l Commands

l2

l2

Syntax

[no] l2

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>type l2)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query type l2

Description

This command enables matching on Layer 2 tunnels.

The no form of this command disables matching on Layer 2 access points, unless no other tunnel type specifier is configured.

Default

no l2

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2

Syntax

[no] l2

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state l2)

Full Context

configure subscriber-mgmt wlan-gw ue-query state l2

Description

This command enables matching on UEs in a Layer 2 wholesale state.

The no form of this command disables matching on UEs in a Layer 2 wholesale state, unless all state matching is disabled.

Default

no l2

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-access-id-alias

l2-access-id-alias

Syntax

l2-access-id-alias string

no l2-access-id-alias

Context

[Tree] (config>service>vpls>sap>pfcp l2-access-id-alias)

Full Context

configure service vpls sap pfcp l2-access-id-alias

Description

This command defines a Layer 2 access ID alias for the capture SAP. It replaces the default underlying port-based or LAG-based Layer 2 access ID. Different capture SAPs on the same underlying port or LAG can have different Layer 2 access ID aliases.

The no form of the command removes the configuration.

Parameters

string

Specifies the Layer 2 access ID alias, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2-access-points

l2-access-points

Syntax

l2-access-points

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw l2-access-points)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw l2-access-points)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-access-points

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points

Description

Commands in this context configure Layer 2 access points in WLAN gateway group interfaces.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-ap

l2-ap

Syntax

l2-ap sap-id [create]

no l2-ap sap-id

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points l2-ap)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>l2-access-points l2-ap)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points l2-ap

configure service ies subscriber-interface group-interface wlan-gw l2-access-points l2-ap

Description

This command adds a specific SAP where Layer 2 WLAN gateway aggregation is performed. The following SAPs are supported:

  • Ethernet

  • LAG

  • MPLS pseudowire SDPs

This command can be repeated multiple times to create multiple Layer 2 access points.

The no form of this command removes the Layer 2 access point. This is only allowed if the Layer 2 access point SAP is shutdown.

Parameters

sap-id

Specifies SAP to be created.

create

Keyword used to create the Layer 2 WLAN gateway aggregation instance. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-ap-auto-sub-id-fmt

l2-ap-auto-sub-id-fmt

Syntax

l2-ap-auto-sub-id-fmt {include-ap-tags | sap-only}

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw l2-ap-auto-sub-id-fmt)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw l2-ap-auto-sub-id-fmt)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-ap-auto-sub-id-fmt

configure service vprn subscriber-interface group-interface wlan-gw l2-ap-auto-sub-id-fmt

Description

This command configures the contents of the auto-generated subscriber ID when the ipoe-sub-id-key command is set to include sap-id and the def-sub-id command is configured with use-auto-id. The VLANs must be configured so that the subscriber ID length is not exceeded.

This command can include either the SAP or the SAP + AP delimiting tags.

The no form of this command reverts to the default configuration.

Default

l2-ap-auto-sub-id-fmt include-ap-tags

Parameters

include-ap-tags

Specifies that the SAP + AP delimiting tags is used.

sap-only

Specifies that the SAP only is used.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-ap-encap-type

l2-ap-encap-type

Syntax

l2-ap-encap-type {null | dot1q | qinq}

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw l2-ap-encap-type)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw l2-ap-encap-type)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-ap-encap-type

configure service vprn subscriber-interface group-interface wlan-gw l2-ap-encap-type

Description

This parameter specifies the number of AP identifying VLAN tags for an AP. This is the default value that can be overridden per SAP. This value must be at least equal to the number of VLANs configured in the SAP or enabling a SAP will fail.

A SAP VLAN is explicitly configured, for example l2-ap 1/1/1:25. Other VLANs on the same port can still be used in other contexts.

The number of VLAN tags Epiped to the WLAN gateway IOM equals the l2-ap-encap-type minus the encaps of the SAP. Upon receipt of a packet, these VLANs are stored as a Layer 2 tunnel identifier, and are only used in context of WLAN gateway.

The no form of this command sets the default value.

Default

l2-ap-encap-type null

Parameters

null

Both the SAP and the AP are not VLAN-tagged.

dot1q

Either the AP or the SAP uses one VLAN tag.

qinq

Up to two VLAN tags are used by the AP or SAP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-aware

l2-aware

Syntax

l2-aware

Context

[Tree] (config>service>vprn>nat>inside l2-aware)

Full Context

configure service vprn nat inside l2-aware

Description

Commands in this context configure parameters specific to Layer2-Aware NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-aware

Syntax

l2-aware

Context

[Tree] (config>router>nat>inside l2-aware)

Full Context

configure router nat inside l2-aware

Description

Commands in this context configure Layer2-Aware NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-aware

Syntax

l2-aware subscriber sub-ident-string ip ip-address protocol {tcp | udp} [port port] [outside-ip ip-address] [outside-port port] [nat-policy policy-name] [member member-id] [port-range-start port]

no l2-aware subscriber sub-ident-string ip ip-address protocol {tcp | udp port port

Context

[Tree] (config>service>nat>fwd l2-aware)

Full Context

configure service nat port-forwarding l2-aware

Description

This command creates NAT static port forwards for Layer2-Aware subscribers. The ESM subscriber must be present in the system before this command is executed. The no form of the command deletes NAT static port forwards for Layer2-Aware subscribers.

Parameters

subscriber sub-ident-string

This mandatory parameter specifies the ESM subscriber for which the SPF is to be created; ESM subscriber must be present in the system before the SPF can be created.

ip ip-address

This mandatory parameter specifies the source IPv4/IPv6 address for which SPF will be created.

protocol {tcp | udp}

This mandatory parameter specifies the protocol to use, either TCP or UDP.

port port

This optional parameter specifies a source port.

Values

1 to 65535

outside-ip ipv4-address

This mandatory parameter specifies the outside IPv4 address. If the outside IPv4 address is specified, then all other optional parameters become mandatory.

outside-port port

This optional parameter specifies the outside port.

nat-policy policy-name

If multiple NAT policies are used inside the routing context, then the NAT policy should be specified in the SPF request so the SPF is created in the correct NAT pool. Otherwise, the default NAT policy from the inside routing context will be used.

member member-id

This optional parameter should not be used by the operator. It is used only if the command is replayed via the exec command or at boot-config. The member ID indicates the identifier of the NAT ISA group member associated with this NAT subscriber.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-aware-ip-address

l2-aware-ip-address

Syntax

l2-aware-ip-address ip-address

l2-aware-ip-address from-pool

no l2-aware-ip-address

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp l2-aware-ip-address)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp l2-aware-ip-address)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp l2-aware-ip-address

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp l2-aware-ip-address

Description

This command configures the Layer2-Aware NAT inside IP address to be assigned via DHCP on the WLAN-GW ISA.

If the from-pool parameter is specified instead of an IPv4 address, a unique address is allocated to each UE. The pool used is managed by the dhcpv4-nat pool manager, configured under the same subscriber interface. This option is only available when auth-on-dhcp is also configured.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the Layer2-Aware NAT inside IP address.

from-pool

Specifies that the Layer2-Aware IP address is allocated from a pool.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-aware-nat-bypass

l2-aware-nat-bypass

Syntax

[no] l2-aware-nat-bypass

Context

[Tree] (config>filter>ip-filter>entry>action l2-aware-nat-bypass)

Full Context

configure filter ip-filter entry action l2-aware-nat-bypass

Description

This command enables bypassing NAT for packets pertaining to L2-Aware hosts and matching this entry. This action is only applicable to L2-Aware NAT subscribers and it must be configured together with action forward. Traffic identified in the match condition bypasses L2-Aware NAT. A common use case is to bypass NAT for on-net destinations (within the customer network).

Traffic that is not classified for bypass is automatically diverted to L2-Aware NAT, unless it is explicitly configured in the IP filter to be dropped.

For selective NAT bypass to take effect, in addition to the IP filter configuration, the L2-Aware NAT subscriber must be specifically enabled for selective bypass via the nat-allow-bypass configuration option in the NAT CLI node in the SLA profile.

The no form of this command automatically diverts traffic to L2-Aware NAT, unless it is explicitly configured in the IP filter to be dropped.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-aware-sub

l2-aware-sub

Syntax

[no] l2-aware-sub sub-ident-string

Context

[Tree] (config>li>li-source>nat l2-aware-sub)

Full Context

configure li li-source nat l2-aware-sub

Description

This command configures a Layer-2-Aware subscriber source.

The no form of this command removes the values from the configuration.

Parameters

sub-ident-string

Specifies a source name.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-inner-vlan

l2-inner-vlan

Syntax

l2-inner-vlan q-tag

no l2-inner-vlan

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query l2-inner-vlan)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query l2-inner-vlan

Description

This command enables matching on a Layer 2 access point with a specified C-VLAN.

The no form of this command disables matching on a C-VLAN.

Default

no l2-inner-vlan

Parameters

q-tag

Specifies the q-tag for the C-VLAN.

Values

0 to 4095

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-ip

l2-ip

Syntax

[no] l2-ip

Context

[Tree] (config>cflowd>collector>export-filter>family l2-ip)

Full Context

configure cflowd collector export-filter family l2-ip

Description

This command filters Layer 2 IP flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing Layer 2 IP flow data to be sent to the associated collector.

Default

no l2-ip

Platforms

All

l2-outer-vlan

l2-outer-vlan

Syntax

l2-outer-vlan q-tag

no l2-outer-vlan

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query l2-outer-vlan)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query l2-outer-vlan

Description

This command enables matching on a Layer 2 access point with a specified S-VLAN.

The no form of this command disables matching on an S-VLAN.

Default

no l2-outer-vlan

Parameters

q-tag

Specifies the q-tag for the S-VLAN.

Values

0 to 4095

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-outside

l2-outside

Syntax

l2-outside

no l2-outside

Context

[Tree] (config>service>nat>firewall-policy l2-outside)

[Tree] (config>service>nat>nat-policy l2-outside)

Full Context

configure service nat firewall-policy l2-outside

configure service nat nat-policy l2-outside

Description

This command configures a NAT policy to be used with a Layer 2 outside service instead of a Layer 3 outside service. This command and the pool command are mutually exclusive.

Default

no l2-outside

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy l2-outside

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy l2-outside

l2-sap

l2-sap

Syntax

l2-sap sap-id

no l2-sap

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query l2-sap)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query l2-sap

Description

This command enables matching on Layer 2 access points active on the specified SAP.

The no form of this command disables matching on the SAP.

Default

no l2-sap

Parameters

sap-id

Specifies the SAP ID. For details on SAP ID parameter values, refer to section Monitor CLI Commands in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Basic System Configuration Guide.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2-service

l2-service

Syntax

l2-service service-id

no l2-service

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range l2-service)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range l2-service)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range l2-service

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range l2-service

Description

This command specifies the VPLS service used for L2 wholesale. When such a service is configured no other configuration is allowed under the vlan-range.

The no form of this command removes the L2 wholesale service, this is only allowed if the l2-service node is shut down.

Parameters

service-id

Specifies the VPLS service ID to use for Layer 2 wholesale.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2pt-termination

l2pt-termination

Syntax

l2pt-termination [cdp] [dtp] [pagp] [stp] [udld] [vtp]

no l2pt-termination

Context

[Tree] (config>service>vpls>spoke-sdp l2pt-termination)

[Tree] (config>service>template>vpls-sap-template l2pt-termination)

[Tree] (config>service>vpls>sap l2pt-termination)

Full Context

configure service vpls spoke-sdp l2pt-termination

configure service template vpls-sap-template l2pt-termination

configure service vpls sap l2pt-termination

Description

This command enables Layer 2 Protocol Tunneling (L2PT) termination on a specified SAP or spoke-SDP. L2PT termination is supported only for STP BPDUs. PDUs of other protocols are discarded.

This feature can be enabled only if STP is disabled in the context of the specified VPLS service.

The no form of this command reverts to the default.

Default

no l2pt-termination

Parameters

cdp

Specifies the Cisco discovery protocol

dtp

Specifies the dynamic trunking protocol

pagp

Specifies the port aggregation protocol

stp

Specifies all spanning tree protocols: stp, rstp, mstp, pvst (default)

udld

Specifies unidirectional link detection

vtp

Specifies the virtual trunk protocol

Platforms

All

l2pt-termination

Syntax

l2pt-termination [cdp] [dtp] [pagp] [stp] [udld] [vtp]

no l2pt-termination

Context

[Tree] (config>service>pw-template l2pt-termination)

Full Context

configure service pw-template l2pt-termination

Description

This command enables Layer 2 Protocol Tunneling (L2PT) termination on a given SAP or spoke SDP. L2PT termination will be supported only for STP BPDUs. PDUs of other protocols will be discarded.

This feature can be enabled only if STP is disabled in the context of the given VPLS service.

Default

no l2pt-termination

Parameters

cdp

Specifies the Cisco discovery protocol.

dtp

Specifies the dynamic trunking protocol.

pagp

Specifies the port aggregation protocol.

stp

Specifies all spanning tree protocols: stp, rstp, mstp, pvst (default).

udld

Specifies unidirectional link detection.

vtp

Specifies the virtual trunk protocol.

Platforms

All

l2tp

l2tp

Syntax

l2tp

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host l2tp)

Full Context

configure subscriber-mgmt local-user-db ppp host l2tp

Description

Commands in this context configure L2TP parameters for the host.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp

Syntax

l2tp

Context

[Tree] (config>router l2tp)

Full Context

configure router l2tp

Description

Commands in this context configure L2TP parameters. L2TP extends the PPP model by allowing Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp

Syntax

[no] l2tp

Context

[Tree] (debug>router l2tp)

[Tree] (debug>router>l2tp>packet l2tp)

[Tree] (debug>router>l2tp>peer>packet l2tp)

[Tree] (debug>router>l2tp>group>packet l2tp)

[Tree] (debug>router>l2tp>assignment-id>packet l2tp)

Full Context

debug router l2tp

debug router l2tp packet l2tp

debug router l2tp peer packet l2tp

debug router l2tp group packet l2tp

debug router l2tp assignment-id packet l2tp

Description

This command sets debugging for L2TP packets.

The no form of this command removes the settings of debugging for L2TP packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp

Syntax

[no] l2tp

Context

[Tree] (config>redundancy>multi-chassis>peer>sync l2tp)

Full Context

configure redundancy multi-chassis peer sync l2tp

Description

This command enables L2TP.

The no form of this command disables L2TP.

Platforms

All

l2tp

Syntax

l2tp [terminate-only]

no l2tp

Context

[Tree] (debug>service>id>ppp>event l2tp)

Full Context

debug service id ppp event l2tp

Description

This command enables PPP L2TP event debug.

Parameters

terminate-only

Enables debug for local terminated PPP session.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp

Syntax

[no] l2tp

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>type l2tp)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query type l2tp

Description

This command enables matching on L2TP tunnels.

The no form of this command disables matching on L2TP tunnels, unless no other tunnel type specifier is configured.

Default

no l2tp

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l2tp

Syntax

[no] l2tp

Context

[Tree] (config>service>vprn l2tp)

Full Context

configure service vprn l2tp

Description

Commands in this context configure L2TP parameters. L2TP extends the PPP model by allowing Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp

Syntax

l2tp

Context

[Tree] (debug>oam>build-packet>packet>field-override>header l2tp)

[Tree] (config>test-oam>build-packet>header l2tp)

Full Context

debug oam build-packet packet field-override header l2tp

configure test-oam build-packet header l2tp

Description

This command causes the associated header to be defined as an L2TP header template and enables the context to define the L2TP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

l2tp-accounting-policy

l2tp-accounting-policy

Syntax

l2tp-accounting-policy policy-name [create]

no l2tp-accounting-policy policy-name

Context

[Tree] (config>aaa l2tp-accounting-policy)

Full Context

configure aaa l2tp-accounting-policy

Description

This command configures an L2TP accounting policy.

The no form of this command removes the policy-name from the configuration.

Parameters

policy-name

Specifies a policy name.

create

This keyword is required when first creating the configuration context. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp-lns

l2tp-lns

Syntax

l2tp-lns max-nr-of-sessions

no l2tp-lns

Context

[Tree] (config>subscr-mgmt>sla-profile>session-limits l2tp-lns)

[Tree] (config>subscr-mgmt>sub-profile>session-limits l2tp-lns)

Full Context

configure subscriber-mgmt sla-profile session-limits l2tp-lns

configure subscriber-mgmt sub-profile session-limits l2tp-lns

Description

This command configures the maximum number of L2TP LNS sessions per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of L2TP LNS sessions limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of L2TP LNS sessions.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp-load-balancing

l2tp-load-balancing

Syntax

[no] l2tp-load-balancing

Context

[Tree] (config>system>load-balancing l2tp-load-balancing)

Full Context

configure system load-balancing l2tp-load-balancing

Description

This command enables the inclusion of the L2TPv2 session ID into the load-balancing hash algorithm to induce more variation and better load distribution over available links and next-hops.

The no form of this command disables the inclusion of the session-id.

Platforms

All

l2tp-lts

l2tp-lts

Syntax

l2tp-lts max-nr-of-sessions

no l2tp-lts

Context

[Tree] (config>subscr-mgmt>sla-profile>session-limits l2tp-lts)

[Tree] (config>subscr-mgmt>sub-profile>session-limits l2tp-lts)

Full Context

configure subscriber-mgmt sla-profile session-limits l2tp-lts

configure subscriber-mgmt sub-profile session-limits l2tp-lts

Description

This command configures the maximum number of L2TP LTS sessions per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of L2TP LTS sessions limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of L2TP LTS sessions.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp-overall

l2tp-overall

Syntax

l2tp-overall max-nr-of-sessions

no l2tp-overall

Context

[Tree] (config>subscr-mgmt>sla-profile>session-limits l2tp-overall)

[Tree] (config>subscr-mgmt>sub-profile>session-limits l2tp-overall)

Full Context

configure subscriber-mgmt sla-profile session-limits l2tp-overall

configure subscriber-mgmt sub-profile session-limits l2tp-overall

Description

This command configures the maximum number of L2TP sessions per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of L2TP sessions limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of L2TP sessions.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tp-tunnel-id-range

l2tp-tunnel-id-range

Syntax

l2tp-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id

no l2tp-tunnel-id-range

Context

[Tree] (config>redundancy>multi-chassis>peer>sync>track-srrp-instances>track-srrp l2tp-tunnel-id-range)

Full Context

configure redundancy multi-chassis peer sync track-srrp-instances track-srrp l2tp-tunnel-id-range

Description

This command sets the tunnel-id range that is used to allocate a new tunnel-id for a tunnel for which multi-chassis redundancy is configured to this MCS peer.

The no form of this command reverts to the default.

Parameters

start l2tp-tunnel-id

Specifies the start of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values

1 to 16383

end l2tp-tunnel-id

Specifies the end of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values

1 to 16383

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tpv3

l2tpv3

Syntax

l2tpv3

Context

[Tree] (config>router>l2tp l2tpv3)

[Tree] (config>service>vprn>l2tp>group>tunnel l2tpv3)

[Tree] (config>service>vprn>l2tp l2tpv3)

[Tree] (config>service>vprn>l2tp>group l2tpv3)

[Tree] (config>router>l2tp>group>tunnel l2tpv3)

[Tree] (config>router>l2tp>group l2tpv3)

Full Context

configure router l2tp l2tpv3

configure service vprn l2tp group tunnel l2tpv3

configure service vprn l2tp l2tpv3

configure service vprn l2tp group l2tpv3

configure router l2tp group tunnel l2tpv3

configure router l2tp group l2tpv3

Description

Commands in this context configure L2TPv3 parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

l2tpv3

Syntax

l2tpv3

Context

[Tree] (config>service>epipe>spoke-sdp>ingress l2tpv3)

[Tree] (config>service>epipe>spoke-sdp>egress l2tpv3)

Full Context

configure service epipe spoke-sdp ingress l2tpv3

configure service epipe spoke-sdp egress l2tpv3

Description

Commands in this context configure L2TPv3 spoke SDPs for Epipe services.

Platforms

All

l2tpv3

Syntax

l2tpv3

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp>egress l2tpv3)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>ingress l2tpv3)

[Tree] (config>mirror>mirror-dest>spoke-sdp>ingress l2tpv3)

Full Context

configure mirror mirror-dest spoke-sdp egress l2tpv3

configure mirror mirror-dest remote-source spoke-sdp ingress l2tpv3

configure mirror mirror-dest spoke-sdp ingress l2tpv3

Description

Commands in this context configure an RX/TX cookie for L2TPv3 egress spoke SDP or for the remote-source ingress spoke SDP.

Platforms

All

  • configure mirror mirror-dest spoke-sdp egress l2tpv3
  • configure mirror mirror-dest remote-source spoke-sdp ingress l2tpv3

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure mirror mirror-dest spoke-sdp ingress l2tpv3

l2tpv3-session

l2tpv3-session

Syntax

l2tpv3-session [create]

no l2tpv3-session

Context

[Tree] (config>service>epipe>sap l2tpv3-session)

[Tree] (config>service>vpls>sap l2tpv3-session)

Full Context

configure service epipe sap l2tpv3-session

configure service vpls sap l2tpv3-session

Description

This command creates the configuration context to define the L2TPv3 tunnel parameters.

The no form of this command deletes the L2TPv3 configuration context.

Parameters

create

This keyword is mandatory while creating a L2TPv3 session.

Platforms

All

l2w

l2w

Syntax

[no] l2w

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>ue-state l2w)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query ue-state l2w

Description

This command enables matching on tunnels with L2W UEs.

The no form of this command disables matching on L2W UEs, unless UE state matching is disabled altogether.

Default

no l2w

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

l3-ring

l3-ring

Syntax

l3-ring name [create]

no l3-ring name

Context

[Tree] (config>redundancy>mc>peer>mcr l3-ring)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring

Description

This command configures a Layer 3 multi-chassis ring.

The no form of this command reverts to the default.

Platforms

All

l4-load-balancing

l4-load-balancing

Syntax

[no] l4-load-balancing

Context

[Tree] (config>system>load-balancing l4-load-balancing)

Full Context

configure system load-balancing l4-load-balancing

Description

This command configures system-wide Layer 4 load balancing. The configuration at the system level can enable or disable load balancing based on Layer 4 fields. If enabled, the Layer 4 source and destination port fields will be included in hashing calculation for TCP/UDP packets.

The hashing algorithm addresses finer spraying granularity where many hosts are connected to the network.

To address more efficient traffic distribution between network links (forming a LAG group), a hashing algorithm extension takes into account L4 information (that is, src/dst L4-protocol port).

The hashing index can be calculated according to the following algorithm:

Example:
    — If [(TCP or UDP traffic) & enabled] 
        — hash (TCP/UDP ports, IP addresses) 
    — else if (IP traffic) 
        — hash (IP addresses) 
    — else 
        — hash (MAC addresses)
    — endif

This algorithm will be used in all cases where IP information in per-packet hashing is included (refer to "Traffic Load Balancing Options" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Interface Configuration Guide). However, the Layer 4 information (TCP/UDP ports) will not be used for fragmented packets.

Default

no l4-load-balancing

Platforms

All

l4-src-port

l4-src-port

Syntax

l4-src-port port [mask]

no l4-src-port

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry l4-src-port)

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry l4-src-port)

Full Context

configure system security management-access-filter ip-filter entry l4-src-port

configure system security management-access-filter ipv6-filter entry l4-src-port

Description

This command configures a destination TCP or UDP port number or port range for a management access filter match criterion.

The no form of this command reverts to the default values.

Default

no l4-src-port

Parameters

port

Specifies the destination TCP or UDP port number as a match criterion.

Values

1 to 65535

Default

6 (exact match)

mask

Specifies the mask used to select a range of source port numbers. Format Styles to Configure Mask lists the format styles to configure the 16-bit mask.

Table 1. Format Styles to Configure Mask

Format Style

Format Syntax

Example

Decimal

DDDDD

63488

Hexadecimal

0xHHHH

0xF800

Binary

0bBBBBBBBBBBBBBBBB

0b1111100000000000

To select a range from 1024 up to 2047, specify 1024 and 0xFC00 for port and maskrespectively.

Values

1 to 65535 (decimal)

Default

65535 (exact match)

Platforms

All

label

label

Syntax

label [detail]

no label

Context

[Tree] (debug>router>ldp>peer>packet label)

Full Context

debug router ldp peer packet label

Description

This command enables debugging for LDP Label packets.

The no form of the command disables the debugging output.

Parameters

detail

Displays detailed information.

Platforms

All

label

Syntax

label label

no label

Context

[Tree] (config>test-oam>build-packet>header>mpls label)

[Tree] (debug>oam>build-packet>packet>field-override>header>mpls label)

Full Context

configure test-oam build-packet header mpls label

debug oam build-packet packet field-override header mpls label

Description

This command defines the MPLS value to be used in the MPLS header.

The no form of this command removes the label value.

Default

label 0

Parameters

label

Specifies the MPLS label to be used in the MPLS header.

Values

0 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

label

Syntax

[no] label label

Context

[Tree] (debug>router>rib-api label)

Full Context

debug router rib-api label

Description

This command enables debugging for the specified RIB-API label.

Parameters

label

Specifies the label of the specified RIB-API entry.

Values

32 to 1048575

Platforms

All

label-allocation

label-allocation

Syntax

label-allocation

Context

[Tree] (config>router>bgp label-allocation)

Full Context

configure router bgp label-allocation

Description

This commands enables the context to configure the allocation of MPLS labels to specific BGP routes.

Platforms

All

label-block

label-block

Syntax

label-block name

no label-block

Context

[Tree] (conf>router>segment-routing>srv6>loc>static-function label-block)

Full Context

configure router segment-routing segment-routing-v6 locator static-function label-block

Description

This command configures a reserved label block name to be used in the termination of services on the SRv6 FPE.

Static values of the service SID function are mapped to label values drawn from this reserved label block. A static function value of 1 maps to the first label in this label block and so on.

Dynamic values of service SID function are mapped to label values drawn from the dynamic label range.

An End or End.X function does not map to a label value.

The no form of this command removes the label block name from the configuration.

Default

no label-block

Parameters

name

Specifies a reserved label block name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

label-block

Syntax

label-block name

no label-block

Context

[Tree] (config>router>segment-routing>srv6>locator label-block)

Full Context

configure router segment-routing segment-routing-v6 locator label-block

Description

This command configures a reserved label block name for the termination of services on the SRv6 FPE.

When an operator configures this block, the router maps both static and dynamic values of the service SID functions to label values drawn from the reserved label block. This reserved block and the block defined under static-function are mutually exclusive. The configuration of this block does not constrain the configuration of a particular function length.

An End or End.X function does not map to a label value.

The no form of this command removes the label block name from the configuration.

Default

no label-block

Parameters

name

Specifies a reserved label block name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

label-block

Syntax

label-block name

no label-block

Context

[Tree] (conf>router>sr>srv6>ms>block label-block)

Full Context

configure router segment-routing segment-routing-v6 micro-segment block label-block

Description

This command associates a pre-configured reserved label block with the micro-SID block.

The no form of this command disassociates the reserved label block.

Default

no label-block

Parameters

name

Specifies a reserved label block name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

label-ipv4

label-ipv4

Syntax

label-ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]

no label-ipv4

Context

[Tree] (config>service>vprn>bgp>multi-path label-ipv4)

Full Context

configure service vprn bgp multi-path label-ipv4

Description

This command sets ECMP multipath parameters that apply only to the label unicast IPv4 address family.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The distribution of traffic over the multiple paths may or may not be equal. The distribution is based on weights derived from the Link Bandwidth Extended Community.

For more information about the criteria a non-best route must meet to qualify as a multipath, see "BGP route installation in the route table” in the 7450 ESS 7750 SR 7950 XRS VSR Unicast Routing Protocols User Guide.

The no form of this command removes label-IPv4-specific overrides.

Default

no label-ipv4

Parameters

max-paths

Specifies the maximum number of multipaths per prefix or NLRI. Setting this value to 1 disables multipath. This limit only applies if neither the ebgp-max-paths limit nor the ibgp-max-paths limit apply.

Values

1 to 64

ebgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route. If the ebgp option is configured, this value overrides the max-paths limit. If the best path is an EBGP learned route and this value is set to 1, multipath is disabled.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route. If the ibgp option is configured, this value overrides the max-paths limit. If the best path is an IBGP learned route and this value is set to 1, multipath is disabled.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path-as

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

label-ipv4

Syntax

label-ipv4 send send-limit

label-ipv4 send send-limit receive [none]

no label-ipv4

Context

[Tree] (config>router>bgp>group>neighbor>add-paths label-ipv4)

[Tree] (config>router>bgp>add-paths label-ipv4)

[Tree] (config>router>bgp>group>add-paths label-ipv4)

Full Context

configure router bgp group neighbor add-paths label-ipv4

configure router bgp add-paths label-ipv4

configure router bgp group add-paths label-ipv4

Description

This command configures the add-paths capability for labeled-unicast IPv4 routes. By default, add-paths is not enabled for labeled-unicast IPv4 routes.

The maximum number of labeled-unicast paths per IPv4 prefix to send is the configured send-limit, which is a mandatory parameter. The capability to receive multiple labeled-unicast paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command, receive capability is enabled by default.

The no form of this command disables add-paths support for labeled-unicast IPv4 routes, causing sessions established using add-paths for labeled-unicast IPv4 to go down and come back up without the add-paths capability.

Default

no label-ipv4

Parameters

send-limit

Specifies the maximum number of paths per labeled-unicast IPv4 prefix that are allowed to be advertised to add-paths peers. (The actual number of advertised routes may be less.) If the value is none, the router does not negotiate the send capability with respect to label-IPv4 AFI/SAFI. If the value is multipaths, then BGP advertises all the used BGP multipaths for each IPv4 NLRI if the peer has signaled support to receive multiple add paths.

Values

1 to 16, none, multipaths

receive

Specifies the router negotiates to receive multiple labeled-unicast routes per IPv4 prefix.

none

Specifies that the router does not negotiate to receive multiple labeled-unicast routes per IPv4 prefix.

Platforms

All

label-ipv4

Syntax

label-ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]

no label-ipv4

Context

[Tree] (config>router>bgp>multi-path label-ipv4)

Full Context

configure router bgp multi-path label-ipv4

Description

This command sets ECMP multipath parameters that apply only to the label IPv4 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

The no form of this command removes label-IPv4-specific overrides.

Default

no label-ipv4

Parameters

max-paths

Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.

Values

1 to 64

ebgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

label-ipv6

label-ipv6

Syntax

label-ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]

no label-ipv6

Context

[Tree] (config>service>vprn>bgp>multi-path label-ipv6)

Full Context

configure service vprn bgp multi-path label-ipv6

Description

This command sets ECMP multipath parameters that apply only to the label unicast IPv6 address family.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The distribution of traffic over the multiple paths may or may not be equal. The distribution is based on weights derived from the Link Bandwidth Extended Community.

For more information about the criteria a non-best route must meet to qualify as a multipath, see "BGP route installation in the route table” in the 7450 ESS 7750 SR 7950 XRS VSR Unicast Routing Protocols User Guide.

The no form of this command removes label-IPv6-specific overrides.

Default

no label-ipv6

Parameters

max-paths

Specifies the maximum number of multipaths per prefix or NLRI. Setting this value to 1 disables multipath. This limit only applies if neither the ebgp-max-paths limit nor the ibgp-max-paths limit apply.

Values

1 to 64

ebgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route. If the ebgp option is configured, this value overrides the max-paths limit. If the best path is an EBGP learned route and this value is set to 1, multipath is disabled.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route. If the ibgp option is configured, this value overrides the max-paths limit. If the best path is an IBGP learned route and this value is set to 1, multipath is disabled.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path-as

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

label-ipv6

Syntax

label-ipv6 send send-limit

label-ipv6 send send-limit receive [none]

no label-ipv6

Context

[Tree] (config>router>bgp>group>add-paths label-ipv6)

[Tree] (config>router>bgp>group>neighbor>add-paths label-ipv6)

[Tree] (config>router>bgp>add-paths label-ipv6)

Full Context

configure router bgp group add-paths label-ipv6

configure router bgp group neighbor add-paths label-ipv6

configure router bgp add-paths label-ipv6

Description

This command configures the add-paths capability for labeled-unicast IPv6 routes. By default, add-paths is not enabled for labeled-unicast IPv6 routes.

The maximum number of labeled-unicast paths per IPv6 prefix to send is the configured send-limit, which is a mandatory parameter. The capability to receive multiple labeled-unicast paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command, receive capability is enabled by default.

The no form of this command disables add-paths support for labeled-unicast IPv6 routes, causing sessions established using add-paths for labeled-unicast IPv6 to go down and come back up without the add-paths capability.

Default

no label-ipv6

Parameters

send-limit

Specifies the maximum number of paths per labeled-unicast IPv6 prefix that are allowed to be advertised to add-paths peers. (The actual number of advertised routes may be less.) If the value is none, the router does not negotiate the send capability with respect to label-IPv6 AFI/SAFI. If the value is multipaths, then BGP advertises all the used BGP multipaths for each IPv6 NLRI if the peer has signaled support to receive multiple add paths.

Values

1 to 16, none, multipaths

receive

Specifies that the router negotiates to receive multiple labeled-unicast routes per IPv6 prefix.

none

Specifies that the router does not negotiate to receive multiple labeled-unicast routes per IPv6 prefix.

Platforms

All

label-ipv6

Syntax

label-ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]

no label-ipv6

Context

[Tree] (config>router>bgp>multi-path label-ipv6)

Full Context

configure router bgp multi-path label-ipv6

Description

This command sets ECMP multipath parameters that apply only to the label unicast IPv6 address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

The no form of this command removes label-IPv6-specific overrides.

Default

no label-ipv6

Parameters

max-paths

Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.

Values

1 to 64

ebgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.

Values

1 to 64

ibgp-max-paths

Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.

Values

1 to 64

restrict same-neighbor-as

Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.

restrict exact-as-path

Specifies that the non-best path must have the same AS path as the best path.

unequal-cost

Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

Platforms

All

label-ipv6

Syntax

label-ipv6

Context

[Tree] (config>router>bgp>label-allocation label-ipv6)

Full Context

configure router bgp label-allocation label-ipv6

Description

Commands in this context configure advertised label IPv6 programming rules.

Platforms

All

label-ipv6

Syntax

label-ipv6

Context

[Tree] (config>service>vprn>bgp>rib-management label-ipv6)

Full Context

configure service vprn bgp rib-management label-ipv6

Description

Commands in this context configure labeled IPv6 RIB.

Platforms

All

label-ipv6-explicit-null

label-ipv6-explicit-null

Syntax

[no] label-ipv6-explicit-null

Context

[Tree] (config>router>bgp>next-hop-res>lbl-routes>use-bgp-routes label-ipv6-explicit-null)

Full Context

configure router bgp next-hop-resolution labeled-routes use-bgp-routes label-ipv6-explicit-null

Description

This command allows a labelled IPv6 route with the explicit-null label to be resolved by other labelled IPv6 routes with the explicit-null label, and also by unlabeled IPv4 routes and unlabeled IPv6 routes that are resolved by static routes, interface routes, or tunnels. Up to four levels of recursive resolution are supported when the top route is a labelled IPv6 route with an explicit-null label.

Regardless of setting, a labelled IPv6 route with a regular label (other than explicit-null) is never resolved by other labelled IPv6 routes.

The no form of this command disables the label-ipv6-explicit-null functionality. When disabled, a labeled IPv6 route cannot be resolved by other labeled IPv6 routes.

Default

no label-ipv6-explicit-null

Platforms

All

label-map

label-map

Syntax

[no] label-map in-label

Context

[Tree] (config>router>mpls>interface label-map)

Full Context

configure router mpls interface label-map

Description

This command is used on transit routers when a static LSP is defined. The static LSP on the ingress router is initiated using the config router mpls static-lsp lsp-name command. An in-label can be associated with either a pop or a swap action, but not both. If both actions are specified, the last action specified takes effect.

The no form of this command deletes the static LSP configuration associated with the in-label.

Parameters

in-label

Specifies the incoming MPLS label on which to match.

Values

32 to 1023

Platforms

All

label-mode

label-mode

Syntax

label-mode {vrf | next-hop}

no label-mode

Context

[Tree] (config>service>vprn label-mode)

Full Context

configure service vprn label-mode

Description

This command controls the method by which service labels are allocated to routes exported by the VPRN as BGP-VPN routes. The vrf option selects service label per VRF mode while the next-hop option selects service label per next-hop mode.

The no form of this command sets the mode to the default mode of service label per VRF.

Default

no label-mode

Parameters

vrf

Selects service label per VRF mode.

next-hop

Selects service label per next-hop mode.

Platforms

All

label-preference

label-preference

Syntax

label-preference value

no label-preference

Context

[Tree] (config>service>vprn>bgp>group>neighbor label-preference)

[Tree] (config>service>vprn>bgp>group label-preference)

[Tree] (config>service>vprn>bgp label-preference)

Full Context

configure service vprn bgp group neighbor label-preference

configure service vprn bgp group label-preference

configure service vprn bgp label-preference

Description

This command configures the route preference for routes learned from labeled-unicast peers.

This command can be configured at three levels:

  • Global level — applies to all peers

  • Group level — applies to all peers in the peer-group

  • Neighbor level — applies only to the specified peer

The most specific value is used.

The lower the preference, the higher the chance of the route being the active route.

The no form of this command used at the global level reverts to the default value of 170.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no label-preference

Parameters

value

Specifies the route preference value.

Values

1 to 255

Platforms

All

label-preference

Syntax

label-preference value

no label-preference

Context

[Tree] (config>router>bgp>group label-preference)

[Tree] (config>router>bgp label-preference)

[Tree] (config>router>bgp>group>neighbor label-preference)

Full Context

configure router bgp group label-preference

configure router bgp label-preference

configure router bgp group neighbor label-preference

Description

This command configures the route preference for routes learned from labeled-unicast peers.

This command can be configured at three levels:

  • Global level — applies to all peers

  • Group level — applies to all peers in the peer-group

  • Neighbor level — applies only to the specified peer

The most specific value is used.

The lower the preference, the higher the chance of the route being the active route.

The no form of this command used at the global level reverts to the default value of 170.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no label-preference

Parameters

value

Specifies the route preference value.

Values

1 to 255

Platforms

All

label-route-local

label-route-local

Syntax

label-route-local [{none | all}]

Context

[Tree] (config>router>ttl-propagate label-route-local)

Full Context

configure router ttl-propagate label-route-local

Description

This command configures the TTL propagation for locally generated packets which are forwarded over a BGP label route in the Global Routing Table (GRT) context.

For IPv4 and IPv6 packets forwarded using an RFC 8277 label route in the global routing instance, including 6PE, the all value of the command enables TTL propagation from the IP header into all labels in the transport label stack. The none value reverts to the default mode which disables TTL propagation from the IP header to the labels in the transport label stack. This command does not have a no version.

The TTL of the IP packet is always propagated into the RFC 8277 label itself, and this command only controls the propagation into the transport labels, for example, labels of the RSVP or LDP LSP to which the BGP label route resolves and which are pushed on top of the BGP label.

If the BGP peer advertised the implicit-null label value for the BGP label route, the TTL propagation will not follow the configuration described, but will follow the configuration to which the BGP label route resolves:

RSVP LSP shortcut:

  • configure router mpls shortcut-local-ttl-propagate

LDP LSP shortcut:

  • configure router ldp shortcut-local-ttl-propagate

This feature does not impact packets forwarded over BGP shortcuts. The ingress LER operates in uniform mode by default and can be changed into pipe mode using the configuration of TTL propagation for RSVP or LDP LSP shortcut listed.

Default

label-route-local none

Parameters

none

Specifies that the TTL of the IP packet is not propagated into the transport label stack.

all

Specifies that the TTL of the IP packet is propagated into all labels of the transport label stack.

Platforms

All

label-route-transit

label-route-transit

Syntax

label-route-transit [{none | all}]

Context

[Tree] (config>router>ttl-propagate label-route-transit)

Full Context

configure router ttl-propagate label-route-transit

Description

This command configures the TTL propagation for transit packets which are forwarded over a BGP label route in the Global Routing Table (GRT) context.

For IPv4 and IPv6 packets forwarded using a RFC 8277 label route in the global routing instance, including 6PE, the all value of the command enables TTL propagation from the IP header into all labels in the transport label stack. The none value reverts to the default mode which disables TTL propagation from the IP header to the labels in the transport label stack. This command does not have a no version.

The TTL of the IP packet is always propagated into the RFC 8277 label itself, and this command only controls the propagation into the transport labels, for example, labels of the RSVP or LDP LSP to which the BGP label route resolves and which are pushed on top of the BGP label.

If the BGP peer advertised the implicit-null label value for the BGP label route, the TTL propagation will not follow the configuration described, but will follow the configuration to which the BGP label route resolves.

RSVP LSP shortcut:

  • configure router mpls shortcut-transit-ttl-propagate

LDP LSP shortcut:

  • configure router ldp shortcut-transit-ttl-propagate

This feature does not impact packets forwarded over BGP shortcuts. The ingress LER operates in uniform mode by default and can be changed into pipe mode using the configuration of TTL propagation for the listed RSVP or LDP LSP shortcut.

Default

label-route-transit none

Parameters

none

Specifies that the TTL of the IP packet is not propagated into the transport label stack.

all

Specifies that the TTL of the IP packet is propagated into all labels of the transport label stack.

Platforms

All

label-stack-reduction

label-stack-reduction

Syntax

[no] label-stack-reduction

Context

[Tree] (config>router>mpls>lsp label-stack-reduction)

[Tree] (config>router>mpls>lsp-template label-stack-reduction)

Full Context

configure router mpls lsp label-stack-reduction

configure router mpls lsp-template label-stack-reduction

Description

This command enables the label stack size reduction for a SR-TE LSP or SR-TE LSP template.

At a high level, the label stack reduction algorithm attempts to replace a segment of a computed SR-TE LSP path with the farthest node SID on that path that results in using ECMP paths with links which still comply to the TE constraints of the LSP path.

The no form of this command returns the command to its default value.

Default

no label-stack-reduction

Platforms

All

label-stack-statistics-count

label-stack-statistics-count

Syntax

label-stack-statistics-count label-stack-statistics-count

no label-stack-statistics-count

Context

[Tree] (config>system>ip>mpls label-stack-statistics-count)

Full Context

configure system ip mpls label-stack-statistics-count

Description

This command enables the system to collect traffic statistics on the specified number of labels of the MPLS label stack.

The no form of this command disables the collecting of traffic statistics.

Default

label-stack-statistics-count 1

Parameters

label-stack-statistics-count

Specifies the number of labels on which the system can collect statistics.

Values

1, 2

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

label-withdrawal-delay

label-withdrawal-delay

Syntax

label-withdrawal-delay seconds

no label-withdrawal-delay

Context

[Tree] (config>router>ldp label-withdrawal-delay)

Full Context

configure router ldp label-withdrawal-delay

Description

This command specifies configures the time interval (in s), LDP will delay for the withdrawal of FEC-label binding it distributed to its neighbors when FEC is de-activated. When the timer expires, LDP then sends a label withdrawal for the FEC to all its neighbors. This is applicable only to LDP IPv4 prefix FECs and is not applicable to pseudowires (service FECs).

When there is an upper layer (user of LDP) which depends of LDP control plane for failover detection then label withdrawal delay and tunnel-down-damp-time options must be set to 0.

An example is PW redundancy where the primary PW doesn’t have its own fast failover detection mechanism and the node depends on LDP tunnel down event to activate the standby PW.

Default

no label-withdrawal-delay

Parameters

seconds

Specifies the time that LDP delays the withdrawal of FEC-label binding it distributed to its neighbors when FEC is de-activated.

Values

3 to 120

Platforms

All

labeled-routes

labeled-routes

Syntax

labeled-routes

Context

[Tree] (config>router>bgp>next-hop-res labeled-routes)

Full Context

configure router bgp next-hop-resolution labeled-routes

Description

Commands in this context configure labeled route options for next-hop resolution.

Platforms

All

lac-overall

lac-overall

Syntax

lac-overall max-nr-of-hosts

no lac-overall

Context

[Tree] (config>subscr-mgmt>sla-profile>host-limits lac-overall)

[Tree] (config>subscr-mgmt>sub-profile>host-limits lac-overall)

Full Context

configure subscriber-mgmt sla-profile host-limits lac-overall

configure subscriber-mgmt sub-profile host-limits lac-overall

Description

This command configures the maximum number of L2TP LAC hosts per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of L2TP LAC hosts limit.

Parameters

max-nr-of-hosts

Specifies the maximum number of L2TP LAC hosts.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lacp

lacp

Syntax

lacp [mode] [administrative-key admin-key] [system-id system-id] [system-priority priority]

no lacp

Context

[Tree] (config>lag lacp)

Full Context

configure lag lacp

Description

This command enables the LACP protocol. Per the IEEE 802.1ax standard, the Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs, move the link to that Link Aggregation Group, and enable its transmission and reception functions in an orderly manner.

If any of the parameters are omitted, the existing configuration is preserved. The default parameter values are used if a parameter is never explicitly configured.

Default

no lacp

Parameters

mode

Specifies the mode in which LACP will operate.

Values

passive — Starts transmitting LACP packets only after receiving packets.

active — Initiates the transmission of LACP packets.

admin-key

Specifies an administrative key value to identify the channel group on each port configured to use LACP. A random key is assigned by default if a value is not specified when using classic CLI only.

Values

1 to 65535

system-id

Specifies the 48-bit system ID in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Values

1 to 65535

Default

32768

priority

Specifies the system priority.

Values

0 to 65535

Default

32768

Platforms

All

lacp-mux-control

lacp-mux-control

Syntax

lacp-mux-control {coupled | independent}

no lacp-mux-control

Context

[Tree] (config>lag lacp-mux-control)

Full Context

configure lag lacp-mux-control

Description

This command configures the type of multiplexing machine control to be used in a LAG with LACP in active/passive modes.

The no form of this command disables multiplexing machine control.

Default

lacp-mux-control coupled

Parameters

coupled

Specifies that TX and RX activate together.

independent

Specifies that RX activates independent of TX.

Platforms

All

lacp-system-priority

lacp-system-priority

Syntax

lacp-system-priority lacp-system-priority

no lacp-system-priority

Context

[Tree] (config>system lacp-system-priority)

Full Context

configure system lacp-system-priority

Description

This command configures the Link Aggregation Control Protocol (LACP) system priority on aggregated Ethernet interfaces. LACP allows the operator to aggregate multiple physical interfaces to form one logical interface.

Default

lacp-system-priority 32768

Parameters

lacp-system-priority

Specifies the LACP system priority.

Values

1 to 65535

Platforms

All

lacp-tunnel

lacp-tunnel

Syntax

[no] lacp-tunnel

Context

[Tree] (config>port>ethernet lacp-tunnel)

Full Context

configure port ethernet lacp-tunnel

Description

This command enables LACP packet tunneling for the Ethernet port. When tunneling is enabled, the port does not process any LACP packets but tunnels them instead. The port cannot be added as a member to a LAG group.

In this context, the lacp-tunnel command is supported for Epipe and VPLS services only.

The no form of this command disables LACP packet tunneling for the Ethernet port.

Default

no lacp-tunnel

Platforms

All

lacp-xmit-interval

lacp-xmit-interval

Syntax

lacp-xmit-interval {slow | fast}

no lacp-xmit-interval

Context

[Tree] (config>lag lacp-xmit-interval)

Full Context

configure lag lacp-xmit-interval

Description

This command specifies the interval signaled to the peer and tells the peer at which rate it should transmit.

Default

lacp-xmit-interval fast

Parameters

slow

Transmits packets every 30 seconds.

fast

Transmits packets every second.

Platforms

All

lacp-xmit-stdby

lacp-xmit-stdby

Syntax

[no] lacp-xmit-stdby

Context

[Tree] (config>lag lacp-xmit-stdby)

Full Context

configure lag lacp-xmit-stdby

Description

This command enables LACP message transmission on standby links.

The no form of this command disables LACP message transmission. This command should be disabled for compatibility when using active/standby groups. This forces a timeout of the standby links by the peer. Use the no form if the peer does not implement the correct behavior regarding the lacp sync bit.

Default

lacp-xmit-stdby

Platforms

All

lag

lag

Syntax

lag lag-id lacp-key admin-key system-id system-id [remote-lag remote-lag-id] system-priority system-priority source-bmac-lsb use-lacp-key

lag lag-id lacp-key admin-key system-id system-id [remote-lag remote-lag-id] system-priority system-priority source-bmac-lsb MAC-Lsb

lag lag-id lacp-key admin-key system-id system-id [remote-lag remote-lag-id] system-priority system-priority

lag lag-id [remote-lag remote-lag-id]

no lag lag-id

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-lag lag)

Full Context

configure redundancy multi-chassis peer mc-lag lag

Description

This command defines a LAG which is forming a redundant-pair for MC-LAG with a LAG configured on the given peer. The same LAG group can be defined only in the scope of 1 peer. In order MC-LAG to become operational, all parameters (lacp-key, system-id, system-priority) must be configured the same on both nodes of the same redundant pair.

The partner system (the system connected to all links forming MC-LAG) will consider all ports using the same lacp-key, system-id, system-priority as the part of the same LAG. In order to achieve this in MC operation, both redundant-pair nodes have to be configured with the same values. In case of the mismatch, MC-LAG is kept in oper-down status.

Note that the correct CLI command to enable MC LAG for a LAG in standby-signaling power-off mode is lag lag-id [remote-lag remote-lag-id]. In the CLI help output, the first three forms are used to enable MC LAG for a LAG in LACP mode. MC LAG is disabled (regardless of the mode) for a given LAG with no lag lag-id.

Parameters

lag-id

The LAG identifier, expressed as an integer. Specifying the lag-id allows the mismatch between lag-id on redundant-pair. If no lag-id is specified it is assumed that neighbor system uses the same lag-id as a part of the specific MC-LAG. If no matching MC-LAG group can be found between neighbor systems, the individual LAGs operates as usual (no MC-LAG operation is established).

Values

1 to 800

admin-key

Specifies a 16 bit key that needs to be configured in the same manner on both sides of the MC-LAG in order for the MC-LAG to come up.

Values

1 to 65535

system-id

Specifies a 6 byte value expressed in the same notation as MAC address.

Values

xx:xx:xx:xx:xx:xx - xx [00 to FF]

remote-lag-id

Specifies the LAG ID on the remote system.

Values

1 to 800

system-priority

Specifies the system priority to be used in the context of the MC-LAG. The partner system will consider all ports using the same lacp-key, system-id, and system-priority as part of the same LAG.

Values

1 to 65535

MAC-Lsb

Configures the last 16 bit of the MAC address to be used for all traffic ingressing the MC-LAG link(s) or if use-lacp-key option is used, it will only copy the value of lacp-key (redundancy multi-chassis mc-lag lag lacp-key admin-key). The command will fail if the value is the same with any of the following configured attributes:

  • Source-bmac-lsb assigned to other MC-LAG ports.

  • lsb 16 bits value for the source-bmac configured at chassis or BVPLS level

    The first 32 bits will be copied from the source B-MAC of the BVPLS associated with the IVPLS for a specific IVPLS SAP mapped to the MC-LAG. The BVPLS source B-MAC can be provisioned for each BVPLS or can be inherited from the chassis PBB configuration.

Values

1 to 65535 or xx-xx or xx:xx

Platforms

All

lag

Syntax

lag lag-id [name lag-name]

no lag lag-id

Context

[Tree] (config lag)

Full Context

configure lag

Description

Commands in this context configure Link Aggregation Group (LAG) attributes.

A LAG is used to group multiple ports into one logical link. The aggregation of multiple physical links allows for load sharing and offers seamless redundancy. If one link fails, traffic is redistributed over the remaining links.

Note:

For all ports in a LAG group, autonegotiation must be set to "limited” or "off”.

There are three possible settings for autonegotiation, as follows:

  • "on” or enabled with full port capabilities advertised

  • "off” or disabled where there is no autonegotiation advertisements

  • "limited” where a single speed/duplex is advertised.

When autonegotiation is enabled on a port, the link attempts to automatically negotiate the link speed and duplex parameters; the configured duplex and speed parameters are ignored.

When autonegotiation is disabled on a port, the port does not attempt to autonegotiate and will only operate at the speed and duplex settings configured for the port.

Note:

Disabling autonegotiation on gigabit ports is not allowed. This is in accordance with the IEEE 802.3 specification for gigabit Ethernet, which requires gigabyte to be enabled for far end fault indication.

If the config>port>ethernet autonegotiate limited keyword option is specified, the port will autonegotiate but only advertise the speed and duplex settings configured for the port. Use the limited mode on multi-speed gigabit ports to force gigabit operation while keeping autonegotiation is enabled for compliance with IEEE 801.3.

The system requires autonegotiation to be disabled or limited for ports in a LAG to guarantee a specific port speed.

The no form of this command deletes the LAG from the configuration. A LAG can only be deleted while the LAG is administratively shut down. Any dependencies, such as IP-Interface configurations, must be removed from the configuration before the no lag command is issued.

Parameters

lag-id

Specifies the LAG identifier, expressed as an integer.

The LAG ID ranging from 1 to 64 supports up to 64 LAG members and LAG ID above 64 supports 32 LAG members.

Values

1 to 800

lag-name

Specifies an optional LAG name, up to 27 characters.

In model-driven interfaces, the LAG name is used for configuration references and show commands. A service provider or administrator can use the defined LAG name to identify and manage LAGs within the SR OS platforms.

In the classic CLI interface, the user must assign a LAG ID to create the LAG. The LAG name is optional and, if specified, must always start with "lag-”. If a name is not specified, SR OS automatically assigns a string version of the LAG ID as "lag-<lag-id>”.

Values

lag-<23 chars max>

Platforms

All

lag

Syntax

lag [lag-id lag-id [port port-id]] [all]

lag [lag-id lag-id [port port-id]] [sm] [pkt] [cfg] [red] [iom-upd] [port-state] [timers] [sel-logic] [mc] [mc-pkt]

no lag [lag-id lag-id]

Context

[Tree] (debug lag)

Full Context

debug lag

Description

This command enables debugging for LAG.

Parameters

lag-id

Specifies the link aggregation group ID.

Values

1 to 800

port-id

Specifies the physical port ID.

Values

slot/mda/port

all

Specifies to display all LAG information.

sm

Specifies to display trace LACP state machine.

pkt

Specifies to display trace LACP packets.

cfg

Specifies to display trace LAG configuration.

red

Specifies to display trace LAG high availability.

iom-upd

Specifies to display trace LAG IOM updates.

port-state

Specifies to display trace LAG port state transitions.

timers

Specifies to display trace LAG timers.

sel-logic

Specifies to display trace LACP selection logic.

mc

Specifies to display multi-chassis parameters.

mc-packet

Specifies to display the MC-LAG control packets with valid authentication were received on this system.

Platforms

All

lag

Syntax

lag lag-id

no lag

Context

[Tree] (config>service>system>bgp-evpn>eth-seg lag)

Full Context

configure service system bgp-evpn ethernet-segment lag

Description

This command configures a LAG ID associated with the Ethernet-Segment. When the Ethernet-Segment is configured as all-active, then only a lag or PW port can be associated with the Ethernet-Segment. When the Ethernet-Segment is configured as single-active, then a lag, port or sdp can be associated to the Ethernet-Segment. In either case, only one of the four objects can be configured in the Ethernet-Segment. A specified lag can be part of only one Ethernet-Segment.

Default

no lag

Parameters

lag-id

Specifies the lag-id associated with the Ethernet-Segment.

Values

1 to 800

Platforms

All

lag

Syntax

lag lag-id[:encap-val]

no lag

Context

[Tree] (config>service>vprn>nw-if lag)

Full Context

configure service vprn network-interface lag

Description

This command binds the interface to a Link Aggregation Group (LAG)

The no form of this command removes the LAG id from the configuration.

Parameters

lag-id[:encap-val]

Specifies the LAG ID.

Values

lag-id

1 to 800

encap-val

0 (for null)

0 to 4094 (for dot1q)

Platforms

All

lag-emulation

lag-emulation

Syntax

lag-emulation

Context

[Tree] (config>eth-tunnel lag-emulation)

Full Context

configure eth-tunnel lag-emulation

Description

Commands in this context configure eth-tunnel loadsharing parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lag-link-map-profile

lag-link-map-profile

Syntax

lag-link-map-profile link-map-profile-id

no lag-link-map-profile

Context

[Tree] (config>subscr-mgmt>msap-policy lag-link-map-profile)

[Tree] (config>service>vprn>sub-if>grp-if>sap lag-link-map-profile)

Full Context

configure subscriber-mgmt msap-policy lag-link-map-profile

configure service vprn subscriber-interface group-interface sap lag-link-map-profile

Description

This command assigns a pre-configured lag link map profile to a SAP or network interface configured on a LAG or a PW port that exists on a LAG. Once assigned or de-assigned, the SAP or network interface egress traffic is re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Parameters

link-map-profile-id

Defines a unique LAG link map profile on which the LAG the SAP/network interface exist.

Default

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lag-link-map-profile

Syntax

lag-link-map-profile link-map-profile-id

no lag-link-map-profile

Context

[Tree] (config>service>ipipe>sap lag-link-map-profile)

[Tree] (config>service>epipe>sap lag-link-map-profile)

Full Context

configure service ipipe sap lag-link-map-profile

configure service epipe sap lag-link-map-profile

Description

This command assigns a pre-configured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/de-assigned, the SAP’s/network interface’s egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Default

no lag-link-map-profile

Parameters

link-map-profile-id

An integer from 1 to 64 that defines a unique lag link map profile on the LAG the SAP/network interface exists on.

Platforms

All

lag-link-map-profile

Syntax

lag-link-map-profile link-map-profile-id

no lag-link-map-profile

Context

[Tree] (config>service>vpls>sap lag-link-map-profile)

Full Context

configure service vpls sap lag-link-map-profile

Description

This command assigns a pre-configured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/unassigned, the SAP/network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Default

no lag-link-map-profile

Parameters

link-map-profile-id

An integer from 1 to 64 that defines a unique lag link map profile on which the LAG the SAP/network interface exist.

Platforms

All

lag-link-map-profile

Syntax

lag-link-map-profile lag-link-map-profile-id

no lag-link-map-profile

Context

[Tree] (config>service>ies>sub-if>grp-if>sap lag-link-map-profile)

[Tree] (config>service>ies>if>sap lag-link-map-profile)

Full Context

configure service ies subscriber-interface group-interface sap lag-link-map-profile

configure service ies interface sap lag-link-map-profile

Description

This command assigns a pre-configured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/de-assigned, the SAP/network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Default

no lag-link-map-profile

Parameters

lag-link-map-profile-id

An integer from 1 to 64 that defines a unique lag link map profile on which the LAG the SAP/network interface exist.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface sap lag-link-map-profile

All

  • configure service ies interface sap lag-link-map-profile

lag-link-map-profile

Syntax

lag-link-map-profile link-map-profile-id

no lag-link-map-profile

Context

[Tree] (config>service>vprn>if>sap lag-link-map-profile)

Full Context

configure service vprn interface sap lag-link-map-profile

Description

This command assigns a pre-configured LAG link map profile to a SAP or network interface configured on a LAG or a PW port that exists on a LAG. Once assigned, the SAP or network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP or network interface to use per-flow, service or link hash as configured for the service or LAG.

Default

no lag-link-map-profile

Parameters

link-map-profile-id

An integer from 1 to 64 that defines a unique LAG link map profile on which the LAG the SAP or network interface exist.

Platforms

All

lag-link-map-profile

Syntax

lag-link-map-profile link-map-profile-id

no lag-link-map-profile

Context

[Tree] (config>router>if lag-link-map-profile)

Full Context

configure router interface lag-link-map-profile

Description

This command assigns a preconfigured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/unassigned, the SAP/network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Default

no lag-link-map-profile

Parameters

link-map-profile-id

An integer from 1 to 32 that defines a unique lag link map profile on which the LAG the SAP/network interface exist.

Platforms

All

lag-per-link-hash

lag-per-link-hash

Syntax

lag-per-link-hash class {class} weight weight

no lag-per-link-hash

Context

[Tree] (config>subscr-mgmt>sub-profile>egress lag-per-link-hash)

Full Context

configure subscriber-mgmt sub-profile egress lag-per-link-hash

Description

This command configures weight and class to be used on LAG egress when the LAG uses weighted per-link-hash by subscribers with the profile assigned. Subscribers using profile with lag-per-link-hash default configuration, inherit weight and class from the SAP configuration (1 and 1 respectively if none configured under SAP).

The no form of this command restores default configuration.

Parameters

class

Specifies the class to be used to select a LAG link.

Values

1, 2, 3

Default

1

weight

Specifies the weight to be associated with this SAP when selecting a LAG link.

Values

1 to 1024

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lag-per-link-hash

Syntax

lag-per-link-hash class {1 | 2 | 3} weight [weight]

no lag-per-link-hash

Context

[Tree] (config>service>vpls>sap lag-per-link-hash)

[Tree] (config>service>epipe>sap lag-per-link-hash)

[Tree] (config>service>ipipe>sap lag-per-link-hash)

Full Context

configure service vpls sap lag-per-link-hash

configure service epipe sap lag-per-link-hash

configure service ipipe sap lag-per-link-hash

Description

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores default configuration.

Default

no lag-per-link-hash (equivalent to weight 1 class 1)

Platforms

All

lag-per-link-hash

Syntax

lag-per-link-hash class {1 | 2 | 3} weight weight

no lag-per-link-hash

Context

[Tree] (config>service>ies>sub-if>grp-if>sap lag-per-link-hash)

[Tree] (config>service>ies>if>sap lag-per-link-hash)

Full Context

configure service ies subscriber-interface group-interface sap lag-per-link-hash

configure service ies interface sap lag-per-link-hash

Description

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores default configuration.

Default

no lag-per-link-hash (equivalent to weight 1 class 1)

Parameters

class

Specifies the class.

Values

1, 2, 3

weight

Specifies the weight.

Values

1 to 1024

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface sap lag-per-link-hash

All

  • configure service ies interface sap lag-per-link-hash

lag-per-link-hash

Syntax

lag-per-link-hash class {1 | 2 | 3} weight [1 to 1024]

no per-link-hash

Context

[Tree] (config>service>vprn>nw-if lag-per-link-hash)

[Tree] (config>service>vprn>if>sap lag-per-link-hash)

Full Context

configure service vprn network-interface lag-per-link-hash

configure service vprn interface sap lag-per-link-hash

Description

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores the default configuration.

Default

no lag-per-link-hash (equivalent to weight 1 class 1)

Platforms

All

lag-per-link-hash

Syntax

lag-per-link-hash class class weight [weight]

no lag-per-link-hash

Context

[Tree] (config>router>if lag-per-link-hash)

Full Context

configure router interface lag-per-link-hash

Description

This command configures weight and class to this interface to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores the default configuration (weight 1 class 1).

Default

no lag-per-link-hash

Parameters

class

Specifies the class.

Values

1, 2, 3

weight

Specifies the weight.

Values

1 to 1024

Platforms

All

lag-port-down

lag-port-down

Syntax

lag-port-down lag-id number-down number-lag-port-down level level-id

no lag-port-down lag-id number-down number-lag-port-down

Context

[Tree] (config>router>mcac>policy>bundle>mc-constraints lag-port-down)

Full Context

configure router mcac policy bundle mc-constraints lag-port-down

Description

This command configures the bandwidth available both at the interface and bundle level when a specific number of ports in a LAG group fail.

The no form of this command removes the values from the configuration.

Parameters

lag-id

Specifies the LAG ID. When the number of ports available in the LAG link is reduced by the number of ports configured in this context then the level-id specified here must be applied.

number-lag-port-down

If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.

Values

1 to 64 (for 64-link LAG) 1 to 32 (for other LAGs)

level-id

Specifies the amount of bandwidth available within a given bundle for MC traffic for a specified level.

Values

1 to 8

Platforms

All

lag-port-down

Syntax

[no] lag-port-down lag-id

Context

[Tree] (config>vrrp>policy>priority-event lag-port-down)

Full Context

configure vrrp policy priority-event lag-port-down

Description

This command creates the context to configure Link Aggregation Group (LAG) priority control events that monitor the operational state of the links in the LAG.

The lag-port-down command configures a priority control event. The event monitors the operational state of each port in the specified LAG. When one or more of the ports enter the operational down state, the event is considered to be set. When all the ports enter the operational up state, the event is considered to be clear. As ports enter the operational up state, any previous set threshold that represents more down ports is considered cleared, while the event is considered to be set.

Multiple unique lag-port-down event nodes can be configured within the priority-event node up to the maximum of 32 events.

The lag-port-down command can reference an arbitrary LAG. The lag-id does have to already exist within the system. The operational state of the lag-port-down event will indicate:

  • Set – non-existent

  • Set – one port down

  • Set – two ports down

  • Set – three ports down

  • Set – four ports down

  • Set – five ports down

  • Set – six ports down

  • Set – seven ports down

  • Set – eight ports down

  • Cleared – all ports up

When the lag-id is created, or a port in lag-id becomes operationally up or down, the event operational state must be updated appropriately.

When one or more of the LAG composite ports enters the operationally down state or the lag-id is deleted or does not exist, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instances in-use priority value. As the event transitions from clear to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

The lag-port-down event is considered to have a tiered event set state. While the priority impact per number of ports down is totally configurable, as more ports go down, the effect on the associated virtual router instances in-use priority is expected to increase (lowering the priority). When each configured threshold is crossed, any higher thresholds are considered further event sets and are processed immediately with the hold-set timer reset to the configured value of the hold-set command. As the thresholds are crossed in the opposite direction (fewer ports down then previously), the priority effect of the event is not processed until the hold-set timer expires. If the number of ports down threshold again increases before the hold-set timer expires, the timer is only reset to the hold-setvalue if the number of ports down is equal to or greater than the threshold that set the timer.

The event contains number-down nodes that define the priority delta or explicit value to be used based on the number of LAG composite ports that are in the operationally down state. These nodes represent the event set thresholds. Not all port down thresholds must be configured. As the number of down ports increase, the number-down ports-down node that expresses a value equal to or less than the number of down ports describes the delta or explicit priority value to be applied.

The no form of the command deletes the specific LAG monitoring event. The event can be removed at anytime. When the event is removed, the in-use priority of all associated virtual router instances must be reevaluated. The events hold-set timer has no effect on the removal procedure.

Default

no lag-port-down — No LAG priority control events are created.

Parameters

lag-id

The LAG ID that the specific event is to monitor expressed as a decimal integer. The lag-id can only be monitored by a single event in this policy. The LAG may be monitored by multiple VRRP priority control policies. A port within the LAG and the LAG ID itself are considered to be separate entities. A composite port may be monitored with the port-down event while the lag-id the port is in is monitored by a lag-port-down event in the same policy.

Values

1 to 800 (apply to the 7750 SR and 7950 XRS)

1 to 200 (apply to the 7450 ESS)

Platforms

All

lag-usage-optimization

lag-usage-optimization

Syntax

[no] lag-usage-optimization

Context

[Tree] (config>router>pim lag-usage-optimization)

Full Context

configure router pim lag-usage-optimization

Description

This command enables the router’s usage of the LAG so traffic for a given multicast stream destined to an IP interface using the LAG is sent only to the forwarding complex that owns the LAG link on which it will actually be forwarded.

Changing the value causes the PIM protocol to be restarted.

If this optimization is disabled, the traffic is sent to all forwarding complexes that own at least one link in the LAG.

The no form of this command causes the traffic to be sent to all the forwarding complexes that own at least one link in the LAG.

Note:

Changes made for multicast hashing cause Layer 4 multicast traffic to not be hashed. This is independent of if lag-usage-optimization is enabled or disabled.

Using this command and the mc-ecmp-hashing-enabled command on mixed port speed LAGs is not recommended, because some groups may be forwarded incorrectly.

Default

no lag-usage-optimization

Platforms

All

lanext

lanext

Syntax

[no] lanext

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw lanext)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw lanext)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext

Description

Commands in this context configure HLE parameters.

The no form of this command disables the vRGW parameters enabled in this context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext

Syntax

[no] lanext

Context

[Tree] (config>router>vrgw lanext)

Full Context

configure router vrgw lanext

Description

Commands in this context configure HLE parameters.

The no form of this command disables the context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext

Syntax

[no] lanext

Context

[Tree] (config>subscr-mgmt>vrgw lanext)

Full Context

configure subscriber-mgmt vrgw lanext

Description

Commands in this context configure subscriber management vRGW home HLE parameters.

The no form of this command disables the context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext-bridge-id

lanext-bridge-id

Syntax

[no] lanext-bridge-id

Context

[Tree] (config>subscr-mgmt>acct-plcy>include lanext-bridge-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute lanext-bridge-id

Description

This command enables the system to include the HLE service’s bridge ID (Alc-Bridge-Id) in RADIUS accounting packets.

The no form of this command excludes the HLE service’s bridge ID (Alc-Bridge-Id) from RADIUS accounting packets.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext-device-type

lanext-device-type

Syntax

[no] lanext-device-type

Context

[Tree] (config>subscr-mgmt>acct-plcy>include lanext-device-type)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute lanext-device-type

Description

This command enables the system to include the HLE host’s device type (Alc-HLE-Device-Type) in RADIUS accounting packets.

The no form of this command excludes the HLE host’s device type (Alc-HLE-Device-Type) from RADIUS accounting packets.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext-route-distinguisher

lanext-route-distinguisher

Syntax

[no] lanext-route-distinguisher

Context

[Tree] (config>subscr-mgmt>acct-plcy>include lanext-route-distinguisher)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute lanext-route-distinguisher

Description

This command enables the system to include the HLE service’s EVPN route distinguisher (Alc-RD) in RADIUS accounting packets.

The no form of this command excludes the HLE service’s EVPN route distinguisher (Alc-RD) from RADIUS accounting packets.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext-route-target

lanext-route-target

Syntax

[no] lanext-route-target

Context

[Tree] (config>subscr-mgmt>acct-plcy>include lanext-route-target)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute lanext-route-target

Description

This command enables the system to include the HLE service’s EVPN route target (Alc-RT) in RADIUS accounting packets.

The no form of this command excludes the HLE service’s EVPN route target (Alc-RT) from RADIUS accounting packets.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lanext-vni

lanext-vni

Syntax

[no] lanext-vni

Context

[Tree] (config>subscr-mgmt>acct-plcy>include lanext-vni)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute lanext-vni

Description

This command enables the system to include the HLE service’s EVPN VXLAN VNI (Alc-Vxlan-VNI) in RADIUS accounting packets.

The no form of this command excludes the HLE service’s EVPN VXLAN VNI (Alc-Vxlan-VNI) from RADIUS accounting packets.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

last-member-query-interval

last-member-query-interval

Syntax

last-member-query-interval tenths-of-seconds

no last-member-query-interval

Context

[Tree] (config>service>vpls>sap>mld-snooping last-member-query-interval)

[Tree] (config>service>vpls>sap>igmp-snooping last-member-query-interval)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping last-member-query-interval)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping last-member-query-interval)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping last-member-query-interval)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping last-member-query-interval)

Full Context

configure service vpls sap mld-snooping last-member-query-interval

configure service vpls sap igmp-snooping last-member-query-interval

configure service vpls mesh-sdp mld-snooping last-member-query-interval

configure service vpls mesh-sdp igmp-snooping last-member-query-interval

configure service vpls spoke-sdp igmp-snooping last-member-query-interval

configure service vpls spoke-sdp mld-snooping last-member-query-interval

Description

This command configures the maximum response time used in group-specific queries sent in response to 'leave' messages, and is also the amount of time between two consecutive group-specific queries. This value may be tuned to modify the leave latency of the network. A reduced value results in reduced time to detect the loss of the last member of a group.

The configured last-member-query-interval is ignored when fast leave is enabled on the SAP or SDP.

The no form of this command reverts to the default value.

Default

last-member-query-interval 10

Parameters

tenths-of-seconds

Specifies the frequency, in tenths of a second, at which query messages are sent.

Values

1 to 50

Platforms

All

last-member-query-interval

Syntax

last-member-query-interval tenths-of-seconds

no last-member-query-interval

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp last-member-query-interval)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping last-member-query-interval

Description

This command configures the maximum response time used in group-specific queries sent in response to leave messages, and is also the amount of time between two consecutive group-specific queries. This value may be tuned to modify the leave latency of the network. A reduced value results in reduced time to detect the loss of the last member of a group.

The configured interval is ignored when fast-leave is enabled on the SAP or SDP.

The no form of this command reverts to the default.

Default

last-member-query-interval 10

Parameters

seconds

Specifies the frequency, in tenths of seconds, at which query messages are sent.

Values

1 to 50

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

last-member-query-interval

Syntax

last-member-query-interval interval

no last-member-query-interval

Context

[Tree] (config>service>pw-template>igmp-snooping last-member-query-interval)

Full Context

configure service pw-template igmp-snooping last-member-query-interval

Description

This command configures the maximum response time used in group-specific queries sent in response to 'leave’ messages, and is also the amount of time between 2 consecutive group-specific queries. This value may be tuned to modify the leave latency of the network. A reduced value results in reduced time to detect the loss of the last member of a group.

The configured last-member-query-interval is ignored when fast-leave is enabled on the SAP or SDP.

Default

last-member-query-interval 10

Parameters

interval

Specifies the frequency, in tenths of seconds, at which query messages are sent.

Values

1 to 50

Platforms

All

last-reported-delay-hold

last-reported-delay-hold

Syntax

last-reported-delay-hold seconds

no last-reported-delay-hold

Context

[Tree] (config>test-oam>link-meas>template last-reported-delay-hold)

Full Context

configure test-oam link-measurement measurement-template last-reported-delay-hold

Description

This command configures the timer that specifies the wait time before the last reported delay measurement is flushed after a link measurement test enters the operationally down state. The aging timer delays the flushing of the last reported delay metric to the routing engine.

This timer starts a countdown to zero when an administrative function causes the operational state of the test on that specific interface to transition from up to down. If the timer expires before the operational state transitions to up, the previously reported value is flushed. The Delay Measurement Last Reported indicates "Cleared”. The timestamp indicates the time of the clear event. The Triggered By indicates "Expired”. If the administrative state recovers to operationally up before the expiration of the timer, the previous reported value is not flushed.

The aging timer does not apply to failure conditions that do not affect the administrative state of the interface, for example interface failure or routing changes.

The no form of this command reverts to the default value.

Default

last-reported-delay-hold 86400

Parameters

seconds

Specifies the delay measurement retention time, in seconds, after the interface on which it was collected is administratively disabled. If the configured value is reached, the last reported measurement is cleared.

A configured value of 0 indicates that the previous reported value is cleared without additional wait time.

Values

0 to 86400

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

latency-event

latency-event

Syntax

latency-event rising-threshold threshold [falling-threshold threshold] [direction]

no latency-event

Context

[Tree] (config>saa>test latency-event)

Full Context

configure saa test latency-event

Description

Specifies that at the termination of an SAA test probe, the calculated latency event value is evaluated against the configured rising and falling latency event thresholds. SAA threshold events are generated as required.

Once the threshold (rising/falling) is crossed, it is disabled from generating additional events until the opposite threshold is crossed. If a falling-threshold is not supplied, the rising- threshold is re-enabled when it falls below the threshold after the initial crossing that generated the event.

The configuration of latency event thresholds is optional.

The no form of this command disables the latency event.

Parameters

rising-threshold threshold

Specifies a rising threshold latency value, in milliseconds. When the test run is completed, the calculated latency value is compared to the configured latency rising threshold. If the test run latency value is greater than the configured rising threshold value then an SAA threshold event is generated. The SAA threshold event is tmnxOamSaaThreshold, logger application OAM, event #2101.

Values

0 to 2147483

Default

0

falling-threshold threshold

Specifies a falling threshold latency value, in milliseconds. When the test run is completed, the calculated latency value is compared to the configured latency falling threshold. If the test run latency value is greater than the configured falling threshold value then an SAA threshold event is generated. The SAA threshold event is tmnxOamSaaThreshold, logger application OAM, event #2101.

Values

0 to 2147483

Default

0

direction

Specifies the direction for OAM ping responses received for an OAM ping test run.

Values

inbound — Monitor the value of jitter calculated for the inbound, one-way, OAM ping responses received for an OAM ping test run.

outbound — Monitor the value of jitter calculated for the outbound, one-way, OAM ping requests sent for an OAM ping test run.

roundtrip — Monitor the value of jitter calculated for the round trip, two-way, OAM ping requests and replies for an OAM ping test run.

Default

roundtrip

Platforms

All

layer-3

layer-3

Syntax

layer-3

Context

[Tree] (config>subscr-mgmt>shcv-policy layer-3)

Full Context

configure subscriber-mgmt shcv-policy layer-3

Description

Commands in this context configure SHCV behavior parameters for IES and VPRN services.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

layer-3-encap

layer-3-encap

Syntax

layer-3-encap [{ip-udp-shim | ip-gre | ip-udp-shim-sampled}] [create]

no layer-3-encap

Context

[Tree] (config>mirror>mirror-dest>encap layer-3-encap)

Full Context

configure mirror mirror-dest encap layer-3-encap

Description

This command specifies the format of the routable encapsulation to add to each copied packet. Layer 3 encapsulation takes precedence over Ethernet encapsulation configuration in an LI source. No changes are allowed to the Layer 3 encapsulation once a gateway is configured.

The no form of this command removes the routable encapsulation.

Default

no layer-3-encap

Parameters

ip-udp-shim

Specifies that the type of Layer 3 encapsulation is an IPv4 header, UDP header, and LI shim header added to the mirrored packets.

ip-gre

Specifies that the type of Layer 3 encapsulation is an IPv4 header and GRE header added to the mirrored packets. This encapsulation type is only supported with mirror-type ip-only.

ip-udp-shim-sampled

Specifies that the type of Layer 3 encapsulation is an IPv4 header, UDP header, and a mirror shim header added to the mirrored packets providing direction, mirror type, filter action, interface type, and interface value.

create

Creates a Layer 3 encapsulation.

Platforms

All

layer-3-encap

Syntax

layer-3-encap [ip-udp-shim | ip-gre]

no layer-3-encap

Context

[Tree] (config>li>mirror-dest-template layer-3-encap)

Full Context

configure li mirror-dest-template layer-3-encap

Description

This command specifies the format of the routable encapsulation to add to each copied packet. Layer 3 encapsulation takes precedence over Ethernet encapsulation configuration in an LI source. No changes are allowed to the Layer 3 encapsulation after a gateway is configured.

The no form of this command disables Layer 3 encapsulation.

Parameters

ip-udp-shim

Specifies that the type of Layer 3 encapsulation is an IPv4 header, UDP header, and LI-Shim.

ip-gre

Specifies that the type of Layer 3 encapsulation is an IPv4 GRE.

Platforms

All

lbl-eth-or-ip-l4-teid

lbl-eth-or-ip-l4-teid

Syntax

lbl-eth-or-ip-l4-teid

no lbl-eth-or-ip-l4-teid

Context

[Tree] (config>service>vpls>load-balancing lbl-eth-or-ip-l4-teid)

[Tree] (config>service>epipe>load-balancing lbl-eth-or-ip-l4-teid)

Full Context

configure service vpls load-balancing lbl-eth-or-ip-l4-teid

configure service epipe load-balancing lbl-eth-or-ip-l4-teid

Description

This command enables hashing of MPLS Ethernet and MPLS IP packets received on the Epipe and VPLS service SAP using the MPLS labels, the inner IP addresses, the port numbers, and the GTP TEID field, if read by the system. This capability is supported on FP4- and FP5-based line cards.

The no form of this command disables hashing.

Default

no lbl-eth-or-ip-l4-teid

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lbm-svc-act-responder

lbm-svc-act-responder

Syntax

[no] lbm-svc-act-responder

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep lbm-svc-act-responder)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep lbm-svc-act-responder)

Full Context

configure service epipe sap eth-cfm mep lbm-svc-act-responder

configure service epipe spoke-sdp eth-cfm mep lbm-svc-act-responder

Description

This command enables the MEP to process service activation streams encapsulated in ETH-CFM LBM frames that are directed to the MEP. The MEP will be allocated additional resources to rapidly respond to a high-speed stream of LBM messages.

A MEP created with this option will not validate any TLVs, will not validate the ETH-LBM MAC Address, and will not increment or compute any loopback statistics. Statistical computation and reporting is the responsibility of the test head-end. The ETH-CFM level of the high speed ETH-LBM stream must match the level of a MEP configured with this command. The high-speed stream must not target an ETH-CFM level that is not explicitly configured with this option. MEPs act as boundaries for lower levels, below the configured MEP level values. Those boundary levels do not inherit this function.

When the service activation test is complete, the MEP may be returned to standard processing by removing this command. If there is available bandwidth, the MEP will respond to other ETH-CFM PDUs, such as ETH-DMM marker packets, using standard processing.

The interaction between this command and the tools perform service id service-id loopback eth command must be carefully considered. It is recommended that either the lbm-svc-act-responder or the tools perform service id service-id loopback eth command be used at any given time within a service. If both commands must be configured, and the target reflection point is the MAC Swap Loopback function, the inbound stream of data must not include ETH-CFM traffic that is equal to or lower than the domain level of any configured MEP which would otherwise extract and process the ETH-CFM message. If the reflection target is a MEP configured with the lbm-svc-act-responder option, the mode (ingress or egress) of the SAP or SDP specified with this tools command and the MEP direction (up or down) must match when the functions are enabled on the same reflection point, and the domain level of the inbound ETH-LBM must be the same as that of the MEP configured with the lbm-svc-act-responder option. At no time should the two functions be conflicting with each other along the path of the stream. This conflict would lead to unpredictable and possibly destabilizing situations.

The no form of this command reverts to MEP LBM standard processing.

Default

no lbm-svc-act-responder

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lbm-svc-act-responder

Syntax

[no] lbm-svc-act-responder

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep lbm-svc-act-responder)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep lbm-svc-act-responder)

[Tree] (config>service>vpls>sap>eth-cfm>mep lbm-svc-act-responder)

Full Context

configure service vpls spoke-sdp eth-cfm mep lbm-svc-act-responder

configure service vpls mesh-sdp eth-cfm mep lbm-svc-act-responder

configure service vpls sap eth-cfm mep lbm-svc-act-responder

Description

This command enables the MEP to process service activation streams encapsulated in ETH-CFM LBM frames that are directed to the MEP. The MEP will be allocated additional resources to rapidly respond to a high-speed stream of LBM messages. A MEP created with this option will not validate any TLVs, will not validate the ETH-LBM MAC Address, and will not increment or compute any loopback statistics. Statistical computation and reporting is the responsibility of the test head-end. The ETH-CFM level of the high speed ETH-LBM stream must match the level of a MEP configured with this command. It must not target any lower ETH-CFM level the MEP will terminate. When the service activation test is complete, the MEP may be returned to standard processing by removing this command. If there is available bandwidth, the MEP will respond to other ETH-CFM PDUs, such as ETH-DMM marker packets, using standard processing.

The interaction between this command and the tools perform service id service-id loopback eth command must be carefully considered. It is recommended that either the lbm-svc-act-responder or the tools perform service id service-id loopback eth command be used at any given time within a service. If both commands must be configured, and the target reflection point is the MAC Swap Loopback function, the inbound stream of data must not include ETH-CFM traffic that is equal to or lower than the domain level of any configured MEP which would otherwise extract and process the ETH-CFM message. If the reflection target is a MEP configured with the lbm-svc-act-responder option, the mode (ingress or egress) of the SAP or SDP specified with this tools command and the MEP direction (up or down) must match when the functions are enabled on the same reflection point, and the domain level of the inbound ETH-LBM must be the same as that of the MEP configured with the lbm-svc-act-responder option. At no time should the two functions be conflicting with each other along the path of the stream. This conflict would lead to unpredictable and possibly destabilizing situations.

The no form of this command reverts to MEP LBM standard processing.

Default

no lbm-svc-act-responder

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lbm-svc-act-responder

Syntax

[no] lbm-svc-act-responder

Context

[Tree] (config>router>if>eth-cfm>mep lbm-svc-act-responder)

Full Context

configure router interface eth-cfm mep lbm-svc-act-responder

Description

This command enables the MEP to process service activation streams encapsulated in ETH-CFM LBM frames that are directed to the MEP. The MEP will be allocated additional resources to rapidly respond to a high-speed stream of LBM messages. A MEP created with this option will not validate any TLVs, will not validate the ETH-LBM MAC Address, and will not increment or compute any loopback statistics. Statistical computation and reporting is the responsibility of the test head-end. The ETH-CFM level of the high speed ETH-LBM stream must match the level of a MEP configured with this command. It must not target any lower ETH-CFM level the MEP will terminate. When the service activation test is complete, the MEP may be returned to standard processing by removing this command. If there is available bandwidth, the MEP will respond to other ETH-CFM PDUs, such as ETH-DMM marker packets, using standard processing.

The interaction between this command and the tools perform service id service-id loopback eth command must be carefully considered. It is recommended that either the lbm-svc-act-responder or the tools perform service id service-id loopback eth command be used at any given time within a service. If both commands must be configured, and the target reflection point is the MAC Swap Loopback function, the inbound stream of data must not include ETH-CFM traffic that is equal to or lower than the domain level of any configured MEP which would otherwise extract and process the ETH-CFM message. If the reflection target is a MEP configured with the lbm-svc-act-responder option, the mode (ingress or egress) of the SAP or SDP specified with this tools command and the MEP direction (up or down) must match when the functions are enabled on the same reflection point, and the domain level of the inbound ETH-LBM must be the same as that of the MEP configured with the lbm-svc-act-responder option. At no time should the two functions be conflicting with each other along the path of the stream. This conflict would lead to unpredictable and possibly destabilizing situations.

The no form of this command reverts to MEP LBM standard processing.

Default

no lbm-svc-act-responder

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lbo

lbo

Syntax

lbo [0dB | -7.5dB | -15.0dB | -22.5dB]

Context

[Tree] (config>port>tdm lbo)

Full Context

configure port tdm lbo

Description

This command applies only to a DS-1 port configured with a 'long' buildout (see the buildout command). Specify the number of decibels the transmission signal decreases over the line.

For 'short' buildout the following values are valid:

lboNotApplicable — Not applicable

For 'long' buildout the following values are valid:

lbo0dB

For 0 dB

lboNeg7p5dB

For -7.5 dB

lboNeg15p0dB

For -15.0 dB

lboNeg22p5dB

For -22.5 dB

The default for 'short' build out is 'NotApplicable' while the default for 'long' buildout is 'lbo0dB'.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

lcp-force-ack-accm

lcp-force-ack-accm

Syntax

lcp-force-ack-accm {always | never}

no lcp-force-ack-accm

Context

[Tree] (config>service>vprn>l2tp>group>ppp lcp-force-ack-accm)

[Tree] (config>router>l2tp>group>tunnel>ppp lcp-force-ack-accm)

[Tree] (config>router>l2tp>group>ppp lcp-force-ack-accm)

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp lcp-force-ack-accm)

Full Context

configure service vprn l2tp group ppp lcp-force-ack-accm

configure router l2tp group tunnel ppp lcp-force-ack-accm

configure router l2tp group ppp lcp-force-ack-accm

configure service vprn l2tp group tunnel ppp lcp-force-ack-accm

Description

This command enables the LCP Asynchronous Control Character Map (ACCM) configuration option. When enabled, the LCP ACCM configuration option is acknowledged during LCP negotiation between the LNS and the PPP client. The option is then ignored and no ACCM mapping is done.

By default, an L2TP tunnel inherits the configuration from the L2TP group CLI context.

The no form of this command disables the LCP ACCM configuration option.

Parameters

always

Specifies to acknowledge the LCP ACCM configuration option, but not to perform ACCM mapping. This option overrides the group level configuration.

never

Specifies to reject the LCP ACCM configuration option. This option overrides the group level configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lcp-ignore-identifier

lcp-ignore-identifier

Syntax

[no] lcp-ignore-identifier

Context

[Tree] (config>subscr-mgmt>ppp-policy lcp-ignore-identifier)

Full Context

configure subscriber-mgmt ppp-policy lcp-ignore-identifier

Description

This command instructs BNG to ignore identifier values in Link Control Protocol (LCP) Echo Reply packets and keep the PPP session up.

The no form of this command instructs BNG not to ignore the identifier values, in which case, incorrect messages are discarded and the PPP session terminates because of echo timeout.

Default

lcp-ignore-identifier

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lcp-ignore-magic-numbers

lcp-ignore-magic-numbers

Syntax

lcp-ignore-magic-numbers {always | never}

no lcp-ignore-magic-numbers

Context

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp lcp-ignore-magic-numbers)

[Tree] (config>service>vprn>l2tp>group>ppp lcp-ignore-magic-numbers)

[Tree] (config>router>l2tp>group>tunnel>ppp lcp-ignore-magic-numbers)

[Tree] (config>router>l2tp>group>ppp lcp-ignore-magic-numbers)

Full Context

configure service vprn l2tp group tunnel ppp lcp-ignore-magic-numbers

configure service vprn l2tp group ppp lcp-ignore-magic-numbers

configure router l2tp group tunnel ppp lcp-ignore-magic-numbers

configure router l2tp group ppp lcp-ignore-magic-numbers

Description

This command configures checking the magic number field in LCP Echo-Request and LCP Echo-Reply messages.

The no form of this command reverts to the default value.

Default

no lcp-ignore-magic-numbers

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lcp-ignore-magic-numbers

Syntax

[no] lcp-ignore-magic-numbers

Context

[Tree] (config>subscr-mgmt>ppp-policy lcp-ignore-magic-numbers)

Full Context

configure subscriber-mgmt ppp-policy lcp-ignore-magic-numbers

Description

This command enables the PPP session to stay established when an LCP peer magic number mismatch is detected.

By default, the PPP session is terminated when an LCP peer magic number mismatch is detected.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ldap

ldap

Syntax

[no] ldap

Context

[Tree] (config>system>security ldap)

Full Context

configure system security ldap

Description

This command configures LDAP authentication parameters for the system.

The no form of this command de-configures the LDAP client from the SR OS.

Platforms

All

ldap-server

ldap-server

Syntax

ldap-server server-name

no ldap-server

Context

[Tree] (config>system>security>ldap>server ldap-server)

Full Context

configure system security ldap server ldap-server

Description

This command enables the LDAP server name or description.

The no form of this command disables the LDAP server name.

Parameters

server-name

Specifies the name of the server, up to 32 characters.

Platforms

All

ldp

ldp

Syntax

[no] ldp

Context

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter ldp)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter ldp)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter ldp)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter ldp)

Full Context

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter ldp

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter ldp

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter ldp

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter ldp

Description

This command enables LDP for the auto-bind tunnel resolution filter.

This command instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.

The no form of this command removes the configuration.

Default

no ldp

Platforms

All

ldp

Syntax

[no] ldp

Context

[Tree] (config>router ldp)

Full Context

configure router ldp

Description

Commands in this context configure an LDP parameters.

To suspend the LDP protocol, use the shutdown command. Configuration parameters are not affected.

The no form of the command deletes the LDP protocol instance, removing all associated configuration parameters. The LDP instance must first be disabled with the shutdown command before being deleted.

Platforms

All

ldp

Syntax

[no] ldp

Context

[Tree] (debug>router ldp)

Full Context

debug router ldp

Description

Use this command to configure LDP debugging.

Platforms

All

ldp

Syntax

[no] ldp

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter ldp)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter ldp

Description

This command enables the use of LDP-sourced tunnel entries in the TTM to resolve the associated static route next-hop.

The no form of this command disables the use of LDP-sourced tunnel entries to resolve static route next hops.

Default

no ldp

Platforms

All

ldp

Syntax

[no] ldp

Context

[Tree] (config>service>sdp ldp)

Full Context

configure service sdp ldp

Description

This command enables LDP-signaled LSPs on MPLS-encapsulated SDPs.

In MPLS SDP configurations either one or more LSP names can be specified or LDP can be enabled. The SDP ldp and lsp commands are mutually exclusive except if the mixed-lsp-mode option is also enabled. If an LSP is specified on an MPLS SDP, then LDP cannot be enabled on the SDP. To enable LDP on the SDP when an LSP is already specified, the LSP must be removed from the configuration using the no lsp lsp-name command or the mixed-lsp-mode option is also enabled.

Alternatively, if LDP is already enabled on an MPLS SDP, then an LSP cannot be specified on the SDP. To specify an LSP on the SDP, the LDP must be disabled. The LSP must have already been created in the config>router>mpls context with a valid far-end IP address. The above rules are relaxed when the mixed-lsp option is enabled on the SDP.

Default

no ldp (disabled)

Platforms

All

ldp

Syntax

[no] ldp

Context

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter ldp)

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter ldp)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter ldp

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter ldp

Description

This command enables LDP tunneling for next-hop resolution and specifies the LDP tunnels in the tunnel table corresponding to /32 IPv4 FECs and /128 IPv6 FECs.

The no form of this command disables LDP tunneling for next-hop resolution.

Platforms

All

ldp-over-rsvp

ldp-over-rsvp

Syntax

ldp-over-rsvp [include | exclude]

Context

[Tree] (config>router>mpls>lsp ldp-over-rsvp)

[Tree] (config>router>mpls>lsp-template ldp-over-rsvp)

Full Context

configure router mpls lsp ldp-over-rsvp

configure router mpls lsp-template ldp-over-rsvp

Description

This command configures an LSP so that it can be used by the IGP to calculate its SPF tree.

When the ldp-over-rsvp option is also enabled in ISIS or OSPF, the IGP provides LDP with all ECMP IP next-hops and tunnel endpoints that it considers to be the lowest cost path to its destination.

IGP provides only the endpoints which are the closest to the destination in terms of IGP cost for each IP next-hop of a prefix. If this results in more endpoints than the ECMP value configured on the router, it will further prune the endpoints based on the lowest router-id and for the same router-id, it will select lowest interface-index first.

LDP then looks up the tunnel table to select the actual tunnels to the endpoint provided by IGP and further limits the endpoint selection to the ones which are the closest to destination across all the IP next-hops provided by IGP for a prefix. For each remaining endpoint, LDP selects a tunnel in a round-robin fashion until the router ECMP value is reached. For each endpoint, only tunnels with the same lowest metric are candidates. If more than one tunnel qualifies, the selection begins with the lowest tunnel-id.

Default

ldp-over-rsvp include

Platforms

All

ldp-over-rsvp

Syntax

[no] ldp-over-rsvp

Context

[Tree] (config>router>isis ldp-over-rsvp)

Full Context

configure router isis ldp-over-rsvp

Description

This command allows LDP over RSVP processing in IS-IS.

The no form of this command disables LDP over RSVP processing.

Default

no ldp-over-rsvp

Platforms

All

ldp-over-rsvp

Syntax

[no] ldp-over-rsvp

Context

[Tree] (config>router>ospf ldp-over-rsvp)

Full Context

configure router ospf ldp-over-rsvp

Description

This command allows LDP-over-RSVP processing in this OSPF instance.

Default

no ldp-over-rsvp

Platforms

All

ldp-shortcut

ldp-shortcut

Syntax

[no] ldp-shortcut

Context

[Tree] (config>router ldp-shortcut)

Full Context

configure router ldp-shortcut

Description

This command enables the resolution of IGP routes using LDP LSP across all network interfaces participating in the IS-IS and OSPF routing protocol in the system.

When LDP shortcut is enabled, LDP populates the routing table with next-hop entries corresponding to all prefixes for which it activated an LDP FEC. For a given prefix, two route entries are populated in the system routing table. One corresponds to the LDP shortcut next-hop and has an owner of LDP. The other one is the regular IP next-hop. The LDP shortcut next-hop always has preference over the regular IP next-hop for forwarding user packets and specified control packets over a given outgoing interface to the route next-hop.

All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP.

When an IPv4 packet is received on an ingress network interface, a subscriber IES interface, or a regular IES interface, the lookup of the packet by the ingress forwarding engine will result in the packet being sent labeled with the label stack corresponding to the NHLFE of the LDP LSP when the preferred RTM entry corresponds to an LDP shortcut.

If the preferred RTM entry corresponds to an IP next-hop, the IPv4 packet is forwarded without a label.

When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress forwarding engine will spray the packets for this route based on hashing routine currently supported for IPv4 packets. When the preferred RTM entry corresponds to an LDP shortcut route, spraying will be performed across the multiple next-hops for the LDP FEC. The FEC next-hops can either be direct link LDP neighbors or T-LDP neighbors reachable over RSVP LSPs in the case of LDP-over-RSVP but not both.

When the preferred RTM entry corresponds to a regular IP route, spraying will be performed across regular IP next-hops for the prefix.

The no form of this command disables the resolution of IGP routes using LDP shortcuts.

Default

no ldp-shortcut

Platforms

All

ldp-sync

ldp-sync

Syntax

[no] ldp-sync

Context

[Tree] (config>service>vprn>static-route-entry>indirect ldp-sync)

Full Context

configure service vprn static-route-entry indirect ldp-sync

Description

This command extends the LDP synchronization feature to a static route. When an interface comes back up, it is possible that a preferred static route using the interface as next-hop for a given prefix is enabled before the LDP adjacency to the peer LSR comes up on this interface. In this case, traffic on an SDP that uses the static route for the far-end address would be black-holed until the LDP session comes up and the FECs exchanged.

This option when enabled delays the activation of the static route until the LDP session comes up over the interface and the ldp-sync-timer configured on that interface has expired

Default

no ldp-sync

Platforms

All

ldp-sync

Syntax

[no] ldp-sync

Context

[Tree] (config>router>static-route-entry>next-hop ldp-sync)

Full Context

configure router static-route-entry next-hop ldp-sync

Description

This command extends the LDP synchronization feature to a static route. When an interface comes back up, it is possible that a preferred static route using the interface as next-hop for a given prefix is enabled before the LDP adjacency to the peer LSR comes up on this interface. In this case, traffic on an SDP that uses the static route for the far-end address would be black-holed until the LDP session comes up and the FECs exchanged.

This option when enabled delays the activation of the static route until the LDP session comes up over the interface and the ldp-sync-timer configured on that interface has expired

Default

no ldp-sync

Platforms

All

ldp-sync-timer

ldp-sync-timer

Syntax

ldp-sync-timer seconds [end-of-lib]

no ldp-sync-timer

Context

[Tree] (config>router>if ldp-sync-timer)

Full Context

configure router interface ldp-sync-timer

Description

This command enables synchronization of an IGP and LDP. When a link is restored after a failure, the IGP sets the link cost to infinity and advertises it. The actual value advertised in OSPF is 0xFFFF (65535). The actual value advertised in IS-IS regular metric is 0x3F (63) and in IS-IS wide-metric is 0xFFFFFE (16777214). This feature is not supported on RIP interfaces.

If an interface belongs to both IS-IS and OSPF, a physical failure will cause both IGPs to advertise an infinite metric and to follow the IGP-LDP synchronization procedures. If only one IGP bounces on this interface or on the system, then only the affected IGP advertises the infinite metric and follows the IGP-LDP synchronization procedures.

Next, an LDP Hello adjacency is brought up with the neighbor. The LDP synchronization timer is started by the IGP when the LDP session to the neighbor is up over the interface. This is to allow time for the label-FEC bindings to be exchanged.

When the LDP synchronization timer expires, the link cost is restored and is readvertised. The IGP will announce a new best next hop and LDP will use it if the label binding for the neighbor’s FEC is available.

If the user changes the cost of an interface, the new value is advertised at the next flooding of link attributes by the IGP. However, if the LDP synchronization timer is still running, the new cost value will only be advertised after the timer expires. The new cost value will also be advertised after the user executes any of the following commands:

  • tools>perform>router>isis>ldp-sync-exit

  • tools>perform>router>ospf>ldp-sync-exit

  • config>router>if>no ldp-sync-timer

  • config>router>ospf>disable-ldp-sync

  • router>isis>disable-ldp-sync

If the user changes the value of the LDP synchronization timer parameter, the new value will take effect at the next synchronization event. If the timer is still running, it will continue to use the previous value.

If parallel links exist to the same neighbor, then the bindings and services should remain up as long as there is one interface that is up. However, the user-configured LDP synchronization timer still applies on the interface that failed and was restored. In this case, the router will only consider this interface for forwarding after the IGP re-advertises its actual cost value.

The LDP Sync Timer State is not always synchronized across to the standby CPM. Therefore, after an activity switch, the timer state might not be same as it was on the previously active CPM.

If the end-of-lib option is configured, then the system will start the LDP synchronization timer as usual. If the LDP End of LIB Typed Wildcard FEC messages are received for every FEC type negotiated for a given session to an LDP peer for that IGP interface, the ldp-sync-timer is terminated early and the IGP link cost is restored. If the ldp-sync-timer expires before the LDP End of LIB messages are received for every negotiated FEC type, then the system will restore the IGP link cost. The end-of-lib option is disabled by default.

The no form of this command disables IGP-LDP synchronization and deletes the configuration.

Default

no ldp-sync-timer

Parameters

seconds

Specifies the time interval for the IGP-LDP synchronization timer.

Values

1 to 1800

end-of-lib

Specifies that the system should terminate the ldp-sync-timer early if the LDP End of LIB Typed Wildcard FEC messages are received for every FEC type negotiated for a given session to an LDP peer for that IGP interface.

Platforms

All

ldp-treetrace

ldp-treetrace

Syntax

ldp-treetrace {prefix ip-prefix/mask} [ downstream-map-tlv {dsmap | ddmap}] [fc fc-name [profile {in | out}]] [max-path max-paths] [max-ttl ttl-value] [retry-count retry-count] [timeout timeout]

Context

[Tree] (oam ldp-treetrace)

Full Context

oam ldp-treetrace

Description

This command allows the user to perform a single run of the LDP ECMP OAM tree trace to discover all ECMP paths of an LDP FEC.

Parameters

ip-prefix/mask

Specifies the address prefix and subnet mask of the target BGP IPv4 label route.

Values

ip-prefix: a.b.c.dmask, the value must be 32

downstream-map-tlv {dsmap | ddmap}

Specifies which format of the downstream mapping TLV to use in the LSP trace packet. The DSMAP TLV is the original format in RFC 4379 (obsoleted by RFC 8029). The DDMAP is the new enhanced format specified in RFC 6424 and RFC 8029.

Default

Inherited from global configuration of downstream mapping TLV in option mpls-echo-request-downstream-map {dsmap | ddmap}.

fc-name

Specifies the FC and profile parameters are used to indicate the forwarding class and profile of the MPLS echo request packet.

When an MPLS echo request packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to the specified FC and profile parameter values. The marking of the packet's EXP is dictated by the LSP-EXP mappings on the outgoing interface.

When the MPLS echo request packet is received on the responding node, The FC and profile parameter values are dictated by the LSP-EXP mappings of the incoming interface.

When an MPLS echo reply packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to the FC and profile parameter values determined by the classification of the echo request packet, which is being replied to, at the incoming interface. The marking of the packet's EXP is dictated by the LSP-EXP mappings on the outgoing interface. The ToS byte is not modified. ldp-treetrace Request Packet and Behavior summarizes this behavior.

Table 2. ldp-treetrace Request Packet and Behavior

CPM (sender node)

Echo request packet:

  • packet {tos=1, fc1, profile1}

  • fc1 and profile1 are as entered by user in OAM command or default values

  • tos1 as per mapping of {fc1, profile1} to IP precedence in network egress QoS policy of outgoing interface

Outgoing interface (sender node)

Echo request packet:

  • pkt queued as {fc1, profile1}

  • ToS field=tos1 not remarked

  • EXP=exp1, as per mapping of {fc1, profile1} to EXP in network egress QoS policy of outgoing interface

Incoming interface (responder node)

Echo request packet:

  • packet {tos1, exp1}

  • exp1 mapped to {fc2, profile2} as per classification in network QoS policy of incoming interface

CPM (responder node)

Echo reply packet:

  • packet {tos=1, fc2, profile2}

Outgoing interface (responder node)

Echo reply packet:

  • pkt queued as {fc2, profile2}

  • ToS filed= tos1 not remarked (reply inband or out-of-band)

  • EXP=exp2, if reply is inband, remarked as per mapping of {fc2, profile2} to EXP in network egress QoS policy of outgoing interface

Incoming interface (sender node)

Echo reply packet:

  • packet {tos1, exp2}

  • exp2 mapped to {fc1, profile1} as per classification in network QoS policy of incoming interface

Values

be, l2, af, l1, h2, ef, h1, nc

Default

be

profile {in | out}

Specifies the profile state of the MPLS echo request packet.

Values

in, out

Default

out

max-paths

Specifies the maximum number of paths for a ldp-treetrace test, expressed as a decimal integer.

Values

1 to 255

Default

128

ttl-value

Specifies the maximum TTL value in the MPLS label for the LSP trace test, expressed as a decimal integer.

Values

1 to 255

Default

30

retry-count

Specifies the maximum number of consecutive MPLS echo requests, expressed as a decimal integer that do not receive a reply before the trace operation fails for a given TTL.

Values

1 to 255

Default

5

timeout

Specifies the time, in seconds, used to override the default time out value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. Any response received after the request times out is silently discarded.

Values

1 to 60

Default

3

Platforms

All

Output

The following is an example of treetrace prefix information.

Sample Output
*A:Dut-A# oam ldp-treetrace prefix 10.20.1.6/32 

ldp-treetrace for Prefix 10.20.1.6/32:

         127.0.0.1, ttl =   3 dst =      127.1.0.255 rc = EgressRtr status = Done
    Hops:         127.0.0.1         127.0.0.1

         127.0.0.1, ttl =   3 dst =      127.2.0.255 rc = EgressRtr status = Done
    Hops:         127.0.0.1         127.0.0.1

ldp-treetrace discovery state: Done
ldp-treetrace discovery status: ' OK '
Total number of discovered paths: 2
Total number of failed traces: 0

ldp-treetrace

Syntax

[no] ldp-treetrace

Context

[Tree] (config>test-oam ldp-treetrace)

Full Context

configure test-oam ldp-treetrace

Description

This command creates the context to configure the LDP ECMP OAM tree trace which consists of an LDP ECMP path discovery and an LDP ECMP path probing features.

The no form of this command deletes the configuration for the LDP ECMP OAM tree discovery and path probing under this context.

Platforms

All

Output

The following is an example LDP treetrace information.

Sample Output Over a Numbered IP Interface
*A:Dut-B# oam ldp-treetrace prefix 10.20.1.5/32 

ldp-treetrace for Prefix 10.20.1.5/32:

       10.10.131.2, ttl =   2 dst =      127.1.0.253 rc = EgressRtr status = Done
    Hops:          11.1.0.2

       10.10.132.2, ttl =   2 dst =      127.1.0.255 rc = EgressRtr status = Done
    Hops:          11.1.0.2

       10.10.131.2, ttl =   2 dst =      127.2.0.255 rc = EgressRtr status = Done
    Hops:          11.2.0.2

       10.10.132.2, ttl =   2 dst =      127.2.0.253 rc = EgressRtr status = Done
    Hops:          11.2.0.2

ldp-treetrace discovery state: Done
ldp-treetrace discovery status: ' OK '
Total number of discovered paths: 4
Total number of failed traces: 0
Sample Output Over an Unnumbered IP Interface
*A:Dut-A# oam ldp-treetrace prefix 10.20.1.6/32 downstream-map-tlv dsmap 

ldp-treetrace for Prefix 10.20.1.6/32:

         127.0.0.1, ttl =   3 dst =      127.1.0.255 rc = EgressRtr status = Done
    Hops:         127.0.0.1         127.0.0.1

         127.0.0.1, ttl =   3 dst =      127.2.0.255 rc = EgressRtr status = Done
    Hops:         127.0.0.1         127.0.0.1

ldp-treetrace discovery state: Done
ldp-treetrace discovery status: ' OK '
Total number of discovered paths: 2
Total number of failed traces: 0

ldp-treetrace

Syntax

[no] ldp-treetrace

Context

[Tree] (debug>oam ldp-treetrace)

Full Context

debug oam ldp-treetrace

Description

This command enables debugging for OAM LDP treetrace.

The no form of this command disables the debugging.

Platforms

All

leak

leak

Syntax

leak [ip-address]

no leak

Context

[Tree] (debug>router>isis leak)

Full Context

debug router isis leak

Description

This command enables debugging for IS-IS leaks.

The no form of the command disables debugging.

Parameters

ip-address

When specified, only the specified address is debugged for IS-IS leaks.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

leak

Syntax

leak [ip-address]

no leak

Context

[Tree] (debug>router>ospf3 leak)

[Tree] (debug>router>ospf leak)

Full Context

debug router ospf3 leak

debug router ospf leak

Description

This command enables debugging for OSPF leaks.

Parameters

ip-address

Specifies the IPv4 or IPv6 address to debug OSPF leaks.

Values

ipv4-address:

  • a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

leak-export

leak-export

Syntax

leak-export plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]

no leak-export

Context

[Tree] (config>router leak-export)

Full Context

configure router leak-export

Description

This command associates up to four policies to control the leaking of GRT routes into the associated VPRN.

If a route is evaluated and the action is accepted, that route is subject leaking into an associated VPRN instance, assuming the route is fully resolved and active.

This process creates the pool of routes that can be leaked. Within each VPRN, a corresponding import-grt policy must be configured to import select routes into that specific VPRN instance.

The no form of this command removes all route leaking policy associations and effectively disables the leaking of GRT routes into associated VPRNs.

Parameters

plcy-or-long-expr

Specifies the route policy name, up to 64 characters or a policy logical expression, up to 255 characters.

Values

plcy-or-long-expr: policy-name | long-expr

policy-name: up to 64 characters

long-expr: up to 255 characters

plcy-or-expr

Specifies the route policy name, up to 64 characters or a policy logical expression, up to 64 characters long. A maximum of four policy names or policy logical expressions can be specified in a single statement.

Values

plcy-or-expr: policy-name | expr

policy-name: up to 64 characters

expr: up to 64 characters

Platforms

All

leak-export-limit

leak-export-limit

Syntax

[no] leak-export-limit [value]

Context

[Tree] (config>router leak-export-limit)

Full Context

configure router leak-export-limit

Description

This command sets a maximum limit on the number of GRT routes that can be leaked into VPRN instances.

The no form of this command resets the leak-export-limit to its default value of 5.

Default

leak-export-limit 5

Parameters

value

Specifies the maximum number of eligible GRT routes that can be leaked into VPRN instances.

Values

1 to 10000

Platforms

All

leak-import

leak-import

Syntax

leak-import plcy-or-long-expr [plcy-or-expr]

no leak-import

Context

[Tree] (config>service>vprn>bgp>rib-management>label-ipv4 leak-import)

[Tree] (config>service>vprn>bgp>rib-management>ipv6 leak-import)

[Tree] (config>service>vprn>bgp>rib-management>ipv4 leak-import)

[Tree] (config>service>vprn>bgp>rib-management>label-ipv6 leak-import)

Full Context

configure service vprn bgp rib-management label-ipv4 leak-import

configure service vprn bgp rib-management ipv6 leak-import

configure service vprn bgp rib-management ipv4 leak-import

configure service vprn bgp rib-management label-ipv6 leak-import

Description

This command configures route policies that control the importation of leak-eligible routes from the BGP RIB of another routing instance into the unlabeled-IPv4, unlabeled-IPv6, labeled-IPv4, or labeled-IPv6 RIB of the VPRN instance. To leak a route from one routing instance to another, the origin and destination RIB types must be the same; for example, it is not possible to leak a route from an unlabeled-IPv4 RIB of a VPRN into the labeled-IPv4 RIB of the base router.

The leak-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the final action to accept or reject the route.

Only one of the 15 objects referenced by the leak-import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When a leak-import policy is not specified, no BGP routes from other routing instances are leaked into the VPRN BGP RIB.

The no form of this command removes the policy association.

Default

no leak-import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string of characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string of characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

leak-import

Syntax

leak-import plcy-or-long-expr [plcy-or-expr]

no leak-import

Context

[Tree] (config>router>bgp>rib-management>ipv4 leak-import)

[Tree] (config>router>bgp>rib-management>label-ipv4 leak-import)

[Tree] (config>router>bgp>rib-management>ipv6 leak-import)

Full Context

configure router bgp rib-management ipv4 leak-import

configure router bgp rib-management label-ipv4 leak-import

configure router bgp rib-management ipv6 leak-import

Description

This command configures the router to specify route policies that control the importation of leak-eligible routes from the BGP RIB of another routing instance into the unlabeled-IPv4, unlabeled-IPv6, or labeled-IPv4 RIB of the base router. To leak a route from one routing instance to another, the origin and destination RIB types must be the same; for example, it is not possible to leak a route from an unlabeled-IPv4 RIB of a VPRN into the labeled-IPv4 RIB of the base router.

The leak-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 15 objects referenced by the leak-import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When a leak-import policy is not specified, no BGP routes from other routing instances are leaked into the base router BGP RIB.

The no form of this command removes the policy association.

Default

no leak-import

Parameters

plcy-or-long-expr

Specifies up to 14 route policy names (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string of characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

plcy-or-expr

The route policy name (up to 64 characters long) or a policy logical expression (up to 64 characters long). Allowed values are any string of characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

learn-ap-mac

learn-ap-mac

Syntax

learn-ap-mac [delay-auth]

no learn-ap-mac

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw learn-ap-mac)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw learn-ap-mac)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw learn-ap-mac

configure service ies subscriber-interface group-interface wlan-gw learn-ap-mac

Description

This command enables the sending of ARP or ND packets on the WLAN-GW GRE tunnel for certain events. The target IP address in the ARP/ND packet is the endpoint IP address of the AP. The ARP/ND response from the AP should contain the AP MAC, which subsequently can be reported in a called-station-id message. When enabled, a message will be sent for following events:

  • CPM: Mobility to an AP for which the AP-MAC is not yet known

  • CPM: RS-triggered authentication on an AP for which the AP-MAC is not yet known

  • ISA: Any mobility event

  • ISA: Any authentication where the AP-MAC is not yet known (for example, from a RADIUS proxy cache or a DHCP circuit-id). If the optional keyword delay-auth is configured, then the authentication will be delayed until the ARP/ND is answered or timed out, after which the AP-MAC can be included in the authentication.

This configuration is ignored for L2-AP and L2TPv3 access.

Parameters

delay-auth

Specifies that authentication will be delayed until the ARP/ND is answered or timed out, after which the AP-MAC can be included in the authentication.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

learn-dynamic

learn-dynamic

Syntax

[no] learn-dynamic

Context

[Tree] (config>service>ies>if>vpls>evpn>nd learn-dynamic)

[Tree] (config>service>vprn>if>vpls>evpn>arp learn-dynamic)

[Tree] (config>service>vprn>if>vpls>evpn>nd learn-dynamic)

[Tree] (config>service>ies>if>vpls>evpn>arp learn-dynamic)

Full Context

configure service ies interface vpls evpn nd learn-dynamic

configure service vprn interface vpls evpn arp learn-dynamic

configure service vprn interface vpls evpn nd learn-dynamic

configure service ies interface vpls evpn arp learn-dynamic

Description

This command controls whether the ARP or ND frames received on EVPN binds are used to learn dynamic ARP and ND entries in the ARP/ND table.

The no form of the command reverts to the default.

Default

learn-dynamic

Platforms

All

learn-l2tp-cookie

learn-l2tp-cookie

Syntax

learn-l2tp-cookie {if-match | never | always} [cookie hex string]

no learn-l2tp-cookie

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw learn-l2tp-cookie)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw learn-l2tp-cookie)

Full Context

configure service ies subscriber-interface group-interface wlan-gw learn-l2tp-cookie

configure service vprn subscriber-interface group-interface wlan-gw learn-l2tp-cookie

Description

This command specifies when this system will learn the cookie from L2TP tunnels terminating on this interface. Learning the cookie means that the value of the octets 3-8 of the cookie is interpreted as an access point’s MAC address, and used as such, for example in the Called-Station-Id attribute of RADIUS Interim-Update messages.

Parameters

if-match

Specifies that the cookie is interpreted only if the value of the first two octets of the cookie is equal to the value of the object tmnxWlanGwSoftGreIfL2tpCookie.

cookie hex string

Specifies the value used to compare the first two bytes of the cookie. This parameter is only valid if if-match is configured.

Values

0x0000 to 0xFFFF...(4 hex nibbles)

never

Specifies that the cookie value will always be ignored.

always

Always learn the AP-MAC from the cookie, regardless of the value of the first two bytes.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lease-hold-time

lease-hold-time

Syntax

lease-hold-time [days days] [hrs hours] [min minutes] [sec seconds]

no lease-hold-time

Context

[Tree] (config>router>dhcp6>server lease-hold-time)

[Tree] (config>service>vprn>dhcp>server lease-hold-time)

[Tree] (config>router>dhcp>server lease-hold-time)

[Tree] (config>service>vprn>dhcp6>server lease-hold-time)

Full Context

configure router dhcp6 local-dhcp-server lease-hold-time

configure service vprn dhcp local-dhcp-server lease-hold-time

configure router dhcp local-dhcp-server lease-hold-time

configure service vprn dhcp6 local-dhcp-server lease-hold-time

Description

This command configures the time to remember this lease and is applicable for unsolicited release conditions such as lease timeout if the lease-hold-time-for command is set to the default value no solicited-release and is additionally applicable for normal solicited releases from DHCP clients if the lease-hold-time-for command is set to solicited-release.

The no form of this command reverts to the default.

Default

lease-hold-time sec 0

Parameters

lease-hold-time

Specifies the amount of time to remember the lease.

Values

days

0 to 7305

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lease-hold-time-for

lease-hold-time-for

Syntax

[no] lease-hold-time-for

Context

[Tree] (config>service>vprn>dhcp>server lease-hold-time-for)

[Tree] (config>service>vprn>dhcp6>server lease-hold-time-for)

[Tree] (config>router>dhcp6>server lease-hold-time-for)

[Tree] (config>router>dhcp>server lease-hold-time-for)

Full Context

configure service vprn dhcp local-dhcp-server lease-hold-time-for

configure service vprn dhcp6 local-dhcp-server lease-hold-time-for

configure router dhcp6 local-dhcp-server lease-hold-time-for

configure router dhcp local-dhcp-server lease-hold-time-for

Description

Commands in this context configure lease-hold-time-for parameters which define additional types of lease or triggers that cause system to hold up leases.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lease-populate

lease-populate

Syntax

lease-populate [nbr-of-leases]

lease-populate [nbr-of-leases] l2-header [mac ieee-address]

no lease-populate

Context

[Tree] (config>service>vpls>sap>dhcp lease-populate)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp lease-populate)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp lease-populate)

[Tree] (config>service>vprn>if>dhcp lease-populate)

[Tree] (config>service>ies>if>dhcp lease-populate)

[Tree] (config>service>ies>sub-if>grp-if>dhcp lease-populate)

[Tree] (config>service>vprn>sub-if>dhcp lease-populate)

Full Context

configure service vpls sap dhcp lease-populate

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp lease-populate

configure service vprn subscriber-interface group-interface dhcp lease-populate

configure service vprn interface dhcp lease-populate

configure service ies interface dhcp lease-populate

configure service ies subscriber-interface group-interface dhcp lease-populate

configure service vprn subscriber-interface dhcp lease-populate

Description

Commands in this context configure IPoE host parameters.

For VPLS, DHCP snooping must be explicitly enabled (using the snoop command) at all points where DHCP messages requiring snooping enter the VPLS instance (both from the DHCP server and from the subscribers). Lease state information is extracted from snooped DHCP ACK messages to populate lease state table entries for the SAP.

The optional nbr-of-leases parameter defines the number lease state table entries allowed.

  • for this SAP in case of a VPLS service

  • for this interface in case of an IES or VPRN interface

  • for each SAP in case of an IES or VPRN group-interface

  • for this interface in case of an IES or VPRN retail subscriber-interface

If the nbr-of-leases parameter is omitted, only a single entry is allowed. Once the maximum number of entries has been reached, subsequent lease state entries are not allowed and subsequent DHCP ACK messages are discarded.

The retained lease state information representing dynamic hosts may be used to:

  • Populate a SAP based anti-spoof filter table to provide dynamic anti-spoof filtering. If the system is unable to populate the dynamic host information in the anti-spoof filter table on the SAP, the DHCP ACK message must be discarded without adding new lease state entry or updating an existing lease state entry.

  • Populate the system’s ARP cache based on the arp-populate configuration. Applicable to IES and VPRN interfaces or group-interfaces.

  • Populate managed entries into a VPLS forwarding database. VPLS forwarding database population is an implicit feature that automatically places the dynamic host’s MAC address into the VPLS FDB. When a dynamic host’s MAC address is placed in the lease state table, it will automatically be populated into the VPLS forwarding database associated with the SAP on which the host is learned. The dynamic host MAC address will override any static MAC entries using the same MAC and prevent dynamic learning of the MAC on another interface. Existing static MAC entries with the same MAC address as the dynamic host are marked as inactive but not deleted. If all entries in the lease state table associated with the MAC address are removed, the static MAC may be populated. New static MAC definitions for the VPLS instance may be created while a dynamic host exists associated with the static MAC address.

  • Generate dynamic ARP replies if arp-reply-agent is enabled. Applicable to VPLS service SAPs

The no form of this command reverts to the default.

Parameters

nbr-of-leases

Specifies the number of DHCPv4 leases allowed.

l2-header

Indicates a mode of operation where anti-spoof entry associated with the given DHCP state is created based on the src-mac address from the Layer 2 header of the DHCP request message. The Layer 2 header flag is not set by default. This parameter is only applicable for group interfaces.

mac

Specifies that the provisioned ieee-address is used in the anti-spoofing entries for this SAP. The parameter may be changed mid-session. Existing sessions will not be re-programmed unless a tools>perform>subscriber-mgmt>remap-lease-state command is issued for the lease. This parameter is only applicable for group interfaces.

Platforms

All

  • configure service vpls sap dhcp lease-populate
  • configure service vprn interface dhcp lease-populate
  • configure service ies interface dhcp lease-populate

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface dhcp lease-populate
  • configure service ies subscriber-interface group-interface dhcp lease-populate
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp lease-populate
  • configure service vprn subscriber-interface dhcp lease-populate

lease-populate

Syntax

lease-populate [nbr-of-leases]

lease-populate [nbr-of-leases] route-populate [pd] na [ta]

lease-populate [nbr-of-leases] route-populate pd [na] [ta] [exclude]

lease-populate [nbr-of-leases] route-populate [pd] [na] ta

no lease-populate

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-relay lease-populate)

Full Context

configure service ies interface ipv6 dhcp6-relay lease-populate

Description

This command specifies the maximum number of DHCPv6 lease states allocated by the DHCPv6 relay function, allowed on this interface.

Optionally, by specifying route-populate parameter, system could:

  • Create routes based on the IA_PD/IA_NA/IA_TA prefix option in relay-reply message.

  • Create black hole routes based on OPTION_PD_EXCLUDE in IA_PD in relay-reply message.

These routes could be redistributed into IGP/BGP by using route-policy, following protocol types that could be used in "from protocol”:

  • dhcpv6-pd

  • dhcpv6-na

  • dhcpv6-ta

  • dhcpv6-pd-excl

Parameters

nbr-of-leases

Defines the number lease state table entries allowed for this interface. If this parameter is omitted, only a single entry is allowed. Once the maximum number of entries has been reached, subsequent lease state entries are not allowed and subsequent DHCPv6 REPLY messages are discarded.

Values

1 to 8000

route-populate

Specifies the route populate parameter.

Values

pd/na/ta — Create route based on specified option.

exclude — Create blackhole route based on OPTION_PD_EXCLUDE.

Platforms

All

lease-populate

Syntax

lease-populate [nbr-of-leases]

lease-populate [nbr-of-leases] route-populate [pd] na [ta]

lease-populate [nbr-of-leases] route-populate pd [na] [ta] [exclude]

lease-populate [nbr-of-leases] route-populate [pd] [na] ta

no lease-populate

Context

[Tree] (config>service>ies>if>ipv6>dhcp-relay lease-populate)

Full Context

configure service ies interface ipv6 dhcp-relay lease-populate

Description

This command specifies the maximum number of DHCPv6 lease states allocated by the DHCPv6 relay function, allowed on this interface.

Optionally, by specifying "route-populate” parameter, system could:

  • Create routes based on the IA_PD/IA_NA/IA_TA prefix option in relay-reply message.

  • Create black hole routes based on OPTION_PD_EXCLUDE in IA_PD in relay-reply message.

These routes could be redistributed into IGP/BGP by using route-policy, following protocol types that could be used in "from protocol”:

  • dhcpv6-pd

  • dhcpv6-na

  • dhcpv6-ta

  • dhcpv6-pd-excl

Parameters

nbr-of-entries

Defines the number lease state table entries allowed for this interface. If this parameter is omitted, only a single entry is allowed. Once the maximum number of entries has been reached, subsequent lease state entries are not allowed and subsequent DHCPv6 ACK messages are discarded.

Values

1 to 8000

route-populate

Specifies the route populate parameter.

Values

pd/na/ta — Create route based on specified option.

exclude — Create blackhole route based on OPTION_PD_EXCLUDE.

lease-query

lease-query

Syntax

lease-query [max-retry Max nbr of retries]

no lease-query

Context

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client lease-query)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client lease-query)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client lease-query

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client lease-query

Description

This command enables lease-query. If this is specified the dhcp6-client will retrieve any existing addresses when becoming active. The lease-query is performed for all of the configured servers

The no form of this command disables lease-query.

Parameters

Max nbr of retries

Specifies the maximum number of retries before the lease query assumes no existing subnets were allocated.

Values

0 to 10

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

lease-rebind-time

lease-rebind-time

Syntax

lease-rebind-time [days days] [hrs hours] [min minutes] [sec seconds]

no lease-rebind-time

Context

[Tree] (config>service>vprn>dhcp>server>pool>options lease-rebind-time)

[Tree] (config>router>dhcp>server>pool>options lease-rebind-time)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options lease-rebind-time)

Full Context

configure service vprn dhcp local-dhcp-server pool options lease-rebind-time

configure router dhcp local-dhcp-server pool options lease-rebind-time

configure subscriber-mgmt local-user-db ipoe host options lease-rebind-time

Description

This command configures the time the client transitions to a rebinding state for a DHCP client.

The no form of this command removes the time from the configuration.

Parameters

lease-rebind-time

Specifies the lease rebind time.

Values

days:

0 to 3650

hours:

0 to 23

minutes:

0 to 59

seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lease-renew-time

lease-renew-time

Syntax

lease-renew-time [days days] [hrs hours] [min minutes] [sec seconds]

no lease-renew-time

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options lease-renew-time)

[Tree] (config>service>vprn>dhcp>server>pool>options lease-renew-time)

[Tree] (config>router>dhcp>server>pool>options lease-renew-time)

Full Context

configure subscriber-mgmt local-user-db ipoe host options lease-renew-time

configure service vprn dhcp local-dhcp-server pool options lease-renew-time

configure router dhcp local-dhcp-server pool options lease-renew-time

Description

This command configures the time the client transitions to a renew state for a DHCP client.

The no form of this command removes the time from the configuration.

Parameters

lease-renew-time

Specifies the lease renew time.

Values

days:

0 to 3650

hours:

0 to 23

minutes:

0 to 59

seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lease-time

lease-time

Syntax

lease-time [days days] [hrs hours] [min minutes] [sec seconds]

no lease-time

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options lease-time)

[Tree] (config>router>dhcp>server>pool>options lease-time)

[Tree] (config>service>vprn>dhcp>server>pool>options lease-time)

Full Context

configure subscriber-mgmt local-user-db ipoe host options lease-time

configure router dhcp local-dhcp-server pool options lease-time

configure service vprn dhcp local-dhcp-server pool options lease-time

Description

This command configures the amount of time that the DHCP server grants to the DHCP client permission to use a specific IP address.

The no form of this command removes the lease time parameters from the configuration.

Parameters

days

Specifies the number of days that the given IP address is valid.

Values

0 to 3650

hours

Specifies the number of hours that the given IP address is valid.

Values

0 to 23

minutes

Specifies the number of minutes that the given IP address is valid.

Values

0 to 59

seconds

Specifies the number of seconds that the given IP address is valid.

Values

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lease-time

Syntax

lease-time [days days] [hrs hours] [min minutes] [sec seconds] [override]

no lease-time

Context

[Tree] (config>service>vprn>if>dhcp>proxy lease-time)

[Tree] (config>service>vpls>sap>dhcp>proxy-server lease-time)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>proxy lease-time)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>proxy-server lease-time)

[Tree] (config>service>ies>if>dhcp>proxy-server lease-time)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>proxy-server lease-time)

Full Context

configure service vprn interface dhcp proxy-server lease-time

configure service vpls sap dhcp proxy-server lease-time

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server lease-time

configure service ies subscriber-interface group-interface dhcp proxy-server lease-time

configure service ies interface dhcp proxy-server lease-time

configure service vprn subscriber-interface group-interface dhcp proxy-server lease-time

Description

This command defines the length of lease-time that is provided to DHCP clients. By default, the local-proxy-server always makes use of the lease time information provide by either a RADIUS or DHCP server.

The no form of this command disables the use of the lease-time command. The local-proxy-server will use the lease-time offered by either a RADIUS or DHCP server.

Default

lease-time days 7

Parameters

override

Specifies that the local-proxy-server will use the configured lease-time information to provide DHCP clients

days

Specifies the number of days that the given IP address is valid.

Values

0 to 3650

hours

Specifies the number of hours that the given IP address is valid.

Values

0 to 23

minutes

Specifies the number of minutes that the given IP address is valid.

Values

0 to 59

seconds

Specifies the number of seconds that the given IP address is valid.

Values

0 to 59

Platforms

All

  • configure service vprn interface dhcp proxy-server lease-time
  • configure service vpls sap dhcp proxy-server lease-time
  • configure service ies interface dhcp proxy-server lease-time

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface dhcp proxy-server lease-time
  • configure service vprn subscriber-interface group-interface dhcp proxy-server lease-time
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server lease-time

lease-time

Syntax

lease-time [lease-time]

no lease-time

Context

[Tree] (config>service>ies>sub-if>grp-if>wpp lease-time)

[Tree] (config>service>vprn>sub-if>grp-if>wpp lease-time)

Full Context

configure service ies subscriber-interface group-interface wpp lease-time

configure service vprn subscriber-interface group-interface wpp lease-time

Description

This command configures the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address.

The no form of this command removes the lease time parameters from the configuration.

Parameters

lease-time

Specifies the lease time.

Values

days days

0 to 3650

hrs hours

0 to 23

min minutes

0 to 59

sec seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

lease-time

Syntax

lease-time seconds

lease-time [days <days>] [hrs <hrs>] [min <min>] [sec <sec>]

no lease-time

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile>dhcp-pool lease-time)

Full Context

configure subscriber-mgmt vrgw brg brg-profile dhcp-pool lease-time

Description

This command configures the lease time, in seconds, to be used when allocating addresses from the pool. This time value should always be longer than the renew/rebind time.

The no form of this command reverts to the default.

Default

lease-time hrs 6

Parameters

seconds

Specifies the lease time in seconds.

Values

300 to 315446399

days

Specifies the lease time in days.

Values

1 to 3650

hrs

Specifies the lease time in hours.

Values

1 to 23

min

Specifies the lease time in minutes.

Values

1 to 59

sec

Specifies the lease time in seconds.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

least-fill

least-fill

Syntax

[no] least-fill

Context

[Tree] (config>router>mpls>lsp-template least-fill)

[Tree] (config>router>mpls>lsp least-fill)

Full Context

configure router mpls lsp-template least-fill

configure router mpls lsp least-fill

Description

This command enables the use of the least-fill path selection method for the computation of the path of this LSP.

When MPLS requests the computation of a path for this LSP, CSPF will find all equal cost shortest paths which satisfy the constraints of this path. Then, CSPF identifies the single link in each of these paths which has the least available bandwidth as a percentage of its maximum reservable bandwidth. It then selects the path which has the largest value of this percentage least available bandwidth figure. CSPF identifies the least available bandwidth link in each equal cost path after it has accounted for the bandwidth of the new requested path of this LSP.

CSPF applies the least-fill path selection method to all requests for a path, primary and secondary, of an LSP for which this option is enabled. The bandwidth of the path can be any value, including zero.

CSPF applies the least-fill criterion separately to each preemption priority in the base TE. A higher setup priority path can preemptively lower holding priority paths.

CSPF also applies the least-fill criterion separately to each Diff-Serv TE class if Diff-Serv TE is enabled on this node. A higher setup priority path can preemptively lower holding priority paths within a Class Type.

MPLS will re-signal and move the LSP to the new path in the following cases:

  • Initial LSP path signaling.

  • Re-try of an LSP path after failure.

  • Make-before-break (MBB) due to pending soft preemption of the LSP path.

  • MBB due to LSP path configuration change, that is, a user change to bandwidth parameter of primary or secondary path, or a user enabling of fast-reroute option for the LSP.

  • MBB of secondary path due to an update to primary path SRLG.

  • MBB due to FRR Global Revertive procedures on the primary path.

  • Manual re-signaling of an LSP path or of all LSP paths by the user.

During a manual re-signaling of an LSP path, MPLS will always re-signal the path regardless of whether the new path is exactly the same or different than the current path and regardless of whether the metric of the new path is different or not from that of the current path.

During a timer-based re-signaling of an LSP path which has the least-fill option enabled, MPLS will only re-signal the path if the metric of the new path is different than the one of the current path.

The no form of this command deletes a specific node entry in this database.

Default

no least-fill. The path of an LSP is randomly chosen among a set of equal cost paths.

Platforms

All

least-fill-min-thd

least-fill-min-thd

Syntax

least-fill-min-thd percent

no least-fill-min-thd

Context

[Tree] (config>router>mpls least-fill-min-thd)

Full Context

configure router mpls least-fill-min-thd

Description

This parameter is used in the least-fill path selection process. When comparing the percentage of least available link bandwidth across the sorted paths, whenever two percentages differ by less than the value configured as the least-fill-min-thresh, CSPF will consider them equal and will apply a random number generator to select the path among these paths

The no form of this command resets this parameter to its default value.

Default

least-fill-min-thd 5

Parameters

percentage

Specifies the least fill minimum threshold value as a percentage.

Values

1 to 100%

Platforms

All

least-fill-reoptim-thd

least-fill-reoptim-thd

Syntax

least-fill-reoptim-thd percent

no least-fill-reoptim-thd

Context

[Tree] (config>router>mpls least-fill-reoptim-thd)

Full Context

configure router mpls least-fill-reoptim-thd

Description

This parameter is used in the least-fill path selection method. During a timer-based re-signaling of an LSP path which has the least-fill option enabled, CSPF will first update the least-available bandwidth figure for the current path of this LSP. It then applies the least-fill path selection method to select a new path for this LSP. If the new computed path has the same cost as the current path, it will compare the least-available bandwidth figures of the two paths and if the difference exceeds the user configured optimization threshold, MPLS will generate a trap to indicate that a better least-fill path is available for this LSP. This trap can be used by an external SNMP based device to trigger a manual re-signaling of the LSP path since the timer-based re-signaling will not re-signal the path in this case. MPLS will generate a path update trap at the first MBB event which results in the re-signaling of the LSP path. This should clear the eligibility status of the path at the SNMP device.

The no form of this command resets this parameter to its default value.

Default

least-fill-reoptim-thd 10

Parameters

percentage

Specifies the least fill reoptimization threshold value as a percentage.

Values

1 to 100%

Platforms

All

leave-all-sm

leave-all-sm

Syntax

[no] leave-all-sm

Context

[Tree] (debug>service>id>mrp leave-all-sm)

Full Context

debug service id mrp leave-all-sm

Description

This command enables debugging of the leave all state machine.

The no form of this command disables debugging of the leave all state machine.

Platforms

All

leave-all-time

leave-all-time

Syntax

leave-all-time value

no leave-all-time

Context

[Tree] (config>service>vpls>sap>mrp leave-all-time)

[Tree] (config>service>vpls>spoke-sdp>mrp leave-all-time)

[Tree] (config>service>vpls>mesh-sdp>mrp leave-all-time)

Full Context

configure service vpls sap mrp leave-all-time

configure service vpls spoke-sdp mrp leave-all-time

configure service vpls mesh-sdp mrp leave-all-time

Description

This command controls the frequency with which the LeaveAll state machine generates LeaveAll PDUs. The timer is required on a per-Port, per-MRP Participant basis. The Leave All Period Timer is set to a random value, T, in the range LeaveAllTime<T<1.5*leave-all-time when it is started. Refer to IEEE 802.1ak-2007 section 10.7.4.3.

Default

leave-all-time 100

Parameters

value

The frequency with which the LeaveAll state machine generates LeaveAll PDUs, in tenths of a second.

Values

60 to 300

Platforms

All

leave-time

leave-time

Syntax

leave-time value

no leave-time

Context

[Tree] (config>service>vpls>spoke-sdp>mrp leave-time)

[Tree] (config>service>vpls>mesh-sdp>mrp leave-time)

[Tree] (config>service>vpls>sap>mrp leave-time)

Full Context

configure service vpls spoke-sdp mrp leave-time

configure service vpls mesh-sdp mrp leave-time

configure service vpls sap mrp leave-time

Description

This command controls the period of time that the Registrar state machine will wait in the leave state before transitioning to the MT (Empty) state when it is removed. An instance of the timer is required for each state machine that is in the leave state. The leave period timer is set to the value specified for leave-time when it is started.

A registration is normally in an "in” state where there is an MFIB entry and traffic is being forwarded. When a "leave all” is performed (periodically around every 10-15 seconds per SAP/SDP binding - see leave-all-time-below), a node sends a message to its peer indicating a leave all is occurring and puts all of its registrations in leave state.

The peer refreshes its registrations based on the leave all PDU it receives and sends a PDU back to the originating node with the state of all its declarations.

Refer to IEEE 802.1ak-2007 section 10.7.4.2.

Default

leave-time 30

Parameters

value

The period of time that the Registrar state machine waits in the leave state before transitioning to the MT state, in tenths of a second.

Values

30 to 60

Platforms

All

legacy

legacy

Syntax

[no] legacy

Context

[Tree] (config>router>isis>te>application-link-attributes legacy)

Full Context

configure router isis traffic-engineering-options application-link-attributes legacy

Description

This command enables legacy mode of advertising TE attributes.

The no form of this command disables legacy mode, but enables the per-application TE attribute advertisement for RSVP-TE.

Default

legacy

Platforms

All

legacy-dns-nbns

legacy-dns-nbns

Syntax

[no] legacy-dns-nbns

Context

[Tree] (config>subscr-mgmt>sys-bhv legacy-dns-nbns)

Full Context

configure subscriber-mgmt system-behavior legacy-dns-nbns

Description

This command enables legacy DNS NBNS behavior, which restricts the supported default extended authentication origins for DNS and NBNS name servers. The main differences include:

  • only support DHCP server as origin for DHCP relay: IPoE DHCPv4/DHCPv6 and PPPoE DHCPv6

  • Local Address Assignment (LAA) is highest priority origin: IPoE and PPPoE SLAAC DNSv6 and PPPoE DNSv4

  • no default DNS for IPoE DHCPv4 proxy

The no form of this command reverts to the recommended default extended DNS and NBNS name server origin priorities.

Default

no legacy-dns-nbns

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

legacy-ipv4-lsr-interop

legacy-ipv4-lsr-interop

Syntax

[no] legacy-ipv4-lsr-interop

Context

[Tree] (config>router>ldp legacy-ipv4-lsr-interop)

Full Context

configure router ldp legacy-ipv4-lsr-interop

Description

This command provides for a global LDP knob to allow interoperability with legacy IPv4 LSR implementations which do not comply with the processing of Hello TLVs with the U-bit set. Specifically, this feature disables the following Hello TLVs:

  • The Nokia proprietary Interface Info TLV (0x3E05) in the Hello message sent to the peer. This also results in the non-generation of the Nokia proprietary Hello Adjacency Status TLV (0x3E06) since the Interface Info TLV is not sent.

    This is performed in SR OS releases 12 and higher.

  • The RFC 7552 standard dual-stack capability TLV (0x701) and the Nokia proprietary Adjacency capability TLV (0x3E07) in SR OS releases 13 and higher.

Platforms

All

length

length

Syntax

length {133 | 266 | 399 | 533 | 655}

Context

[Tree] (config>port>tdm length)

Full Context

configure port tdm length

Description

This command applies only to a DS-1 port configured with a 'short' buildout. The length command configures the length of the line (in feet). For line lengths longer than 655 feet, configure the DS-1 port buildout as 'long'.

For 'long' buildout the following values are valid:

NotApplicable — Not applicable

For 'short' buildout the following values are valid:

  • 0 to 133 For line length from 0 to 133 feet

  • 134 to 266 For line length from 134 to 266 feet

  • 267 to 399 For line length from 267 to 399 feet

  • 400 to 533 For line length from 400 to 533 feet

  • 534 to 655 For line length from 534 to 655 feet

The default for 'long' buildout is 'NotApplicable' while the default for 'short' buildout is '0 to 133'.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

length

Syntax

length lines

Context

[Tree] (environment>terminal length)

Full Context

environment terminal length

Description

This command sets the number of lines on a screen.

Parameters

lines

Specifies the number of lines for the terminal screen length, expressed as a decimal integer.

Values

1 to 512

Default

24 — terminal dimensions are set to 24 lines long by 80 characters wide

Platforms

All

length

Syntax

length lines

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>console length)

Full Context

configure system management-interface cli md-cli environment console length

Description

This command configures the set number of lines displayed on the console.

Default

length 24

Parameters

lines

Specifies the number of lines displayed in the console window.

Values

24 to 512

Platforms

All

length-field

length-field

Syntax

[no] length-field

Context

[Tree] (config>test-oam>icmp>ipv6 length-field)

Full Context

configure test-oam icmp ipv6 length-field

Description

This command enables the setting of the length field when building an RFC 4884, Extended ICMP to Support Multi-Part Messages, ICMPv6 Destination Unreachable message or ICMPv6 Time Exceeded message.

The no form of this command disables the length field modification.

Default

no length-field

Platforms

All

ler-use-dscp

ler-use-dscp

Syntax

[no] ler-use-dscp

Context

[Tree] (config>qos>network>ingress ler-use-dscp)

Full Context

configure qos network ingress ler-use-dscp

Description

This command is used to enable tunnel QoS mapping on all ingress network IP interfaces that the network-qos-policy-id is associated with. The command may be defined at any time after the network QoS policy has been created. Any network IP interfaces currently associated with the policy will immediately start to use the internal IP ToS field of any tunnel terminated IP routed packet received on the interface, ignoring any QoS markings in the tunnel portion of the packet.

This attribute provides the ability to ignore the network ingress QoS mapping of a terminated tunnel containing an IP packet that is to be routed to a base router or VPRN destination. This is advantageous when the mapping for the tunnel QoS marking does not accurately or completely reflect the required QoS handling for the IP routed packet. When the mechanism is enabled on an ingress network IP interface, the IP interface will ignore the tunnel’s QoS mapping and derive the internal forwarding class and profile based on the precedence or DiffServ Code Point (DSCP) values within the routed IP header ToS field compared to the Network QoS policy defined on the IP interface.

The default state is not to enforce tunnel termination IP routed QoS override within the network QoS policy.

The no form of this command removes tunnel termination IP routed QoS override from the network QoS policy and all ingress network IP interfaces associated with the policy.

Default

no ler-use-dscp

Platforms

All

less-specific

less-specific

Syntax

less-specific [allow-default]

no less-specific

Context

[Tree] (config>vrrp>policy>priority-event>route-unknown less-specific)

Full Context

configure vrrp policy priority-event route-unknown less-specific

Description

This command allows a CIDR shortest match hit on a route prefix that contains the IP route prefix associated with the route unknown priority event.

The less-specific command modifies the search parameters for the IP route prefix specified in the route-unknown priority event. Specifying less-specific allows a CIDR shortest match hit on a route prefix that contains the IP route prefix.

The less-specific command eases the RTM lookup criteria when searching for the prefix/mask-length. When the route-unknown priority event sends the prefix to the RTM (as if it was a destination lookup), the result route table prefix (if a result is found) is checked to see if it is an exact match or a less specific match. The less-specific command enables a less specific route table prefix to match the configured prefix. When less-specific is not specified, a less specific route table prefix fails to match the configured prefix. The allow-default optional parameter extends the less-specific match to include the default route (0.0.0.0).

The no form of the command prevents RTM lookup results that are less specific than the route prefix from matching.

Default

no less-specific — The route unknown priority events requires an exact prefix/mask match.

Parameters

allow-default

When the allow-default parameter is specified with the less-specific command, an RTM return of 0.0.0.0 matches the IP prefix. If less-specific is entered without the allow-default parameter, a return of 0.0.0.0 will not match the IP prefix. To disable allow-default, but continue to allow less-specific match operation, only enter the less-specific command (without the allow-default parameter).

Platforms

All

level

level

Syntax

level level-id bw bandwidth

no level level-id

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac>mc-constraints level)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac mc-constraints level

Description

This command configures levels and their associated bandwidth for multicast CAC policy on an interface.

The no form of this command reverts to the default.

Parameters

level-id

Specifies has an entry for each multicast CAC policy constraint level configured on a system.

Values

1 to 8

bandwidth

Specifies the bandwidth in kilobits per second (kb/s) for the level.

Values

1 to 2147483647

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

level

Syntax

level priority-level rate pir-rate [cir cir-rate]

level priority-level percent-rate pir-percent [percent-cir cir-percent]

no level priority-level

Context

[Tree] (config>port>tdm>e3>egr-scheduler-override level)

[Tree] (config>port>ethernet>egr-scheduler-override level)

[Tree] (config>port>tdm>ds1>channel-group>egr-scheduler-override level)

[Tree] (config>port>tdm>ds3>egr-scheduler-override level)

[Tree] (config>port>tdm>e1>egr-scheduler-override level)

[Tree] (config>port>sonet-sdh>path>egr-scheduler-override level)

Full Context

configure port tdm e3 egress-scheduler-override level

configure port ethernet egress-scheduler-override level

configure port tdm ds1 channel-group egress-scheduler-override level

configure port tdm ds3 egress-scheduler-override level

configure port tdm e1 egress-scheduler-override level

configure port sonet-sdh path egress-scheduler-override level

Description

This command overrides the maximum and CIR rate parameters for a specific priority level on the port or channel’s port scheduler instance. When the level command is executed for a priority level, the corresponding priority level command in the port-scheduler-policy associated with the port is ignored.

The override level command supports the keyword max for the rate and cir parameter. When executing the level override command, at least the rate or cir keywords and associated parameters must be specified for the command to succeed.

The no form of this command removes the local port priority level rate overrides. Once removed, the port priority level will use the port scheduler policies level command for that priority level.

Parameters

priority-level

Identifies which of the eight port priority levels are being overridden.

Values

1 to 8

pir-rate

Overrides the port scheduler policy’s maximum level rate and requires either the max keyword or a rate defined in kilobits per second to follow.

Values

For Ethernet: 1 to 6400000000, max

For SONET-SDH and TDM: 1 to 3200000000, max

cir-rate

Overrides the port scheduler policy’s within-cir level rate and requires either the max keyword or a rate defined in kilobits per second to follow.

Values

For Ethernet: 1 to 6400000000, max

For SONET-SDH and TDM: 1 to 3200000000, max

pir-percent

Specifies the PIR as a percentage.

Values

0.01 to 100.00

cir-percent

Specifies the CIR as a percentage.

Values

0.00 to 100.00

max

removes any existing rate limit imposed by the port scheduler policy for the priority level allowing it to use as much total bandwidth as possible.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm e3 egress-scheduler-override level
  • configure port tdm ds3 egress-scheduler-override level
  • configure port tdm ds1 channel-group egress-scheduler-override level

All

  • configure port ethernet egress-scheduler-override level

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path egress-scheduler-override level

level

Syntax

level level-number

Context

[Tree] (config>service>vpls>spb level)

Full Context

configure service vpls spb level

Description

This command creates the context to configure SPB Level 1 or Level 2 area attributes. This is IS-IS levels. Only Level 1 can be configured.

A Level 1 adjacency can be established only with other Level 1 B-VPLS. A Level 2 adjacency can be established only with other Level 2 B-VPLS. Currently there is no support for level 1 and level 2 in the same instance of SPB.

Default

level 1

Parameters

level-number

The SPB level number.

Values

1, 2

Platforms

All

level

Syntax

level [1 to 1]

Context

[Tree] (config>service>vpls>spb level)

[Tree] (config>service>vpls>spoke-sdp>spb level)

[Tree] (config>service>vpls>sap>spb level)

Full Context

configure service vpls spb level

configure service vpls spoke-sdp spb level

configure service vpls sap spb level

Description

Commands in this context configure SPB level information.

Platforms

All

level

Syntax

level level-id bw bandwidth

no level level-id

Context

[Tree] (config>service>vpls>sap>mld-snooping>mcac>mc-constraints level)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac>mc-constraints level)

Full Context

configure service vpls sap mld-snooping mcac mc-constraints level

configure service vpls sap igmp-snooping mcac mc-constraints level

Description

This command configures levels and their associated bandwidth for multicast CAC policy on this interface.

Parameters

level-id

Specifies has an entry for each multicast CAC policy constraint level configured on this system

Values

1 to 8

bandwidth

Specifies the bandwidth in kilobits per second (kb/s) for the level.

Values

1 to 2147483647

Platforms

All

level

Syntax

level level-id bw bandwidth

no level level-id

Context

[Tree] (config>service>vprn>pim>if>mcac>mc-constraints level)

[Tree] (config>service>vprn>igmp>if>mcac>mc-constraints level)

[Tree] (config>service>vprn>mld>if>mcac>mc-constraints level)

Full Context

configure service vprn pim interface mcac mc-constraints level

configure service vprn igmp interface mcac mc-constraints level

configure service vprn mld interface mcac mc-constraints level

Description

This command configures interface levels and associated bandwidth for multicast CAC policy.

The no form of this command removes the values from the configuration.

Parameters

level-id

Specifies an entry for the multicast CAC policy constraint level configured on this system.

Values

1 to 8

bandwidth

Specifies the bandwidth in kb/s for the level.

Values

1 to 2147483647

Platforms

All

level

Syntax

level level-number

Context

[Tree] (config>service>vprn>isis>if level)

[Tree] (config>service>vprn>isis>link-group level)

[Tree] (config>service>vprn>isis level)

Full Context

configure service vprn isis interface level

configure service vprn isis link-group level

configure service vprn isis level

Description

This command creates the context to configure IS-IS Level 1 or Level 2 area attributes.

A router can be configured as a Level 1, Level 2, or Level 1/2 system. A Level 1 adjacency can be established if there is at least one area address shared by this router and a neighbor. A Level 2 adjacency cannot be established over this interface.

Level 1/2 adjacency is created if the neighbor is also configured as Level 1/2 router and has at least one area address in common. A Level 2 adjacency is established if there are no common area IDs.

A Level 2 adjacency is established if another router is configured as Level 2 or a Level 1/2 router with interfaces configured as Level 1/2 or Level 2. Level 1 adjacencies are not established over this interface.

To reset global and/or interface level parameters to the default, the following commands must be entered independently:

  • level>no hello-authentication-key

  • level>no hello-authentication-type

  • level>no hello-interval

  • level>no hello-multiplier

  • level>no metric

  • level>no passive

  • level>no priority

Default

level 1 or level 2

Parameters

level-number

The IS-IS level number.

Values

1, 2

Platforms

All

level

Syntax

level syslog-level

Context

[Tree] (config>service>vprn>log>syslog level)

Full Context

configure service vprn log syslog level

Description

This command configures the syslog message severity level threshold. All messages with severity level equal to or higher than the threshold are sent to the syslog target host.

Only a single threshold level can be specified. If multiple levels are entered, the last level entered will overwrite the previously entered commands.

Default

level info

Parameters

syslog-level

The threshold severity level name.

Values

emergency, alert, critical, error, warning, notice, info, debug

Router severity level

Numerical Severity (highest to lowest)

Configured Severity

Definition

0

emergency

system is unusable

3

1

alert

action must be taken immediately

4

2

critical

critical condition

5

3

error

error condition

6

4

warning

warning condition

5

notice

normal but significant condition

1 cleared 2 indeterminate

6

info

informational messages

7

debug

debug-level messages

Platforms

All

level

Syntax

level level bw bandwidth

no level level

Context

[Tree] (config>router>mcac>policy>bundle>mc-constraints level)

[Tree] (config>router>igmp>interface>mcac>mc-constraints level)

[Tree] (config>router>pim>interface>mcac>mc-constraints level)

[Tree] (config>router>mld>interface>mcac>mc-constraints level)

Full Context

configure router mcac policy bundle mc-constraints level

configure router igmp interface mcac mc-constraints level

configure router pim interface mcac mc-constraints level

configure router mld interface mcac mc-constraints level

Description

This command configures the amount of bandwidth available within a given bundle for MC traffic for a specified level. The amount of allowable BW for the specified level is expressed in kb/s and this can be defined for up to eight different levels.

If no bandwidth is defined for a given level then no limit is applied.

The no form of this command removes the level from the configuration.

Parameters

level

Specifies the bandwidth for a given level. Level 1 has the highest priority. Level 8 has the lowest priority.

Values

1 to 8

bw bandwidth

Specifies the bandwidth, in kb/s, for the level.

Values

1 to 2147483647 kb/s

Default

1

Platforms

All

level

Syntax

level priority-level rate pir-rate [cir cir-rate] group name [weight weight] [monitor-threshold percent]

level priority-level percent-rate pir-percent [percent-cir cir-percent] group name [weight weight] [monitor-threshold percent]

level priority-level rate pir-rate [cir cir-rate] [monitor-threshold percent]

level priority-level percent-rate pir-percent [percent-cir cir-percent] [monitor-threshold percent]

no level priority-level

Context

[Tree] (config>qos>port-scheduler-policy level)

Full Context

configure qos port-scheduler-policy level

Description

This command configures an explicit within-CIR bandwidth limit and a total bandwidth limit for each port scheduler’s priority level. To understand how to set the level rate and CIR parameters, a basic understanding of the port-level scheduler bandwidth allocation mechanism is required. The port scheduler takes all available bandwidth for the port or channel (after the max-rate and any port egress-rate limits have been accounted for) and offers it to each of the eight priority levels twice.

The first pass is called the within-CIR pass and consists of providing the available port bandwidth to each of the 8 priority levels, starting with level 8 and moving down to level 1. Each level takes the offered load and distributes it to all child members that have a port-parent cir-level equal to the current priority level. (Any child with a cir-weight equal to 0 is skipped in this pass.) Each child may consume bandwidth up to the child’s frame-based within-CIR offered load. The remaining available port bandwidth is then offered to the next lower priority level until level 1 is reached.

The second pass is called the above-CIR pass and consists of providing the remaining available port bandwidth to each of the eight priority levels a second time. Again, each level takes the offered load and distributes it to all child members that have a port-parent level equal to the current priority level. Each child may consume bandwidth up to the remainder of the child’s frame-based offered load (some of the offered load may have been serviced during the within-CIR pass). The remaining available port bandwidth is then offered to the next priority level until level 1 is again reached.

If the port scheduling policy is using the default orphan behavior (orphan-override has not been configured on the policy), the system then takes any remaining port bandwidth and allocates it to the orphan queues and scheduler on priority level 1. In a non-override orphan state, all orphans are attached to priority level 1 using a weight of 0. The zero weight value causes the system to allocate bandwidth equally to all orphans based on each orphan queue or scheduler’s ability to use the bandwidth. If the policy has an orphan-override configured, the orphans are handled based on the override commands parameters in a similar fashion to properly parented queues and schedulers.

The port scheduler priority level command rate keyword is used to optionally limit the total amount of bandwidth that is allocated to a priority level (total for the within-CIR and above-CIR passes). The cir keyword optionally limits the first pass bandwidth allocated to the priority level during the within-CIR pass.

When executing the level command, at least one of the optional keywords, rate or cir, must be specified. If neither keyword is included, the command will fail.

If a previous explicit value for rate or cir exists when the level command is executed, and either rate or cir is omitted, the previous value for the parameter is overwritten by the default value and the previous value is lost.

The configured priority level rate limits may be overridden at the egress port or channel using the egress-scheduler-override level priority-level command. When a scheduler instance has an override defined for a priority level, both the rate and cir values are overridden even when one of them is not explicitly expressed in the override command. For instance, if the cir kilobits per second portion of the override is not expressed, the scheduler instance defaults to not having a CIR rate limit for the priority level even when the port scheduler policy has an explicit CIR limit defined.

The no form of this command returns the level to its default value.

Default

no level priority-level

Parameters

priority-level

Specifies to which priority level the level command pertains. Each of the eight levels is represented by an integer value of 1 to 8, with 8 being the highest priority level.

Values

1 to 8 (8 is the highest priority)

pir-rate

Specifies the total bandwidth limits allocated to priority-level, in kilobits per second.

Values

1 to 6400000000, max

pir-percent

Specifies the percent bandwidth limits allocated to priority-level.

Values

0.01 to 100.00

cir-rate

The cir specified limits the total bandwidth allocated in the within-CIR distribution pass to priority-level. When cir is not specified, all the available port or channel bandwidth may be allocated to the specified priority level during the within-CIR pass.

Values

0 to 6400000000, max

The value given for kilobits per second is expressed in kilobits per second on a base 10 scale as is usual for line rate calculations. If a value of 1 is given, the result is 1000 bits per second (as opposed to a base 2 interpretation that would be 1024 bits per second).

cir-percent

Specifies the percent bandwidth limits allocated to priority-level.

Values

0.00 to 100.00

group name

specifies the existing group that the weighted scheduler group this level maps to, up to 32 characters.

weight

Specifies the weight of the level within this weighted scheduler group.

Values

1 to 100

Default

1

monitor-threshold percent

Specifies the percent of the configured rate. If the offered rate exceeds the configured threshold, a counter monitoring the threshold will be increased.

Values

0 to 100

Platforms

All

level

Syntax

level syslog-level

no level

Context

[Tree] (config>log>syslog level)

Full Context

configure log syslog level

Description

This command configures the syslog message severity level threshold. All messages with severity level equal to or higher than the threshold are sent to the syslog target host.

Only a single threshold level can be specified. If multiple levels are entered, the last level entered will overwrite the previously entered commands.

The no form of this command reverts to the default value.

Default

level info

Parameters

value

Specifies the threshold severity level name.

Values

emergency, alert, critical, error, warning, notice, info, debug

Table 3. Level Parameter Value Descriptions

Router severity level

Numerical Severity (highest to lowest)

Configured Severity

Definition

0

emergency

system is unusable

3

1

alert

action must be taken immediately

4

2

critical

critical condition

5

3

error

error condition

6

4

warning

warning condition

5

notice

normal but significant condition

1 cleared 2 indeterminate

6

info

informational messages

7

debug

debug-level messages

Platforms

All

level

Syntax

level {1 | 2}

Context

[Tree] (config>router>isis level)

[Tree] (config>router>isis>interface level)

Full Context

configure router isis level

configure router isis interface level

Description

This command creates the context to configure IS-IS Level 1 or Level 2 area attributes.

A router can be configured as a Level 1, Level 2, or Level 1/2 system. A Level 1 adjacency can be established if there is at least one area address shared by this router and a neighbor. A Level 2 adjacency cannot be established over this interface.

Level 1/2 adjacency is created if the neighbor is also configured as Level 1/2 router and has at least one area address in common. A Level 2 adjacency is established if there are no common area IDs.

A Level 2 adjacency is established if another router is configured as Level 2 or a Level 1/2 router with interfaces configured as Level 1/2 or Level 2. Level 1 adjacencies are not established over this interface.

To reset global and/or interface level parameters to the default, the following commands must be entered independently:

— level>no hello-authentication-key
    — level>no hello-authentication-type
    — level>no hello-interval
    — level>no hello-multiplier 
    — level>no metric
    — level>no passive
    — level>no priority 

Default

level 1 or level 2

Parameters

1

Specifies the IS-IS operational characteristics of the interface at level 1.

2

Specifies the IS-IS operational characteristics of the interface at level 2.

Platforms

All

level

Syntax

level level-number

Context

[Tree] (config>router>isis>srv6>locator level)

Full Context

configure router isis segment-routing-v6 locator level

Description

Commands in this context configure the ISIS level attributes of the SRv6 locator.

Parameters

level-number

Specifies the IS-IS level number.

Values

1, 2

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

level

Syntax

level level-number

Context

[Tree] (config>router>isis>srv6>msloc level)

Full Context

configure router isis segment-routing-v6 micro-segment-locator level

Description

Commands in this context configure the IS-IS level attributes of the SRv6 micro-segment locator.

Parameters

level-number

Specifies the IS-IS level number.

Values

1, 2

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

level

Syntax

level {1 | 2}

no level

Context

[Tree] (config>router>policy-options>policy-statement>entry>to level)

[Tree] (config>router>policy-options>policy-statement>entry>from level)

Full Context

configure router policy-options policy-statement entry to level

configure router policy-options policy-statement entry from level

Description

This command specifies the ISIS route level as a match criterion for the entry.

Default

no level

Parameters

1 | 2

Matches the IS-IS route learned from level 1 or level 2.

Platforms

All

level-capability

level-capability

Syntax

level-capability {level-1 | level-2 | level-1/2}

no level-capability

Context

[Tree] (config>service>vprn>isis level-capability)

[Tree] (config>service>vprn>isis>if level-capability)

Full Context

configure service vprn isis level-capability

configure service vprn isis interface level-capability

Description

This command configures the routing level for an instance of the IS-IS routing process.

An IS-IS router and an IS-IS interface can operate at Level 1, Level 2 or both Level 1 and 2.

Potential Adjacency Capabilities displays configuration combinations and the potential adjacencies that can be formed.

Table 4. Potential Adjacency Capabilities

Global Level

Interface Level

Potential Adjacency

L 1/2

L 1/2

Level 1 and/or Level 2

L 1/2

L 1

Level 1 only

L 1/2

L 2

Level 2 only

L 2

L 1/2

Level 2 only

L 2

L 2

Level 2 only

L 2

L 1

none

L 1

L 1/2

Level 1 only

L 1

L 2

none

L 1

L 1

Level 1 only

The no form of this command removes the level capability from the configuration.

Default

level-capability level-1/2

Parameters

level-1

Specifies the router/interface can operate at Level 1 only.

level-2

Specifies the router/interface can operate at Level 2 only.

level-1/2

Specifies the router/interface can operate at both Level 1 and Level 2.

Platforms

All

level-capability

Syntax

level-capability {level-1 | level-2 | level-1/2}

no level-capability

Context

[Tree] (config>router>isis>interface level-capability)

[Tree] (config>router>isis level-capability)

Full Context

configure router isis interface level-capability

configure router isis level-capability

Description

This command configures the routing level for an instance of the IS-IS routing process.

An IS-IS router and an IS-IS interface can operate at Level 1, Level 2 or both Level 1 and 2.

Potential Adjacency displays configuration combinations and the potential adjacencies that can be formed.

Table 5. Potential Adjacency

Global Level

Interface Level

Potential Adjacency

L 1/2

L 1/2

Level 1 and/or Level 2

L 1/2

L 1

Level 1 only

L 1/2

L 2

Level 2 only

L 2

L 1/2

Level 2 only

L 2

L 2

Level 2 only

L 2

L 1

L 1

L 1/2

Level 1 only

L 1

L 2

L 1

L 1

Level 1 only

The no form of this command removes the level capability from the configuration.

Default

level-capability level-1/2

Parameters

level-1

Specifies the router/interface can operate at Level 1only.

level-2

Specifies the router/interface can operate at Level 2 only.

level-1/2

Specifies the router/interface can operate at both Level 1 and Level 2.

Platforms

All

level-capability

Syntax

level-capability {level-1 | level-2 | level-1/2}

no level-capability

Context

[Tree] (config>router>isis>srv6>locator level-capability)

Full Context

configure router isis segment-routing-v6 locator level-capability

Description

This command configures the ISIS routing level scope of a SRv6 locator. An SRv6 locator can be advertised at level 1 only, level 2 only, or both level 1 and level 2.

The no form of this command reverts to the default value.

Default

level-capability level-1/2

Parameters

level-1

Specifies the SRv6 locator is advertised at level 1 only.

level-2

Specifies the SRv6 locator is advertised at level 2 only.

level-1/2

Specifies the SRv6 locator is advertised at both level 1 and level 2.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

level-capability

Syntax

level-capability {level-1 | level-2 | level-1/2}

no level-capability

Context

[Tree] (config>router>isis>srv6>msloc level-capability)

Full Context

configure router isis segment-routing-v6 micro-segment-locator level-capability

Description

This command configures the ISIS routing level scope of a SRv6 locator. An SRv6 micro-segment locator can be advertised at level 1 only, level 2 only, or both level 1 and level 2.

The no form of this command reverts to the default value.

Default

level-capability level-1/2

Parameters

level-1

Specifies the SRv6 micro-segment locator is advertised at level 1 only.

level-2

Specifies the SRv6 micro-segment locator is advertised at level 2 only.

level-1/2

Specifies the SRv6 micro-segment locator is advertised at both level 1 and level 2.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

lfa-policy-map

lfa-policy-map

Syntax

lfa-policy-map route-nh-template template-name

no lfa-policy-map

Context

[Tree] (config>service>vprn>isis>if lfa-policy-map)

Full Context

configure service vprn isis interface lfa-policy-map

Description

This command applies a route next-hop policy template to the IS-IS interface for the VPRN instance.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it will result in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Parameters

template-name

Specifies the name of the template, up to 32 characters.

Platforms

All

lfa-policy-map

Syntax

lfa-policy-map route-nh-template template-name

no lfa-policy-map

Context

[Tree] (config>service>vprn>ospf3>area>if lfa-policy-map)

[Tree] (config>router>ospf3>area>if lfa-policy-map)

[Tree] (config>router>isis>if lfa-policy-map)

[Tree] (config>service>vprn>ospf>area>if lfa-policy-map)

[Tree] (config>router>ospf>area>if lfa-policy-map)

Full Context

configure service vprn ospf3 area interface lfa-policy-map

configure router ospf3 area interface lfa-policy-map

configure router isis interface lfa-policy-map

configure service vprn ospf area interface lfa-policy-map

configure router ospf area interface lfa-policy-map

Description

This command applies a route next-hop policy template to an OSPF or IS-IS interface.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it results in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Default

no lfa-policy-map

Parameters

template-name

Specifies the name of the template, up to 32 characters.

Platforms

All

li

li

Syntax

li

Context

[Tree] (config li)

Full Context

configure li

Description

Commands in this context configure lawful intercept (LI) parameters.

Platforms

All

li

Syntax

[no] li

Context

[Tree] (config>system>security>profile li)

Full Context

configure system security profile li

Description

This command enables the Lawful Intercept (LI) profile identifier.

The no form of this command disables the LI profile identifier.

Platforms

All

li-filter

li-filter

Syntax

li-filter

Context

[Tree] (config>li li-filter)

Full Context

configure li li-filter

Description

Commands in this context configure the li-filter branch to create LI filter lists and entries.

Platforms

All

li-filter-associations

li-filter-associations

Syntax

li-filter-associations

Context

[Tree] (config>li li-filter-associations)

Full Context

configure li li-filter-associations

Description

Commands in this context configure the LI filter associations entries that are inserted into normal filters.

Platforms

All

li-filter-block-reservation

li-filter-block-reservation

Syntax

li-filter-block-reservation

Context

[Tree] (config>li li-filter-block-reservation)

Full Context

configure li li-filter-block-reservation

Description

This command enable the LI filter block reservation branch to configure lawful intercept filter reservations.

Platforms

All

li-filter-lock-state

li-filter-lock-state

Syntax

li-filter-lock-state {locked | unlocked-for-li-users | unlocked-for-all-users}

no li-filter-lock-state

Context

[Tree] (config>li li-filter-lock-state)

Full Context

configure li li-filter-lock-state

Description

This command configures the lock state of the filters used by LI. With the configurable filter lock for LI feature an LI user can control the behavior of filters when they are used for LI.

Prior to Release 12.0.R1, when a filter entry was used as a Lawful Intercept (LI) mirror source criteria, all subsequent attempts to modify the filter were then blocked to avoid having the LI session impacted by a non-LI user.

The no form of this command reverts to the default.

Default

li-filter-lock-state locked

Parameters

locked

When an li-source criteria is configured that references any entry of filter Y, then filter Y can no longer be changed (until there are no longer any li-source references to entries of filter Y).

unlocked-for-li-users

Filters can continue to be edited by LI users only even when an li-source references an entry in that filter.

unlocked-for-all-users

Filters can continue to be edited by all users even when an li-source references an entry in that filter.

Platforms

All

li-group

li-group

Syntax

li-group isa-group-id

no li-group

Context

[Tree] (config>li>x-interfaces>x3 li-group)

Full Context

configure li x-interfaces x3 li-group

Description

This command configures the ISA group used for the X3 interface.

The no form of this command reverts to the default.

Parameters

isa-group-id

Specifies the ISA group ID.

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

li-ip-filter

li-ip-filter

Syntax

li-ip-filter li-filter-name [create]

no li-ip-filter li-filter-name

Context

[Tree] (config>li>li-filter li-ip-filter)

Full Context

configure li li-filter li-ip-filter

Description

This command creates a Lawful Interception (LI) IPv4 filter list, or enters the CLI context for a LI IPv4 filter list. LI IPv4 filters are used as a manner to create confidential IPv4 filter based li-source entries. The LI IPv4 filter entries are inserted/merged into normal IPv4 filters as configured with the li-filter-associations and li-filter-block-reservation commands, but the LI IPv4 filter entries are not visible to users without LI permissions.

The no form of this command removes the LI IPv4 filter name from the configuration.

Parameters

li-filter-name

Specifies the name of the IPv4 address filter. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

li-ip-filter

Syntax

[no] li-ip-filter li-filter-name

Context

[Tree] (config>li>li-filter-assoc li-ip-filter)

Full Context

configure li li-filter-associations li-ip-filter

Description

Specifies the li-ip-filter that will have its entries inserted into a list of normal IP filters.

The no form of this command removes the LI filter name from the configuration.

Parameters

li-filter-name

Specifies an existing li-ip-filter, up to 32 characters.

Platforms

All

li-ip-filter

Syntax

li-ip-filter li-filter-name entry li-entry-id [li-entry-id] [intercept-id intercept-id [intercept-id]] [session-id session-id [session-id]]

no li-ip-filter li-filter-name [entry li-entry-id [li-entry-id]]

Context

[Tree] (config>li>li-source li-ip-filter)

Full Context

configure li li-source li-ip-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing LI IP filter that has been associated with a normal IP filter. The specification of an li-ip-filter entry as an li-source means that packets matching the li-ip-filter entry will be intercepted on all interfaces/saps/and so on where the associated normal ip-filter(s) are applied.

Parameters

li-filter-name

Specifies the name of the li-ip-filter, up to 32 characters.

li-entry-id

Specifies the entry ID in the li-ip-filter that is to be used as an li-source criteria.

Values

1 to 65535

intercept-id

Specifies the intercept-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept ID can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept ID is inserted and none can be specified against the li-source entries.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap (config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session-id is inserted and none can be specified against the li-source entries.

Platforms

All

li-ipv6-filter

li-ipv6-filter

Syntax

li-ipv6-filter li-filter-name [create]

no li-ipv6-filter li-filter-name

Context

[Tree] (config>li>li-filter li-ipv6-filter)

Full Context

configure li li-filter li-ipv6-filter

Description

This command creates a Lawful Interception (LI) IPv6 filter list, or enters the CLI context for a LI IPv6 filter list. LI IPv6 filters are used as a manner to create confidential IPv6 filter based li-source entries. The LI IPv6 filter entries are inserted or merged into normal IPv6 filters as configured with the li-filter-associations and li-filter-block-reservation commands, but the LI IPv6 filter entries are not visible to users without LI permissions.

The no form of this command removes the LI IPv6 filter name from the configuration.

Parameters

li-filter-name

Specifies the name of the IPv6 address filter. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

create

creates a LI IPv6 filter.

Platforms

All

li-ipv6-filter

Syntax

[no] li-ipv6-filter li-filter-name

Context

[Tree] (config>li>li-filter-assoc li-ipv6-filter)

Full Context

configure li li-filter-associations li-ipv6-filter

Description

This command specifies the li-ipv6-filter that will have its entries inserted into a list of normal IPv6 filters.

The no form of this command removes the filter name from the configuration.

Parameters

li-filter-name

Specifies an existing li-ipv6-filter up to 32 characters.

Platforms

All

li-ipv6-filter

Syntax

li-ipv6-filter li-filter-name entry li-entry-id [li-entry-id] [intercept-id intercept-id [intercept-id]] [session-id session-id [session-id]]

no li-ipv6-filter li-filter-name [entry li-entry-id [li-entry-id]]

Context

[Tree] (config>li>li-source li-ipv6-filter)

Full Context

configure li li-source li-ipv6-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing LI IPv6 filter that has been associated with a normal IPv6 filter. The specification of an li-ipv6-filter entry as an li-source means that packets matching the li-ipv6-filter entry will be intercepted on all interfaces/saps/and so on, where the associated normal ip-filter(s) are applied.

Parameters

li-filter-name

Specifies the name of the li-ipv6-filter up to 32 characters.

li-entry-id

Specifies the entry ID in the li-ipv6-filter that is to be used as an LI source criteria.

Values

1 to 65535

intercept-id

Specifies the intercept ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encapsulation) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept ID is inserted and none can be specified against the LI source entries.

session-id

Specifies the session ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example, by a downstream LI gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap (config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session ID configured for an li-source entry, then the default value is inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session ID is inserted and none can be specified against the li-source entries.

Platforms

All

li-local-save

li-local-save

Syntax

[no] li-local-save

Context

[Tree] (bof li-local-save)

Full Context

bof li-local-save

Description

This command specifies whether or not lawful intercept (LI) configuration is allowed to be saved to a local file. Modifying this command will not take effect until the system is rebooted.

Default

li-local-save

Platforms

All

li-mac-filter

li-mac-filter

Syntax

li-mac-filter li-filter-name [create]

no li-mac-filter li-filter-name

Context

[Tree] (config>li>li-filter li-mac-filter)

Full Context

configure li li-filter li-mac-filter

Description

This command creates a Lawful Interception (LI) MAC filter list, or enters the CLI context for a LI MAC filter list. LI MAC filters are used as a manner to create confidential MAC filter based li-source entries. The LI MAC filter entries are inserted/merged into normal MAC filters as configured via the li-filter-associations and li-filter-block-reservation commands, but the LI MAC filter entries are not visible to users without LI permissions.

The no form of this command removes the MAC LI filter name from the configuration.

Parameters

li-filter-name

Specifies the name of the MAC filter. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

li-mac-filter

Syntax

[no] li-mac-filter li-filter-name

Context

[Tree] (config>li>li-filter-assoc li-mac-filter)

Full Context

configure li li-filter-associations li-mac-filter

Description

Specifies the li-mac-filter that will have its entries inserted into a list of normal mac filters.

Parameters

li-filter-name

Specifies the name of the LI MAC filter, up to 32 characters. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

li-mac-filter

Syntax

li-mac-filter li-filter-name entry li-entry-id [li-entry-id] [intercept-id intercept-id [intercept-id]] [session-id session-id [session-id]]

no li-mac-filter li-filter-name [entry li-entry-id [li-entry-id]]

Context

[Tree] (config>li>li-source li-mac-filter)

Full Context

configure li li-source li-mac-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing LI MAC filter that has been associated with a normal MAC filter. The specification of an li-mac-filter entry as an li-source means that packets matching the li-mac-filter entry will be intercepted on all interfaces, saps and so on where the associated normal mac-filter(s) are applied.

Parameters

li-filter-name

Specifies the name of the li-mac-filter, up to 32 characters.

li-entry-id

Specifies the entry id in the li-mac-filter that is to be used as an li-source criteria.

Values

1 to 65535

intercept-id

Specifies the intercept ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept ID can be used (for example, by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept-id is inserted and none can be specified against the li-source entries.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap (config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session-id is inserted and none can be specified against the li-source entries.

Platforms

All

li-reserved-block

li-reserved-block

Syntax

li-reserved-block block-name [create]

no li-reserved-block block-name

Context

[Tree] (config>li>li-filter-block-reservation li-reserved-block)

Full Context

configure li li-filter-block-reservation li-reserved-block

Description

This command creates or edits an LI reserved block. An LI reserved block allows an operator to define where entries from an LI filter should be inserted into a normal filter. The block reserves a configurable number of entries in the normal filter that can only be used for entries inserted from associated LI filters. The LI filter entries that get inserted into the reserved block in each normal filter are not visible to non-LI operators. The block also defines to which normal filters the reservation is applied.

The no form of this command removes the block name from the configuration.

Parameters

block-name

Specifies the name of the MAC filter. Block names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

li-separate

li-separate

Syntax

[no] li-separate

Context

[Tree] (bof li-separate)

Full Context

bof li-separate

Description

This command specifies whether or not a non-LI user has access to lawful intercept (LI) information. When this command is enabled, a user who does not have LI access will not be allowed to access CLI or SNMP objects in the li context. Modifying this command will not take effect until the system is rebooted.

When the no li-separate command is set (the default mode), those who are allowed access to the config>system>security>profile context and user command nodes are allowed to modify the configuration of the LI parameters. In this mode, a user that has a profile allowing access to the config>li and/or show>li command contexts can enter and use the commands under those nodes.

When the li-separate command is configured, only users that have the LI access capabilities set in the config>system>security>user>access li context are allowed to access the config>li and/or show>li command contexts. A user who does not have LI access is not allowed to enter the config>li and show>li contexts even though they have a profile that allows access to these nodes. When in the li-separate mode, only users with config>system>security>user>access li set in their user account have the ability modify the setting LI parameters in either their own or other profiles and user configurations.

Default

no li-separate

Platforms

All

li-source

li-source

Syntax

[no] li-source mirror-service-id [name mirror-service-name]

Context

[Tree] (config>li li-source)

Full Context

configure li li-source

Description

This command configures a lawful intercept (LI) mirror source.

Parameters

mirror-service-id

Specifies the service ID in the service domain. This ID is unique to this service and cannot be used by any other service, regardless of service type. The same service ID must be configured on every router that this particular service is defined on.

Values

service-id:1 to 2147483647

svc-name: up to 64 characters

Platforms

All

lic

lic

Syntax

lic lic-name [create]

no lic lic-name

Context

[Tree] (config>li>x-interfaces>lics lic)

Full Context

configure li x-interfaces lics lic

Description

This command configures the parameters to communicate with a specific LIC.

The no form of this command removes the LIC name.

Parameters

lic-name

Specifies the LIC name to be used as a reference, up to 32 characters.

create

Mandatory keyword to create this entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lic-identifier

lic-identifier

Syntax

lic-identifier identifier

no lic-identifier

Context

[Tree] (config>li>x-interfaces>lics>lic lic-identifier)

Full Context

configure li x-interfaces lics lic lic-identifier

Description

This command configures the string that identifies this LIC.

The no form of this command reverts to the default.

Parameters

identifier

Specifies the LIC identifying string, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

license

license

Syntax

license

Context

[Tree] (admin>system license)

Full Context

admin system license

Description

Enters a context for administrative commands related to licensing.

Platforms

All

license-file

license-file

Syntax

license-file file-url

no license-file

Context

[Tree] (bof license-file)

Full Context

bof license-file

Description

This command configures the license location and file name.

The no form of this command removes the file URL from the configuration.

Parameters

file-url

Specifies the file-url.

Values

file-url

{local-url | remote-url} (up to 180 characters)

local-url

[cflash-id/][file-path]

remote-url

[{ftp://| tftp://} login:pswd@remote-locn/][file-path]

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

lics

lics

Syntax

lics

Context

[Tree] (config>li>x-interfaces lics)

Full Context

configure li x-interfaces lics

Description

Commands in this context configure the Network Element to communicate with LI Centers (LICs).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

lifetime

lifetime

Syntax

lifetime minimum minimum maximum maximum

no lifetime

Context

[Tree] (config>service>nat>pcp-server-policy lifetime)

Full Context

configure service nat pcp-server-policy lifetime

Description

This command configures the lifetime of explicit mappings made by the PCP servers.

Default

lifetime minimum 120 maximum 86400

Parameters

minimum

Specifies the minimum lifetime of explicit mappings made by the PCP servers using this PCP policy, in seconds.

Values

60 to 86399

maximum

Specifies the maximum lifetime of explicit mappings made by the PCP servers using this PCP policy, in seconds.

Values

61 to 86400

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

lifetime

Syntax

lifetime {seconds | forever}

Context

[Tree] (config>system>script-control>script-policy lifetime)

Full Context

configure system script-control script-policy lifetime

Description

This command is used to configure the maximum amount of time that a script may run.

Default

lifetime 3600

Parameters

seconds

Specifies the maximum amount of time that a script may run, in seconds.

Values

0 to 21474836

Default

3600 (1 hour)

forever

Specifies to allow a script to run indefinitely.

Platforms

All

limit

limit

Syntax

limit {all-packet-matches | first-session-match}

Context

[Tree] (debug>app-assure>group>traffic-capture>record limit)

Full Context

debug application-assurance group traffic-capture record limit

Description

This command records limit conditions.

Parameters

all-packet-matches

Records all the packets matching the condition.

first-session-match

Records only the first session matching the condition.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

limit-init-exchange

limit-init-exchange

Syntax

limit-init-exchange [reduced-max-exchange-timeout seconds]

no limit-init-exchange

Context

[Tree] (config>ipsec>ike-policy limit-init-exchange)

Full Context

configure ipsec ike-policy limit-init-exchange

Description

This command limits the number of ongoing IKEv2 initial exchanges per tunnel to 1. When the system receives a new IKEv2 IKE_SA_INIT request when there is an ongoing IKEv2 initial exchange from same peer, then system reduces the timeout value of the existing exchange to the specified reduced-max-exchange-timeout. If the reduced-max-exchange-timeout is disabled, then the system does not reduce the timeout value.

The no form of this command reverts to the default value.

Default

limit-init-exchange reduced-max-exchange-timeout 2

Parameters

seconds

Specifies the maximum timeout for the in-progress initial IKE exchange.

Values

2 to 60, disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

limit-mac-move

limit-mac-move

Syntax

limit-mac-move [blockable | non-blockable]

no limit-mac-move

Context

[Tree] (config>service>vpls>spoke-sdp limit-mac-move)

[Tree] (config>service>vpls>sap limit-mac-move)

Full Context

configure service vpls spoke-sdp limit-mac-move

configure service vpls sap limit-mac-move

Description

This command indicates whether or not the mac-move agent, when enabled using config>service>vpls>mac-move or config>service>epipe>mac-move, limits the MAC re-learn (move) rate on this SAP.

Default

limit-mac-move blockable

Parameters

blockable

Specifies that the agent monitors the MAC re-learn rate on the SAP, and it blocks it when the re-learn rate is exceeded.

non-blockable

Specifies that this SAP is not blocked, and another blockable SAP is blocked instead.

Platforms

All

limit-mac-move

Syntax

limit-mac-move [blockable | non-blockable]

no limit-mac-move

Context

[Tree] (config>service>pw-template limit-mac-move)

Full Context

configure service pw-template limit-mac-move

Description

This command indicates whether or not the mac-move agent will limit the MAC re-learn (move) rate.

Default

limit-mac-move blockable

Parameters

blockable

The agent will monitor the MAC re-learn rate, and it will block it when the re-learn rate is exceeded.

non-blockable

When specified, a SAP will not be blocked, and another blockable SAP will be blocked instead.

Platforms

All

limit-pir-zero-drain

limit-pir-zero-drain

Syntax

[no] limit-pir-zero-drain

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution limit-pir-zero-drain)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution limit-pir-zero-drain

Description

This command is used to configure the system to use the minimum configurable PIR instead of an H-QoS derived zero operational PIR. The default behavior is to allow the operational PIR of the queue to remain the last configured value while setting the queue MBS to zero (preventing queuing of newly arriving packets). Retaining the previous PIR value may cause a momentary burst above an aggregate rate associated with the queue as it drains. Using the limit-pir-zero-drain command causes the queue to drain at the lowest rate possible (typically 1 kb/s) that limits overrun situations.

The no form of this command reverts to default behavior.

Platforms

All

limit-unused-bandwidth

limit-unused-bandwidth

Syntax

[no] limit-unused-bandwidth

Context

[Tree] (config>port>ethernet>access>egress>vport limit-unused-bandwidth)

[