the values from the configuration.

Parameters

ip-address/mask

Assigns an IP address/IP subnet format to the interface.

ip-address netmask

Assigns an IP address netmask to the interface. Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

remote-ip ip-address

Assigns a remote IP to the interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

address

Syntax

address ip-address/mask [netmask] [ gw-ip-address gw-ip-address] [populate-host-routes] [track-srrp srrp-instance] [holdup-time milli-seconds]

no address ip-address/mask [netmask]

Context

[Tree] (config>service>vprn>sub-if address)

[Tree] (config>service>ies>sub-if address)

Full Context

configure service vprn subscriber-interface address

configure service ies subscriber-interface address

Description

This command configures the subscriber interface address along with additional parameters related to multi-chassis redundancy.

The no form of this command reverts to the default.

Parameters

ip-address

The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

/

The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.

mask

T