c Commands

c-mcast-signaling

c-mcast-signaling

Syntax

c-mcast-signaling {bgp | pim}

no c-mcast-signaling

Context

[Tree] (config>service>vprn>mvpn c-mcast-signaling)

Full Context

configure service vprn mvpn c-mcast-signaling

Description

This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.

Changes may only be made to this command when the mvpn node is shutdown.

The no form of this command reverts it back to the default.

Default

c-mcast-signaling bgp

Parameters

bgp

Specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.

pim

Specifies to use PIM for PE-to-PE signaling of CE multicast states.

Platforms

All

ca-name

ca-name

Syntax

ca-name ca-name

no ca-name

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port ca-name)

Full Context

configure port ethernet dot1x macsec sub-port ca-name

Description

This command configures the Connectivity Association (CA) linked to this MACsec sub-port. The specified CA provides the MACsec parameter to be used or negotiated with other peers.

The no form of this command removes the CA from the MACsec sub-port.

Parameters

ca-name

Specifies the appropriate ca to be used under this MACsec sub-port, up to 32 characters.

Platforms

All

ca-profile

ca-profile

Syntax

[no] ca-profile name

Context

[Tree] (config>ipsec>cert-profile>entry>send-chain ca-profile)

Full Context

configure ipsec cert-profile entry send-chain ca-profile

Description

This command specifies a CA certificate in the specified ca-profile to be sent to the peer.

Multiple configurations (up to seven) of this command are allowed in the same entry.

Parameters

name

Specifies the profile name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ca-profile

Syntax

ca-profile name [create]

no ca-profile name

Context

[Tree] (config>system>security>pki ca-profile)

Full Context

configure system security pki ca-profile

Description

This command creates a new ca-profile or enters the configuration context of an existing ca-profile. Up to 128 ca-profiles can be created in the system. A shutdown of the ca-profile will not affect the current up and running ipsec-tunnel or ipsec-gw that is associated with the ca-profile. However, authentication afterwards will fail with a shutdown ca-profile.

Executing a no shutdown command in this context causes the system to reload the configured cert-file and crl-file.

A ca-profile can be applied under the ipsec-tunnel or ipsec-gw configuration.

The no form of this command removes the name parameter from the configuration. A ca-profile cannot be removed until all the associated entities (ipsec-tunnel/gw) have been removed.

Parameters

name

Specifies the name of the ca-profile up to 32 characters.

create

Keyword used to create a new ca-profile. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

ca-profile

Syntax

[no] ca-profile profile-name

Context

[Tree] (debug>certificate>cmpv2 ca-profile)

[Tree] (debug>certificate>ocsp ca-profile)

[Tree] (debug>certificate>auto-crl-update ca-profile)

Full Context

debug certificate cmpv2 ca-profile

debug certificate ocsp ca-profile

debug certificate auto-crl-update ca-profile

Description

This command debugs output of the specified CA profile.

  • Protection method of each message is logged.

  • All HTTP messages are logged. Format allows offline analysis using Wireshark.

  • In the event of failed transactions, saved certificates are not deleted from file system for further debug and analysis.

  • The system allows CMPv2 debugging for multiple ca-profile at the same time.

Parameters

profile-name

Specifies the name of the CA profile, up to 32 characters.

Platforms

All

ca-profile

Syntax

[no] ca-profile name

Context

[Tree] (config>system>security>tls>cert-profile>entry>send-chain ca-profile)

Full Context

configure system security tls cert-profile entry send-chain ca-profile

Description

This command enables a certificate authority (CA) certificate in the specified CA profile to be sent to the peer. Up to seven configurations of this command are permitted in the same entry.

The no form of the command disables the transmission of a CA certificate from the specified CA profile.

Parameters

name

Specifies the name of the certificate authority profile, up to 32 characters in length.

Platforms

All

cacert

cacert

Syntax

cacert est-profile name output output-cert-filename [force]

Context

[Tree] (admin>certificate>est cacert)

Full Context

admin certificate est cacert

Description

This command downloads a Certificate Authority (CA) certificate from an EST server specified by the EST profile. The downloaded certificate is imported and saved with the filename specified by the output-cert-filename.

Parameters

name

Specifies the EST profile name, up to 32 characters

output-cert-filename

Specifies the filename of the resulting CA certificate, up to 200 characters

force

Overwrites the existing file with same filename

Platforms

All

cache

cache

Syntax

cache [create]

no cache

Context

[Tree] (config>python>py-policy cache)

Full Context

configure python python-policy cache

Description

Commands in this context configure the limits of the caching API inside the Python scripts.

The no form of this command removes the configured cache parameters from the configuration.

Parameters

create

This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

All

cache

Syntax

cache

Context

[Tree] (config>service>vprn>radius-proxy>server cache)

[Tree] (config>router>radius-proxy>server cache)

Full Context

configure service vprn radius-proxy server cache

configure router radius-proxy server cache

Description

Commands in this context configure the cache under radius-proxy server. The cache contains per-subscriber authentication information learned from RADIUS authentication messages, and is used to authorize subsequent DHCP requests.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cache-reset

cache-reset

Syntax

[no] cache-reset

Context

[Tree] (debug>router>rpki-session>packet cache-reset)

Full Context

debug router rpki-session packet cache-reset

Description

This command enables debugging for cache reset RPKI packets.

The no form of this command disables debugging for cache reset RPKI packets.

Platforms

All

cache-response

cache-response

Syntax

[no] cache-response

Context

[Tree] (debug>router>rpki-session>packet cache-response)

Full Context

debug router rpki-session packet cache-response

Description

This command enables debugging for cache response RPKI packets.

The no form of this command disables debugging for cache response RPKI packets.

Platforms

All

cache-size

cache-size

Syntax

cache-size num-entries

no cache-size

Context

[Tree] (config>cflowd cache-size)

Full Context

configure cflowd cache-size

Description

This command specifies the maximum number of active flows to maintain in the flow cache table.

The no form of this command resets the number of active entries back to the default value.

Default

cache-size 65536

Parameters

num-entries

Specifies the maximum number of entries maintained in the cflowd cache. The number depends on the CPM version.

Values

For the 7450 ESS and 7750 SR (cfm-xp, SF/CPM3):

1000 to 250000

For the 7450 ESS and 7750 SR (CPM4 or CPM5):

1000 to 1000000

For the 7950 XRS:

1000 to 1500000

Default

For the 7450 ESS and 7750 SR:

65536 (64K)

For the 7950 XRS:

500000

Platforms

All

cak

cak

Syntax

cak hex-string [hash | hash2 | custom]

no cak

Context

[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key cak)

Full Context

configure macsec connectivity-association static-cak pre-shared-key cak

Description

Specifies the connectivity association key (CAK) for a pre-shared key. Two values are derived from CAK.

  • Key Encryption Key (KEK), this is used to encrypt the MKA and SAK (symmetric key used for data path PDUs) to be distributed between all members.

  • Integrity Check Value (ICK), this is used to authenticate the MKA and SAK PDUs to be distributed between all members.

The no form of this command removes the value.

Parameters

hex-string

Specifies the value of the CAK.

Values

up to 64 hexadecimal characters, 32 hexadecimal characters for 128-bit key and 64 hexadecimal characters for 256-bit key

hash

Keyword, specifying the hash scheme.

hash2

Keyword, specifying the hash scheme.

custom

Specifies the custom encryption for management interface.

Platforms

All

calculate-counts

calculate-counts

Syntax

[no] calculate-counts

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query calculate-counts)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query calculate-counts

Description

This command specifies whether or not to count the number of tunnels matching the specified criteria.

Note:

Do not enable this command if the expected number of tunnels is large.

Default

no calculate-counts

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

call-trace

call-trace

Syntax

call-trace

Context

[Tree] (config call-trace)

Full Context

configure call-trace

Description

Commands in this context configure parameters related to the call trace debugging tool.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

call-trace

Syntax

call-trace

Context

[Tree] (debug call-trace)

Full Context

debug call-trace

Description

Commands in this context set up various call trace debug sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute called-station-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute called-station-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute called-station-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute called-station-id

Description

This command includes called station ID attributes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp called-station-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp called-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp called-station-id

configure subscriber-mgmt diameter-application-policy gx include-avp called-station-id

Description

This command includes called station ID attributes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

called-station-id [called-station-id]

no called-station-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>include-avp called-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp called-station-id

Description

This command configures the value of the called station ID AVP.

The no form of this command returns the command to the default setting.

Parameters

called-station-id

Specifies the called station ID, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>ipsec>rad-acct-plcy>include called-station-id)

[Tree] (config>ipsec>rad-auth-plcy>include called-station-id)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute called-station-id

configure ipsec radius-authentication-policy include-radius-attribute called-station-id

Description

This command includes called station ID attributes.

The no form of this command excludes called station ID attributes.

Default

no called-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes called-station-id)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes called-station-id)

Full Context

configure aaa isa-radius-policy auth-include-attributes called-station-id

configure aaa isa-radius-policy acct-include-attributes called-station-id

Description

This command includes called station id attributes.

The no form of the command excludes called station id attributes.

Default

no called-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

calling-number-format

calling-number-format

Syntax

calling-number-format ascii-spec

no calling-number-format

Context

[Tree] (config>service>vprn>l2tp calling-number-format)

[Tree] (config>router>l2tp calling-number-format)

Full Context

configure service vprn l2tp calling-number-format

configure router l2tp calling-number-format

Description

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Default

calling-number-format "%S %s"

Parameters

ascii-spec

Specifies the L2TP calling number AVP.

Values

char-specification ascii-spec

char-specification

ascii-char | char-origin

ascii-char

a printable ASCII character

char-origin

%origin

origin

S | c | r | s | l

S

system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName

c

Agent Circuit Id

r

Agent Remote Id

s

SAP ID, formatted as a character string

l

Logical Line ID

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

calling-station-id

Syntax

[no] calling-station-id

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute calling-station-id)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

[no] calling-station-id

Context

[Tree] (config>ipsec>rad-auth-plcy>include calling-station-id)

[Tree] (config>ipsec>rad-acct-plcy>include calling-station-id)

Full Context

configure ipsec radius-authentication-policy include-radius-attribute calling-station-id

configure ipsec radius-accounting-policy include-radius-attribute calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

calling-station-id

calling-station-id {llid | mac | remote-id | sap-id | sap-string}

no calling-station-id

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute calling-station-id)

[Tree] (config>service>vpls>sap calling-station-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute calling-station-id)

[Tree] (config>service>vprn>if>sap calling-station-id)

[Tree] (config>service>ies>sub-if>grp-if>sap calling-station-id)

[Tree] (config>service>ies>if>sap calling-station-id)

[Tree] (config>service>vprn>sub-if>grp-if>sap calling-station-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute calling-station-id

configure service vpls sap calling-station-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute calling-station-id

configure service vprn interface sap calling-station-id

configure service ies subscriber-interface group-interface sap calling-station-id

configure service ies interface sap calling-station-id

configure service vprn subscriber-interface group-interface sap calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

The no form of this command reverts to the default.

Default

calling-station-id sap-string

Parameters

llid

Specifies that the logical link identifier (LLID) is mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-server.

mac

Specifies that the MAC address is sent.

remote-id

Specifies that the remote ID is sent.

sap-id

Specifies that the SAP ID is sent.

sap-string

Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

calling-station-id [type {llid | mac | remote-id | sap-id | sap-string}]

no calling-station-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp calling-station-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp calling-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp calling-station-id

configure subscriber-mgmt diameter-application-policy nasreq include-avp calling-station-id

Description

This command includes the calling-station-id AVP in the specified format.

The no form of this command reverts to the default.

Parameters

type

Specifies the format of the Calling-Station-ID AVP.

Values

llid — The logical link identifier (LLID) is the mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-serv

mac — Specifies that the MAC address is sent.

remote-id — Specifies that the remote ID is sent

sap-id — Specifies that the sap-id is sent

sap-string — Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

[no] calling-station-id

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes calling-station-id)

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes calling-station-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes calling-station-id

configure aaa isa-radius-policy auth-include-attributes calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cancel-commit

cancel-commit

Syntax

[no] cancel-commit

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization cancel-commit)

Full Context

configure system security profile netconf base-op-authorization cancel-commit

Description

This command enables the NETCONF cancel-commit operation.

The no form of this command disables the operation.

Default

no cancel-commit

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

candidate

candidate

Syntax

candidate

Context

[Tree] ( candidate)

Full Context

candidate

Description

Commands in this context edit candidate configurations.

Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.

Platforms

All

candidate

Syntax

[no] candidate

Context

[Tree] (config>system>netconf>capabilities candidate)

Full Context

configure system netconf capabilities candidate

Description

This command allows the SR OS NETCONF server to access the candidate configuration datastore. Configuring this command also enables using commit and discard-changes.

When configure system management-interface configuration-mode is set to classic, the candidate capability is disabled, even if this command is configured.

The no form of the command disables the SR OS NETCONF server from accessing the candidate datastore. If the candidate is disabled, requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session, the candidate capability is not advertised in the SR OS NETCONF Hello message.

Default

candidate

Platforms

All

cannot-change-password

cannot-change-password

Syntax

[no] cannot-change-password

Context

[Tree] (config>system>security>user>console cannot-change-password)

Full Context

configure system security user console cannot-change-password

Description

This command allows a user the privilege to change their password for both FTP and console login.

To disable a user’s privilege to change their password, use the cannot-change-password form of this command.

Note:

The cannot-change-password flag is not replicated when a user copy is performed. A new-password-at-login flag is created instead.

Default

no cannot-change-password

Platforms

All

capacity-cost

capacity-cost

Syntax

capacity-cost cost

no capacity-cost

Context

[Tree] (config>app-assure>group>policy>app-profile capacity-cost)

Full Context

configure application-assurance group policy app-profile capacity-cost

Description

This command configures an application profile capacity cost. Capacity-Cost based load balancing allows a cost to be assigned to diverted SAPs (with the app-profile) and this is then used for load-balancing SAPs between ISAs as well as for a threshold that notifies the operator if/when capacity planning has been exceeded.

Default

capacity-cost 1

Parameters

cost

Specifies the profile capacity cost.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

captive-redirect

captive-redirect

Syntax

captive-redirect

Context

[Tree] (config>app-assure>group>http-redirect captive-redirect)

Full Context

configure application-assurance group http-redirect captive-redirect

Description

This command configures the captive redirect capability for an HTTP redirect policy. HTTP redirect policies using captive redirect can be used in conjunction with a session filter policy and will terminate TCP flows in the ISA-AA card before reaching the Internet to redirect subscribers to the predefined redirect URL. Non-HTTP TCP flows are TCP reset. Captive redirect uses the provisioned VLAN id to send the HTTP response to subscribers; therefore this VLAN id must be properly assigned in the same VPN as the subscriber. The operator can select the URL arguments to include in the redirect URL using either a specific template id or by configuring the redirect URL using one of the supported macro substitution keywords.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

capture

capture

Syntax

capture [{start | stop}]

Context

[Tree] (debug>pcap capture)

Full Context

debug pcap capture

Description

This command starts and stops the packet capture process for the specified session-name.

Parameters

start

Starts the packet capture process and also start or restarts the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each). If the same file name is unchanged in the config>mirror>mirror-dest>pcap context between captures, this command overwrites the file content.

stop

Stops the packet capture process and also stops the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each).

Platforms

All

capture-sap

capture-sap

Syntax

capture-sap sap-id [encap-val qtag[.qtag]] [mode mode]

no capture-sap sap-id

Context

[Tree] (debug>dynsvc>data-triggers capture-sap)

Full Context

debug dynamic-services data-triggers capture-sap

Description

This command enables or disables the generation of dynamic services data trigger debug events, such as:

  • data trigger received

  • authentication

  • data trigger SAP created

  • dynamic service SAP created

  • dropped data trigger with drop reason such as data trigger exists or lockout active.

Multiple capture SAPs can be specified simultaneously.

Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.

Optionally, the debug output can be restricted to dropped data trigger events only.

Parameters

sap-id

Specifies the dynamic services data trigger capture SAP for which debug events should be logged.

encap-val qtag[.qtag]

Optionally restrict the debug output to data trigger events with the specified encapsulation.

Values

1 to 4094

mode

Optionally restrict the debug output to specific events.

Values

all—log all data trigger events

dropped-only—log only dropped data trigger events

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

card

card

Syntax

[no] card slot-number

Context

[Tree] (config card)

Full Context

configure card

Description

This mandatory command enables access to the chassis and context. In SR OS cards cover IOM, IMM, and XCM.

The no form of this command removes the card from the configuration. All associated ports, services, and MDAs must be shutdown.

Default

no card

Parameters

slot-number

Specifies the slot number of the card in the chassis. The maximum slot number is platform dependent. Refer to the hardware installation guides.

Values

1 to 10

Platforms

All

card-type

card-type

Syntax

card-type card-type [level card-level]

no card-type

Context

[Tree] (config>card card-type)

Full Context

configure card card-type

Description

This mandatory command adds an IOM/XCM to the device configuration for the slot. The card type can be preprovisioned, meaning that the card does not need to be installed in the chassis.

A card must be provisioned before an MDA, connector, or port can be configured.

A card can only be provisioned in a slot that is vacant, meaning no other card can be provisioned (configured) for that particular slot. To reconfigure a slot position, use the no form of this command to remove the current information.

A card can only be provisioned in a slot if the card type is allowed in the slot. An error message is generated if an attempt is made to provision a card type that is not allowed.

If a card is inserted that does not match the configured card type for the slot, then a log event and facility alarm is raised. The alarm is cleared when the correct card type is installed or the configuration is modified.

A log event and facility alarm are is raised if an administratively enabled card is removed from the chassis. The alarm is cleared when the correct card type is installed or the configuration is modified. A log event is issued when a card is removed that is administratively disabled.

Because IMMs do not have the capability to install separate MDAs, the configuration of the MDA is automatic. This configuration only includes the default parameters such as default buffer policies. Commands to manage the MDA such as shutdown and so on, remain in the MDA configuration context.

Some card hardware can support two different firmware loads. One load includes the base Ethernet functionality, including 10G WAN mode, but does not include 1588 port-based timestamping. The second load includes the base Ethernet functionality and 1588 port-based timestamping, but does not include 10G WAN mode. These are identified as two card types that are the same, except for a "-ptp” suffix to indicate the second loadset; for example, imm40-10gb-sfp and imm40-10gb-sfp-ptp. A hard reset of the card occurs when switching between the two provisioned types.

An appropriate alarm is raised if a partial or complete card failure is detected. The alarm is cleared when the error condition ceases.

New generations of cards include variants controlled by hardware and software licensing. For these cards, the license level must be provisioned in addition to the card type. A card can not become operational unless the provisioned license level matches the license level of the card installed into the slot. The set of license levels varies by card type.

The provisioned level controls aspects related to connector provisioning and the consumption of hardware egress queues and egress policers. Changes to the provisioned license level may be blocked if configuration exists that would not be permitted with the new target license level.

If the license level is not specified, the level is set to the highest license level for that card.

The no form of this command removes the card from the configuration.

Default

no card-type

Parameters

card-type

Specifies the type of card to be configured and installed in that slot. Values for this attribute vary by platform and release. The release notes include a listing of all supported card-types and their CLI strings. In addition, the command can be queried to check which card-types are relevant for the active platform type. Some examples include iom4-e-b and imm-2pac-fp3.

card-level

Specifies the license level of the card, up to 32 characters. Possible values vary by card type.

Platforms

All

carrier-carrier-vpn

carrier-carrier-vpn

Syntax

[no] carrier-carrier-vpn

Context

[Tree] (config>service>vprn carrier-carrier-vpn)

Full Context

configure service vprn carrier-carrier-vpn

Description

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of this command removes the Carrier Supporting Carrier capability from a VPRN.

Default

no carrier-carrier-vpn

Platforms

All

category

category

Syntax

category category-name [create]

no category category-name

Context

[Tree] (config>subscr-mgmt>cat-map category)

Full Context

configure subscriber-mgmt category-map category

Description

Commands in this context configure RADIUS credit control, Diameter credit control (Gy), Diameter Gx Usage Monitoring, or Idle-Timeout.

Up to sixteen categories can be configured per category map. The internal category for Gx session level Usage Monitoring is included in this limit. The instantiation of the internal category is controlled with the gx-session-level-usage command.

Parameters

category-name

Specifies the category name, up to 32 characters.

create

Keyword used to create a category instance. The create keyword can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category

Syntax

category category-name [create]

no category category-name

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map category)

Full Context

configure subscriber-mgmt sla-profile category-map category

Description

This command defines the category in the category map to be used for the idle timeout monitoring of subscriber hosts.

The no form of this command reverts to the default.

Parameters

category-name

Specifies the name, up to 32 characters, of the category where the queues and policers are defined for idle timeout monitoring of subscriber hosts.

create

Keyword used to create a category instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category

Syntax

category category block

no category category

Context

[Tree] (config>app-assure>group>url-filter>web-service>profile category)

Full Context

configure application-assurance group url-filter web-service profile category

Description

This command configures the category that will be blocked in the category profile.

The no form of this command removes the category blocking configuration.

Parameters

category

Specifies the URL category name for the configured web service, up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

category-map

category-map

Syntax

category-map category-map-name [create]

no category-map category-map-name

Context

[Tree] (config>subscr-mgmt category-map)

Full Context

configure subscriber-mgmt category-map

Description

This command specifies the category map name.

The no form of this command reverts to the default.

Parameters

category-map-name

Specifies the category map name, up to 32 characters.

create

Keyword used to create a category map instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category-map

Syntax

category-map category-map-name

no category-map

Context

[Tree] (config>subscr-mgmt>sla-prof category-map)

Full Context

configure subscriber-mgmt sla-profile category-map

Description

This command references the category-map to be used for the idle-timeout monitoring of subscriber hosts associated with this sla-profile. The category-map must already exist in the config>subscr-mgmt context.

The no form of this command reverts to the default.

Parameters

category-map-name

Specifies the name of the category map, up to 32 characters, where the activity-threshold and the category is defined for idle-timeout monitoring of subscriber hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category-map-name

category-map-name

Syntax

category-map-name category-map-name [create]

no category-map-name category-map-name

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings category-map-name)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings category-map-name)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings category-map-name

configure subscriber-mgmt local-user-db ppp host identification-strings category-map-name

Description

This command specifies the category map name.

The no form of this command removes the category map name from the configuration.

Parameters

category-map-name

Specifies an existing category map name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cbs

cbs

Syntax

cbs percent-of-resv-cbs

no cbs

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths>primary-paths>queue-parameters cbs)

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths>secondary-paths>queue-parameters cbs)

Full Context

configure mcast-management bandwidth-policy t2-paths primary-paths queue-parameters cbs

configure mcast-management bandwidth-policy t2-paths secondary-paths queue-parameters cbs

Description

This command overrides the default Committed Buffer Size (CBS) for each individual path’s queue. The queues CBS threshold is used when requesting buffers from the systems ingress buffer pool to indicate whether the requested buffer should be removed from the reserved portion of the buffer pool or the shared portion. When the queue’s fill depth is below or equal to the CBS threshold, the requested buffer comes from the reserved portion. Once the queues depth exceeds the CBS threshold, buffers come from the shared portion.

The cbs percent-of-resv-cbs parameter is defined as a percentage of the reserved portion of the pool. The system allows the sum of all CBS values to equal more than 100% allowing for oversubscription of the reserved portion of the pool. If the reserved portion is oversubscribed and the queues are currently using more reserved space than provisioned in the pool, the pool automatically starts using the shared portion of the pool for within-CBS buffer allocation. The shared early detection slopes can assume more buffers that exist within the shared portion that may cause the early detection function to fail.

For the primary-path and secondary-path queues, the percentage is applied to a single queue for each path.

The no form of this command restores the path queues default CBS value.

Parameters

percent-of-resv-cbs

Specifies the percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 MB is the total buffers in the buffer pool, a value of 10 would reserve 1MB (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Default

Primary:

5

Secondary:

30

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>queue cbs)

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>queue cbs)

Full Context

configure subscriber-mgmt sla-profile egress qos queue cbs

configure subscriber-mgmt sla-profile ingress qos queue cbs

Description

This command can be used to override specific attributes of the specified queue's CBS parameters. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queues’ CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

The no form of this command returns the CBS size to the size as configured in the QoS policy.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576, default

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs size [bytes | kilobytes]

no cbs

Context

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer cbs)

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer cbs)

Full Context

configure subscriber-mgmt sla-profile ingress qos policer cbs

configure subscriber-mgmt sla-profile egress qos policer cbs

Description

This command is used to configure the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

Parameters

size

Specifies the size parameter and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456

bytes

Specifies the size parameter the size parameter in bytes. When bytes is defined, the value given for size is interpreted as the queue’s MBS value given in bytes.

kilobytes

Specifies the size parameter in kilobytes. When kilobytes is defined, the value is interpreted as the queue’s MBS value given in kilobytes.

Default

kilobyte

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue cbs)

[Tree] (config>service>vpls>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>vpls>sap>egress>queue-override>queue cbs)

Full Context

configure service ies interface sap ingress queue-override queue cbs

configure service ies interface sap egress queue-override queue cbs

configure service vpls sap ingress queue-override queue cbs

configure service vpls sap egress queue-override queue cbs

Description

This command overrides specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.

The no form of this command returns the CBS size to the default value.

Parameters

size-in-kbytes

Specifies the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576, default

Platforms

All

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue cbs)

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue cbs)

Full Context

configure service vprn interface sap egress queue-override queue cbs

configure service vprn interface sap ingress queue-override queue cbs

Description

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error occurs, preventing the CBS change.

The no form of this command returns the CBS to the default value.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. For a value of 10 kbytes, enter the number 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimum reserved size can be applied for scheduling purposes).

Values

0 to 131072 or default

Platforms

All

cbs

Syntax

cbs burst-size

no cbs

Context

[Tree] (config>subscr-mgmt>isa-policer cbs)

Full Context

configure subscriber-mgmt isa-policer cbs

Description

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

Default

cbs 0

Parameters

burst-size

Specifies the committed burst-size in kbytes.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs {size [bytes | kilobytes] | default}

no cbs

Context

[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr cbs)

[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr cbs)

Full Context

configure card fp ingress access queue-group policer-override policer cbs

configure card fp ingress network queue-group policer-override policer cbs

Description

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer’s defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

Parameters

size

Specifies that the size parameter is required when specifying cbs and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional bytes and kilobytes keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456

bytes

When bytes is defined, the value given for size is interpreted as the queue’s CBS value given in bytes.

kilobytes

When kilobytes is defined, the value is interpreted as the queue’s CBS value given in kilobytes.

Default

kilobyte

default

Specifying the keyword default sets the CBS to its default value.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>port>ethernet>network>egr>qover>q cbs)

[Tree] (config>port>ethernet>access>ing>qgrp>qover>q cbs)

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q cbs)

Full Context

configure port ethernet network egress queue-overrides queue cbs

configure port ethernet access ingress queue-group queue-overrides queue cbs

configure port ethernet access egress queue-group queue-overrides queue cbs

Description

This command defines the default committed buffer size for the template queue. Overall, the CBS command follows the same behavior and provisioning characteristics as the CBS command in the queue-group or network QoS policy. The exception is the addition of the cbs-value qualifier keywords bytes or kilobytes.

The no form of this command restores the default CBS size to the template queue.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576 or default

Platforms

All

cbs

Syntax

cbs size [bytes | kilobytes]

no cbs

Context

[Tree] (config>service>cpipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>epipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>ipipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>epipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr cbs)

Full Context

configure service cpipe sap egress policer-override policer cbs

configure service epipe sap ingress policer-override policer cbs

configure service ipipe sap egress policer-override policer cbs

configure service cpipe sap ingress policer-override policer cbs

configure service epipe sap egress policer-override policer cbs

configure service ipipe sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

The size parameter is required when specifying cbs override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

bytes

When bytes is defined, the value given for size is interpreted as the policer’s MBS value in bytes.

kilobytes

When kilobytes is defined, the value given for size is interpreted as the policer’s MBS value in kilobytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress policer-override policer cbs
  • configure service cpipe sap ingress policer-override policer cbs

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap egress policer-override policer cbs
  • configure service epipe sap egress policer-override policer cbs
  • configure service ipipe sap ingress policer-override policer cbs
  • configure service epipe sap ingress policer-override policer cbs

cbs

Syntax

cbs {size-in-kbytes | default}

no cbs

Context

[Tree] (config>service>epipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>cpipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>epipe>sap>egress>queue-override>queue cbs)

Full Context

configure service epipe sap ingress queue-override queue cbs

configure service cpipe sap egress queue-override queue cbs

configure service cpipe sap ingress queue-override queue cbs

configure service ipipe sap egress queue-override queue cbs

configure service ipipe sap ingress queue-override queue cbs

configure service epipe sap egress queue-override queue cbs

Description

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly to drop packets.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is wanted, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 131072, default

Platforms

All

  • configure service epipe sap ingress queue-override queue cbs
  • configure service epipe sap egress queue-override queue cbs
  • configure service ipipe sap ingress queue-override queue cbs
  • configure service ipipe sap egress queue-override queue cbs

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress queue-override queue cbs
  • configure service cpipe sap ingress queue-override queue cbs

cbs

Syntax

cbs size [{bytes | kilobytes}]

no cbs

Context

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr cbs)

[Tree] (config>service>vpls>sap>egress>policer-override>plcr cbs)

Full Context

configure service vpls sap ingress policer-override policer cbs

configure service vpls sap egress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs size [{bytes | kilobytes}]

no cbs

Context

[Tree] (config>service>ies>if>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>ies>if>sap>ingress>policer-over>plcr cbs)

Full Context

configure service ies interface sap egress policer-override policer cbs

configure service ies interface sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs size [{bytes | kilobytes}]

no cbs

Context

[Tree] (config>service>vprn>if>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>vprn>if>sap>ingress>policer-over>plcr cbs)

Full Context

configure service vprn interface sap egress policer-override policer cbs

configure service vprn interface sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs congested-cbs

no cbs

Context

[Tree] (config>app-assure>group>policer>congestion-override cbs)

[Tree] (config>app-assure>group>policer>congestion-override-stage2 cbs)

Full Context

configure application-assurance group policer congestion-override cbs

configure application-assurance group policer congestion-override-stage2 cbs

Description

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the congested CBS value from the configuration

Parameters

congested-cbs

Specifies the committed burst size, in kbytes, when the access-network-level, which the subscriber belongs to, is in a congested state.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs committed-burst-size

no cbs

Context

[Tree] (config>app-assure>group>tod-override cbs)

[Tree] (config>app-assure>group>policer cbs)

Full Context

configure application-assurance group tod-override cbs

configure application-assurance group policer cbs

Description

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the committed burst size from the configuration.

Parameters

committed-burst-size

Specifies an integer value defining size, in kbytes, for the CBS of the policer.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs size [bytes | kilobytes]

no cbs

Context

[Tree] (config>qos>sap-egress>policer cbs)

[Tree] (config>qos>sap-ingress>policer cbs)

[Tree] (config>qos>sap-ingress>dyn-policer cbs)

[Tree] (config>qos>sap-egress>dyn-policer cbs)

Full Context

configure qos sap-egress policer cbs

configure qos sap-ingress policer cbs

configure qos sap-ingress dynamic-policer cbs

configure qos sap-egress dynamic-policer cbs

Description

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

By default, the CBS is 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

Parameters

size [bytes | kilobytes]

Specifies an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos sap-egress policer cbs
  • configure qos sap-ingress policer cbs

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure qos sap-ingress dynamic-policer cbs
  • configure qos sap-egress dynamic-policer cbs

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>qos>sap-ingress>queue cbs)

[Tree] (config>qos>sap-egress>queue cbs)

Full Context

configure qos sap-ingress queue cbs

configure qos sap-egress queue cbs

Description

This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potentially large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.

If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.

The no form of this command returns the CBS size to the default value.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes) The CBS maximum value used is constrained by the pool size in which the queue exists.

Values

0 to 1048576 or default

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR, or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Platforms

All

cbs

Syntax

cbs percent

no cbs

Context

[Tree] (config>qos>network-queue>queue cbs)

Full Context

configure qos network-queue queue cbs

Description

The Committed Burst Size (cbs) command specifies the relative number of reserved buffers for a specific ingress network FP forwarding class queue or egress network port forwarding class queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the number of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool. Access to this shared pool space is controlled through Random Early Detection (RED) slope application.

Two RED slopes are maintained in each buffer pool. A high-priority slope is used by in-profile packets. A low-priority slope is used by out-of-profile packets. At egress, there are two additional RED slopes maintained in each buffer pool: the highplus slope is used by inplus-profile packets, and the exceed slope is used by exceed-profile packets. All network control and management packets are considered in-profile. Assured packets are handled by their in-profile and out-of-profile markings. All best-effort packets are considered out-of-profile. Premium queues should be configured such that the CBS percent is sufficient to prevent shared buffering of packets. This is generally taken care of by the CIR scheduling of premium queues and the overall small amount of traffic on the class. Premium queues in a properly designed system will drain before all others, limiting their buffer utilization.

The RED slopes will detect congestion conditions and work to discard packets and slow down random TCP session flows through the queue. The RED slope definitions can be defined, modified, or disabled through the slope policy assigned to the FP for the network ingress buffer pool or assigned to the network port for network egress buffer pools.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue to be unused and should be avoided.

The no form of this command returns the CBS size for the queue to the default for the forwarding class.

Default

The cbs forwarding class defaults are listed in the CBS Forwarding Class Defaults.

Table 1. CBS Forwarding Class Defaults

Forwarding Class

Forwarding Class Label

Default CBS

Network-Control

nc

3

High-1

h1

3

Expedited

ef

1

High-2

h2

1

Low-1

l1

3

Assured

af

1

Low-2

l2

3

Best-Effort

be

1

Parameters

percent

The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 Mbytes is the total buffer space in the buffer pool, a value of 10 would reserve 1 Mbyte (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Platforms

All

cbs

Syntax

cbs {size-in-kbytes | default}

no cbs

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer cbs)

[Tree] (config>qos>qgrps>ing>qgrp>policer cbs)

Full Context

configure qos queue-group-templates egress queue-group policer cbs

configure qos queue-group-templates ingress queue-group policer cbs

Description

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

Default

default

Parameters

size-in-kbytes

For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.

Values

0 to 2683435456, default

Minimum default value: 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs {size-in-kbytes | default}

no cbs

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue cbs)

[Tree] (config>qos>qgrps>ing>qgrp>queue cbs)

Full Context

configure qos queue-group-templates egress queue-group queue cbs

configure qos queue-group-templates ingress queue-group queue cbs

Description

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

Default

default

Parameters

size-in-kbytes

For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.

Values

0 to 1048576 or default

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Platforms

All

cbs

Syntax

cbs percent

no cbs

Context

[Tree] (config>qos>shared-queue>queue cbs)

Full Context

configure qos shared-queue queue cbs

Description

The Committed Burst Size (cbs) command specifies the relative amount of reserved buffers for a specific ingress shared queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the amount of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue being unused and should be avoided.

Default

The queue CBS defaults are listed in Queue CBS Default Values.

Table 2. Queue CBS Default Values

Queue

Default CBS

1

1

2

3

3

10

4

3

5

10

6

10

7

3

8

3

9

1

10

1

11

1

12

1

13

1

14

1

15

1

16

1

Parameters

percent

The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Platforms

All

cbs

Syntax

cbs cbs

no cbs

Context

[Tree] (config>sys>security>cpm-queue>queue cbs)

Full Context

configure system security cpm-queue queue cbs

Description

This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the queue’s buffer pool.

Parameters

cbs

Specifies the committed burst size in kbytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cc-error

cc-error

Syntax

[no] cc-error

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms cc-error)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms cc-error)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms cc-error)

Full Context

configure mcast-management multicast-info-policy bundle video analyzer alarms cc-error

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms cc-error

configure mcast-management multicast-info-policy bundle channel video analyzer alarms cc-error

Description

This command configures the analyzer to check the continuity counter. The continuity counter should be incremented per PID; otherwise, it is considered a continuity counter error.

Default

no cc-error

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

ccm-enable

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-enable)

Full Context

configure eth-tunnel path eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-enable)

[Tree] (config>lag>eth-cfm>mep ccm-enable)

Full Context

configure port ethernet eth-cfm mep ccm-enable

configure lag eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-enable)

Full Context

configure service epipe sap eth-cfm mep ccm-enable

configure service epipe spoke-sdp eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>vpls>eth-cfm>mep ccm-enable)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>vpls>mesh-sdp>mep ccm-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-enable)

Full Context

configure service vpls eth-cfm mep ccm-enable

configure service vpls spoke-sdp eth-cfm mep ccm-enable

configure service vpls mesh-sdp mep ccm-enable

configure service vpls sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-enable)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable

configure service ies interface spoke-sdp eth-cfm mep ccm-enable

configure service ies interface sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep ccm-enable
  • configure service ies interface spoke-sdp eth-cfm mep ccm-enable

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-enable)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-enable)

Full Context

configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable

configure service vprn interface sap eth-cfm mep ccm-enable

configure service vprn interface spoke-sdp eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep ccm-enable
  • configure service vprn interface spoke-sdp eth-cfm mep ccm-enable

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>router>if>eth-cfm>mep ccm-enable)

Full Context

configure router interface eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-enable)

Full Context

configure eth-ring path eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of the command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-hold-time

ccm-hold-time

Syntax

ccm-hold-time {down down-timeout] [up up-timeout}

no ccm-hold-time

Context

[Tree] (config>eth-tunnel ccm-hold-time)

Full Context

configure eth-tunnel ccm-hold-time

Description

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP will remain in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay

Parameters

down down-timeout

Specifies the time, in centiseconds, used for the hold-timer for associated Continuity Check (CC) Session down event dampening. This guards against reporting excessive member operational state transitions.

This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.

Values

0 to 1000

Default

0

up up-timeout

Specifies the time, in deciseconds, used for the hold-timer for associated Continuity Check (CC) Session up event dampening. This guards against reporting excessive member operational state transitions.

This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.

Values

0 to 5000

Default

20

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-hold-time

Syntax

ccm-hold-time down timer

no ccm-hold-time

Context

[Tree] (config>eth-cfm>domain>assoc ccm-hold-time)

Full Context

configure eth-cfm domain association ccm-hold-time

Description

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP remains in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay.

Default

no ccm-hold-time

Parameters

down timer

Specifies the amount of time to delay, in centiseconds.

Values

0 to 1000

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-hold-time

Syntax

ccm-hold-time [down down-timeout] [up up-timeout]

no ccm-hold-time

Context

[Tree] (config>eth-ring ccm-hold-time)

Full Context

configure eth-ring ccm-hold-time

Description

This command configures eth-ring dampening timers. See the down and up commands for more information.

The no form of the command sets the up and down timers to the default values.

Parameters

down-timeout

Specifies the down timeout, in centiseconds.

Values

0 to 5000

up-timeout

Specifies the hold-time for reporting the recovery, in deciseconds.

Values

0 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-interval

ccm-interval

Syntax

ccm-interval interval

no ccm-interval

Context

[Tree] (config>eth-cfm>domain>assoc ccm-interval)

Full Context

configure eth-cfm domain association ccm-interval

Description

This command configures the CCM transmission interval for all MEPs in the association.

The no form of this command reverts to the default value.

Default

no ccm-interval

Parameters

interval

Specifies the interval between CCM transmissions to be used by all MEPs in the MA.

Values

10 milliseconds, 100 milliseconds, 1 second, 10 seconds, 60 seconds, 600 seconds

Default

10 (seconds)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-ltm-priority)

Full Context

configure eth-tunnel path eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>lag>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>router>if>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>port>ethernet>eth-cfm>mep ccm-ltm-priority)

Full Context

configure lag eth-cfm mep ccm-ltm-priority

configure router interface eth-cfm mep ccm-ltm-priority

configure port ethernet eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority of the CCM and LTM messages transmitted by the MEP. Since CCM does not apply to the Router Facility MEP only the LTM priority is of value under that context.

The no form of this command reverts to the default values.

Default

no ccm-ltm-priority

Parameters

priority

Specifies the priority value.

Values

0 to 7

Default

7, highest priority for CCMs and LTMs transmitted by the MEP

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service epipe spoke-sdp eth-cfm mep ccm-ltm-priority

configure service ipipe sap eth-cfm mep ccm-ltm-priority

configure service epipe sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>vpls>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vpls>mesh-sdp>mep ccm-ltm-priority)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service vpls eth-cfm mep ccm-ltm-priority

configure service vpls sap eth-cfm mep ccm-ltm-priority

configure service vpls mesh-sdp mep ccm-ltm-priority

configure service vpls spoke-sdp eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service ies interface sap eth-cfm mep ccm-ltm-priority

configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep ccm-ltm-priority
  • configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-ltm-priority)

Full Context

configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority

configure service vprn interface sap eth-cfm mep ccm-ltm-priority

configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority
  • configure service vprn interface sap eth-cfm mep ccm-ltm-priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-ltm-priority)

Full Context

configure eth-ring path eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of the command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-padding-size

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>lag>eth-cfm>mep ccm-padding-size)

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-padding-size)

Full Context

configure lag eth-cfm mep ccm-padding-size

configure eth-tunnel path eth-cfm mep ccm-padding-size

Description

This command inserts additional padding in the CCM packets.

The no form of this command reverts to the default.

Parameters

ccm-padding

Specifies the additional padding in the CCM packets, in octets.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size ccm-padding

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-padding-size)

[Tree] (config>router>if>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>lag>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure port ethernet eth-cfm mep ccm-padding-size

configure router interface eth-cfm mep ccm-padding-size

configure service epipe sap eth-cfm mep ccm-padding-size

configure service epipe spoke-sdp eth-cfm mep ccm-padding-size

configure service vpls spoke-sdp eth-cfm mep ccm-padding-size

configure service vpls sap eth-cfm mep ccm-padding-size

configure lag eth-cfm mep ccm-padding-size

configure service vpls mesh-sdp eth-cfm mep ccm-padding-size

configure service ipipe sap eth-cfm mep ccm-padding-size

Description

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default

no ccm-padding-size

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size

configure service ies interface sap eth-cfm mep ccm-padding-size

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

Description

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default

ccm-padding-size

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size
  • configure service ies interface sap eth-cfm mep ccm-padding-size

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-padding-size)

Full Context

configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

configure service vprn interface sap eth-cfm mep ccm-padding-size

configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size

Description

This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer 2 encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep ccm-padding-size
  • configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-padding-size)

Full Context

configure eth-ring path eth-cfm mep ccm-padding-size

Description

This command inserts additional padding in the CCM packets.

The no form of the command reverts to the default.

Parameters

ccm-padding

Specifies the additional padding in the CCM packets.

Values

3 to 1500 octets

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-tlv-ignore

ccm-tlv-ignore

Syntax

ccm-tlv-ignore [interface-status] [port-status]

no ccm-tlv-ignore

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-tlv-ignore)

[Tree] (config>lag>eth-cfm>mep ccm-tlv-ignore)

[Tree] (config>router>if>eth-cfm>mep ccm-tlv-ignore)

Full Context

configure port ethernet eth-cfm mep ccm-tlv-ignore

configure lag eth-cfm mep ccm-tlv-ignore

configure router interface eth-cfm mep ccm-tlv-ignore

Description

This command allows the receiving MEP to ignore the specified TLVs in CCM PDU. Ignored TLVs will be reported as absent and will have no impact on the MEP state machine.

The no form of this command means the receiving MEP will process all recognized TLVs in the CCM PDU.

Default

no ccm-tlv-ignore

Parameters

interface-status

Ignores the interface status TLV on reception.

port-status

Ignores the port status TLV on reception.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccrt-replay

ccrt-replay

Syntax

ccrt-replay

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy ccrt-replay)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx ccrt-replay)

Full Context

configure subscriber-mgmt diameter-application-policy gy ccrt-replay

configure subscriber-mgmt diameter-application-policy gx ccrt-replay

Description

Commands in this context configure CCR-T replay. CCR-T replay is enabled with a no shutdown of this context. If a communication failure between client and server occurs, CCR-T replay enables the retransmission of CCR-T messages for a Gx or Gy session at a configured intervals until a valid response (CCA-t) is received or until the configured max-lifetime period expires, whichever comes first.

In Gx, replaying CCR-T messages ensures that the Gx session is cleared on the PCRF side in cases where the peering session to the PCRF was not available at the time that the initial and the first retransmitted CCR-T was sent.

In Gy, replaying CCR-T messages ensures that the final credit control usage reporting is not lost for billing by the OCS.

The subscriber host or session that triggered the Gx or Gy session that is in CCR-T replay mode is deleted from the system at the time that the initial CCR-T is sent. All resources associated with the subscriber host or session, such as queues, DHCP lease states, and PPPoE session states are released. The orphaned Gx and Gy sessions in replay mode are left in the system.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cd

cd

Syntax

cd [file-url]

Context

[Tree] (file cd)

Full Context

file cd

Description

This command displays or changes the current working directory in the local file system.

Parameters

file-url

Specifies the file URL.

Values

local-url

[cflash-id/][file-path] up to 200 characters, including cflash-id directory length 99 chars max each

remote-url

[{ftp:// | tftp://}login:pswd@remote-locn/][file-path]

up to 247 characters

directory length up to 199 characters

remote-locn

[hostname | ipv4-address | [ipv6-address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - up to 32 characters, for link local addresses 255

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

If no file-url is entered, the current working directory is displayed.

..

signifies the parent directory. This can be used in place of an actual directory name in a directory-url.

directory-url

Specifies the destination directory.

Platforms

All

ce-address

ce-address

Syntax

ce-address ip-address

no ce-address

Context

[Tree] (config>service>ipipe>sap ce-address)

[Tree] (config>service>ipipe>spoke-sdp ce-address)

Full Context

configure service ipipe sap ce-address

configure service ipipe spoke-sdp ce-address

Description

This command specifies the IP address of the CE device associated with an Ipipe SAP or spoke SDP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. For a spoke SDP, it is the address of the CE device reachable through that spoke SDP (for example, attached to the SAP on the remote node). The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

On a 7450 ESS, this command specifies the IP address of the CE device associated with an Ipipe SAP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

Parameters

ip-address

Specifies the IP address of the CE device associated with an Ipipe SAP.

Platforms

All

ce-address-discovery

ce-address-discovery

Syntax

ce-address-discovery [keep]

ce-address-discovery ipv6 [keep]

no ce-address-discovery

Context

[Tree] (config>service>ipipe ce-address-discovery)

Full Context

configure service ipipe ce-address-discovery

Description

This command specifies whether the service will automatically discover the CE IP addresses.

When enabled, the addresses will be automatically discovered on SAPs that support address discovery, and on the spoke SDPs. When enabled, addresses configuration on the Ipipe SAP and spoke SDPs will not be allowed.

If disabled, CE IP addresses must be manually configured for the SAPs to become operationally up.

Default

no ce-address-discovery

Parameters

ipv6

The ipv6 keyword enables IPv6 CE address discovery support on the Ipipe so that both IPv4 and IPv6 address discovery are supported. If the ipv6 keyword is not included, then only IPv4 address discovery is supported and IPv6 packets are dropped.

keep

The keep keyword is only applicable to eth-legacy-fault-notification. This option maintains the CE address discovered even when the SAP on which the address was learned fails. The ARP entry will not be maintained if the SAP is administratively shutdown, the clear service id svc-id {arp | neighbor} is used to remove the ARP entry or the node reboots.

Platforms

All

cem

cem

Syntax

cem

Context

[Tree] (config>service>cpipe>sap cem)

[Tree] (config>service>epipe>sap cem)

Full Context

configure service cpipe sap cem

configure service epipe sap cem

Description

Commands in this context specify circuit emulation (CEM) properties.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap cem

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure service epipe sap cem

cem

Syntax

cem

Context

[Tree] (config>mirror>mirror-dest>sap cem)

Full Context

configure mirror mirror-dest sap cem

Description

Commands in this context specify circuit emulation (CEM) mirroring properties.

Ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cert

cert

Syntax

cert cert-filename

no cert

Context

[Tree] (config>ipsec>cert-profile>entry cert)

Full Context

configure ipsec cert-profile entry cert

Description

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of this command removes the cert-file-name from the entry configuration.

Default

no cert

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cert

Syntax

cert

Context

[Tree] (config>service>ies>if>sap>ipsec-gw cert)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>service>vprn>if>sap>ipsec-gw cert)

[Tree] (config>ipsec>trans-mode-prof>dyn cert)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn cert)

Full Context

configure service ies interface sap ipsec-gw cert

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert

configure service vprn interface sap ipsec-gw cert

configure ipsec ipsec-transport-mode-profile dynamic-keying cert

configure router interface ipsec ipsec-tunnel dynamic-keying cert

Description

Commands in this context configure certificate parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies interface sap ipsec-gw cert
  • configure service vprn interface sap ipsec-gw cert
  • configure ipsec ipsec-transport-mode-profile dynamic-keying cert

VSR

  • configure router interface ipsec ipsec-tunnel dynamic-keying cert
  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert
  • configure service ies interface ipsec ipsec-tunnel dynamic-keying cert

cert

Syntax

cert cert-filename

no cert

Context

[Tree] (config>system>security>tls>cert-profile>entry cert)

Full Context

configure system security tls cert-profile entry cert

Description

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of the command removes the certificate.

Default

no cert

Parameters

cert-filename

Specifies the file name of the TLS certificate, up to 95 characters in length.

Platforms

All

cert

Syntax

cert cert-file-name [create]

no cert

Context

[Tree] (config>system>security>pki>cert-auto-upd cert)

Full Context

configure system security pki certificate-auto-update cert

Description

This command configures the imported certificate filename for the certificate automatic update.

The no form of this command removes the cert-file-name from the configuration.

Parameters

cert-file-name

Specifies the filename of the certificate, up to 95 characters in length.

Platforms

All

cert-file

cert-file

Syntax

cert-file filename

no cert-file

Context

[Tree] (config>system>security>pki>ca-profile cert-file)

Full Context

configure system security pki ca-profile cert-file

Description

This command specifies the filename of a file in cf3:\system-pki\cert as the CA’s certificate of the ca-profile.

Notes:

  • The system will perform following checks against configured cert-file when a no shutdown command is issued:

    • Configured cert-file must be a DER formatted X.509v3 certificate file.

    • All non-optional fields defined in section 4.1 of RFC5280 must exist and conform to the RFC 5280 defined format.

    • Check the version field to see if its value is 0x2.

    • Check The Validity field to see that if the certificate is still in validity period.

    • X509 basic constraints extension must exists, and CA Boolean must be True.

    • If Key Usage extension exists, then at least keyCertSign and cRLSign should be asserted.

    • If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s certificate to verify if this certificate is signed by issuer’s CA; but if there is no such CA-profile configured, then system will just proceed with a warning message.

    • If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s CRL to verify that it has not been revoked; but if there is no such CA-profile configured or there is no such CRL, then system will just proceed with a warning message.

    If any of above checks fails, then the no shutdown command will fail.

  • Changing or removing of cert-file is only allowed when the ca-profile is in a shutdown state.

The no form of this command removes the filename from the configuration.

Parameters

filename

Specifies a local CF card file URL.

Platforms

All

cert-profile

cert-profile

Syntax

cert-profile profile-name [create]

no cert-profile profile-name

Context

[Tree] (config>ipsec cert-profile)

Full Context

configure ipsec cert-profile

Description

This command creates a new cert-profile or enters the configuration context of an existing cert-profile.

The no form of this command removes the profile name from the cert-profile configuration.

Parameters

profile-name

Specifies the name of the certification profile up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cert-profile

Syntax

cert-profile name

no cert-profile

Context

[Tree] (config>ipsec>trans-mode-prof>dyn>cert cert-profile)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert cert-profile)

[Tree] (config>service>ies>if>sap>ipsec-gw>cert cert-profile)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert cert-profile)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert cert-profile)

[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert cert-profile)

[Tree] (config>service>vprn>if>sap>ipsec-gw>cert cert-profile)

Full Context

configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure service ies interface sap ipsec-gw cert cert-profile

configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure service vprn interface sap ipsec-gw cert cert-profile

Description

This command specifies the name of certificate profile to be used for authentication.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies the profile name, up to 32 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-gw cert cert-profile
  • configure service ies interface sap ipsec-gw cert cert-profile
  • configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile
  • configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile

VSR

  • configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
  • configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

cert-profile

Syntax

cert-profile profile-name [create]

no cert-profile profile-name

Context

[Tree] (config>system>security>tls cert-profile)

Full Context

configure system security tls cert-profile

Description

This command configures TLS certificate profile information. The certificate profile contains the certificates that are sent to the TLS peer (server or client) to authenticate itself. It is mandatory for the TLS server to send this information. The TLS client may optionally send this information upon request from the TLS server.

The no form of the command deletes the specified TLS certificate profile.

Parameters

profile-name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

create

Keyword used to create the TLS certificate profile.

Platforms

All

cert-profile

Syntax

cert-profile name

no cert-profile

Context

[Tree] (config>system>security>tls>client-tls-profile cert-profile)

Full Context

configure system security tls client-tls-profile cert-profile

Description

This command assigns a TLS certificate profile to be used by the TLS client profile. This certificate is sent to the server for authentication of the client and public key.

The no form of the command removes the TLS certificate profile assignment.

Parameters

name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

Platforms

All

cert-profile

Syntax

cert-profile name

no cert-profile

Context

[Tree] (config>system>security>tls>server-tls-profile cert-profile)

Full Context

configure system security tls server-tls-profile cert-profile

Description

This command assigns a TLS certificate profile to be used by the TLS server profile. This certificate is sent to the client for authentication of the server and public key.

The no form of the command removes the TLS certificate profile assignment.

Parameters

name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

Platforms

All

cert-request

cert-request

Syntax

cert-request ca ca-profile-name current-key key-filename current-cert cert-filename [hash-alg hash-algorithm] newkey key-filename subject-dn subject-dn [domain-name domain-names] [ip-addr ip-address | ipv6-address] save-as save-path-of-result-cert

Context

[Tree] (admin>certificate>cmpv2 cert-request)

Full Context

admin certificate cmpv2 cert-request

Description

This command requests an additional certificate after the system has obtained the initial certificate from the CA.

The request is authenticated by a signature signed by the current-key, along with the current-cert. The hash algorithm used for signature is depends on the key type:

  • DSA key: SHA1

  • RSA key: MD5/SHA1/SHA224 | SHA256 | SHA384 | SHA512, by default is SHA1

In some cases, the CA may not return a certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.

Parameters

ca ca-profile-name

Specifies a ca-profile name which includes CMP server information up to 32 characters.

current-key key-filename

Specifies corresponding certificate issued by the CA up to 95 characters.

current-cert cert-filename

Specifies the file name of an imported certificate that is attached to the certificate request up to 95 characters.

newkey key-filename

Specifies the file name of the imported key up to 95 characters.

hash-alg hash-algorithm

Specifies the hash algorithm for RSA key.

Values

md5,sha1,sha224,sha256,sha384,sha512

subject-dn dn

Specifies the subject of the requesting certificate up to 256 characters.

Values

attr1=val1,attr2=val2 where: attrN={C | ST | O | OU | CN}

save-as save-path-of-result-cert

Specifies the save full path name of saving the result certificate, up to 200 characters.

domain-name domain-names

Specifies FQDNs for SubjectAltName of the requesting certificate, separated by commas, up to 512 characters.

ip-addr ip-address | ipv6-address

Specifies an IPv4 or IPv6 address for SubjectAltName of the requesting certificate.

Platforms

All

cert-sync

cert-sync

Syntax

[no] cert-sync

Context

[Tree] (admin>redundancy cert-sync)

[Tree] (config>redundancy cert-sync)

Full Context

admin redundancy cert-sync

configure redundancy cert-sync

Description

This command automatically synchronizes the certificate/CRL/key when importing or generating (for the key). If a new CF card is inserted into slot3 into the backup CPM, the system will sync the whole system-pki directory from the active CPM.

Default

enabled

Platforms

All

certificate

certificate

Syntax

certificate certificate-file

no certificate

Context

[Tree] (config>app-assure>group>certificate-profile certificate)

Full Context

configure application-assurance group certificate-profile certificate

Description

This command indicated the file name of the certificate to be added to the profile.

The no form of this command removes the certificate from the profile.

Default

no certificate

Parameters

certificate-file

Specifies the name of the certificate file, up to 95 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

certificate

Syntax

certificate

Context

[Tree] (admin certificate)

Full Context

admin certificate

Description

Commands in this context configure X.509 certificate related operational parameters. For information about CMPv6 admin certificate commands, see the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide.

Platforms

All

certificate

Syntax

certificate

Context

[Tree] (debug certificate)

Full Context

debug certificate

Description

Commands in this context debug certificates.

Platforms

All

certificate

Syntax

certificate filename

Context

[Tree] (debug>ipsec certificate)

Full Context

debug ipsec certificate

Description

This command enables debug for certificate chain computation in cert-profile.

Parameters

filename

Displays the filename of imported certificate, up to 95 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

certificate-auto-update

certificate-auto-update

Syntax

certificate-auto-update

Context

[Tree] (config>system>security>pki certificate-auto-update)

Full Context

configure system security pki certificate-auto-update

Description

This command configures automatic updates for the specified certificate. This must be an imported certificate.

Platforms

All

certificate-display-format

certificate-display-format

Syntax

certificate-display-format {ascii | utf8}

Context

[Tree] (config>system>security>pki certificate-display-format)

Full Context

configure system security pki certificate-display-format

Description

This command specifies the display format used for the Certificates and Certificate Revocation Lists.

Default

certificate-display-format ascii

Parameters

ascii

Specifies the ASCII format to use for the Certificates and Certificate Revocation Lists.

utf8

Specifies the UTF8 format to use for the Certificates and Certificate Revocation Lists.

Platforms

All

certificate-expiration-warning

certificate-expiration-warning

Syntax

certificate-expiration-warning hours [repeat repeat-hours]

no certificate-expiration-warning

Context

[Tree] (config>system>security>pki certificate-expiration-warning)

Full Context

configure system security pki certificate-expiration-warning

Description

With this command configured, the system issues two types of warnings related to certificate expiration:

  • BeforeExp — A warning message issued before certificate expire

  • AfterExp — A warning message issued when certificate expire

This command specifies when system will issue BeforeExp message before a certificate expires. For example, with certificate-expiration-warning 5, the system will issue a BeforeExp message 5 hours before a certificate expires. An optional repeat <repeat-hour> parameter will enable the system to repeat the BeforeExp message every hour until the certificate expires.

If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.

BeforeExp and AfterExp warnings can be cleared in following cases:

  • The certificate is reloaded by the admin certificate reload command. In this case, if the reloaded file is not expired, then AfterExp is cleared. And, if the reloaded file is outside of configured warning window, then the BeforeExp is also cleared.

  • When the ca-profile/ipsec-gw/ipsec-tunnel/cert-profile is shutdown, then BeforeExp and AfterExp of corresponding certificates are cleared.

  • When no certificate-expiration-warning command is configured, then all existing BeforeExp and AfterExp are cleared.

  • Users may change the configuration of the certificate-expiration-warning so that certain certificates are no longer in the warning window. BeforeExp of corresponding certificates are cleared.

  • If the system time changes so that the new time causes the certificates to no longer be in the warning window, then BeforeExp is cleared. If the new time causes an expired certificate to come non-expired, then AfterExp is cleared.

Default

no certificate-expiration-warning

Parameters

hours

Specifies the amount of time before a certificate expires when system issues BeforeExp.

Values

0 to 8760

repeat-hours

Specifies the time the system will repeat BeforeExp every repeat-hour.

Values

0 to 8760

Platforms

All

certificate-profile

certificate-profile

Syntax

certificate-profile cert-prof-name [create]

no certificate-profile cert-prof-name

Context

[Tree] (config>app-assure>group certificate-profile)

Full Context

configure application-assurance group certificate-profile

Description

This command creates a certificate profile to be used for certificate-based encryption in HTTP header enrichment.

The no form of this command removes the certificate profile.

Parameters

cert-profile-name

Specifies the name of the profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

certificate-update-profile

certificate-update-profile

Syntax

certificate-update-profile profile-name [create]

no certificate-profile profile-name

Context

[Tree] (config>system>security>pki certificate-update-profile)

Full Context

configure system security pki certificate-update-profile

Description

Commands in this context configure a certificate update profile that specifies the behavior of the automatic update certificate.

The no form of this command removes the profile.

Parameters

profile-name

Specifies the name of the profile, up to 32 characters.

create
Mandatory keyword to create a certificate update profile.

Platforms

All

cflash-cap-alarm

cflash-cap-alarm

Syntax

cflash-cap-alarm cflash-id rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]

no cflash-cap-alarm cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-alarm)

Full Context

configure system thresholds cflash-cap-alarm

Description

This command enables capacity monitoring of the compact flash specified in this command. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

Parameters

cflash-id

Specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created

If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example


cflash-cap-alarm cf1-A: rising-threshold 50000000 falling-threshold 49999900 
interval 120 rmon-event-type both start-alarm rising

Platforms

All

cflash-cap-alarm-pct

cflash-cap-alarm-pct

Syntax

cflash-cap-alarm-pct cflash-id rising-threshold percentage [falling-threshold percentage] interval seconds [rmon-event-type event-type] [startup-alarm alarm-type]

no cflash-cap-alarm-pct cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-alarm-pct)

Full Context

configure system thresholds cflash-cap-alarm-pct

Description

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

Parameters

cflash-id

Specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

falling-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

seconds

Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created.

If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-alarm-pct cf1-A: rising-threshold 70 falling-
threshold 60 interval 120 rmon-event-type both start-alarm rising

Platforms

All

cflash-cap-warn

cflash-cap-warn

Syntax

cflash-cap-warn cflash-id rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]

no cflash-cap-warn cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-warn)

Full Context

configure system thresholds cflash-cap-warn

Description

This command enables capacity monitoring of the compact flash specified in this command.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

Parameters

cflash-id

Specifies that the cflash-id specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and a SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-warn cf1-B: rising-threshold 2000000 falling-threshold 1999900 
interval 240 rmon-event-type trap start-alarm either

Platforms

All

cflash-cap-warn-pct

cflash-cap-warn-pct

Syntax

cflash-cap-warn-pct cflash-id rising-threshold percentage [falling-threshold percentage] interval seconds [rmon-event-type event-type] [startup-alarm alarm-type]

no cflash-cap-warn-pct cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-warn-pct)

Full Context

configure system thresholds cflash-cap-warn-pct

Description

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

Parameters

cflash-id

Specifies that the cflash-id specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

falling-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both —Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example


cflash-cap-warn-pct cf1-B: rising-threshold 70 falling-threshold 60 
interval 240 rmon-event-type trap start-alarm either

Platforms

All

cflowd

cflowd

Syntax

[no] cflowd

Context

[Tree] (config>service>epipe>sap cflowd)

Full Context

configure service epipe sap cflowd

Description

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For L2 services, only ingress sampling is supported.

Default

no cflowd

Platforms

All

cflowd

Syntax

[no] cflowd

Context

[Tree] (config>service>vpls>sap cflowd)

Full Context

configure service vpls sap cflowd

Description

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For Layer 2 services, only ingress sampling is supported.

Default

no cflowd

Platforms

All

cflowd

Syntax

cflowd

Context

[Tree] (config>app-assure>group cflowd)

Full Context

configure application-assurance group cflowd

Description

Commands in this context configure cflowd parameters for the application assurance group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cflowd

Syntax

[no] cflowd

Context

[Tree] (config cflowd)

Full Context

configure cflowd

Description

This command creates the context to configure cflowd.

The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.

Default

no cflowd

Platforms

All

cflowd-parameters

cflowd-parameters

Syntax

cflowd-parameters

Context

[Tree] (config>service>ies>if cflowd-parameters)

[Tree] (config>service>vprn>sub-if>grp-if cflowd-parameters)

[Tree] (config>service>ies>sub-if>grp-if cflowd-parameters)

Full Context

configure service ies interface cflowd-parameters

configure service vprn subscriber-interface group-interface cflowd-parameters

configure service ies subscriber-interface group-interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When Cflowd is enabled at the interface level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

  • configure service ies interface cflowd-parameters

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface cflowd-parameters
  • configure service vprn subscriber-interface group-interface cflowd-parameters

cflowd-parameters

Syntax

cflowd-parameters

Context

[Tree] (config>service>vprn>nw-if cflowd-parameters)

[Tree] (config>service>vprn>if cflowd-parameters)

Full Context

configure service vprn network-interface cflowd-parameters

configure service vprn interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

cflowd-parameters

Syntax

cflowd-parameters

Context

[Tree] (config>router>if cflowd-parameters)

Full Context

configure router interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

cfm-mac-advertisement

cfm-mac-advertisement

Syntax

[no] cfm-mac-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn cfm-mac-advertisement)

Full Context

configure service vpls bgp-evpn cfm-mac-advertisement

Description

This command enables the advertisement and withdrawal, as appropriate, of the IEEE MAC address associated with the MP (MEP and MIP) created on a SAP, Spoke or Mesh, in an EVPN service.

The up-date occurs each time an MP is added or deleted, or an IEEE MAC address is changed for an MP on a SAP, Spoke or Mesh within the service. The size of the update depends on the number of MPs in the service affected by the modification.

Only enable this functionality, as required, for services that require a resident MAC address to properly forward unicast traffic and that do not perform layer two MAC learning as part of the data plane.

Local MP IEEE MAC addresses are not stored in the local FDB and, as such, cannot be advertised through a control plane to a peer without this command.

The no version of the command disables the functionality and withdraws all previously advertised MP IEEE MAC addresses.

Platforms

All

cfm-opcode

cfm-opcode

Syntax

cfm-opcode {lt | gt | eq} opcode

cfm-opcode range start end

no cfm-opcode

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match cfm-opcode)

Full Context

configure system security management-access-filter mac-filter entry match cfm-opcode

Description

This command specifies the type of opcode checking to be performed.

If the cfm-opcode match condition is configured then a check must be made to see if the Ethertype is either IEEE802.1ag or Y1731. If the Ethertype does not match then the packet is not CFM and no match to the cfm-opcode is attempted.

The CFM (ieee802.1ag or Y1731) opcode can be assigned as a range with a start and an end number or with a (less than lt, greater than gt, or equal to eq) operator.

If no range with a start and an end or operator (lt, gt, eq) followed by an opcode with the value between 0 and 255 is defined then the command is invalid.

Opcode Values lists the opcode values.

Table 3. Opcode Values

CFM PDU or Organization

Acronym

Configurable Numeric Value (Range)

Reserved for IEEE 802.1 0

0

Continuity Check Message

CCM

1

Loopback Reply

LBR

2

Loopback Message

LBM

3

Linktrace Reply

LTR

4

Linktrace Message

LTM

5

Reserved for IEEE 802.1

6 – 31

Reserved for ITU

32

AIS

33

Reserved for ITU

34

LCK

35

Reserved for ITU

36

TST

37

Reserved for ITU

38

APS

39

Reserved for ITU

40

MCC

41

LMR

42

LMM

43

Reserved for ITU

44

1DM

45

DMR

46

DMM

47

Reserved for ITU

48 – 63

Reserved for IEEE 802.1 0

64 - 255

Defined by ITU-T Y.1731 32 - 63

Defined by IEEE 802.1. 64 - 255

Default

no cfm-opcode

Parameters

opcode

Specifies the opcode checking to be performed.

start

specifies the start number.

Values

0 to 255

end

Specifies the end number.

Values

0 to 255

lt | gt | eq

Specifies comparison operators.

Platforms

All

cfm-vlan-tag

cfm-vlan-tag

Syntax

cfm-vlan-tag qtag1[.qtag2]

no cfm-vlan-tag

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>epipe>sap>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>sap>eth-cfm>mep cfm-vlan-tag)

Full Context

configure service vpls spoke-sdp eth-cfm mep cfm-vlan-tag

configure service epipe spoke-sdp eth-cfm mep cfm-vlan-tag

configure service vpls eth-cfm mep cfm-vlan-tag

configure service epipe sap eth-cfm mep cfm-vlan-tag

configure service vpls mesh-sdp eth-cfm mep cfm-vlan-tag

configure service vpls sap eth-cfm mep cfm-vlan-tag

Description

This command configures VLAN tags to apply to locally-generated CFM PDUs for egress processing.

The no form of the command removes the qtags from the configuration.

Parameters

qtag1

Specifies the outer VLAN ID.

Values

1 to 4094

qtag2

Specifies the inner VLAN ID and can only be specified if qtag1 is configured.

Values

1 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

chain-to-system-filter

chain-to-system-filter

Syntax

[no] chain-to-system-filter

Context

[Tree] (config>filter>ipv6-filter chain-to-system-filter)

[Tree] (config>filter>ip-filter chain-to-system-filter)

Full Context

configure filter ipv6-filter chain-to-system-filter

configure filter ip-filter chain-to-system-filter

Description

This command chains this filter to a currently active system filter. When the filter is chained to the system filter, the system filter rules are executed first, and the filter rules are only evaluated if no match on the system filter was found.

The no form of the command detaches this filter from the system filter.

Operational note:

If no system filter is currently active, the command has no effect.

Default

no chain-to-system-filter

Platforms

All

challenge

challenge

Syntax

challenge {always}

no challenge

Context

[Tree] (config>service>vprn>l2tp challenge)

[Tree] (config>router>l2tp challenge)

Full Context

configure service vprn l2tp challenge

configure router l2tp challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always

Specifies that the challenge-response authentication is always used.

Default

no challenge

Values

always

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

challenge

Syntax

challenge always

no challenge

Context

[Tree] (config>service>vprn>l2tp>group challenge)

Full Context

configure service vprn l2tp group challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always

Specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group.

Values

always

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

challenge

Syntax

challenge {always | never}

no challenge

Context

[Tree] (config>service>vprn>l2tp>group>tunnel challenge)

Full Context

configure service vprn l2tp group tunnel challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command removes the parameter from the configuration and indicates that the value on group level will be taken.

Default

no challenge

Parameters

always

Specifies that challenge-response authentication should always be used for the tunnel.

never

Specifies that challenge-response authentication should never be used for the tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

change-reporting-action

change-reporting-action

Syntax

change-reporting-action reporting-action

no change-reporting-action

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile change-reporting-action)

Full Context

configure subscriber-mgmt gtp peer-profile change-reporting-action

Description

This command specifies the value of the change reporting action IE sends to the peer in applicable messages. The peer needs to indicate support first using the appropriate flag in the indication IE.

This is overridden by AAA, if AAA explicitly request notification changes for either ECGI, TAI or both. If AAA does not request any notification changes or only the generic location change, the configured value is used.

The no form of this command indicates that the IE is not sent, unless specified by AAA.

Default

no change-reporting-action

Parameters

reporting-action

Specifies the reporting action value as per TS 29.274.

Values

0 to 255, cgi-sai, rai, tai, ecgi, cgi-sai-rai, tai-ecgi

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

channel

channel

Syntax

channel ip-address [ip-address] [create]

no channel ip-address [ip-address]

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle channel)

Full Context

configure mcast-management multicast-info-policy bundle channel

Description

This command defines explicit channels or channel ranges that are associated with the containing bundle. A channel or channel range is defined by their destination IP addresses. A channel may be defined using either IPv4 or IPv6 addresses. If a channel range is being defined, both the start and ending addresses must be the same type.

A specific channel may only be defined within a single channel or channel range within the multicast information policy. A defined channel range cannot overlap with an existing channel range.

If a channel range is to be shortened, extended, split or moved to another bundle, it must first be removed from its existing bundle.

Each specified channel range creates a containing context for any override parameters for the channel range. By default, no override parameters exist.

The no form of this command removes the specified multicast channel from the containing bundle.

Parameters

ip-address

Specifies the starting and ending destination IP addresses for a channel range. If only the start channel ip-address parameter is given, the channel ranges comprises of a single multicast channel.

If both the starting and ending address are specified, all addresses within the range including the specified address are part of the channel range.

IPv4 or IPv6 addresses may be defined. All specified addresses must be valid multicast destination addresses. The starting IP address must be numerically lower than the ending IP address.

Values

Any valid IP multicast destination address

create

This keyword is required if creating a new multicast channel range when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the specified channel range already exists.

Platforms

All

channel

Syntax

channel mcast-address source ip-address [channel-name channel-name]

no channel mcast-address source ip-address

Context

[Tree] (config>service>vprn>video-interface channel)

[Tree] (config>service>ies>video-interface channel)

Full Context

configure service vprn video-interface channel

configure service ies video-interface channel

Description

This command configures channel parameters for ad insertion.

Parameters

mcast-address

Specifies the multicast address.

source ip-address

Specifies the source IP address.

channel-name channel-name

Specifies the channel name up to 32 characters in length.

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

channel

Syntax

channel start-address end-address bw bandwidth [class class] [type type] [source prefix/prefix-length]

no channel start-address end-address [source prefix/prefix-length]

Context

[Tree] (config>router>mcac>policy>bundle channel)

Full Context

configure router mcac policy bundle channel

Description

This command creates a multicast channel within the bundle where it is configured. A join for a particular multicast channel can be accepted if:

  1. Mandatory channels:

    A sufficient bandwidth exists on the interface according to the policy settings for the interface. There is always sufficient BW available on the bundle level because mandatory channels get BW pre-reserved.

  2. Optional channels:

    A sufficient BW exists on both interface and bundle level.

A channel definition can be either IPv4 (start-address, end-address, source-address are IPv4 addresses) or IPv6. A single bundle can have either IPv4 or IPv6 or IPv6 and IPv4 channel definitions. A single policy can mix any of those bundles.

Overlapping channels are not allowed. Two channels overlap if they contain same groups and the same source address prefix (or both do not specify source address prefix). Two channels with same groups and different source prefixes (including one of the channels having no source configured or one of the channels having more specific prefix than the other) do not overlap and are treated as separate channels.

When joining a group from multiple sources, MCAC accounts for that only once when no source address is specified or a prefix for channel covers both sources. Channel BW should be adjusted accordingly or source-aware channel definition should be used if that is not desired.

If a bundle is removed, the channels associated are also removed and every multicast group that was previously policed (because it was in the bundle that contained the policy) becomes free of constraints.

When a new bundle is added to a MCAC policy, the bundle’s established groups on a given interfaces are accounted by the policy. Even if this action results in exceeding the bundle’s constrain, no active multicast groups are removed. When a leave message is received for an existing optional channel, then the multicast stream is pruned and subsequent new joins may be denied in accordance with the policy. It is possible that momentarily there may be insufficient bandwidth, even for mandatory channels, in this bundle.

Parameters

start-address

Specifies the beginning multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.

Values

This must be a valid IPv4 or IPv6 multicast group address

end-address

Specifies the ending multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.

Values

This must be a valid IPv4 or IPv6 multicast group address

prefix/prefix-length

Specifies the source of the multicast IP stream. This must be a valid IPv4 or IPv6 multicast source address prefix.

Values

address-prefix/prefix-length

address-prefix is valid IPv4/IPv6 multicast source IP address prefix (local scope excluded)

prefix-length [0 to 32] for IPv4 [0 to 128] for IPv6

bandwidth

Specifies the bandwidth required by this channel in kb/s. If this bandwidth is configured for a mandatory channel then this bandwidth is reserved by subtracting the amount from the total available bandwidth for all potential egress interfaces and the bundle.

If this bandwidth is configured as an optional channel then this bandwidth must be available for both the bundle and the egress interface requesting the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.

Values

10 to 10000000 kb/s

class

Provides deeper classification of channels used in the algorithm when LAG ports change state.

Values

high, low

Default

low

type

Specifies the channel to be either mandatory or optional.

mandatory — When the mandatory keyword is specified, then the bandwidth is reserved by subtracting it from the total available for all the potential egress interfaces and the bundle.

optional — When the optional keyword is specified then the bandwidth must be available on both the bundle and the egress interface that requests the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.

Values

mandatory, optional

Default

optional

Platforms

All

channel-group

channel-group

Syntax

[no] channel-group channel-group-id

Context

[Tree] (config>port>tdm>ds1 channel-group)

[Tree] (config>port>tdm>e1 channel-group)

Full Context

configure port tdm ds1 channel-group

configure port tdm e1 channel-group

Description

This command creates DS0 channel groups in a channelized DS1 or E1 circuit. Channel groups cannot be further subdivided.

The no form of this command deletes the specified DS1 or E1 channel.

Parameters

channel-group-id

Identifies the channel-group ID number.

Values

DS1: 1 to 24 E1: 1 to 32

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

channelized

channelized

Syntax

channelized {ds1 | e1}

no channelized

Context

[Tree] (config>port>tdm>ds3 channelized)

Full Context

configure port tdm ds3 channelized

Description

This command specifies that the associated DS-3 is a channelized DS-3 with DS-1/E-1 sub-channels. Depending on the MDA type, the DS-3 parameters must be disabled if clear channel is the default (for example, on m12-ds3 MDAs). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. The no form specifies the associated DS-3 is a clear channel circuit and cannot contain sub-channel DS-1s/E-1s. The sub-channels must be deleted first before the no command is executed.

Default

no channelized.

Parameters

ds1

Specifies that the channel is DS-1.

e1

Specifies that the channel is E-1.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

chap-challenge-length

chap-challenge-length

Syntax

chap-challenge-length min length max length

no chap-challenge-length

Context

[Tree] (config>router>l2tp>group>ppp chap-challenge-length)

[Tree] (config>service>vprn>l2tp>group>tunnel chap-challenge-length)

[Tree] (config>router>l2tp>group>tunnel>ppp chap-challenge-length)

Full Context

configure router l2tp group ppp chap-challenge-length

configure service vprn l2tp group tunnel chap-challenge-length

configure router l2tp group tunnel ppp chap-challenge-length

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

Default

32

max length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Default

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

chap-challenge-length

Syntax

chap-challenge-length min length max length

no chap-challenge-length

Context

[Tree] (config>service>vprn>l2tp>group>ppp chap-challenge-length)

Full Context

configure service vprn l2tp group ppp chap-challenge-length

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

max length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

characteristic

characteristic

Syntax

characteristic characteristic-name value value-name

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy-override>policy characteristic)

Full Context

configure application-assurance group policy-override policy characteristic

Description

This command configure an override characteristic and value.

Parameters

characteristic-name

Specifies the characteristic name, up to 32 characters.

value-name

Specifies the override characteristic value for the application profile characteristic used by the Application assurance subscriber.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

characteristic

Syntax

characteristic characteristic-name value value-name

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy>app-profile characteristic)

Full Context

configure application-assurance group policy app-profile characteristic

Description

This command assigns one of the existing values of an existing application service option characteristic to the application profile.

The no form of this command removes the characteristic from the application profile.

Parameters

characteristic-name

Specifies the name of an existing ASO characteristic.

value-name

Specifies the name for the application profile characteristic up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

characteristic

Syntax

characteristic characteristic-name

Context

[Tree] (config>app-assure>group>aqp>entry>action characteristic)

Full Context

configure application-assurance group app-qos-policy entry action characteristic

Description

This command enables the system to use the value of the characteristic name specified in the app-qos-policy url-filter action for the configurable ICAP x-header name provisioned in the url-filter policy. The ICAP server can then use this value to decide which url-filter policy to apply instead of applying a filter policy based on the subscriber name.

Parameters

characteristic-name

Specifies the name of the characteristic.

characteristic

Syntax

characteristic characteristic-name {eq | neq} value-name

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match characteristic)

Full Context

configure application-assurance group policy app-qos-policy entry match characteristic

Description

This command adds an existing characteristic and its value to the match criteria used by this AQP entry.

The no form of this command removes the characteristic from match criteria for this AQP entry.

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

characteristic-name

Specifies the name of the existing ASO characteristic, up to 32 characters in length.

value-name

Specifies the name of an existing value for the characteristic, up to 32 characters in length.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

characteristic

Syntax

characteristic characteristic-name [create]

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy>aso characteristic)

Full Context

configure application-assurance group policy app-service-options characteristic

Description

This command creates the characteristic of the application service options.

The no form of this command deletes characteristic option. To delete a characteristic, it must not be referenced by other components of application assurance.

Parameters

characteristic-name

Specifies a string of up to 32 characters uniquely identifying this characteristic.

create

Mandatory keyword used to create when creating a characteristic. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-characteristics

charging-characteristics

Syntax

charging-characteristics

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile charging-characteristics)

Full Context

configure subscriber-mgmt gtp peer-profile charging-characteristics

Description

Commands in this context configure charging characteristics.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-filter

charging-filter

Syntax

charging-filter

Context

[Tree] (config>app-assure>group>policy charging-filter)

Full Context

configure application-assurance group policy charging-filter

Description

Commands in this context configure a charging filter for application assurance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

charging-group

Syntax

charging-group charging-group-name

no charging-group

Context

[Tree] (config>app-assure>group>policy>chrg-fltr>entry charging-group)

Full Context

configure application-assurance group policy charging-filter entry charging-group

Description

This command configures an association between the charging group and the flows that match the charging filter entry.

The no form of this command removes the charging group.

Default

no charging-group

Parameters

charging-group-name

Specifies a string that uniquely identifies the charging group in the system, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group charging-group-name

no charging-group

Context

[Tree] (config>app-assure>group>policy>app-group charging-group)

[Tree] (config>app-assure>group>policy>application charging-group)

Full Context

configure application-assurance group policy app-group charging-group

configure application-assurance group policy application charging-group

Description

This command associates an application or app-group to an application assurance charging group.

The no form of this command deletes the charging group association.

Default

no charging-group

Parameters

charging-group-name

Specifies a string of up to 32 characters uniquely identifying an existing charging group in the system.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group {eq | neq} charging-group-name

no charging-group

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match charging-group)

Full Context

configure application-assurance group policy app-qos-policy entry match charging-group

Description

This command adds charging-group to match criteria used by this AQP entry.

The no form of this command removes the charging-group from match criteria for this AQP entry.

Default

no charging-group

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

charging-group-name

Specifies the name of the existing application group entry. The application-group name is configured in the config>app-assure>group>policy>aqp>entry>match context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group charging-group-name [create]

no charging-group charging-group-name

Context

[Tree] (config>app-assure>group>policy charging-group)

Full Context

configure application-assurance group policy charging-group

Description

This command creates a charging group for an application assurance policy.

The no form of this command deletes the charging group from the configuration. All associations must be removed to delete a group.

Default

no charging-group

Parameters

charging-group-name

Specifies a string of up to 32 characters uniquely identifying an existing charging group in the system.

create

Mandatory keyword used when creating an charging group. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group charging-group-name export-using export-method [export-method...(up to 2 max)]

charging-group charging-group-name no-export

no charging-group charging-group-name

Context

[Tree] (config>app-assure>group>statistics>aa-sub charging-group)

Full Context

configure application-assurance group statistics aa-sub charging-group

Description

This command configures aa-sub accounting statistics for export of charging groups of a given AA ISA group/partition.

The no form of this command removes the parameters from the configuration.

Parameters

charging-group-name

Specifies the name of the charging group. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.

export-using export-method

Specifies that the method of stats export to be used.

Values

accounting-policy, radius-accounting-policy

no-export

Allows the operator to enable the referred to a charging group to be selected (via Diameter) for Gx-usage monitoring. Gx usage monitoring is enabled automatically (and this command is not shown) if the export-using parameter is selected for the respective charging group.

Usage monitoring must be enabled at the group:partition level (config>app-assure>group>statistics>aa-sub>usage-monitoring) as well in order to allow any application/application group/charging group usage monitoring.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-rule-base-name

charging-rule-base-name

Syntax

charging-rule-base-name category-map-name

charging-rule-base-name string

no charging-rule-base-name

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp charging-rule-base-name)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp charging-rule-base-name

Description

This command includes the Charging-Rule-Base-Name AVP with the specified value in all Diameter DCCA CCR messages.

The no form of this command removes the Charging-Rule-Base-Name AVP from the Diameter DCCA CCR messages.

Default

charging-rule-base-name category-map-name

Parameters

category-map-name

This keyword specifies the name of the category-map in use.

string

Specifies a string of up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

chassis-level

chassis-level

Syntax

chassis-level

Context

[Tree] (config>mcast-management chassis-level)

Full Context

configure mcast-management chassis-level

Description

Commands in this context configure multicast plane bandwidth parameters. The chassis-level CLI node contains the multicast plane replication limit for each switch fabric multicast plane.

The chassis-level node always exists and contains the configuration command to define the total replication rates for primary and secondary associated ingress paths for each switch fabric multicast plane.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

chassis-mode

chassis-mode

Syntax

chassis-mode chassis-mode [force]

Context

[Tree] (config>system chassis-mode)

Full Context

configure system chassis-mode

Description

This command is retained for historic reasons, and was used to control the set of features and scaling available based on the variants of IOMs present in the node. As of release 15.0, the set of supported IOMs no longer requires this differentiation using this command. The command still exists but the mode is fixed at chassis mode d.

Default

chassis-mode d

Parameters

chassis-mode

Specifies the chassis modes:

d: This mode corresponds to scaling and feature set associated with iom3-xp.

force

Forces an upgrade from a lesser scaling and feature set to a greater one.

Platforms

7450 ESS, 7750 SR-7/12

check-id-kp-cmcra-only

check-id-kp-cmcra-only

Syntax

[no] check-id-kp-cmcra-only

Context

[Tree] (config>system>security>pki>est-profile check-id-kp-cmcra-only)

Full Context

configure system security pki est-profile check-id-kp-cmcra-only

Description

This command enables checking id-kp-cmcRA in the EST certificate. When enabled, instead of the subject or subject alternative name, only the id-kp-cmcRA existence in extended key usage extension of EST server certificate is checked. The id-kp-cmcRA identifies a Registration Authority.

The no form of this command reverts to the default value.

Default

no check-id-kp-cmcra-only

Platforms

All

check-zero

check-zero

Syntax

check-zero {enable | disable}

no check-zero

Context

[Tree] (config>service>vprn>ripng>group>neighbor check-zero)

[Tree] (config>service>vprn>rip check-zero)

[Tree] (config>service>vprn>ripng>group check-zero)

[Tree] (config>service>vprn>rip>group>neighbor check-zero)

[Tree] (config>service>vprn>ripng check-zero)

[Tree] (config>service>vprn>rip>group check-zero)

Full Context

configure service vprn ripng group neighbor check-zero

configure service vprn rip check-zero

configure service vprn ripng group check-zero

configure service vprn rip group neighbor check-zero

configure service vprn ripng check-zero

configure service vprn rip group check-zero

Description

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The no form of this command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

Default

no check-zero

Parameters

enable

Enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting noncompliant RIP messages.

disable

Disables the checking and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

Platforms

All

check-zero

Syntax

check-zero {enable | disable}

no check-zero

Context

[Tree] (config>router>rip>group check-zero)

[Tree] (config>router>rip check-zero)

[Tree] (config>router>ripng check-zero)

[Tree] (config>router>ripng>group>neighbor check-zero)

[Tree] (config>router>rip>group>neighbor check-zero)

[Tree] (config>router>ripng>group check-zero)

Full Context

configure router rip group check-zero

configure router rip check-zero

configure router ripng check-zero

configure router ripng group neighbor check-zero

configure router rip group neighbor check-zero

configure router ripng group check-zero

Description

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The check-zero enable command enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting non-compliant RIP messages.

The check-zero disable command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no check-zero), the setting from the less specific level is inherited by the lower level.

The no form of the command removes the check-zero command from the configuration.

Parameters

enable

Specifies to reject RIP messages which do not have zero in the RIPv1 and RIPv2 mandatory fields.

disable

Specifies allows receipt of RIP messages which do not have the mandatory zero fields reset.

Platforms

All

checksum

checksum

Syntax

checksum {md5 | sha256} file-url

Context

[Tree] (file checksum)

Full Context

file checksum

Description

This command computes and displays a checksum for a file.

Parameters

md5

Specifies the use of the MD5 algorithm to produce the file checksum.

sha256

Specifies the use of the SHA-256 algorithm to produce the file checksum.

file-url

Specifies the location of the file.

Values

local-url

[cflash-id/][file-path] up to 200 characters, including cflash-id directory length 99 chars max each

remote-url

[{ftp:// | tftp:// | http:// | https://}login:pswd@remote-locn/][file-path]

up to 247 characters

directory length up to 199 characters

remote-locn

[hostname | ipv4-address | [ipv6-address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - up to 32 characters, for link local addresses 255

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

child-control

child-control

Syntax

child-control

Context

[Tree] (config>qos>adv-config-policy child-control)

Full Context

configure qos adv-config-policy child-control

Description

This command contains parameters that are intended to allow more precise control of the method that hierarchical virtual scheduling employs to emulate the effect of a scheduling context upon a member child queue or policer.

This command edits the parameters that control the child requested bandwidth and parental bandwidth distribution for all policers and queues associated with the policy.

Platforms

All

chli-event

chli-event

Syntax

chli-event {forward | backward | aggregate} threshold raise-threshold [clear clear-threshold]

no chli-event {forward | backward | aggregate}

Context

[Tree] (config>oam-pm>session>ethernet>slm>loss-events chli-event)

[Tree] (config>oam-pm>session>ethernet>lmm>loss-events chli-event)

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events chli-event)

Full Context

configure oam-pm session ethernet slm loss-events chli-event

configure oam-pm session ethernet lmm loss-events chli-event

configure oam-pm session ip twamp-light loss-events chli-event

Description

This command sets the consecutive high loss interval (CHLI) threshold to be monitored and the associated thresholds using the counter of the specified direction. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no chli-event forward

no chli-event backward

no chli-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the numerical value compared to the CHLI counter that is the rising threshold that determines when the event is to be generated, when the percentage of loss value is reached.

Values

1 to 864000

clear-threshold

Specifies an optional numerical value compared to the CHLI counter used for stateful behavior that allows the operator to configure a value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the CHLI counter must be 0.

Platforms

All

  • configure oam-pm session ethernet slm loss-events chli-event
  • configure oam-pm session ethernet lmm loss-events chli-event

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure oam-pm session ip twamp-light loss-events chli-event

cipher

cipher

Syntax

cipher index name cipher-name

no cipher index

Context

[Tree] (config>system>security>ssh>server-cipher-list cipher)

[Tree] (config>system>security>ssh>client-cipher-list cipher)

Full Context

configure system security ssh server-cipher-list cipher

configure system security ssh client-cipher-list cipher

Description

This command configures a cipher. Client-ciphers are used when the SR OS is acting as an SSH client. Server-ciphers are used when the SR OS is acting as an SSH server.

The no form of this command removes the index and cipher name from the configuration.

Default

no cipher index

Parameters

index

Specifies the index of the cipher in the list.

Values

1 to 255

cipher-name

Specifies the algorithm used when performing encryption or decryption.

Values

Client ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr.

Server ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr.

The following table lists the default ciphers used for SSHv2.

Table 4. SSHv2 Default Ciphers

Cipher index value

Cipher name

190

aes256-ctr

192

aes192-ctr

194

aes128-ctr

200

aes128-cbc

205

3des-cbc

225

aes192-cbc

230

aes256-cbc

Platforms

All

cipher

Syntax

cipher index name cipher-suite-code

no cipher index

Context

[Tree] (config>system>security>tls>server-cipher-list cipher)

[Tree] (config>system>security>tls>client-cipher-list cipher)

Full Context

configure system security tls server-cipher-list cipher

configure system security tls client-cipher-list cipher

Description

This command configures the cipher suite to be negotiated by the server and client.

Parameters

index

Specifies the index number. The index number provides the location of the cipher in the negotiation list, with the lower index numbers being higher in the negotiation list and the higher index numbers being at the bottom of the list.

Values

1 to 255

cipher-suite-code

Specifies the cipher suite code.

Values

tls-rsa-with-null-md5

tls-rsa-with-null-sha

tls-rsa-with-null-sha256

tls-rsa-with-3des-ede-cbc-sha

tls-rsa-with-aes128-cbc-sha

tls-rsa-with-aes256-cbc-sha

tls-rsa-with-aes128-cbc-sha256

tls-rsa-with-aes256-cbc-sha256

tls-rsa-with-aes128-gcm-sha256

tls-rsa-with-aes256-gcm-sha384

Platforms

All

cipher-list

cipher-list

Syntax

cipher-list name

no cipher-list

Context

[Tree] (config>system>security>tls>client-tls-profile cipher-list)

Full Context

configure system security tls client-tls-profile cipher-list

Description

This command assigns the cipher list to be used by the TLS client profile for negotiation in the client Hello message.

Parameters

name

Specifies the name of the cipher list.

Platforms

All

cipher-list

Syntax

cipher-list name

no cipher-list

Context

[Tree] (config>system>security>tls>server-tls-profile cipher-list)

Full Context

configure system security tls server-tls-profile cipher-list

Description

This command assigns a cipher list to be used by the TLS server profile. This cipher list is used to find matching ciphers with the cipher list that is received from the client.

The no form of the command removes the cipher list.

Parameters

name

Specifies the name of the cipher list, up to 32 characters in length.

Platforms

All

cipher-suite

cipher-suite

Syntax

cipher-suite cipher-suite

no cipher-suite

Context

[Tree] (config>macsec>connectivity-association cipher-suite)

Full Context

configure macsec connectivity-association cipher-suite

Description

This command configures encryption of data path PDUs. When all parties in the Connectivity Association (CA) have the SAK, they use the above algorithm in conjunction with the SAK to encrypt the data path PDUs.

The XPN 64 bit (extended packet number) can be used for higher rate ports such as 10 GigE to minimize the window rollover and renegotiation of the SAK.

The no form of this command disables encryption of data path PDUs.

Default

cipher-suite gcm-aes-128

Parameters

cypher-suite

Specifies the algorithm.

Values

gcm-aes-128 — algorithm is used for control plain encryption

gcm-aes-256 — algorithm is used for control plain encryption

gcm-aes-xpn-128 — algorithm with extended packet number is used for control plain encryption

gcm-aes-xpn-256 — algorithm with extended packet number is used for control plain encryption

Platforms

All

cir

cir

Syntax

cir congested-cir

no cir

Context

[Tree] (config>app-assure>group>policer>congestion-override cir)

Full Context

configure application-assurance group policer congestion-override cir

Description

This command provides a mechanism to configure the CIR for the congestion override policer. It is recommended that the CIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. The CIR is configurable for dual-bucket bandwidth policers only.

The no form of this command resets the CIR value to its default.

Default

cir 0

Parameters

congested-cir

Specifies an integer value defining size, in kilobytes, for the CIR of the policer.

Values

0 to 100000000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cir

Syntax

cir cir-rate

no cir

Context

[Tree] (config>app-assure>group>policer>congestion-override-stage2 cir)

Full Context

configure application-assurance group policer congestion-override-stage2 cir

Description

This command provides a mechanism to configure the CIR for the congestion override policer. It is recommended that the CIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. The CIR is configurable for dual-bucket bandwidth policers only.

The no form of this command resets the CIR value to its default.

Default

cir 0

Parameters

cir-rate

Specifies an integer value defining size, in kilobytes, for the CIR of the policer.

Values

0 to 100000000, max

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cir-non-profiling

cir-non-profiling

Syntax

[no] cir-non-profiling

Context

[Tree] (config>qos>sap-ingress>queue cir-non-profiling)

Full Context

configure qos sap-ingress queue cir-non-profiling

Description

This command prevents the modification of the profile of a packet depending on the queue rate compared to its configured CIR. The CIR continues to be used to affect the scheduling priority of a queue. The cir-non-profiling command and the queue police command are mutually exclusive.

The cir-non-profiling command is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

The cir-non-profiling command should not be configured under a SAP ingress QoS policy queue associated with a LAG which spans FP4-based and FP2- or FP3-based hardware as the resulting operation could be different depending on which hardware type the traffic ingresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

cir-non-profiling

Syntax

[no] cir-non-profiling

Context

[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue cir-non-profiling)

Full Context

configure qos queue-group-templates ingress queue-group queue cir-non-profiling

Description

This command prevents the modification of the profile of a packet-dependent queue rate compared to its configured CIR. The CIR continues to be used to affect the scheduling priority of a queue. The cir-non-profiling and the queue police commands are mutually exclusive.

cir-non-profiling is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

cir-non-profiling should not be configured under an ingress queue group template queue associated with a LAG which spans FP4-based and FP2/FP3-based hardware as the resulting operation could be different depending on which hardware type the traffic ingresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

circuit-id

circuit-id

Syntax

circuit-id string ascii-string

circuit-id hex hex-string

no circuit-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident circuit-id)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident circuit-id)

Full Context

configure subscriber-mgmt local-user-db ppp host host-identification circuit-id

configure subscriber-mgmt local-user-db ipoe host host-identification circuit-id

Description

This command specifies the circuit ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the circuit ID is matched against DHCP Option 82.

Note:

This command is only used when circuit-id is configured as one of the match-list parameters.

The no form of this command removes the circuit ID from the configuration.

Parameters

ascii-string

Specifies the circuit ID from the Option 82, up to 127 characters.

hex-string

Specifies the circuit ID in hexadecimal format from the Option 82.

Values

0x0 to 0xFFFFFFFF (maximum 254 hex nibbles)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

circuit-id sap-id

circuit-id string ASCII string

no circuit-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ali circuit-id)

Full Context

configure subscriber-mgmt local-user-db ppp host access-loop-information circuit-id

Description

This command specifies a circuit-id for PPPoE hosts. A circuit ID received in PPPoE tags has precedence over the LUDB specified circuit ID.

The no form of this command reverts to the default.

Parameters

sap-id

Specifies to use the SAP ID of the PPPoE session as the circuit ID.

ASCII string

Specifies the circuit ID as a string, up to 63 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

circuit-id

circuit-id {ascii-tuple | if-index | sap-id | vlan-ascii-tuple}

circuit-id hex [hex-string]

no circuit-id

Context

[Tree] (config>service>vprn>if>dhcp>option circuit-id)

[Tree] (config>service>ies>if>dhcp>option circuit-id)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option circuit-id)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option circuit-id)

[Tree] (config>service>vpls>sap>dhcp>option circuit-id)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option circuit-id)

Full Context

configure service vprn interface dhcp option circuit-id

configure service ies interface dhcp option circuit-id

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option circuit-id

configure service ies subscriber-interface group-interface dhcp option circuit-id

configure service vpls sap dhcp option circuit-id

configure service vprn subscriber-interface group-interface dhcp option circuit-id

Description

When enabled, the router sends an ASCII-encoded tuple in the circuit-id sub-option of the DHCP packet. This ASCII-tuple consists of the access-node-identifier, service-id, and SAP-ID, separated by "|”. If no keyword is configured, then the circuit-id sub-option will not be part of the information option (Option 82). When the command is configured without any parameters, it equals to circuit-id ascii-tuple.

To send a tuple in the circuit ID, the action replace command must be configured in the same context.

If disabled, the circuit-id sub-option of the DHCP packet is left empty.

The no form of this command specifies to leave the circuit-id option of the packet empty.

Default

circuit-id ascii-tuple

Parameters

ascii-tuple

Specifies that the ASCII-encoded concatenated tuple consisting of the access-node-identifier, service-id, and interface-name is used.

ifindex

Specifies that the interface index is used. The If Index of a router interface can be displayed using the command show>router>if>detail.

sap-id

Specifies that the SAP identifier is used.

vlan-ascii-tuple

Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Thus, when the Option 82 bits are stripped, dot1p bits are copied to the Ethernet header of an outgoing packet.

hex-string

Specifies the hex value of this option.

Values

0x0 to 0xFFFFFFFF...(up to 64 hex nibbles)

Platforms

All

  • configure service vprn interface dhcp option circuit-id
  • configure service ies interface dhcp option circuit-id
  • configure service vpls sap dhcp option circuit-id

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface dhcp option circuit-id
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option circuit-id
  • configure service vprn subscriber-interface group-interface dhcp option circuit-id

circuit-id

Syntax

[no] circuit-id

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute circuit-id)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute circuit-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute circuit-id

configure subscriber-mgmt authentication-policy include-radius-attribute circuit-id

Description

This command enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

[no] circuit-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>avp circuit-id)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp circuit-id

Description

This command includes the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

[no] circuit-id circuit-id

Context

[Tree] (debug>service>id>ppp circuit-id)

Full Context

debug service id ppp circuit-id

Description

This command enable PPP debug for the specified circuit-id.

Multiple circuit-id filters can be specified in the same debug command.

The no form of this command disables debugging.

Parameters

circuit-id

Specifies the circuit-id in PADI.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

[no] circuit-id

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes circuit-id)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes circuit-id)

Full Context

configure aaa isa-radius-policy auth-include-attributes circuit-id

configure aaa isa-radius-policy acct-include-attributes circuit-id

Description

This command enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.

Default

no circuit-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

circuit-id {ascii-tuple | ifindex | if-name | port-id | vlan-ascii-tuple | none}

no circuit-id

Context

[Tree] (config>router>if>dhcp>option circuit-id)

Full Context

configure router interface dhcp option circuit-id

Description

When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>if>detail. This option specifies data that must be unique to the router that is relaying the circuit.

If disabled, the circuit-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default

circuit-id ascii-tuple

Parameters

ascii-tuple

Specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by "| ”.

ifindex

Specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.

if-name

Specifies the interface name.

port-id

Specifies the port ID.

vlan-ascii-tuple

Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

none

Specifies that no circuit should be used.

Platforms

All

circuit-id-from-auth

circuit-id-from-auth

Syntax

[no] circuit-id-from-auth

Context

[Tree] (config>subscr-mgmt>ipoe-plcy circuit-id-from-auth)

Full Context

configure subscriber-mgmt ipoe-session-policy circuit-id-from-auth

Description

This command takes the circuit ID value from the authentication server to identify the session.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cisco-nas-port

cisco-nas-port

Syntax

cisco-nas-port [ethernet binary-spec-eth] [atm binary-spec-atm]

no cisco-nas-port

Context

[Tree] (config>router>l2tp cisco-nas-port)

[Tree] (config>service>vprn>l2tp cisco-nas-port)

Full Context

configure router l2tp cisco-nas-port

configure service vprn l2tp cisco-nas-port

Description

This command configures the L2TP Cisco NAS port AVP.

The no form of this command removes the specified L2TP Cisco NAS port AVP.

Default

no cisco-nas-port

Parameters

binary-spec-eth

Specifies the string to put in the Cisco-NAS-Port AVP for L2TP control messages related to a PPPoE session in this L2TP protocol instance.

binary-spec-atm

Specifies the string to put in the Cisco-NAS-Port AVP, for L2TP control messages related to a PPPoA (PPP over ATM) session in this L2TP protocol instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cisco-nas-port

Syntax

cisco-nas-port [ethernet binary-spec] [ atm binary-spec]

no cisco-nas-port

Context

[Tree] (config>service>vprn>l2tp cisco-nas-port)

Full Context

configure service vprn l2tp cisco-nas-port

Description

This command enables the AVP Cisco-nas-port to include the slot/mda/port along with the pseudowire port ID. If the pseudowire is terminated on a LAG, the slot/mda/port cannot be populated and only the pseudowire ID is included.

The no form of this command enables the AVP Cisco-nas-port.

Default

no cisco-nas-port

Parameters

binary-spec

Specifies the NAS port attribute.

Values

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 to 32

origin

s | m | p | o | i | v | c

s

slot number

m

MDA number

p

port number, lag-id, pw-id or pxc-id

o

outer VLAN ID

i

inner VLAN ID

v

ATM VPI

c

ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ckn

ckn

Syntax

ckn hex-string

no ckn

Context

[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key ckn)

Full Context

configure macsec connectivity-association static-cak pre-shared-key ckn

Description

Specifies the connectivity association key name (CKN) for a pre-shared key.

CKN is appended to the MKA for identification of the appropriate CAK by the peer.

The no form of this command reverts to the default value.

Parameters

hex-string

Specifies the value of the CKN.

Values

32 octets char (64 hex)

Platforms

All

class

class

Syntax

[no] class class-number

Context

[Tree] (config>port>ethernet>egress>hs-sec-shaper class)

Full Context

configure port ethernet egress hs-secondary-shaper class

Description

This command specifies the HS secondary shaper class.

The no form of this command reverts the rate for this class to the default value.

Parameters

class-number

Specifies the HS secondary shaper class identifier.

Values

1 to 6

Platforms

7750 SR-7/12/12e

class

Syntax

[no] class

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes class)

Full Context

configure aaa isa-radius-policy acct-include-attributes class

Description

This command enables the generation of the class RADIUS attribute.

Default

no class

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

class-forwarding

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>service>vprn class-forwarding)

Full Context

configure service vprn class-forwarding

Description

This command enables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.

The no form of this command disables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.

Default

no class-forwarding

Platforms

All

class-forwarding

Syntax

class-forwarding cbf-mode {lsr | ler | lsr-and-ler}

no class-forwarding

Context

[Tree] (config>router>ldp class-forwarding)

Full Context

configure router ldp class-forwarding

Description

This command enables class-based forwarding for packets that belong to one of the eight forwarding classes (be, l2, af, l1, h2, ef, h1, and nc). For the LER role, class-based forwarding is performed in conjunction with ECMP. At LER, this function applies to packets whose prefixes resolve to an LDP FEC. This LDP FEC resolves to a set of IGP shortcuts (RSVP-TE LSPs). At LSR, this function applies to labeled LDP packets whose FEC resolves to an IGP shortcut. Refer to "Class-based Forwarding of LDP Prefix Packets over IGP Shortcuts” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for detailed information on this capability.

The no form of this command disables class-based forwarding.

Default

no class-forwarding

Parameters

cbf-mode lsr

Enables class-forwarding at LSR and disables any previously enabled mode.

cbf-mode ler

Enables class-forwarding at LER and disables any previously enabled mode.

cbf-mode lsr-and-ler

Enables class-forwarding at both LSR and LER, and disables any previously enabled mode.

Platforms

All

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>router>mpls>lsp-template class-forwarding)

[Tree] (config>router>mpls>lsp class-forwarding)

Full Context

configure router mpls lsp-template class-forwarding

configure router mpls lsp class-forwarding

Description

Commands in this context configure class based forwarding parameters for a given LSP or LSP-template.

A change in the Class-Based Forwarding configuration may result in a change of forwarding behavior.

The no form removes any Class-Based Forwarding configuration associated to that LSP or LSP-template.

Default

no class-forwarding

Platforms

All

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>router class-forwarding)

Full Context

configure router class-forwarding

Description

This command enables class-based forwarding (CBF) over IGP shortcuts. When the class-forwarding command is enabled, the following types of packets are forwarded based on their forwarding class:

  • packets of BGP prefixes

  • CPM originated packets for the families (IPv4 only, IPv6 only, or both IPv4 and IPv6) which have been enabled over IGP shortcuts using the igp-shortcut CLI context in one or more IGP instances

The SR OS CBF implementation supports spraying of packets over a maximum of four forwarding sets of ECMP LSPs. The user must define a class-forwarding policy object in MPLS to configure the mapping of FCs to the forwarding sets. Then, the user assigns the CBF policy name and set ID to each MPLS LSP that is used in IGP shortcuts.

When a BGP IPv4 or IPv6 prefix is resolved, the FC of the packet is used to look up the forwarding set ID. Then, a modulo operation is performed on the tunnel next-hops of this set ID only, to spray packets of this FC. The data path concurrently implements CBF and ECMP within the tunnels of each set ID.

CPM-originated packets on the router, including control plane and OAM packets, are forwarded over a single LSP from the set of LSPs that the packet's FC is mapped to, as per the CBF configuration.

Note:

Weighted ECMP, at the transport tunnel level of BGP prefixes over IGP shortcuts and the CBF feature on a per BGP next-hop basis are mutually exclusive.

Default

no class-forwarding

Platforms

All

class-forwarding

Syntax

class-forwarding [default-lsp lsp-name]

no class-forwarding

Context

[Tree] (config>service>sdp class-forwarding)

Full Context

configure service sdp class-forwarding

Description

This command enables the forwarding of a service packet over the SDP based on the class of service of the packet. Specifically, the packet is forwarded on the RSVP LSP or static LSP whose forwarding class matches that of the packet. The user maps the system forwarding classes to LSPs using the config>service>sdp>class-forwarding>fc command. If there is no LSP that matches the packet’s forwarding class, the default LSP is used. If the packet is a VPLS multicast/broadcast packet and the user did not explicitly specify the LSP to use under the config>service>sdp>class-forwarding>multicast-lsp context, then the default LSP is used.

VLL service packets are forwarded based on their forwarding class only if shared queuing is enabled on the ingress SAP. Shared queuing must be enabled on the VLL ingress SAP if class-forwarding is enabled on the SDP the service is bound to. Otherwise, the VLL packets will be forwarded to the LSP which is the result of hashing the VLL service ID. Since there are eight entries in the ECMP table for an SDP, one LSP ID for each forwarding class, the resulting load balancing of VLL service ID is weighted by the number of times an LSP appears on that table. For instance, if there are eight LSPs, the result of the hashing will be similar to when class based forwarding is disabled on the SDP. If there are fewer LSPs, then the LSPs which were mapped to more than one forwarding class, including the default LSP, will have proportionally more VLL services forwarding to them.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.

The no form of the command deletes the configuration and the SDP reverts back to forwarding service packets based on the hash algorithm used for LAG and ECMP.

Default

no class-forwarding

Parameters

default-lsp lsp-name

Specifies the default LSP for the SDP. This LSP name must exist and must have been associated with this SDP using the lsp-name configured in the config>service>sdp>lsp context. The default LSP is used to forward packets when there is no available LSP which matches the packet’s forwarding class. This could be because the LSP associated with the packet’s forwarding class is down, or that the user did not configure a mapping of the packet’s forwarding class to an LSP using the config>service>sdp>class-forwarding>fc command. The default LSP is also used to forward VPLS service multicast/broadcast packets in the absence of a user configuration indicating an explicit association to one of the SDP LSPs.

Note:

When the default LSP is down, the SDP is also brought down. The user will not be able to enter the class-forwarding node if the default LSP was not previously specified. In other words, the class-forwarding for this SDP will remain shutdown.

Platforms

All

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>router>ospf>segm-rtng class-forwarding)

[Tree] (config>router>isis>segm-rtng class-forwarding)

Full Context

configure router ospf segment-routing class-forwarding

configure router isis segment-routing class-forwarding

Description

This command enables Class Based Forwarding with ECMP for SR-ISIS or SR-OSPF resolved to RSVP-TE LSPs as IGP shortcuts. For CBF+ECMP to be effective, a class forwarding policy must be defined. In addition, FC to set associations and RSVP-TE LSPs to set associations must be defined.

The no form of this command disables Class Based Forwarding with ECMP for SR-ISIS or SR-OSPF resolved to RSVP-TE LSPs as IGP shortcuts.

Default

no class-forwarding

Platforms

All

class-forwarding-policy

class-forwarding-policy

Syntax

class-forwarding-policy policy-name

no class-forwarding-policy policy-name

Context

[Tree] (config>router>mpls class-forwarding-policy)

Full Context

configure router mpls class-forwarding-policy

Description

This command configures the class-based forwarding (CBF) policy used in the CBF feature of an LDP FEC or a BGP prefix over IGP shortcuts.

Parameters

policy-name

Specifies the name of the class forwarding policy, up to 32 characters.

Platforms

All

class-pool

class-pool

Syntax

[no] class-pool alt-class-pool-id

Context

[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools class-pool)

Full Context

configure qos hs-port-pool-policy alt-port-class-pools class-pool

Description

Commands in this context configure a class pool's parent mid-pool, dynamic port bandwidth weight, explicit percentage of mid-pool size, or a slope policy. Six alternate port-class pools always exist (one for each of the six scheduling classes) and do not need to be created.

The no form of the command restores the default parent-mid-pool association to mid-pool none, restores the default allocation port-bw-weight 1 setting (explicit-percent disabled), and restores the default slope policy to the specified class-pool.

Parameters

alt-class-pool-id

Specifies the class pool ID.

Values

1 to 6

Platforms

7750 SR-7/12/12e

class-pool

Syntax

[no] class-pool std-class-pool-id

Context

[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools class-pool)

Full Context

configure qos hs-port-pool-policy std-port-class-pools class-pool

Description

Commands in this context configure class pool's parent mid-pool, dynamic port bandwidth weight, explicit percentage of mid-pool size, or a slope policy. Six alternate port-class pools always exist (one for each of the six scheduling classes) and do not need to be created.

The no form of the command restores the default parent-mid-pool association to mid-pool 1, restores the default allocation port-bw-weight 1 setting (explicit-percent disabled), and restore the default slope policy to the specified class-pool.

Parameters

std-class-pool-id

Specifies the class pool ID.

Values

1 to 6

Platforms

7750 SR-7/12/12e

class-type

class-type

Syntax

class-type ct-number

no class-type

Context

[Tree] (config>router>mpls>lsp>secondary class-type)

[Tree] (config>router>mpls>lsp class-type)

[Tree] (config>router>mpls>lsp-template class-type)

[Tree] (config>router>mpls>lsp>primary class-type)

Full Context

configure router mpls lsp secondary class-type

configure router mpls lsp class-type

configure router mpls lsp-template class-type

configure router mpls lsp primary class-type

Description

This command configures the Diff-Serv Class Type (CT) for an LSP, the LSP primary path, or the LSP secondary path. The path level configuration overrides the LSP level configuration. However, only one CT per LSP path will be allowed as per RFC 4124.

The signaled CT of a dynamic bypass is always be CT0 regardless of the CT of the primary LSP path. The setup and hold priorities must be set to default values, that is, 7 and 0 respectively. This assumes that the operator configured a couple of TE classes, one which combines CT0 and a priority of 7 and the other which combines CT0 and a priority of 0. If not, the bypass LSP will not be signaled and will go into the down state.

The operator cannot configure the CT, setup priority, and hold priority of a manual bypass. They are always signaled with CT0 and the default setup and holding priorities.

The signaled CT and setup priority of a detour LSP must match those of the primary LSP path it is associated with.

If the operator changes the CT of an LSP or of an LSP path, or changes the setup and holding priorities of an LSP path, the path will be torn down and retried.

An LSP which does not have the CT explicitly configured will behave like a CT0 LSP when Diff-Serv is enabled.

If the operator configured a combination of a CT and a setup priority and/or a combination of a CT and a holding priority for an LSP path that are not supported by the user-defined TE classes, the LSP path will be kept in a down state and an error code will be displayed in the show command output for the LSP path.

The no form of this command reverts to the default value.

Default

class-type 0

Parameters

ct-number

Specifies the Diff-Serv Class Type number.

Values

0 to 7

Platforms

All

class-type-bw

class-type-bw

Syntax

class-type-bw ct0 %-link-bandwidth ct1%-link-bandwidth ct2%-link-bandwidth ct3%-link-bandwidth ct4%-link-bandwidth ct5%-link-bandwidth ct6%-link-bandwidth ct7%-link-bandwidth

no class-type-bw

Context

[Tree] (config>router>rsvp>diffserv-te class-type-bw)

[Tree] (config>router>rsvp>interface class-type-bw)

Full Context

configure router rsvp diffserv-te class-type-bw

configure router rsvp interface class-type-bw

Description

This command configures the percentage of RSVP interface bandwidth each CT shares, for example, the Bandwidth Constraint (BC).

The absolute value of the CT share of the interface bandwidth is derived as the percentage of the bandwidth advertised by IGP in the Maximum Reservable Link Bandwidth TE parameter, for example, the link bandwidth multiplied by the RSVP interface subscription percentage parameter.

Note:

This configuration also exists at RSVP interface level and the interface specific configured value overrides the global configured value. The BC value can be changed at any time.

The RSVP interface subscription percentage parameter is configured in the config>router>rsvp>interface context.

The operator can specify the Bandwidth Constraint (BC) for a CT which is not used in any of the TE class definition but that does not get used by any LSP originating or transiting this node.

When Diff-Serv is disabled on the node, this model degenerates into a single default CT internally with eight preemption priorities and a non-configurable BC equal to the Maximum Reservable Link Bandwidth. This would behave exactly like CT0 with eight preemption priorities and BC= Maximum Reservable Link Bandwidth if Diff-Serv was enabled.

The no form of this command reverts to the default value.

Parameters

ct0 (ct1/ct2/ —ct7) %link-bandwidth

The Diff-Serv Class Type number. One or more system forwarding classes can be mapped to a CT.

Values

0 to 100 %

Default

0

Platforms

All

class-weight

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>ipipe>sap>egress>queue-override>hs-wrr-group class-weight)

[Tree] (config>service>epipe>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service ipipe sap egress queue-override hs-wrr-group class-weight

configure service epipe sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>vpls>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service vpls sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>ies>if>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service ies interface sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service vprn interface sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

classes

classes

Syntax

classes limit

no classes

Context

[Tree] (config>card>fp>ingress>policy-accounting classes)

Full Context

configure card fp ingress policy-accounting classes

Description

This command configures the maximum number of source and destination classes that can be instantiated for accounting purposes on the interfaces of a specific card or FP.

The no form of this command specifies that no resources are reserved for source or destination classes.

Parameters

limit

Specifies the number of accounting classes.

Values

1000 to 128000

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

classic-cli

classic-cli

Syntax

classic-cli

Context

[Tree] (config>system>management-interface>cli classic-cli)

Full Context

configure system management-interface cli classic-cli

Description

Commands in this context configure the classic CLI management interface.

Platforms

All

classic-cli

Syntax

classic-cli

Context

[Tree] (config>system>security>management-interface classic-cli)

Full Context

configure system security management-interface classic-cli

Description

Commands in this context configure hash-control for the classic CLI interface.

Platforms

All

classic-lsn-max-subscriber-limit

classic-lsn-max-subscriber-limit

Syntax

classic-lsn-max-subscriber-limit max

no classic-lsn-max-subscriber-limit

Context

[Tree] (config>router>nat>inside>deterministic classic-lsn-max-subscriber-limit)

[Tree] (config>service>vprn>nat>inside>deterministic classic-lsn-max-subscriber-limit)

Full Context

configure router nat inside deterministic classic-lsn-max-subscriber-limit

configure service vprn nat inside deterministic classic-lsn-max-subscriber-limit

Description

This command affects ingress hashing of the subscribers for deterministic NAT. It will also affect hashing of the subscribers for non-deterministic NAT if the both types of NAT are configured simultaneously. The hashing will ensure that traffic load is distributed over multiple MS-ISAs in the system. For deterministic LSN44, (32 – n) bits of the source IP address will be considered for hashing, where 2^n= classic-lsn-max-subscriber-limit.

The scope of this command is the inside routing instance. This command must match the largest subscriber limit of all pools that are referenced by nat-policies configured within the corresponding inside routing instance.

This parameter must be configured before any prefix is configured and can be modified only if there are no prefixes configured under the deterministic NAT CLI hierarchy.

If non-deterministic NAT is not used simultaneously with deterministic NAT within a routing context, then hashing for non-deterministic NAT will be performed based on the subscriber.

Default

no classic-lsn-max-subscriber-limit

Parameters

max

The power of 2 (2^n) number that must match the largest subscriber limit number in a deterministic pool referenced from this inside routing instance. The range for this command is the same as the subscriber-limit command under the pool hierarchy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classic-lsn-max-subscriber-limit

Syntax

classic-lsn-max-subscriber-limit max

no classic-lsn-max-subscriber-limit

Context

[Tree] (config>service>vprn>nat>inside classic-lsn-max-subscriber-limit)

[Tree] (config>router>nat>inside classic-lsn-max-subscriber-limit)

Full Context

configure service vprn nat inside classic-lsn-max-subscriber-limit

configure router nat inside classic-lsn-max-subscriber-limit

Description

This command sets the granularity of traffic distribution in the upstream direction across the MS-ISA within the scope of an inside routing context. Traffic distribution mechanism is based on the source IPv4 addresses/prefixes. More granular distribution is based on the IPv4 address, while distribution based on the IPv4 prefix (determined by prefix length) will be less granular. The granularity will further decrease with shorter prefix length.

For example, a prefix length of 32 will distribute individual /32 IPv4 addresses over multiple MS-ISAs in an ISA group. This will ensure better traffic load balancing at the expense of forwarding table utilization on the outside (public side) where each /32 is installed in the forwarding table. On the contrary, shorter prefixes will ensure better utilization of the forwarding table on the outside, at the expense of coarser spread of IP addresses over multiple MS-ISAs.

This command affects all flavors of LSN44 within the inside routing contexts, although its primary use is intended for deterministic NAT and dnat-only.

The length of the prefix that is used for distribution purposes is (32-n), where 2^n= classic-lsn-max-subscriber-limit. For example, if traffic distribution is based on the IPv4 address (prefix length = 32), then n must be 0. From here, it follows that classic-lsn-max-subscriber-limit must be set to 1:

Prefix length = 32 -> 32-n = 32 -> n=0 -> 2^0= 1 = classic-lsn-max-subscriber-limit classic-lsn-max-subscriber-limit = 1

The implicit method given by this command uses power of 2 calculations to provide prefix length for traffic distribution purposes. This roundabout approach to determine the prefix-length has roots in deterministic NAT where this command was originally introduced.

Even though deterministic NAT and dnat-only have very little in common, the method (and CLI syntax) for calculating the prefix length using the classic-lsn-max-subscriber-limit parameter for traffic distribution purposes is shared between the two. In dnat-only, this parameter is important from an operational perspective since it affects traffic load balancing over MS-ISA and the size of the routing table.

This command must be configured before any prefix is configured and can be modified only if there are no prefixes configured under the deterministic NAT.

Parameters

max

The power of 2 (2^n) value which in deterministic NAT must match the largest subscriber-limit value in any deterministic pool referenced from this inside routing instance.

In dnat-only, this value can be set to any value from the allowed range.

In both cases, this value will determine the prefix-length (17-32) that will directly influence load distribution between the MS-ISAs and the size of the routing table.

Values

1,2,4,8 to 32768

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classic-lsn-sub

classic-lsn-sub

Syntax

[no] classic-lsn-sub router router-instance ip ip-address

Context

[Tree] (config>li>li-source>nat classic-lsn-sub)

Full Context

configure li li-source nat classic-lsn-sub

Description

This command configures a classic LSN subscriber sources.

The no form of this command removes the parameter from the configuration.

Parameters

router-instance

Specifies the router instance the pool belongs to, either by router name or service ID.

Values

router-name: "Base” | "management”

Default

Base

ip-address

Specifies the IP address in a.b.c.d format.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classification-overrides

classification-overrides

Syntax

classification-overrides

Context

[Tree] (config>app-assure>group>url-filter>web-service classification-overrides)

Full Context

configure application-assurance group url-filter web-service classification-overrides

Description

Commands in this context create a classification override and allows the operator to manually set the category of a hostname.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classifier

classifier

Syntax

classifier classifier category-set-id category-set

no classifier

Context

[Tree] (config>app-assure>group>url-filter>web-service classifier)

Full Context

configure application-assurance group url-filter web-service classifier

Description

This command selects the web service to use from the supported web services.

The no form of this command removes the selected web service.

Default

no classifier

Parameters

classifier

Specifies the web service to use.

Values

web-service-1 | web-service-2

category-set

Specifies the category ID set to use for URL categorization. A category-set ID defines the list of categories that the web service uses to perform URL categorization.

Values

1 to 2

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

clear

clear

Syntax

clear

Context

[Tree] (admin clear)

Full Context

admin clear

Description

Commands in this context clear statistics.

Platforms

All

clear-alarm-msg

clear-alarm-msg

Syntax

clear-alarm-msg message-string

no clear-alarm-msg

Context

[Tree] (config>system>alarm-contact-input clear-alarm-msg)

Full Context

configure system alarm-contact-input clear-alarm-msg

Description

This command configures a message string to send with SNMP trap and log event messages that are generated when the system clears an alarm. The system generates the default message "Alarm Input Cleared” if no message is configured. The clear-alarm-msg string is included in the log event when the pin changes to the normal state.

The no form of this command reverts to the default message "Alarm Input Cleared”.

Default

no clear-alarm-msg

Parameters

message-string

Specifies a printable character string, up to 160 characters.

Platforms

7750 SR-a

clear-df-bit

clear-df-bit

Syntax

[no] clear-df-bit

Context

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel clear-df-bit)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel clear-df-bit)

[Tree] (config>service>ies>if>sap>ip-tunnel clear-df-bit)

[Tree] (config>router>if>ipsec>ipsec-tunnel clear-df-bit)

[Tree] (config>service>vprn>if>ipsec>ip-tunnel clear-df-bit)

Full Context

configure service ies interface ipsec ipsec-tunnel clear-df-bit

configure service vprn interface sap ipsec-tunnel clear-df-bit

configure service ies interface sap ip-tunnel clear-df-bit

configure router interface ipsec ipsec-tunnel clear-df-bit

configure service vprn interface ipsec ip-tunnel clear-df-bit

Description

This command instructs the MS-ISA to reset the DF bit to 0 in all payload IP packets associated with the GRE or IPsec tunnel, before any potential fragmentation resulting from the ip-mtu command (this requires a modification of the header checksum).

The no form of this command disables the DF bit reset.

Default

no clear-df-bit

Platforms

VSR

  • configure service ies interface ipsec ipsec-tunnel clear-df-bit
  • configure router interface ipsec ipsec-tunnel clear-df-bit

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies interface sap ip-tunnel clear-df-bit
  • configure service vprn interface sap ipsec-tunnel clear-df-bit

clear-df-bit

Syntax

[no] clear-df-bit

Context

[Tree] (config>service>vprn>if clear-df-bit)

Full Context

configure service vprn interface clear-df-bit

Description

This command specifies whether to clear the Do not Fragment (DF) bit in the outgoing packets in this tunnel.

Platforms

All

clear-df-bit

Syntax

[no] clear-df-bit

Context

[Tree] (config>ipsec>tnl-temp clear-df-bit)

Full Context

configure ipsec tunnel-template clear-df-bit

Description

This command enables clearing of the Do-not-Fragment bit.

Default

no clear-df-bit

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

clear-ocsp-cache

clear-ocsp-cache

Syntax

clear-ocsp-cache [entry-id]

Context

[Tree] (admin>certificate clear-ocsp-cache)

Full Context

admin certificate clear-ocsp-cache

Description

This command clears the current OCSP response cache. If optional issuer and serial-number are not specified, then all current cached results are cleared.

Parameters

entry-id

Specifies the local cache entry identifier of the certificate to clear.

Values

1 to 2000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

clear-request

clear-request

Syntax

clear-request ca ca-profile-name

Context

[Tree] (admin>certificate>cmpv2 clear-request)

Full Context

admin certificate cmpv2 clear-request

Description

This command clears current pending CMPv2 requests toward the specified CA. If there are no pending requests, it will clear the saved result of prior request.

Parameters

ca ca-profile-name

Specifies a ca-profile name up to 32 characters.

Platforms

All

clear-tag-mode

clear-tag-mode

Syntax

clear-tag-mode clear-tag-mode

no clear-tag-mode

Context

[Tree] (config>macsec>connectivity-association clear-tag-mode)

Full Context

configure macsec connectivity-association clear-tag-mode

Description

This command puts 802.1Q tags in cleartext before the SecTAG. There are two modes: single-tag and dual-tag.

Encrypted Dot1q and QinQ Packet Format explains the encrypted dot1q and QinQ packet format when clear-tag-mode single-tag or dual-tag is configured.

The no form of this command puts all dot1q tags encrypted after the SecTAG.

Table 5. Encrypted Dot1q and QinQ Packet Format

Unencrypted format

Clear-tag-mode

Pre-encryption (Tx)

Pre-decryption (Rx)

Single tag (dot1q)

single-tag

DA, SA, TPID, VID, Etype

DA, SA, TPID, VID, SecTag

Single tag (dot1q)

dual-tag

DA, SA, TPID, VID, Etype

DA, SA, TPID, VID, SecTag

Double tag (q-in-q)

single-tag

DA, SA, TPID1, VID1, IPID2, VID2, Etype

DA, SA, TPID1, VID1, SecTag

Double tag (QinQ)

dual-tag

DA, SA, TPID1, VID1, IPID2, VID2, Etype

DA, SA, TPID1, VID1, IPID2, VID2, SecTag

Default

no clear-tag-mode

Parameters

clear-tag-mode

Specifies the clear tag mode.

Values

single-tag, dual-tag

Platforms

All

cli

cli

Syntax

[no] cli

Context

[Tree] (debug>dynsvc>scripts>inst>event cli)

[Tree] (debug>dynsvc>scripts>event cli)

[Tree] (debug>dynsvc>scripts>script>event cli)

Full Context

debug dynamic-services scripts instance event cli

debug dynamic-services scripts event cli

debug dynamic-services scripts script event cli

Description

This command enables/disables the generation of a specific dynamic data service script debugging event output: cli.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cli

Syntax

cli

Context

[Tree] (config>system>management-interface cli)

Full Context

configure system management-interface cli

Description

Commands in this context configure the CLI management interfaces.

Platforms

All

cli

Syntax

cli {warning | info}

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>message-severity-level cli)

Full Context

configure system management-interface cli md-cli environment message-severity-level cli

Description

This command specifies the threshold for CLI messages.

Default

cli info

Parameters

warning

Specifies that WARNING messages are displayed but INFO messages are suppressed.

info

Specifies that INFO messages and WARNING messages are displayed.

Platforms

All

cli-engine

cli-engine

Syntax

cli-engine {classic-cli | md-cli} [{classic-cli | md-cli}]

no cli-engine

Context

[Tree] (config>system>management-interface>cli cli-engine)

Full Context

configure system management-interface cli cli-engine

Description

This command configures the system-wide CLI engine. The operator can configure one or both engines. For the configuration to take effect, exit the running CLI session and start a new session after committing the new value.

Parameters

classic-cli

Specifies the classic CLI.

md-cli

Specifies the MD-CLI.

Platforms

All

cli-script

cli-script

Syntax

cli-script

Context

[Tree] (config>system>security cli-script)

Full Context

configure system security cli-script

Description

Commands in this context configure the security parameters in the system.

Platforms

All

cli-session-group

cli-session-group

Syntax

cli-session-group session-group-name [create]

no cli-session-group session-group-name

Context

[Tree] (config>system>security cli-session-group)

Full Context

configure system security cli-session-group

Description

This command is used to configure a session group that can be used to limit the number of CLI sessions available to members of the group.

Parameters

session-group-name

Specifies a particular session group.

Platforms

All

cli-user

cli-user

Syntax

cli-user name

no cli-user

Context

[Tree] (config>service>dynsvc>policy cli-user)

Full Context

configure service dynamic-services dynamic-services-policy cli-user

Description

This command specifies the CLI user to be used to execute the dynamic data services CLI scripts. With the specified user’s profile, it is possible to further restrict the internal list of allowed commands to be executed via dynamic data service CLI scripts.

The no form of this command sets the CLI user to an internal user with all configuration rights.

Parameters

name

Specifies the CLI user name that must exist in the >config>system>security CLI context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cli-user

Syntax

cli-user user-name

no cli-user

Context

[Tree] (config>system>security>cli-script>authorization>event-handler cli-user)

[Tree] (config>system>security>cli-script>authorization>cron cli-user)

Full Context

configure system security cli-script authorization event-handler cli-user

configure system security cli-script authorization cron cli-user

Description

This command configures the user context under which various types of CLI scripts should execute in order to authorize the script commands. TACACS+ and RADIUS users and authorization are not permitted for cli-script authorization.

The no form of this command configures scripts to execute with no restrictions and without performing authorization.

Default

no cli-user

Parameters

user-name

The name of a user in the local node database. TACACS+ or RADIUS users can not be used. The user configuration should reference a valid local profile for authorization.

Platforms

All

client

client

Syntax

client client-index [create]

no client client-index

Context

[Tree] (config>ipsec>client-db client)

Full Context

configure ipsec client-db client

Description

This command creates a new IPsec client entry in the client-db or enters the configuration context of an existing client entry.

There may be multiple client entries defined in the same client-db. If there are multiple entries that match the new tunnel request, then the system will select the entry that has smallest client-index.

The no form of this command reverts to the default.

Parameters

client-index

Specifies the ID of the client entry.

Values

1 to 8000

create

Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client

Syntax

client all

client ip-address

no client

Context

[Tree] (debug>system>grpc client)

Full Context

debug system grpc client

Description

This command enables debug output for all clients for a particular client.

The no form of this command deactivates debugging for all clients.

Parameters

all

Specifies that debugging will occur for all clients.

ip-address

Specifies the IPv4 or IPv6 address of the client.

Platforms

All

client

Syntax

client

Context

[Tree] (config>system>security>ssh>key-re-exchange client)

Full Context

configure system security ssh key-re-exchange client

Description

Commands in this context enable the key re-exchange for SR OS as an SSH client.

Platforms

All

client-application

client-application

Syntax

client-application [ppp-v4] [ipoe-v4]

no client-application

Context

[Tree] (config>service>vprn>sub-if>grp-if>local-address-assignment client-application)

[Tree] (config>service>vprn>sub-if>local-address-assignment client-application)

[Tree] (config>service>ies>sub-if>local-address-assignment client-application)

[Tree] (config>service>ies>sub-if>grp-if>local-address-assignment client-application)

Full Context

configure service vprn subscriber-interface group-interface local-address-assignment client-application

configure service vprn subscriber-interface local-address-assignment client-application

configure service ies subscriber-interface local-address-assignment client-application

configure service ies subscriber-interface group-interface local-address-assignment client-application

Description

This command enables local DHCP Server pool management for PPPoXv4 clients.

A pool of IP addresses can be shared between IPoE clients that rely on DHCP protocol (lease renewal process) and PPPoX clients where address allocation is not dependent on DHCP messaging but instead an IP address allocation within the pool is tied to the PPPoX session.

The no form of this command disables Local Address Assignment for any protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-application

Syntax

client-application [ppp-slaac] [ipoe-wan] [ ipoe-slaac]

no client-application

Context

[Tree] (config>service>vprn>sub-if>grp-if>lcl-addr-assign>ipv6 client-application)

Full Context

configure service vprn subscriber-interface group-interface local-address-assignment ipv6 client-application

Description

This command defines the client application that uses the local address server to perform address assignment. This feature is relies on RADIUS or local-user-database to return a pool name. The pool name is matched again the pools defined in the local-dhcp6-server configuration. The name of the local-dhcp6-server must also be provisioned.

The no form of this command reverts to the default.

Parameters

ppp-slaac

Indicates using the local DHCPv6 prefix pool to assign SLAAC prefixes for hosts. The pool name where the prefixes are used for SLAAC prefix assignment are obtained from RADIUS or local-user-database during the authentication process. The RADIUS attribute Alc-slaac-ipv6-pool is used to indicate the SLAAC pool name for PPPoE hosts.

ipoe-wan

Indicates using the local DHCPv6 pool for IA_NA address assignment and a static pre-defined prefixes for IA_PD. Both the IA_NA pool name and the IA_PD static framed-prefix are either obtained from RADIUS or LUDB during authentication. With RADIUS, it must return both IA_NA Framed-IPv6-Pool and IA_PD Delegated-IPv6-Prefix after a successful authentication. With LUDB, it must have ipv6-wan-address-pool and ipv6-delegated-prefix populated. This feature is specific to this use case and is not required for other combinations of DHCPv6 assignments such as IA_NA and IA_PD address assignment through RADIUS or LUDB.

ipoe-slaac

Indicates using the local DHCPv6 prefix pool to assign SLAAC prefixes for hosts. The pool name where the prefixes are used for SLAAC prefix assignment are obtained from RADIUS or local-user-database during the authentication process. The RADIUS attribute Alc-slaac-ipv6-pool is used to indicate the SLAAC pool name for PPPoE hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-applications

client-applications

Syntax

client-applications [dhcp] [ppp]

no client-applications

Context

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>proxy client-applications)

[Tree] (config>service>vprn>sub-if>dhcp client-applications)

[Tree] (config>service>ies>sub-if>grp-if>dhcp client-applications)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy client-applications)

[Tree] (config>service>ies>sub-if>dhcp client-applications)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy client-applications)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp client-applications)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy client-applications)

Full Context

configure service ies subscriber-interface ipv6 dhcp6 proxy-server client-applications

configure service vprn subscriber-interface dhcp client-applications

configure service ies subscriber-interface group-interface dhcp client-applications

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay client-applications

configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server client-applications

configure service ies subscriber-interface dhcp client-applications

configure service vprn subscriber-interface ipv6 dhcp6 relay client-applications

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay client-applications

configure service vprn subscriber-interface ipv6 dhcp6 proxy-server client-applications

configure service vprn subscriber-interface group-interface dhcp client-applications

configure service ies subscriber-interface ipv6 dhcp6 relay client-applications

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server client-applications

Description

This command enables DHCP relay and proxy-server for the configured client types.

The no form of this command reverts to the default.

Default

dhcp

Parameters

dhcp

Enables IPoE clients to use the DHCP relay or proxy-server.

ppp

Enables PPPoE clients to use the DHCP relay or proxy-server that PPPoE attempts to request an IP address for a PPPoE client from the DHCP server