a Commands
aa-admit-deny
aa-admit-deny
Syntax
aa-admit-deny
Context
[Tree] (config>app-assure>group>statistics aa-admit-deny)
Full Context
configure application-assurance group statistics aa-admit-deny
Description
Commands in this context configure admit-deny statistics generation.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-interface
aa-interface
Syntax
aa-interface aa-if-name [create]
no aa-interface aa-if-name
Context
[Tree] (config>service>vprn aa-interface)
[Tree] (config>service>ies aa-interface)
Full Context
configure service vprn aa-interface
configure service ies aa-interface
Description
This commands creates a new AA interface within an IES or VPRN service. It is used by the aa-isa to send/receive IPv4 traffic. In the context of ICAP url-filtering this interface is used by the ISA to establish ICAP TCP connections to the ICAP servers.
This interface supports /31 subnet only, and uses by default .1q encapsulation.
The system will automatically configure the ISA IP address based on the address configured by the operator under the aa-interface object (which represents the ISA sap facing interface on the ISA).
Parameters
- aa-if-name
-
specifies the name of the AA Interface.
- create
-
Keyword that specifies to create the interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-specific
aa-specific
Syntax
[no] aa-specific
Context
[Tree] (config>log>acct-policy>cr aa-specific)
Full Context
configure log accounting-policy custom-record aa-specific
Description
Commands in this context configure information for this custom record.
The no form of this command excludes aa-specific attributes in the AA subscriber's custom record.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub
aa-sub
Syntax
aa-sub esm {eq | neq} sub-ident-string
aa-sub esm-mac {eq | neq} esm-mac-name
aa-sub sap {eq | neq} sap-id
aa-sub spoke-sdp {eq | neq} sdp-id:vc-id
aa-sub transit {eq | neq} transit-aasub-name
no aa-sub
Context
[Tree] (config>app-assure>group>policy>aqp>entry>match aa-sub)
Full Context
configure application-assurance group policy app-qos-policy entry match aa-sub
Description
This command specifies a Service Access Point (SAP) or an ESM subscriber as matching criteria.
The no form of this command removes the SAP or ESM matching criteria.
Parameters
- eq
-
Specifies that the value configured and the value in the flow are equal.
- neq
-
Specifies that the value configured differs from the value in the flow.
- sub-ident-string
-
Specifies the name of an existing application assurance subscriber.
- esm-mac-name
-
Specifies the name of an ESM-MAC subscriber.
- sap-id
-
Specifies the SAP ID.
- sap sap-id
-
Specifies the physical port identifier portion of the SAP definition.
- sdp-id:vc-id
-
Specifies the spoke SDP ID and VC ID.
- transit-aasub-name
-
Specifies the name of a transit AA subscriber.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub
Syntax
aa-sub
Context
[Tree] (config>app-assure>group>statistics aa-sub)
Full Context
configure application-assurance group statistics aa-sub
Description
Commands in this context configure accounting and statistics collection parameters per application assurance subscribers.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub
Syntax
[no] aa-sub {esm sub-ident-string | sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name | esm-mac esm-mac-name }
Context
[Tree] (config>app-assure>group>statistics>aa-sub-study aa-sub)
Full Context
configure application-assurance group statistics aa-sub-study aa-sub
Description
This command adds an existing subscriber identification to a group of special study subscribers (for example, subscribers for which per subscriber statistics and accounting records can be collected for protocols and applications of application assurance).
The no form of this command removes the subscriber from the special study subscribers.
Up to 100 subscribers can be configured into the special study group for protocols and up to a 100 potentially different subscribers can be configured into the special study group for applications.
When adding a subscriber to the special study group, accounting records and statistics generation will commence immediately. When removing a subscriber from the group, special study statistics and accounting records for that subscriber in the current interval will be lost.
Parameters
- sub-ident-string
-
Specifies the name of a subscriber ID. The subscriber does not need to be currently active. Any sub-ident-string will be accepted. When the subscriber becomes active, statistics generation will start automatically at that time.
- sap-id
-
Specifies the physical port identifier portion of the SAP definition.
- spoke-id sdp-id:vc-id
-
Specifies the spoke SDP ID and VC ID.
- transit-aasub-name
-
Specifies an existing transit subscriber name string, up to 32 characters in length.
- esm-mac-name
-
Specifies an existing ESM-MAC subscriber name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub
Syntax
aa-sub transit-aasub-name
no aa-sub
Context
[Tree] (config>app-assure>group>transit-prefix-policy>entry aa-sub)
Full Context
configure application-assurance group transit-prefix-policy entry aa-sub
Description
This command configures a transit prefix policy entry subscriber.
The no form of this command removes the transit subscriber name from the transit prefix policy configuration.
Parameters
- transit-aasub-name
-
specifies the name of the transit prefix AA subscriber up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-attributes
aa-sub-attributes
Syntax
aa-sub-attributes [all]
no aa-sub-attributes
Context
[Tree] (config>log>acct-policy>cr>aa aa-sub-attributes)
Full Context
configure log accounting-policy custom-record aa-specific aa-sub-attributes
Description
Commands in this context configure aa-specific attributes such as aa-sub-attributes and counters that will be available in the AA subscriber's custom record.
The no form of this command excludes aa specific attributes from the AA subscriber's custom record.
Parameters
- all
-
Specifies all counters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-congestion-detection
aa-sub-congestion-detection
Syntax
aa-sub-congestion-detection
Context
[Tree] (config>app-assure>group aa-sub-congestion-detection)
Full Context
configure application-assurance group aa-sub-congestion-detection
Description
Commands in this context configure Non-Location Based DEM (NLB-DEM) parameters.
NLB-DEM and Access-Network Location (ANL) DEM mode are mutually exclusive, and cannot operate simultaneously.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-counters
aa-sub-counters
Syntax
aa-sub-counters [all]
no aa-sub-counters
Context
[Tree] (config>log>acct-policy>cr>aa aa-sub-counters)
Full Context
configure log accounting-policy custom-record aa-specific aa-sub-counters
Description
Commands in this context configure subscriber counter information. This command only applies to the 7750 SR.
The no form of this command excludes the aa-sub-counters attributes in the AA subscriber's custom record.
Parameters
- all
-
Specifies all counters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-ip
aa-sub-ip
Syntax
aa-sub-ip ip-address[/mask]
no aa-sub-ip
Context
[Tree] (config>app-assure>group>transit-prefix-policy>entry>match aa-sub-ip)
Full Context
configure application-assurance group transit-prefix-policy entry match aa-sub-ip
Description
This command configures a transit prefix subscriber ip address prefix. It is used when the site is on the local side, being the same side of the system as the parent SAP. The local aa-sub-ip addresses represent the src-IP in the from-SAP direction and dest-IP in the to-SAP direction.
The no form of this command deletes the aa-sub-ip address assigned from the entry configuration.
Default
no aa-sub-ip
Parameters
- ip-address[/mask]
-
Specifies the address type of the subscriber address prefix associated with this transit prefix policy entry.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-remote
aa-sub-remote
Syntax
[no] aa-sub-remote
Context
[Tree] (config>app-assure>group aa-sub-remote)
Full Context
configure application-assurance group aa-sub-remote
Description
This command specifies whether or not the from subscriber and to subscriber traffic direction is reversed for this group-partition.
Default
no aa-sub-remote
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-study
aa-sub-study
Syntax
aa-sub-study study-type
Context
[Tree] (config>app-assure>group>statistics aa-sub-study)
Full Context
configure application-assurance group statistics aa-sub-study
Description
Commands in this context configure accounting and statistics collection parameters per application assurance special study subscribers.
Parameters
- study-type
-
Specifies special study protocol subscriber stats.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-suppressible
aa-sub-suppressible
Syntax
aa-sub-suppressible
no aa-sub-suppressible
Context
[Tree] (config>app-assure>group>policy>app-profile aa-sub-suppressible)
Full Context
configure application-assurance group policy app-profile aa-sub-suppressible
Description
This command configures an app-profile as "aa-sub-suppressible”, this function is used in the context of an SRRP group interface. If an SRRP group interface is configured as "suppress-aa-sub” then subscribers with an app-profile configured as "aa-sub-suppressible” will not be diverted to Application Assurance.
The no form of this command restores the default behavior.
Default
no aa-sub-suppressible
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-tethering-state
aa-sub-tethering-state
Syntax
aa-sub-tethering-state {detected | not-detected}
no aa-sub-tethering-state
Context
[Tree] (config>app-assure>group>policy>aqp>entry>match aa-sub-tethering-state)
Full Context
configure application-assurance group policy app-qos-policy entry match aa-sub-tethering-state
Description
This command specifies the tethering state of the subscriber where the AQP match entry will be applied.
The tethering state match condition is meaningful when configured in non-default subscriber policy AQP. Default subscriber policy consists of those AQPs that include match criteria based on the subscriber’s configuration. Tethering state match condition is also applicable in those AQPs that include matching criteria that are derived from actual subscriber’s traffic.
The no form of this command removes detection of sub-tethering state from the configuration.
Default
no aa-sub-tethering-state
Parameters
- detected
-
Specifies that the subscriber is in the tethering state.
- not-detected
-
Specifies that the subscriber is not in the tethering state.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-url-parameter
aa-url-parameter
Syntax
aa-url-parameter url-param-string
Context
[Tree] (config>subscr-mgmt>http-rdr-plcy aa-url-parameter)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm aa-url-parameter)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm aa-url-parameter)
Full Context
configure subscriber-mgmt http-redirect-policy aa-url-parameter
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt aa-url-parameter
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt aa-url-parameter
Description
This command configures the AA URL parameter that is used for HTTP portal redirect.
Parameters
- url-param-string
-
Specifies an AA URL parameter, up to 247 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
aaa
aaa
Syntax
aaa
Context
[Tree] (config aaa)
Full Context
configure aaa
Description
Commands in this context configure authentication, authorization, and accounting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
aaa
Syntax
aaa
Context
[Tree] (config>service>vprn aaa)
Full Context
configure service vprn aaa
Description
Commands in this context configure AAA on the VPRN.
Platforms
All
aarp
aarp
Syntax
aarp aarpId type type
no aarp
Context
[Tree] (config>service>epipe>spoke-sdp aarp)
[Tree] (config>service>epipe>sap aarp)
Full Context
configure service epipe spoke-sdp aarp
configure service epipe sap aarp
Description
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
Default
no aarp
Parameters
- aarpid
-
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
- type
-
Specifies the role of the SAP referenced by the AARP instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp
Syntax
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
Context
[Tree] (config>service>ipipe>spoke-sdp aarp)
Full Context
configure service ipipe spoke-sdp aarp
Description
This command associates an AARP instance to an Ipipe spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
Default
no aarp
Parameters
- aarp-id
-
An integer that identifies an AARP instance.
- subscriber-side-shunt
-
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
- network-side-shunt
-
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp
Syntax
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
Context
[Tree] (config>service>ies>aarp-interface>spoke-sdp aarp)
Full Context
configure service ies aarp-interface spoke-sdp aarp
Description
This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
Default
no aarp
Parameters
- aarp-id
-
Specifies an integer that identifies an AARP instance.
- subscriber-side-shunt
-
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
- network-side-shunt
-
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp
Syntax
aarp aarpId type type
no aarp
Context
[Tree] (config>service>ies>if>spoke-sdp aarp)
[Tree] (config>service>ies>if>sap aarp)
Full Context
configure service ies interface spoke-sdp aarp
configure service ies interface sap aarp
Description
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
Default
no aarp
Parameters
- aarpId
-
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
- type
-
Specifies the role of the SAP referenced by the AARP instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp
Syntax
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
Context
[Tree] (config>service>vprn>aarp-interface>spoke-sdp aarp)
Full Context
configure service vprn aarp-interface spoke-sdp aarp
Description
This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
Default
no aarp
Parameters
- aarp-id
-
An integer that identifies an AARP instance.
- subscriber-side-shunt
-
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
- network-side-shunt
-
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp
Syntax
aarp aarpId type type
no aarp
Context
[Tree] (config>service>vprn>if>sap aarp)
[Tree] (config>service>vprn>if>spoke-sdp aarp)
Full Context
configure service vprn interface sap aarp
configure service vprn interface spoke-sdp aarp
Description
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
Default
no aarp
Parameters
- aarpId
-
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
- type
-
Specifies the role of the SAP referenced by the AARP instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp
Syntax
aarp aarpId [create]
no aarp aarpId
Context
[Tree] (config>application-assurance aarp)
Full Context
configure application-assurance aarp
Description
This command defines an Application Assurance Redundancy Protocol (AARP) instance. This instance is paired with the same aarpId in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.
The no form of this command removes the instance from the configuration.
Parameters
- aarpid
-
An integer that identifies an AARP instance.
- create
-
Keyword used to create the AARP instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp-interface
aarp-interface
Syntax
aarp-interface aarp-interface-name [create]
no aarp-interface aarp-interface-name
Context
[Tree] (config>service>ies aarp-interface)
Full Context
configure service ies aarp-interface
Description
This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.
The no form of this command deletes the interface.
Default
no aarp-interface
Parameters
- aarp-interface-name
-
Specifies a string of up to 32 characters identifying the interface.
- create
-
Keyword used to create the AARP interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp-interface
Syntax
aarp-interface aarp-interface-name [create]
no aarp-interface aarp-interface-name
Context
[Tree] (config>service>vprn aarp-interface)
Full Context
configure service vprn aarp-interface
Description
This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.
The no form of this command deletes the interface.
Default
no aarp-interface
Parameters
- aarp-interface-name
-
Specifies the AARP interface name.
- create
-
Keyword used to create the AARP interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
abandon-tcp-optimization
abandon-tcp-optimization
Syntax
[no] abandon-tcp-optimization
Context
[Tree] (config>app-assure>group>policy>aqp>entry>action abandon-tcp-optimization)
Full Context
configure application-assurance group policy app-qos-policy entry action abandon-tcp-optimization
Description
This command causes TCPO to stop for flows matching this AQP entry. The flows are counted as TCPO abandoned by policy flows.
The no form of this command removes abandon TCPO from actions on flows matching this AQP entry.
Default
no abandon-tcp-optimization
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
abort
abort
Syntax
abort
Context
[Tree] (config>app-assure>group>policy abort)
Full Context
configure application-assurance group policy abort
Description
This command ends the current editing session and aborts any changes entered during this policy editing session.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
abort
Syntax
abort
Context
[Tree] (config>router>bfd abort)
Full Context
configure router bfd abort
Description
This command discards the changes made to a BFD template during an active session.
Platforms
All
abort
Syntax
abort
Context
[Tree] (config>router>route-next-hop-policy abort)
Full Context
configure router route-next-hop-policy abort
Description
This command discards the changes made to route next-hop templates during an active session.
Platforms
All
abort
Syntax
abort
Context
[Tree] (config>system>sync-if-timing abort)
Full Context
configure system sync-if-timing abort
Description
This command is required to discard changes that have been made to the synchronous interface timing configuration during a session.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
abort
Syntax
abort
Context
[Tree] (config>router>policy-options abort)
Full Context
configure router policy-options abort
Description
This command is required to discard changes made to a route policy.
Platforms
All
above-offered-allowance
above-offered-allowance
Syntax
[no] above-offered-allowance
Context
[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution above-offered-allowance)
Full Context
configure qos adv-config-policy child-control bandwidth-distribution above-offered-allowance
Description
Commands in this context edit the parameters that control the child's above-offered-allowance bandwidth. These parameters are only applicable when the port scheduler is configured to use the above-offered-allowance-control algorithm, otherwise they are ignored.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
above-offered-cap
above-offered-cap
Syntax
above-offered-cap {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}
no above-offered-cap
Context
[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution above-offered-cap)
Full Context
configure qos adv-config-policy child-control bandwidth-distribution above-offered-cap
Description
This command is used to limit the operationally configured shaping or policing rate on the child associated with the policy. After the parent virtual scheduler or policer control policy determines the appropriate rate for a specific child, a separate operation decides the actual PIR that should be configured for that child. When the parent determines that the distributed rate is equal to or less than the child’s offered rate, the configured operational PIR will be equal to that determined rate. But when the parent determines that the child’s offered rate is less than the available bandwidth the child could consume, the operational PIR may be set to a value larger than the distributed bandwidth. This extra rate is not currently used by the child because the offered rate is less. The system provides this extra bandwidth in case the child’s offered rate increases before the next sampling interval is complete, to mitigate the periodic nature of the child’s operational PIR adjustments. The increase in the offered rate is not subtracted from the parent’s remaining distribution bandwidth for lower priority children, only the determined rate is considered consumed by the parent virtual scheduler or policer control policy instance. The actual operationally configured PIR will never be greater than the child’s administratively defined PIR.
This 'fair share’ PIR configuration behavior may result in the sum of the children’s PIRs exceeding the aggregate rate of the parent. If this behavior violates the downstream QoS requirements, the above-offered-cap command may be used to minimize or eliminate the increase in the child’s configured PIR.
If the above-offered-cap command is used with a percent-based value, the increase is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not needed. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.
If the child’s administrative PIR is modified while a percent based above-offered-cap is in effect, the system automatically uses the new relative limit value the next time the child’s operational PIR is distributed.
When this command is not specified or removed, the child’s operational 'fair share’ operational PIR may be configured up to the child’s administrative PIR, based on the actual parental bandwidth available at the child’s priority level.
The no form of this command is used to remove a fair share operational PIR rate increase limit from all child policers and queues associated with the policy.
Parameters
- percent-of-admin-pir
-
When the percent qualifier is used, the following percent-of-admin-pir parameter specifies the percentage of the child’s administrative PIR that is used as the fair share increase limit. The new operational PIR result is capped by the child’s PIR. If a value of 0 or 0.00 is used, the system will disable the fair share increase function and only configure the actual distribution rate. If a value of 100 or 100.00 is used, the system will interpret this equivalent to executing the no above-offered-cap command and return the fair-share operation to the default behavior.
- rate-in-kilobits-per-second
-
When the rate qualifier is used, the rate-in-kilobits-per-second parameter specifies an explicit rate, in kb/s, that are used as the limit to the child’s fair share increase to the operational PIR. The new operational PIR result is capped by the child’s PIR. If a value of 0 is used, the system will disable the fair share increase function and only configure the actual distribution rate.
Platforms
All
absolute
absolute
Syntax
absolute microseconds
no absolute
Context
[Tree] (config>test-oam>link-meas>template>asw>thr absolute)
[Tree] (config>test-oam>link-meas>template>sw>thr absolute)
Full Context
configure test-oam link-measurement measurement-template aggregate-sample-window threshold absolute
configure test-oam link-measurement measurement-template sample-window threshold absolute
Description
This command specifies the delta, in microseconds, that a new delay measurement must differ from the previously reported measurement to be reported directly to the routing engine.
The no form of this command reverts to the default value.
Default
absolute 0
Parameters
- microseconds
-
Specifies the difference, in microseconds.
A value of 0 (zero) indicates that the absolute threshold is not used for reporting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ac-df-capability
ac-df-capability
Syntax
ac-df-capability {include | exclude}
Context
[Tree] (config>service>system>bgp-evpn>eth-seg ac-df-capability)
Full Context
configure service system bgp-evpn ethernet-segment ac-df-capability
Description
This command configures the inclusion or exclusion of the Attachment Circuit-influenced (AC-Influenced) designated forwarder (DF) election capability (AC-DF) capability into the DF Election for the Ethernet Segment.
The SR OS supports the AC-DF capability, in accordance with RFC8584. The include option is the default command setting. The AC-DF capability is enabled by default to support the EVPN auto-discovery per EVI/ES (AD per EVI/ES) routes for a specific PE, which ensures that the PE is included in the candidate DF election list.
Configuring the exclude option disables the AC-DF capability. When ac-df-capability exclude is configured on a specific Ethernet Segment (ES), the presence or absence of the AD per EVI/ES routes from the ES peers do not modify the candidate DF Election list for the ES. The exclude option is recommended in ESs that use an oper-group monitored by the access LAG to signal standby lacp or power-off.
All PE routers attached to the same ES must be configured consistently for the AC-DF capability.
Default
ac-df-capability include
Parameters
- include
-
Specifies that AC-DF capability is enabled.
- exclude
-
Specifies that AC-DF capability is disabled.
Platforms
All
accept-authorization-change
accept-authorization-change
Syntax
[no] accept-authorization-change
Context
[Tree] (config>subscr-mgmt>auth-policy accept-authorization-change)
Full Context
configure subscriber-mgmt authentication-policy accept-authorization-change
Description
This command specifies whether or not the system should handle the CoA messages initiated by the RADIUS server, and provide for mid-session interval changes of policies applicable to subscriber hosts.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accept-coa
accept-coa
Syntax
[no] accept-coa
Context
[Tree] (config>service>vprn>radius-server>server accept-coa)
[Tree] (config>router>radius-server>server accept-coa)
Full Context
configure service vprn radius-server server accept-coa
configure router radius-server server accept-coa
Description
This command configures this server for Change of Authorization messages. The system will process the CoA request from the external server if configured with this command; otherwise the CoA request is dropped.
The no form of this command disables the command.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accept-from-ebgp
accept-from-ebgp
Syntax
accept-from-ebgp family [family]
no accept-from-ebgp
Context
[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth accept-from-ebgp)
[Tree] (config>service>vprn>bgp>group>link-bandwidth accept-from-ebgp)
Full Context
configure service vprn bgp group neighbor link-bandwidth accept-from-ebgp
configure service vprn bgp group link-bandwidth accept-from-ebgp
Description
This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.
Up to three families may be configured.
The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.
Default
no accept-from-ebgp
Parameters
- family
-
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Platforms
All
accept-from-ebgp
Syntax
accept-from-ebgp family [family]
no accept-from-ebgp
Context
[Tree] (config>router>bgp>group>neighbor>link-bandwidth accept-from-ebgp)
[Tree] (config>router>bgp>group>link-bandwidth accept-from-ebgp)
Full Context
configure router bgp group neighbor link-bandwidth accept-from-ebgp
configure router bgp group link-bandwidth accept-from-ebgp
Description
This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.
Up to six families may be configured.
The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.
Default
no accept-from-ebgp
Parameters
- family
-
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Platforms
All
accept-ivpls-evpn-flush
accept-ivpls-evpn-flush
Syntax
[no] accept-ivpls-evpn-flush
Context
[Tree] (config>service>vpls>bgp-evpn accept-ivpls-evpn-flush)
Full Context
configure service vpls bgp-evpn accept-ivpls-evpn-flush
Description
This command enables the system to accept non-zero Ethernet tag MAC routes and process them only for C-MAC flushing. This command can be changed on the fly without shutting down BGP-EVPN MPLS.
The no version of the command prevents the router from processing B-MAC/ISID routes for cmac-flush.
Default
no accept-ivpls-evpn-flush
Platforms
All
accept-mrru
accept-mrru
Syntax
[no] accept-mrru
Context
[Tree] (config>subscr-mgmt>ppp-policy>mlppp accept-mrru)
Full Context
configure subscriber-mgmt ppp-policy mlppp accept-mrru
Description
This command is applicable only to LAC. MRRU option is an indication that the session is of MLPPPoX type. The 7750 SR LAC never initiates the MRRU option in LCP negotiation process. However, it responds to MRRU negotiation request by the client.
This command provides an option to specifically enable or disable negotiation of MLPPPoX on a capture SAP level or on a group interface level.
The no form of this command causes the MRRU option in LCP to not be negotiated by LAC.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
accept-orf
accept-orf
Syntax
[no] accept-orf
Context
[Tree] (config>router>bgp>group>neighbor>outbound-route-filtering>extended-community accept-orf)
[Tree] (config>router>bgp>outbound-route-filtering>extended-community accept-orf)
[Tree] (config>router>bgp>group>outbound-route-filtering>extended-community accept-orf)
Full Context
configure router bgp group neighbor outbound-route-filtering extended-community accept-orf
configure router bgp outbound-route-filtering extended-community accept-orf
configure router bgp group outbound-route-filtering extended-community accept-orf
Description
This command instructs the router to negotiate the receive capability in the BGP ORF negotiation with a peer, and accept filters that the peer wants to send.
The no form of this command causes the router to remove the accept capability in the BGP ORF negotiation with a peer, and to clear any existing ORF filters that are currently in place.
Default
no accept-orf
Platforms
All
accept-remote-loopback
accept-remote-loopback
Syntax
[no] accept-remote-loopback
Context
[Tree] (config>port>ethernet>efm-oam accept-remote-loopback)
Full Context
configure port ethernet efm-oam accept-remote-loopback
Description
This command enables reactions to loopback control OAM PDUs from peers.
The no form of this command disables reactions to loopback control OAM PDUs.
Default
no accept-remote-loopback
Platforms
All
accept-script-policy
accept-script-policy
Syntax
accept-script-policy policy-name
no accept-script-policy
Context
[Tree] (config>aaa>radius-srv-plcy accept-script-policy)
Full Context
configure aaa radius-server-policy accept-script-policy
Description
This command specifies the RADIUS script policy used to change the RADIUS attributes of the incoming Access-Accept messages.
Parameters
- policy-name
-
Specifies the name of the Python script to modify Access-Accept messages, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accept-script-policy
Syntax
accept-script-policy policy-name
no accept-script-policy
Context
[Tree] (config>subscr-mgmt>auth-policy accept-script-policy)
Full Context
configure subscriber-mgmt authentication-policy accept-script-policy
Description
This command specifies the RADIUS script policy used to change the RADIUS attributes of the incoming Access-Accept messages.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies the name of the Python script to modify Access-Accept messages, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accept-unprotected-errormsg
accept-unprotected-errormsg
Syntax
[no] accept-unprotected-errormsg
Context
[Tree] (config>system>security>pki>ca-profile>cmpv2 accept-unprotected-errormsg)
Full Context
configure system security pki ca-profile cmpv2 accept-unprotected-errormsg
Description
This command enables the system to accept both protected and unprotected CMPv2 error message. Without this command, system will only accept protected error messages.
The no form of this command causes the system to only accept protected PKI confirmation message.
Default
no accept-unprotected-errormsg
Platforms
All
accept-unprotected-pkiconf
accept-unprotected-pkiconf
Syntax
[no] accept-unprotected-pkiconf
Context
[Tree] (config>system>security>pki>ca-profile>cmpv2 accept-unprotected-pkiconf)
Full Context
configure system security pki ca-profile cmpv2 accept-unprotected-pkiconf
Description
This command enables the system to accept both protected and unprotected CMPv2 PKI confirmation messages. Without this command, the system will only accept protected PKI confirmation message.
The no form of this command causes the system to only accept protected PKI confirmation message.
Default
no accept-unprotected-pkiconf
Platforms
All
access
access
Syntax
access router router-instance
access service service-name
no access
Context
[Tree] (config>subscr-mgmt>steering-profile access)
Full Context
configure subscriber-mgmt steering-profile access
Description
This command specifies a routing instance to be used as a network VAS router in the steering profile.
The no form of this command removes the router instance.
Parameters
- router-instance
-
Specifies the router instance to be used as an access VAS router.
- service-name
-
Specifies the service name, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access
Syntax
access
Context
[Tree] (config>port>ethernet access)
Full Context
configure port ethernet access
Description
This command configures Ethernet access port parameters.
Platforms
All
access
Syntax
[no] access
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext access)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext access)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access
Description
Commands in this context configure the access side of HLE for the VLAN range.
The no form of this command disables the vRGW parameters enabled in this context.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
access
Syntax
access
Context
[Tree] (config>port access)
[Tree] (config>card>mda access)
Full Context
configure port access
configure card mda access
Description
This command enables the access context to configure egress and ingress pool policy parameters.
On the MDA level, access egress and ingress pools are only allocated on channelized MDAs.
Platforms
All
access
Syntax
access
Context
[Tree] (config>card>fp>ingress access)
Full Context
configure card fp ingress access
Description
This CLI node contains the access forwarding-plane parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
access
Syntax
access
Context
[Tree] (config>lag access)
Full Context
configure lag access
Description
Commands in this context configure access parameters.
Platforms
All
access
Syntax
access
Context
[Tree] (config>eth-tunnel>lag-emulation access)
Full Context
configure eth-tunnel lag-emulation access
Description
Commands in this context configure eth-tunnel loadsharing access parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
access
Syntax
[no] access
Context
[Tree] (config>service>vprn>snmp access)
Full Context
configure service vprn snmp access
Description
This command enables SNMP access using VPRN interface addresses. This command allows SNMP messages destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router. SNMP messages that arrive on VPRN interfaces but are destined to IP addresses in the Base routing context that can be accessed in the VPRN (for example, the router system address via grt leaking) do not require snmp access to be enabled but do require allow-local-management to be enabled.
Using an SNMP community defined inside the VPRN context (configure service vprn snmp community) allows access to a subset of the full SNMP data model. This subset can be seen in the output of show system security view "vprn-view".
Using an SNMP community defined in the system context (configure system security snmp community) allows access to the full SNMP data model (unless otherwise restricted used SNMP views).
Alternatively, grt leaking and a Base routing IP address can be used (along with an SNMP community defined at the system context) to get access to the entire SNMP data model (see the allow-local-management command).
The Nokia NSP cannot discover or fully manage an SR OS router using an SNMP community defined inside the VPRN context. Full SNMP access requires using one of the approaches described above.
Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for detailed information about SNMP.
Platforms
All
access
Syntax
[no] access [ftp] [snmp] [ console] [li] [netconf] [grpc]
Context
[Tree] (config>system>security>user access)
[Tree] (config>system>security>user-template access)
Full Context
configure system security user access
configure system security user-template access
Description
This command grants a user permission for FTP, SNMP, console, lawful intercept (LI), NETCONF, or gRPC access.
If a user requires access to more than one application, then multiple applications can be specified in a single command. Multiple commands are treated additively.
The no form of this command removes access for a specific application, and denies permission for all management access methods.
To deny a single access method, enter the no form of this command followed by the method to be denied, for example, no access FTP denies FTP access.
Default
no access
Parameters
- ftp
-
Specifies FTP permission.
- snmp
-
Specifies SNMP permission. This keyword is only configurable in the config>system>security>user context.
- console
-
Specifies console access (serial port or Telnet) permission.
- li
-
Specifies CLI command access in the lawful intercept (LI) context.
- netconf
-
Specifies NETCONF session access for the user defined in the specified user context. Because of the Base-R13 SR OS YANG data models, console access is also necessary in both classic and mixed configuration modes. console access is not required for the Nokia SR OS YANG data models in model-driven mode.
- grpc
-
Specifies gRPC access.
Platforms
All
access
Syntax
[no] access group group-name security-model security-model security-level security-level [context context-name [prefix -match]] [read view-name-1] [write view-name-2] [notify view-name-3]
Context
[Tree] (config>system>security>snmp access)
Full Context
configure system security snmp access
Description
This command creates an association between a user group, a security model, and the views that the user group can access. Access parameters must be configured unless security is limited to the preconfigured access groups and views for SNMPv1 and SNMPv2. An access group is defined by a unique combination of the group name, security model and security level.
Access groups are used by the usm-community command.
Access must be configured unless security is limited to SNMPv1/SNMPv2c with community strings. See the community command.
Default access group configurations cannot be modified or deleted.
To remove the user group with associated, security model(s), and security level(s), use:
no access group group-name
To remove a security model and security level combination from a group, use:
no access group group-name security-model {snmpv1 | snmpv2c | usm} security-level {no-auth-no-privacy | auth-no-privacy | privacy}
Parameters
- group-name
-
Specify a unique group name up to 32 characters.
- security-model {snmpv1 | snmpv2c | usm}
-
Specifies the security model required to access the views configured in this node. A group can have multiple security models. For example, one view may only require SNMPv1/ SNMPv2c access while another view may require USM (SNMPv3) access rights.
- security-level {no-auth-no-priv | auth-no-priv | privacy}
-
Specifies the required authentication and privacy levels to access the views configured in this node.
- security-level no-auth-no-privacy
-
Specifies that no authentication and no privacy (encryption) is required. When configuring the user’s authentication, select the none option.
- security-level auth-no-privacy
-
Specifies that authentication is required but privacy (encryption) is not required. When this option is configured, both the group and the user must be configured for authentication.
- security-level privacy
-
Specifies that both authentication and privacy (encryption) is required. When this option is configured, both the group and the user must be configured for authentication. The user must also be configured for privacy.
- context-name
-
Specifies a set of SNMP objects that are associated with the context-name.
The context-name is treated as either a full context-name string or a context name prefix depending on the keyword specified (exact or prefix).
- prefix-match
-
Specifies the context name prefix-match keywords, exact or prefix. This parameter applies only to the 7750 SR.
The VPRN context names begin with a vprn prefix. The numerical value is associated with the service ID that the VPRN was created with and identifies the service in the service domain. For example, when a new VPRN service is created such as config>service>vprn 2345 customer 1, a VPRN with context name vprn2345 is created.
The exact keyword specifies that an exact match between the context name and the prefix value is required. For example, when context vprn2345 exact is entered, matches for only vprn2345 are considered.
The prefix keyword specifies that only a match between the prefix and the starting portion of context name is required. If only the prefix keyword is specified, simple wildcard processing is used. For example, when context vprn prefix is entered, all vprn contexts are matched.
- view-name-1
-
Specifies the SNMP view used to control which MIB objects can be accessed using a read (get) operation.
- view-name-2
-
Specifies the SNMP view used to control which MIB objects can be accessed using a write (set) operation.
- view-name-3
-
Specifies the SNMP view used to control which MIB objects can be accessed for notifications.
Platforms
All
access-algorithm
access-algorithm
Syntax
access-algorithm {direct | round-robin}
no access-algorithm
Context
[Tree] (config>aaa>l2tp-acct-plcy>radius-acct-server access-algorithm)
Full Context
configure aaa l2tp-accounting-policy radius-accounting-server access-algorithm
Description
This command configures the algorithm used to access the list of configured RADIUS servers.
The no form of this command reverts to the default.
Default
access-algorithm direct
Parameters
- direct
-
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
-
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-algorithm
Syntax
access-algorithm {direct | round-robin}
Context
[Tree] (config>app-assure>rad-acct-plcy>server access-algorithm)
Full Context
configure application-assurance radius-accounting-policy radius-accounting-server access-algorithm
Description
This command configures the algorithm used to access the list of configured RADIUS servers.
Default
access-algorithm direct
Parameters
- direct
-
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
-
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
access-algorithm
Syntax
access-algorithm {direct | round-robin}
no access-algorithm
Context
[Tree] (config>subscr-mgmt>acct-plcy>server access-algorithm)
[Tree] (config>subscr-mgmt>auth-plcy>radius-auth-server access-algorithm)
Full Context
configure subscriber-mgmt radius-accounting-policy radius-accounting-server access-algorithm
configure subscriber-mgmt authentication-policy radius-authentication-server access-algorithm
Description
This command configures the algorithm used to access the list of configured RADIUS servers.
The no form of this command reverts to the default.
Parameters
- direct
-
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
-
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-algorithm
Syntax
access-algorithm {direct | round-robin | hash-based}
no access-algorithm
Context
[Tree] (config>aaa>radius-srv-plcy>servers access-algorithm)
Full Context
configure aaa radius-server-policy servers access-algorithm
Description
This command configures the algorithm used to select a RADIUS server from the pool of configured RADIUS servers.
Default
access-algorithm direct
Parameters
- direct
-
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
-
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
- hash-based
-
Select a RADIUS server based on the calculated hash result of the configured load-balance-key under the radius-proxy server hierarchy. This parameter is only applicable for radius-proxy server scenarios and results in an unpredictable RADIUS server selection if used in other scenarios.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-algorithm
Syntax
access-algorithm {direct | round-robin}
no access-algorithm
Context
[Tree] (config>service>vprn>aaa>remote-servers>radius access-algorithm)
Full Context
configure service vprn aaa remote-servers radius access-algorithm
Description
This command indicates the algorithm used to access the set of RADIUS servers.
Default
access-algorithm direct
Parameters
- direct
-
The first server will be used as primary server for all requests, the second as secondary and so on.
- round-robin
-
The first server will be used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
Platforms
All
access-algorithm
Syntax
access-algorithm {direct | round-robin | hash-based | direct-priority}
no access-algorithm
Context
[Tree] (config>aaa>isa-radius-plcy>servers access-algorithm)
Full Context
configure aaa isa-radius-policy servers access-algorithm
Description
This command defines the algorithm used to access the list of available RADIUS servers. A RADIUS server is considered available initially and marked as unavailable if no response packets are received in a period equal to the configured packet timeout multiplied by the retry count after sending a request. A server is always marked as available when any valid RADIUS packet is received from that server. Some access algorithms periodically probe unavailable servers by sending a single request. If the server responds to the request, it is immediately marked as available.
Default
access-algorithm direct
Parameters
- direct
-
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
-
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
- hashed-based
-
Specifies that the selection is based on the hash-based procedures.
- direct-priority
-
Specifies that the first server is used for all requests. If that server is not available, the second server is used, and so on. This method periodically probes and falls back to higher-priority servers.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
access-algorithm
Syntax
access-algorithm {direct | round-robin}
no access-algorithm
Context
[Tree] (config>system>security>radius access-algorithm)
Full Context
configure system security radius access-algorithm
Description
This command indicates the algorithm used to access the set of RADIUS servers.
Default
access-algorithm direct
Parameters
- direct
-
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
-
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
Platforms
All
access-loop-encapsulation
access-loop-encapsulation
Syntax
[no] access-loop-encapsulation
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host access-loop-encapsulation)
Full Context
configure subscriber-mgmt local-user-db ppp host access-loop-encapsulation
Description
Commands in this context configure access loop information.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
access-loop-information
access-loop-information
Syntax
access-loop-information
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host access-loop-information)
Full Context
configure subscriber-mgmt local-user-db ppp host access-loop-information
Description
Commands in this context configure access loop information in the local user database.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-loop-options
access-loop-options
Syntax
[no] access-loop-options
Context
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute access-loop-options)
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute access-loop-options)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute access-loop-options
configure subscriber-mgmt radius-accounting-policy include-radius-attribute access-loop-options
Description
This command enables inclusion of access loop information: Broadband Forum (BBF) access loop characteristics, DSL line state and DSL type. The BBF access loop characteristics are returned as BBF specific RADIUS attributes where DSL line state and DSL type are returned as Nokia-specific RADIUS VSAs.
Information obtained via the ANCP protocol has precedence over information received in PPPoE Vendor Specific BBF tags or DHCP Vendor Specific BBF Options.
If ANCP is utilized and interim accounting update is enabled, any Port Up event from GSMP will initiate in an interim update. Port Up messages can include information such as an update on the current subscriber actual-upstream-speed. The next interim accounting message is from port up triggering point.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-network-location
access-network-location
Syntax
access-network-location
Context
[Tree] (config>app-assure>group access-network-location)
Full Context
configure application-assurance group access-network-location
Description
Commands in this context configure parameters related to dynamic experience management, also known as Access Network Location (ANL).
These parameters include location source type congestion point and congestion detection parameters (such as roundtrip delay thresholds), if applicable.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
access-operation-cmd
access-operation-cmd
Syntax
[no] access-operation-cmd access-operation
Context
[Tree] (config>service>vprn>aaa>rmt-srv>tacplus>req access-operation-cmd)
[Tree] (config>system>security>tacplus>request-format access-operation-cmd)
Full Context
configure service vprn aaa remote-servers tacplus request-format access-operation-cmd
configure system security tacplus request-format access-operation-cmd
Description
This command sends an operation argument in authorization requests.
In model-driven interfaces, this command configures the system to send the operation in the cmd argument, and the path in the cmd-args argument, in TACACS+ authorization requests. This command does not apply to authorization requests in classic interfaces.
The no form of this command removes the operation from the configuration.
Default
no access-operation-cmd
Parameters
- access-operation
-
Specifies that an operation in the authorization request is sent.
Platforms
All
accounting
accounting
Syntax
accounting {1 | 2} [create]
no accounting {1 | 2}
Context
[Tree] (config>service>dynsvc>ladb>user>idx accounting)
Full Context
configure service dynamic-services local-auth-db user-name index accounting
Description
This command creates a context for one of the two accounting destinations specified in the dynamic services policy. In this context, overrides of RADIUS accounting parameters can be specified.
The no form of this command removes the RADIUS accounting overrides context from the configuration.
Parameters
- {1 | 2}
-
Indicates one of the two RADIUS accounting destinations.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting
Syntax
[no] accounting
Context
[Tree] (config>service>vprn>aaa>remote-servers>radius accounting)
Full Context
configure service vprn aaa remote-servers radius accounting
Description
This command enables RADIUS accounting.
The no form of this command disables RADIUS accounting.
Default
no accounting
Platforms
All
accounting
Syntax
accounting [record-type { start-stop | stop-only}]
no accounting
Context
[Tree] (config>service>vprn>aaa>remote-servers>tacplus accounting)
Full Context
configure service vprn aaa remote-servers tacplus accounting
Description
This command configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent.
Default
no accounting
Parameters
- record-type start-stop
-
Specifies that a TACACS+ start packet is sent whenever the user executes a command and a TACACS+ stop packet when command execution is complete.
- record-type stop-only
-
Specifies that only a TACACS+ stop packet is sent whenever the command execution is complete.
Platforms
All
accounting
Syntax
accounting [port udp-port]
no accounting
Context
[Tree] (config>aaa>isa-radius-plcy>servers>server accounting)
Full Context
configure aaa isa-radius-policy servers server accounting
Description
This command configures accounting for this server.
Parameters
- udp-port
-
Specifies the UDP port number on which to contact the RADIUS server for authentication.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting
Syntax
[no] accounting
Context
[Tree] (config>system>security>radius accounting)
Full Context
configure system security radius accounting
Description
This command enables RADIUS accounting.
The no form of this command disables RADIUS accounting.
Default
no accounting
Platforms
All
accounting
Syntax
accounting [record-type { start-stop | stop-only}]
no accounting
Context
[Tree] (config>system>security>tacplus accounting)
Full Context
configure system security tacplus accounting
Description
This command configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent.
Default
no accounting
Parameters
- record-type start-stop
-
Specifies that a TACACS+ start packet is sent whenever the user executes a command and a TACACS+ stop packet when command execution is complete.
- record-type stop-only
-
Specifies that only a TACACS+ stop packet is sent whenever the command execution is complete.
Platforms
All
accounting-1
accounting-1
Syntax
accounting-1
Context
[Tree] (config>service>dynsvc>policy accounting-1)
Full Context
configure service dynamic-services dynamic-services-policy accounting-1
Description
Commands in this context configure the first RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-2
accounting-2
Syntax
accounting-2
Context
[Tree] (config>service>dynsvc>policy accounting-2)
Full Context
configure service dynamic-services dynamic-services-policy accounting-2
Description
Commands in this context configure the second RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-files-total-size
accounting-files-total-size
Syntax
accounting-files-total-size megabytes
Context
[Tree] (config>log>storage accounting-files-total-size)
Full Context
configure log file-storage-control accounting-files-total-size
Description
This command configures the limit for the total space that all accounting files can occupy on each storage device on the active CPM.
When this threshold is reached, new accounting files are no longer created in the \act-collect directory of the storage device until SR OS removes older accounting files from the \act directory and the occupancy is below the limit. Currently open, in-progress accounting files in the \act-collect directory are not affected by this limit and are completed.
When unconfigured, there is no specific limit for the total size of all accounting files.
Only accounting files in the \act directory with system generated names (including no file extension) are applicable toward the total size limit.
If a user manually adds or deletes accounting files from the \act directory, the size of the files is not taken into account for up to 1 hour.
The configured total size limit is not validated against the actual size of the installed storage devices. If the configured limit is larger than the installed compact flash (CF) device, the limit is never reached.
The no form of this command removes the total size limit for accounting files.
Default
no accounting-files-total-size
Parameters
- megabytes
-
Specifies the total size limit for accounting files, in MB.
Platforms
All
accounting-policy
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>subscr-mgmt>sub-prof accounting-policy)
Full Context
configure subscriber-mgmt sub-profile accounting-policy
Description
This command specifies the policy to use to collect accounting statistics on this subscriber profile.
A maximum of one accounting policy can be associated with a profile at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association.
Parameters
- acct-policy-id
-
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>service>vpls>spoke-sdp accounting-policy)
[Tree] (config>service>vprn>if>spoke-sdp accounting-policy)
[Tree] (config>service>ies>if>sap accounting-policy)
[Tree] (config>service>ies>sub-if>grp-if>sap accounting-policy)
[Tree] (config>service>vprn>sub-if>grp-if>sap accounting-policy)
[Tree] (config>service>vpls>sap accounting-policy)
[Tree] (config>service>vpls>mesh-sdp accounting-policy)
[Tree] (config>service>vprn>if>sap accounting-policy)
Full Context
configure service vpls spoke-sdp accounting-policy
configure service vprn interface spoke-sdp accounting-policy
configure service ies interface sap accounting-policy
configure service ies subscriber-interface group-interface sap accounting-policy
configure service vprn subscriber-interface group-interface sap accounting-policy
configure service vpls sap accounting-policy
configure service vpls mesh-sdp accounting-policy
configure service vprn interface sap accounting-policy
Description
This command creates the accounting policy context that can be applied to an interface SAP or interface SAP spoke SDP.
An accounting policy must be defined before it can be associated with a SAP or SDP.
If the policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP or SDP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP or SDP, and the accounting policy reverts to the default.
Default
no accounting policy
Parameters
- acct-policy-id
-
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
All
- configure service vprn interface spoke-sdp accounting-policy
- configure service vpls sap accounting-policy
- configure service vpls spoke-sdp accounting-policy
- configure service ies interface sap accounting-policy
- configure service vpls mesh-sdp accounting-policy
- configure service vprn interface sap accounting-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface sap accounting-policy
- configure service vprn subscriber-interface group-interface sap accounting-policy
accounting-policy
Syntax
accounting-policy isa-radius-policy-name
no accounting-policy
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-policy)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-policy)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-policy
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-policy
Description
This command configures the ISA RADIUS accounting policy for the cross-connect.
The no form of this command removes the ISA RADIUS accounting policy from the cross-connect UE.
Parameters
- isa-radius-policy-name
-
Specifies the identifier of the ISA RADIUS policy name, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-policy
Syntax
accounting-policy policy-name
no accounting-policy
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-policy)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-policy)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-policy
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-policy
Description
This command specifies the isa-radius-policy used for accounting messages originated from the ISAs in the wlan-gw group. The policy can specify up to five accounting servers and configuration-specific to these accounting servers. It also specifies configuration specific to RADIUS client on ISAs and RADIUS attributes to be included in accounting messages.
Parameters
- policy-name
-
Specifies the name of the account policy up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>card>fp>ingress>network>queue-group accounting-policy)
[Tree] (config>card>fp>ingress>access>queue-group accounting-policy)
Full Context
configure card fp ingress network queue-group accounting-policy
configure card fp ingress access queue-group accounting-policy
Description
This command configures an accounting policy that can apply to a queue-group on the forwarding plane.
An accounting policy must be configured before it can be associated to an interface. If the accounting policy-id does not exist, an error is returned.
Accounting policies associated with service billing can only be applied to SAPs. The accounting policy can be associated with an interface at a time.
The no form of this command removes the accounting policy association from the queue-group.
Default
No accounting policies are specified by default. You must explicitly specify a policy. If configured, the accounting policy configured as the default is used.
Parameters
- acct-policy-id
-
Specifies the name of the accounting policy to use for the queue-group.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
accounting-policy
Syntax
accounting-policy policy-id
no accounting-policy
Context
[Tree] (config>port>ethernet>network accounting-policy)
[Tree] (config>port>tdm>ds1>channel-group>network accounting-policy)
[Tree] (config>port>sonet-sdh>path>network accounting-policy)
[Tree] (config>port>ethernet>network>egr>qgrp accounting-policy)
[Tree] (config>port>tdm>e3>network accounting-policy)
[Tree] (config>port>tdm>ds3>network accounting-policy)
[Tree] (config>port>ethernet>access>egr>qgrp accounting-policy)
[Tree] (config>port>ethernet>access>ing>qgrp accounting-policy)
[Tree] (config>port>tdm>e1>channel-group>network accounting-policy)
[Tree] (config>port>ethernet accounting-policy)
Full Context
configure port ethernet network accounting-policy
configure port tdm ds1 channel-group network accounting-policy
configure port sonet-sdh path network accounting-policy
configure port ethernet network egress queue-group accounting-policy
configure port tdm e3 network accounting-policy
configure port tdm ds3 network accounting-policy
configure port ethernet access egress queue-group accounting-policy
configure port ethernet access ingress queue-group accounting-policy
configure port tdm e1 channel-group network accounting-policy
configure port ethernet accounting-policy
Description
This command configures an accounting policy that can apply to an interface.
An accounting policy must be configured before it can be associated to an interface. If the accounting policy-id does not exist, an error is returned.
Accounting policies associated with service billing can only be applied to SAPs. Accounting policies associated with network ports can only be associated with interfaces. Only one accounting policy can be associated with an interface at a time.
The no form of this command removes the accounting policy association from the network interface, and the accounting policy reverts to the default.
Default
No accounting policies are specified by default. You must explicitly specify a policy. If configured, the accounting policy configured as the default is used.
Parameters
- policy-id
-
The accounting policy-id of an existing policy. Accounting policies record either service (access) or network information. A network accounting policy can only be associated with the network port configurations. Accounting policies are configured in the config>log>accounting-policy context.
Platforms
All
- configure port ethernet network accounting-policy
- configure port ethernet access ingress queue-group accounting-policy
- configure port ethernet accounting-policy
- configure port ethernet network egress queue-group accounting-policy
- configure port ethernet access egress queue-group accounting-policy
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
- configure port tdm e3 network accounting-policy
- configure port tdm e1 channel-group network accounting-policy
- configure port tdm ds3 network accounting-policy
- configure port tdm ds1 channel-group network accounting-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure port sonet-sdh path network accounting-policy
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy [acct-policy-id]
Context
[Tree] (config>service>epipe>sap accounting-policy)
[Tree] (config>service>cpipe>sap accounting-policy)
[Tree] (config>service>epipe>spoke-sdp accounting-policy)
[Tree] (config>service>ipipe>sap accounting-policy)
Full Context
configure service epipe sap accounting-policy
configure service cpipe sap accounting-policy
configure service epipe spoke-sdp accounting-policy
configure service ipipe sap accounting-policy
Description
This command creates the accounting policy context that can be applied to a SAP.
An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
Default
no accounting policy
Parameters
- acct-policy-id
-
Enter the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
All
- configure service ipipe sap accounting-policy
- configure service epipe sap accounting-policy
- configure service epipe spoke-sdp accounting-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap accounting-policy
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>service>ies>if>spoke-sdp accounting-policy)
Full Context
configure service ies interface spoke-sdp accounting-policy
Description
This command configures an accounting-policy.
Parameters
- acct-policy-id
-
Specifies an accounting policy ID.
Platforms
All
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>router>ldp>egr-stats>fec-pfx accounting-policy)
Full Context
configure router ldp egress-statistics fec-prefix accounting-policy
Description
This command associates an accounting policy to the MPLS instance.
An accounting policy must be defined before it can be associated else an error message is generated.
The no form of this command removes the accounting policy association.
Parameters
- acct-policy-id
-
Enter the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
All
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>router>mpls>ingr-stats>lsp accounting-policy)
[Tree] (config>router>mpls>lsp-template>egr-stats accounting-policy)
[Tree] (config>router>mpls>ingr-stats>p2p-template-lsp accounting-policy)
[Tree] (config>router>mpls>ingr-stats>p2mp-template-lsp accounting-policy)
[Tree] (config>router>mpls>lsp>egr-stats accounting-policy)
[Tree] (config>router>mpls>lsp>ingr-stats accounting-policy)
Full Context
configure router mpls ingress-statistics lsp accounting-policy
configure router mpls lsp-template egress-statistics accounting-policy
configure router mpls ingress-statistics p2p-template-lsp accounting-policy
configure router mpls ingress-statistics p2mp-template-lsp accounting-policy
configure router mpls lsp egress-statistics accounting-policy
configure router mpls lsp ingress-statistics accounting-policy
Description
This command associates an accounting policy to the MPLS instance.
The config>router>mpls>ingr-stats>p2mp-template-lsp>accounting-policy command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.
An accounting policy must be defined before it can be associated else an error message is generated.
The no form of this command removes the accounting policy association.
Parameters
- acct-policy-id
-
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
All
- configure router mpls ingress-statistics lsp accounting-policy
- configure router mpls lsp egress-statistics accounting-policy
- configure router mpls lsp-template egress-statistics accounting-policy
- configure router mpls ingress-statistics p2mp-template-lsp accounting-policy
- configure router mpls ingress-statistics p2p-template-lsp accounting-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure router mpls lsp ingress-statistics accounting-policy
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>app-assure>group>statistics>app accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-sub-study accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-sub accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-admit-deny accounting-policy)
[Tree] (config>app-assure>group>statistics>app-grp accounting-policy)
[Tree] (config>app-assure>group>statistics>protocol accounting-policy)
[Tree] (config>isa>aa-grp>statistics>perform accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-part accounting-policy)
Full Context
configure application-assurance group statistics application accounting-policy
configure application-assurance group statistics aa-sub-study accounting-policy
configure application-assurance group statistics aa-sub accounting-policy
configure application-assurance group statistics aa-admit-deny accounting-policy
configure application-assurance group statistics app-group accounting-policy
configure application-assurance group statistics protocol accounting-policy
configure isa application-assurance-group statistics performance accounting-policy
configure application-assurance group statistics aa-partition accounting-policy
Description
This command specifies the existing accounting policy to use for AA. Accounting policies are configured in the config>log>accounting-policy context.
Parameters
- acct-policy-id
-
Specifies the existing accounting policy to use for applications.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>saa>test accounting-policy)
Full Context
configure saa test accounting-policy
Description
This command associates an accounting policy to the SAA test. The accounting policy must already be defined before it can be associated otherwise an error message is generated.
A notification (trap) is issued whenever a test is completed or terminates.
The no form of this command removes the accounting policy association.
Parameters
- acct-policy-id
-
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
All
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>oam-pm>session>meas-interval accounting-policy)
Full Context
configure oam-pm session meas-interval accounting-policy
Description
This optional command allows the operator to assign an accounting policy and the policy-id (configured under the config>log>accounting-policy) with a record-type of complete-pm. This runs the data collection process for completed measurement intervals in memory, file storage, and maintenance functions moving data from memory to flash. A single accounting policy can be applied to a measurement interval.
The no form of this command removes the accounting policy.
Parameters
- acct-policy-id
-
Specifies the accounting policy to be applied to the measurement interval.
Platforms
All
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy
Context
[Tree] (config>service>sdp accounting-policy)
[Tree] (config>service>pw-template accounting-policy)
Full Context
configure service sdp accounting-policy
configure service pw-template accounting-policy
Description
This command creates the accounting policy context that can be applied to an SDP. An accounting policy must be defined before it can be associated with a SDP. If the acct-policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SDP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SDP, and the accounting policy reverts to the default.
Default
no accounting-policy
Parameters
- acct-policy-id
-
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
Platforms
All
accounting-policy
Syntax
accounting-policy policy-id [interval minutes]
no accounting-policy policy-id
Context
[Tree] (config>log accounting-policy)
Full Context
configure log accounting-policy
Description
This command creates an access or network accounting policy. An accounting policy defines the accounting records that are created.
Access accounting policies are policies that can be applied to one or more SAPs. Changes made to an existing policy, using any of the sub-commands, are applied immediately to all SAPs where this policy is applied.
If an accounting policy is not specified on a SAP, then accounting records are produced in accordance with the access policy designated as the default. If a default access policy is not specified, then no accounting records are collected other than the records for the accounting policies that are explicitly configured.
Only one policy can be regarded as the default access policy. If a policy is configured as the default policy, then a no default command must be used to allow the data that is currently being collected to be written before a new access default policy can be configured.
Network accounting policies are policies that can be applied to one or more network ports or SONET/SDH channels. Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all network ports or SONET/SDH channels where this policy is applied.
If no accounting policy is defined on a network port, accounting records will be produced in accordance with the default network policy as designated with the default command. If no network default policy is created, then no accounting records will be collected other than the records for the accounting policies explicitly configured. Default accounting policies cannot be explicitly applied. For example, for accounting-policy 10, if default is set, then that policy cannot be used:
*A:75>config>service>vpls>spoke-sdp# accounting-policy 10
Only one policy can be regarded as the default network policy. If a policy is configured as the default policy, then a no default command must be used to allow the data that is currently being collected to be written before a new network default policy can be configured.
The no form of this command deletes the policy from the configuration. The accounting policy cannot be removed unless it is removed from all the SAPs, network ports or channels where the policy is applied.
Parameters
- policy-id
-
Specifies the policy ID that uniquely identifies the accounting policy, expressed as a decimal integer.
Platforms
All
accounting-port
accounting-port
Syntax
accounting-port port
no accounting-port
Context
[Tree] (config>service>vprn>aaa>remote-servers>radius accounting-port)
Full Context
configure service vprn aaa remote-servers radius accounting-port
Description
This command specifies a UDP port number on which to contact the RADIUS server for accounting requests.
Default
accounting-port 1813
Parameters
- port
-
Specifies the UDP port number.
Platforms
All
accounting-port
Syntax
accounting-port port
no accounting-port
Context
[Tree] (config>system>security>radius accounting-port)
Full Context
configure system security radius accounting-port
Description
This command specifies a UDP port number on which to contact the RADIUS server for accounting requests.
Default
accounting-port 1813
Parameters
- port
-
Specifies the UDP port number.
Platforms
All
accounting-type
accounting-type
Syntax
accounting-type [session] [tunnel]
no accounting-type
Context
[Tree] (config>aaa>l2tp-acct-plcy accounting-type)
Full Context
configure aaa l2tp-accounting-policy accounting-type
Description
This command specifies the accounting type for the L2TP tunnel accounting policy.
The no form of this command reverts to the default.
Default
accounting-type session tunnel
Parameters
- session
-
Enables tunnel level accounting, including:
Tunnel-Link-Start
Tunnel-Link-Stop
Tunnel-Link-Reject
- tunnel
-
Enables link level accounting, including:
Tunnel-Start
Tunnel-Stop
Tunnel-Reject
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-update-interval
accounting-update-interval
Syntax
accounting-update-interval [interval]
no accounting-update-interval
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-update-interval)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-update-interval)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-update-interval
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-update-interval
Description
This command configures the time interval between consecutive interim accounting update messages. If not configured, the system does not send interim accounting update messages.
The no form of this command removes the value from the cross-connect configuration.
Parameters
- interval
-
Specifies the time interval between consecutive interim accounting update messages in minutes.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-update-interval
Syntax
accounting-update-interval [interval]
no accounting-update-interval
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-update-interval)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-update-interval)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-update-interval
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-update-interval
Description
This command enables the interim accounting and specifies the interim accounting interval.
Parameters
- interval
-
Specifies the interim accounting interval in seconds.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-authentic
acct-authentic
Syntax
[no] acct-authentic
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute acct-authentic)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute acct-authentic
Description
This command enables the generation of the acct-authentic RADIUS attribute.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-delay-time
acct-delay-time
Syntax
[no] acct-delay-time
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute acct-delay-time)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute acct-delay-time
Description
This command enables the generation of the acct-delay-time RADIUS attribute.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-delay-time
Syntax
[no] acct-delay-time
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes acct-delay-time)
Full Context
configure aaa isa-radius-policy acct-include-attributes acct-delay-time
Description
This command enables the acct-delay-time.
Default
no acct-delay-time
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-include-attributes
acct-include-attributes
Syntax
[no] acct-include-attributes
Context
[Tree] (config>aaa>isa-radius-plcy acct-include-attributes)
Full Context
configure aaa isa-radius-policy acct-include-attributes
Description
This command configures attributes to be included in RADIUS accounting messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-interim
acct-interim
Syntax
acct-interim min min-val max max-val lifetime lifetime
no acct-interim
Context
[Tree] (config>aaa>radius-srv-plcy>servers>buffering acct-interim)
Full Context
configure aaa radius-server-policy servers buffering acct-interim
Description
This command enables RADIUS accounting interim update message buffering.
-
The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server
-
If after retry*timeout seconds no RADIUS accounting response is received for the interim update then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.
-
Repeat step 2 until for one of the following:
-
a RADIUS accounting response is received.
-
the lifetime of the buffered message expires.
-
a new RADIUS accounting interim-update or a RADIUS accounting stop for the same accounting session-id and radius-server-policy is stored in the buffer.
-
the message is manually purged from the message buffer via a clear command.
-
-
The message is purged from the buffer.
The no form of this command disables RADIUS accounting interim update message buffering.
Parameters
- min-val
-
Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting interim update.
- max-val
-
Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting interim update.
- lifetime
-
Specifies the lifetime in hours.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-on-off
acct-on-off
Syntax
acct-on-off
acct-on-off monitor-group group-name
acct-on-off oper-state-change [group group-name]
Context
[Tree] (config>aaa>radius-srv-plcy acct-on-off)
Full Context
configure aaa radius-server-policy acct-on-off
Description
This command controls the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy:
acct-on-off: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is always not blocked.
acct-on-off oper-state-change [group group-name]: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is function of the Accounting-response received for the Accounting-On and Accounting-Off. Optionally, sets the acct-on-off oper-state of the acct-on-off-group.
acct-on-off monitor-group group-name: no Accounting-On and Accounting-Off messages are sent for this radius-server-policy. The acct-on-off oper-state is inherited from the acct-on-off-group.
The no form of this command disables the sending of Accounting-On and Accounting-Off messages.
Parameters
- group-name
-
Specifies the name of an acct-on-off group up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-on-off-group
acct-on-off-group
Syntax
acct-on-off-group group-name [create]
no acct-on-off-group group-name
Context
[Tree] (config>aaa acct-on-off-group)
Full Context
configure aaa acct-on-off-group
Description
This command creates an acct-on-off-group.
An acct-on-off-group can be referenced by:
-
A single radius-server-policy as controller — The acct-on-off oper-state of the acct-on-off-group is set to the acct-on-off oper-state of the radius-server-policy.
-
Multiple radius-server-policies as monitor — The acct-on-off oper-state of the radius-server-policy is inherited from the acct-on-off oper-state of the acct-on-off group.
The no form of this command deletes the acct-on-off-group.
Parameters
- group-name
-
Specifies the name of an acct-on-off group up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-policy
acct-policy
Syntax
acct-policy acct-policy-name [duplicate acct-policy-name]
no acct-policy
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host acct-policy)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host acct-policy)
Full Context
configure subscriber-mgmt local-user-db ipoe host acct-policy
configure subscriber-mgmt local-user-db ppp host acct-policy
Description
This command specifies the accounting policy used for sending an Accounting Stop message to report RADIUS authentication failures of PPPoE sessions. A duplicate policy can be specified if a copy of the Accounting Stop message must be sent to another destination.
Reporting RADIUS authentication failures with an Accounting Stop message must be enabled in the RADIUS authentication policy ("send-acct-stop-on-fail”).
A duplicate RADIUS accounting policy can be specified if the accounting stop resulting from a RADIUS authentication failure must also be sent to a second RADIUS destination.
The no form of this command reverts to the default.
Parameters
- acct-policy-name
-
Specifies the name of a RADIUS accounting policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-port
acct-port
Syntax
acct-port port
no acct-port
Context
[Tree] (config>service>vprn>radius-server>server acct-port)
[Tree] (config>router>radius-server>server acct-port)
Full Context
configure service vprn radius-server server acct-port
configure router radius-server server acct-port
Description
This command specifies the UDP listening port for RADIUS accounting requests.
The no form of this commands resets the UDP port to its default value (1813)
Default
acct-port 1813
Parameters
- port
-
Specifies the UDP listening port for accounting requests of the external RADIUS server.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-request-script-policy
acct-request-script-policy
Syntax
acct-request-script-policy policy-name
no acct-request-script-policy
Context
[Tree] (config>subscr-mgmt>acct-plcy acct-request-script-policy)
Full Context
configure subscriber-mgmt radius-accounting-policy acct-request-script-policy
Description
This command configures the Python script policy to modify Accounting-Request messages.
The no form of this command removes the policy name from the configuration.
Parameters
- policy-name
-
Specifies the Python script policy to modify Accounting-Request messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-request-script-policy
Syntax
acct-request-script-policy policy-name
no acct-request-script-policy
Context
[Tree] (config>aaa>radius-srv-plcy acct-request-script-policy)
Full Context
configure aaa radius-server-policy acct-request-script-policy
Description
This command specifies the name of the RADIUS script policy used to change the RADIUS attributes of the Accounting-Request messages.
Parameters
- policy-name
-
Specifies the name of the Python script to modify Accounting-Request messages, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-session-id
acct-session-id
Syntax
acct-session-id [session-id-type]
no acct-session-id
Context
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute acct-session-id)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute acct-session-id
Description
The acct-session-id attribute for each subscriber host is generated at the very beginning of the session initiation. This command will enable or disable sending this attribute to the RADIUS server in the Access-Request messages regardless of whether the accounting is enabled or not. The acct-session-id attribute can be used to address the subscriber hosts from the RADIUS server in the CoA Request.
The acct-session-id attribute is unique per subscriber host network wide. It is a 22 byte field comprised of the system MAC address along with the creation time and a sequence number in a hex format.
The no form of this command reverts to the default.
Default
no acct-session-id
Parameters
- session-id-type
-
Specifies the format for the acct-session-id attribute used in RADIUS accounting requests.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-stats
acct-stats
Syntax
[no] acct-stats
Context
[Tree] (config>ipsec>rad-acct-plcy>include acct-stats)
Full Context
configure ipsec radius-accounting-policy include-radius-attribute acct-stats
Description
This command enables the system to include accounting attributes in RADIUS acct-stop and interim-update packets.
The no form of this command disables the system from including accounting attributes in RADIUS acct-stop and interim-update packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-stop
acct-stop
Syntax
acct-stop min min-val max max-val lifetime lifetime
no acct-stop
Context
[Tree] (config>aaa>radius-srv-plcy>servers>buffering acct-stop)
Full Context
configure aaa radius-server-policy servers buffering acct-stop
Description
This command enables RADIUS accounting stop message buffering.
-
The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server
-
If after retry*timeout seconds no RADIUS accounting response is received for the accounting stop, then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.
-
Repeat step 2 until one of the following events occurs:
-
A RADIUS accounting response is received.
-
The lifetime of the buffered message expires.
-
The message is manually purged from the message buffer via a clear command.
-
-
The message is purged from the buffer.
The no form of this command disables RADIUS accounting stop message buffering.
Parameters
- min-val
-
Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting stop.
- max-val
-
Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting stop.
- lifetime
-
Specifies the lifetime in hours.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-trigger-reason
acct-trigger-reason
Syntax
[no] acct-trigger-reason
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes acct-trigger-reason)
Full Context
configure aaa isa-radius-policy acct-include-attributes acct-trigger-reason
Description
This command enables the acct-trigger-reason.
Default
no acct-trigger-reason
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-tunnel-connection-fmt
acct-tunnel-connection-fmt
Syntax
acct-tunnel-connection-fmt ascii-spec
no acct-tunnel-connection-fmt
Context
[Tree] (config>aaa>l2tp-acct-plcy acct-tunnel-connection-fmt)
Full Context
configure aaa l2tp-accounting-policy acct-tunnel-connection-fmt
Description
This command configures the accounting tunnel connection ascii-specification.
Default
no acct-tunnel-connection-fmt
Parameters
- ascii-spec
-
Specifies the ASCII specifications.
<ascii-spec>
<char-specification> <ascii-spec>
char-specification
<ascii-char> | <char-origin>
ascii-char
a printable ASCII character
char-origin
%<origin>
origin
n | s | S | t | T | c | C
n
Call Serial Number
s | S
Local (s) or Remote (S) Session Id
t | T
Local (t) or Remote (T) Tunnel Id
c | C
Local (c) or Remote (C) Connection Id
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-tunnel-connection-fmt
Syntax
acct-tunnel-connection-fmt ascii-spec
no acct-tunnel-connection-fmt
Context
[Tree] (config>subscr-mgmt>acct-plcy acct-tunnel-connection-fmt)
Full Context
configure subscriber-mgmt radius-accounting-policy acct-tunnel-connection-fmt
Description
This command specifies the string that is sent in the accounting message.
Default
no acct-tunnel-connection-fmt
Parameters
- ascii-spec
-
Specifies the accounting tunnel connection ASCII specification.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-update-triggers
acct-update-triggers
Syntax
acct-update-triggers
Context
[Tree] (config>aaa>isa-radius-plcy acct-update-triggers)
Full Context
configure aaa isa-radius-policy acct-update-triggers
Description
Commands in this context enable or disable the sending of triggered interim-updates, with the exception of the following:
-
After an update interval change, an interim update is always sent to indicate the start of the new interval.
-
Mobility-triggered updates are configured in the (service vprn <svc-id> | router) wlan-gw mobility-triggered-acct context.
-
NAT port block allocation depends on the inclusion of NAT-related attributes (port-range, outside-service, outside-ip).
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accu-stats-policy
accu-stats-policy
Syntax
accu-stats-policy policy-name [create]
no accu-stats-policy policy-name
Context
[Tree] (config>subscr-mgmt accu-stats-policy)
Full Context
configure subscriber-mgmt accu-stats-policy
Description
This command creates a storage policy for cumulative statistics for subscribers. The policy defines the specific direction for the policer or the queue to be stored and performs the following functions.
-
The policy stores subscriber statistics even if the subscriber session has ended. The subscriber statistics can be viewed even if the subscriber is offline.
-
When the subscriber session ends, the statistics are added to the past statistics stored in memory so that all previous session statistics are accumulated. The accumulated statistics are not persistent; they are only stored in memory and reset to zero when the chassis reboots.
The no form of this command deletes the policy only when it is no longer referenced by a subscriber profile.
Parameters
- policy-name
-
Specifies the name for the policy, up to 32 characters.
- create
-
Configures an entry for the policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accu-stats-policy
Syntax
accu-stats-policy policy-name
no accu-stats-policy
Context
[Tree] (config>subscr-mgmt>sub-profile accu-stats-policy)
Full Context
configure subscriber-mgmt sub-profile accu-stats-policy
Description
This command associates an accumulated statistics policy with a subscriber profile.
The no form of this command removes the association of the accu-stats-policy from the subscriber profile. It is possible to remove the policy from the subscriber profile while the subscriber is still online, however, the statistics remain in memory and must be cleared manually, using the clear subscriber-mgmt accu-stats active-subs no-accu-stats-policy command.
Parameters
- policy-name
-
Specifies the name of the accumulated statistics policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ack
ack
Syntax
ack [detail]
no ack
Context
[Tree] (debug>router>rsvp>packet ack)
Full Context
debug router rsvp packet ack
Description
This command debugs ack events.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about ack events.
Platforms
All
ack-auth-retry-count
ack-auth-retry-count
Syntax
ack-auth-retry-count [value]
no ack-auth-retry-count
Context
[Tree] (config>router>wpp>portals>portal ack-auth-retry-count)
[Tree] (config>service>vprn>wpp>portals>portal ack-auth-retry-count)
Full Context
configure router wpp portals portal ack-auth-retry-count
configure service vprn wpp portals portal ack-auth-retry-count
Description
This command configures the number of retransmissions of an ACK_OUT message.
The no form of this command reverts to the default.
Default
ack-auth-retry-count 5
Parameters
- value
-
Specifies the number of retransmissions of an ACK_OUT message.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acknowledgment
acknowledgment
Syntax
[no] acknowledgment
Context
[Tree] (config>service>cpipe>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>vpls>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>epipe>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure service cpipe spoke-sdp control-channel-status acknowledgment
configure service vpls spoke-sdp control-channel-status acknowledgment
configure service epipe spoke-sdp control-channel-status acknowledgment
Description
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe spoke-sdp control-channel-status acknowledgment
All
- configure service epipe spoke-sdp control-channel-status acknowledgment
- configure service vpls spoke-sdp control-channel-status acknowledgment
acknowledgment
Syntax
[no] acknowledgment
Context
[Tree] (config>service>ies>if>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>ies>red-if>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure service ies interface spoke-sdp control-channel-status acknowledgment
configure service ies redundant-interface spoke-sdp control-channel-status acknowledgment
Description
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
Default
no acknowledgment
Platforms
All
- configure service ies interface spoke-sdp control-channel-status acknowledgment
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies redundant-interface spoke-sdp control-channel-status acknowledgment
acknowledgment
Syntax
[no] acknowledgment
Context
[Tree] (config>service>vprn>if>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>vprn>red-if>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure service vprn interface spoke-sdp control-channel-status acknowledgment
configure service vprn redundant-interface spoke-sdp control-channel-status acknowledgment
Description
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
Platforms
All
- configure service vprn interface spoke-sdp control-channel-status acknowledgment
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn redundant-interface spoke-sdp control-channel-status acknowledgment
acknowledgment
Syntax
[no] acknowledgment
Context
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>mirror>mirror-dest>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure mirror mirror-dest remote-source spoke-sdp control-channel-status acknowledgment
configure mirror mirror-dest spoke-sdp control-channel-status acknowledgment
Description
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action
action
Syntax
action bypass-host-creation
action drop
no action
Context
[Tree] (config>filter>dhcp-filter>entry action)
Full Context
configure filter dhcp-filter entry action
Description
This command specifies the action to take on DHCP host creation when the filter entry matches.
The no form of this command reverts to the default wherein the host creation proceeds as normal.
Parameters
- bypass-host-creation
-
Specifies that the host creation is bypassed.
- drop
-
Specifies that the DHCP message is dropped.
Platforms
All
action
Syntax
action bypass-host-creation [na] [pd]
action drop
no action
Context
[Tree] (config>filter>dhcp6-filter>entry action)
Full Context
configure filter dhcp6-filter entry action
Description
This command specifies the action to take on DHCP6 host creation when the filter entry matches.
The no form of this command reverts to the default wherein the host creation proceeds as normal.
Parameters
- bypass-host-creation
-
Specifies that the host creation is bypassed.
- drop
-
Specifies that the DHCP6 message is dropped.
Platforms
All
action
Syntax
action {accept | next-entry | next-policy | drop | reject}
no action
Context
[Tree] (config>router>policy-options>policy-statement>entry action)
Full Context
configure router policy-options policy-statement entry action
Description
This command creates the context to configure actions to take for routes matching a route policy statement entry.
This command is required and must be entered for the entry to be active.
Any route policy entry without the action command will be considered incomplete and will be inactive.
The no form of this command deletes the action context from the entry.
Default
no action
Parameters
- accept
-
Specifies that routes matching the entry match criteria will be accepted and propagated.
- next-entry
-
Specifies that the actions specified would be made to the route attributes and then policy evaluation would continue with next policy entry (if any others are specified).
- next-policy
-
Specifies that the actions specified would be made to the route attributes and then policy evaluation would continue with next route policy (if any others are specified).
- drop
-
Specifies that routes matching the entry match criteria should be rejected. This parameter provides a context for modifying route properties.
- reject
-
Specifies that routes matching the entry match criteria should be rejected. This parameter does not provide a context for modifying route properties.
Platforms
All
action
Syntax
action dhcp-action
no action
Context
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option action)
[Tree] (config>service>vpls>sap>dhcp>option action)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>option action)
[Tree] (config>service>vprn>if>dhcp>option action)
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option action)
[Tree] (config>service>ies>if>dhcp>option action)
Full Context
configure service vprn subscriber-interface group-interface dhcp option action
configure service vpls sap dhcp option action
configure service ies subscriber-interface group-interface dhcp option action
configure service vprn interface dhcp option action
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option action
configure service ies interface dhcp option action
Description
This command configures the processing required when the SR-Series receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.
The no form of this command returns the system to the default value.
Default
action keep — Per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests. The default is to keep the existing information intact. The exception to this is if the giaddr of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.
Parameters
- replace
-
In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (towards the user) the Option 82 field is stripped (in accordance with RFC 3046).
- drop
-
Specifies that the packet is dropped, and an error is logged.
- keep
-
Specifies that the existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on towards the client.
The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router inserts its own VSO into the Option 82 field. This is only done when the incoming message has already an Option 82 field.
If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO is added to the message.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface dhcp option action
- configure service ies subscriber-interface group-interface dhcp option action
- configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option action
All
- configure service ies interface dhcp option action
- configure service vprn interface dhcp option action
- configure service vpls sap dhcp option action
action
Syntax
action {drop | forward}
no action
Context
[Tree] (config>log>filter>entry action)
[Tree] (config>service>vprn>log>filter>entry action)
Full Context
configure log filter entry action
configure service vprn log filter entry action
Description
This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.
Multiple action statements entered will overwrite previous actions.
The no form of this command removes the specified action statement.
Default
Action specified by the default-action command will apply.
Parameters
- drop
-
Specifies packets matching the entry criteria will be dropped.
- forward
-
Specifies packets matching the entry criteria will be forwarded.
Platforms
All
action
Syntax
action {drop | forward}
no action
Context
[Tree] (config>log>filter>entry action)
Full Context
configure log filter entry action
Description
This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.
Multiple action statements entered will overwrite previous actions.
The no form of this command removes the specified action statement.
Default
no action
Parameters
- drop
-
Specifies packets matching the entry criteria will be dropped.
- forward
-
Specifies packets matching the entry criteria will be forwarded.
Platforms
All
action
Syntax
action direction [create]
no action direction
Context
[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry action)
Full Context
configure subscriber-mgmt isa-service-chaining vas-filter entry action
Description
Commands in this context configure an action to be performed for traffic that matches a configured match criteria in the filter entry. The action can be configured as being applicable to upstream traffic, downstream traffic, or both.
The no form of this command removes the direction from the configuration.
Parameters
- direction
-
Specifies the direction for the action in a VAS filter entry.
- create
-
Keyword used to create the action’s direction. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action drop
action forward
action http-redirect url [allow-override]
no action
Context
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry action)
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry action)
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry action)
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry action)
Full Context
configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry action
configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry action
configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry action
configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry action
Description
This command configures the action for the filter entry.
The no form of this command reverts to the default.
Default
action drop
Parameters
- drop
-
Specifies to drop the packets matching the IP filter entry.
- forward
-
Specifies to forward the packets matching the IP filter entry.
- http-redirect url [allow-override]
-
Specifies the HTTP web address, up to 255 characters, that is sent to the user’s browser for redirection.
Note:This action is not supported for IPv6 filter entries.
The specified URL can be overridden by a Diameter Credit Control Server when the following conditions are met:
-
a Final-Unit-Indication AVP is present in the Multiple-Services-Credit-Control AVP of a CCA message
-
the Final-Unit-Action AVP is set to REDIRECT (1)
-
a Redirect-Server AVP is included with the following:
-
the Redirect-Address-Type AVP set to URL (2)
-
the Redirect-Server-Address AVP containing the URL to use for this rating group (category-map)
-
-
the out of credit action for the corresponding rating group is set to change-service-level using one of the following commands:
-
configure>subscriber-mgmt>credit-control-policy policy-name>out-of-credit-action change-service-level
-
configure>subscriber-mgmt>category-map category-map-name category category-name>out-of-credit-action-override change-service-level
-
-
an IPv4 HTTP redirect action with allow-override is specified in the exhausted credit service level context for the corresponding rating group using the command configure>subscriber-mgmt>category-map category-map-name category category-name>exhausted-credit-service-level>ingress-ip-filter-entries> entry entry-id>action http-redirect url allow-override
In all other cases, the URL specified in the Redirect-Server-Address AVP is ignored and the configured URL is used. The URL received from the Credit Control Server is included in the output of show>service>active-subscribers>credit-control. The allow-override is ignored for RADIUS credit control.
The following variables can optionally be added in the configured URL (http-redirect url) and in the override URL from the Credit Control Server (Redirect-Server-Address AVP):
-
$IP – Customer’s IP address
-
$MAC – Customer’s MAC address
-
$URL – Original requested URL
-
$SAP – Customer’s SAP
-
$SUB – Customer’s subscriber identification string
-
$CID – string that represents the circuit-id or interface-id of the subscriber host (hexadecimal format)
-
$RID – string that represents the remote-id of the subscriber host (hexadecimal format)
-
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {alarm | remove}
no action
Context
[Tree] (config>subscr-mgmt>shcv-policy>periodic action)
Full Context
configure subscriber-mgmt shcv-policy periodic action
Description
This command configures the action to take when the periodic connectivity verification failed.
The no form of this command reverts to the default.
Default
action alarm
Parameters
- alarm
-
Raises an alarm indicating that the host is disconnected.
- remove
-
Raises an alarm and releases all allocated resources (addresses, prefixes, queues, table entries, and so on). Static hosts are removed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {drop | forward | none}
action http-redirect rdr-url-string
no action
Context
[Tree] (config>subscr-mgmt>isa-filter>entry action)
[Tree] (config>subscr-mgmt>isa-filter>ipv6>entry action)
Full Context
configure subscriber-mgmt isa-filter entry action
configure subscriber-mgmt isa-filter ipv6 entry action
Description
This command specifies what should happen to packets that do match this entry.
The no form of this command reverts to the default value.
Default
action none
Parameters
- drop
-
Specifies to drop the packet.
- forward
-
Specifies to forward the packet.
- none
-
Specifies to ignore the entry and continue processing with subsequent entries.
- rdr-url-string
-
Specifies the URL to which matching HTTP flows are redirected, up to 255 characters. The URL can be overridden by AAA. Non-HTTP packets are dropped. The URL supports the $URL, $MAC, and $IP variables. For other macro substitutions, the string is not modified.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {permit-deny | priority-mark}
no action
Context
[Tree] (config>subscr-mgmt>isa-policer action)
Full Context
configure subscriber-mgmt isa-policer action
Description
This command specifies what happens to packets that are in-profile and out-of-profile.
The no form of this command reverts to the default value.
Default
action permit-deny
Parameters
- permit-deny
-
Drops all packets that are out of profile (they do not conform to the PIR).
- priority-mark
-
Currently not supported. The policer will take no action.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {log-only | reset-mda | fail-mda}
no action
Context
[Tree] (config>card>mda>event action)
Full Context
configure card mda event action
Description
This command defines the action to be taken when a specific hardware error event is raised against the target mda.
Only one action can be enabled at a time. Entering a new action will override a previously defined action.
The no form of this command sets the action to the default value.
Default
action log-only
Parameters
- log-only
-
Specifies to pass the log event to log management. No other action is taken.
- reset-mda
-
Specifies to reset the mda.
- fail-mda
-
Specifies to set the operational state of the mda to Failed. This Failed state will persist until the clear mda command is issued (reset) or the mda is removed and re-inserted (re-seat).
Platforms
All
action
Syntax
[no] action
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization action)
Full Context
configure system security profile netconf base-op-authorization action
Description
This command enables the NETCONF action operation.
The no form of this command disables the operation.
Default
no action
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
action
Syntax
action {priority-mark | permit-deny}
Context
[Tree] (config>app-assure>group>policer action)
Full Context
configure application-assurance group policer action
Description
This command configures the action to be performed by single-bucket bandwidth policers for non-conformant traffic.
Dual bucket bandwidth policers cannot have their action configured and always mark traffic below CIR in profile, between CIR and PIR out of profile, and drop traffic above PIR. Flow policers always discard non-conformant traffic.
When multiple application assurance policers are configured against a single flow (including policers at both subscriber and system), the final action done to the flow/packet will be a logical OR of all policers actions. For example, if only of the policers requires the packet to be discarded, the packet will be dropped regardless of the action of the other policers.
Default
action permit-deny
Parameters
- priority-mark
-
Non-conformant traffic will be marked out of profile and the conformant traffic will be marked in profile. The new marking will overwrite any previous IOM QoS marking done to a packet.
- permit-deny
-
Non-conformant traffic will be dropped.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action
Context
[Tree] (config>app-assure>group>policy>aqp>entry action)
Full Context
configure application-assurance group policy app-qos-policy entry action
Description
Commands in this context configure AQP actions to be performed on flows that match the AQP entry’s match criteria.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {permit | deny} [event-log event-log-name]
action http-redirect http-redirect-name [event-log event-log-name]
action tcp-optimizer tcp-optimizer-name
Context
[Tree] (config>app-assure>group>sess-fltr>entry action)
Full Context
configure application-assurance group session-filter entry action
Description
This command configures the action for this entry.
Parameters
- deny
-
Packets matching the criteria are denied.
- permit
-
Packets matching the criteria are permitted.
- event-log-name
-
Specifies the event log name, up to 32 characters.
- http-redirect-name
-
Specifies the HTTP redirect name, up to 32 characters.
- tcp-optimizer
-
Specifies to use TCP Optimization (TCPO) on the matching flows.The TCPO policy referenced within this session filter entry is configured under the AA group. If the TCPO action is removed from a session-filter entry, the existing flows are not affected. However, no new TCP flows are optimized.
- tcp-optimizer-name
-
Specifies the name of the TCPO policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {permit | deny}
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr>entry action)
Full Context
configure application-assurance group gtp gtp-filter imsi-apn-filter entry action
Description
This command configures an action for the IMSI-APN filter entry.
Default
action permit
Parameters
- permit
-
Specifies to permit packets that do not match any message entries.
- deny
-
Specifies to deny packets that do not match any message entries.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
action {dnat | forward} [ip-address ip-address]
no action
Context
[Tree] (config>service>nat>nat-classifier>entry action)
Full Context
configure service nat nat-classifier entry action
Description
This command specifies the action to take for packets that match this nat-classifier entry. The no form of the command removes the specified action statement. By default, the entry is ignored (skipped). Consequently, the action from another matching entry is applied. If there are no other matching entries found, the default-action is applied.
Default
no action.
Parameters
- dnat
-
Performs the DNAT function. The destination IP address of the packet traversing the router in the direction from inside to outside is replaced by the configured IP address. Destination port is not translated. In the opposite direction (from outside to inside), the source address in the returning packet is restored to the original value.
- forward
-
Specifies that the forward action ensures that the packet is transparently passed through the nat-classifier.
- ip-address ip-address
-
Specifies that the destination IP address replaces the original IP address in the packet traveling from inside to outside.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action
Syntax
[no] action [secondary]
Context
[Tree] (config>filter>mac-filter>entry action)
[Tree] (config>filter>ip-filter>entry action)
[Tree] (config>filter>ipv6-filter>entry action)
Full Context
configure filter mac-filter entry action
configure filter ip-filter entry action
configure filter ipv6-filter entry action
Description
Commands in this context configure a primary (no option specified) or secondary (secondary option specified) action to be performed on packets matching this filter entry. An ACL filter entry remains inactive (is not programmed in hardware) until a specific action is configured for that entry.
A primary action supports any filter entry action, a secondary action is used for redundancy and defines a redundant Layer 3 PBR action for an Layer 3 PBR primary action or a redundant L2 PBF action for a Layer 2 PBF primary action.
The no form of this command removes the specific action configured in the context of the action command. The primary action cannot be removed if a secondary action exists.
Default
no action
Parameters
- secondary
-
Specifies a secondary action to be performed on packets matching this filter entry. A secondary action can only be configured if a primary action is configured.
Platforms
All
action
Syntax
action [fc fc-name] [priority {high | low}] [policer policer-id]
no action
Context
[Tree] (config>qos>sap-ingress>ipv6-criteria>entry action)
[Tree] (config>qos>sap-ingress>mac-criteria>entry action)
[Tree] (config>qos>sap-ingress>ip-criteria>entry action)
Full Context
configure qos sap-ingress ipv6-criteria entry action
configure qos sap-ingress mac-criteria entry action
configure qos sap-ingress ip-criteria entry action
Description
This mandatory command associates the forwarding class or enqueuing priority with specific IP, IPv6, or MAC criteria entry ID. The action command supports setting the forwarding class parameter to a subclass. Packets that meet all match criteria within the entry have their forwarding class and enqueuing priority overridden based on the parameters included in the action parameters. When the forwarding class is not specified in the action command syntax, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy. When the enqueuing priority is not specified in the action, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.
When a policer is specified in the action, a matching packet is directed to the configured policer instead of the policer/queue assigned to the forwarding class of the packet.
The action command must be executed for the match criteria to be added to the active list of entries. If the entry is designed to prevent more explicit (higher entry ID) entries from matching certain packets, the fc fc-name and match protocol fields should not be defined when executing action. This allows packets matching the entry to preserve the forwarding class and enqueuing priority derived from previous classification rules.
Each time action is executed on a specific entry ID, the previously entered values for fc fc-name and priority are overridden with the newly defined parameters or inherit previous matches when a parameter is omitted.
The no form of this command removes the entry from the active entry list. Removing an entry on a policy immediately removes the entry from all SAPs using the policy. All previous parameters for the action is lost.
If no action is specified, the action specified by the default-fc command will be used.
Parameters
- fc fc-name
-
The value given for fc fc-name must be one of the predefined forwarding classes in the system. Specifying the fc fc-name is required. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.
The subclass-name parameter is optional and used with the fc-name parameter to define a pre-existing subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.
- priority
-
The priority parameter overrides the default enqueuing priority for all packets received on a SAP using this policy that match this rule. Specifying the priority (high or low) is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.
- high
-
The high parameter is used in conjunction with the priority parameter. Setting the priority enqueuing parameter to high for a packet increases the likelihood to enqueue the packet when the queue is congested. The enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the queue, the significance of the enqueuing priority is lost.
- low
-
The low parameter is used in conjunction with the priority parameter. Setting the priority enqueuing parameter to low for a packet decreases the likelihood to enqueue the packet when the queue is congested. The enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
- policer-id
-
A valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.
Platforms
All
action
Syntax
action [fc fc-name] [profile {in | out | exceed | inplus}] [policer policer-id] [port-redirect-group-queue] [queue queue-id] [use-fc-mapped-queue]
no action
Context
[Tree] (config>qos>sap-egress>ip-criteria>entry action)
[Tree] (config>qos>sap-egress>ipv6-criteria>entry action)
Full Context
configure qos sap-egress ip-criteria entry action
configure qos sap-egress ipv6-criteria entry action
Description
This command defines the reclassification actions that should be performed on any packet matching the defined IP flow criteria within the entries match node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.
If an egress packet on the SAP matches the specified IP flow entry, the forwarding class, or profile or egress queue accounting behavior may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all IP precedence- or DSCP-based reclassification rule actions when an explicit reclassification action is defined for the entry.
It is also possible to redirect the egress packet to a configured policer. The forwarding class or profile can also be optionally specified.
When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. In show and info commands, the entry will display no action as the specified reclassification action for the entry. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate packets egressing a SAP with the SAP egress policy defined. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed either with explicit reclassification entries or without any actions defined. Specifying action without any trailing reclassification actions allows packets matching the entry to exit the evaluation list without matching entries lower in the list. Executing no action on an entry removes the entry from the evaluation list and also removes any explicitly defined reclassification actions associated with the entry.
The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions.
The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior.
The policer keyword is optional. When specified, the egress packet will be redirected to the configured policer. Optional parameters allow the user to control how the forwarded policed traffic exits the egress port. By default, the policed forwarded traffic will use a queue in the egress port’s policer-output-queue queue group; alternatively, a queue in an instance of a user-configured queue group can be used or a local SAP egress queue.
The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any packets egress a SAP associated with the SAP egress QoS policy.
Parameters
- fc fc-name
-
The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.
- profile {in | out | exceed | inplus}
-
The profile reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of the ingress profiling decision. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.
- in
-
The in parameter is mutually exclusive to the exceed, inplus, and out parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When in is specified, any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.
- out
-
The out parameter is mutually exclusive to the exceed, inplus, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When out is specified, any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.
- exceed
-
The exceed parameter is mutually exclusive to the out, inplus, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When exceed is specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.
- inplus
-
The inplus parameter is mutually exclusive to the out, exceed, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When inplus is specified, any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.
- policer policer-id
-
When the action policer command is executed, a valid policer ID must be specified. The parameter policer ID references a policer ID that has already been created within the SAP egress QoS policy.
- port-redirect-group-queue queue queue-id
-
Used to override the forwarding class default egress queue destination to an egress port queue group. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the SAP. Therefore, this parameter is only valid if SAP-based redirection is required. The queue parameter overrides the policer’s default egress queue destination to a specified queue-id in the egress port queue group instance.
- queue queue-id
-
This parameter overrides the policer’s default egress queue destination to a specified local SAP queue of that queue-id. A queue of ID queue-id must exist within the egress QoS policy.
- use-fc-mapped-queue
-
This parameter overrides the policer’s default egress queue destination to the queue mapped by the traffic’s forwarding class.
Platforms
All
action
Syntax
action [fc fc-name profile {in | out | exceed | inplus}] [port-redirect-group {queue queue-id | policer policer-id [queue queue-id]}]
Context
[Tree] (config>qos>network>egress>ipv6-criteria>entry action)
[Tree] (config>qos>network>egress>ip-criteria>entry action)
Full Context
configure qos network egress ipv6-criteria entry action
configure qos network egress ip-criteria entry action
Description
This command defines the reclassification actions that are performed on any packet matching the defined IP flow criteria within the entry’s matched node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.
If an egress packet matches the specified IP flow entry, the forwarding class and profile may be overridden. By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all IP precedence-based or DSCP-based reclassification rule actions when an explicit reclassification action is defined for the entry.
When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate egress packets. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed.
The fc and profile keywords are optional. When specified, the egress classification rule will overwrite the forwarding class and profile derived from ingress. The new forwarding class and profile are used for egress remarking, queue mapping decisions, and queue congestion behavior.
The port-redirect-group keyword is optional. When specified, the egress packet will be redirected to the configured queue or policer in the specified egress network queue group. By default, the policed forwarded traffic will use the regular network queue to which the packet's forwarding class is mapped. Alternatively, a queue in the network egress queue group instance can be used for post-policed traffic by specifying a queue after the policer parameter. The port-redirect-group keyword requires that the network egress queue group instance is specified when this network QoS policy is applied to a network interface. The port-redirect-group is not supported on a 7750 SR-a4/a8.
The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any egress packets.
Default
no action
Parameters
- fc fc-name
-
The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. The profile reclassification action is mandatory when an fc is specified. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.
- profile {in | out | exceed | inplus}
-
The profile reclassification action is mandatory when an fc is specified, otherwise it is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of the ingress profiling decision. In, exceed, inplus, or out must be specified when the profile keyword is present. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.
- in
-
When specified, any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.
- out
-
When specified, any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.
- exceed
-
When specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.
- inplus
-
When specified, any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.
- queue queue-id
-
Used to override the forwarding class default egress queue destination to the specified network egress queue group instance queue. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the network interface.
- policer policer-id
-
Specifies a valid policer ID that has already been created within the network egress queue group instance.
- queue queue-id
-
The queue following the configured policer overrides the default policed traffic egress queue destination to a specified queue in the network egress queue group instance.
Platforms
All
action
Syntax
action fc fc-name profile {in | out}
no action
Context
[Tree] (config>qos>network>ingress>ipv6-criteria>entry action)
[Tree] (config>qos>network>ingress>ip-criteria>entry action)
Full Context
configure qos network ingress ipv6-criteria entry action
configure qos network ingress ip-criteria entry action
Description
This command defines the reclassification actions that are performed on any packet matching the defined IP flow criteria within the entry’s matched node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.
If an ingress packet matches the specified IP flow entry, the forwarding class and profile may be overridden. By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all non-criteria reclassification rule actions when an explicit reclassification action is defined for the entry.
When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate ingress packets. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed.
The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any ingress packets.
Default
no action
Parameters
- fc fc-name
-
The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. The profile reclassification action is mandatory when an fc is specified. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.
- profile {in | out}
-
The profile reclassification action is mandatory. Packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of other ingress profiling decisions. In or out must be specified when the profile keyword is present. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.
- in
-
When specified, any packets matching the reclassification rule will be treated as in-profile by the ingress forwarding plane.
- out
-
When specified, any packets matching the reclassification rule will be treated as out-of-profile by the ingress forwarding plane.
Platforms
All
action
Syntax
action {replace | drop | keep}
no action
Context
[Tree] (config>router>if>dhcp>option action)
Full Context
configure router interface dhcp option action
Description
This command configures the processing required when the SR-Series router receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.
The no form of this command returns the system to the default value.
Default
Per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this is if the GI address of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.
Parameters
- replace
-
In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).
- drop
-
The packet is dropped, and an error is logged.
- keep
-
The existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on toward the client.
The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert his own VSO into the Option 82 field. This will only be done when the incoming message has already an Option 82 field.
If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO will be added to the message.
Platforms
All
action
Syntax
action {action}
no action
Context
[Tree] (config>serv>mrp>mrp-policy>entry action)
Full Context
configure service mrp mrp-policy entry action
Description
This command specifies the action to be applied to the MMRP attributes (Group B-MACs) whose ISIDs match the specified ISID criteria in the related entry.
The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and will be inactive. If neither keyword is specified (no action is used), this is considered a No-Op policy entry used to explicitly set an entry inactive without modifying match criteria or removing the entry itself. Multiple action statements entered will overwrite previous actions parameters when defined. To remove a parameter, use the no form of the action command with the specified parameter.
The no form of the command removes the specified action statement. The entry is considered incomplete and hence rendered inactive without the action keyword.
Default
no action
Parameters
- action
-
Specifies the action for the MRP policy entry.
- block
-
Specifies that the matching MMRP attributes will not be declared or registered on this SAP or SDP.
- allow
-
Specifies that the matching MMRP attributes will be declared and registered on this SAP or SDP.
- end-station
-
Specifies that an end-station emulation is present on this SAP or SDP for the MMRP attributes related with matching ISIDs. Equivalent action with the block keyword on that SAP or SDP. The attributes associated with the matching ISIDs are not declared or registered on the SAP or SDP. The matching attributes on the other hand are mapped as static MMRP entries on the SAP or SDP which implicitly instantiates in the data plane as a MFIB entry associated with that SAP or SDP for the related Group B-MAC. For the other SAPs/SDPs in the BVPLS with MRP enabled (no shutdown). This means that the permanent declaration of the matching attributes, as in the case when the IVPLS instances associated with these ISIDs were locally configured.
If an MRP policy has end-station action in one entry, the only default action allowed in the policy is block. Also no other actions are allowed to be configured in other entry configured under the policy.
This policy will apply even if the MRP is shutdown on the local SAP or SDP or for the whole BVPLS to allow for manual creation of MMRP entries in the data plane. Specifically the following rules apply:
-
If service vpls mrp shutdown is executed, and the MMRP on all SAP or SDPs is shutdown, then MRP PDUs pass-through transparently.
-
If service vpls mrp no shutdown, and the endstation statement (even with no ISID values in the related match statement) is used in an MRP policy applied to SAP or SDP, then no declaration is sent on SAP or SDP. The provisioned ISIDs in the match statement are registered on that SAP or SDP and are propagated on all the other MRP enabled endpoints.
-
Platforms
All
action
Syntax
action {permit | deny | deny-host-unreachable}
no action
Context
[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry action)
[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry action)
[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry action)
Full Context
configure system security management-access-filter ip-filter entry action
configure system security management-access-filter mac-filter entry action
configure system security management-access-filter ipv6-filter entry action
Description
This command creates the action associated with the management access filter match criteria entry.
The action keyword is required. If no action is defined, the filter is ignored. If multiple action statements are configured, the last one overwrites previous configured actions.
If the packet does not meet any of the match criteria the configured default action is applied.
Parameters
- permit
-
Specifies that packets matching the configured criteria will be permitted.
- deny
-
Specifies that packets matching the configured selection criteria will be denied and that a ICMP host unreachable message will not be issued.
- deny-host-unreachable
-
Specifies that packets matching the configured selection criteria will be denied and that a host unreachable message will not be issued.
The deny-host-unreachable parameter only applies to ip-filter and ipv6-filter.
Platforms
All
action
Syntax
action [accept | drop | queue queue-id]
no action
Context
[Tree] (config>sys>security>cpm-filter>ip-filter>entry action)
[Tree] (config>sys>security>cpm-filter>ipv6-filter>entry action)
[Tree] (config>sys>security>cpm-filter>mac-filter>entry action)
Full Context
configure system security cpm-filter ip-filter entry action
configure system security cpm-filter ipv6-filter entry action
configure system security cpm-filter mac-filter entry action
Description
This command specifies the action to take for packets that match this filter entry.
Default
action drop
Parameters
- accept
-
Specifies packets matching the entry criteria will be forwarded.
- drop
-
Specifies packets matching the entry criteria will be dropped.
- queue queue-id
-
Specifies packets matching the entry criteria will be forward to the specified CPM hardware queue.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action
Syntax
action {deny | permit | read-only}
Context
[Tree] (config>system>security>profile>entry action)
Full Context
configure system security profile entry action
Description
This command configures the action associated with the profile entry.
Parameters
- deny
-
Specifies that commands matching the entry command match criteria are to be denied.
- permit
-
Specifies that commands matching the entry command match criteria is permitted.
- read-only
-
Specifies the commands matching the entry command match criteria is available with read-only access.
Platforms
All
action-list
action-list
Syntax
action-list
Context
[Tree] (config>log>event-handling>handler action-list)
Full Context
configure log event-handling handler action-list
Description
Commands in this context configure the EHS handler action list.
Platforms
All
action-on-fail
action-on-fail
Syntax
action-on-fail {drop | passthrough}
no action-on-fail
Context
[Tree] (config>python>py-script action-on-fail)
Full Context
configure python python-script action-on-fail
Description
This command specifies the action taken when Python fails to modify the given message.
The no form of this command reverts to the default.
Default
action-on-fail drop
Parameters
- drop
-
Specifies that the packet will be dropped.
- passthrough
-
Specifies that the packet that is sent out without any modifications.
Platforms
All
action-on-fail
Syntax
action-on-fail {drop | passthrough}
no action-on-fail
Context
[Tree] (config>aaa>radius-scr-plcy action-on-fail)
Full Context
configure aaa radius-script-policy action-on-fail
Description
specifies the action taken when Python fails to modify the RADIUS message.
The no form of this command reverts to the default.
Default
action-on-fail drop
Parameters
- drop
-
Specifies that the packet will be dropped.
- passthrough
-
Specifies that the packet will be sent out without any modifications.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
activate
activate
Syntax
activate [file-url] [now]
Context
[Tree] (admin>system>license activate)
Full Context
admin system license activate
Description
This command performs an activation on the license file pointed to by the command line argument. The file is first validated as described in the admin>system>license>validate command and upon success, replaces the existing license attributes in the system with the information in the new license file.
The license attributes that are active on a system can be viewed with the show>licensing>entitlements command.
If the CLM tool is being used for license management, it shall perform the validation and activation and there is no need to enter these commands manually.
Parameters
- file-url
-
Specifies the file URL location to read the license file.
- now
-
If the now keyword is not present, the operator is prompted to confirm the activation. With the now keyword the license file is activated without the additional prompt.
Platforms
All
activate-entry-tag
activate-entry-tag
Syntax
activate-entry-tag activate-entry-tag
no activate-entry-tag
Context
[Tree] (config>service>ipipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>cpipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>vpls>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>ipipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>cpipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>vpls>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>ies>if>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>ies>if>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>epipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>epipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
Full Context
configure service ipipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service cpipe sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service vprn interface sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service vpls sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service ipipe sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service cpipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service vprn interface sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service vpls sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service ies interface sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service ies interface sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service epipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service epipe sap ingress criteria-overrides ip-criteria activate-entry-tag
Description
This command activates the entry tag.
The no form of this command removes any existing entry tags from the SAP.
Parameters
- activate-entry-tag
-
Specifies the tag identifier value for activation.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
active-cpm-protocols
active-cpm-protocols
Syntax
[no] active-cpm-protocols
Context
[Tree] (config>service>vprn>if active-cpm-protocols)
Full Context
configure service vprn interface active-cpm-protocols
Description
This command enables CPM protocols on this interface.
Platforms
All
active-flow-timeout
active-flow-timeout
Syntax
active-flow-timeout seconds
no active-flow-timeout
Context
[Tree] (config>cflowd active-flow-timeout)
Full Context
configure cflowd active-flow-timeout
Description
This command configures the maximum amount of time before an active flow is aged out of the active cache. If an individual flow is active for the specified amount of time, the flow is aged out and a new flow is created on the next packet sampled for that flow.
Existing flows do not inherit the new active-flow-timeout value if this parameter is changed while cflowd is active. The active-flow-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.
The no form of this command resets the timeout back to the default value.
Default
active-flow-timeout 1800
Parameters
- seconds
-
Specifies the value, in seconds, before an active flow is exported.
Platforms
All
active-hold-delay
active-hold-delay
Syntax
active-hold-delay active-hold-delay
no active-hold-delay
Context
[Tree] (config>service>cpipe>endpoint active-hold-delay)
[Tree] (config>service>ipipe>endpoint active-hold-delay)
[Tree] (config>service>epipe>endpoint active-hold-delay)
Full Context
configure service cpipe endpoint active-hold-delay
configure service ipipe endpoint active-hold-delay
configure service epipe endpoint active-hold-delay
Description
This command specifies that the node will delay sending the change in the T-LDP status bits for the VLL endpoint when the MC-LAG transitions the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby or when any object in the endpoint. For example, SAP, ICB, or regular spoke SDP, transitions from up to down operational state.
By default, when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of "standby” over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.
There is no delay applied to the VLL endpoint status bit advertisement when the MC-LAG transitions the LAG subgroup which hosts the SAP from standby to active or when any object in the endpoint transitions to an operationally up state.
Default
active-hold-delay 0
Parameters
- active-hold-delay
-
Specifies the active hold delay in 100s of milliseconds.
A value of zero means that when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of standby over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe endpoint active-hold-delay
All
- configure service epipe endpoint active-hold-delay
- configure service ipipe endpoint active-hold-delay
active-instance
active-instance
Syntax
active-instance instance-id
no active-instance
Context
[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path active-instance)
Full Context
configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path active-instance
Description
This command configures the active instance of a P2MP candidate path for the P2MP SR tree as a primary or a secondary instance. Before configuring the active instance ID, the candidate path instance must be configured using the instance command.
The no form of this command removes the active instance.
Parameters
- instance-id
-
Specifies the active instance as primary (1) or secondary (2).
Platforms
All
active-iom-limit
active-iom-limit
Syntax
active-iom-limit number
no active-iom-limit
Context
[Tree] (config>isa>wlan-gw-group active-iom-limit)
Full Context
configure isa wlan-gw-group active-iom-limit
Description
This command specifies the number of WLAN-GW IOMs used as active IOMs from the total number of configured WLAN-GW IOMs. If there are more configured IOM than active-iom-limit, then the remaining number of IOMs is designated as backup(s).
The no form of this command removes the number from the configuration.
Parameters
- number
-
Specifies the number of IOMs in this WLAN Gateway ISA group that are intended for active use.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-lease-time
active-lease-time
Syntax
active-lease-time [hrs hours] [min minutes] [sec seconds]
no active-lease-time
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp active-lease-time)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp active-lease-time)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp active-lease-time
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp active-lease-time
Description
This command configures the lease time for an authenticated user.
Default
active-lease-time min 10
Parameters
- hours
-
Specifies the number of active lease time hours.
- minutes
-
Specifies the number of active lease time minutes.
- seconds
-
Specifies the number of active lease time seconds.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-mda-limit
active-mda-limit
Syntax
active-mda-limit number
no active-mda-limit
Context
[Tree] (config>isa>wlan-gw-group active-mda-limit)
Full Context
configure isa wlan-gw-group active-mda-limit
Description
This command specifies how many ISAs may be in active use by the WLAN-GW group at the same time. If the maximum number of active ISAs is reached and more ISAs are added to the group, the new ISAs are considered to be in standby mode.
The no form of this command removes the limit on the maximum number of active ISAs.
Parameters
- number
-
Specifies the number of WLAN-GW ISAs intended for active use.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s
active-mda-limit
Syntax
active-mda-limit number
no active-mda-limit
Context
[Tree] (config>isa>nat-group active-mda-limit)
Full Context
configure isa nat-group active-mda-limit
Description
This command configures the number of active ISAs in active-standby ISA redundancy model for NAT. The active ISAs are automatically selected by the system and any the remaining ISA beyond the number of active limit will automatically assume the standby role. An ISA in the standby mode is idle until the failure of an active ISA occurs. Standby ISA can accept traffic from exactly one failed active ISA. Multiple standby ISAs can be configured in the system to protect against multiple simultaneous failures.
Once the active ISA fails, the standby ISA will start forwarding traffic. NAT translations from the failed ISA will have to be re-initiated by the clients and consequently setup on the newly active ISA.
In order for this command to take effect, the intra-chassis redundancy mode must be set to active-standby (config>isa>nat-group>redundancy active-standby).
Default
no active-mda-limit
Parameters
- number
-
Specifies the active MDA limit.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-mda-number
active-mda-number
Syntax
active-mda-number number
no active-mda-number
Context
[Tree] (config>isa>tunnel-grp active-mda-number)
Full Context
configure isa tunnel-group active-mda-number
Description
This command specifies the number of active MS-ISA within all configured MS-ISA in the tunnel-group with multi-active enabled. IPsec traffic will be load balanced across all active MS-ISAs. If the number of configured MS-ISA is greater than the active-mda-number then the delta number of MS-ISA will be backup.
Default
active-mda-number 1
Parameters
- number
-
Specifies the number of active MDAs.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-outbound-sa
active-outbound-sa
Syntax
active-outbound-sa spi
no active-outbound-sa
Context
[Tree] (config>grp-encryp>encryp-keygrp active-outbound-sa)
Full Context
configure group-encryption encryption-keygroup active-outbound-sa
Description
This command specifies the Security Association, referenced by the Security Parameter Index (SPI), to use when performing encryption and authentication on NGE packets egressing the node for all services configured using this key group.
The no form of the command returns the parameter to its default value and is the same as removing this key group from all outbound direction key groups in all services configured with this key group (that is, all packets of services using this key group will egress the node in without being encrypted).
Parameters
- spi
-
Specifies the SPI to use for packets of services using this key group when egressing the node.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-preferred-lifetime
active-preferred-lifetime
Syntax
active-preferred-lifetime [hrs hours] [min minutes] [sec seconds]
no active-preferred-lifetime
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac active-preferred-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-preferred-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-preferred-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac active-preferred-lifetime)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-preferred-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-preferred-lifetime
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-preferred-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-preferred-lifetime
Description
This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.
The no form of this command reverts to the default.
Default
active-preferred-lifetime min 10
Parameters
- hours
-
Specifies the number of active preferred lifetime hours.
- minutes
-
Specifies the number of active preferred lifetime minutes.
- seconds
-
Specifies the number of active preferred lifetime seconds.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-psk
active-psk
Syntax
active-psk active-pre-shared-key
no active-psk
Context
[Tree] (config>macsec>conn-assoc>static-cak active-psk)
Full Context
configure macsec connectivity-association static-cak active-psk
Description
This command specifies the active transmitting pre-shared-key. If two pre-shared-keys are configured, the arriving MACsec MKA can be decrypted via CAKs of both pre-shared keys; however, only the active-psk will be used for TX encryption of MKA PDUs.
Default
active-psk 1
Parameters
- active-pre-shared-key
-
Specifies the value of the pre-shared-key.
Platforms
All
active-source-limit
active-source-limit
Syntax
active-source-limit number
no active-source-limit
Context
[Tree] (config>service>vprn>msdp>peer active-source-limit)
[Tree] (config>service>vprn>msdp>group active-source-limit)
[Tree] (config>service>vprn>msdp>source active-source-limit)
[Tree] (config>service>vprn>msdp active-source-limit)
[Tree] (config>service>vprn>msdp>group>peer active-source-limit)
Full Context
configure service vprn msdp peer active-source-limit
configure service vprn msdp group active-source-limit
configure service vprn msdp source active-source-limit
configure service vprn msdp active-source-limit
configure service vprn msdp group peer active-source-limit
Description
This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.
The no form of this command reverts the number of source message limit to default operation.
Default
no active-source-limit
Parameters
- number
-
Defines how many active sources can be maintained by MSDP.
Platforms
All
active-source-limit
Syntax
active-source-limit number
no active-source-limit
Context
[Tree] (config>router>msdp>peer active-source-limit)
[Tree] (config>router>msdp>group>peer active-source-limit)
[Tree] (config>router>msdp>source active-source-limit)
[Tree] (config>router>msdp>group active-source-limit)
[Tree] (config>router>msdp active-source-limit)
Full Context
configure router msdp peer active-source-limit
configure router msdp group peer active-source-limit
configure router msdp source active-source-limit
configure router msdp group active-source-limit
configure router msdp active-source-limit
Description
This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.
The no form of this command sets no limit on the number of source active records.
Default
no active-source-limit
Parameters
- number
-
Specifies the number of active sources that can be maintained by MSDP.
Platforms
All
active-valid-lifetime
active-valid-lifetime
Syntax
active-valid-lifetime [hrs hours] [min minutes] [sec seconds]
no active-valid-lifetime
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac active-valid-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-valid-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac active-valid-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-valid-lifetime)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-valid-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-valid-lifetime
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-valid-lifetime
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-valid-lifetime
Description
This command specifies the signaled valid lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.
The no form of this command reverts to the default.
Default
active-valid-lifetime min 10
Parameters
- hours
-
Specifies the number of active-valid-lifetime hours.
- minutes
-
Specifies the number of active-valid-lifetime minutes.
- seconds
-
Specifies the number of active-valid-lifetime seconds.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
activity-threshold
activity-threshold
Syntax
activity-threshold kilobits-per-second
no activity-threshold
Context
[Tree] (config>subscr-mgmt>cat-map activity-threshold)
Full Context
configure subscriber-mgmt category-map activity-threshold
Description
This command configures the threshold that is applied to determine whether or not there is activity. This is only valid for credit-type = time (not volume).
The no form of this command reverts to the default.
Parameters
- kilobits-per-second
-
Specifies the activity threshold value, in kilobits per second.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ad-per-es-route-target
ad-per-es-route-target
Syntax
ad-per-es-route-target evi-rt
ad-per-es-route-target evi-rt-set route-distinguisher ip-address [extended-evi-range]
Context
[Tree] (config>service>system>bgp-evpn ad-per-es-route-target)
Full Context
configure service system bgp-evpn ad-per-es-route-target
Description
This command controls how Ethernet AD per-ES routes are generated.
The system can either send a separate Ethernet AD per-ES route per service, or an Ethernet AD per-ES route aggregating the route-targets for multiple services. While both alternatives can interoperate, RFC 7432 states that the EVPN Auto-Discovery per-ES route must be sent with a set of route-targets corresponding to all the EVIs defined on the Ethernet Segment. This command supports both options.
The default ad-per-es-route-target evi-rt option configures the system to send a separate AD per-ES route per service.
When enabled, the evi-rt-set option allows the aggregation of routes: a single AD per-ES route with the associated RD (ip-address:1) and a set of EVI route-targets are advertised (to a maximum of 128). When a significant number of EVIs are defined in the Ethernet Segment (hence the number of route-targets), the system sends more than one route. For example:
-
AD per-ES route for evi-rt-set 1 will be sent with RD ip-address:1
-
AD per-ES route for evi-rt-set 2 will be sent with RD ip-address:2
Default
ad-per-es-route-target evi-rt
Parameters
- evi-rt
-
Specifies the option to advertise a separate AD per-ES route per service.
- evi-rt-set
-
Specifies the option to advertise a set of AD per-ES routes aggregating the route-targets for all the services in the Ethernet Segment.
- ip-address
-
Specifies the ip-address part of the route-distinguisher being used in the evi-rt-set option.
- extended-evi-range
-
Specifies that the system reserves the RD comm-val 1 to 65535 out of the type 1 RD that is used for AD per-ES routes.
Platforms
All
ad-validation
ad-validation
Syntax
ad-validation {fall-through | drop}
no ad-validation
Context
[Tree] (config>system>dns>dnssec ad-validation)
Full Context
configure system dns dnssec ad-validation
Description
This command enables validation of the presence of the AD-bit in responses from the DNS servers, and reports a warning to the SECURITY log if DNSSEC validation was not possible.
This command requires either the fall-through or drop parameters be configured. When the fall-through parameter is supplied, the system will allow DNS responses that do not pass DNSSEC validation to be accepted and logged. When the drop parameter is specified, the system will reject and log DNS responses that do not pass DNSSEC validation and the resolution will appear to fail.
Default
no ad-validation
Parameters
- fall-through
-
Specifies that the DNSSEC validator should allow non-DNSSEC responses to fall-through to permit resolution in case of validation failure.
- drop
-
Specifies that the DNSSEC validator should drop non-DNSSEC responses in case of validation failure.
Platforms
All
adapt-qos
adapt-qos
Syntax
adapt-qos {link | port-fair | distribute [include-egr-hash-cfg]}
Context
[Tree] (config>lag>access adapt-qos)
Full Context
configure lag access adapt-qos
Description
This command specifies how the LAG SAP queue and virtual scheduler buffering and rate parameters are adapted over multiple active XMAs/MDAs. This command applies only to access LAGs.
Default
adapt-qos distribute
Parameters
- link
-
Specifies that the LAG will create the SAP queues and virtual schedulers with the actual parameters on each LAG member port.
- port-fair
-
Places the LAG instance into a mode that enforces QoS bandwidth constraints in the following manner:
-
all egress QoS objects associated with the LAG instance are created on a per port basis
-
bandwidth is distributed over these per port objects based on the proportion of the port's bandwidth relative to the total of all active ports bandwidth within the LAG
-
the include-egr-hash-cfg behavior is automatically enabled allowing the system to detect objects that hash to a single egress link in the lag and enabling full bandwidth for that object on the appropriate port
-
- distribute
-
Creates an additional internal virtual scheduler per IOM/XCM as parent of the configured SAP queues and virtual schedulers per LAG member port on that IOM/XCM. This internal virtual scheduler limits the total amount of egress bandwidth for all member ports on the IOM/XCM to the bandwidth specified in the egress qos policy.
- include-egr-hash-cfg
-
Specifies whether explicitly configured hashing should factor into the egress buffering and rate distribution.
When this parameter is configured, all SAPs on this LAG which have explicit hashing configured, the egress HQoS and HPol (including queues, policers, schedulers and arbiters) will receive 100% of the configured bandwidth (essentially operating in adapt-qos link mode). For any Multi-Service-Sites assigned to such a LAG, bandwidth will continue to be divided according to adapt-qos distribute mode.
A LAG instance that is currently in adapt-qos link mode may be placed at any time in port-fair mode. Similarly, a LAG instance that is currently in adapt-qos port-fair mode may be placed at any time in link mode. However, a LAG instance in adapt-qos distribute mode may not be placed into port-fair (or link) mode while QoS objects are associated with the LAG instance. To move from distribute to port-fair mode it is necessary to remove all QoS objects from the LAG instance.
Platforms
All
adapt-qos
Syntax
adapt-qos {distribute | link | port-fair}
no adapt-qos
Context
[Tree] (config>eth-tunnel>lag-emulation>access adapt-qos)
Full Context
configure eth-tunnel lag-emulation access adapt-qos
Description
This command specifies how the emulated LAG queue and virtual scheduler buffering and rate parameters are adapted over multiple active MDAs.
The no form of the command reverts to the default.
Parameters
- distribute
-
Creates an additional internal virtual scheduler per line card as parent of the configured SAP queues and virtual schedulers per member path on that line card. This internal virtual scheduler limits the total amount of egress bandwidth for all member paths on the line card to that line card’s share of the bandwidth specified in the egress qos policy. This mode is not supported together with an egress port scheduler or the use of egress queue groups.
- link
-
Specifies that the emulated LAG will create the SAP queues and virtual schedulers with the bandwidth specified in the egress QoS policy on each member path.
- port-fair
-
Specifies that the emulated LAG will create the SAP queues and virtual schedulers on each member path based on the bandwidth specified in the egress QoS policy divided by the number of active paths.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
adaptation-rule
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>qos>sap-egress>queue adaptation-rule)
Full Context
configure qos sap-egress queue adaptation-rule
Description
This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir and cir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.
Default
adaptation-rule pir closest cir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default constraint applies.
- cir
-
Defines the constraints enforced when adapting the queue's CIR defined. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>qos>sap-egress>queue adaptation-rule)
Full Context
configure qos sap-egress queue adaptation-rule
Description
This command defines the method used by the system to derive the operational FIR, CIR, and PIR settings when the queue is provisioned in hardware. For the FIR, CIR, and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir, cir, and fir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR, and PIR created by the application of the policy.
Default
adaptation-rule pir closest cir closest fir closest
Parameters
- pir adaptation-rule
-
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir adaptation-rule
-
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- max
-
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
-
Specifies that the operational PIR for the queue will be equal to or greater than the requested rate.
- closest
-
Specifies that the operational PIR for the queue will be the rate closest to the requested rate.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
Context
[Tree] (config>service>vpls>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>ies>sub-if>grp-if>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>ies>if>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>vpls>sap>egress>queue-override>queue adaptation-rule)
Full Context
configure service vpls sap ingress queue-override queue adaptation-rule
configure service ies interface sap ingress queue-override queue adaptation-rule
configure service ies subscriber-interface group-interface sap egress queue-override queue adaptation-rule
configure service ies interface sap egress queue-override queue adaptation-rule
configure service vpls sap egress queue-override queue adaptation-rule
Description
This command overrides specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
Default
no adaptation-rule
Parameters
- pir
-
Specifies the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
-
Specifies the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
-
Specifies the CIR and PIR adaptation rules.
Platforms
All
adaptation-rule
Syntax
adaptation-rule pir adaptation-rule [cir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>subscr-mgmt>isa-policer adaptation-rule)
Full Context
configure subscriber-mgmt isa-policer adaptation-rule
Description
For operational efficiency, the operational rate of a policer cannot take on every value in the configurable range. This configuration defines a rule that must be followed when mapping a configured rate to an operational rate.
The cir adaptation-rule can only be set on dual-bucket-bandwidth policers.
The no form of this command reverts to its default.
Default
adaptation-rule pir closest cir closest
Parameters
- pir adaptation-rule
-
Configures the rules to compute the PIR operational rates.
- cir adaptation-rule
-
Configures the rules to compute the CIR operational rates.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir {max | min | closest}]
no adaptation-rule
Context
[Tree] (config>port>ethernet>network>egr>qover>q adaptation-rule)
[Tree] (config>port>ethernet>access>ing>qgrp>qover>q adaptation-rule)
[Tree] (config>port>ethernet>access>egr>qgrp>qover>q adaptation-rule)
Full Context
configure port ethernet network egress queue-overrides queue adaptation-rule
configure port ethernet access ingress queue-group queue-overrides queue adaptation-rule
configure port ethernet access egress queue-group queue-overrides queue adaptation-rule
Description
This command specifies the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
Default
adaptation-rule pir closest cir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
-
Defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
-
Specifies the adaptation rule to be used while computing the operational CIR or PIR value.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaption-rule
Context
[Tree] (config>service>ipipe>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>ipipe>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>epipe>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>epipe>sap>egress>queue-override>queue adaptation-rule)
Full Context
configure service ipipe sap egress queue-override queue adaptation-rule
configure service ipipe sap ingress queue-override queue adaptation-rule
configure service epipe sap ingress queue-override queue adaptation-rule
configure service epipe sap egress queue-override queue adaptation-rule
Description
This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
Default
no adaptation-rule
Parameters
- pir
-
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
-
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
-
Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue adaptation-rule)
Full Context
configure service vprn interface sap egress queue-override queue adaptation-rule
configure service vprn interface sap ingress queue-override queue adaptation-rule
Description
This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
Default
no adaptation-rule
Parameters
- pir
-
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
-
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
-
Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.
Platforms
All
adaptation-rule
Syntax
adaptation-rule pir adaptation-rule [cir {adaptation-rule}]
no adaptation-rule
Context
[Tree] (config>app-assure>group>policer adaptation-rule)
Full Context
configure application-assurance group policer adaptation-rule
Description
This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined option. To change the CIR adaptation rule only, the current PIR rule must be part of the command executed.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
Default
adaptation-rule pir closest cir closest
Parameters
- max
-
The operational PIR or CIR for the queue will be equal to or less than the administrative rate specified using the rate command.
- min
-
The operational PIR or CIR for the queue will be equal to or greater than the administrative rate specified using the rate command.
- closest
-
The operational PIR or CIR for the queue will be the rate closest to the rate specified using the rate command.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>qos>sap-egress>policer adaptation-rule)
[Tree] (config>qos>sap-ingress>policer adaptation-rule)
Full Context
configure qos sap-egress policer adaptation-rule
configure qos sap-ingress policer adaptation-rule
Description
This command is used to define how the policer’s configuration parameters are translated into the underlying hardware capabilities used to implement each policer instance. For instance, the configured rates for the policer need to be mapped to the timers and decrement granularity used by the hardware's leaky bucket functions that actually perform the traffic metering. If a rate is defined that cannot be exactly matched by the hardware, the adaptation-rule setting provides guidance for which hardware rate should be used.
The hardware also needs to adapt the given mbs and cbs values into the PIR bucket violate threshold (discard) and the CIR bucket exceed threshold (out-of-profile). The hardware may not have an exact threshold match that it can use. The system treats the mbs and cbs values as minimum threshold values.
The no form of this command is used to return the policer’s metering and profiling hardware adaptation rules to closest.
Parameters
- pir adaptation-rule
-
When the optional pir parameter is specified, the max, min, or closest keyword qualifier must follow.
- cir adaptation-rule
-
When the optional cir parameter is specified, the max, min, or closest keyword qualifier must follow.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule] [cir adaptation-rule] [fir {max | min | closest}]
no adaptation-rule
Context
[Tree] (config>qos>sap-ingress>queue adaptation-rule)
Full Context
configure qos sap-ingress queue adaptation-rule
Description
This command defines the method used by the system to derive the operational FIR, CIR and PIR settings when the queue is provisioned in hardware. For the FIR, CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir, cir and fir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR and PIR created by the application of the policy.
Default
adaptation-rule pir closest cir closest fir closest
Parameters
- pir adaptation-rule
-
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir adaptation-rule
-
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- fir
-
Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- max
-
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
-
Specifies that the operational rate for the queue will be equal to or greater than the requested rate.
- closest
-
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>qos>network-queue>hs-wrr-group adaptation-rule)
Full Context
configure qos network-queue hs-wrr-group adaptation-rule
Description
This command specifies how the system should resolve differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The min, max, and closest mutually exclusive keywords specify whether the next highest rate, next lowest rate, or closest rate should be selected by the system.
The no form of the command reverts to the default value.
Default
adaptation-rule pir closest
Parameters
- adaptation-rule
-
Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.
Platforms
7750 SR-7/12/12e
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>qos>sap-egress>hs-wrr-group adaptation-rule)
Full Context
configure qos sap-egress hs-wrr-group adaptation-rule
Description
This command specifies how the system resolves differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The mutually exclusive min, max, and closest keywords specify whether the next highest rate, next lowest, or closest rate should be selected by the system.
The no form of the command reverts to the default value.
Default
adaptation-rule pir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- adaptation-rule
-
Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.
Platforms
7750 SR-7/12/12e
adaptation-rule
Syntax
adaptation-rule [pir adaptation-rule]
no adaptation-rule
Context
[Tree] (config>qos>qgrps>egr>qgrp>hs-wrr-group adaptation-rule)
Full Context
configure qos queue-group-templates egress queue-group hs-wrr-group adaptation-rule
Description
This command specifies how the system should resolve differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The mutually exclusive min, max, and closest keywords specify whether the next highest rate, next lowest rate, or closest rate should be selected by the system.
The no form of the command reverts to the default value.
Default
adaptation-rule pir closest
Parameters
- adaptation-rule
-
Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.
Platforms
7750 SR-7/12/12e
adaptation-rule
Syntax
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
no adaptation-rule
Context
[Tree] (config>qos>queue-group-templates>egress>queue-group>policer adaptation-rule)
Full Context
configure qos queue-group-templates egress queue-group policer adaptation-rule
Description
This command defines the method used by the system to derive the operational CIR and PIR settings when the policer is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When configured on an egress HSQ queue group queue, the cir keywords are ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.
When a specific adaptation-rule is removed, the default constraints for pir and cir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.
Default
adaptation-rule pir closest cir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the policer’s PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the policer. When the pir parameter is not specified, the default constraint applies.
- cir
-
Defines the constraints enforced when adapting the policer’s CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the policer. When the cir parameter is not specified, the default constraint applies.
- max
-
Specifies that the operational rate for the policer will be equal to or less than the requested rate.
- min
-
Specifies that the operational rate for the policer will be equal to or greater than the requested rate.
- closest
-
Specifies that the operational rate for the policer will be the rate closest to the requested rate.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
adaptation-rule
Syntax
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}] [fir {max | min | closest}]
no adaptation-rule
Context
[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue adaptation-rule)
Full Context
configure qos queue-group-templates ingress queue-group queue adaptation-rule
Description
This command defines the method used by the system to derive the operational FIR, CIR and PIR settings when the queue is provisioned in hardware. For the FIR, CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir, cir and fir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR and PIR created by the application of the policy.
Default
adaptation-rule pir closest cir closest fir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default constraint applies.
- cir
-
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- fir
-
Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- max
-
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
-
Specifies that the operational rate for the queue will be equal to or greater than the requested rate.
- closest
-
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
no adaptation-rule
Context
[Tree] (config>qos>queue-group-templates>egress>queue-group>queue adaptation-rule)
Full Context
configure qos queue-group-templates egress queue-group queue adaptation-rule
Description
This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When configured on an egress HSQ queue group queue, the cir keywords are ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.
When a specific adaptation-rule is removed, the default constraints for pir and cir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.
Default
adaptation-rule pir closest cir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir
-
Defines the constraints enforced when adapting the queue's CIR defined. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- max
-
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
-
Specifies that the operational rate for the queue will be equal to or greater than the requested rate.
- closest
-
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
Platforms
All
adaptation-rule
Syntax
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}] [fir {max | min | closest}]
no adaptation-rule
Context
[Tree] (config>qos>network-queue>queue adaptation-rule)
Full Context
configure qos network-queue queue adaptation-rule
Description
This command defines the method used by the system to derive the operational FIR, CIR, and PIR settings when the queue is provisioned in hardware. For the FIR, CIR, and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When configured on an egress HSQ queue group queue, the cir keyword is ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation-rule is performed under the hs-wrr-group within the network queue policy.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR, and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for fir, cir, and pir apply.
Default
adaptation-rule pir closest cir closest fir closest
Parameters
- pir
-
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir
-
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- fir
-
Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational FIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- max
-
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
-
Specifies that the operational rate for the queue will be equal to or greater than the administrative rate specified using the rate command.
- closest
-
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
Platforms
All
adaptive
adaptive
Syntax
[no] adaptive
Context
[Tree] (config>router>mpls>lsp>primary adaptive)
[Tree] (config>router>mpls>lsp-template adaptive)
[Tree] (config>router>mpls>lsp>primary-p2mp-instance adaptive)
[Tree] (config>router>mpls>lsp adaptive)
[Tree] (config>router>mpls>lsp>secondary adaptive)
Full Context
configure router mpls lsp primary adaptive
configure router mpls lsp-template adaptive
configure router mpls lsp primary-p2mp-instance adaptive
configure router mpls lsp adaptive
configure router mpls lsp secondary adaptive
Description
This command enables the make-before-break functionality for an LSP or LSP path. When enabled for the LSP, make-before-break will be performed for primary path and all the secondary paths of the LSP.
The config>router>mpls>lsp>primary-p2mp-instance> adaptive command is not supported on the 7450 ESS.
Default
adaptive
Platforms
All
adaptive-load-balancing
adaptive-load-balancing
Syntax
adaptive-load-balancing [tolerance tolerance-value] [interval interval] [bandwidth-threshold percent]
no adaptive-load-balancing
Context
[Tree] (config>lag adaptive-load-balancing)
Full Context
configure lag adaptive-load-balancing
Description
This command enables adaptive load balancing between LAG links. The tolerance value defines the percentage threshold between the most and the least used link in the LAG. If the tolerance value is exceeded, adaptive load balancing optimizes traffic distribution between LAG links. The bandwidth threshold defines the minimum bandwidth percentage of the most loaded LAG port egress. If the bandwidth threshold value is exceeded, adaptive load balancing optimization is performed.
The no form of this command disables adaptive load balancing.
Default
no adaptive-load-balancing
Parameters
- tolerance-value
-
Specifies the allowed tolerance value expressed as a percentage.
- interval
-
Specifies the statistics pooling interval value, in seconds, for the LAG ports.
- percent
-
Specifies the bandwidth threshold expressed as a percentage.
Platforms
All
add
add
Syntax
add percent percentage [min-only] [ active-min-only]
add rate rate [min-only] [active-min-only]
no add
Context
[Tree] (config>qos>adv-config-policy>child-control>offered-measurement add)
Full Context
configure qos adv-config-policy child-control offered-measurement add
Description
This command is used to increase the measured rate of the policer or queue associated with the policy. The offered rate (capped by the administrative PIR configured on the queue or policer) is usually used unaltered by the parent virtual scheduler. The add command allows this measured rate to be increased by the specified amount or by a percentage of the administrative PIR. The resulting rate will not exceed the administrative PIR.
The parent scheduler uses the modified measured rate as the available work load for the queue or policer in determining how much bandwidth the child should receive from the bandwidth distribution algorithm.
One example of when an increase in the measured offered rate may be desired is when a queue or policer is handling VoIP traffic. A characteristic of VoIP is the step nature in how traffic is used. Each call typically adds a certain maximum amount to the overall load. By using the add command, the bandwidth required for the next added call may be included in the current measured rate. This allows the virtual scheduler to allocate sufficient bandwidth to the queue or policer so that when the call is made the scheduling algorithm does not need to run to increase the bandwidth.
A side effect of increasing the measured offered rate is that if the extra bandwidth is allocated by the virtual scheduler, the available bandwidth to lower priority queues or policers is diminished even though the extra allocated bandwidth may not be in use. If this is the case, the effect will be seen as an underrun in the aggregate output of the virtual scheduler.
If the add command is used with a percent-based value, the increase is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.
Except for the overall cap on the offered input into the virtual scheduler, the child’s administrative PIR has no effect on the calculated increase if an explicit rate is specified.
If the child’s administrative PIR is modified while a percent based add is in effect, the system automatically uses the new relative increase value the next time the child’s offered rate is determined.
When the add command is not specified or removed, the child’s offered rate used by the child’s virtual scheduler is not increased.
The no form of this command is used to remove an offered rate increase from all child policers and queues associated with the policy.
Parameters
- percent-of-admin-pir
-
When the percent qualifier is used, this parameter specifies the percentage of the child’s administrative PIR that should be added to the child’s offered rate. The new offered rate result is capped by the child’s PIR. If a value of 0 or 0.00 is used, the system interprets this equivalent to no add.
- rate-in-kilobits-per-second
-
When the rate qualifier is used, this parameter specifies an explicit rate, in kb/s, that should be added to the child’s offered rate. The new offered rate result is capped by the child’s PIR. If a rate increase of 0 is specified, the system interprets this equivalent to no add.
- min-only
-
This optional parameter is used to reinterpret the increase as a minimum offered rate. When this option is enabled, the system uses the specified increase as a minimum offered rate even for inactive queues or policers associated with the policy.
- active-min-only
-
When this optional parameter is specified, the respective rate or percentage is treated as the minimum offered rate for a queue only when the queue has an actual non-zero offered rate. This is intended to limit the artificial increase in offered rate to queues that are currently active. When a queue’s measured offered rate drops to zero, the system stops enforcing the minimum value.
Platforms
All
add-paths
add-paths
Syntax
[no] add-paths
Context
[Tree] (config>router>bgp>group>neighbor add-paths)
[Tree] (config>router>bgp add-paths)
[Tree] (config>router>bgp>group add-paths)
Full Context
configure router bgp group neighbor add-paths
configure router bgp add-paths
configure router bgp group add-paths
Description
This command allows the add-paths node to be the configured for one or more families of the BGP instance, a group or a neighbor. The BGP add-paths capability allows the router to send and/or receive multiple paths per prefix to/from a peer. The add-paths command without additional parameters is equivalent to removing Add-Paths support for all address families, which causes sessions that previously negotiated the add-paths capability for one or more address families to go down and come back up without the add-paths capability.
The no form of this command (no add-paths) removes add-paths from the configuration of BGP, the group or the neighbor, causing sessions established using add-paths to go down and come back up without the add-paths capability.
Default
no add-paths
Platforms
All
add-paths-send-limit
add-paths-send-limit
Syntax
add-paths-send-limit send-limit
no add-paths-send-limit
Context
[Tree] (config>router>policy-options>policy-statement>default-action add-paths-send-limit)
[Tree] (config>router>policy-options>policy-statement>entry add-paths-send-limit)
Full Context
configure router policy-options policy-statement default-action add-paths-send-limit
configure router policy-options policy-statement entry add-paths-send-limit
Description
This command sets the send-limit to a specific value for all routes matched by the policy entry or default action. Add-paths allows a BGP router to send multiple paths for the same NLRI/prefix to a peer advertising the add-paths receive capability. The send-limit dictates the maximum number of paths that can be advertised.
The default send-limit is controlled by the instance, group or neighbor level configuration and applies to all prefixes in a particular address family. Using route policies allows the default send-limit to be overridden to use a larger or smaller maximum value on a per-prefix basis. For example, if, for most prefixes advertised to a peer, at most 1 path should be advertised but for a few exceptional prefixes up to 4 paths should be advertised, then the neighbor-level send-limit can be set to a value of 1 and the add-paths-send-limit in the policy entry that matches the exceptional routes can be set to a value of 4.
Default
no add-paths-send-limit
Parameters
- send-limit
-
Specifies the maximum number of paths to advertise for matched routes to an Add-Paths peer. If the value is multipaths, then BGP advertises all of the used BGP multipaths for each matched route that is the best path for its prefix (NLRI). Add paths can be advertised only if the peer has signaled support for receiving multiple add paths.
Platforms
All
add-srv6-tlvs
add-srv6-tlvs
Syntax
add-srv6-tlvs locator locator-name
add-srv6-tlvs micro-segment-locator ms-locator-name
no add-srv6-tlvs
Context
[Tree] (config>router>bgp>srv6>family add-srv6-tlvs)
Full Context
configure router bgp segment-routing-v6 family add-srv6-tlvs
Description
This command adds a prefix SID attribute containing an SRv6 TLV to routes belonging to the family that are redistributed from another protocol into BGP. This command also adds a prefix SID attribute with SRv6 TLV to BGP routes received from other peers without the SRv6 TLV and that are propagated to other peers with next-hop-self applied.
The no form of this command reverts to the default value which does not append the SRv6 TLV.
Default
no add-srv6-tlvs
Parameters
- locator-name
-
Specifies an existing locator name, up to 64 characters.
- ms-locator-name
-
Specifies a micro-segment locator name, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
add-to-received-bgp
add-to-received-bgp
Syntax
add-to-received-bgp weight
no add-to-received-bgp
Context
[Tree] (config>service>vprn>bgp>group>neighbor>evpn-link-bandwidth add-to-received-bgp)
[Tree] (config>service>vprn>bgp>group>evpn-link-bandwidth add-to-received-bgp)
Full Context
configure service vprn bgp group neighbor evpn-link-bandwidth add-to-received-bgp
configure service vprn bgp group evpn-link-bandwidth add-to-received-bgp
Description
This command configures the weight value added to all BGP PE-CE routes for the purpose of weighted ECMP if EVPN-IFL and BGP PE-CE routes are combined into the same ECMP set.
For the load-balancing between EVPN-IFL and BGP PE-CE routes the configure service vprn bgp eibgp-loadbalance command must already be configured on the system.
The no form of this command disables the weight value added to all BGP PE-CE routes.
Default
no add-to-received-bgp
Parameters
- weight
-
Specifies the weight value added to all BGP PE-CE routes.
Platforms
All
add-to-received-ebgp
add-to-received-ebgp
Syntax
add-to-received-ebgp family [family]
no add-to-received-ebgp
Context
[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth add-to-received-ebgp)
[Tree] (config>service>vprn>bgp>group>link-bandwidth add-to-received-ebgp)
Full Context
configure service vprn bgp group neighbor link-bandwidth add-to-received-ebgp
configure service vprn bgp group link-bandwidth add-to-received-ebgp
Description
This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.
Up to three families may be configured.
The no form of this command removes the link-bandwidth extended community added to received BGP routes.
Default
no add-to-received-ebgp
Parameters
- family
-
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Platforms
All
add-to-received-ebgp
Syntax
add-to-received-ebgp family [family]
no add-to-received-ebgp
Context
[Tree] (config>router>bgp>group>neighbor>link-bandwidth add-to-received-ebgp)
[Tree] (config>router>bgp>group>link-bandwidth add-to-received-ebgp)
Full Context
configure router bgp group neighbor link-bandwidth add-to-received-ebgp
configure router bgp group link-bandwidth add-to-received-ebgp
Description
This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.
Up to six families may be configured.
The no form of this command removes the link-bandwidth extended community added to received BGP routes.
Default
no add-to-received-ebgp
Parameters
- family
-
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Platforms
All
add-tunnel
add-tunnel
Syntax
add-tunnel never
add-tunnel on reason [reason]
no add-tunnel
Context
[Tree] (config>service>vprn>l2tp>tunnel-selection-blacklist add-tunnel)
[Tree] (config>router>l2tp>tunnel-selection-blacklist add-tunnel)
Full Context
configure service vprn l2tp tunnel-selection-blacklist add-tunnel
configure router l2tp tunnel-selection-blacklist add-tunnel
Description
This command will force the tunnel to the denylist and render it unavailable for new sessions for the duration of preconfigured time. Peers are always forced to the denylist in case they time out (failure to receive response to control packets). In addition to time outs, certain events can be used to trigger placement of the tunnel on the denylist.
Default
add-tunnel never
Parameters
- never
-
When specified, no tunnels will be placed on the denylist under any circumstance. This parameter will available to preserve backward compatibility.
- reason
-
Specifies the return codes or events that determine which tunnels are added to the denylist. A maximum of eight reasons can be specified in a single statement.
Table 1. Return codes Return code
Tunnels added to denylist
cdn-err-code
A tunnel is forced to the denylist if that CDN message with the Result Code 2 (Call disconnected for the reasons indicated in error code) is received.
cdn-inv-dest
A tunnel is forced to the denylist if that CDN message with the Result Codes 6 (Invalid destination) is received.
cdn-tmp-no-facilities
A tunnel is forced to the denylist if that CDN message with the Result Code 4 is received (Call failed due to lack of appropriate facilities being available - temporary condition) is received.
cdn-perm-no-facilities
A tunnel is forced to the denylist if that CDN message with the Result Codes 5 (Call failed due to lack of appropriate facilities being available - permanent condition) is received.
tx-cdn-not-established-in-time
A tunnel is forced to the denylist if that CDN message with the Result Code 10 (Call was not established within time allotted by LAC) is sent from the LAC to the LNS.
stop-ccn-err-code
A tunnel is forced to the denylist if that StopCCN message with the Result Code 2 (General error – Error Code indicates the problem) is sent or received.
stop-ccn-other
A tunnel is forced to the denylist if that StopCCN message with the following Result Codes is received:
(1) General request to clear control connection
(4) Requester is not authorized to establish a control channel
(5) Protocol version not supported
(6) Requester is being shutdown
Or in the case that the StopCCN with the following result codes is transmitted:
(4) Requester is not authorized to establish a control channel.
(5) Protocol version not supported
The receipt of the following Result Codes will never denylist a tunnel:
(0) Reserved
(3) Control channel already exist
(7) Finite state machine error
(8) Undefined
Transmission of the following Result Codes will never denylist a tunnel:
(1) General request to clear control connection
(3) Control channel already exist
(6) Requester is being shutdown
(7) Finite state machine error
addr-change-timeout
A timed-out tunnel for which the peer IP address has changed mid-session (from the one that is provided initially during configuration) is forced to the denylist. In absence of this configuration option, only the configured peer for the tunnel is, but not the tunnel itself which now has a different peer address than the one initially configured.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
address
Syntax
address gi-address [scope scope]
address ip-address[/prefix-length]
address pool pool-name [secondary-pool sec-pool-name] [delimiter delimiter]
address use-pool-from-client [delimiter delimiter]
no address
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host address)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host address)
Full Context
configure subscriber-mgmt local-user-db ppp host address
configure subscriber-mgmt local-user-db ipoe host address
Description
This command configures how the IP address is defined for this host.
When the user database is used from a local DHCP server, then this command defines how to define the IP address the server offers to the DHCP-client.
When the user-db is used for PPPoE authentication, the gi-address parameter cannot be used. A fixed IP address causes PPPoE to use this IP address. If no IP address is specified, the PPPoE looks for IP address by other means (DHCP). If a pool name is given, this pool is sent in the DHCP request so it can be used in by the DHCP server to determine which address to give to the host.
The no form of this command causes no IP address to be assigned to this host. In a user database referred to from a local DHCP server, creating a host without address information causes the matching client never to get an IP address.
The no form of this command reverts to the default.
Parameters
- gi-address
-
When specified, the gi-address of the DHCP message is taken to look for a subnet in the local DHCP server. The first available free address of the subnet is taken and "offered” to the host. When local-user-db is used for PPPoE authentication, this has the same result as no address.
- ip-address
-
Specifies the fixed IP address to use for this host.
- pool-name/sec-pool-name
-
Specifies the primary (and secondary) pool (in the local DHCP server), up to 32 characters, to look for an available address. The first available IP address from any subnet in the pool is used. When the local user database is used for PPPoE authentication, this causes the specified pool name to be sent to the DHCP server in a vendor-specific sub-option under Option 82.
- use-pool-from-client
-
Use the pool-name in the Option 82 vendor-specific sub-option.
- delimiter
-
Specifies a single ASCII character specifies the delimiter of separating primary and secondary pool names in option82 VSO.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
no address ipv6-address/prefix-length
Context
[Tree] (config>service>vprn>if>ipv6 address)
[Tree] (config>service>ies>if>ipv6 address)
Full Context
configure service vprn interface ipv6 address
configure service ies interface ipv6 address
Description
This command assigns an IPv6 address/subnet to the interface.
Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces.
Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.
The no form of this command removes the IPv6 address from the interface.
Parameters
- ipv6-address/prefix-length
-
Specifies the IPv6 address on the interface.
- eui-64
-
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.
- srrp-instance
-
Specifies the SRRP instance ID that this interface route needs to track.
- cga-modifier
-
Specifies the modifier in 32 hexadecimal nibbles.
- dad-disable
-
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.
- primary-preference
-
Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.
When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.
The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.
Platforms
All
address
Syntax
address ipv6-address/prefix-length [pd] [wan-host] [track-srrp srrp-instance] [holdup-time milli-seconds]
no address ipv6-address/prefix-length
Context
[Tree] (config>service>ies>sub-if>ipv6 address)
[Tree] (config>service>vprn>sub-if>ipv6 address)
Full Context
configure service ies subscriber-interface ipv6 address
configure service vprn subscriber-interface ipv6 address
Description
This command assigns an IPv6 address/subnet to the subscriber interface.
SRRP and an IPv6 Global Unicast Address on a subscriber interface are mutual exclusive:
-
track-srrp cannot be enabled on a subscriber interface ipv6 address
-
when an ipv6 address is configured on a subscriber interface, SRRP cannot be enabled on its group interfaces
The no form of this command removes the IPv6 address from the interface.
Parameters
- ipv6-address
-
Specifies the 128-bit IPv6 address.
- prefix-length
-
Specifies the length of any associated aggregate prefix.
- pd
-
Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.
- wan-host
-
Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.
- srrp-instance
-
Specifies the SRRP instance number.
- milli-seconds
-
Specifies the time to wait, in milli-seconds, for the route before it accepts the new state attribute. This timer is used to prevent fluctuations in route advertisement caused by short lived SRRP instabilities, in the case that such condition arises.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address ip-prefix/ip-prefix-length [peer-profile profile-name]
no address ip-prefix/ip-prefix-length
Context
[Tree] (config>service>vprn>gtp>uplink>peer-profile-map address)
[Tree] (config>service>vprn>gtp>s11>peer-profile-map address)
[Tree] (config>router>gtp>uplink>peer-profile-map address)
[Tree] (config>router>gtp>s11>peer-profile-map address)
Full Context
configure service vprn gtp uplink peer-profile-map address
configure service vprn gtp s11 peer-profile-map address
configure router gtp uplink peer-profile-map address
configure router gtp s11 peer-profile-map address
Description
This command configures a mapping of an IP address or subnet to a peer profile. If one peer profile is used for the entire router, it is possible to map the entire IPv4 subnet using 0.0.0.0/0.
If no match is found, the default or default S11 peer profile is used.
The no form of this command removes the peer profile mapping, affecting only the setup of new peers.
Parameters
- ip-prefix/ip-prefix-length
-
Specifies the IP prefix and prefix length of the subnet.
- profile-name
-
Specifies the GTP peer profile associated with the address prefix, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address [ip-address | ipv6-address]
no address
Context
[Tree] (config>aaa>diam>node>peer address)
Full Context
configure aaa diameter node peer address
Description
This command configures IPv4 or IPv6 address for a Diameter peer.
The no form of this command removes the IPv4 or IPv6 from the peer configuration.
Parameters
- ip-address
-
Specifies the IPv4 address in the a.b.c.d form
- ipv6-address
-
Specifies the IPv6 address in the form:
x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
where:
x - [0..FFFF]H
d - [0 to 255] D
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] [track-srrp srrp-instance]
no address [ip-address/mask | ip-address netmask]
Context
[Tree] (config>service>vprn>nw-if address)
[Tree] (config>service>ies>if address)
[Tree] (config>service>vprn>if address)
Full Context
configure service vprn network-interface address
configure service ies interface address
configure service vprn interface address
Description
This command assigns an IP address, IP subnet, and broadcast address format to an IES IP router interface. Only one IP address can be associated with an IP interface. Use the secondary command to assign multiple addresses.
An IP address must be assigned to each IES or VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
Address |
Admin State |
Oper State |
---|---|---|
No address |
up |
down |
No address |
down |
down |
1.1.1.1 |
up |
up |
1.1.1.1 |
down |
down |
The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface are reinitialized.
The no form of this command removes the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.
Parameters
- ip-address
-
Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
- /
-
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
- mask-length
-
Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.
Note:A mask length of 32 is reserved for loopback addresses (includes system addresses).
- mask
-
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254.
Note:A mask of 255.255.255.255 is reserved for system IP addresses.
- broadcast
-
Overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) is received by the IP interface.
- all-ones
-
Specifies the broadcast address used by the IP interface for this IP address is 255.255.255.255, also known as the local broadcast.
- host-ones
-
Specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.
The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.
- srrp-instance
-
Tracks the specified SRRP instance state on the IPv6 address.
Platforms
All
address
Syntax
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
Context
[Tree] (config>service>vprn>red-if address)
Full Context
configure service vprn redundant-interface address
Description
This command assigns an IP address mask or netmask and a remote IP address to the interface.
The no form of this command removes the values from the configuration.
Parameters
- ip-address/mask
-
Assigns an IP address/IP subnet format to the interface.
- ip-address netmask
-
Assigns an IP address netmask to the interface. Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
- remote-ip ip-address
-
Assigns a remote IP to the interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address ip-address/mask [netmask] [ gw-ip-address gw-ip-address] [populate-host-routes] [track-srrp srrp-instance] [holdup-time milli-seconds]
no address ip-address/mask [netmask]
Context
[Tree] (config>service>vprn>sub-if address)
[Tree] (config>service>ies>sub-if address)
Full Context
configure service vprn subscriber-interface address
configure service ies subscriber-interface address
Description
This command configures the subscriber interface address along with additional parameters related to multi-chassis redundancy.
The no form of this command reverts to the default.
Parameters
- ip-address
-
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
- /
-
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
- mask
-
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical AND function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254.
Note:A mask of 255.255.255.255 is reserved for system IP addresses.
- netmask
-
The subnet mask in dotted decimal notation.
- gw-ip-address
-
Specifies a separate IP address within the subnet for SRRP routing purposes. This parameter must be followed by a valid IP interface that exists within the subscriber subnet created by the address command. The defined gateway IP address cannot currently exist as a subscriber host (static or dynamic). If the defined ip-address already exists as a subscriber host address, the address command will fail. The specified ip-address must be unique within the system.
The gw-ip-address parameter may be specified at any time. If the subscriber subnet was created previously, executing the address command with a gw-ip-address parameter will simply add the SRRP gateway IP address to the existing subnet.
If the address command is executed without the gw-ip-address parameter when the subscriber subnet is associated with an active SRRP instance, the address will fail. If the SRRP instance is inactive or removed, executing the address command without the gw-ip-address parameter removes the SRRP gateway IP address from the specified subscriber subnet.
If the address command is executed with a new GW address, all SRRP instances associated with the specified subscriber subnet is updated with the new SRRP gateway IP address.
- populate-host-routes
-
Specifies to populate subscriber-host routes in local FDB. Storing them in FDB benefits topologies only where the external router advertises more specific routes than the one corresponding to locally configured subscriber-interface subnets.
- milli-seconds
-
Specifies the time to wait, in milli-seconds, for the route before it accepts the new state attribute. This timer is used to prevent fluctuations in route advertisement caused by short lived SRRP instabilities, in the case that such condition arises.
- srrp-inst
-
Enables the subscriber interface route to track the SRRP state of the specified SRRP instance. The route updates its state attribute to reflect the state of SRRP instance:
-
Master = srrp-master
-
Any other = srrp-non-master
Routing policy can be applied towards the state attribute in order to customize the advertisement of the route. Only one SRRP instance can be tracked per subscriber interface route. Tracked SRRP instance can be part of the Fate Sharing Group. This command can be enabled at any time.
-
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address [ip-address | ipv6-address]
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw address)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw address)
Full Context
configure service ies subscriber-interface group-interface wlan-gw address
configure service vprn subscriber-interface group-interface wlan-gw address
Description
This command configures an IPv4 or IPv6 address of a WLAN Gateway.
The no form of this command removes the IPv4 or IPv6 address from the configuration.
Parameters
- ip-address
-
Specifies up to four IPv4 addresses.
- ipv6-address
-
Specifies up to six gateway IPv6 endpoint addresses.
- ipv6-address
-
Specifies up to six IPv6 addresses.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address ip-address [/mask] [netmask]
no address
Context
[Tree] (config>service>vpls>interface address)
Full Context
configure service vpls interface address
Description
This command assigns an IP address, IP subnet, and broadcast address format to an IES IP router interface. Only one IP address can be associated with an IP interface.
An IP address must be assigned to each IES IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
Use the no form of this command to remove the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.
Address |
Admin State |
Oper State |
---|---|---|
No address |
up |
down |
No address |
down |
down |
1.1.1.1 |
up |
up |
1.1.1.1 |
down |
down |
The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.
Parameters
- ip-address
-
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP netmask
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 to 255.255.255.254. A mask of 255.255.255.255 is reserved for system IP addresses.
Platforms
All
address
Syntax
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
Context
[Tree] (config>service>ies>redundant-interface address)
Full Context
configure service ies redundant-interface address
Description
This command assigns an IP address mask or netmask and a remote IP address to the interface.
Parameters
- ip-address/mask
-
Assigns an IP address/IP subnet format to the interface.
- ip-address netmask
-
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
Assigns an IP address netmask to the interface.
- remote-ip ip-address
-
Assigns a remote IP to the interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address ip-address
no address
Context
[Tree] (config>service>vprn>log>syslog address)
Full Context
configure service vprn log syslog address
Description
This command adds the syslog target host IP address to/from a syslog ID.
The ip-address parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.
Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.
The same syslog target host can be used by multiple log IDs.
The no form of this command removes the syslog target host IP address.
Default
no address
Parameters
- ip-address
-
Specifies the IP address of the syslog target host in dotted decimal notation.
Platforms
All
address
Syntax
[no] address ipv6-address
Context
[Tree] (config>service>vprn>nat>inside>dslite address)
Full Context
configure service vprn nat inside dual-stack-lite address
Description
This command configures a DS-Lite IPv6 address
The no form of this command removes the value from the configuration.
Parameters
- ipv6-address
-
Specifies the IPv6 address on the interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address ip-address
Context
[Tree] (config>service>vprn>radius-proxy>server>wlan-gw address)
[Tree] (config>router>radius-proxy>server>wlan-gw address)
Full Context
configure service vprn radius-proxy server wlan-gw address
configure router radius-proxy server wlan-gw address
Description
This command configures the IPv4 address of the distributed RADIUS proxy server for use by the access points.
The no form of this command removes the address from the configuration.
Parameters
- ip-address
-
Specifies the destination IPv4 address of the RADIUS proxy server.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address ip-address/mask
Context
[Tree] (config>service>vprn>nat>inside>l2-aware address)
Full Context
configure service vprn nat inside l2-aware address
Description
This command configures a Layer 2-aware NAT address. This address will act as a local address of the system. Hosts connected to the inside service will be able to ARP for this address. To verify connectivity, a host can also ping the address. This address is typically used as next hop of the default route of a Layer 2-aware host. The given mask defines a Layer 2-aware subnet. The (inside) IP address used by a Layer 2-aware host must match one of the subnets defined here or it will be rejected.
Parameters
- ip-address
-
Specifies the IP address in a.b.c.d format.
- mask
-
Specifies the mask.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address ip-address
Context
[Tree] (config>service>vprn>pim>rp>rp-candidate address)
[Tree] (config>service>vprn>pim>rp>bsr-candidate address)
Full Context
configure service vprn pim rp rp-candidate address
configure service vprn pim rp bsr-candidate address
Description
This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.
Use the no form of this command to remove the static RP from the configuration.
Default
No IP address is specified.
Parameters
- ip-address
-
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Platforms
All
address
Syntax
[no] address ipv6-address
Context
[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate address)
[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate address)
Full Context
configure service vprn pim rp ipv6 bsr-candidate address
configure service vprn pim rp ipv6 rp-candidate address
Description
This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.
Use the no form of this command to remove the static RP from the configuration.
Default
No IP address is specified.
Parameters
- ipv6-address
-
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Platforms
All
address
Syntax
[no] address ip-address
Context
[Tree] (config>service>vprn>pim>rp>static address)
Full Context
configure service vprn pim rp static address
Description
This command configures the static rendezvous point (RP) address.
The no form of this command removes the static RP entry from the configuration.
Platforms
All
address
Syntax
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
Context
[Tree] (config>service>vprn>redundant-interface address)
Full Context
configure service vprn redundant-interface address
Description
This command assigns an IP address mask or netmask and a remote IP address to the interface.
Parameters
- ip-address/mask
-
Assigns an IP address/IP subnet format to the interface.
- ip-address netmask
-
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
Assigns an IP address netmask to the interface.
- remote-ip ip-address
-
Assigns a remote IP to the interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address ip-address
no address
Context
[Tree] (config>app-assure>group>evt-log>syslog address)
Full Context
configure application-assurance group event-log syslog address
Description
This command configures the target syslog host IP address.
Default
no address
Parameters
- ip-address
-
Specifies the IP address of the target syslog host, either IPv4 or IPv6.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address {ip-address/mask | ip-address netmask}
no address [ip-address/mask | ip-address netmask]
Context
[Tree] (config>service>ies>aa-interface address)
[Tree] (config>service>vprn>aa-interface address)
Full Context
configure service ies aa-interface address
configure service vprn aa-interface address
Description
This command assigns an IP address to the interface.
Default
no address
Parameters
- ip-address/mask
-
Specifies an IP address/IP subnet format to the interface.
- ip-address netmask
-
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
- create
-
Keyword that specifies to create the interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
address prefix ip-prefix/ip-prefix-len
address from begin-ip-address to end-ip-address
no address
Context
[Tree] (config>ipsec>ts-list>local>entry address)
[Tree] (config>ipsec>ts-list>remote>entry address)
Full Context
configure ipsec ts-list local entry address
configure ipsec ts-list remote entry address
Description
This command specifies the address range in the IKEv2 traffic selector.
Default
no address
Parameters
- ip-prefix/ip-prefix-len
-
Specifies the IP prefix and subnet mask.
- begin-ip-address
-
Specifies the beginning address of the range for this entry.
- end-ip-address
-
Specifies the ending address of the range for this entry.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address ipv6-address
Context
[Tree] (config>router>nat>inside>dual-stack-lite address)
Full Context
configure router nat inside dual-stack-lite address
Description
This command configures a DS-Lite IPv6 address.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address ip-address/mask
Context
[Tree] (config>router>nat>inside address)
Full Context
configure router nat inside address
Description
This command configures the IP address and mask of the subnet.
The no form of the command removes the IP address and prefix length from the configuration.
Parameters
- ip-address/mask
-
Specifies the IP address and mask of the subnet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address
Syntax
[no] address ip-address/mask
Context
[Tree] (config>service>ies>video-interface address)
[Tree] (config>service>vprn>video-interface address)
Full Context
configure service ies video-interface address
configure service vprn video-interface address
Description
This command assigns an IP address to the video interface within the service. Video interface IP addresses are used by video service clients to direct requests for video server services. Up to 16 IP address/subnets can be defined. The addresses defined must all be distinct and cannot be contained within a previously defined address.
The no form of the command deletes the IP address/subnet from the video interface.
Parameters
- ip-address
-
Specifies the IP address/subnet of the video interface in dotted decimal notation.
- mask
-
Specifies the subnet mask length for the IP address expressed as an integer.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
address
Syntax
address ip-address
no address
Context
[Tree] (config>router>pim>rp>bsr-candidate address)
Full Context
configure router pim rp bsr-candidate address
Description
This command configures the candidate BSR IP address. This address is for Bootstrap router election.
The no form of this command removes the IP address from the BSR candidate configuration.
Default
no address
Parameters
- ip-address
-
Specifies the IP host address used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Platforms
All
address
Syntax
address ipv6-address
no address
Context
[Tree] (config>router>pim>rp>ipv6>bsr-candidate address)
Full Context
configure router pim rp ipv6 bsr-candidate address
Description
This command configures the candidate BSR IPv6 address. This address is for Bootstrap router election.
The no form of this command removes the IPv6 address from the BSR candidate configuration.
Default
no address
Parameters
- ipv6-address
-
Specifies the IPv6 host address used by the interface within the subnet.
Platforms
All
address
Syntax
address ipv6-address
no address
Context
[Tree] (config>router>pim>rp>ipv6>rp-candidate address)
Full Context
configure router pim rp ipv6 rp-candidate address
Description
This command configures the local IPv6 RP address. This address is sent in the RP candidate advertisements to the bootstrap router.
The no form of this command removes the IPv6 address from the RP candidate configuration.
Default
no address
Parameters
- ipv6-address
-
Specifies the IPv6 RP address.
Platforms
All
address
Syntax
address ip-address
no address
Context
[Tree] (config>router>pim>rp>rp-candidate address)
Full Context
configure router pim rp rp-candidate address
Description
This command configures the local RP address. This address is sent in the RP candidate advertisements to the bootstrap router.
The no form of this command removes the IP address from the RP candidate configuration.
Default
no address
Parameters
- ip-address
-
Specifies the ip-address.
Platforms
All
address
Syntax
address ip-address
no address
Context
[Tree] (config>router>pim>rp>ipv6>static address)
[Tree] (config>router>pim>rp>static address)
Full Context
configure router pim rp ipv6 static address
configure router pim rp static address
Description
This command configures the Rendezvous Point (RP) address that should be used by the router for the range of multicast groups configured by the range command.
The no form of this command removes the IP address from the static configuration.
Parameters
- ip-address
-
Specifies the static IP address of the RP. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Platforms
All
address
Syntax
address ipv4-address
no address
Context
[Tree] (config>li>x-interfaces>lics>lic address)
Full Context
configure li x-interfaces lics lic address
Description
This command configures the IP address of this LIC.
The no form of this command reverts to the default.
Parameters
- ipv4-address
-
Specifies the IPv4 address of the LIC.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address
Syntax
address ipv4-address
no address
Context
[Tree] (config>li>x-interfaces>x1 address)
Full Context
configure li x-interfaces x1 address
Description
This command configures the X1 interface IP address that must match an IP address configured on the router.
The no form of this command reverts to the default.
Parameters
- ipv4-address
-
Specifies the IPv4 address of the LIC.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address
Syntax
address ipv4-address
no address
Context
[Tree] (config>li>x-interfaces>x2 address)
Full Context
configure li x-interfaces x2 address
Description
This command configures the X2 interface IP address that must match an IP address configured on the router.
The no form of this command reverts to the default.
Parameters
- ipv4-address
-
Specifies the IPv4 address of the LIC.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address
Syntax
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] [track-srrp srrp-instance] [gre-termination]
no address
Context
[Tree] (config>router>if address)
Full Context
configure router interface address
Description
This command assigns an IP address, IP subnet, and broadcast address format to an IP interface. Only one IP address can be associated with an IP interface. Use the secondary command to assign additional addresses.
An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.
From Release 19.10, The overlap restriction is not applicable for host-addresses configured on loopback interfaces. For example, a loopback interface addresses configured with mask of 32 or netmask of 255.255.255.255 can overlap with other prefixes on other IP interfaces in the same routing context within the router.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. Show commands display CIDR notation and are stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
The no form of this command removes the IP address assignment from the IP interface. Interface specific configurations for MPLS are also removed. This will operationally stop any MPLS LSPs that explicitly reference that IP address. When a new IP address is configured, interface specific configurations for MPLS need to be added. IEEE 1588 port based timestamping configured with ptp-hw-assist is also disabled.
Default
no address
Parameters
- ip-address
-
Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
- /
-
The forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted decimal mask must follow the prefix.
- mask
-
Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1— 32. A mask length of 32 is reserved for system IP addresses.
- netmask
-
Specifies the subnet mask in dotted decimal notation.
- broadcast
-
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.
The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
- all-ones
-
The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
- host-ones
-
Specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the netmask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface.
- srrp-instance
-
Specifies the SRRP instance ID that this interface route needs to track.
- gre-termination
-
The optional gre-termination keyword allows GRE SDP tunnel packets to terminate on the router interface using the /31 value of the configured IP address. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Services Overview Guide for information about using gre-termination.
Platforms
All
address
Syntax
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
no address ipv6-address/prefix-length
Context
[Tree] (config>router>if>ipv6 address)
Full Context
configure router interface ipv6 address
Description
This command assigns an IPv6 address to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces.
Configurations must not exceed 16 IPv6 addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.
A global IPv6 address together with the prefix-length create a locally configured interface IPv6 prefix and subnet. The defined global IP prefix must be unique within the context of a routing instance. It cannot overlap with any other existing global IP prefix defined on another IP interface within the same routing context in the router.
This overlap restriction is not applicable for IPv6 host addresses configured on loopback interfaces. For example, an IPv6 loopback host address configured upon a loopback interface may overlap with another prefix subnet configured on another IP interface within the same routing context.
Parameters
- ipv6-address/prefix-length
-
Specifies the IPv6 address on the interface.
- eui-64
-
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example POS interfaces, the Base MAC address of the chassis should be used.
- srrp-instance
-
Indicates the unique identifier of the tracked SRRP instance.
- cga-modifier
-
Sets the modifier for cryptographically-assigned addresses.
- dad-disable
-
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.
- primary-preference
-
Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.
When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.
The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.
- srrp
-
Tracks the specified SRRP instance state on the IPv6 address.
Platforms
All
address
Syntax
[no] address ip-prefix/ip-prefix-length [active | standby | standby/A | standby/B | standby/C | standby/D]
Context
[Tree] (bof address)
Full Context
bof address
Description
This command assigns an IP address to the management Ethernet port on a CPM. The IP addresses are applied by the boot loader and the running image. The active and standby IP addresses must be on the same subnet.
On all systems except the 7950 XRS-40, an address must be assigned with the active keyword and for systems with a redundant CPM an additional address may be assigned with the standby keyword. The active address is used by the active CPM whether its CPM A or CPM B and the standby address, if specified, is used by the standby CPM whether its CPM B or CPM A.
For the 7950 XRS-40, if the extension chassis shall boot from local compact flash then an active and standby address should be defined for use by the master chassis as defined above.
For the 7950 XRS-40, if the extension chassis shall boot from remote URL, then it is required to assign addresses to the management Ethernet ports for CPM C and CPM D. In this case, the BOF should be updated to have addresses defined using the standby/A, standby/B, standby/C, and standby/D keywords in addition to an address using the active keyword. With these keywords, CPM A shall always use the address defined using the standby/A address when CPM A is running as the standby CPM. Similarly, CPM B shall always use the address defined using the standby/B address when CPM B is running as the standby CPM. The active CPM of CPM A and CPM B shall use the address defined using the active keyword.
Deleting a BOF address entry is not allowed from a remote session.
Note that changing the active and standby addresses without reboot standby CPM may cause a boot-env sync to fail.
The no form of this command deletes the IP address from the CPM Ethernet port.
Parameters
- ip-prefix/ip-prefix-length
-
Specifies the destination address of the aggregate route in dotted decimal notation.
- active | standby | standby/A | standby/B | standby/C | standby/D
-
specifies which CPM Ethernet address is being configured
Platforms
All
address
Syntax
address {01:1b:19:00:00:00| 01:80:c2:00:00:0e}
Context
[Tree] (config>system>ptp>port address)
Full Context
configure system ptp port address
Description
This command allows for the specification of the mac-address to be used for the destination MAC address of the transmitted ptp messages.
IEEE Std 1588-2008 Annex F defines two reserved addresses for 1588 messages. These are:
-
01-1B-19-00-00-00 — all except the peer delay mechanism messages
-
01-80-C2-00-00-0E — peer delay mechanism messages
Both addresses are supported for reception independent of the address configured by this command.
The no form of this command sets the address to the default address.
Default
address 01-1B-19-00-00-00
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address
Syntax
address ip-address
no address
Context
[Tree] (config>log>syslog address)
Full Context
configure log syslog address
Description
This command adds the syslog target host IP address to/from a syslog ID.
This parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.
Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.
The same syslog target host can be used by multiple log IDs.
The no form of this command removes the syslog target host IP address.
Default
no address
Parameters
- ip-address
-
Specifies the IP address of the syslog target host in dotted decimal notation. An IPv6-address applies only to the 7750 SR.
Platforms
All
address
Syntax
address ip-address [port port]
no address
Context
[Tree] (config>system>security>ldap>server address)
Full Context
configure system security ldap server address
Description
This command configures the IPv4 or IPv6 address for the LDAP server.
The no version of this command removes the server address.
Parameters
- ip-address
-
The IP address of the LDAP server.
- port
-
Specifies the port ID. The port is the LDAP server listening port; by default it is 389 but if the listening port on LDAP server is changed, this command needs to be configured accordingly.
Platforms
All
address
Syntax
address ip-address
no address
Context
[Tree] (config>service>vprn>static-route-entry>next-hop>backup-next-hop address)
[Tree] (config>router>static-route-entry>next-hop>backup-next-hop address)
Full Context
configure service vprn static-route-entry next-hop backup-next-hop address
configure router static-route-entry next-hop backup-next-hop address
Description
This command specifies the backup IP forwarding address that is used for static route Fast ReRoute (FRR). The configured address, if reachable, acts as pre-installed backup forwarding information that can be used when the primary IP next-hop suddenly fails.
The configured backup next-hop IP address can be directly or indirectly connected (using an IGP or tunnel) to the node. The backup next-hop forwarding information or the Next-hop Label Forwarding Entry (NHLFE) tunnel forwarding information from the IP Routing Table Manager (RTM) is used to preconfigure an IP fast-reroute backup path.
One backup next-hop address can protect a single primary static route entry next-hop address without ECMP and it is only activated when the primary next-hop has no active ECMP.
The configured IP address can be either on the network or the access side.
By default, there is no backup next-hop address configured.
The no form of this command deletes the backup next-hop address entry.
Parameters
- ip-address
-
Specifies the backup IP forwarding address.
Platforms
All
address
Syntax
[no] address ip-address [:port]
Context
[Tree] (config>app-assure>group>cflowd>direct-export>collector address)
Full Context
configure application-assurance group cflowd direct-export collector address
Description
This command configures the Cflowd direct export collector remote address. Two addresses can be configured for each collector for redundancy. AA sends the same records to both at the same time.
The no form of this command removes the address from the configuration
Parameters
- ip-address
-
Specifies the IP address of the Cflowd direct export collector, in the a.b.c.d format.
- port
-
Specifies the port of the Cflowd direct export collector.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address-avp
address-avp
Syntax
[no] address-avp
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp address-avp)
Full Context
configure subscriber-mgmt diameter-application-policy gy include-avp address-avp
Description
This command includes the following subscriber host/session address/prefix AVPs in all Diameter DCCA CCR messages:
-
[8] Framed-IP-Address
-
[97] Framed-IPv6-Prefix
-
[123] Delegated-IPv6-Prefix
-
[6527-99] Alc-IPv6-Address
Note: Only the address/prefix of the subscriber host that triggered the creation of the Diameter Gy session is included.
The no form of this command removes the address AVPs from the Diameter DCCA CCR messages.
Default
address-avp
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address-pooling
address-pooling
Syntax
[no] address-pooling {paired | arbitrary}
Context
[Tree] (config>router>nat>outside>pool address-pooling)
Full Context
configure router nat outside pool address-pooling
Description
This command configures address pooling to allocate outside ports for a NAT subscriber in relation to the outside IP address.
The behavior in NAT, as defined in RFC 7857, §4, allows the subscriber to be mapped to a single outside IP address and allows for outside ports always to be allocated from that same outside IP address. If this outside IP address becomes exhausted of ports, no new ports for the subscriber can be allocated. This behavior is called paired address pooling.
The alternative behavior is arbitrary address pooling, where a NAT subscriber is mapped to an alternate IP address when the current outside IP address runs out of ports. This way, the subscriber becomes associated with multiple outside IP addresses. While this results in better resource utilization in NAT, it may negatively affect the behavior of some applications.
Default
address-pooling paired
Parameters
- paired
-
Specifies that the subscriber can allocate ports from a single outside IP address. When this IP address runs out of the ports, the subscriber is denied allocation of new ports.
- arbitrary
-
Specifies that the subscriber can allocate ports from multiple outside IP addresses.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address-pref
address-pref
Syntax
address-pref {ipv4-only | ipv6-first}
no address-pref
Context
[Tree] (config>system>dns address-pref)
Full Context
configure system dns address-pref
Description
This command configures the DNS address resolving order preference. By default, DNS names are queried for A-records only (address-preference is IPv4-only).
If the address-preference is set to IPv6-first, the DNS server will be queried for AAAA-records (IPv6) first and if a successful replied is not received, then the DNS server is queried for A-records. IPv6 applies only to the 7750 SR and 7950 XRS.
Default
address-pref ipv4-only
Platforms
All
address-range
address-range
Syntax
no address-range start-ip-address end-ip-address [failover {local | remote | access-driven}]
no address-range start-ip-address end-ip-address
Context
[Tree] (config>router>dhcp>server>pool>subnet address-range)
[Tree] (config>service>vprn>dhcp>server>pool address-range)
Full Context
configure router dhcp local-dhcp-server pool subnet address-range
configure service vprn dhcp server pool address-range
Description
This command configures a range of IP addresses to be served from the pool. All IP addresses between the start and end IP addresses are included (other than specific excluded addresses).
The no form of this command removes the address-range parameters from the configuration.
Parameters
- start-ip-address
-
Specifies the start address of this range to include. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
- end-ip-address
-
Specifies the end address of this range to include. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
- local
-
Specifies that the local DHCP server has the ownership of this dress range in a redundant setup under normal operation.
- remote
-
Specifies that the remote DHCP server has the ownership of this address range in a redundant setup under normal operation.
- access-driven
-
Specifies that the DHCP server failover system is in control by the access protection mechanisms (SRRP or MC-LAG).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address-range
Syntax
address-range start-ip-address end-ip-address [create]
no address-range start-ip-address end-ip-address
Context
[Tree] (config>service>vprn>nat>outside>pool address-range)
[Tree] (config>router>nat>outside>pool address-range)
Full Context
configure service vprn nat outside pool address-range
configure router nat outside pool address-range
Description
This command configures a NAT address range.
Parameters
- start-ip-address
-
Specifies the beginning IP address in a.b.c.d form.
- end-ip-address
-
Specifies the ending IP address in a.b.c.d. form.
- create
-
This parameter must be specified to create the address range instance
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address-range
Syntax
address-range start ipv4-address end ipv4-address
no address-range
Context
[Tree] (config>li>x-interfaces>x3 address-range)
Full Context
configure li x-interfaces x3 address-range
Description
This command configures the range of IP addresses to use for the X3 interface. The number of addresses should correspond to the number of ISAs used for the x-interface application.
The no form of this command reverts to the default.
Parameters
- ipv4-address
-
Specifies an IPv4 address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address-source
address-source
Syntax
address-source router router-instance dhcp-server local-dhcp4-svr-name pool dhcp4-server-pool [secondary-pool secondary-pool-name]
address-source service-name service-name dhcp-server local-dhcp4-svr-name pool dhcp4-server-pool [secondary-pool secondary-pool-name]
address-source router router-instance dhcp-server local-dhcp6-svr-name pool dhcp6-server-pool
address-source service-name service-name dhcp-server local-dhcp6-svr-name pool dhcp6-server-pool
no address-source
Context
[Tree] (config>service>vprn>if>sap>ipsec-gw>lcl-addr-assign>ipv6 address-source)
[Tree] (config>service>vprn>if>sap>ipsec-gw>lcl-addr-assign>ipv4 address-source)
[Tree] (config>service>ies>if>sap>ipsec-gw>lcl-addr-assign>ipv4 address-source)
[Tree] (config>service>ies>if>sap>ipsec-gw>lcl-addr-assign>ipv6 address-source)
Full Context
configure service vprn interface sap ipsec-gw local-address-assignment ipv6 address-source
configure service vprn interface sap ipsec-gw local-address-assignment ipv4 address-source
configure service ies interface sap ipsec-gw local-address-assignment ipv4 address-source
configure service ies interface sap ipsec-gw local-address-assignment ipv6 address-source
Description
This command specifies the IPv4 or IPv6 source of the local address assignment for the IPsec gateway, which is a pool of a local DHCPv4 or DHCPv6 server. The system will assign an internal address to an IKEv2 remote-access client from the specified pool.
Beside the IP address, netmask and DNS server can also be returned. For IPv4, the netmask and DNS server address can be returned from the specified pool, as well as the IP address. The netmask returned to the IPsec client is derived from the subnet length from the subnet x.x.x.x/m create configuration, not the subnet-mask configuration in the subnet context. For IPv6, the DNS server address can be returned from the specified pool, as well as the IP address.
For IPv4, a secondary pool can be optionally specified. The secondary pool is used if the system is unable to assign addresses from the primary pool.
Default
no address-source
Parameters
- router-instance
-
Specifies the router instance ID where the local DHCPv4 or DHCPv6 server is defined, up to 32 characters.
This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The address-source service-name service-name variant can be used in all configuration modes.
- service-name
-
Specifies the name of the service where the local DHCPv4 or DHCPv6 server is defined, up to 64 characters.
- local-dhcp4-svr-name
-
Specifies the name of the local DHCPv4 server, up to 32 characters.
- local-dhcp6-svr-name
-
Specifies the name of the local DHCv6 server, up to 32 characters.
- dhcp4-server-pool
-
The name of the pool defined in the specified DHCPv4 server, up to 32 characters.
- dhcp6-server-pool
-
The name of the pool defined in the specified DHCPv6 server, up to 32 characters.
- secondary-pool-name
-
The name of the secondary pool defined in the specified server, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address-state
address-state
Syntax
[no] address-state
Context
[Tree] (config>aaa>isa-radius-plcy>acct-update-triggers address-state)
Full Context
configure aaa isa-radius-policy acct-update-triggers address-state
Description
If enabled, an interim-update will be sent for a DSM UE whenever a DHCP, SLAAC or DHCPv6 address gets allocated or freed.
Default
no address-state
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address-type
address-type
Syntax
address-type {ipv4 | ipv6 | not-specified}
no address-type
Context
[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query address-type)
Full Context
configure subscriber-mgmt wlan-gw tunnel-query address-type
Description
This command specifies the address type to match on tunnels.
The no form of this command reverts to the default.
Default
address-type not-specified
Parameters
- ipv4
-
Specifies the IPv4 address to match on tunnels.
- ipv6
-
Specifies the IPv6 address to match on tunnels.
- not-specified
-
Specifies that no address type matches on tunnels.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address-type
Syntax
address-type {ipv4 | ipv6 | ipv4-only | ipv6-only | ipv4v6 | not-specified}
no address-type
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query address-type)
Full Context
configure subscriber-mgmt wlan-gw ue-query address-type
Description
This command enables matching on UEs that have an address of the specified type.
The no form of this command reverts to the default.
Default
address-type not-specified
Parameters
- ipv4
-
Specifies matching on UEs that have an IPv4 stack active.
- ipv6
-
Specifies matching on UEs that have an IPv6 stack active.
- ipv4-only
-
Specifies matching on UEs that have only an IPv4 and no IPv6 stack active.
- ipv6-only
-
Specifies matching on UEs that have only an IPv6 and no IPv4 stack active.
- ipv4v6
-
Specifies matching on UEs that have both an IPv4 and IPv6 stack active.
- not-specified
-
Specifies that no address type matches on UEs.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
adi
adi
Syntax
adi [zone-channel-name]
no adi
Context
[Tree] (debug>service>id>video-interface adi)
Full Context
debug service id video-interface adi
Description
This command enables debugging for the ad insert server.
Parameters
- zone-channel-name
-
Specifies the channel name up to 32 characters.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
adj-set
adj-set
Syntax
[no] adj-set
Context
[Tree] (config>router>isis>segm-rtng>egress-statistics adj-set)
[Tree] (config>router>ospf>segm-rtng>ingress-statistics adj-set)
[Tree] (config>router>isis>segm-rtng>ingress-statistics adj-set)
[Tree] (config>router>ospf>segm-rtng>egress-statistics adj-set)
Full Context
configure router isis segment-routing egress-statistics adj-set
configure router ospf segment-routing ingress-statistics adj-set
configure router isis segment-routing ingress-statistics adj-set
configure router ospf segment-routing egress-statistics adj-set
Description
This command enables the allocation of statistic indices to each adjacency set. All adjacencies of a set share the same statistics index. If a statistics index is not available at allocation time, the allocation fails, then the system re-tries the allocation. The system generates a log on the first fail and a log on the final successful allocation.
The no form of this command disables the allocation of statistic indices to each adjacency set, releases the statistic indices, and clears the associated counters.
Default
no adj-set
Platforms
All
adj-sid
adj-sid
Syntax
[no] adj-sid
Context
[Tree] (config>router>ospf3>segm-rtng>ingress-statistics adj-sid)
[Tree] (config>router>isis>segm-rtng>egress-statistics adj-sid)
[Tree] (config>router>ospf>segm-rtng>ingress-statistics adj-sid)
[Tree] (config>router>ospf>segm-rtng>egress-statistics adj-sid)
[Tree] (config>router>ospf3>segm-rtng>egress-statistics adj-sid)
[Tree] (config>router>isis>segm-rtng>ingress-statistics adj-sid)
Full Context
configure router ospf3 segment-routing ingress-statistics adj-sid
configure router isis segment-routing egress-statistics adj-sid
configure router ospf segment-routing ingress-statistics adj-sid
configure router ospf segment-routing egress-statistics adj-sid
configure router ospf3 segment-routing egress-statistics adj-sid
configure router isis segment-routing ingress-statistics adj-sid
Description
This command enables the allocation of statistic indices to each programmed NHLFE corresponding to Adjacency SIDs (local and received by means of IGP advertisement). All NHLFEs associated to a given SID share the same index. If a statistics index is not available at allocation time, the allocation fails, then the system re-tries the allocation. The system generates a log on the first fail and a log on the final successful allocation.
The no form of this command disables the allocation of statistic indices to each adjacency SID, releases the statistic indices, and clears the associated counters.
Default
no adj-sid
Platforms
All
adj-sid-hold
adj-sid-hold
Syntax
adj-sid-hold seconds
no adj-sid-hold
Context
[Tree] (config>router>isis>segm-rtng adj-sid-hold)
Full Context
configure router isis segment-routing adj-sid-hold
Description
This command configures a timer to hold the ILM or LTN of an adjacency SID following a failure of the adjacency.
When an adjacency to a neighbor fails, the following procedures are followed for both the LFA protected SID and the LFA unprotected SID of this adjacency in SR-MPLS. An adjacency can have both types of SIDs assigned by configuration. An LFA protected adjacency SID is eligible for LFA protection, but the following procedures apply even if a LFA backup was not programmed at the time of the failure. An LFA unprotected adjacency SID is not eligible for LFA protection.
- IGP withdraws the advertisement of the link TLV as well as its adjacency SID sub-TLV.
- The adjacency SID hold timer starts.
- The LTN and ILM records of the adjacency are kept in the datapath for as long as the adjacency SID hold time is running. This allows packets to flow over the LFA backup path, when the adjacency is protected, and allows the ingress LER or PCE time to compute a new path of the SR-TE LSP after IGP converges.
- If the adjacency is restored while the adjacency SID hold timer is running, the timer is aborted, and the adjacency SID remains programmed in the datapath with the retained SID values. However, the backup NHLFE may change if a new LFA SPF runs while the adjacency SID hold timer running. An update to the backup NHLFE is performed immediately following the LFA SPF. In all cases, the adjacency keeps its assigned SID label value.
-
If the adjacency SID hold timer expires before the adjacency is restored, the SID is deprogrammed from the datapath and the label returned into the common pool where it was drawn from. Users of the adjacency (for example, SR policy and SR-TE LSP) are also informed.
When the adjacency is subsequently restored, it gets assigned its allocated static-label value or a new dynamic-label value.
- A new PG-ID is assigned each time an adjacency comes back up. This PG-ID is used by the ILM and LTN of the adjacency SID and of all downstream node SIDs that resolve to a next hop over this adjacency.
The no form of this command reverts to the default value.
Default
adj-sid-hold 15
Parameters
- seconds
-
Specifies the adjacency SID hold time, in seconds.
Platforms
All
adj-sid-hold
Syntax
adj-sid-hold seconds
no adj-sid-hold
Context
[Tree] (config>router>isis>srv6 adj-sid-hold)
Full Context
configure router isis segment-routing-v6 adj-sid-hold
Description
This command specifies the length of time the system holds the SRv6 adjacency route and tunnel entries programmed in datapath while the adjacency is down.
When an adjacency to a neighbor fails, the following procedures are followed for both the LFA protected SID and the LFA unprotected SID of this adjacency in SRv6. An adjacency can have both types of SIDs assigned by configuration. An LFA protected adjacency SID is eligible for LFA protection, but the following procedures apply even if a LFA backup was not programmed at the time of the failure. An LFA unprotected adjacency SID is not eligible for LFA protection.
- IGP withdraws the advertisement of the link TLV as well as its SRv6 End.X SID sub-TLV.
- The adjacency SID hold timer starts.
- The route table, FIB, and tunnel table entries are kept for as long as the adjacency SID hold timer is running. This allows packets to flow over the LFA backup path, when the adjacency is protected, and to allow the ingress LER or PCE time to compute a new path of a SRv6 policy after IGP converges.
- If the adjacency is restored while the adjacency SID hold timer is running, the timer is aborted, and the adjacency SID remains programmed in the datapath with the retained SID values. However, the backup NHLFE may change if a new LFA SPF runs while the adjacency SID hold timer is running. An update to the backup NHLFE is performed immediately following the LFA SPF. In all cases, the adjacency keeps its assigned SID value.
-
If the adjacency SID hold timer expires before the adjacency is restored, the SID is deprogrammed from the datapath and the SID value returned into the locator subnet where it was drawn from. Users of the adjacency (for example, SRv6 policy) are also informed.
When the adjacency is subsequently restored, it gets assigned its allocated static SID value or a new dynamic SID value.
- A new PG-ID is assigned each time an adjacency comes back up. This PG-ID is used by tunnel of the local adjacency SID and of all remote locator routes that resolve to a next hop over this adjacency.
configure router isis segment-routing
configure router isis segment-routing-v6
The no form of this command reverts to the default value.
Default
adj-sid-hold 15
Parameters
- seconds
-
Specifies the adjacency SID hold time, in seconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
adj-sid-hold
Syntax
adj-sid-hold seconds
no adj-sid-hold
Context
[Tree] (config>router>ospf3>segm-rtng adj-sid-hold)
[Tree] (config>router>ospf>segm-rtng adj-sid-hold)
Full Context
configure router ospf3 segment-routing adj-sid-hold
configure router ospf segment-routing adj-sid-hold
Description
This command configures a timer to hold the ILM or LTN of an adjacency SID following a failure of the adjacency.
When an adjacency to a neighbor fails, the following procedures are followed for both the LFA protected SID and the LFA unprotected SID of this adjacency in SR-MPLS. An adjacency can have both types of SIDs assigned by configuration. An LFA protected adjacency SID is eligible for LFA protection, but the following procedures apply even if a LFA backup was not programmed at the time of the failure. An LFA unprotected adjacency SID is not eligible for LFA protection.
- IGP withdraws the advertisement of the link TLV as well as its adjacency SID sub-TLV.
- The adjacency SID hold timer starts.
- The LTN and ILM records of the adjacency are kept in the datapath for as long as the adjacency SID hold time is running. This allows packets to flow over the LFA backup path, when the adjacency is protected, and allows the ingress LER or PCE time to compute a new path of the SR-TE LSP after IGP converges.
- If the adjacency is restored while the adjacency SID hold timer is running, the timer is aborted, and the adjacency SID remains programmed in the datapath with the retained SID values. However, the backup NHLFE may change when a new LFA SPF is run while the adjacency SID hold timer running. An update to the backup NHLFE is performed immediately following the LFA SPF. In all cases, the adjacency keeps its assigned SID label value.
-
If the adjacency SID hold timer expires before the adjacency is restored, the SID is deprogrammed from the datapath and the label returned into the common pool where it was drawn from. Users of the adjacency (for example, SR policy and SR-TE LSP) are also informed.
When the adjacency is subsequently restored, it gets assigned its allocated static label value or a new dynamic label value.
- A new PG-ID is assigned each time an adjacency comes back up. This PG-ID is used by the ILM and LTN of the adjacency SID and of all downstream node SIDs that resolve to a next hop over this adjacency.
The no form of this command reverts to the default value.
Default
adj-sid-hold 15
Parameters
- seconds
-
Specifies the adjacency SID hold time, in seconds.
Platforms
All
adjacency
adjacency
Syntax
[no] adjacency
Context
[Tree] (debug>service>id>pim-snooping adjacency)
Full Context
debug service id pim-snooping adjacency
Description
This command enables or disables debugging for PIM adjacencies.
Platforms
All
adjacency
Syntax
[no] adjacency
Context
[Tree] (debug>router>pim adjacency)
Full Context
debug router pim adjacency
Description
This command enables debugging for PIM adjacencies.
The no form of this command disables debugging for PIM adjacencies.
Platforms
All
adjacency
Syntax
[no] adjacency [ip-int-name | ip-address | nbr-system-id]
Context
[Tree] (debug>router>isis adjacency)
Full Context
debug router isis adjacency
Description
This command enables debugging for IS-IS adjacency.
The no form of the command disables debugging.
Parameters
- ip-address
-
When specified, only adjacencies with the specified interface address are debugged.
- ip-int-name
-
When specified, only adjacencies with the specified interface name are debugged.
- nbr-system-id
-
When specified, only the adjacency with the specified ID is debugged.
Platforms
All
adjacency-set
adjacency-set
Syntax
[no] adjacency-set id
Context
[Tree] (config>router>isis>segm-rtng adjacency-set)
[Tree] (config>router>ospf>segm-rtng adjacency-set)
Full Context
configure router isis segment-routing adjacency-set
configure router ospf segment-routing adjacency-set
Description
This command creates an adjacency set. An adjacency set consists of one or more adjacency SIDs originating on this node. The constituent adjacencies may terminate on different nodes.
The no form of this command removes the specified adjacency set.
Parameters
- id
-
Specifies an unsigned integer representing the identifier of the adjacency set.
Platforms
All
adjacency-set
Syntax
[no] adjacency-set id
Context
[Tree] (config>router>isis>interface adjacency-set)
[Tree] (config>router>ospf>area>interface adjacency-set)
Full Context
configure router isis interface adjacency-set
configure router ospf area interface adjacency-set
Description
This command associates an interface with an adjacency set. The adjacency set must have been defined under the IS-IS or OSPF segment-routing context.
The no form of this command removes the association.
Parameters
- id
-
Specifies an unsigned integer representing the identifier of the adjacency set.
Platforms
All
adjacency-sid
adjacency-sid
Syntax
adjacency-sid label value
no adjacency-sid
Context
[Tree] (config>router>ospf>area>interface adjacency-sid)
Full Context
configure router ospf area interface adjacency-sid
Description
This command allows a static value to be assigned to an adjacency SID in OSPF segment routing.
The label option specifies that the value is assigned to an MPLS label.
The no form of this command removes the adjacency SID.
Parameters
- label value
-
Specifies the value of adjacency SID label.
Platforms
All
adjacency-sid
Syntax
adjacency-sid
Context
[Tree] (config>router>isis>segm-rtng adjacency-sid)
[Tree] (config>router>ospf3>segm-rtng adjacency-sid)
[Tree] (config>router>ospf>segm-rtng adjacency-sid)
Full Context
configure router isis segment-routing adjacency-sid
configure router ospf3 segment-routing adjacency-sid
configure router ospf segment-routing adjacency-sid
Description
Commands in this context configure two SR-MPLS adjacency SIDs per interface.
Platforms
All
adjust-down
adjust-down
Syntax
adjust-down percent [bw bandwidth-in-mbps]
no adjust-down
Context
[Tree] (config>router>mpls>lsp>auto-bandwidth adjust-down)
[Tree] (config>router>mpls>lsp-template>auto-bandwidth adjust-down)
Full Context
configure router mpls lsp auto-bandwidth adjust-down
configure router mpls lsp-template auto-bandwidth adjust-down
Description
This command configures the minimum threshold for decreasing the bandwidth of an LSP based on active measurement of LSP bandwidth.
The no form of this command is equivalent to adjust-down 5.
Default
adjust-down 5 bw 0
Parameters
- percent
-
Specifies the minimum difference between the current bandwidth reservation of the LSP and the (measured) maximum average data rate, expressed as a percentage of the current bandwidth, for decreasing the bandwidth of the LSP.
- bandwidth-in-mbps
-
Specifies the minimum difference between the current bandwidth reservation of the LSP and the (measured) maximum average data rate, expressed as an absolute bandwidth (Mb/s), for decreasing the bandwidth of the LSP.
Platforms
All
adjust-up
adjust-up
Syntax
adjust-up percent [bw bandwidth-in-mbps]
no adjust-up
Context
[Tree] (config>router>mpls>lsp-template>auto-bandwidth adjust-up)
[Tree] (config>router>mpls>lsp>auto-bandwidth adjust-up)
Full Context
configure router mpls lsp-template auto-bandwidth adjust-up
configure router mpls lsp auto-bandwidth adjust-up
Description
This command configures the minimum threshold for increasing the bandwidth of an LSP based on active measurement of LSP bandwidth.
The no form of this command is equivalent to adjust-up 5.
Default
adjust-up 5 bw 0
Parameters
- percent
-
Specifies the minimum difference between the current bandwidth reservation of the LSP and the (measured) maximum average data rate, expressed as a percentage of the current bandwidth, for increasing the bandwidth of the LSP.
- bandwidth-in-mbps
-
Specifies the minimum difference between the current bandwidth reservation of the LSP and the (measured) maximum average data rate, expressed as an absolute bandwidth (Mb/s), for increasing the bandwidth of the LSP
Platforms
All
admin
admin
Syntax
admin
Context
[Tree] (admin)
Full Context
admin
Description
Commands in this context configure administrative system parameters. Only authorized users can execute the commands in the admin context.
Platforms
All
admin-bw
admin-bw
Syntax
admin-bw kbps
no admin-bw
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel admin-bw)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle admin-bw)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>src-override admin-bw)
Full Context
configure mcast-management multicast-info-policy bundle channel admin-bw
configure mcast-management multicast-info-policy bundle admin-bw
configure mcast-management multicast-info-policy bundle channel source-override admin-bw
Description
This command specifies an administrative bandwidth for multicast channels. The specified bandwidth rate can be used by the multicast ingress path manger, multicast CAC manager or multicast ECMP manager.
The kbps value is closely tied to the bw-activity command. When the bw-activity command is set to use-admin-bw, the multicast ingress path manager uses the configured administrative bandwidth value as the managed ingress bandwidth. The admin-bw value must be defined for the bw-activity use-admin-bw command to succeed. Once the bw-activity command is set to use the admin-bw value, the value cannot be set to 0 and the no admin-bw command fails. Setting the bw-activity command to dynamic (the default setting), breaks the association between the commands.
The no form of this command restores the default value for admin-bw. If the command is executed in the channel context, the channels administrative bandwidth value is set to null. If the command is executed in the source-override context, the source override administrative bandwidth value is set to null.
Parameters
- kbps
-
Specifies the administrative bandwidth for multicast channels.
Platforms
All
admin-bw-threshold
admin-bw-threshold
Syntax
admin-bw-threshold kilo-bits-per-second
no admin-bw-threshold
Context
[Tree] (config>mcast-mgmt>bw-plcy admin-bw-threshold)
Full Context
configure mcast-management bandwidth-policy admin-bw-threshold
Description
This command defines at which bandwidth rate a multicast channel configured to use an administrative rate starts and stop using that rate as the in-use ingress bandwidth when managing ingress multicast paths. This parameter only applies to channels that are configured to use the admin-bw rate with the bw-activity use-admin-bw command (both are configured in the multicast-info-policy associated with the channel context).
To be effective, the admin-bw-threshold value must be less than the channels configured admin-bw. If the administrative bandwidth configured on the channel is less than the administrative bandwidth threshold defined in the bandwidth policy, the admin-bw value is ignored for ingress multicast path management and the system continually uses the dynamic ingress bandwidth associated with the channel. Since the value is defined in the bandwidth-policy and the channel admin-bw value is defined in the multicast-info-policy, it is not possible to pre-determine that a given administrative bandwidth value is less than an administrative bandwidth threshold. Since a typical administrative bandwidth threshold is set significantly lower than any administrative bandwidth values, this corner case is not expected to be prevalent. However, if the case does arise in a production environment, no ill behavior is expected as the threshold is simply a tuning parameter used to detect when the bandwidth associated with a channel has risen above any OAM or background type traffic.
While a channel that is configured to the use-admin-bw parameter (in the bw-activity command) current bandwidth is less than the admin-bw-threshold, the system treats the channel as a dynamic type channel. Once the threshold is crossed, the system immediately allocates the full admin-bw value to the channel and manages the ingress multicast path accordingly. If the bandwidth monitored on the channel rises above the admin-bw value, the system reverts to dynamic bandwidth management operation. If the bandwidth drops below the admin-bw value, but is above the admin-bw-threshold, the system uses the admin-bw value. If the bandwidth drops below the admin-bw-threshold, the system goes back to dynamic bandwidth management operation.
This command has no effect on multicast ECMP or egress CAC management operations.
The no form of this command reverts to the default, which is 10 kb/s.
Parameters
- kilobits-per-second
-
Specifies the defines the rate at which channels configured to use administrative bandwidths change from dynamic bandwidth management to using the channels configured administrative bandwidth. The parameter is expressed as an integer value and represents multiples of 1,000 bits per second. A value of 3000 indicates 3,000,000 bits per second.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
admin-group
admin-group
Syntax
[no] admin-group group-name [group-name]
no admin-group
Context
[Tree] (config>router>mpls>interface admin-group)
[Tree] (config>service>vprn>if>if-attribute admin-group)
[Tree] (config>service>ies>if>if-attribute admin-group)
[Tree] (config>router>if>if-attribute admin-group)
Full Context
configure router mpls interface admin-group
configure service vprn interface if-attribute admin-group
configure service ies interface if-attribute admin-group
configure router interface if-attribute admin-group
Description
This command configures the admin group membership of an interface. The user can apply admin groups to an IES, VPRN, network IP, or MPLS interface.
Each single operation of the admin-group command allows a maximum of five (5) groups to be specified at a time. However, a maximum of 32 groups can be added to a given interface through multiple operations. Once an admin group is bound to one or more interface, its value cannot be changed until all bindings are removed.
The configured admin-group membership will be applied in all levels or areas the interface is participating in. The same interface cannot have different memberships in different levels or areas.
Only the admin groups bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.
The no form of this command deletes one or more of the admin-group memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.
Default
no admin-group
Parameters
- group-name
-
Specifies up to five groups, each up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. Each single operation of the admin-group command allows a maximum of 5 groups to be specified. However, a maximum of 32 groups can be added to a given interface through multiple operations.
Platforms
All
admin-group
Syntax
admin-group group-name value group-value
no admin-group group-name
Context
[Tree] (config>router>if-attribute admin-group)
Full Context
configure router if-attribute admin-group
Description
This command defines an Administrative Group (AG) that can be associated with an IP or MPLS interface.
AGs, also known as affinity, are used to tag IP and MPLS interfaces that share a specific characteristic with the same identifier. For example, an AG identifier can represent:
- all links that connect to core routers
- all links that have a bandwidth higher than 10 Gb
- all links that are dedicated to a specific service
First configure locally on each router the name and identifier of each AG. A maximum of 32 AGs can be configured per system.
After configuring the router name and identifier, configure the AG membership of an interface. You can apply AGs to a IES, VPRN, network IP, or MPLS interface.
When applied to MPLS interfaces, the interfaces can be included or excluded in the LSP path definition by inferring the AG name. CSPF computes a path that satisfies the AG include and exclude constraints.
When applied to IES, VPRN, or network IP interfaces, the interfaces can be included or excluded in the route next-hop selection by inferring the AG name in a route next-hop policy template applied to an interface or a set of prefixes.
The following provisioning rules apply to the AG configuration. The system rejects the creation of an AG:
- if the name of the AG is the same as that of an existing group, even if the new AG group value is different from the existing group value
- if the AG reuses the same group value but with a different name from an existing group
Only the AGs bound to an MPLS interface are advertised area wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.
Parameters
- group-name
-
Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain
- group-value
-
Specifies the integer value associated with the group. The association of group name and value should be unique within an IP or MPLS domain.
Platforms
All
admin-group
Syntax
admin-group admin-group
no admin-group admin-group
Context
[Tree] (config>router>fad>flex-algo>exclude admin-group)
Full Context
configure router flexible-algorithm-definitions flex-algo exclude admin-group
Description
This command configures an administrative group link that will be excluded from the topology graph of the flexible algorithm. If multiple administrative groups are configured, they are all excluded from the topology graph.
Administrative groups are attributes associated with a link. Frequently these administrative groups are described as link colors.
The no form of this command removes the admin-group from being excluded from the topology graph.
Default
no admin-group
Parameters
- admin-group
-
Configures an administrative group link to exclude from the topology graph of the configured FAD.
Platforms
All
admin-group
Syntax
admin-group admin-group
no admin-group admin-group
Context
[Tree] (config>router>fad>flex-algo>include-all admin-group)
Full Context
configure router flexible-algorithm-definitions flex-algo include-all admin-group
Description
This command configures an administrative group link that will be included in the topology graph of the defined FAD. If multiple administrative groups are configured, groups must be present in a link before the link is included in the flexible algorithm topology graph.
The no form of this command removes the specified admin-group from being included in the topology graph.
Default
no admin-group
Parameters
- admin-group
-
Configures an administrative group to include in topology graph of the configured FAD.
Platforms
All
admin-group
Syntax
admin-group admin-group
no admin-group admin-group
Context
[Tree] (config>router>fad>flex-algo>include-any admin-group)
Full Context
configure router flexible-algorithm-definitions flex-algo include-any admin-group
Description
This command configures an administrative group link that will be included in the topology graph of the configured FAD. If multiple administrative groups are configured, at least one of the administrative groups must be present in a link before the link is included into the flexible algorithm topology graph.
The no form of this command removes the admin-group from being included in the topology graph.
Default
no admin-group
Parameters
- admin-group
-
Configures an administrative group to include in the topology graph of the configured FAD.
Platforms
All
admin-group-frr
admin-group-frr
Syntax
[no] admin-group-frr
Context
[Tree] (config>router>mpls admin-group-frr)
Full Context
configure router mpls admin-group-frr
Description
This command enables the use of the admin-group constraints in the association of a manual or dynamic bypass LSP with the primary LSP path at a Point-of-Local Repair (PLR) node.
When this command is enabled, each PLR node reads the admin-group constraints in the FAST_REROUTE object in the Path message of the LSP primary path. If the FAST_REROUTE object is not included in the Path message, then the PLR will read the admin-group constraints from the Session Attribute object in the Path message.
If the PLR is also the ingress LER for the LSP primary path, then it just uses the admin-group constraint from the LSP and/or path level configurations.
The PLR node then uses the admin-group constraints along with other constraints, such as hop-limit and SRLG, to select a manual or dynamic bypass among those that are already in use.
If none of the manual or dynamic bypass LSP satisfies the admin-group constraints, and/or the other constraints, the PLR node will request CSPF for a path that merges the closest to the protected link or node and that includes or excludes the specified admin-group IDs.
If the user changes the configuration of the above command, it will not have any effect on existing bypass associations. The change will only apply to new attempts to find a valid bypass.
The no form of this command disables the use of administrative group constraints on a FRR backup LSP at a PLR node.
Default
no frr-admin-group
Platforms
All
admin-password
admin-password
Syntax
admin-password password [hash | hash2]
no admin-password
Context
[Tree] (config>system>security>password admin-password)
Full Context
configure system security password admin-password
Description
This command allows a user (with admin permissions) to configure a password that enables a user to become an administrator.
This password is valid only for one session. When enabled, no authorization to TACACS+ or RADIUS is performed and the user is locally regarded as an admin user.
This functionality can be enabled in two contexts:
config>system>security>password>admin-password
<global> enable-admin
If the admin-password is configured in the config>system>security>password context, then any user can enter the special mode by entering the enable-admin command.
enable-admin is in the default profile. By default, all users are given access to this command.
After the enable-admin command is entered, the user is prompted for a password. If the password matches, user is given unrestricted access to all the commands.
The minimum length of the password is determined by the minimum-length command. The complexity requirements for the password are determined by the complexity command.
The password argument of this command is not sent to the servers. This is consistent with other commands that configure secrets.
The usernames and passwords in the FTP and TFTP URLs will not be sent to the authorization or accounting servers when the file>copy source-url dest-url command is executed.
For example:
file copy ftp://test:secret@10.20.31.79/test/srcfile cf1:\destfile
In this example, the username 'test' and password 'secret' will not be sent to the AAA servers (or to any logs). They will be replaced with ''****''.
The no form of this command removes the admin password from the configuration.
This command applies to a local user, in addition to users on RADIUS, TACACS, and LDAP.
Default
no admin-password
Parameters
- password
-
Configures the password that enables a user to become a system administrator. The maximum length can be up to 56 characters if unhashed, 60 characters if hashed with bcrypt, from 87 to 92 characters if hashed with sha2-pbkdf2, 32 characters if the hash keyword is specified, or 54 characters if the hash2 keyword is specified. The unhashed cleartext password form should meet all the requirements that are defined by the complexity command.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form or hashed with bcrypt or PBKDF2. For security, all keys are stored in the configuration file in hashed form (using bcrypt or PBKDF2, depending on the hashing configuration parameter) or, for backward compatibility, can be stored in encrypted form with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form or hashed with bcrypt or PBKDF2. For security, all keys are stored in the configuration file in hashed form (using bcrypt or PBKDF2, depending on the hashing configuration parameter) or, for backward compatibility, can be stored in encrypted form with the hash or hash2 parameter specified.
Platforms
All
admin-state
admin-state
Syntax
admin-state {up | down}
no admin-state
Context
[Tree] (config>router>l2tp>group>tunnel>mlppp admin-state)
[Tree] (config>service>vprn>l2tp>group>tunnel>mlppp admin-state)
Full Context
configure router l2tp group tunnel mlppp admin-state
configure service vprn l2tp group tunnel mlppp admin-state
Description
This command enables MLPPP for this tunnel group and is applicable only to LNS.
The tunnel can be explicitly activated (if the parent group is in a no shutdown state) or deactivated by the up and down keywords.
If there the admin state is not configured, the tunnel inherits its administrative state from its parent (group).
The no form of this command causes the tunnel administrative state to be inherited from the group.
Parameters
- up
-
Specifies that the tunnel is to be administratively up.
- down
-
Specifies that the tunnel is to be administratively down.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
admin-status
admin-status
Syntax
admin-status {rx | tx | tx-rx | disabled}
Context
[Tree] (config>port>ethernet>lldp>dstmac admin-status)
Full Context
configure port ethernet lldp dest-mac admin-status
Description
This command configures LLDP transmission/reception frame handling.
Default
admin-status disabled
Parameters
- rx
-
Specifies the LLDP agent will receive, but will not transmit LLDP frames on this port.
- tx
-
Specifies that the LLDP agent will transmit LLDP frames on this port and will not store any information about the remote systems connected.
- tx-rx
-
Specifies that the LLDP agent transmits and receives LLDP frames on this port.
- disabled
-
Specifies that the LLDP agent does not transmit or receive LLDP frames on this port. If there is remote systems information which is received on this port and stored in other tables, before the port's admin status becomes disabled, then the information will naturally age out.
Platforms
All
admin-tag
admin-tag
Syntax
[no] admin-tag tag-value
Context
[Tree] (config>router>mpls>lsp-template admin-tag)
[Tree] (config>router>mpls>lsp admin-tag)
Full Context
configure router mpls lsp-template admin-tag
configure router mpls lsp admin-tag
Description
This assigns an administrative tag to an LSP. The administrative tag can be used to enable routes with certain administrative tags to resolve using LSPs of matching administrative tags.
Up to four tags can be assigned to an LSP.
The administrative tag must exist under config>router>admin-tags.
The no form of this command removes the administrative tag.
Parameters
- tag-value
-
The value of the admin-tag, up to 32 characters.
Platforms
All
admin-tag
Syntax
[no] admin-tag tag
Context
[Tree] (config>router>admin-tags admin-tag)
Full Context
configure router admin-tags admin-tag
Description
This command configures an admin tag value in the nodal LSP administrative tag database.
Up to 256 admin tags can be configured.
The no form of this command removes the admin tag.
Parameters
- tag
-
The value of the administrative tag, up to 32 characters.
Platforms
All
admin-tag-policy
admin-tag-policy
Syntax
admin-tag-policy policy-name
no admin-tag-policy
Context
[Tree] (config>router>policy-options>policy-statement>default-action admin-tag-policy)
[Tree] (config>router>policy-options>policy-statement>entry>action admin-tag-policy)
Full Context
configure router policy-options policy-statement default-action admin-tag-policy
configure router policy-options policy-statement entry action admin-tag-policy
Description
This command assigns a route admin tag policy as an action in a route policy.
The admin tag policy must exist under config>router>admin-tags.
The no form of this command removes the admin tag policy.
Parameters
- policy-name
-
Specifies the name of the admin tag policy, up to 64 characters.
Platforms
All
admin-tags
admin-tags
Syntax
admin-tags
Context
[Tree] (config>router admin-tags)
Full Context
configure router admin-tags
Description
Commands in this context configure admin tags and router admin tag policy templates used for route resolution to LSPs.
Platforms
All
adspec
adspec
Syntax
[no] adspec
Context
[Tree] (config>router>mpls>lsp-template adspec)
[Tree] (config>router>mpls>lsp adspec)
Full Context
configure router mpls lsp-template adspec
configure router mpls lsp adspec
Description
When enabled, the ADSPEC object will be included in RSVP messages for this LSP. The ADSPEC object is used by the ingress LER to discover the minimum value of the MTU for links in the path of the LSP. By default, the ingress LER derives the LSP MTU from that of the outgoing interface of the LSP path.
A bypass LSP always signals the ADSPEC object since it protects both primary paths which signal the ADSPEC object and primary paths which do not. This means that MTU of LSP at ingress LER may change to a different value from that derived from the outgoing interface even if the primary path has ADSPEC disabled.
Default
no adspec — No ADSPEC objects are included in RSVP messages.
Platforms
All
adv-adj-addr-only
adv-adj-addr-only
Syntax
[no] adv-adj-addr-only
Context
[Tree] (config>router>ldp>session-params>peer adv-adj-addr-only)
Full Context
configure router ldp session-parameters peer adv-adj-addr-only
Description
This command provides a means for an LDP router to advertise only the local IPv4 or IPv6 interfaces it uses to establish hello adjacencies with an LDP peer. By default, when a router establishes an LDP session with a peer, it advertises in an LDP Address message the addresses of all local interfaces to allow the peer to resolve LDP FECs distributed by this router. Similarly, a router sends a Withdraw Address message to of all its peers to withdraw a local address if the corresponding interface went down or was deleted.
This new option reduces CPU processing when a large number of LDP neighbors come up or go down. The new CLI option is strongly recommended in mobile backhaul networks where the number of LDP peers can be very large.
The no form of this command reverts LDP to the default behavior of advertising all local interfaces.
Platforms
All
adv-config-policy
adv-config-policy
Syntax
adv-config-policy policy-name [create]
no adv-config-policy policy-name
Context
[Tree] (config>qos adv-config-policy)
Full Context
configure qos adv-config-policy
Description
Commands in this context configure an advanced QoS policy. This command contains only queue and policer child control parameters within a child-control node.
The parameters within the child-control node are intended to allow more precise control of the method that hierarchical virtual scheduling employs to emulate the effect of a scheduling context upon a member child queue or policer.
When a policy is created, it may be applied to a queue or policer defined within a sap-egress or sap-ingress QoS policy. It may also be applied to a queue or policer defined within an ingress or egress queue-group template. When a policy is currently associated with a QoS policy or template, the policy may be modified but not deleted (even in the event that the QoS policy or template is not in use).
While the system maintains default values for the advanced configuration parameters, no default adv-config-policy exists.
The no form of this command removes the specified advanced policy.
Parameters
- policy-name
-
The name of the advanced QoS policy. A policy-name must be specified and conform to the policy naming guidelines. If the specified name does not exist, the optional create keyword requirements are met and the total number of policies per system will not be exceeded, an adv-config-policy of that name will be created. If the specified name does exist, the system will switch context to that adv-config-policy for the purpose of modification of the policy’s contents.
Platforms
All
adv-config-policy
Syntax
adv-config-policy policy-name
no adv-config-policy
Context
[Tree] (config>qos>sap-ingress>policer adv-config-policy)
[Tree] (config>qos>sap-egress>policer adv-config-policy)
[Tree] (config>qos>sap-ingress>queue adv-config-policy)
[Tree] (config>qos>sap-egress>queue adv-config-policy)
Full Context
configure qos sap-ingress policer adv-config-policy
configure qos sap-egress policer adv-config-policy
configure qos sap-ingress queue adv-config-policy
configure qos sap-egress queue adv-config-policy
Description
This command specifies the advanced QoS policy. The advanced QoS policy contains only queue and policer child control parameters within a child-control node.
When a policy is created, it may be applied to a queue or policer defined within a sap-egress or sap-ingress QoS policy. It may also be applied to a queue or policer defined within an ingress or egress queue-group template. When a policy is currently associated with a QoS policy or template, the policy may be modified but not deleted (even in the event that the QoS policy or template is not in use).
The no form of this command removes the specified advanced policy.
Default
no adv-config-policy
Parameters
- policy-name
-
The name of the advanced QoS policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos sap-ingress policer adv-config-policy
- configure qos sap-egress policer adv-config-policy
All
- configure qos sap-ingress queue adv-config-policy
- configure qos sap-egress queue adv-config-policy
adv-config-policy
Syntax
adv-config-policy adv-config-policy-name
no adv-config-policy
Context
[Tree] (config>qos>qgrps>ing>qgrp>policer adv-config-policy)
[Tree] (config>qos>qgrps>egr>qgrp>queue adv-config-policy)
[Tree] (config>qos>qgrps>ing>qgrp>queue adv-config-policy)
[Tree] (config>qos>qgrps>egr>qgrp>policer adv-config-policy)
Full Context
configure qos queue-group-templates ingress queue-group policer adv-config-policy
configure qos queue-group-templates egress queue-group queue adv-config-policy
configure qos queue-group-templates ingress queue-group queue adv-config-policy
configure qos queue-group-templates egress queue-group policer adv-config-policy
Description
This command specifies the name of the advanced configuration policy to be applied with this policer.
Parameters
- adv-config-policy-name
-
Specifies an existing advanced configuration policy up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos queue-group-templates ingress queue-group policer adv-config-policy
- configure qos queue-group-templates egress queue-group policer adv-config-policy
All
- configure qos queue-group-templates ingress queue-group queue adv-config-policy
- configure qos queue-group-templates egress queue-group queue adv-config-policy
adv-config-policy
Syntax
adv-config-policy src-name dst-name [overwrite]
Context
[Tree] (config>qos>copy adv-config-policy)
Full Context
configure qos copy adv-config-policy
Description
This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.
The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.
Parameters
- adv-config-policy
-
Indicates that the source policy ID and the destination policy ID are advanced policy IDs. Specify the source advanced policy ID that the copy command will attempt to copy from and specify the destination advanced policy ID to which the command will copy a duplicate of the policy.
- overwrite
-
Specifies that this policy is to replace the existing destination advanced policy. Everything in the existing destination policy will be overwritten with the contents of the source advanced policy. If overwrite is not specified, an error will occur if the destination policy ID exists, as shown here:
- Example:
-
— ALA-7>config>qos# copy adv-config-policy default sp1
— MINOR: CLI Destination "sp1" exists - use {overwrite}
— ALA-7>config>qos#overwrite
Platforms
All
adv-local-lsr-id
adv-local-lsr-id
Syntax
[no] adv-local-lsr-id
Context
[Tree] (config>router>ldp>session-params>peer adv-local-lsr-id)
[Tree] (config>router>ldp>targeted-session>peer-template adv-local-lsr-id)
Full Context
configure router ldp session-parameters peer adv-local-lsr-id
configure router ldp targeted-session peer-template adv-local-lsr-id
Description
This command advertises a local LSR ID over a specified LDP session.
Advertisement of a local LSR ID over a given LDP session is configured using the adv-local-lsr-id command in the peer session-parameters. If a user disables the adv-local-lsr-id command, then the system will withdraw the FEC for the local LSR ID.
The SR OS router uses the following rules when advertising a local LSR ID:
-
If the session parameters have the default configuration and the targeted peer template has the default configuration, the local LSR ID is not advertised.
-
If the session parameters have the default configuration but the targeted peer template has an explicit configuration for advertisement of the local LSR ID, the targeted peer template configuration is used.
-
If the session parameters have an explicit configuration for advertisement of the local LSR ID but the targeted peer template has the default configuration, the session parameter configuration is used.
-
If both the session parameters and the targeted peer template have an explicit configuration for advertisement of the local LSR ID, then the session parameter configuration is used.
The no form of this command withdraws the FEC for the local LSR ID.
Default
no adv-local-lsr-id
Platforms
All
adv-mtu-override
adv-mtu-override
Syntax
[no] adv-mtu-override
Context
[Tree] (config>service>sdp adv-mtu-override)
Full Context
configure service sdp adv-mtu-override
Description
This command overrides the advertised VC-type MTU of all spoke-sdps of L2 services using this SDP-ID. When enabled, the router signals a VC MTU equal to the service MTU, which includes the Layer 2 header. It also allows this router to accept an MTU advertised by the far-end PE which value matches either its advertised MTU or its advertised MTU minus the L2 headers.
By default, the router advertises a VC-MTU equal to the L2 service MTU minus the Layer 2 header and always matches its advertised MTU to that signaled by the far-end PE router, otherwise the spoke-sdp goes operationally down.
When this command is enabled on the SDP, it has no effect on a spoke-sdp of an IES/VPRN spoke interface using this SDP-ID. The router continues to signal a VC MTU equal to the net IP interface MTU, which is min{ip-mtu, sdp operational path mtu - L2 headers}. The router also continues to make sure that the advertised MTU values of both PE routers match or the spoke-sdp goes operationally down.
The no form of the command disables the VC-type MTU override and returns to the default behavior.
Default
no adv-mtu-override
Platforms
All
adv-noaddrs-global
adv-noaddrs-global
Syntax
adv-noaddrs-global [esm-proxy] [esm-relay] [relay] [server]
no adv-noaddrs-global
Context
[Tree] (config>system>dhcp6 adv-noaddrs-global)
Full Context
configure system dhcp6 adv-noaddrs-global
Description
This command configures the different DHCPv6 applications to send the NoAddrsAvail Status-Code in DHCPv6 Advertise messages at the global DHCP message level.
By default, all applications send the NoAddrsAvail Status-Code in DHCPv6 Advertise messages at the IA_NA Option level.
Different applications for which NoAddrsAvail Status-Code in DHCPv6 Advertise messages can be configured at the global DHCP message level.
The only valid combination in current SR OS is adv-noaddrs-global esm-relay server.
The no form of this command reverts to the default.
Default
no adv-noaddrs-global. All applications send the NoAddrsAvail Status-Code in DHCPv6 Advertise messages at the IA_NA Option level.
Parameters
- esm-proxy
-
Specifies the DHCPv6 proxy server on subscriber group-interfaces. Not supported in current SR OS.
- esm-relay
-
Specifies the DHCPv6 relay on subscriber group-interfaces. Must be enabled together with the DHCPv6 server (server) application.
- relay
-
Specifies the DHCPv6 relay on regular IES or VPRN interfaces. Not supported in current SR OS.
- server
-
Specifies the DHCPv6 server. Must be enabled together with the DHCPv6 relay on subscriber interfaces (esm-relay) application.
Platforms
All
adv-service-mtu
adv-service-mtu
Syntax
adv-service-mtu octets
no adv-service-mtu
Context
[Tree] (config>service>epipe>spoke-sdp adv-service-mtu)
Full Context
configure service epipe spoke-sdp adv-service-mtu
Description
This command configures the MTU value signaled in targeted LDP for the spoke-SDP and the value used to validate the value signaled by the far-end PE. If configured, this value is used instead of the service MTU. However, the configuration does not affect the locally enforced value, which is still based on the service MTU. This command for the MTU cannot be configured on a spoke-SDP that is bound to an SDP with the adv-mtu-override command.
When unconfigured, an adjusted service MTU is used. See the service-mtu command for more information.
The no form of this command removes the configuration.
Default
no adv-service-mtu
Parameters
- octets
-
The size of the MTU in octets, expressed as a decimal integer.
Platforms
All
adv-service-mtu
Syntax
adv-service-mtu number
no adv-service-mtu
Context
[Tree] (config>service>vpls>bgp adv-service-mtu)
[Tree] (config>service>epipe>bgp adv-service-mtu)
Full Context
configure service vpls bgp adv-service-mtu
configure service epipe bgp adv-service-mtu
Description
This command configures the Layer 2 MTU value that is advertised for BGP signaling for the service and for validation with the value signaled by the far-end PE. However, the configuration does not effect the locally enforced value, which is still based on the service MTU.
The no form of this command reverts to the default Layer 2 MTU value for BGP signaling for the service, which uses an adjusted service-mtu value. See the service-mtu command for more information.
Default
no adv-service-mtu
Parameters
- number
-
Specifies the size, in octets, of the Layer 2 MTU value to advertise for BGP signaling for the service.
Platforms
All
advertise
advertise
Syntax
advertise {static | dynamic} [route-tag [1..255]]
no advertise {static | dynamic}
Context
[Tree] (config>service>ies>if>vpls>evpn>nd advertise)
[Tree] (config>service>vprn>if>vpls>evpn>nd advertise)
[Tree] (config>service>vprn>if>vpls>evpn>arp advertise)
[Tree] (config>service>ies>if>vpls>evpn>arp advertise)
Full Context
configure service ies interface vpls evpn nd advertise
configure service vprn interface vpls evpn nd advertise
configure service vprn interface vpls evpn arp advertise
configure service ies interface vpls evpn arp advertise
Description
This command enables the advertisement of static and dynamic ARP and ND entries that are installed in the ARP and ND cache into EVPN MAC/IP routes. This command must be used along with no learn-dynamic.
Default
no advertise
Parameters
- static
-
Enables ARP/ND host routes to be created in the route table from EVPN ARP/ND entries
- dynamic
-
Enables ARP/ND host routes to be created in the route table out of dynamic ARP/ND entries (learned from ARP/ND messages received from the hosts).
- route-tag
-
Specifies the route tag that is added in the route table for ARP/ND host routes of type dynamic, or static. This tag can be matched on BGP VRF export and BGP peer export policies.
Platforms
All
advertise
Syntax
advertise fad-name
no advertise
Context
[Tree] (config>router>ospf>flex-algos>flex-algo advertise)
[Tree] (config>router>isis>flex-algos>flex-algo advertise)
Full Context
configure router ospf flexible-algorithms flex-algo advertise
configure router isis flexible-algorithms flex-algo advertise
Description
This command enables the advertisement of a locally configured Flexible Algorithm Definition (FAD).
A locally defined FAD is only advertised if it is administratively enabled. A router can advertise only a single locally defined FAD by using the fad-name as reference anchor.
The winning FAD used by a router must be consistent with the winning FAD on all other routers. This avoids routing loops and traffic blackholing. The winning FAD is selected using a tie-breaker algorithm that first selects the highest advertised FAD priority and next the highest system Id.
The no form of this command removes the advertisement of a flexible algorithm definition.
Default
no advertise
Parameters
- fad-name
-
Configures the FAD name, up to 32 characters. By default, no locally configured FAD is advertised.
Platforms
All
advertise
Syntax
advertise {mvpn-pim | mvpn-only| pim-only}
Context
[Tree] (config>service>vpls>bind>evpn-mcast-gateway advertise)
Full Context
configure service vpls allow-ip-int-bind evpn-mcast-gateway advertise
Description
This command signals the OISM gateway function type in the Inclusive Multicast Ethernet Tag routes.
Default
advertise mvpn-pim
Parameters
- mvpn-pim
-
Specifies that the router signals the MVPN-to-OISM (MEG) and PIM-to-OISM (PEG) gateway capabilities.
- mvpn-only
-
Specifies that the router signals the MVPN-to-OISM (MEG) gateway capabilities.
- pim-only
-
Specifies that the router signals the PIM-to-OISM (PEG) gateway capabilities.
Platforms
All
advertise
Syntax
[no] advertise
advertise weight dynamic [max-dynamic-weight max-dynamic-weight]
advertise weight weight
Context
[Tree] (configure>service>vprn>bgp-evpn>mpls>evpn>evpn-link-bw advertise)
[Tree] (configure>service>vpls>bgp-evpn>ip-route-link-bw advertise)
Full Context
configure service vprn bgp-evpn mpls evpn-link-bandwidth advertise
configure service vpls bgp-evpn ip-route-link-bandwidth advertise
Description
This command enables the advertisement of the EVPN link bandwidth extended community along with the IP Prefix routes.
The no form of this command disables the advertisement of the EVPN link bandwidth extended community.
Default
no advertise
Parameters
- weight
-
Specifies the weight advertised in the EVPN link bandwidth extended community for the advertised EVPN IP prefix routes for the service.
- weight dynamic
-
Keyword to specify that the weight is dynamically set based on the number of BGP PE-CE paths for the IP-Prefix that is advertised in an EVPN IP-Prefix route.
- max-dynamic-weight
-
Specifies the maximum weight advertised in the EVPN link bandwidth extended community for the advertised EVPN IP-Prefix routes for the service. If weight dynamic is configured, the actual advertised weight is the minimum of the number of BGP PE-CE paths for the prefix and the configured maximum weight.
Platforms
All
advertise-admin-group
advertise-admin-group
Syntax
advertise-admin-group {prefer-ag | eag-only | ag-eag}
no advertise-admin-group
Context
[Tree] (config>router>isis>flex-algos advertise-admin-group)
[Tree] (config>router>ospf>flex-algos advertise-admin-group)
Full Context
configure router isis flexible-algorithms advertise-admin-group
configure router ospf flexible-algorithms advertise-admin-group
Description
This command configures the type of Aministrative Group (AG) or Extended Administrative Group (EAG) TLVs the router advertises as the Interior Gateway Protocol (IGP) link attribute. This command is configured for this IGP instance.
The no form of this command removes the configuration.
Default
prefer-ag
Parameters
- prefer-ag
-
Keyword to specify that the router advertises the Administrative Group (AG) TLV as the IGP link attribute if the affinity bits in the configure router if-attribute admin-group value command are configured between 0 to 31. If no EAG (32 to 255) affinity bits are configured, only the AG TLV is advertised as the IGP link attribute.
If the affinity bits are configured in both the AG (0 to 31) and EAG (32 to 255) range, the router advertises both the AG and the EAG TLVs as the IGP link attributes.
- eag-only
-
Keyword to specify that the router advertises only the EAG TLV as the IGP link attribute. No AG TLV is advertised if this keyword is configured.
- ag-eag
-
Keyword to specify that the router can advertise both the AG and the EAG TLVs as the IGP link attributes, even without the affinity bit in the EAG range configured in the configure router if-attribute admin-group value command. If no affinity bit is configured in the AG range (0 to 31), the router prunes the AG TLV. Configuring this keyword allows for backward compatibility for vendor implementations that support only AG, while still supporting EAG.
Platforms
All
advertise-bgp
advertise-bgp
Syntax
advertise-bgp route-distinguisher rd [community community]
no advertise-bgp route-distinguisher rd
Context
[Tree] (config>service>pw-routing>local-prefix advertise-bgp)
Full Context
configure service pw-routing local-prefix advertise-bgp
Description
This command enables a given prefix to be advertised in MP-BGP for dynamic MS-PW routing.
The no form of this command will explicitly withdraw a route if it has been previously advertised.
Default
no advertise-bgp
Parameters
- rd
-
Specifies an 8-octet route distinguisher associated with the prefix. Up to 4 unique route distinguishers can be configured and advertised for a given prefix though multiple instances of the advertise-bgp command. This parameter is mandatory.
- community
-
An optional BGP communities attribute associated with the advertisement. To delete a previously advertised community, advertise-bgp route-distinguisher must be run again with the same value for the RD but excluding the community attribute.
Platforms
All
advertise-capabilities
advertise-capabilities
Syntax
advertise-capabilities
Context
[Tree] (config>port>ethernet>efm-oam>discovery advertise-capabilities)
Full Context
configure port ethernet efm-oam discovery advertise-capabilities
Description
This is the top level of the hierarchy which allows for the overriding of default advertising of capabilities to a remote peer.
Platforms
All
advertise-delay
advertise-delay
Syntax
[no] advertise-delay
Context
[Tree] (config>router>ospf>te-opts advertise-delay)
Full Context
configure router ospf traffic-engineering-options advertise-delay
Description
This command configures the advertisement of link delay in the IGP LSDB within the OSPF-TE TLV attribute or when the Application Specific Link Attribute (ASLA) is enabled within the SR-TE ASLA.
When the router is configured with the configure router ospf traffic-engineering-options sr-te application-specific-link-attributes command to generate SR-TE ASLA attributes, link delay is advertised as a legacy RFC 3630 TE TLV when RSVP-TE is enabled and as an ASLA RFC 8920 TLV for SR-TE when MPLS is enabled for an interface.
SR OS accepts and handles both legacy RSVP-TE TLVs and ASLAs for the RSVP application. However, SR OS only advertises RFC 3630 legacy RSVP-TE TLVs (as recommended by RFC 8920) to avoid compatibility issues.
The no form of this command disables link delay advertisement.Default
no advertise-delay
Platforms
All
advertise-delay
Syntax
[no] advertise-delay
Context
[Tree] (config>router>isis>te advertise-delay)
Full Context
configure router isis traffic-engineering-options advertise-delay
Description
This command enables the advertisement of link delay in the IGP LSDB within legacy Traffic Engineering (TE) attributes in IS-IS or within the Application Specific Link Attribute (ASLA) when ASLA is enabled for SR-TE or RSVP-TE applications.
When application-link-attributes legacy command is configured for SR-TE or RSVP-TE, link delay is advertised as a legacy TE TLV with the ASLA legacy bit set.
The no form of this command disables link delay advertisement.
Default
no advertise-delay
Platforms
All
advertise-external
advertise-external
Syntax
[no] advertise-external [ipv4] [ipv6] [ label-ipv4] [label-ipv6]
Context
[Tree] (config>router>bgp advertise-external)
Full Context
configure router bgp advertise-external
Description
This command allows BGP to advertise its best external route to a destination even when its best overall route is an internal route. Entering the command (or its no form) with no address family parameters is equivalent to specifying all supported address families.
The no form of this command disables Advertise Best External for the BGP family.
Default
no advertise-external
Parameters
- ipv4
-
Enables the best-external advertisement for unlabeled unicast IPv4 routes.
- ipv6
-
Enables the best-external advertisement for unlabeled unicast IPv6 routes.
- label-ipv4
-
Enables the best-external advertisement for labeled-unicast IPv4 routes.
- label-ipv6
-
Enables the best-external advertisement for labeled-unicast IPv6 routes.
Platforms
All
advertise-inactive
advertise-inactive
Syntax
[no] advertise-inactive
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy advertise-inactive)
Full Context
configure subscriber-mgmt bgp-peering-policy advertise-inactive
Description
This command enables the advertising of inactive BGP routers to other BGP peers.
By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the most preferred route within the system for a given destination.
The no form of this command disables the advertising.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
advertise-inactive
Syntax
[no] advertise-inactive
Context
[Tree] (config>service>vprn>bgp>group advertise-inactive)
[Tree] (config>service>vprn>bgp advertise-inactive)
[Tree] (config>service>vprn>bgp>group>neighbor advertise-inactive)
Full Context
configure service vprn bgp group advertise-inactive
configure service vprn bgp advertise-inactive
configure service vprn bgp group neighbor advertise-inactive
Description
This command enables or disables the advertising of inactive BGP routers to other BGP peers.
By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the most preferred route within the system for a given destination.
When the BGP advertise-inactive command is configured so that it applies to a BGP session it has the following effect on the IPv4, IPv6, mcast-ipv4, mcast-ipv6, label-IPv4 and label-IPv6 routes advertised to that peer:
-
If the active route for the IP prefix is a BGP route then that route is advertised.
-
If the active route for the IP prefix is a non-BGP route and there is at least one valid but inactive BGP route for the same destination then the best of the inactive and valid BGP routes is advertised unless the non-BGP active route is matched and accepted by an export policy applied to the session.
-
If the active route for the IP prefix is a non-BGP route and there are no (valid) BGP routes for the same destination then no route is advertised for the prefix unless the non-BGP active route is matched and accepted by an export policy applied to the session.
Default
no advertise-inactive
Platforms
All
advertise-inactive
Syntax
[no] advertise-inactive
Context
[Tree] (config>router>bgp advertise-inactive)
[Tree] (config>router>bgp>group>neighbor advertise-inactive)
[Tree] (config>router>bgp>group advertise-inactive)
Full Context
configure router bgp advertise-inactive
configure router bgp group neighbor advertise-inactive
configure router bgp group advertise-inactive
Description
This command enables the advertising of inactive BGP routes to other BGP peers. By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the used route within the system for a given destination.
The no form of this command disables the advertising of inactive BGP routers to other BGP peers.
Default
no advertise-inactive
Platforms
All
advertise-interval
advertise-interval
Syntax
advertise-interval advertise-interval
no advertise-interval
Context
[Tree] (config>port>aps advertise-interval)
Full Context
configure port aps advertise-interval
Description
This command specifies the time interval, in 100s of milliseconds, between 'I am operational' messages sent by both protect and working circuits to their neighbor for multi-chassis APS.
The advertise-interval value is valid only for a multi-chassis APS as indicated by the value of the neighbor command value if it is not set to 0.0.0.0.
Default
10
Parameters
- advertise-interval
-
Specifies the time interval, in 100s of milliseconds, between 'I am operational' messages sent by both protect and working circuits to their neighbor for multi-chassis APS.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
advertise-ipv6-next-hops
advertise-ipv6-next-hops
Syntax
advertise-ipv6-next-hops [ipv4]
no advertise-ipv6-next-hops
Context
[Tree] (config>service>vprn>bgp>group>neighbor advertise-ipv6-next-hops)
[Tree] (config>service>vprn>bgp advertise-ipv6-next-hops)
[Tree] (config>service>vprn>bgp>group advertise-ipv6-next-hops)
Full Context
configure service vprn bgp group neighbor advertise-ipv6-next-hops
configure service vprn bgp advertise-ipv6-next-hops
configure service vprn bgp group advertise-ipv6-next-hops
Description
When this command is configured, with the IPv4 option, so that it applies to a BGP session established on top of IPv6 transport, IPv4 BGP routes can be advertised with a true IPv6 address when originated or when next-hop-self (configured or automatic) is applied.
If an IPv4 route must originate or be advertised with a next-hop-self and the corresponding advertise-ipv6-next-hops command option does not apply to the session or if an appropriate extended-nh-encoding capability was not received from the remote peer, then the route is advertised with the IPv4 system address as the BGP next-hop.
If an IPv4 route is matched by a BGP export policy entry that tries to change the next hop to an IPv6 address and the corresponding advertise-ipv6-next-hops command option does not apply to the session or if an appropriate extended-nh-encoding capability was not received from the remote peer, then the route is handled as though it was rejected by the policy entry.
This command has no effect on sessions established over IPv4 transport.
The no form of this command reverts to the default.
Default
no advertise-ipv6-next-hops
Parameters
- ipv4
-
Allows IPv4 unicast routes to be advertised to IPv6-transport peers with an IPv6 address as the BGP next-hop in cases of route origination or next-hop-self (configured or automatic). It also allows export policies to change the BGP next-hop of an IPv4 route to an IPv6 address. All of these cases require the remote peer to advertise the necessary extended NH encoding capability. It may be necessary to configure the forward-ipv4-packets command under the appropriate interface>ipv6 contexts in order to enable datapath support for these control plane exchanges.
Platforms
All
advertise-ipv6-next-hops
Syntax
advertise-ipv6-next-hops [vpn-ipv6] [label-ipv6] [ evpn] [vpn-ipv4] [ label-ipv4] [ipv4]
no advertise-ipv6-next-hops
Context
[Tree] (config>router>bgp>group>neighbor advertise-ipv6-next-hops)
[Tree] (config>router>bgp>group advertise-ipv6-next-hops)
[Tree] (config>router>bgp advertise-ipv6-next-hops)
Full Context
configure router bgp group neighbor advertise-ipv6-next-hops
configure router bgp group advertise-ipv6-next-hops
configure router bgp advertise-ipv6-next-hops
Description
This command applies to a BGP session established on top of IPv6 transport; BGP routes belonging to the specified families can be advertised with a true IPv6 address when originated or when next-hop-self (configured or automatic) is applied.
This command has no effect on routes advertised to IPv4 peers.
When this command is not enabled, the following considerations apply:
-
If a VPN IPv6 or label IPv6 route needs to be originated or advertised with next-hop-self to an IPv6 transport peer the route is advertised with the IPv4 system address as BGP next-hop (encoded as an IPv4-mapped IPv6 address).
-
If a VPN-IPv4 or label IPv4 route needs to be originated or advertised with next-hop-self or if an appropriate extended-nh-encoding capability was not received from the remote peer, the route is advertised with the IPv4 system address as the BGP next-hop.
-
If a VPN IPv4 or label IPv4 route is matched by a BGP export policy entry that tries to change the next-hop to an IPv6 address and an appropriate extended-nh-encoding capability was not received from the remote peer, the route is handled as though it was rejected by the policy entry.
The no form of this command disables the setting of next hops to a global IPv6 address for the family.
Default
no advertise-ipv6-next-hops
Parameters
- vpn-ipv6
-
Allows VPN IPv6 routes to be advertised to IPv6 transport peers with an IPv6 address as the BGP next-hop in cases of route origination or next-hop-self (configured or automatic).
- label-ipv6
-
Allows label IPv6 routes to be advertised to IPv6 transport peers with an IPv6 address as the BGP next-hop in cases of route origination or next-hop-self (configured or automatic).
- vpn-ipv4
-
Allows VPN IPv4 routes to be advertised to IPv6 transport peers with an IPv6 address as the BGP next-hop in cases of route origination or next-hop-self (configured or automatic). It also allows export policies to change the BGP next-hop of a VPN IPv4 route to an IPv6 address. All of these cases require the remote peer to advertise the necessary extended NH encoding capability.
- label-ipv4
-
Allows label IPv4 routes to be advertised to IPv6 transport peers with an IPv6 address as the BGP next-hop in cases of route origination or next-hop-self (configured or automatic). It also allows export policies to change the BGP next-hop of a label IPv4 route to an IPv6 address. All of these cases require the remote peer to advertise the necessary extended NH encoding capability.
- ipv4
-
Instructs BGP to advertise an extended NH encoding capability for NLRI AFI=1, NLRI SAFI=1 and next-hop AFI=2.
- evpn
-
Allows EVPN routes to be advertised to IPv6 transport peers.
Platforms
All
advertise-label
advertise-label
Syntax
advertise-label {per-prefix | pop | pop-and-forward}
no advertise-label
Context
[Tree] (config>router>policy-options>policy-statement>default-action advertise-label)
[Tree] (config>router>policy-options>policy-statement>entry>action advertise-label)
Full Context
configure router policy-options policy-statement default-action advertise-label
configure router policy-options policy-statement entry action advertise-label
Description
This command configures the label allocation method for advertised routes. The effect of the advertise-label command depends on the context where the associated policy is applied.
Use the per-prefix option and configure the command in the default action or entry-specific action of a VRF export policy to advertise every qualifying matched route with a per-prefix label in the resulting VPN-IP routes. In this situation, non-qualifying routes include local interface routes and BGP-VPN routes. The command overrides, for specific routes, the configured label-mode of the exporting VPRN service.
Use the per-prefix option and configure the command in the default action or entry-specific action of a BGP import policy to assign a per-prefix label to qualifying label-IPv4 and label-IPv6 routes when:
-
these routes are the best path for their prefix in the respective RIB
-
there is a BGP next-hop change
A label-IPv4 or label-IPv6 route advertised with a pre-prefix label supports ECMP forwarding across multiple BGP next-hops.
The pop option is applicable in route-table-import policies. The advertised BGP label is programmed for a pop operation when:
-
a /32 IPv4 static, OSPF, or IS-IS route is matched and accepted by a label-IPv4 or label-IPv6 RIB route-table-import policy entry or default-action with this command
-
the route is a candidate to be advertised as a label-IPv4 or label-IPv6 route (due to a BGP export policy)
When the label-IPv4 RIB imports a /32 static, OSPF, or IS-IS route and then exports the route as a BGP route, the default behavior is to program a swap operation in the datapath, which swaps the BGP label with the tunnel label that takes traffic to the destination of the /32 route.
The pop-and-forward option is applicable in route-table-import policies, when these policies match an unlabeled BGP route and apply this policy action.
Use the pop-and-forward option to program the label that is advertised in the BGP-LU route to forward the packet according to the resolution of the unlabeled route that triggered the origination of the BGP-LU route. The forwarding is done without an IP FIB lookup, which can be useful in situations where the IP FIB at the exit of the MPLS tunnel is not synchronized with the FIB at the head-end of the MPLS tunnel. The advertisement of a pop-and-forward label overrides the configuration to advertise label-ipv6 routes with an explicit null label and the configuration to advertise BGP-LU with a prefix SID attribute. Those features are not available when using the pop-and-forward label.
Default
no advertise-label
Parameters
- per-prefix
-
Sets the per-prefix label allocation for matched routes. This takes effect only in VRF export policies and BGP import policies, and only for certain types of routes.
- pop
-
Sets the pop label allocation for matched routes. This takes effect only in label-IPv4 route-table-import policies and only applies to /32 IPv4 routes that were learned through static configuration, OSPF, or IS-IS.
- pop-and-forward
-
Sets the pop-and-forward label allocation for matched routes. This takes effect only when an unlabeled BGP IPv4 or IPv6 route is matched by a label-IPv4 or label-IPv6 route-table-import policy.
Platforms
All
advertise-ldp-prefix
advertise-ldp-prefix
Syntax
[no] advertise-ldp-prefix
Context
[Tree] (config>router>bgp>group>neighbor advertise-ldp-prefix)
Full Context
configure router bgp group neighbor advertise-ldp-prefix
Description
This command, when configured for a session that supports the IPv4 labeled-unicast address family, allows (subject to BGP export policies) active /32 LDP FEC prefixes to be advertised to the BGP peer with an RFC 8277 label, even though there may be BGP paths for the same prefix.
Default
no advertise-ldp-prefix
Platforms
All
advertise-local
advertise-local
Syntax
[no] advertise-local
Context
[Tree] (config>service>vpls>isid-policy>entry advertise-local)
Full Context
configure service vpls isid-policy entry advertise-local
Description
The no advertise-local option prevents the advertisement of any locally defined I-VPLS ISIDs or static-isids in the range in a B-VPLS. For I-VPLS services or static-isids that are primarily unicast traffic, the use-def-mcast and no advertise-local options allows the forwarding of ISID based multicast frames locally using the default multicast. The no advertise-local option also suppresses this range of ISIDs from being advertised in ISIS. When using the use-def-mcast and no advertise-local policies, the ISIDs configured under this static-isid declarations SPBM treats the ISIDs as belonging to the default tree.
Default
advertise-local
Platforms
All
advertise-ne-profile
advertise-ne-profile
Syntax
advertise-ne-profile name
no advertise-ne-profile
Context
[Tree] (config>service>vprn>ospf>area advertise-ne-profile)
Full Context
configure service vprn ospf area advertise-ne-profile
Description
This command enables advertising of a specific NE profile using OSPFv2 LSA type 10 opaque.
The no version of this command disables advertising of NE profiles.
Default
no advertise-ne-profile
Parameters
- name
-
Specifies the name of the NE profile to be advertised, up to 32 characters.
Platforms
All
advertise-passive-only
advertise-passive-only
Syntax
[no] advertise-passive-only
Context
[Tree] (config>service>vprn>isis advertise-passive-only)
Full Context
configure service vprn isis advertise-passive-only
Description
This command enables IS-IS for the VPRN instance to advertise only prefixes that belong to passive interfaces.
The no form of this command disables IS-IS for the VPRN instance from advertising only prefixes that belong to passive interfaces.
Platforms
All
advertise-passive-only
Syntax
[no] advertise-passive-only
Context
[Tree] (config>router>isis advertise-passive-only)
Full Context
configure router isis advertise-passive-only
Description
This command enables and disables IS-IS to advertise only prefixes that belong to passive interfaces.
Default
no advertise-passive-only
Platforms
All
advertise-router-capability
advertise-router-capability
Syntax
advertise-router-capability {area | as}
no advertise-router-capability
Context
[Tree] (config>service>vprn>isis advertise-router-capability)
[Tree] (config>service>vprn>isis>level advertise-router-capability)
Full Context
configure service vprn isis advertise-router-capability
configure service vprn isis level advertise-router-capability
Description
This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A new TLV as defined in RFC 4971 advertises the TE Node Capability Descriptor capability.
The parameters (area & as) control the scope of the capabilities advertisements.
The no form of this command disables this capability.
Default
no advertise-router-capability
Parameters
- area
-
Capabilities are only advertised within the area of origin.
- as
-
Capabilities are only advertised throughout the entire autonomous system.
Platforms
All
advertise-router-capability
Syntax
advertise-router-capability
advertise-router-capability {link | area | as}
no advertise-router-capability
Context
[Tree] (config>service>vprn>ospf>area advertise-router-capability)
[Tree] (config>service>vprn>ospf>area>if advertise-router-capability)
[Tree] (config>service>vprn>ospf3 advertise-router-capability)
[Tree] (config>service>vprn>ospf advertise-router-capability)
[Tree] (config>service>vprn>ospf3>area>if advertise-router-capability)
Full Context
configure service vprn ospf area advertise-router-capability
configure service vprn ospf area interface advertise-router-capability
configure service vprn ospf3 advertise-router-capability
configure service vprn ospf advertise-router-capability
configure service vprn ospf3 area interface advertise-router-capability
Description
This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A Router Information (RI) LSA as defined in RFC 4970 advertises the following capabilities:
-
OSPF graceful restart capable: no
-
OSPF graceful restart helper: yes, when enabled
-
OSPF Stub Router support: yes
-
OSPF Traffic Engineering support: yes, when enabled
-
OSPF point-to-point over LAN: yes
-
OSPF Experimental TE: no
The parameters (link, area and as) control the advertisement scope of the router capabilities.
The no form of this command disables this capability.
Default
no advertise-router-capability
Parameters
- link
-
Capabilities are only advertised over local link and not flooded beyond.
- area
-
Capabilities are only advertised within the area of origin.
- as
-
Capabilities are only advertised throughout the entire autonomous system.
Platforms
All
advertise-router-capability
Syntax
advertise-router-capability {area | as}
no advertise-router-capability
Context
[Tree] (config>router>isis advertise-router-capability)
Full Context
configure router isis advertise-router-capability
Description
This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A TLV as defined in RFC 4971 advertises the TE Node Capability Descriptor capability.
The parameters (area and as) control the scope of the capability advertisements.
The no form of this command disables this capability.
Parameters
- area
-
Specifies to only advertise within the area of origin.
- as
-
Specifies to advertise throughout the entire autonomous system.
Platforms
All
advertise-router-capability
Syntax
[no] advertise-router-capability
Context
[Tree] (config>router>isis>level advertise-router-capability)
Full Context
configure router isis level advertise-router-capability
Description
This command enables router advertisement capabilities.
The no form of this command disables router advertisement capabilities.
Default
advertise-router-capability
Platforms
All
advertise-router-capability
Syntax
advertise-router-capability {link | area | as}
no advertise-router-capability
Context
[Tree] (config>router>ospf3 advertise-router-capability)
[Tree] (config>router>ospf advertise-router-capability)
Full Context
configure router ospf3 advertise-router-capability
configure router ospf advertise-router-capability
Description
This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A Router Information (RI) LSA as defined in RFC 4970 advertises the following capabilities:
-
OSPF graceful restart capable: no
-
OSPF graceful restart helper: yes, when enabled
-
OSPF stub router support: yes
-
OSPF traffic engineering support: yes, when enabled
-
OSPF point-to-point over LAN: yes
-
OSPF experimental TE: no
The parameters (link, area and as) control the scope of the capability advertisements.
The no form of this command disables this capability.
Default
no advertise-router-capability
Parameters
- link
-
capabilities are only advertised over local links and not flooded beyond.
- area
-
capabilities are only advertised within the area of origin.
- as
-
capabilities are advertised throughout the entire autonomous system.
Platforms
All
advertise-router-capability
Syntax
[no] advertise-router-capability
Context
[Tree] (config>router>ospf>area>interface advertise-router-capability)
[Tree] (config>router>ospf>area advertise-router-capability)
[Tree] (config>router>ospf3>area>interface advertise-router-capability)
[Tree] (config>router>ospf3>area advertise-router-capability)
Full Context
configure router ospf area interface advertise-router-capability
configure router ospf area advertise-router-capability
configure router ospf3 area interface advertise-router-capability
configure router ospf3 area advertise-router-capability
Description
This command enables advertisement of a router’s capabilities to its neighbors for informational and troubleshooting purposes. A Router Information (RI) LSA as defined in RFC 4970 advertises the following capabilities:
-
OSPF graceful restart capable: no
-
OSPF graceful restart helper: yes, when enabled
-
OSPF stub router support: yes
-
OSPF traffic engineering support: yes, when enabled
-
OSPF point-to-point over LAN: yes
-
OSPF experimental TE: no
The no form of this command disables this capability.
Default
advertise-router-capability
Platforms
All
advertise-selection
advertise-selection
Syntax
advertise-selection
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay advertise-selection)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay advertise-selection)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay advertise-selection)
Full Context
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection
Description
Commands in this context configure a solicit delay or a DHCPv6 preference option value to influence the advertise selection of DHCPv6 clients.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
advertise-stale-to-all-neighbors
advertise-stale-to-all-neighbors
Syntax
advertise-stale-to-all-neighbors [without-no-export]
no advertise-stale-to-all-neighbors
Context
[Tree] (config>service>vprn>bgp>graceful-restart>long-lived advertise-stale-to-all-neighbors)
[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived advertise-stale-to-all-neighbors)
[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived advertise-stale-to-all-neighbors)
Full Context
configure service vprn bgp graceful-restart long-lived advertise-stale-to-all-neighbors
configure service vprn bgp group neighbor graceful-restart long-lived advertise-stale-to-all-neighbors
configure service vprn bgp group graceful-restart long-lived advertise-stale-to-all-neighbors
Description
This command allows BGP routes marked as LLGR stale to be advertised to BGP peers that did not advertise the LLGR capability when the session was opened. The no version of this command causes advertisement behavior to follow the rule that stale routes cannot be advertised to a peer that does not understand or implement the LLGR capability. Stale routes are withdrawn towards such peers.
When this command is configured with the without-no-export option, LLGR stales routes can be advertised to any peer (EBGP or IBGP) that did not signal the LLGR capability. Towards IBGP and confederation-EBGP peers that did not advertise the LLGR capability, the LOCAL_PREFERENCE attribute in the advertised stale routes is automatically set to zero.
When this command is configured without the without-no-export option, LLGR stale routes are not advertised to any EBGP peer that did not signal the LLGR capability. Towards IBGP and confederation-EBGP peers that did not advertise the LLGR capability the LOCAL_PREFERENCE attribute in the advertised stale routes is automatically set to zero and a NO_EXPORT standard community is automatically added to the routes.
Default
no advertise-stale-to-all-neighbors
Parameters
- without-no-export
-
Allows LLGR stale routes to be advertised to all peers, such that they can exit the local AS.
Platforms
All
advertise-stale-to-all-neighbors
Syntax
advertise-stale-to-all-neighbors [without-no-export | no without-no-export]
no advertise-stale-to-all-neighbors
Context
[Tree] (config>router>bgp>graceful-restart>long-lived advertise-stale-to-all-neighbors)
[Tree] (config>router>bgp>group>graceful-restart>long-lived advertise-stale-to-all-neighbors)
[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived advertise-stale-to-all-neighbors)
Full Context
configure router bgp graceful-restart long-lived advertise-stale-to-all-neighbors
configure router bgp group graceful-restart long-lived advertise-stale-to-all-neighbors
configure router bgp group neighbor graceful-restart long-lived advertise-stale-to-all-neighbors
Description
This command allows BGP routes marked as LLGR stale to be advertised to BGP peers that did not advertise the LLGR capability when the session was opened.
When this command is configured with the without-no-export option, LLGR stale routes can be advertised to any peer (EBGP or IBGP) that did not signal the LLGR capability. Towards IBGP and confederation-EBGP peers that did not advertise the LLGR capability, the LOCAL_PREFERENCE attribute in the advertised stale routes is automatically set to zero.
When this command is configured without the without-no-export option, LLGR stale routes are not advertised to any EBGP peer that did not signal the LLGR capability. Towards IBGP and confederation-EBGP peers that did not advertise the LLGR capability the LOCAL_PREFERENCE attribute in the advertised stale routes is automatically set to zero and a NO_EXPORT standard community is automatically added to the routes.
The no version of this command causes advertisement behavior to follow the rule that stale routes cannot be advertised to a peer that does not understand or implement the LLGR capability. Stale routes are withdrawn towards such peers.
Default
no advertise-stale-to-all-neighbors
Parameters
- without-no-export
-
Allows LLGR stale routes to be advertised to all peers, such that they can exit the local AS.
Platforms
All
advertise-subnet
advertise-subnet
Syntax
[no] advertise-subnet
Context
[Tree] (config>service>vprn>ospf>area>if advertise-subnet)
Full Context
configure service vprn ospf area interface advertise-subnet
Description
This command enables advertising point-to-point interfaces as subnet routes (network number and mask). When disabled, point-to-point interfaces are advertised as host routes.
This command is not supported in the OSPF3 context.
The no form of this command disables advertising point-to-point interfaces as subnet routes meaning they are advertised as host routes.
Default
advertise-subnet — Advertises point-to-point interfaces as subnet routes.
Platforms
All
advertise-subnet
Syntax
[no] advertise-subnet
Context
[Tree] (config>router>ospf>area>interface advertise-subnet)
Full Context
configure router ospf area interface advertise-subnet
Description
This command enables advertising point-to-point interfaces as subnet routes (network number and mask). When disabled, point-to-point interfaces are advertised as host routes.
The no form of this command disables advertising point-to-point interfaces as subnet routes meaning they are advertised as host routes.
Default
advertise-subnet
Platforms
All
advertise-tunnel-link
advertise-tunnel-link
Syntax
[no] advertise-tunnel-link
Context
[Tree] (config>router>ospf advertise-tunnel-link)
[Tree] (config>router>isis advertise-tunnel-link)
Full Context
configure router ospf advertise-tunnel-link
configure router isis advertise-tunnel-link
Description
This command enables the forwarding adjacency feature. With this feature, IS-IS or OSPF advertises an RSVP LSP as a link so that other routers in the network can include it in their SPF computations. The RSVP LSP is advertised as an unnumbered point-to-point link and the link LSP or LSA has no Traffic Engineering opaque sub-TLVs, as per RFC 3906. An SR-TE LSP is not supported with forwarding adjacency.
The forwarding adjacency feature can be enabled independently from the IGP shortcut feature in CLI. If both igp-shortcut and advertise-tunnel-link options are enabled for a given IGP instance, then the advertise-tunnel-link takes precedence.
When the forwarding adjacency feature is enabled, each node advertises a p2p unnumbered link for each best metric tunnel to the router ID of any endpoint node. The node does not include the tunnels as IGP shortcuts in SPF computation directly. Instead, when the LSA or LSP that advertises the corresponding P2P unnumbered link is installed in the local routing database, the node performs an SPF using it like any other link LSA or LSP. The bidirectional check of the link requires that a link, regular or tunnel, exists in the reverse direction for the tunnel to be used in SPF.
The igp-shortcut option under the LSP name governs the use of the LSP with both the igp-shortcut and the advertise-tunnel-link options in IGP. In other words, the user can exclude a specific RSVP LSP from being used as a forwarding adjacency by entering the command config>router>mpls>lsp>no igp-shortcut.
Support is provided for resolving and forwarding IPv4 and IPv6 prefixes over IPv4 forwarding adjacency RSVP-TE LSP. Specifically, the forwarding adjacency feature supports family IPv4 in OSPFv2, family IPv6 in OSPFv3, families IPv4 and IPv6 in ISIS MT=0, and family IPv6 in ISIS MT=2.
In addition, both IPv4 and IPv6 SR-ISIS tunnels can be resolved and further tunneled over one or more RSVP-TE LSPs used as forwarding adjacencies. This is enabled by configuring both segment routing and forwarding adjacency features within an IS-IS instance in a multi-topology MT=0.
IS-IS forwarding adjacency using the advertise-tunnel-link command is not supported in combination with the IS-IS link bundling and the IS-IS metric link quality adjustment features.
The no form of this command disables forwarding adjacency and disables the advertisement of RSVP LSP into IGP.
Default
no advertise-tunnel-link
Platforms
All
advertised-stale-time
advertised-stale-time
Syntax
advertised-stale-time seconds
no advertised-stale-time
Context
[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived advertised-stale-time)
[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived>family advertised-stale-time)
[Tree] (config>service>vprn>bgp>graceful-restart>long-lived>family advertised-stale-time)
[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived>family advertised-stale-time)
[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived advertised-stale-time)
[Tree] (config>service>vprn>bgp>graceful-restart>long-lived advertised-stale-time)
Full Context
configure service vprn bgp group neighbor graceful-restart long-lived advertised-stale-time
configure service vprn bgp group neighbor graceful-restart long-lived family advertised-stale-time
configure service vprn bgp graceful-restart long-lived family advertised-stale-time
configure service vprn bgp group graceful-restart long-lived family advertised-stale-time
configure service vprn bgp group graceful-restart long-lived advertised-stale-time
configure service vprn bgp graceful-restart long-lived advertised-stale-time
Description
This command sets the value of the long-lived stale time that is advertised by the router in its LLGR capability. When configured in the long-lived configuration context, advertised-stale-time applies to all AFI/SAFI in the advertised LLGR capability except for any AFI/SAFI with a family-specific override. A family-specific override is configured with the advertised-stale-time command in a family context.
The no version of this command sets the advertised-stale-time value to 24 hours (86400 seconds).
Default
no advertised-stale-time
Parameters
- seconds
-
Specifies the advertised long-lived stale time in seconds.
Platforms
All
advertised-stale-time
Syntax
advertised-stale-time seconds
no advertised-stale-time
Context
[Tree] (config>router>bgp>graceful-restart>long-lived advertised-stale-time)
[Tree] (config>router>bgp>graceful-restart>long-lived>family advertised-stale-time)
[Tree] (config>router>bgp>group>graceful-restart>long-lived>family advertised-stale-time)
[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived advertised-stale-time)
[Tree] (config>router>bgp>group>graceful-restart>long-lived advertised-stale-time)
[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived>family advertised-stale-time)
Full Context
configure router bgp graceful-restart long-lived advertised-stale-time
configure router bgp graceful-restart long-lived family advertised-stale-time
configure router bgp group graceful-restart long-lived family advertised-stale-time
configure router bgp group neighbor graceful-restart long-lived advertised-stale-time
configure router bgp group graceful-restart long-lived advertised-stale-time
configure router bgp group neighbor graceful-restart long-lived family advertised-stale-time
Description
This command sets the value of the long-lived stale time that is advertised by the router in its LLGR capability. When configured in the long-lived configuration context, advertised-stale-time applies to all AFI/SAFI in the advertised LLGR capability except for any AFI/SAFI with a family-specific override. A family-specific override is configured with the advertised-stale-time command in a family context.
The no version of this command sets the advertised-stale-time value to 24 hours (86400 seconds).
Default
no advertised-stale-time
Parameters
- seconds
-
Specifies the advertised long-lived stale time in seconds.
Platforms
All
advertising-timeout
advertising-timeout
Syntax
advertising-timeout seconds
no advertising-timeout
Context
[Tree] (config>system>bluetooth advertising-timeout)
Full Context
configure system bluetooth advertising-timeout
Description
When the power is enabled, this command configures the pairing timeout interval for the Bluetooth device during which it advertises that it is ready to pair. If an external device does not complete the pairing within this time, then the pairing must be reinitiated.
The no form of this command disables the timeout.
Default
advertising-timeout 30
Parameters
- seconds
-
Specifies the pairing timeout interval.
Platforms
7750 SR-1, 7750 SR-s, 7950 XRS-20e
advertising-timeout
Syntax
advertising-timeout seconds
no advertising-timeout
Context
[Tree] (config>system>bluetooth advertising-timeout)
Full Context
configure system bluetooth advertising-timeout
Description
When the power is enabled, this timer controls the amount of time the Bluetooth device will advertise that is ready to pair. If an external device does not complete the pairing within this time, then the pairing must be re-initiated.
The no form of this command disables the timeout.
Default
advertising-timeout 30
Parameters
- seconds
-
Specifies the paring timeout interval.
Platforms
7750 SR-1, 7750 SR-s, 7950 XRS-20e
aes-initialization-vector
aes-initialization-vector
Syntax
aes-initialization-vector hex-string
no aes-initialization-vector
Context
[Tree] (config>app-assure>group>http-enrich>field aes-initialization-vector)
Full Context
configure application-assurance group http-enrich field aes-initialization-vector
Description
This command configures the initialization vector that is used for the AES CBC encryption.
The no form of this command removes the initialization vector.
Default
no aes-initialization-vector
Parameters
- hex-string
-
Specifies the AES initialization vector in 34 characters, that is, 0x followed by exactly 32 hexadecimal characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
agg-rate
agg-rate
Syntax
[no] agg-rate
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>egress agg-rate)
[Tree] (config>service>ies>if>sap>egress agg-rate)
[Tree] (config>service>vprn>sub-if>grp-if>sap>egress agg-rate)
Full Context
configure service ies subscriber-interface group-interface sap egress agg-rate
configure service ies interface sap egress agg-rate
configure service vprn subscriber-interface group-interface sap egress agg-rate
Description
Commands in this context configure aggregation rate parameters. This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
When specified under a Vport, the agg-rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate or port-scheduler-policy involves removing the existing command and applying the new command.
The no form of this command disables the aggregation rate.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface sap egress agg-rate
- configure service ies subscriber-interface group-interface sap egress agg-rate
All
- configure service ies interface sap egress agg-rate
agg-rate
Syntax
[no] agg-rate
Context
[Tree] (config>port>ethernet>access>egr>vport agg-rate)
[Tree] (config>port>ethernet>network>egr>qgrp agg-rate)
[Tree] (config>port>ethernet>access>egr>qgrp agg-rate)
Full Context
configure port ethernet access egress vport agg-rate
configure port ethernet network egress queue-group agg-rate
configure port ethernet access egress queue-group agg-rate
Description
This command controls an H-QoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
When specified under a Vport, the agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate/port-scheduler-policy involves removing the existing command and applying the new command.
Platforms
All
agg-rate
Syntax
[no] agg-rate
Context
[Tree] (config>service>cpipe>sap>egress agg-rate)
[Tree] (config>service>epipe>sap>egress agg-rate)
[Tree] (config>service>ipipe>sap>egress agg-rate)
Full Context
configure service cpipe sap egress agg-rate
configure service epipe sap egress agg-rate
configure service ipipe sap egress agg-rate
Description
This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress agg-rate
All
- configure service epipe sap egress agg-rate
- configure service ipipe sap egress agg-rate
agg-rate
Syntax
[no] agg-rate
Context
[Tree] (config>service>template>vpls-sap-template>egress agg-rate)
[Tree] (config>service>vpls>sap>egress>encap-defined-qos>encap-group agg-rate)
[Tree] (config>service>vpls>sap>egress agg-rate)
Full Context
configure service template vpls-sap-template egress agg-rate
configure service vpls sap egress encap-defined-qos encap-group agg-rate
configure service vpls sap egress agg-rate
Description
This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
Platforms
All
agg-rate
Syntax
[no] agg-rate
Context
[Tree] (config>service>vprn>if>sap>egress agg-rate)
Full Context
configure service vprn interface sap egress agg-rate
Description
This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
Platforms
All
agg-rate
Syntax
[no] agg-rate
Context
[Tree] (config>service>cust>multi-service-site>egress agg-rate)
Full Context
configure service customer multi-service-site egress agg-rate
Description
Commands in this context control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
The no form of the command disables the aggregate rate limit parameters.
Platforms
All
agg-rate-limit
agg-rate-limit
Syntax
agg-rate-limit agg-rate [min-resv-bw min-rate] [queue-frame-based-accounting]
no agg-rate-limit
Context
[Tree] (config>subscr-mgmt>sub-prof>egress agg-rate-limit)
Full Context
configure subscriber-mgmt sub-profile egress agg-rate-limit
Description
This command defines a subscriber aggregate limit when the subscriber profile is directly associated with an egress port based scheduler instead of a scheduler policy. The optional queue-frame-based-accounting keyword allows the subscriber queues to operate in the frame based accounting mode.
Once egress frame based accounting is enabled on the subscriber profile, all queues associated with the subscriber (created through the sla-profile associated with each subscriber host) will have their rate and CIR values interpreted as frame based values. When shaping, the queues will include the 12-byte Inter-Frame Gap (IFG) and 8-byte preamble for each packet scheduled out the queue. The profiling CIR threshold will also include the 20-byte frame encapsulation overhead. Statistics associated with the queue do not include the frame encapsulation overhead. Packet byte offset settings are not included in the applied rate when queue frame based accounting is configured, however the offsets are applied to the statistics.
The queue-frame-based-accounting keyword does not change the behavior of the egress-agg-rate-limit rate value. Since the egress-agg-rate-limit is always associated with egress port based scheduling and egress port based scheduling is dependent on frame based operation, the egress-agg-rate-limit rate is always interpreted as a frame based value.
Enabling queue-frame-based-accounting will not cause statistics for queues associated with the subscriber to be cleared.
The no form of this command removes both an egress aggregate rate limit and egress frame based accounting for all subscribers associated with the sub-profile. If a subscriber’s accounting mode is changed, the subscriber’s queue statistics are cleared.
Parameters
- agg-rate
-
Specifies the egress aggregate rate.
- min-rate
-
Specifies the minimum rate of the minimum reserved bandwidth for unicast data traffic. Since minimum rate can oversubscribe subscriber bandwidth to guarantee a minimum bandwidth for unicast traffic, care must be taken in QoS provisioning to prioritize packets accordingly (downstream network elements such as the access node or aggregation nodes) when congestion occurs.
- queue-frame-based-accounting
-
Specifies whether to use frame-based accounting when evaluating the aggregation rate limit for the egress queues for this SAP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
agg-rate-limit
Syntax
agg-rate-limit agg-rate
no agg-rate-limit
Context
[Tree] (config>port>ethernet>access>egress>vport agg-rate-limit)
Full Context
configure port ethernet access egress vport agg-rate-limit
Description
This command configures an aggregate rate for the Vport. This command is mutually exclusive with the port-scheduler-policy command.
The no form of this command reverts to the default.
Parameters
- agg-rate
-
Specifies the rate limit for the Vport.
Platforms
All
agg-rate-limit
Syntax
agg-rate-limit kilobits-per-second
no agg-rate-limit
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>egress agg-rate-limit)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>egress agg-rate-limit)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw egress agg-rate-limit
configure service ies subscriber-interface group-interface wlan-gw egress agg-rate-limit
Description
This command configures an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
The no form of this command removes the rate from the configuration.
Parameters
- kilobits-per-second
-
Specifies the aggregate rate limit.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
agg-rate-limit
Syntax
agg-rate-limit agg-rate [min-resv-bw min-rate] [queue-frame-based-accounting] [adaptation-rule adaptation-rule] [burst-limit size] [bytes| kilobytes]
no agg-rate-limit
Context
[Tree] (config>subscr-mgmt>sub-prof>egr agg-rate-limit)
Full Context
configure subscriber-mgmt sub-profile egress agg-rate-limit
Description
This command configures a hardware-assisted HQoS aggregate rate limit.
The no form of this command removes the rate from the configuration.
Parameters
- agg-rate
-
Specifies the aggregate rate limit in kb/s.
- min-rate
-
Specifies the minimum reserved bandwidth rate.
- queue-frame-based-accounting
-
Enables frame-based accounting at the queue level.
- adaptation-rule
-
Specifies the adaptation rule for the PIR value of the subscriber aggregate rate. This rule determines which configured value is adapted to oper-agg-rate based on hardware capabilities.
- size
-
Specifies the burst limit size.
- bytes | kilobytes
-
Specifies whether the value is in bytes or kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
agg-shaper-weight
agg-shaper-weight
Syntax
agg-shaper-weight weight
no agg-shaper-weight
Context
[Tree] (config>qos>sap-egress>queue agg-shaper-weight)
Full Context
configure qos sap-egress queue agg-shaper-weight
Description
This command specifies the aggregate shaper weight of the sap-egress queue.
The no form of this command returns the aggregate shaper weight to the default value.
Default
agg-shaper-weight 1
Parameters
- weight
-
Specifies the aggregate shaper weight.
Platforms
7750 SR-1, 7750 SR-s
aggregate
aggregate
Syntax
[no] aggregate
Context
[Tree] (config>port>ethernet>egress>hs-sec-shaper aggregate)
Full Context
configure port ethernet egress hs-secondary-shaper aggregate
Description
Commands in this context configure aggregate parameters.
The no form of this command removes all of the aggregate parameter values from the configuration of this HS secondary shaper.
Platforms
7750 SR-7/12/12e
aggregate
Syntax
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [black-hole [generate-icmp]] [community comm-id [comm-id] [ local-preference local-pref]] [description description] [tunnel-group tunnel-group-id]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [community comm-id [comm-id]] [ indirect ip-address] [local-preference local-pref]] [description description] [tunnel-group tunnel-group-id]
no aggregate ip-prefix/ip-prefix-length
Context
[Tree] (config>service>vprn aggregate)
Full Context
configure service vprn aggregate
Description
This command creates an aggregate route. Use this command to automatically install an aggregate route in the routing table when there are one or more component routes. A component route is any route used for forwarding that is a more specific match of the aggregate.
The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers, leading to smaller routing table sizes.
Overlapping aggregate routes may be configured; in this case a route becomes a component of only the one aggregate route with the longest prefix match. For example if one aggregate is configured as 10.0.0.0/16 and another as 10.0.0.0/24, then route 10.0.128/17 would be aggregated into 10.0.0.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0.0/24. If multiple entries are made with the same prefix and the same mask the previous entry is overwritten.
A list of up to 12 BGP communities (any mix of standard, extended, and large communities) may be associated with an aggregate route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the aggregate route.
By default, aggregate routes are not installed in the forwarding table, however there are configuration options that allow an aggregate route to be installed with a black-hole next hop or with an indirect IP address as next hop.
Aggregate routes can be advertised via MP-BGP to other PEs within the network. Aggregate routes advertised using MP-BGP do not include aggregated BGP path attributes from the component routes which were used to activate the aggregate route. The aggregate route will be advertised with the minimal set of path attributes as if the aggregate was originated by the advertising routes. Export route policies should be used to control and modify the advertisement and path attributes of the aggregate routes.
The no form of this command removes the aggregate.
Default
no aggregate
Parameters
- ip-prefix
-
The destination address of the aggregate route in dotted decimal notation.
- summary-only
-
This optional parameter suppresses advertisement of more specific component routes for the aggregate.
To remove the summary-only option, enter the same aggregate command without the summary-only parameter.
- as-set
-
This optional parameter is only applicable to BGP and creates an aggregate where the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Use this feature carefully as it can increase the amount of route churn due to best path changes.
- aggregator as-number:ip-address
-
This optional parameter specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
- discard-component-communities
-
This optional keyword causes the aggregate to be advertised with only the configured BGP community set, none of the communities from the component routes activating the aggregate are included. (Component attributes are never included in aggregate routes advertised to other PE routers via MP-BGP).
- black-hole
-
This optional parameter installs the aggregate route, when activated, in the FIB with a black-hole next-hop, where packets matching this route are discarded.
- generate-icmp
-
This optional parameter keyword generates an ICMP.
- community
-
This configuration option associates a BGP community with the aggregate route. The community can be matched in route policies and is automatically added to BGP routes exported from the aggregate route.
- comm-id
-
Specifies a BGP community value, up to 72 characters.
- description
-
Specifies a text description stored in the configuration file for a configuration context.
- local-preference
-
Specifies a BGP local-preference value with the aggregate route. The local-preference overrides the default local preference value of a BGP route originated by exporting the aggregate route.
- indirect ip-address
-
This configuration option specifies that the aggregate route should be installed in the FIB with a next-hop taken from the route used to forward packets to ip-address.
- tunnel-group-id
-
Specifies that the MC-IPsec state of the specific tunnel-group is added to the aggregate route.
Platforms
All
aggregate
Syntax
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [black-hole [generate-icmp]] [community comm-id [comm-id]] [ description description] [local-preference local-preference] [policy policy-name]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [community comm-id [comm-id]] [ indirect ip-address] [description description] [local-preference local-preference] [policy policy-name]
no aggregate ip-prefix/ip-prefix-length
Context
[Tree] (config>router aggregate)
Full Context
configure router aggregate
Description
This command creates an aggregate route.
Use this command to automatically install an aggregate route in the routing table when there are one or more component routes. A component route is any route used for forwarding that is a more-specific match of the aggregate.
The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers, leading to smaller routing table sizes.
Overlapping aggregate routes may be configured; in this case a route becomes a component of only the one aggregate route with the longest prefix match. For example if one aggregate is configured as 10.0.0.0/16 and another as 10.0.0.0/24, then route 10.0.128/17 would be aggregated into 10.0.0.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0.0/24. If multiple entries are made with the same prefix and the same mask the previous entry is overwritten.
A standard 4-byte BGP community may be associated with an aggregate route in order to facilitate route policy matching.
By default aggregate routes are not installed in the forwarding table, however there are configuration options that allow an aggregate route to be installed with a black-hole next hop or with an indirect IP address as next hop.
The no form of this command removes the aggregate.
Default
no aggregate
Parameters
- ip-prefix
-
Specifies the destination address of the aggregate route in dotted decimal notation.
- ip-prefix-length
-
Specifies the mask associated with the network address expressed as a mask length.
- summary-only
-
Suppresses advertisement of more specific component routes for the aggregate.
To remove the summary-only option, enter the same aggregate command without the summary-only parameter.
- as-set
-
This optional parameter is only applicable to BGP and creates an aggregate where the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Use this feature carefully as it can increase the amount of route churn due to best path changes.
- as-number:ip-address
-
Specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
- discard-component-communities
-
Causes the aggregate to be advertised with only the configured BGP community set, none of the communities from the component routes activating the aggregate are included.
- black-hole
-
Installs the aggregate route, when activated, in the FIB with a black-hole next-hop, where packets matching this route are discarded.
- generate-icmp
-
Mandatory keyword to generate an ICMP.
- community
-
Associates a BGP community with the aggregate route. The community can be matched in route policies and is automatically added to BGP routes exported from the aggregate route.
- comm-id
-
Specifies a BGP community value, up to 72 characters. A maximum of twelve community IDs can be specified in a single statement.
- indirect ip-address
-
Specifies that the aggregate route should be installed in the FIB with a next-hop taken from the route used to forward packets to ip-address.
- description
-
Specifies a text description stored in the configuration file for a configuration context, up to 80 characters.
- local-preference
-
Specifies a BGP local-preference value with the aggregate route. The local-preference overrides the default local preference value of a BGP route originated by exporting the aggregate route.
- policy-name
-
Specifies the route policy, up to 64 characters.
Platforms
All
aggregate-contributor
aggregate-contributor
Syntax
[no] aggregate-contributor
Context
[Tree] (config>router>policy-options>policy-statement>entry>from>aggregate-contributor aggregate-contributor)
Full Context
configure router policy-options policy-statement entry from aggregate-contributor aggregate-contributor
Description
This command matches all routes (BGP and non-BGP) that contributed to an active aggregate route. If the prefix tree above a particular route includes no active aggregate routes, or the most specific active aggregate route in the prefix tree above this route has a policy that rejects the route, then it is not considered as an aggregate-contributor.
This match condition is only supported when used in a BGP export policy. If it is used in an entry of a BGP import policy, VRF export policy or VRF import policy, no routes are matched by that entry.
The no form of this command disables matching of routes (BGP and non-BGP) that contributed to an active aggregate route.
Platforms
All
aggregate-prefix-match
aggregate-prefix-match
Syntax
[no] aggregate-prefix-match
Context
[Tree] (config>router>ldp aggregate-prefix-match)
Full Context
configure router ldp aggregate-prefix-match
Description
The command enables the use by LDP of the aggregate prefix match procedures.
When this option is enabled, LDP performs the following procedures for all prefixes. When an LSR receives a FEC-label binding from an LDP neighbor for a given specific FEC1 element, it will install the binding in the LDP FIB if:
-
It is able to perform a successful longest IP match of the FEC prefix with an entry in the routing table, and
-
The advertising LDP neighbor is the next-hop to reach the FEC prefix.
When such a FEC-label binding has been installed in the LDP FIB, then LDP programs an NHLFE entry in the egress data path to forward packets to FEC1. It also advertises a new FEC-label binding for FEC1 to all its LDP neighbors.
When a new prefix appears in the routing table, LDP inspects the LDP FIB to determine if this prefix is a better match (a more specific match) for any of the installed FEC elements. For any FEC for which this is true, LDP may have to update the NHLFE entry for this FEC.
When a prefix is removed from the routing table, LDP inspects the LDP FIB for all FEC elements which matched this prefix to determine if another match exists in the routing table. If so, it updates the NHLFE entry accordingly. If not, it sends a label withdraw message to its LDP neighbors to remove the binding.
When the next hop for a routing prefix changes, LDP updates the LDP FIB entry for the FEC elements which matched this prefix. It also updates the NHLFE entry for these FEC elements accordingly.
The no form of this command disables the use by LDP of the aggregate prefix procedures and deletes the configuration. LDP resumes performing exact prefix match for FEC elements.
Default
no aggregate-prefix-match
Platforms
All
aggregate-sample-window
aggregate-sample-window
Syntax
aggregate-sample-window
Context
[Tree] (config>test-oam>link-meas>template aggregate-sample-window)
Full Context
configure test-oam link-measurement measurement-template aggregate-sample-window
Description
Commands in this context configure the aggregate sample window parameters to be used when the measurement template is assigned to an IP interface. The aggregate sample window is the collection of sample windows.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
aggregate-shapers
aggregate-shapers
Syntax
aggregate-shapers
Context
[Tree] (config>qos>fp-resource-policy aggregate-shapers)
Full Context
configure qos fp-resource-policy aggregate-shapers
Description
This command enters the aggregate-shapers context.
Platforms
7750 SR-1, 7750 SR-s
aggregate-stats
aggregate-stats
Syntax
aggregate-stats export-using export-method [export-method...(up to 2 max)]
aggregate-stats no-export
Context
[Tree] (config>app-assure>group>statistics>aa-sub aggregate-stats)
Full Context
configure application-assurance group statistics aa-sub aggregate-stats
Description
This command configures aa-sub accounting statistics for export of aggregate statistics of a given subscriber.
Default
aggregate-stats no-export
Parameters
- export-method
-
Specifies the method of statistics export to be used.
- no-export
-
Disables the export.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aggregate-used-paths
aggregate-used-paths
Syntax
aggregate-used-paths family [family]
no aggregate-used-paths
Context
[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth aggregate-used-paths)
[Tree] (config>service>vprn>bgp>group>link-bandwidth aggregate-used-paths)
Full Context
configure service vprn bgp group neighbor link-bandwidth aggregate-used-paths
configure service vprn bgp group link-bandwidth aggregate-used-paths
Description
This command configures BGP to aggregate the bandwidth values from the link-bandwidth extended communities of the used multipaths towards an IP prefix when it is re-advertising a route with next-hop-self towards peers within the scope of the command, as long as the route belongs to one of the listed address families.
Aggregation is not supported unless all of the used multipaths (up to the configured ECMP limit) correspond to received BGP routes with a link-bandwidth extended community. If add-path is also enabled toward the peer, then all of the add-paths advertised to the peer encode the aggregated bandwidth in a link-bandwidth extended community.
Up to three families may be configured.
The no form of this command disables aggregation in a next-hop-self scenario and the link-bandwidth extended community in the advertised route is a copy of the link-bandwidth extended community in the received route (which may have been added by import policy or by the effect of the add-to-received-ebgp command).
Default
no aggregate-used-paths
Parameters
- family
-
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Platforms
All
aggregate-used-paths
Syntax
aggregate-used-paths family [family]
no aggregate-used-paths
Context
[Tree] (config>router>bgp>group>link-bandwidth aggregate-used-paths)
[Tree] (config>router>bgp>group>neighbor>link-bandwidth aggregate-used-paths)
Full Context
configure router bgp group link-bandwidth aggregate-used-paths
configure router bgp group neighbor link-bandwidth aggregate-used-paths
Description
This command configures BGP to aggregate the bandwidth values from the link-bandwidth extended communities of the used multipaths towards an IP prefix when it is re-advertising a route with next-hop-self towards peers within the scope of the command, as long as the route belongs to one of the listed address families.
Aggregation is not supported unless all of the used multipaths (up to the configured ECMP limit) correspond to received BGP routes with a link-bandwidth extended community. If add-path is also enabled toward the peer, then all of the add-paths advertised to the peer encode the aggregated bandwidth in a link-bandwidth extended community.
Up to six families may be configured.
The no form of this command disables aggregation in a next-hop-self scenario and the link-bandwidth extended community in the advertised route is a copy of the link-bandwidth extended community in the received route (which may have been added by import policy or by the effect of the add-to-received-ebgp command).
Default
no aggregate-used-paths
Parameters
- family
-
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Platforms
All
aggregation
aggregation
Syntax
[no] aggregation
Context
[Tree] (config>cflowd>collector aggregation)
Full Context
configure cflowd collector aggregation
Description
This command configures the type of aggregation scheme to be exported.
Specifies the type of data to be aggregated and to the collector.
To configure aggregation, you must decide which type of aggregation scheme to configure: autonomous system, destination prefix, protocol port, raw, source destination, or source prefix.
This can only be configured if the collector version is configured as V8.
The no form of this command removes all aggregation types from the collector configuration.
Default
no aggregation
Platforms
All
aggregator-id-zero
aggregator-id-zero
Syntax
[no] aggregator-id-zero
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy aggregator-id-zero)
Full Context
configure subscriber-mgmt bgp-peering-policy aggregator-id-zero
Description
This command is used to set the router ID in the BGP aggregator path attribute to zero when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes that contain different AS paths.
When BGP is aggregating routes, it adds the aggregator path attribute to the BGP update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.
When this command is enabled, BGP adds the router ID to the aggregator path attribute. The no form of this command used at the global level reverts to default where BGP adds the AS number and router ID to the aggregator path attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
aggregator-id-zero
Syntax
[no] aggregator-id-zero
Context
[Tree] (config>service>vprn>bgp>group>neighbor aggregator-id-zero)
[Tree] (config>service>vprn>bgp>group aggregator-id-zero)
[Tree] (config>service>vprn>bgp aggregator-id-zero)
Full Context
configure service vprn bgp group neighbor aggregator-id-zero
configure service vprn bgp group aggregator-id-zero
configure service vprn bgp aggregator-id-zero
Description
This command is used to set the router ID in the BGP aggregator path attribute to zero when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes that contain different AS paths.
When BGP is aggregating routes, it adds the aggregator path attribute to the BGP update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.
When this command is enabled, BGP adds the router ID to the aggregator path attribute. This command is used at the group level to revert to the value defined under the global level, while this command is used at the neighbor level to revert to the value defined under the group level.
The no form of this command used at the global level reverts to default where BGP adds the AS number and router ID to the aggregator path attribute.
The no form of this command used at the group level reverts to the value defined at the group level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
no aggregator-id-zero — BGP adds the AS number and router ID to the aggregator path attribute.
Platforms
All
aggregator-id-zero
Syntax
[no] aggregator-id-zero
Context
[Tree] (config>router>bgp>group aggregator-id-zero)
[Tree] (config>router>bgp>group>neighbor aggregator-id-zero)
[Tree] (config>router>bgp aggregator-id-zero)
Full Context
configure router bgp group aggregator-id-zero
configure router bgp group neighbor aggregator-id-zero
configure router bgp aggregator-id-zero
Description
This command sets the router ID in the BGP aggregator path attribute to zero when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes for the same prefix with different path attributes.
When BGP is aggregating routes, it adds the aggregator path attribute to the BGP update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.
When this command is enabled, BGP adds the router ID to the aggregator path attribute. This command is used at the group level to revert to the value defined under the global level, while this command is used at the neighbor level to revert to the value defined under the group level.
The no form of this command used at the global level reverts to default where BGP adds the AS number and router ID to the aggregator path attribute.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
no aggregator-id-zero
Platforms
All
agi
agi
Syntax
agi agi
no agi
Context
[Tree] (config>service>epipe>spoke-sdp>pw-path-id agi)
[Tree] (config>service>cpipe>spoke-sdp>pw-path-id agi)
[Tree] (config>service>vpls>spoke-sdp>pw-path-id agi)
Full Context
configure service epipe spoke-sdp pw-path-id agi
configure service cpipe spoke-sdp pw-path-id agi
configure service vpls spoke-sdp pw-path-id agi
Description
This command configures the attachment group identifier for an MPLS-TP PW.
Parameters
- agi
-
Specifies the attachment group identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
agi
Syntax
agi agi
no agi
Context
[Tree] (config>service>ies>red-if>spoke-sdp>pw-path-id agi)
[Tree] (config>service>ies>if>spoke-sdp>pw-path-id agi)
Full Context
configure service ies redundant-interface spoke-sdp pw-path-id agi
configure service ies interface spoke-sdp pw-path-id agi
Description
This command configures the attachment group identifier for an MPLS-TP PW.
Parameters
- agi
-
Specifies the attachment group identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies redundant-interface spoke-sdp pw-path-id agi
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface spoke-sdp pw-path-id agi
agi
Syntax
agi attachment-group-identifier
no agi
Context
[Tree] (config>service>vprn>red-if>spoke-sdp>pw-path-id agi)
[Tree] (config>service>vprn>if>spoke-sdp>pw-path-id agi)
Full Context
configure service vprn redundant-interface spoke-sdp pw-path-id agi
configure service vprn interface spoke-sdp pw-path-id agi
Description
This command configures the attachment group identifier for an MPLS-TP PW.
Parameters
- attachment-group-identifier
-
Specifies the attachment group identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn redundant-interface spoke-sdp pw-path-id agi
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp pw-path-id agi
agi
Syntax
agi route-identifier
no agi
Context
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>pw-path-id agi)
[Tree] (config>mirror>mirror-dest>spoke-sdp>pw-path-id agi)
Full Context
configure mirror mirror-dest remote-source spoke-sdp pw-path-id agi
configure mirror mirror-dest spoke-sdp pw-path-id agi
Description
This command configures the attachment group identifier for an MPLS-TP PW.
Parameters
- route-identifier
-
Specifies the attachment group identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
aging
aging
Syntax
aging days
no aging
Context
[Tree] (config>system>security>password aging)
Full Context
configure system security password aging
Description
This command configures the number of days a user password is valid before the user must change their password. This parameter can be used to force the user to change the password at the configured interval. Note the aging starts after the last password configuration or update. This timer is persistence (per user) over a node reboot or activity switch between CPMs. When the user changes the password, the timer is reset to the maximum age. When the password for a user ages out, the user is prompted at login to change the password. Console/SSH/Telnet supports password change prompt.
The no form of this command reverts to the default value.
Parameters
- days
-
Specifies the maximum number of days the password is valid.
Platforms
All
ah-ext-hdr
ah-ext-hdr
Syntax
ah-ext-hdr {true | false}
no ah-ext-hdr
Context
[Tree] (config>filter>ipv6-filter>entry>match ah-ext-hdr)
Full Context
configure filter ipv6-filter entry match ah-ext-hdr
Description
This command enables match on existence of AH Extension Header in the IPv6 filter policy.
The no form of this command ignores AH Extension Header presence/absence in a packet when evaluating match criteria of a given filter policy entry.
Default
no ah-ext-hdr
Parameters
- true
-
Matches a packet with an AH Extension Header.
- false
-
Matches a packet without an AH Extension Header.
Platforms
All
aigp
aigp
Syntax
[no] aigp
Context
[Tree] (config>router>bgp>group aigp)
[Tree] (config>router>bgp>group>neighbor aigp)
Full Context
configure router bgp group aigp
configure router bgp group neighbor aigp
Description
This command enables or disables Accumulated IGP (AIGP) path attribute support with one or more BGP peers. BGP path selection among routes with an associated AIGP metric is based on the end-to-end IGP metrics of the different BGP paths, even when these BGP paths span more than one AS and IGP instance.
The effect of disabling AIGP (using the no form of this command or implicit) is to remove the AIGP attribute from advertised routes, if present, and to ignore the AIGP attribute in received routes.
Default
no aigp
Platforms
All
aigp-metric
aigp-metric
Syntax
aigp-metric metric
aigp-metric add
aigp-metric igp
no aigp-metric
Context
[Tree] (config>router>policy-options>policy-statement>default-action aigp-metric)
[Tree] (config>router>policy-options>policy-statement>entry>action aigp-metric)
Full Context
configure router policy-options policy-statement default-action aigp-metric
configure router policy-options policy-statement entry action aigp-metric
Description
This command assigns a BGP AIGP metric to routes matching the entry. The effect of this command on a route matched and accepted by a route policy entry depends on how the policy is applied (BGP import policy vs. BGP export policy), the type of route and the specific form of this command.
In a BGP import policy this command is used to:
-
Associate an AIGP metric with an IBGP route received with an empty AS path and no AIGP attribute.
-
Associate an AIGP metric with an EBGP route received without an AIGP attribute that has an AS path containing only AS numbers belonging to the local AIGP administrative domain.
-
Modify the received AIGP metric value prior to BGP path selection.
In a BGP export policy this command is used to:
-
Add the AIGP attribute and set the AIGP metric value in a BGP route originated by exporting a direct, static or IGP route from the routing table.
-
Remove the AIGP attribute from a route advertisement to a particular peer.
-
Modify the AIGP metric value in a route advertisement to a particular peer.
Default
no aigp-metric
Parameters
- metric
-
Administratively defined metric.
- add
-
Adds the AIGP attribute.
- igp
-
Sets the AIGP metric to the IGP metric.
Platforms
All
ais-enable
ais-enable
Syntax
[no] ais-enable
Context
[Tree] (config>port>ethernet>eth-cfm>mep ais-enable)
[Tree] (config>lag>eth-cfm>mep ais-enable)
Full Context
configure port ethernet eth-cfm mep ais-enable
configure lag eth-cfm mep ais-enable
Description
This command enables the reception of AIS messages.
The no form of this command reverts to the default values.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ais-enable
Syntax
[no] ais-enable
Context
[Tree] (config>service>epipe>sap>eth-cfm ais-enable)
[Tree] (config>service>epipe>sap>eth-cfm>mep ais-enable)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ais-enable)
Full Context
configure service epipe sap eth-cfm ais-enable
configure service epipe sap eth-cfm mep ais-enable
configure service epipe spoke-sdp eth-cfm mep ais-enable
Description
This command enables the generation and the reception of AIS messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ais-enable
Syntax
[no] ais-enable
Context
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep ais-enable)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ais-enable)
[Tree] (config>service>vpls>sap>eth-cfm>mep ais-enable)
Full Context
configure service vpls mesh-sdp eth-cfm mep ais-enable
configure service vpls spoke-sdp eth-cfm mep ais-enable
configure service vpls sap eth-cfm mep ais-enable
Description
This command enables the generation and the reception of AIS messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ais-enable
Syntax
[no] ais-enable
Context
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm ais-enable)
Full Context
configure service ies interface spoke-sdp eth-cfm ais-enable
Description
This command configures the reception of Alarm Indication Signal (AIS) message.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ais-enable
Syntax
[no] ais-enable
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ais-enable)
[Tree] (config>service>vprn>sap>eth-cfm>mep ais-enable)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm ais-enable)
Full Context
configure service vprn subscriber-interface group-interface sap eth-cfm ais-enable
configure service vprn sap eth-cfm mep ais-enable
configure service vprn interface spoke-sdp eth-cfm ais-enable
Description
This command configures the reception of Alarm Indication Signal (AIS) message.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm ais-enable
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp eth-cfm ais-enable
ais-enable
Syntax
[no] ais-enable
Context
[Tree] (config>router>mpls>if>mpls-tp-mep ais-enable)
Full Context
configure router mpls interface mpls-tp-mep ais-enable
Description
This command enables MPLS-TP AIS insertion for the forward and reverse directions of all MPLS-TP transit paths using the MPLS interface. This causes the generation of AIS packets in the forward or reverse directions of a path if a fault is detected on the applicable underlying interface for the ingress of the path direction.
The no form of this command disables AIS insertion.
Default
no ais-enable
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
alarm
alarm
Syntax
alarm rmon-alarm-id variable-oid oid-string interval seconds [sample-type] [startup-alarm alarm-type] [rising-event rmon-event-id rising-threshold threshold] [falling-event rmon-event-id falling-threshold threshold] [owner owner-string]
no alarm rmon-alarm-id
Context
[Tree] (config>system>thresholds>rmon alarm)
Full Context
configure system thresholds rmon alarm
Description
The alarm command configures an entry in the RMON-MIB alarmTable. The alarm command controls the monitoring and triggering of threshold crossing events. In order for notification or logging of a threshold crossing event to occur there must be at least one associated rmon>event configured.
The agent periodically takes statistical sample values from the MIB variable specified for monitoring and compares them to thresholds that have been configured with the alarm command. The alarm command configures the MIB variable to be monitored, the polling period (interval), sampling type (absolute or delta value), and rising and falling threshold parameters. If a sample has crossed a threshold value, the associated event is generated.
Use the no form of this command to remove an rmon-alarm-id from the configuration.
Parameters
- rmon-alarm-id
-
Specifies a numerical identifier for the alarm being configured. The number of alarms that can be created is limited to 1200. Alarm ID values above 65400 are used for dynamic system threshold commands and should be avoided.
- oid-string
-
Specifies the SNMP object identifier of the particular variable to be sampled. Only SNMP variables that resolve to an ASN.1 primitive type of integer (integer, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may be sampled. The oid-string, up to 255 characters, may be expressed using either the dotted string notation or as object name plus dotted instance identifier. For example, "1.3.6.1.2.1.2.2.1.10.184582144" or "ifInOctets.184582144".
- seconds
-
Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds. When setting this interval value, care should be taken in the case of ’delta’ type sampling - the interval should be set short enough that the sampled variable is very unlikely to increase or decrease by more than 2147483647 - 1 during a single sampling interval. Care should also be taken not to set the interval value too low to avoid creating unnecessary processing overhead.
- sample-type
-
Specifies the method of sampling the selected variable and calculating the value to be compared against the thresholds.
- alarm-type
-
Specifies the alarm that may be sent when this alarm is first created.
If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, then a single rising threshold crossing event is generated.
If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
- rising-event rmon-event-id
-
Specifies the identifier of the rmon>event that specifies the action to be taken when a rising threshold crossing event occurs.
If there is no corresponding event configured for the specified rmon-event-id, then no association exists and no action is taken.
If the rising-event rmon-event-id has a value of zero (0), no associated event exists.
If a rising-event rmon-event-id is configured, the CLI requires a rising-threshold to also be configured.
- rising-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold value.
- falling-event rmon-event-id
-
Specifies the identifier of the rmon>event that specifies the action to be taken when a falling threshold crossing event occurs. If there is no corresponding event configured for the specified rmon-event-id, then no association exists and no action is taken. If the falling-event has a value of zero (0), no associated event exists.
If a falling-event is configured, the CLI requires a falling-threshold to also be configured.
- falling-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal the rising-threshold value.
- owner-string
-
Specifies the owner string; the owner identifies the creator of this alarm. It defaults to "TiMOS CLI". This parameter is defined primarily to allow entries that have been created in the RMON-MIB alarmTable by remote SNMP managers to be saved and reloaded in a CLI configuration file. The owner will not normally be configured by CLI users and can be a maximum of 80 characters long.
Platforms
All
alarm
Syntax
[no] alarm
Context
[Tree] (config>sys>security>cpu-protection>policy alarm)
Full Context
configure system security cpu-protection policy alarm
Description
This command enables the generation of an event when a rate is exceed. The event includes information about the offending source. Only one event is generated per monitor period.
The no form of this command disables the notifications.
Default
no alarm
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
alarm-contact-in-power
alarm-contact-in-power
Syntax
alarm-contact-in-power {on | off}
Context
[Tree] (config>system alarm-contact-in-power)
Full Context
configure system alarm-contact-in-power
Description
This command allows the user to enable a supply of +24V output power on the +24VDC pin of the Alarm Interface Port of the CPM. When enabled, the power supplied through the +24VDC output pin can be used as a source voltage for the alarm contact input pins. The +24VDC output can be used to supply power for monitoring external sensor devices such as cabinet door sensors instead of using an external power source. If users want to use a separate external power source, they should disable the supply of power to the +24VDC output pin by using this CLI command.
Default
alarm-contact-in-power off
Parameters
- on
-
Specifies to turn on power to the +24VDC output pin of the Alarm Interface Port of the CPM.
- off
-
Specifies to turn off power to the +24VDC output pin of the Alarm Interface Port of the CPM.
Platforms
7750 SR-a
alarm-contact-input
alarm-contact-input
Syntax
alarm-contact-input input-pin-number
Context
[Tree] (config>system alarm-contact-input)
Full Context
configure system alarm-contact-input
Description
Commands in this context configure the alarm contact input pin parameters for the specified input pin.
Parameters
- input-pin-number
-
Specifies the alarm contact input pin.
Platforms
7750 SR-a
alarm-notification
alarm-notification
Syntax
alarm-notification
Context
[Tree] (config>lag>eth-cfm>mep alarm-notification)
[Tree] (config>eth-tunnel>path>eth-cfm>mep alarm-notification)
Full Context
configure lag eth-cfm mep alarm-notification
configure eth-tunnel path eth-cfm mep alarm-notification
Description
This command configures the MEP alarm notification parameter.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
alarm-notification
Syntax
alarm-notification
Context
[Tree] (config>service>vpls>eth-cfm>mep alarm-notification)
[Tree] (config>service>vprn>sap>eth-cfm>mep alarm-notification)
[Tree] (config>service>vpls>sap>eth-cfm>mep alarm-notification)
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep alarm-notification)
[Tree] (config>port>ethernet>eth-cfm>mep alarm-notification)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep alarm-notification)
[Tree] (config>router>if>eth-cfm>mep alarm-notification)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep alarm-notification)
[Tree] (config>service>vprn>if>sap>eth-cfm>mep alarm-notification)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep alarm-notification)
[Tree] (config>service>ipipe>sap>eth-cfm>mep alarm-notification)
[Tree] (config>service>epipe>sap>eth-cfm>mep alarm-notification)
[Tree] (config>lag>eth-cfm>eth-cfm>mep alarm-notification)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep alarm-notification)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep alarm-notification)
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep alarm-notification)
[Tree] (config>service>ies>if>sap>eth-cfm>mep alarm-notification)
Full Context
configure service vpls eth-cfm mep alarm-notification
configure service vprn sap eth-cfm mep alarm-notification
configure service vpls sap eth-cfm mep alarm-notification
configure service ies interface spoke-sdp eth-cfm mep alarm-notification
configure port ethernet eth-cfm mep alarm-notification
configure service vpls spoke-sdp eth-cfm mep alarm-notification
configure router interface eth-cfm mep alarm-notification
configure service epipe spoke-sdp eth-cfm mep alarm-notification
configure service vprn interface sap eth-cfm mep alarm-notification
configure service vprn subscriber-interface group-interface sap eth-cfm mep alarm-notification
configure service ipipe sap eth-cfm mep alarm-notification
configure service epipe sap eth-cfm mep alarm-notification
configure lag eth-cfm eth-cfm mep alarm-notification
configure service vpls mesh-sdp eth-cfm mep alarm-notification
configure service vprn interface spoke-sdp eth-cfm mep alarm-notification
configure service ies subscriber-interface group-interface sap eth-cfm mep alarm-notification
configure service ies interface sap eth-cfm mep alarm-notification
Description
Commands in this context configure the Fault Notification Generation time values for raising the alarm and resetting the CCM defect alarm. These timers are used for network management processes and are not tied into delaying the notification to the fault management system on the network element. These timers do not affect fault propagation mechanisms.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface sap eth-cfm mep alarm-notification
- configure service epipe spoke-sdp eth-cfm mep alarm-notification
- configure port ethernet eth-cfm mep alarm-notification
- configure service vpls eth-cfm mep alarm-notification
- configure service epipe sap eth-cfm mep alarm-notification
- configure service vpls spoke-sdp eth-cfm mep alarm-notification
- configure service ies interface sap eth-cfm mep alarm-notification
- configure service vprn interface spoke-sdp eth-cfm mep alarm-notification
- configure service vpls mesh-sdp eth-cfm mep alarm-notification
- configure service vpls sap eth-cfm mep alarm-notification
- configure router interface eth-cfm mep alarm-notification
- configure service ies interface spoke-sdp eth-cfm mep alarm-notification
- configure service ipipe sap eth-cfm mep alarm-notification
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm mep alarm-notification
- configure service ies subscriber-interface group-interface sap eth-cfm mep alarm-notification
alarm-notification
Syntax
alarm-notification
Context
[Tree] (config>eth-ring>path>eth-cfm>mep alarm-notification)
Full Context
configure eth-ring path eth-cfm mep alarm-notification
Description
Commands in this context configure the MEP alarm notification parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
alarms
alarms
Syntax
alarms
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer alarms)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer alarms)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer alarms)
Full Context
configure mcast-management multicast-info-policy bundle video analyzer alarms
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms
configure mcast-management multicast-info-policy bundle channel video analyzer alarms
Description
Commands in this context configure alarms for the analyzer (VQM).
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
alarms
Syntax
alarms
Context
[Tree] (config>li>x-interfaces>x3 alarms)
Full Context
configure li x-interfaces x3 alarms
Description
This command enables the configuration of X3 alarms.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
alarms
Syntax
alarms
Context
[Tree] (config>system alarms)
Full Context
configure system alarms
Description
Commands in this context configure facility alarm parameters. Alarm support is intended to cover a focused subset of router states that are likely to indicate service impacts (or imminent service impacts) related to the overall state of hardware assemblies (cards, fans, links, and so on).
Platforms
All
alc-acct-triggered-reason
alc-acct-triggered-reason
Syntax
[no] alc-acct-triggered-reason
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute alc-acct-triggered-reason)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute alc-acct-triggered-reason
Description
This command includes the alc-acct-triggered-reason attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
alc-error-code
alc-error-code
Syntax
[no] alc-error-code
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute alc-error-code)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute alc-error-code
Description
This command enables RADIUS accounting messages to include an error number and error code when the subscriber host session terminates. To obtain a complete list of error numbers and their corresponding codes, use the tools>dump>aaa>radius-acct-terminate-cause command.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
alg
alg
Syntax
alg
Context
[Tree] (config>service>nat>nat-policy alg)
[Tree] (config>service>nat>firewall-policy alg)
[Tree] (config>service>nat>up-nat-policy alg)
Full Context
configure service nat nat-policy alg
configure service nat firewall-policy alg
configure service nat up-nat-policy alg
Description
Commands in this context configure application layer gateway (ALG) parameters of this policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat up-nat-policy alg
- configure service nat nat-policy alg
7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service nat firewall-policy alg
algorithm
algorithm
Syntax
algorithm flex-algo-id
no algorithm
Context
[Tree] (conf>router>segment-routing>srv6>micro-segment-locator algorithm)
[Tree] (config>router>segment-routing>srv6>locator algorithm)
Full Context
configure router segment-routing segment-routing-v6 micro-segment-locator algorithm
configure router segment-routing segment-routing-v6 locator algorithm
Description
This command configures an IGP flexible algorithm identifier for an SRv6 or micro-segment locator.
A locator can only be part of a single algorithm but it can be used in multiple IGP instances.
The no form of this command returns the locator to the base IGP algorithm 0.
Default
no algorithm
Parameters
- flex-algo-id
-
Specifies the flexible algorithm ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
alias
alias
Syntax
alias alias-name alias-command-name
no alias alias-name
Context
[Tree] (environment alias)
Full Context
environment alias
Description
This command enables the substitution of a command line (or part of a command line) by an alias. Use this command to create alternative or easier to remember or understand names for an entity or command string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The special characters forward slash (/) and backslash (\) cannot be used as the first character inside an alias string. An alias can contain a double quote character by preceding the quote with a backslash (\) character (for example, alias my-alias "| match \"string\""). Only a single command can be present in the command string (the command can be long with many parameters but there is no support for aliases that include multiple CLI commands or lines). This command can be entered in any context but must be created in the root environment context.
For example, to create an alias named soi to display OSPF interfaces, enter the following command:
alias soi "show router ospf interface”
Complex aliases can be created to have shortcuts for customized show routine output.
environment alias my-summary "| match expression \"----|Description|Interface|Admin State|Oper State|Transceiver Type|Optical Compliance|Link Length\" | match invert-match expression \"Ethernet Interface|OTU Interface\" | match invert-match expression \"----\" post-lines 1"
and then used like this:
show port detail my-summary
Parameters
- alias-name
-
Specifies the alias name, up to 80 characters. Do not use a valid command string for the name of the alias. If the alias specified is an actual command, this causes the command to be replaced by the alias.
- alias-command-name
-
Specifies the command name to be associated, up to 320 characters.
Platforms
All
align
align
Syntax
[no] align
Context
[Tree] (config>log>acct-policy align)
Full Context
configure log accounting-policy align
Description
This command enables alignment of statistics collection to the nearest interval within an hour. Enabling the alignment allows statistics collection into an accounting file that is being synchronized across multiple network nodes in the network.
The no form of this command disables alignment of statistics collection.
Default
no align
Platforms
All
all
all
Syntax
all [group grp-ip-address] [source ip-address] [detail]
no all
Context
[Tree] (debug>service>id>pim-snooping all)
Full Context
debug service id pim-snooping all
Description
This command enables or disables debugging for all the PIM modules.
Parameters
- grp-ip-address
-
Debugs information associated with all PIM modules
- ip-address
-
Debugs information associated with all PIM modules
- detail
-
Debugs detailed information on all PIM modules
Platforms
All
all
Syntax
all [detail]
no all
Context
[Tree] (debug>router>mpls>event all)
[Tree] (debug>router>rsvp>event all)
Full Context
debug router mpls event all
debug router rsvp event all
Description
This command debugs all events.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about all events.
Platforms
All
all
Syntax
all [detail]
no all
Context
[Tree] (debug>router>rsvp>packet all)
Full Context
debug router rsvp packet all
Description
This command debugs all packets.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about all RSVP packets.
Platforms
All
all
Syntax
all [group grp-ip-address] [source ip-address] [detail]
no all
Context
[Tree] (debug>router>pim all)
Full Context
debug router pim all
Description
This command enables debugging for all the PIM modules.
The no form of this command disables debugging PIM modules.
Parameters
- grp-ip-address
-
Debugs information associated with all PIM modules.
- ip-address
-
Debugs information associated with all PIM modules.
- detail
-
Debugs detailed information on all PIM modules.
Platforms
All
all
Syntax
[no] all
Context
[Tree] (debug>router>rpki-session>packet all)
Full Context
debug router rpki-session packet all
Description
This command enables debugging for all RPKI packets.
The no form of this command disables debugging for all RPKI packets.
Platforms
All
all
Syntax
all
Context
[Tree] (config>log>acct-policy>cr>aa>aa-from-sub-cntr all)
[Tree] (config>log>acct-policy>cr>aa>aa-to-sub-cntr all)
[Tree] (config>log>acct-policy>cr>aa>aa-sub-cntr all)
[Tree] (config>log>acct-policy>cr>aa>aa-sub-attr all)
Full Context
configure log accounting-policy custom-record aa-specific from-aa-sub-counters all
configure log accounting-policy custom-record aa-specific to-aa-sub-counters all
configure log accounting-policy custom-record aa-specific aa-sub-counters all
configure log accounting-policy custom-record aa-specific aa-sub-attributes all
Description
This command includes all counters and only applies to the 7750 SR.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
all-authorized-session-addresses
all-authorized-session-addresses
Syntax
[no] all-authorized-session-addresses
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute all-authorized-session-addresses)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute all-authorized-session-addresses
Description
This command specifies to include all included and authorized address/prefix attributes in session accounting and is applicable only for session-accounting mode.
With this flag enabled, all IP address attributes explicitly enabled to be included are the following:
-
delegated-ipv6-prefix
-
framed-ip-address
-
framed-ip-netmask
-
framed-ipv6-prefix
-
ipv6-address
These are included if the corresponding addresses or prefixes are authorized (via access-accept or ludb) and independent if they are used or not.
The no form of this command reverts to the default.
Default
no all-authorized-session-addresses
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
all-events
all-events
Syntax
all-events
Context
[Tree] (debug>service>id>mrp all-events)
Full Context
debug service id mrp all-events
Description
This command enables MRP debugging for the applicant, leave all, periodic and registrant state machines and enables debugging of received and transmitted MRP PDUs.
Platforms
All
all-events
Syntax
all-events
Context
[Tree] (debug>service>id>stp all-events)
Full Context
debug service id stp all-events
Description
This command enables STP debugging for all events.
The no form of the command disables debugging.
Platforms
All
all-l1isis
all-l1isis
Syntax
all-l1isis ieee-address
no all-l1isis
Context
[Tree] (config>service>vprn>isis all-l1isis)
Full Context
configure service vprn isis all-l1isis
Description
This command specifies the MAC address to use for the VPRN instance of the Layer 1 IS-IS routers. The MAC address should be a multicast address.
The no form of this command reverts to the default value.
Default
all-l1isis 01:80:c2:00:00:14
Parameters
- ieee-address
-
Specifies the destination MAC address for all Layer 1 I-IS neighbors on the link for this ISIS instance.
Platforms
All
all-l1isis
Syntax
all-l1isis ieee-address
no all-l1isis
Context
[Tree] (config>router>isis all-l1isis)
Full Context
configure router isis all-l1isis
Description
This command enables you to specify the MAC address to use for all Layer 1 IS-IS routers. The MAC address should be a multicast address.
The no form of this command reverts to the default value.
Default
01:80:c2:00:00:14
Parameters
- ieee-address
-
Specifies the destination MAC address for all Layer 1 I-IS neighbors on the link for this IS-IS instance.
Platforms
All
all-l2isis
all-l2isis
Syntax
all-l2isis ieee-address
no all-l2isis
Context
[Tree] (config>service>vprn>isis all-l2isis)
Full Context
configure service vprn isis all-l2isis
Description
This command specifies the MAC address to use for Layer 2 IS-IS routers for the VPRN instance. The MAC address should be a multicast address.
The no form of this command reverts to the default value.
Default
all-l2isis 01:80:c2:00:00:15
Parameters
- ieee-address
-
Specifies the destination MAC address for all Layer 2 ISIS neighbors on the link for this ISIS instance.
Platforms
All
all-l2isis
Syntax
all-l2isis ieee-address
no all-l2isis
Context
[Tree] (config>router>isis all-l2isis)
Full Context
configure router isis all-l2isis
Description
This command enables you to specify the MAC address to use for all Layer 2 IS-IS routers. The MAC address should be a multicast address.
The no form of this command reverts to the default value.
Default
01:80:c2:00:00:15
Parameters
- ieee-address
-
Specifies the destination MAC address for all Layer 2 IS-IS neighbors on the link for this IS-IS instance.
Platforms
All
all-octets-offered-count
all-octets-offered-count
Syntax
[no] all-octets-offered-count
Context
[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>i-counters all-octets-offered-count)
[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>i-counters all-octets-offered-count)
Full Context
configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters all-octets-offered-count
configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters all-octets-offered-count
Description
This command includes all octets offered in the count.
The no form of this command excludes the octets offered in the count.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
all-octets-offered-count
Syntax
[no] all-octets-offered-count
Context
[Tree] (config>log>acct-policy>cr>queue>i-counters all-octets-offered-count)
[Tree] (config>log>acct-policy>cr>ref-queue>i-counters all-octets-offered-count)
Full Context
configure log accounting-policy custom-record queue i-counters all-octets-offered-count
configure log accounting-policy custom-record ref-queue i-counters all-octets-offered-count
Description
This command includes all octets offered in the count.
The no form of this command excludes the octets offered in the count.
Default
no all-octets-offered-count
Platforms
All
all-packets-offered-count
all-packets-offered-count
Syntax
[no] all-packets-offered-count
Context
[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>i-counters all-packets-offered-count)
[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>i-counters all-packets-offered-count)
Full Context
configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters all-packets-offered-count
configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters all-packets-offered-count
Description
This command includes all packets offered in the count.
The no form of this command excludes the packets offered in the count.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
all-packets-offered-count
Syntax
[no] all-packets-offered-count
Context
[Tree] (config>log>acct-policy>cr>ref-queue>i-counters all-packets-offered-count)
[Tree] (config>log>acct-policy>cr>queue>i-counters all-packets-offered-count)
Full Context
configure log accounting-policy custom-record ref-queue i-counters all-packets-offered-count
configure log accounting-policy custom-record queue i-counters all-packets-offered-count
Description
This command includes all packets offered in the count.
The no form of this command excludes the packets offered in the count.
Default
no all-packets-offered-count
Platforms
All
allocate-dual-sids
allocate-dual-sids
Syntax
[no] allocate-dual-sids
Context
[Tree] (config>router>ospf>segm-rtng>adj-sid allocate-dual-sids)
[Tree] (config>router>isis>segm-rtng>adj-sid allocate-dual-sids)
[Tree] (config>router>ospf3>segm-rtng>adj-sid allocate-dual-sids)
Full Context
configure router ospf segment-routing adjacency-sid allocate-dual-sids
configure router isis segment-routing adjacency-sid allocate-dual-sids
configure router ospf3 segment-routing adjacency-sid allocate-dual-sids
Description
This command enables the support of two SR-MPLS adjacency SIDs per interface. A protected and unprotected adjacency SID is instantiated and advertised. If an SR-MPLS adjacency SID already exists, an additional complementary (protected or unprotected) adjacency SID is created on the interface.
The no form of this command disables the support of two SR-MPLS adjacency SIDs per interface.
Default
no allocate-dual-sids
Platforms
All
allocation
allocation
Syntax
allocation explicit-percent percent-of-parent-pool
allocation port-bw-weight pool-weight
no allocation
Context
[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools>class-pool allocation)
[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools>class-pool allocation)
Full Context
configure qos hs-port-pool-policy alt-port-class-pools class-pool allocation
configure qos hs-port-pool-policy std-port-class-pools class-pool allocation
Description
This command sizes the associated class-pool based on either the specified explicit-percent percent-of-parent-pool or based on the dynamic port bandwidth portioning mechanism. Setting an explicit percentage prevents the port-class pool from participating in the dynamic port level bandwidth-based distribution of the mid-pool’s size as the port bandwidth weight of the port-class pool becomes zero (0). Setting a port bandwidth weight causes the explicit percent value to become zero (0) disabling explicit sizing of the port-class pool.
The no form of the command sets the percent-of-parent-pool value to zero (0) and the pool-weight parameter to 1 for the port-class pool, restoring the default settings.
Default
allocation 1
Parameters
- percent-of-parent-pool
-
Specifies the percentage of parent pool being allocated. This parameter must be configured when specifying the explicit-percent. The percent-of-parent-pool value is expressed as a percentage with two decimal places (100th of a percent) that indicates that the port-class pool should be sized by applying the value to the parent mid-pool size. Specifying explicit-percent forces the port-bw-weight to a zero (0) value (disabled).
- pool-weight
-
Specifies port bandwidth weight being allocated. The port-bw-weight and explicit-percent commands are mutually exclusive. The pool-weight parameter is required when specifying the port bandwidth weight and defines both that the port-class pool should be sized in the port bandwidth distribution of the mid-pool’s size and what the distribution weight should be for the port-class pool compared to other port-class pools associated with the same mid-pool when competing for the port’s distribution portion.
Platforms
7750 SR-7/12/12e
allocation-percent
allocation-percent
Syntax
allocation-percent percent-of-parent-pool
no allocation-percent
Context
[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool allocation-percent)
Full Context
configure qos hs-pool-policy mid-tier mid-pool allocation-percent
Description
This command sizes the associated mid-pool based on the specified percent of the parent pool. The size is obtained by applying the specified percentage value to the current root-pool size acting as the mid-pool’s parent. Whenever the parent root-pool is changed to a new root-pool or the size of the current parent root-pool is modified, the mid-pool’s size is updated.
The no form of the command reverts to the default.
Default
allocation-percent 1.00
Parameters
- percent-of-parent-pool
-
Specifies the percent of the parent pool. This parameter is required when the allocation-percent command is executed. This parameter defines the percentage of the root pool's size to derive the size of the mid-pool. The value is specified as a percentage with two decimal places (100th of a percent).
Platforms
7750 SR-7/12/12e
allocation-weight
allocation-weight
Syntax
allocation-weight pool-weight
no allocation-weight
Context
[Tree] (config>qos>hs-pool-policy>root-tier>root-pool allocation-weight)
Full Context
configure qos hs-pool-policy root-tier root-pool allocation-weight
Description
This command specifies the weight that is applied to the root pool and is divided by the sum of all root pool weights to derive the pool’s buffer allocation factor. The amount of buffers remaining after the system-reserve percentage is applied is multiplied by the buffer allocation factor to derive the pool size.
Root pools function as an oversubscription control mechanism. A root pool acts as the root of a hierarchy of buffer pools and queues with respect to buffer allocation. Because the sum of the root pool sizes does not exceed the total number of buffers available, the number of buffers indicated by the root pools size is always be available to the queues within the root pools hierarchy, queues from one hierarchy can never steal buffers from another.
A root pool hierarchy is based on the dynamic parenting of one or more mid-tier pools to a root pool. A mid-tier pool represents the buffering allowed for all port-class pools mapped to the mid-tier pool. Each mid-tier pool is sized as a percentage of the root pool to which it is parented. The sum of the mid-tier pools percentages for a root pool may be greater than 100 percent, which allows the root pool to be oversubscribed. This can be beneficial when large fluctuations in mid-tier buffer utilization are expected and a given mid-tier pool should be allowed to exceed its fair share of buffering.
Through the mapping hierarchy presented above, each queue is mapped to a port-class pool, mid-tier pool, and root pool.
A root pool with an allocation-weight set to "0” is considered inactive and is not allocated buffers. Mid-tier pools cannot be parented to a root pool with a weight set to "0”. After a mid-tier pool is associated with a root pool, the root pool’s weight cannot be set to "0”.
As port classes are mapped to mid-tier pools in a different policy than mid-tier pools are mapped to root pools, a port-class pool can be mapped to a mid-tier pool that is not parented to a root pool. A queue mapped indirectly to a non-parented mid-tier pool has its operational MBS value set to zero and drops all incoming packets.
When a root pool’s allocation weight is modified, all root pools, mid-tier pools, and port class pool sizes are reevaluated and modified when necessary.
The no form of the command restores the default allocation-weight value to the associated root pool. Root pool 1 has a different default weight than root pools 2 through 8. The no allocation-weight command fails for root pools 2 through 8 if the root pool is currently parented to a class pool.
Default
root-pool 1: allocation-weight 100
root-pool 2 to 16: allocation-weight 0
Parameters
- pool-weight
-
Defines the weight of the associated root-pool root-pool-id and is used by the system to calculate the size of the root buffer pool. This parameter is required when executing the allocation-weight command. Setting the pool-weight to 0 disables the pool and prevents the root pool from being a parent to any class pools. Root pool 1 cannot be set with an allocation weight of 0.
Platforms
7750 SR-7/12/12e
allow-boot-license-violations
allow-boot-license-violations
Syntax
[no] allow-boot-license-violations
Context
[Tree] (config>system allow-boot-license-violations)
Full Context
configure system allow-boot-license-violations
Description
This command configures whether the system should allow successful execution of the bootup configuration file when it contains license violations. When enabled, the system will not error on any configuration that causes a license violation and as a result permits the system to come into service. However, if violations are detected, the system reboots after a period of time if the violations are not fixed. See the 7450 ESS, 7750 SR, 7950 XRS and VSR Pay-as-You-Grow Licensing Reference Guide for more information.
Platforms
All
allow-directed-broadcasts
allow-directed-broadcasts
Syntax
[no] allow-directed-broadcasts
Context
[Tree] (config>service>ies>if allow-directed-broadcasts)
[Tree] (config>service>vprn>nw-if allow-directed-broadcasts)
[Tree] (config>router>if allow-directed-broadcasts)
[Tree] (config>service>vprn>if allow-directed-broadcasts)
Full Context
configure service ies interface allow-directed-broadcasts
configure service vprn network-interface allow-directed-broadcasts
configure router interface allow-directed-broadcasts
configure service vprn interface allow-directed-broadcasts
Description
This command enables the forwarding of directed broadcasts out of the IP interface.
A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface.
When enabled, a frame destined to the local subnet on this IP interface is sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.
When disabled, directed broadcast packets discarded at this egress IP interface are counted in the normal discard counters for the egress SAP.
Allowing directed broadcasts is a well-known mechanism used for denial-of-service attacks.
By default, directed broadcasts are not allowed and are discarded at this egress IP interface.
The no form of this command disables the forwarding of directed broadcasts out of the IP interface. All broadcasts are dropped.
Default
no allow-directed-broadcasts — Directed broadcasts are dropped.
Platforms
All
allow-dot1q-msaps
allow-dot1q-msaps
Syntax
[no] allow-dot1q-msaps
Context
[Tree] (config>service>vpls>sap allow-dot1q-msaps)
Full Context
configure service vpls sap allow-dot1q-msaps
Description
This command enables support for single tagged traffic triggering managed SAP creation on a qinq encapsulated capture SAP.
With this command enabled, a single tagged trigger packet received on a qinq encapsulated capture SAP (x/y/z:*.* or x/y/z:tag.*) can trigger the creation of an x/y/z:tag.0 managed SAP (MSAP).
The config>system>ethernet>new-qinq-untagged-sap command should be configured:
-
as a prerequisite for an x/y/z:tag.* capture-sap
-
where x/y/z:tag1.0 and x/y/z:tag1.tag2 MSAPs for an x/y/z:*.* capture-sap should co-exist
Note that enabling new-qinq-untagged-sap affects the behavior of existing <port-id>:tag.0 SAPs.
With the allow-dot1q-msaps command disabled (default), a single tagged trigger packet received on a qinq encapsulated capture SAP (x/y/z:*.* or x/y/z:tag.*) is dropped as "Invalid QTag”.
This command cannot be enabled on:
-
a dot1q encapsulated capture-sap
-
an inverse capture sap (x/y/z:*.tag)
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-egress-remark-dscp
allow-egress-remark-dscp
Syntax
[no] allow-egress-remark-dscp
Context
[Tree] (config>oam-pm>session>ip allow-egress-remark-dscp)
Full Context
configure oam-pm session ip allow-egress-remark-dscp
Description
This command instructs the egress QoS process to modify the DSCP based on the egress QoS configuration. This command exposes the DSCP to egress DSCP processing rules.
The no form of this command instructs the egress QoS process to ignore the DSCP and allow it to bypass egress QoS. If the config>qos>network>egress>remark force command is configured for the network egress QoS profile, the egress QoS process is applied and the DSCP can be overwritten regardless of the allow-egress-remark-dscp configuration.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
allow-egress-remark-dscp
Syntax
[no] allow-egress-remark-dscp
Context
[Tree] (config>test-oam>link-meas>template>twl allow-egress-remark-dscp)
Full Context
configure test-oam link-measurement measurement-template twamp-light allow-egress-remark-dscp
Description
This command instructs the egress QoS process to modify the DSCP based on the egress QoS configuration. This command exposes the DSCP to egress DSCP processing rules.
If the config>qos>network>egress>remark-force command is configured for the network egress QoS profile, the egress QoS process is applied and the DSCP can be overwritten regardless of the allow-egress-remark-dscp configuration.
The no form of this command reverts to the default value, bypassing egress QoS processing of the DSCP.
Default
no allow-egress-remark-dscp
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
allow-export-bgp-vpn
allow-export-bgp-vpn
Syntax
[no] allow-export-bgp-vpn
Context
[Tree] (config>service>vprn allow-export-bgp-vpn)
Full Context
configure service vprn allow-export-bgp-vpn
Description
This command allows routes leaked from another local VPRN service to be re-exported by this VPRN in the form of new VPN-IP routes. The service label, route targets, and BGP next-hop of the re-advertised routes are based on the configuration and default values of the re-exporting VPRN.
When re-exporting leaked routes, the following restrictions apply.
-
The allow-export-bgp-vpn command is not configurable in combination with any of the following commands: carrier-carrier-vpn (CSC), label-mode next-hop (LPN), type {hub | spoke | subscriber-split-horizon}, redundant-interface, and export-inactive-bgp.
-
Re-exported routes always have the per-VRF label of the exporting VPRN; label-per-prefix advertisement is not supported.
-
The best-external (inactive BGP) routes leaked by another VPRN cannot be re-exported by a VPRN configured with allow-export-bgp-vpn.
When a VPRN configured with allow-export-bgp-vpn advertises a leaked route, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or other similar instability.
If the no form of this command is configured, leaked routes cannot be re-advertised as VPN-IP routes; they can only be re-advertised to PE-CE BGP peers of the VPRN.
Default
no allow-export-bgp-vpn
Platforms
All
allow-flex-algo-fallback
allow-flex-algo-fallback
Syntax
[no] allow-flex-algo-fallback
Context
[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel allow-flex-algo-fallback)
[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel allow-flex-algo-fallback)
[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunnel>family allow-flex-algo-fallback)
[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel allow-flex-algo-fallback)
[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel allow-flex-algo-fallback)
[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family allow-flex-algo-fallback)
Full Context
configure service epipe bgp-evpn mpls auto-bind-tunnel allow-flex-algo-fallback
configure service vpls bgp-evpn mpls auto-bind-tunnel allow-flex-algo-fallback
configure router bgp next-hop-resolution shortcut-tunnel family allow-flex-algo-fallback
configure service vprn bgp-evpn mpls auto-bind-tunnel allow-flex-algo-fallback
configure service vprn bgp-ipvpn mpls auto-bind-tunnel allow-flex-algo-fallback
configure router bgp next-hop-resolution labeled-routes transport-tunnel family allow-flex-algo-fallback
Description
This command configures a router to relax the strictly enforced Flex-Algorithm aware autobind, which is enabled through an import policy configured with the action flex-algo command.
If the allow-flex-algo-fallback command is enabled, the BGP router can autobind to a fallback algorithm 0 tunnel if no target Flex-Algorithm tunnel is available. If the allow-flex-algo-fallback command is disabled, the BGP autobind is strictly enforced to an intended Flex-Algorithm tunnel, which may cause traffic loss if no corresponding Flex-Algorithm tunnel exists.
The no form of this command removes the allow-flex-algo-fallback command from the configuration.
Default
no allow-flex-algo-fallback
Platforms
All
allow-fragmentation
allow-fragmentation
Syntax
[no] allow-fragmentation
Context
[Tree] (config>service>sdp allow-fragmentation)
[Tree] (config>service>pw-template allow-fragmentation)
Full Context
configure service sdp allow-fragmentation
configure service pw-template allow-fragmentation
Description
This command disables the setting of the do-not-fragment bit in the IP header of GRE encapsulated service traffic. This feature is only applicable to GRE SDPs and will be applied to all service traffic using the associated GRE SDP.
The no form of this command removes the command from the active configuration and returns the associated SDP to its default which is to set the do-not-fragment bit in all GRE encapsulated service traffic.
Default
no allow-fragmentation
Platforms
All
allow-ftp
allow-ftp
Syntax
[no] allow-ftp
Context
[Tree] (config>service>vprn>management allow-ftp)
Full Context
configure service vprn management allow-ftp
Description
This commands allows access to the FTP server from VPRN.
The no form of this command removes FTP access for this VPRN.
Platforms
All
allow-ftp
Syntax
[no] allow-ftp
Context
[Tree] (config>system>security>management allow-ftp)
Full Context
configure system security management allow-ftp
Description
This command allows access to the FTP server from Base and Management routers if it is operationally up.
The no form of this command disallows access to the FTP server.
Default
allow-ftp
Platforms
All
allow-grpc
allow-grpc
Syntax
[no] allow-grpc
Context
[Tree] (config>system>security>management allow-grpc)
Full Context
configure system security management allow-grpc
Description
This command allows access to the gRPC server from Base and Management routers if it is operationally up.
The no form of this command disallows access to the gRPC server.
Platforms
All
allow-grpc
Syntax
[no] allow-grpc
Context
[Tree] (config>service>vprn>management allow-grpc)
Full Context
configure service vprn management allow-grpc
Description
This commands allows access to the GRPC server from VPRN.
The no form of this command removes GRPC access for this VPRN.
Platforms
All
allow-icmp-redirect
allow-icmp-redirect
Syntax
[no] allow-icmp-redirect
Context
[Tree] (config>router allow-icmp-redirect)
Full Context
configure router allow-icmp-redirect
Description
This command allows ICMP redirects received on the management interface.
The no form of this command drops the ICMP redirects received on the management interface.
Platforms
All
allow-icmp6-redirect
allow-icmp6-redirect
Syntax
[no] allow-icmp-redirect
Context
[Tree] (config>router allow-icmp6-redirect)
Full Context
configure router allow-icmp6-redirect
Description
This command allows IPv6 ICMP redirects received on the management interface.
The no form of this command drops the IPv6 ICMP redirects received on the management interface.
Platforms
All
allow-immediate
allow-immediate
Syntax
[no] allow-immediate
Context
[Tree] (config>system>management-interface>cli>classic-cli allow-immediate)
Full Context
configure system management-interface cli classic-cli allow-immediate
Description
This command enables write access in the classic CLI configuration branch without having to use the classic CLI candidate edit functionality.
The no form of this command blocks write access and configuration changes in the classic CLI configuration branch, and the classic CLI configuration branch is read-only. This enforces using the classic CLI candidate edit functionality, including candidate commit, to modify the router configuration, instead of allowing immediate line-by-line configuration changes.
Default
allow-immediate
Platforms
All
allow-ip-int-bind
allow-ip-int-bind
Syntax
[no] allow-ip-int-bind
Context
[Tree] (config>service>vpls allow-ip-int-bind)
Full Context
configure service vpls allow-ip-int-bind
Description
The allow-ip-int-bind command that sets a flag on the VPLS or I-VPLS service that enables the ability to attach an IES or VPRN IP interface to the VPLS service in order to make the VPLS service routable. When the allow-ip-int-bind command is not enabled, the VPLS service cannot be attached to an IP interface.
VPLS Configuration Constraints for Enabling allow-ip-int-bind
When attempting to set the allow-ip-int-bind VPLS flag, the system first checks to see if the correct configuration constraints exist for the VPLS service and the network ports. The following VPLS features must be disabled or not configured for the allow-ip-int-bind flag to set:
-
SAP ingress QoS policies applied to the VPLS SAPs cannot have MAC match criteria defined
-
The VPLS service type cannot be B-VPLS or M-VPLS
-
MVR from Routed VPLS and to another SAP is not supported
-
Enhanced and Basic Subscriber Management (ESM and BSM) features
-
Network domain on SDP bindings
Once the VPLS allow-ip-int-bind flag is set on a VPLS service, the above features cannot be enabled on the VPLS service.
Network Port Hardware Constraints
The system also checks to ensure that all ports configured in network mode are associated with FlexPath2 forwarding planes. If a port is currently in network mode and the port is associated with a FlexPath1 forwarding plane, the allow-ip-int-bind command will fail. Once the allow-ip-int-bind flag is set on any VPLS service, attempting to enable network mode on a port associated with a FlexPath1 forwarding plane will fail.
VPLS SAP Hardware Constraints
Besides VPLS configuration and network port hardware association, the system also checks to that all SAPs within the VPLS are created on Ethernet ports and the ports are associated with FlexPath2 forwarding planes. Certain Ethernet ports and virtual Ethernet ports are not supported which include CCAG virtual ports (VSM based). If a SAP in the VPLS exists on an unsupported port type or is associated with a FlexPath1 forwarding plane, the allow-ip-int-bind command will fail. Once the allow-ip-int-bind flag is set on the VPLS service, attempting to create a VPLS SAP on the wrong port type or associated with a FlexPath1 forwarding plane will fail.
VPLS Service Name Bound to IP Interface without allow-ip-int-bind flag Set
If a service name is applied to a VPLS service and that service name is also bound to an IP interface but the allow-ip-int-bind flag has not been set on the VPLS service context, the system attempt to resolve the service name between the VPLS service and the IP interface will fail. After the allow-ip-int-bind flag is successfully set on the VPLS service, either the service name on the VPLS service must be removed and reapplied or the IP interface must be re-initialized using the shutdown / no shutdown commands. This will cause the system to reattempt the name resolution process between the IP interface and the VPLS service.
The no form of this command resets the allow-ip-int-bind flag on the VPLS service. If the VPLS service currently has an IP interface from an IES or VPRN service attached, the no allow-ip-int-bind command will fail. Once the allow-ip-int-bind flag is reset on the VPLS service, the configuration and hardware restrictions associated with setting the flag are removed. The port network mode hardware restrictions are also removed.
Platforms
All
allow-ipv6-udp-checksum-zero
allow-ipv6-udp-checksum-zero
Syntax
[no] allow-ipv6-udp-checksum-zero
Context
[Tree] (config>test-oam>link-meas>template>twl allow-ipv6-udp-checksum-zero)
[Tree] (config>service>vprn>twamp-light>reflector allow-ipv6-udp-checksum-zero)
[Tree] (config>router>twamp-light>reflector allow-ipv6-udp-checksum-zero)
Full Context
configure test-oam link-measurement measurement-template twamp-light allow-ipv6-udp-checksum-zero
configure service vprn twamp-light reflector allow-ipv6-udp-checksum-zero
configure router twamp-light reflector allow-ipv6-udp-checksum-zero
Description
This command configures the acceptance of IPv6 packets with UDP checksums of 0.This optional configuration allows the router to process arriving IPv6 TWAMP Test packets that contain IPv6 UDP checksum of 0x0000. The UDP port specific to this TWAMP Light test bypasses the default discard IPv6 UDP checksum 0x0000. If this optional command is not configured, IPv6 UDP checksum 0x000 arriving packets are discarded.
The no form of this command reverts to the default value, discarding packets that arrive with an IPv6 UDP checksum of 0x0000.
Default
no allow-ipv6-udp-checksum-zero
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
allow-lease-query
allow-lease-query
Syntax
[no] allow-lease-query
Context
[Tree] (config>service>vprn>dhcp6>server allow-lease-query)
[Tree] (config>router>dhcp6>server allow-lease-query)
Full Context
configure service vprn dhcp6 local-dhcp-server allow-lease-query
configure router dhcp6 local-dhcp-server allow-lease-query
Description
If enabled, the local DHCPv6 server will handle and reply to lease query messages.
The no form of this command disables lease query support.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-list
allow-list
Syntax
allow-list allow-list-name
no allow-list
Context
[Tree] (config>app-assure>group>url-filter>local-filtering allow-list)
Full Context
configure application-assurance group url-filter local-filtering allow-list
Description
This command adds an allow-list URL list to the local filtering URL filter policy.
The no form of this command removes the URL list object.
Default
no allow-list
Parameters
- allow-list-name
-
Specifies the URL list name.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
allow-local-management
allow-local-management
Syntax
[no] allow-local-management
Context
[Tree] (config>service>vprn>grt>enable-grt allow-local-management)
Full Context
configure service vprn grt-lookup enable-grt allow-local-management
Description
This command enables the support of specific management protocols over VPRN interfaces that terminate on Base routing context IPv4 and IPv6 interface addresses, including Base loopback and system addresses. Global Routing Table (GRT) leaking is used to enable the visibility and access of the Base interface addresses in the VPRN. The supported protocols are Telnet, FTP, SNMP, TACACS+, RADIUS (IPv4 only, not IPv6), SSH (including applications that ride over the standard SSH TCP port 22 such as SCP and SFTP) and NETCONF (configured on port 22 or 830).
Ping and traceroute responses from the Base router interfaces are supported but are not configurable.
The allow-local-management command does not control the support for management protocols terminating on VPRN interfaces directly. See "Node Management using VPRN" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN for more information. Also, see the access command in the config>service>vprn>snmp context, and the commands in the config>service>vprn>management context.
Platforms
All
allow-multiple-wan-addresses
allow-multiple-wan-addresses
Syntax
[no] allow-multiple-wan-addresses
Context
[Tree] (config>service>ies>sub-if>ipv6 allow-multiple-wan-addresses)
[Tree] (config>service>ies>sub-if>grp-if>ipv6 allow-multiple-wan-addresses)
[Tree] (config>service>vprn>sub-if>ipv6 allow-multiple-wan-addresses)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6 allow-multiple-wan-addresses)
Full Context
configure service ies subscriber-interface ipv6 allow-multiple-wan-addresses
configure service ies subscriber-interface group-interface ipv6 allow-multiple-wan-addresses
configure service vprn subscriber-interface ipv6 allow-multiple-wan-addresses
configure service vprn subscriber-interface group-interface ipv6 allow-multiple-wan-addresses
Description
This command enables host to have two WAN addresses, one from DHCP IA_NA and one from SLAAC assignment.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-netconf
allow-netconf
Syntax
[no] allow-netconf
Context
[Tree] (config>system>security>management allow-netconf)
Full Context
configure system security management allow-netconf
Description
This command allows access to the NETCONF server from Base and Management routers if it is operationally up.
The no form of this command disallows access to the NETCONF server.
Platforms
All
allow-netconf
Syntax
[no] allow-netconf
Context
[Tree] (config>service>vprn>management allow-netconf)
Full Context
configure service vprn management allow-netconf
Description
This commands allows access to the NETCONF server from VPRN.
The no form of this command removes NETCONF access for this VPRN.
Platforms
All
allow-qinq-network-interface
allow-qinq-network-interface
Syntax
[no] allow-qinq-network-interface
Context
[Tree] (config>system>ip allow-qinq-network-interface)
Full Context
configure system ip allow-qinq-network-interface
Description
This command is a system-wide option that allows the creation of network interfaces on a QinQ encapsulated VLAN.
When enabled, the maximum number of allowed MPLS labels is reduced by 1 to allow for the additional VLAN tag at egress processing.
The no form of this command reverts the option to the default value, which is to not allow network interfaces on QinQ encapsulated VLANs.
Default
no allow-qinq-network-interface
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
allow-reverse-route-override
allow-reverse-route-override
Syntax
allow-reverse-route-override [type]
no allow-reverse-route-override
Context
[Tree] (config>service>vprn>ipsec allow-reverse-route-override)
Full Context
configure service vprn ipsec allow-reverse-route-override
Description
This command allows a new dynamic LAN-to-LAN tunnel that terminates in the private VPRN service to be created with an overlapping reverse route.
The no form of this command reverts to the default value.
Default
no allow-reverse-route-override
Parameters
- type
-
Specifies the action to take when the system accepts a new reverse route.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
allow-sr-over-srte
allow-sr-over-srte
Syntax
[no] allow-sr-over-srte
Context
[Tree] (config>router>isis>igp-sc allow-sr-over-srte)
[Tree] (config>router>ospf>igp-sc allow-sr-over-srte)
Full Context
configure router isis igp-shortcut allow-sr-over-srte
configure router ospf igp-shortcut allow-sr-over-srte
Description
This command enables the SR-TE LSPs as eligible SRv4 or SRv6 IGP shortcuts.
For SR-MPLS SRv4 and SRv6, IGP shortcuts can only use SR-TE LSPs with allow-sr-over-srte explicitly enabled that have an adjacency SID as top SID in the SR-TE LSP. IPv4 and IPv6 addresses can use all available SR-TE LSPs as shortcuts regardless of the explicit allow-sr-over-srte configuration.
Under ECMP, when IGP allow-sr-over-srte is configured, preference is given to the SR-TE LSPs with allow-sr-over-srte explicitly configured over the LSPs that do not have allow-sr-over-srte configured.
The no form of this command disables the eligibility.
Default
no allow-sr-over-srte
Platforms
All
allow-ssh
allow-ssh
Syntax
[no] allow-ssh
Context
[Tree] (config>service>vprn>management allow-ssh)
Full Context
configure service vprn management allow-ssh
Description
This command allows configuration of the SSH parameters.
The no form of this command disallows configuration of the SSH parameters.
Platforms
All
allow-ssh
Syntax
[no] allow-ssh
Context
[Tree] (config>system>security>management allow-ssh)
Full Context
configure system security management allow-ssh
Description
This command allows the SSH parameters to be configured from Base and Management routers.
The no form of this command disallows SSH parameters from being configured.
Default
allow-ssh
Platforms
All
allow-static
allow-static
Syntax
allow-static
no allow-static
Context
[Tree] (config>router>bgp>next-hop-res>labeled-routes allow-static)
Full Context
configure router bgp next-hop-resolution labeled-routes allow-static
Description
This command allows the BGP next-hop of label-IPv4, label-IPv6, VPN-IPv4, and VPN-IPv6 routes received from any EBGP or IBGP peer to be resolved using static routes, except for static default routes (0/0 and ::/0).
A static route is less preferred than a local or interface route for resolving the BGP next-hop of labeled route, but more preferred than other IGP routes or tunnels.
A label-IPv4 or label-IPv6 route can be resolved by a static blackhole route, even when the allow-static command is not configured, but only if the static blackhole route is the longest prefix match (LPM) static route for the BGP next-hop address.
Default
no allow-static
Platforms
All
allow-telnet
allow-telnet
Syntax
[no] allow-telnet
Context
[Tree] (config>service>vprn>management allow-telnet)
Full Context
configure service vprn management allow-telnet
Description
This command allows access to the Telnet server from a VPRN.
The no form of this command removes the Telnet access.
Platforms
All
allow-telnet
Syntax
[no] allow-telnet
Context
[Tree] (config>system>security>management allow-telnet)
Full Context
configure system security management allow-telnet
Description
This command allows access to the Telnet server from Base and Management routers if it is operationally up.
The no form of this command disallows access to the Telnet server.
Default
allow-telnet
Platforms
All
allow-telnet6
allow-telnet6
Syntax
[no] allow-telnet6
Context
[Tree] (config>service>vprn>management allow-telnet6)
Full Context
configure service vprn management allow-telnet6
Description
This command allows access to the Telnet IPv6 server from a VPRN.
The no form of this command removes the Telnet IPv6 access.
Platforms
All
allow-telnet6
Syntax
[no] allow-telnet6
Context
[Tree] (config>system>security>management allow-telnet6)
Full Context
configure system security management allow-telnet6
Description
This command allows access to the Telnet IPv6 server from Base and Management routers if it is operationally up.
The no form of this command disallows access to the Telnet IPv6 server.
Default
allow-telnet6
Platforms
All
allow-unmatching-prefixes
allow-unmatching-prefixes
Syntax
[no] allow-unmatching-prefixes
Context
[Tree] (config>service>vprn>sub-if>ipv6 allow-unmatching-prefixes)
[Tree] (config>service>ies>sub-if>ipv6 allow-unmatching-prefixes)
Full Context
configure service vprn subscriber-interface ipv6 allow-unmatching-prefixes
configure service ies subscriber-interface ipv6 allow-unmatching-prefixes
Description
This command allows address assignment for IPoEv6 and PPPoEv6 hosts in cases where the subscriber host assigned IPv6 address or prefix falls outside of the subscriber-prefix range explicitly configured for the subscriber-interface (configure>service>vprn/ies>sub-if>ipv6) or the subscriber-prefix is not configured at all.
SLAAC hosts is installed in the FDB as /64 entries, the length of the installed DHCP-PD prefix is dictated by the prefix-length and the DHCP-NA host is installed as /128 entries.
IPv4 subscriber hosts are unaffected by this command.
The no form of this command reverts to the default.
Default
no allow-unmatching-prefixes
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-unmatching-subnets
allow-unmatching-subnets
Syntax
[no] allow-unmatching-subnets
Context
[Tree] (config>service>vprn>subscriber-interface allow-unmatching-subnets)
Full Context
configure service vprn subscriber-interface allow-unmatching-subnets
Description
This command specifies whether subscriber hosts with a subnet that does not match any of the subnets configured on this interface, are allowed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-unmatching-subnets
Syntax
[no] allow-unmatching-subnets
Context
[Tree] (config>service>vprn>sub-if>ipv6 allow-unmatching-subnets)
[Tree] (config>service>ies>sub-if>ipv6 allow-unmatching-subnets)
Full Context
configure service vprn subscriber-interface ipv6 allow-unmatching-subnets
configure service ies subscriber-interface ipv6 allow-unmatching-subnets
Description
This command allows address assignment for IPoEv6 and PPPoEv6 hosts in cases where the subscriber host assigned IPv6 address or prefix falls outside of the subscriber-prefix range explicitly configured for the subscriber-interface (configure>service>vprn/ies>sub-if>ipv6) or the subscriber-prefix is not configured at all.
SLAAC hosts are installed in the FDB as /64 entries, the length of the installed DHCP-PD prefix is dictated by the prefix-length and the DHCP-NA host is installed as /128 entries.
IPv4 subscriber hosts are unaffected by this command.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-unmatching-subnets
Syntax
[no] allow-unmatching-subnets
Context
[Tree] (config>service>ies>subscriber-interface allow-unmatching-subnets)
Full Context
configure service ies subscriber-interface allow-unmatching-subnets
Description
This command specifies whether subscriber hosts with a subnet that does not match any of the subnets configured on this interface, are allowed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
allow-unresolved-leaking
allow-unresolved-leaking
Syntax
[no] allow-unresolved-leaking
Context
[Tree] (config>router>bgp>next-hop-res allow-unresolved-leaking)
Full Context
configure router bgp next-hop-resolution allow-unresolved-leaking
Description
This command instructs BGP, in the base router instance, to allow its routes to be leaked to other (VPRN) BGP instances, even if the routes to be leaked do not have a BGP next hop that can be resolved by the base instance.
By default, BGP routes cannot be leaked to another BGP instance unless they are resolvable by the instance that receives them.
The no form of this command provides the default behavior.
Default
no allow-unresolved-leaking
Platforms
All
allow-unsecure-connection
allow-unsecure-connection
Syntax
[no] allow-unsecure-connection
Context
[Tree] (config>system>grpc allow-unsecure-connection)
Full Context
configure system grpc allow-unsecure-connection
Description
This command enables unsecure operation of gRPC connections. This means that TCP connections are not encrypted, including username and password information.
This command can be enabled only if there is no TLS profile assigned to the gRPC server.
The no form of this command enables TLS encryption on gRPC connections.
Default
no allow-unsecure-connection
Platforms
All
allow-unsecure-connection
Syntax
[no] allow-unsecure-connection
Context
[Tree] (config>system>management-interface>remote-management allow-unsecure-connection)
Full Context
configure system management-interface remote-management allow-unsecure-connection
Description
This command enables unsecure operation of all remote manager connections. In an unsecured operation, connections are not encrypted, including the username and password information.
This command and client-tls-profile are mutually exclusive. This means it can be used only if there are no TLS profiles assigned to the server.
If this command is also configured in the config>system>management-interface>remote-management> manager context, that configuration takes precedence.
The no form of this command disables unsecured connections.
Default
no allow-unsecure-connection
Platforms
All
allow-unsecure-connection
Syntax
[no] allow-unsecure-connection
Context
[Tree] (config>system>management-interface>remote-management>manager allow-unsecure-connection)
Full Context
configure system management-interface remote-management manager allow-unsecure-connection
Description
This command allows an unsecured connection to the remote managers; the TCP connection is not encrypted. This includes username and password information.
This command and client-tls-profile are mutually exclusive.
This command takes precedence over the same command configured in the config> system>management-interface>remote-management context, if applicable.
The no form of this command disables unsecured connections for the specified manager.
Default
no allow-unsecure-connection
Platforms
All
allow-unsecure-connection
Syntax
[no] allow-unsecure-connection
Context
[Tree] (config>system>telemetry>destination-group allow-unsecure-connection)
Full Context
configure system telemetry destination-group allow-unsecure-connection
Description
This command enables an unsecured connection for a specified destination group.
This command is mutually exclusive with the tls-client-profile command.
The no form of this command disables unsecured connections for the specified destination group.
Default
no allow-unsecure-connection
Platforms
All
allow-unsecure-connection
Syntax
[no] allow-unsecure-connection
Context
[Tree] (config>system>grpc-tunnel>destination-group allow-unsecure-connection)
Full Context
configure system grpc-tunnel destination-group allow-unsecure-connection
Description
This command enables an unsecured connection for a specified destination group, which allows a gRPC tunnel to run without a secured transport protocol. Data is transferred in unencrypted form.
This command is mutually exclusive with the tls-client-profile command.
The no form of this command disables unsecured connections for the specified destination group.
Default
no allow-unsecure-connection
Platforms
All
allow-unsecured-msgs
allow-unsecured-msgs
Syntax
[no] allow-unsecured-msgs
Context
[Tree] (config>service>ies>if>ipv6>secure-nd allow-unsecured-msgs)
Full Context
configure service ies interface ipv6 secure-nd allow-unsecured-msgs
Description
This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default.
The no form of this command disables accepting unsecured messages.
Platforms
All
allow-unsecured-msgs
Syntax
[no] allow-unsecured-msgs
Context
[Tree] (config>service>vprn>if>send allow-unsecured-msgs)
Full Context
configure service vprn interface ipv6 secure-nd allow-unsecured-msgs
Description
This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default.
The no form of this command disables accepting unsecured messages.
Platforms
All
allow-unsecured-msgs
Syntax
[no] allow-unsecured-msgs
Context
[Tree] (config>router>if>ipv6>secure-nd allow-unsecured-msgs)
Full Context
configure router interface ipv6 secure-nd allow-unsecured-msgs
Description
This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default.
The no form of this command disables accepting unsecured messages.
Platforms
All
allow-user-name
allow-user-name
Syntax
[no] allow-user-name
Context
[Tree] (config>system>security>password>complexity-rules allow-user-name)
Full Context
configure system security password complexity-rules allow-user-name
Description
The user name is allowed to be used as part of the password.
The no form of this command does not allow user name to be used as password.
Default
no allow-user-name
Platforms
All
allowed-peer-as
allowed-peer-as
Syntax
[no] allowed-peer-as min-as-number [max max-as-number]
Context
[Tree] (config>service>vprn>bgp>group>dynamic-neighbor>match>prefix allowed-peer-as)
Full Context
configure service vprn bgp group dynamic-neighbor match prefix allowed-peer-as
Description
This command configures a single peer AS value or a contiguous range of peer AS values to associate with a prefix from which dynamic BGP sessions can be accepted.
If an incoming dynamic BGP session is associated with the prefix then the peer’s AS, as reported in the OPEN message, is checked against the list of allowed-peer-as values. If the peer AS is not contained in one of the allowed-peer-as commands, then the connection is rejected with a Bad_Peer_AS error. If there is no allowed-peer-as configuration in the matched prefix, then the ASN in the peer’s OPEN message, is checked against the group level peer-as.
The no form of this command removes an allowed-peer-as entry.
Default
no allowed-peer-as
Parameters
- min-as-number
-
Specifies an allowed peer AS value as well as the start of an allowed range if the max-as-number value is also configured.
- max-as-number
-
Specifies the end of an allowed range.
Platforms
All
allowed-peer-as
Syntax
[no] allowed-peer-as min-as-number [max max-as-number]
Context
[Tree] (config>router>bgp>group>dynamic-neighbor>match>prefix allowed-peer-as)
Full Context
configure router bgp group dynamic-neighbor match prefix allowed-peer-as
Description
This command configures a single peer AS value or a contiguous range of peer AS values to associate with a prefix from which dynamic BGP sessions can be accepted.
If an incoming dynamic BGP session is associated with the prefix, then the peer’s AS, as reported in the OPEN message, is checked against the list of allowed-peer-as values. If the peer AS is not contained in one of the allowed-peer-as commands, then the connection is rejected with a Bad_Peer_AS error. If there is no allowed-peer-as configuration in the matched prefix, then the ASN in the peer’s OPEN message, is checked against the group level peer-as.
The no form of this command removes an allowed-peer-as entry.
Default
no allowed-peer-as
Parameters
- min-as-number
-
Specifies an allowed peer AS value as well as the start of an allowed range if the max-as-number value is also configured.
- max-as-number
-
Specifies the end of an allowed range.
Platforms
All
allowed-peer-as
Syntax
[no] allowed-peer-as min-as-number [max max-as-number]
Context
[Tree] (config>service>vprn>bgp>group>dynamic-neighbor>interface allowed-peer-as)
[Tree] (config>router>bgp>group>dynamic-neighbor>interface allowed-peer-as)
Full Context
configure service vprn bgp group dynamic-neighbor interface allowed-peer-as
configure router bgp group dynamic-neighbor interface allowed-peer-as
Description
This command configures a singular allowed peer AS value or a range of acceptable values.
The no form of this command removes an allowed peer AS value or range of acceptable values.
Parameters
- min-as-number
-
Specifies an allowed peer AS value as well as the start of an allowed range if the max-as-number value is also configured.
- max-as-number
-
Specifies the end of an allowed range.
Platforms
All
allowed-source-macs
allowed-source-macs
Syntax
allowed-source-macs
Context
[Tree] (config>port>ethernet>dot1x>per-host-authentication allowed-source-macs)
Full Context
configure port ethernet dot1x per-host-authentication allowed-source-macs
Description
Commands in this context add the source MAC addresses of the hosts to the allowed MAC list.
Platforms
All
already-signed-in
already-signed-in
Syntax
[no] already-signed-in
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state already-signed-in)
Full Context
configure subscriber-mgmt wlan-gw ue-query state already-signed-in
Description
This command enables matching on UEs that are already signed in.
The no form of this command disables matching on UEs that are already signed in, unless all state matching is disabled.
Default
no already-signed-in
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
alt-port-class-pools
alt-port-class-pools
Syntax
alt-port-class-pools
Context
[Tree] (config>qos>hs-port-pool-policy alt-port-class-pools)
Full Context
configure qos hs-port-pool-policy alt-port-class-pools
Description
Commands in this context configure alternate port class pools parameters. Within this context, the corresponding port-class pools can be associated with a mid-pool, explicitly sized as a percentage of the mid-pool size, dynamically sized based on relative port bandwidth, or have a slope policy applied.
Platforms
7750 SR-7/12/12e
alternate-profile
alternate-profile
Syntax
alternate-profile alternate-profile-name [create]
no alternate-profile alternate-profile-name
Context
[Tree] (config>system>ptp alternate-profile)
Full Context
configure system ptp alternate-profile
Description
This command creates an alternate profile configuration for use in PTP messaging.
The alternate profile can be used at the edge of a network to provide PTP time or frequency distribution outward to external PTP clocks.
The alternate profile cannot be deleted if it is configured as the profile under a PTP port.
The no form of this command removes the alternate profile configuration.
Parameters
- alternate-profile-name
-
Configures the alternate profile name, up to 64 characters. The string "profile” in any uppercase or lowercase form cannot be used for the alternate profile name.
- create
-
Keyword used to create the alternate profile.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
alternate-profile
Syntax
alternate-profile alternate-profile-name
no alternate-profile alternate-profile-name
Context
[Tree] (config>system>ptp>port alternate-profile)
Full Context
configure system ptp port alternate-profile
Description
This command assigns the alternate profile configuration that is used for PTP messaging on the port.
If no alternate profile is specified, the primary profile is used.
If an alternate-profile-name is specified, that alternate profile must already exist in the configuration.
The no form of this command removes the profile assignment.
Parameters
- alternate-profile-name
-
Assigns the alternate profile name, up to 64 characters. The string "profile” in any uppercase or lowercase form cannot be used for the alternate profile name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
always-compare-med
always-compare-med
Syntax
always-compare-med {zero | infinity}
no always-compare-med strict-as {zero | infinity}
no always-compare-med
Context
[Tree] (config>service>vprn>bgp>path-selection always-compare-med)
[Tree] (config>router>bgp>best-path-selection always-compare-med)
Full Context
configure service vprn bgp best-path-selection always-compare-med
configure router bgp best-path-selection always-compare-med
Description
This command configures the comparison of BGP routes based on the MED attribute. The default behavior of SR OS (equivalent to the no form of this command) is to only compare two routes on the basis of MED if they have the same neighbor AS (the first non-confed AS in the received AS_PATH attribute). Also by default, a route without a MED attribute is handled the same as though it had a MED attribute with the value 0. The always-compare-med command without the strict-as keyword allows MED to be compared even if the paths have a different neighbor AS; in this case, if neither zero nor infinity is specified, the zero option is inferred, meaning a route without a MED is handled the same as though it had a MED attribute with the value 0. When the strict-as keyword is present, MED is only compared between paths from the same neighbor AS, and in this case, zero or infinity is mandatory and tells BGP how to interpret paths without a MED attribute.
Default
no always-compare-med
Parameters
- zero
-
Specifies that for routes learned without a MED attribute that a zero (0) value is used in the MED comparison. The routes with the lowest metric are the most preferred.
- infinity
-
Specifies for routes learned without a MED attribute that a value of infinity (2^32-1) is used in the MED comparison. This in effect makes these routes the least desirable.
- strict-as
-
Specifies that the BGP MED values are only compared if the route comes from the same neighbor AS.
Platforms
All
always-set-sender-for-ir
always-set-sender-for-ir
Syntax
[no] always-set-sender-for-ir
Context
[Tree] (config>system>security>pki>ca-profile>cmpv2 always-set-sender-for-ir)
Full Context
configure system security pki ca-profile cmpv2 always-set-sender-for-ir
Description
This command specifies to always set the sender field in CMPv2 header of all Initial Registration (IR) messages with the subject name. By default, the sender field is only set if an optional certificate is specified in the CMPv2 request.
Default
no always-set-sender-for-ir
Platforms
All
amber-alarm-threshold
amber-alarm-threshold
Syntax
amber-alarm-threshold percentage
no amber-alarm-threshold
Context
[Tree] (config>port>access>ingress>pool amber-alarm-threshold)
[Tree] (config>port>access>egress>pool amber-alarm-threshold)
[Tree] (config>port>network>egress>pool amber-alarm-threshold)
Full Context
configure port access ingress pool amber-alarm-threshold
configure port access egress pool amber-alarm-threshold
configure port network egress pool amber-alarm-threshold
Description
This command configures the threshold for the amber alarm on the over-subscription allowed.
Users can selectively enable amber or red alarm thresholds. But if both are enabled (non-zero), the amber alarm threshold cannot be more than the red alarm threshold.
The no form of this command reverts to the default value.
Default
no amber-alarm-threshold
Parameters
- percentage
-
Specifies the amber alarm threshold.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
amber-alarm-threshold
Syntax
amber-alarm-threshold percentage
no amber-alarm-threshold
Context
[Tree] (config>card>fp>ingress>network>pool amber-alarm-threshold)
Full Context
configure card fp ingress network pool amber-alarm-threshold
Description
This command configures the threshold for the amber alarm on the over-subscription allowed.
Users can selectively enable amber or red alarm thresholds. But if both are enabled (non-zero) then the red alarm threshold must be greater than the amber alarm threshold.
The no form of this command reverts to the default value.
Default
no amber-alarm-threshold
Parameters
- percentage
-
Specifies the amber alarm threshold.
Platforms
All
ambr
ambr
Syntax
ambr down-link down-link-kbps up-link up-link-kbps
no ambr
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile>ggsn>qos ambr)
[Tree] (config>subscr-mgmt>gtp>peer-profile>mme>qos ambr)
[Tree] (config>subscr-mgmt>gtp>peer-profile>pgw>qos ambr)
Full Context
configure subscriber-mgmt gtp peer-profile ggsn qos ambr
configure subscriber-mgmt gtp peer-profile mme qos ambr
configure subscriber-mgmt gtp peer-profile pgw qos ambr
Description
This command configures the Aggregated Maximum Bit Rate (AMBR) to be sent in the APN AMBR IE. The contents of this IE can be overridden by RADIUS or report-rate mechanisms. If those mechanisms specify a partial value, such as only specifying the down-link parameter, the other value is picked up from the ambr configuration.
For GTPv1, the no form of this command implies that the IE will not be sent. If a partial value is received from another source, the missing value will use the following defaults:
-
10000 kb/s up-link
-
20000 kb/s down-link
For GTPv2, the no form of this command reverts to the default of 10000 kb/s up-link and 20000 kb/s down-link.
Default
no ambr - for ggsn
ambr down-link 20000 up-link 10000 - for mme and pgw
Parameters
- down-link-kbps
-
Specifies the downlink AMBR.
- up-link-kbps
-
Specifies the uplink AMBR.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
ambr-qos-mapping
ambr-qos-mapping
Syntax
ambr-qos-mapping
Context
[Tree] (config>subscr-mgmt>gtp>apn-policy>apn ambr-qos-mapping)
Full Context
configure subscriber-mgmt gtp apn-policy apn ambr-qos-mapping
Description
Mapping of an incoming APN-AMBR to SR OS QoS overrides.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
an-gw-address
an-gw-address
Syntax
[no] an-gw-address
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp an-gw-address)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp an-gw-address
Description
This command configures the IPv4 address of the node.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
analyze-gre-payload
analyze-gre-payload
Syntax
[no] analyze-gre-payload
Context
[Tree] (config>cflowd analyze-gre-payload)
Full Context
configure cflowd analyze-gre-payload
Description
This command enables cflowd analysis of the inner IP packet in a sampled GRE packet that is transiting the local router.
If the GRE packet terminates on the local node, the inner IP payload is analyzed and reported using existing IPv4 or IPv6 flow templates. This behavior is not affected by this command.
If this parameter is enabled and a GRE packet is transiting the local node, the inner payload is reported using the GRE Flow Template. (Template ID 308 or 309)
This behavior is only supported with V10 (IPFIX) collectors.
The no form of this command disables cflowd analysis of the inner IP packet in a sampled GRE packet.
Platforms
All
analyze-l2tp-traffic
analyze-l2tp-traffic
Syntax
[no] analyze-l2tp-traffic
Context
[Tree] (config>cflowd analyze-l2tp-traffic)
Full Context
configure cflowd analyze-l2tp-traffic
Description
This command causes cflowd to look for and analyze the inner IP header of an L2TPv2 frame.
L2TPv2 traffic is identified by either the source or destination UDP port numbering that is set to 1701.
The no form of this command disables this function.
Default
no analyze-l2tp-traffic
Platforms
All
analyze-v4overv6-traffic
analyze-v4overv6-traffic
Syntax
[no] analyze-v4overv6-traffic
Context
[Tree] (config>cflowd analyze-v4overv6-traffic)
Full Context
configure cflowd analyze-v4overv6-traffic
Description
This command causes cflowd to look for and analyze the inner IPv4 header of IPv4overIPv6 frames that include MAP-E as well as DS-Lite and SAM traffic.
The no form of this command disables this function.
Default
no analyze-v4overv6-traffic
Platforms
All
analyzer
analyzer
Syntax
[no] analyzer
Context
[Tree] (config>isa>video-group analyzer)
Full Context
configure isa video-group analyzer
Description
This command specifies whether or not the video analyzer is enabled for all streams on this video group.
The no form of the command disables the analyzer for the group.
Default
no analyzer
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
analyzer
Syntax
[no] analyzer
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video analyzer)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video analyzer)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video analyzer)
Full Context
configure mcast-management multicast-info-policy bundle channel source-override video analyzer
configure mcast-management multicast-info-policy bundle channel video analyzer
configure mcast-management multicast-info-policy bundle video analyzer
Description
This command enables or disables the analyzer for the group.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s
ancp
ancp
Syntax
ancp
Context
[Tree] (config>subscr-mgmt ancp)
[Tree] (config>subscr-mgmt>sub-prof ancp)
Full Context
configure subscriber-mgmt ancp
configure subscriber-mgmt sub-profile ancp
Description
Commands in this context configure Access Node Control Protocol (ANCP) parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ancp
Syntax
ancp
Context
[Tree] (config>service>vpls>gsmp>group ancp)
[Tree] (config>service>vprn>gsmp>group ancp)
Full Context
configure service vpls gsmp group ancp
configure service vprn gsmp group ancp
Description
Commands in this context configure Access Node Control Protocol (ANCP) parameters for this GSMP group.
Platforms
All
ancp
Syntax
[no] ancp
Context
[Tree] (config>service>vprn>gsmp>group ancp)
Full Context
configure service vprn gsmp group ancp
Description
Commands in this context configure ANCP parameters for this GSMP group.
The no form of this command disables the ANCP parameters configured in this context.
Platforms
All
ancp
Syntax
ancp ancp-string ancp-string loopback [count send-count] [timeout timeout] [alarm]
ancp subscriber sub-ident-string loopback [count send-count] [timeout timeout] [alarm]
Context
[Tree] (oam ancp)
Full Context
oam ancp
Description
This command sends an OAM request to the access node. ANCP can be used to send OAM messages to the access node. The access node must be able to accept these messages and signals such support by the capability negotiations. If the operator attempts to send an OAM command to an access node that does not support, the operation results in an error.
Parameters
- ancp-string
-
Specifies an existing ANCP string, up to 63 characters.
- loopback
-
Sends an OAM loopback test request to the access node.
- send-count
-
Specifies the number of messages the access node uses to test the circuit. If omitted, the number is determined by the access node via local policy.
- timeout
-
Specifies the length of time, in seconds, that the controlling node waits for a result.
- alarm
-
Specifies that the CLI the result is returned to the CLI and a trap is issued to indicate the test has finished. If the flag is used through SNMP the results are available in the results MIB and after the node sends the trap to indicate the results are ready.
- sub-ident-string
-
Specifies an existing subscriber-id, up to 32 characters. The node uses the ancp-string value associated with the provided subscriber-id to identify the circuit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ancp
Syntax
ancp
Context
[Tree] (config>system>persistence ancp)
Full Context
configure system persistence ancp
Description
This command configures ANCP persistence parameters.
Platforms
All
ancp-policy
ancp-policy
Syntax
ancp-policy policy-name [create]
no ancp-policy policy-name
Context
[Tree] (config>subscr-mgmt>ancp ancp-policy)
Full Context
configure subscriber-mgmt ancp ancp-policy
Description
This command creates an Access Node Control Protocol (ANCP) policy. The policy is associated with either the ANCP string (static case) or subscriber-profile (dynamic case) and defines the behavior of the hosts belonging to these profiles.
ANCP policies control rates and subscribers based on port-up/port-down messages from the access node. When configured, the 7450 ESS or 7750 SR should stop SHCV to a host that is part of a port defined to be down (by port-down message). When the node receives a port-up message for a port that was in port-down state, the node will initiate the SHCV process immediately to verify connectivity.
When ANCP is used with Enhanced Subscriber Management, the ANCP string last associated with the subscriber is used. All hosts of a subscriber is updated with the new ANCP string.
The no form of this command removes the policy name from the ANCP configuration.
Parameters
- policy-name
-
Configures the ANCP policy name, up to 32 characters.
- create
-
Keyword used to create the ANCP policy. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ancp-policy
Syntax
ancp-policy name
Context
[Tree] (config>subscr-mgmt>sub-prof>ancp ancp-policy)
Full Context
configure subscriber-mgmt sub-profile ancp ancp-policy
Description
This command specifies an existing Access Node Control Protocol (ANCP) policy to associate with the subscriber profile. The policy is associated with either the ANCP string (static case) or subscriber-profile (dynamic case) and defines the behavior of the hosts belonging to these profiles.
The no form of this command removes the policy name from the ANCP configuration.
Parameters
- name
-
Specifies an existing ANCP policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ancp-static-map
ancp-static-map
Syntax
ancp-static-map
Context
[Tree] (config>subscr-mgmt>ancp ancp-static-map)
Full Context
configure subscriber-mgmt ancp ancp-static-map
Description
Commands in this context configure a static ANCP name map.
Default
ancp-static-map
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ancp-string
ancp-string
Syntax
ancp-string ancp-string
no ancp-string
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings ancp-string)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings ancp-string)
Full Context
configure subscriber-mgmt local-user-db ppp host identification-strings ancp-string
configure subscriber-mgmt local-user-db ipoe host identification-strings ancp-string
Description
This command specifies the ANCP string which is encoded in the identification strings.
The no form of this command returns to the default.
Parameters
- ancp-string
-
Specifies the ANCP string, up to 63 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ancp-string
Syntax
ancp-string ancp-string
no ancp-string
Context
[Tree] (config>service>vpls>sap>static-host ancp-string)
[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host ancp-string)
[Tree] (config>service>vprn>if>sap>static-host ancp-string)
[Tree] (config>service>ies>sub-if>grp-if>sap>static-host ancp-string)
[Tree] (config>service>ies>if>sap>static-host ancp-string)
Full Context
configure service vpls sap static-host ancp-string
configure service vprn subscriber-interface group-interface sap static-host ancp-string
configure service vprn interface sap static-host ancp-string
configure service ies subscriber-interface group-interface sap static-host ancp-string
configure service ies interface sap static-host ancp-string
Description
This command specifies the ANCP string associated to this SAP host.
The no form of this command reverts to the default.
Parameters
- ancp-string
-
Specifies the ANCP string up to 63 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
anno-rx-timeout
anno-rx-timeout
Syntax
anno-rx-timeout count
no anno-rx-timeout
Context
[Tree] (config>system>ptp anno-rx-timeout)
Full Context
configure system ptp anno-rx-timeout
Description
This command configures the announceReceiptTimeout value for all peer associations. This defines the number of Announce message intervals that must expire with no received Announce messages before declaring an ANNOUNCE_RECIPT_TIMEOUT event.
The announce-rx-timeout cannot be changed unless PTP is shut down.
Default
anno-rx-timeout 3
Parameters
- count
-
Specifies the announce packet interval, in log form.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
announce
announce
Syntax
[no] announce
Context
[Tree] (config>service>nat>pcp-server-policy>opcode announce)
Full Context
configure service nat pcp-server-policy opcode announce
Description
This command enables/disables support for the announce opcode.
Default
no announce
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
antenna-cable-delay
antenna-cable-delay
Syntax
antenna-cable-delay nanoseconds
Context
[Tree] (config>port>gnss antenna-cable-delay)
Full Context
configure port gnss antenna-cable-delay
Description
This command configures the expected signal delay resulting from the length of the GNSS antenna cable, for platforms that support one or more embedded GNSS receivers.
Default
0
Parameters
- nanoseconds
-
Specifies the signal delay in nanoseconds.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se
anti-spoof
anti-spoof
Syntax
anti-spoof type
no anti-spoof
Context
[Tree] (config>service>ies>sub-if>grp-if>sap anti-spoof)
[Tree] (config>service>vprn>sub-if>grp-if>sap anti-spoof)
[Tree] (config>service>vpls>sap anti-spoof)
[Tree] (config>service>ies>sap anti-spoof)
[Tree] (config>service>vprn>sub-if>grp-if>pppoe anti-spoof)
[Tree] (config>service>ies>sub-if>grp-if>sap-parameters anti-spoof)
[Tree] (config>service>ies>sub-if>grp-if>pppoe anti-spoof)
[Tree] (config>service>vprn>sub-if>grp-if>sap-parameters anti-spoof)
[Tree] (config>subscr-mgmt>msap-policy>ies-vprn-only-sap-parameters anti-spoof)
Full Context
configure service ies subscriber-interface group-interface sap anti-spoof
configure service vprn subscriber-interface group-interface sap anti-spoof
configure service vpls sap anti-spoof
configure service ies sap anti-spoof
configure service vprn subscriber-interface group-interface pppoe anti-spoof
configure service ies subscriber-interface group-interface sap-parameters anti-spoof
configure service ies subscriber-interface group-interface pppoe anti-spoof
configure service vprn subscriber-interface group-interface sap-parameters anti-spoof
configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters anti-spoof
Description
This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the SAP.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, mac, ip-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
Enabling anti-spoof filtering on a subscriber-facing SAP causes the anti-spoof table to be populated with all static and dynamic host information available on the SAP. Enabling anti-spoof filtering on the SAP will fail if any static hosts are defined without the proper addresses specified for the selected anti-spoof filter type.
When enabled, forwarding IP packets that ingress the SAP is dependent on a successful anti-spoof table match with an entry in the table. DHCP and non-IP packets (including ARP) are not subject to anti-spoof filtering. If an entry does not match the ingress packet, the packet is silently discarded while incrementing the SAP discard counter.
Anti-spoof filtering is only allowed on VPLS SAPs, IES SAP-based IP interfaces, and VPRN SAP-based IP interfaces. Anti-spoof filtering is not available on IES or VPRN SDP bound IP interfaces. Anti-spoof filtering is not supported on Epipe and other VLL type services. Support for anti-spoofing is dependent on SAP based service interfaces. Note VPRN and VLL are supported on the 7750 SR only.
Anti-spoofing filters, with type ip-mac, must be enabled to perform Enhanced Subscriber Management (as described in the Triple Play Enhanced Subscriber Management section).
The no form of this command disables anti-spoof filtering on the SAP.
Default
no anti-spoof
Parameters
- type
-
Specifies the anti-spoof filtering type for this SAP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vpls sap anti-spoof
- configure service vprn subscriber-interface group-interface pppoe anti-spoof
- configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters anti-spoof
- configure service ies subscriber-interface group-interface pppoe anti-spoof
- configure service vprn subscriber-interface group-interface sap anti-spoof
- configure service ies subscriber-interface group-interface sap anti-spoof
7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface sap-parameters anti-spoof
- configure service ies subscriber-interface group-interface sap-parameters anti-spoof
anti-spoof
Syntax
anti-spoof {ip | ip-mac | nh-mac}
no anti-spoof
Context
[Tree] (config>service>ies>sub-if>grp-if>sap anti-spoof)
[Tree] (config>service>vprn>sub-if>grp-if>sap anti-spoof)
Full Context
configure service ies subscriber-interface group-interface sap anti-spoof
configure service vprn subscriber-interface group-interface sap anti-spoof
Description
This command configures the anti-spoof type of the MSAP.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, ip-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
The no form of this command reverts to the default.
For IES and VPRN subscriber group interfaces, setting no anti-spoof sets the default anti-spoofing type which is ip-mac.
Parameters
- ip
-
Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command fails.
Note:This parameter is not applicable in the config>subscr-mgmt>msap-policy context.
- ip-mac
-
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. The anti-spoof type ip-mac command fails if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden, or if the SAP does not support Ethernet encapsulation.
- nh-mac
-
Indicates that the ingress anti-spoof is based on the source MAC and egress anti-spoof is based on the nh-ip-address .
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
anti-spoof
Syntax
anti-spoof type
no anti-spoof
Context
[Tree] (config>service>ies>if>sap anti-spoof)
[Tree] (config>service>vprn>if>sap anti-spoof)
[Tree] (config>service>vpls>sap anti-spoof)
Full Context
configure service ies interface sap anti-spoof
configure service vprn interface sap anti-spoof
configure service vpls sap anti-spoof
Description
This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the SAP.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, mac, ip-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
The no form of the command disables anti-spoof filtering on the SAP.
Default
no anti-spoof
Parameters
- type
-
Specifies the anti-spoof filtering type for this SAP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
anti-spoof
Syntax
anti-spoof pppoe-anti-spoofing-type
no anti-spoof
Context
[Tree] (config>service>vprn>sub-if>grp-if>pppoe anti-spoof)
[Tree] (config>service>ies>sub-if>grp-if>pppoe anti-spoof)
Full Context
configure service vprn subscriber-interface group-interface pppoe anti-spoof
configure service ies subscriber-interface group-interface pppoe anti-spoof
Description
This command specifies the type of PPPoE anti-spoof filtering to use.
The no form of this command reverts to the default.
Default
anti-spoof mac-sid
Parameters
- pppoe-anti-spoofing-type
-
Specifies the PPPoE anti-spoof filtering.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
anti-spoof
Syntax
anti-spoof {ip | mac | ip-mac | nh-mac}
no anti-spoof-type
Context
[Tree] (config>service>vprn>if>sap anti-spoof)
Full Context
configure service vprn interface sap anti-spoof
Description
This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the interface.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, mac, ip-mac, nh-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
The no form of this command reverts to the default.
Default
Filter type default types:
-
anti-spoof ip (Non-Ethernet encapsulated SAP)
-
anti-spoof ip-mac (Ethernet encapsulated SAP)
-
no anti-spoof-type (other SAPs)
Parameters
- ip
-
Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command fails.
- mac
-
Configures SAP anti-spoof filtering to use only the source MAC address in its lookup. Setting the anti-spoof filter type to mac is not allowed on non-Ethernet encapsulated SAPs. If a static host exists on the SAP without a specified MAC address, the anti-spoof type mac command fails. The anti-spoof type mac command will also fail if the SAP does not support Ethernet encapsulation.
- ip-mac
-
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof type ip-mac command fails. This is also true if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
- nh-mac
-
Indicates that the ingress anti-spoof is based on the source MAC address and the egress anti-spoof is based on the nh-ip-address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
anti-spoof
Syntax
[no] anti-spoof
Context
[Tree] (config>app-assure>group>http-enrich>field anti-spoof)
Full Context
configure application-assurance group http-enrich field anti-spoof
Description
This command configures the HTTP header enrichment anti-spoofing functionality.
The no form of this command disables anti-spoofing functionality.
Default
no anti-spoof
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
anycast
anycast
Syntax
[no] anycast rp-ip-address
Context
[Tree] (config>service>vprn>pim>rp anycast)
Full Context
configure service vprn pim rp anycast
Description
This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.
The no form of this command removes the anycast instance from the configuration.
Parameters
- rp-ip-address
-
Configure the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no ip-address is entered then the command is simply used to enter the anycast CLI level.
Platforms
All
anycast
Syntax
anycast ipv6-address
no anycast ipv6-address
Context
[Tree] (config>service>vprn>pim>rp>ipv6 anycast)
Full Context
configure service vprn pim rp ipv6 anycast
Description
This command configures an IPv6 PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.
The no form of this command removes the anycast instance from the configuration.
Parameters
- ipv6-address
-
Configures the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no address is entered then the command is simply used to enter the anycast CLI context.
Platforms
All
anycast
Syntax
[no] anycast rp-ip-address
Context
[Tree] (config>router>pim>rp anycast)
Full Context
configure router pim rp anycast
Description
This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.
The no form of this command removes the anycast instance from the configuration.
Parameters
- rp-ip-address
-
Specifies the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no ip-address is entered then the command is simply used to enter the anycast CLI level.
Platforms
All
anycast
Syntax
[no] anycast ipv6-address
Context
[Tree] (config>router>pim>rp>ipv6 anycast)
Full Context
configure router pim rp ipv6 anycast
Description
This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.
The no form of this command removes the anycast instance from the configuration.
Parameters
- ipv6-address
-
Specifies the loopback IPv6 address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address is replaced with the new address. If no ipv6-address is entered then the command is simply used to enter the anycast CLI level.
Platforms
All
ap-mac-learn-failed
ap-mac-learn-failed
Syntax
ap-mac-learn-failed {true | false | not-specified}
Context
[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query ap-mac-learn-failed)
Full Context
configure subscriber-mgmt wlan-gw tunnel-query ap-mac-learn-failed
Description
This command specifies the matching criteria of tunnels based on whether or not learning the associated AP-MAC address last failed.
Default
ap-mac-learn-failed not-specified
Parameters
- true
-
Specifies matching of tunnels status where learning of the AP-MAC address succeeded.
- false
-
Specifies matching of tunnels status where learning of the AP-MAC address failed.
- not-specified
-
Specifies no matching on the AP-MAC address learning status.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn
apn
Syntax
apn apn
no apn
Context
[Tree] (config>service>vprn>gtp>uplink apn)
[Tree] (config>router>gtp>uplink apn)
Full Context
configure service vprn gtp uplink apn
configure router gtp uplink apn
Description
This command configures the Network Identifier part of the APN.
The no form of this command removes the string from the configuration.
Default
no apn
Parameters
- apn
-
Specifies the APN used for this IMSI to connect to this Mobile Gateway, up to 80 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn
Syntax
apn {apn-name | unknown} [create]
no apn {apn-name | unknown}
Context
[Tree] (config>subscr-mgmt>gtp>apn-policy apn)
Full Context
configure subscriber-mgmt gtp apn-policy apn
Description
This command configures the parameters that should be applied to incoming connections with the APN specified. Multiple APN nodes can be defined per APN policy.
For each APN-policy, one unknown APN entry can be created. This APN is used by all connections not matching another APN.
The no form of this command removes the APN from the policy. Only new sessions are affected by the removal.
Parameters
- apn-name
-
Specifies the APN name as it appears in GTP messaging, up to 80 characters.
- create
-
Creates an apn-name instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn
Syntax
[no] apn
Context
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute apn)
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute apn)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute apn
configure subscriber-mgmt radius-accounting-policy include-radius-attribute apn
Description
This command enables the inclusion of the APN n AAA protocols as signaled in the incoming GTP setup message.
The no form of this command disables the inclusion of the attribute.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn
Syntax
apn apn-string
no apn
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr>entry apn)
Full Context
configure application-assurance group gtp gtp-filter imsi-apn-filter entry apn
Description
This command configures a matching condition for an APN configured as a GTP filter.
Parameters
- apn-string
-
Specifies the match string, which can include 1 to 32 characters.
If no APN is specified, the entry will not check for the APN IE in GTP-C packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn-ambr
apn-ambr
Syntax
[no] apn-ambr
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp apn-ambr)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp apn-ambr
Description
This command enables the inclusion of the APN-Aggregate-Max-Bitrate-DL and APN-Aggregate-Max-Bitrate-UL AVPs inside the QoS-Information AVP, as signaled in the incoming GTP message.
The no form of this command disables the inclusion of the AVPs.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn-ambr-dl
apn-ambr-dl
Syntax
apn-ambr-dl agg-rate
apn-ambr-dl arbiter arbiter-name
apn-ambr-dl hs-sla-agg-rate
apn-ambr-dl policer policer-id
apn-ambr-dl queue queue-id
apn-ambr-dl scheduler scheduler-name
no apn-ambr-dl
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>3gpp-qos-mapping apn-ambr-dl)
Full Context
configure subscriber-mgmt diameter-application-policy gx 3gpp-qos-mapping apn-ambr-dl
Description
This command configures the APN-Aggregate-Max-Bitrate-DL AVP. When enabled, the AVP is interpreted as a rate override for the specified egress QoS object. For queues and policers, the PIR is overridden.
This override uses the same QoS override mechanism as the native Gx and RADIUS-based QoS overrides. Therefore, a subsequent Gx/RADIUS-based override removes this override and an APN-AMBR based override removes any preceding Gx/RADIUS-based override.
The no form of this command disables the override mechanism based on APN-AMBR.
Parameters
- agg-rate
-
Specifies to map to an aggregate rate.
- arbiter-name
-
Specifies the name of the arbiter to be overridden.
- hs-sla-agg-rate
-
Specifies to map to an HS SLA aggregate rate.
- policer-id
-
Specifies the ID of the policer to be overridden.
- queue-id
-
Specifies the ID of the queue to be overridden.
- scheduler-name
-
Specifies the name of the scheduler to be overridden.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn-ambr-ul
apn-ambr-ul
Syntax
apn-ambr-ul arbiter arbiter-name
apn-ambr-ul policer policer-id
apn-ambr-ul queue queue-id
apn-ambr-ul scheduler scheduler-name
no apn-ambr-ul
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>3gpp-qos-mapping apn-ambr-ul)
Full Context
configure subscriber-mgmt diameter-application-policy gx 3gpp-qos-mapping apn-ambr-ul
Description
This command configures the APN-Aggregate-Max-Bitrate-UL AVP. When enabled, the AVP is interpreted as a rate override for the specified egress QoS object. For queues and policers, the PIR is overridden.
This override uses the same QoS override mechanism as the native Gx and RADIUS-based QoS overrides. Therefore, a subsequent Gx/RADIUS-based override removes this override and an APN-AMBR based override removes any preceding Gx/RADIUS-based override.
The no form of this command disables the override mechanism based on APN-AMBR.
Parameters
- arbiter-name
-
Specifies the name of the arbiter to be overridden.
- policer-id
-
Specifies the ID of the policer to be overridden.
- queue-id
-
Specifies the ID of the queue to be overridden.
- scheduler-name
-
Specifies the name of the scheduler to be overridden.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn-policy
apn-policy
Syntax
apn-policy apn-policy-name
no apn-policy
Context
[Tree] (config>router>gtp>s11>interface apn-policy)
[Tree] (config>service>vprn>gtp>s11>interface apn-policy)
Full Context
configure router gtp s11 interface apn-policy
configure service vprn gtp s11 interface apn-policy
Description
This command configures an Access Point Name (APN) policy for the S11 interface.
The no form of this command removes the APN policy.
Parameters
- apn-policy-name
-
Specifies the name of the policy, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
apn-policy
Syntax
apn-policy policy-name [create]
no apn-policy policy-name
Context
[Tree] (config>subscr-mgmt>gtp apn-policy)
Full Context
configure subscriber-mgmt gtp apn-policy
Description
This command configures an APN policy that defines parameters to be used when setting up a new incoming GTP connection. Each APN can be mapped to its own set of parameters.
The no form of this command removes the policy from the system. A policy can only be removed if it is not in use.
Parameters
- policy-name
-
Specifies the name of the policy, up to 32 characters.
- create
-
Creates an entry.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-filter
app-filter
Syntax
app-filter
Context
[Tree] (config>app-assure>group>policy app-filter)
Full Context
configure application-assurance group policy app-filter
Description
Commands in this context configure an application filter for application assurance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-group
app-group
Syntax
app-group app-group-name [rate]
no app-group app-group-name
Context
[Tree] (config>app-assure>group>cflowd>comp app-group)
[Tree] (config>app-assure>group>cflowd>rtp-perf app-group)
[Tree] (config>app-assure>group>cflowd>tcp-perf app-group)
Full Context
configure application-assurance group cflowd comprehensive app-group
configure application-assurance group cflowd rtp-performance app-group
configure application-assurance group cflowd tcp-performance app-group
Description
This command configures application groups to export performance records with cflowd.
The no form of this command removes the parameters from the configuration.
Parameters
- app-group-name
-
Specifies the application group name.
- rate
-
Specifies which sampling flow rate to use; flow-rate or flow-rate2.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-group
Syntax
app-group application-group-name [create]
no app-group application-group-name
Context
[Tree] (config>app-assure>group>policy app-group)
Full Context
configure application-assurance group policy app-group
Description
This command creates an application group for an application assurance policy.
The no form of this command deletes the application group from the configuration. All associations must be removed in order to delete a group.
Default
no app-group
Parameters
- application-group-name
-
A string of up to 32 characters uniquely identifying this application group in the system.
- create
-
Mandatory keyword used when creating an application group. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-group
Syntax
app-group app-group-name
Context
[Tree] (config>app-assure>group>policy>application app-group)
Full Context
configure application-assurance group policy application app-group
Description
This command associates an application with an application group of an application assurance policy.
Parameters
- app-group-name
-
A string of up to 32 characters uniquely identifying an existing application in the system.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-group
Syntax
app-group {eq | neq} application-group-name
no app-group
Context
[Tree] (config>app-assure>group>policy>aqp>entry>match app-group)
[Tree] (config>app-assure>group>policy>charging-filter>entry>match app-group)
Full Context
configure application-assurance group policy app-qos-policy entry match app-group
configure application-assurance group policy charging-filter entry match app-group
Description
This command adds app-group to match criteria used by this entry.
The no form of this command removes the app-group from match criteria for this entry.
Default
no app-group
Parameters
- eq
-
Specifies that the value configured and the value in the flow must be equal.
- neq
-
Specifies that the value configured and the value in the flow must differ.
- application-group-name
-
Specifies the name of the existing application group entry, up to 32 characters
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-group
Syntax
app-group app-group-name export-using export-method [export-method ...(up to 2 max)]
app-group app-group-name no-export
no app-group app-group-name
Context
[Tree] (config>app-assure>group>statistics>aa-sub app-group)
Full Context
configure application-assurance group statistics aa-sub app-group
Description
Commands in this context configure accounting and statistics collection parameters per system for application groups of application assurance for a given AA ISA group/partition.
The no form of this command removes the application group name.
Parameters
- app-group-name
-
Specifies an existing application group name, up to 32 characters.
- export-method
-
Specifies the method of statistics export to be used.
- no-export
-
Allows the operator to enable the referred to application group to be selected (via Diameter) for Gx-usage monitoring. Gx usage monitoring is enabled automatically (and this command is not shown) if the export-using parameter is selected for the respective application group.
Usage monitoring must be enabled at the group:partition level (config>app-assure>group>statistics>aa-sub>usage-monitoring) as well in order to allow any application/application group/charging group usage monitoring.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-group
Syntax
app-group {eq | neq} application-group-name
no app-group
Context
[Tree] (config>app-assure>group>policy>chrg-fltr>entry>match app-group)
Full Context
configure application-assurance group policy charging-filter entry match app-group
Description
This command configures the addition of an application group to the match criteria used by this charging filter entry.
The no form of this command removes the application group match criteria.
Default
no app-group
Parameters
- eq
-
Specifies that the value configured and the value in the flow must be equal.
- neq
-
Specifies that the value configured and the value in the flow must differ.
- application-group-name
-
Specifies the name of the existing application group entry, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-profile
app-profile
Syntax
app-profile app-profile-name
no app-profile
Context
[Tree] (config>service>ies>if>sap app-profile)
[Tree] (config>service>vprn>if>sap app-profile)
[Tree] (config>service>vprn>sub-if>grp-if>sap app-profile)
[Tree] (config>service>vpls>spoke-sdp app-profile)
[Tree] (config>service>vpls>sap>static-host app-profile)
[Tree] (config>service>vprn>if>sap>static-host app-profile)
[Tree] (config>service>ies>sub-if>grp-if>sap app-profile)
[Tree] (config>service>vpls>sap app-profile)
[Tree] (config>service>ies>if>sap>static-host app-profile)
[Tree] (config>service>vprn>if>spoke-sdp app-profile)
[Tree] (config>service>ies>if>spoke-sdp app-profile)
Full Context
configure service ies interface sap app-profile
configure service vprn interface sap app-profile
configure service vprn subscriber-interface group-interface sap app-profile
configure service vpls spoke-sdp app-profile
configure service vpls sap static-host app-profile
configure service vprn interface sap static-host app-profile
configure service ies subscriber-interface group-interface sap app-profile
configure service vpls sap app-profile
configure service ies interface sap static-host app-profile
configure service vprn interface spoke-sdp app-profile
configure service ies interface spoke-sdp app-profile
Description
This command specifies an application profile name.
The no form of this command reverts to the default.
Parameters
- app-profile-name
-
Specifies the application profile name up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-profile
Syntax
app-profile app-profile-name [scope scope-type]
no app-profile
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>static-host app-profile)
[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host app-profile)
Full Context
configure service ies subscriber-interface group-interface sap static-host app-profile
configure service vprn subscriber-interface group-interface sap static-host app-profile
Description
This command specifies an application profile name.
Parameters
- app-profile-name
-
Specifies the application profile name up to 32 characters in length.
- scope-type
-
Specifies the scope to which the application profile is assigned in the context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-profile
Syntax
app-profile app-profile-name
no app-profile
Context
[Tree] (config>service>ipipe>spoke-sdp app-profile)
[Tree] (config>service>epipe>sap app-profile)
[Tree] (config>service>epipe>spoke-sdp app-profile)
[Tree] (config>service>ipipe>sap app-profile)
Full Context
configure service ipipe spoke-sdp app-profile
configure service epipe sap app-profile
configure service epipe spoke-sdp app-profile
configure service ipipe sap app-profile
Description
This command configures the application profile name.
Parameters
- app-profile-name
-
Specifies an existing application profile name configured in the config>app-assure>group>policy context.
Platforms
All
- configure service ipipe spoke-sdp app-profile
- configure service ipipe sap app-profile
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service epipe sap app-profile
- configure service epipe spoke-sdp app-profile
app-profile
Syntax
app-profile app-profile-name [create]
no app-profile app-profile-name
Context
[Tree] (config>app-assure>group>policy app-profile)
Full Context
configure application-assurance group policy app-profile
Description
This command creates an application profile and commands in this context configure the profile parameters.
The no form of this command removes the application profile from the configuration.
Parameters
- app-profile-name
-
Specifies the name of the application profile up to 32 characters.
- create
-
Mandatory keyword used when creating an application profile. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-profile
Syntax
[no] app-profile
Context
[Tree] (config>log>acct-policy>cr>aa>aa-sub-attributes app-profile)
Full Context
configure log accounting-policy custom-record aa-specific aa-sub-attributes app-profile
Description
This command enables the subscriber app-profile attribute information to be exported in the AA subscriber's custom record.
The no form of this command excludes the subscriber app-profile attribute from the AA subscriber's custom record.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-profile-map
app-profile-map
Syntax
app-profile-map
Context
[Tree] (config>subscr-mgmt>sub-ident-pol app-profile-map)
Full Context
configure subscriber-mgmt sub-ident-policy app-profile-map
Description
Commands in this context configure an application profile mapping.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-profile-string
app-profile-string
Syntax
app-profile-string app-profile-string
no app-profile-string
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings app-profile-string)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings app-profile-string)
Full Context
configure subscriber-mgmt local-user-db ppp host identification-strings app-profile-string
configure subscriber-mgmt local-user-db ipoe host identification-strings app-profile-string
Description
This command specifies the application profile string which is encoded in the identification strings.
The no form of this command returns to the default.
Parameters
- app-profile-string
-
Specifies the application profile string, up to 16 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-qos-policy
app-qos-policy
Syntax
app-qos-policy
Context
[Tree] (config>app-assure>group>policy app-qos-policy)
Full Context
configure application-assurance group policy app-qos-policy
Description
Commands in this context configure an application QoS policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-route-notifications
app-route-notifications
Syntax
app-route-notifications
Context
[Tree] (config>log app-route-notifications)
Full Context
configure log app-route-notifications
Description
Specific system applications in SR OS can take action based on a route to certain IP destinations being available. This CLI branch contains configuration related to these route availability notifications. A delay can be configured between the time that a route is determined as available in the CPM, and the time that the application is notified of the available route. For example, this delay may be used to increase the chances that other system modules (such as IOMs/XCMs/MDAs/XMAs) are fully programmed with the new route before the application takes action. Currently, the only application that acts upon these route available or route changed notifications with their configurable delays is the SNMP replay feature, which receives notifications of route availability to the SNMP trap receiver destination IP address.
Platforms
All
app-service-options
app-service-options
Syntax
app-service-options
Context
[Tree] (config>app-assure>group>policy app-service-options)
Full Context
configure application-assurance group policy app-service-options
Description
Commands in this context configure application service option characteristics.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
app-service-options
Syntax
[no] app-service-options
Context
[Tree] (config>log>acct-policy>cr>aa>aa-sub-attributes app-service-options)
Full Context
configure log accounting-policy custom-record aa-specific aa-sub-attributes app-service-options
Description
This command enables the subscriber application service option attributes to be exported in the AA subscriber's custom record.
The no form of this command excludes the subscriber application service option attributes from the AA subscriber's custom record.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
applicant-sm
applicant-sm
Syntax
[no] applicant-sm
Context
[Tree] (debug>service>id>mrp applicant-sm)
Full Context
debug service id mrp applicant-sm
Description
This command enables debugging of the applicant state machine.
The no form of this command disables debugging of the applicant state machine.
Platforms
All
application
application
Syntax
application {gx | gy | nasreq}
no application
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy application)
Full Context
configure subscriber-mgmt diameter-application-policy application
Description
This command specifies the Diameter application for which this policy contains the configuration details, such as AVPs to include and their format.
Applications are mutually exclusive.
The no form of this command reverts to the default.
Parameters
- gx
-
Specifies that Gx is the supported application of this DIAMETER policy.
- gy
-
Specifies that Gy is the supported application of this DIAMETER policy.
- nasreq
-
Specifies that NASREQ is the supported application of this DIAMETER policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application
Context
[Tree] (debug>diam application)
Full Context
debug diameter application
Description
This command debugs application processing for the Diameter node. This level is session aware (the session state is maintained at this level). Connection level messages are not reported on this level.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
no application {dscp-app-name | dot1p-app-name}
Context
[Tree] (config>router>sgt-qos application)
[Tree] (config>service>vprn>sgt-qos application)
Full Context
configure router sgt-qos application
configure service vprn sgt-qos application
Description
This command configures DSCP/dot1p remarking for self-generated application traffic. When an application is configured using this command, the specified DSCP name is used for all packets generated by this application within the router instance it is configured. The instances can be base router, vprn, or management.
Using the value configured in this command:
-
sets the DSCP bits in the IP packet
-
maps to the FC. This value will be signaled from the CPM to the egress forwarding complex.
-
based on this signaled FC, the egress forwarding complex QoS policy sets the Ethernet 802.1p and MPLS EXP bits. This includes ARP, PPPoE, and IS-IS packets that do not carry DSCP bits.
-
configure the DSCP value in the egress IP header. The egress QoS policy does not overwrite this value.
Only one DSCP name can be configured per application, if multiple entries are configured, the subsequent entry overrides the previous configured entry.
The no form of this command reverts back to the default value.
Parameters
- dscp-app-name
-
Specifies the DSCP application name.
- dscp-value
-
Specifies a value when this packet egresses; the respective egress policy should provide the mapping for the DSCP value to either LSP-EXP bits or IEEE 802.1p (dot1p) bits as appropriate. Otherwise, the default mapping applies.
- dscp-name
-
Specifies the DSCP name.
- dot1p-priority
-
Specifies the dot1p priority.
- dot1p-app-name
-
Specifies the dot1p application name.
Platforms
All
application
Syntax
application app [ip-int-name | ip-address]
no application app
Context
[Tree] (config>service>vprn>source-address application)
Full Context
configure service vprn source-address application
Description
This command specifies the source address and application name.
The no form of this command removes the interface name or IP address from the command.
Parameters
- app
-
Specifies the application name.
- ip-int-name
-
Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
- ip-address
-
Specifies the source IP address.
Platforms
All
application
Syntax
application {eq | neq} application-id
no application
Context
[Tree] (config>service>vprn>log>filter>entry>match application)
Full Context
configure service vprn log filter entry match application
Description
This command adds an OS application as an event filter match criterion.
An OS application is the software entity that reports the event. Applications include IP, MPLS, OSPF, CLI, SERVICES and so on Only one application can be specified. The latest application command overwrites the previous command.
The no form of this command removes the application as a match criterion.
Default
no application — no application match criterion is specified
Parameters
- eq | neq
-
The operator specifying the type of match.
- application-id
-
The application name string.
Platforms
All
application
Syntax
application application-name [rate]
no application application-name
Context
[Tree] (config>app-assure>group>cflowd>rtp-perf application)
[Tree] (config>app-assure>group>cflowd>tcp-perf application)
[Tree] (config>app-assure>group>cflowd>comp application)
Full Context
configure application-assurance group cflowd rtp-performance application
configure application-assurance group cflowd tcp-performance application
configure application-assurance group cflowd comprehensive application
Description
This command configures applications to export performance records with cflowd.
The no form of this command removes the parameters from the configuration.
Parameters
- application-name
-
Specifies the name defined for the application.
- rate
-
Specifies which sampling flow rate to use; flow-rate or flow-rate2.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application application-name [create]
no application application-name
Context
[Tree] (config>app-assure>group>policy application)
Full Context
configure application-assurance group policy application
Description
This command creates an application of an application assurance policy.
The no form of this command deletes the application. To delete an application, all associations to the application must be removed.
Parameters
- application-name
-
Specifies a string of up to 32 characters uniquely identifying this application in the system.
- create
-
Mandatory keyword used when creating an application. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application application-name
Context
[Tree] (config>app-assure>group>policy>app-filter>entry application)
Full Context
configure application-assurance group policy app-filter entry application
Description
This command assigns this application filter entry to an existing application. Assigning the entry to Unknown application restores the default configuration.
Parameters
- application-name
-
Specifies an existing application name.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application {eq | neq} application-name
no application
Context
[Tree] (config>app-assure>group>policy>aqp>entry>match application)
[Tree] (config>app-assure>group>policy>charging-filter>entry>match application)
Full Context
configure application-assurance group policy app-qos-policy entry match application
configure application-assurance group policy charging-filter entry match application
Description
This command adds an application to match criteria used by this entry.
The no form of this command removes the application from match criteria for this entry.
Default
no application
Parameters
- eq
-
Specifies that the value configured and the value in the flow must be equal.
- neq
-
Specifies that the value configured and the value in the flow must differ.
- application-name
-
Specifies the name of name existing application name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application application-name export-using export-method [export-method...(up to 2 max)]
application application-name no-export
no application application-name
Context
[Tree] (config>app-assure>group>statistics>aa-sub application)
Full Context
configure application-assurance group statistics aa-sub application
Description
This command configures aa-sub accounting statistics for export of applications of a given AA ISA group/partition.
The no form of this command removes the application name.
Parameters
- application-name
-
Specifies an existing application name, up to 32 characters.
- export-method
-
Specifies the method of statistics export to be used.
- no-export
-
Allows the operator to enable the referred application group to be selected (via Diameter) for Gx-usage monitoring. Gx usage monitoring is enabled automatically (and this command is not shown) if the export-using parameter is selected for the respective application group.
Usage monitoring must be enabled at the group:partition level (config>app-assure>group>statistics>aa-sub>usage-monitoring) as well in order to allow any application/application group/charging group usage monitoring.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application {eq | neq} application-name
no application
Context
[Tree] (debug>app-assure>group>traffic-capture>match application)
Full Context
debug application-assurance group traffic-capture match application
Description
This command configures debugging on an application.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
[no] application application-name
Context
[Tree] (debug>app-assure>group>port-recorder application)
Full Context
debug application-assurance group port-recorder application
Description
This commands specifies the applications used as input by the port-recorder. Applications responsible for unknown or unidentified traffic are meant to be used by this tool.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
Output
The following sample configuration records TCP and UDP port numbers for the application "Unidentified TCP”.
Sample Output7750# show debug
debug
application-assurance
group 1:1
port-recorder
application "Unidentified TCP"
rate 100
no shutdown
exit
exit
exit
exit
application
Syntax
application {eq | neq} application-id
no application
Context
[Tree] (config>log>filter>entry>match application)
Full Context
configure log filter entry match application
Description
This command adds an OS application as an event filter match criterion.
An OS application is the software entity that reports the event. Applications include IP, MPLS, OSPF, CLI, SERVICES and so on. Only one application can be specified. The latest application command overwrites the previous command.
The no form of this command removes the application as a match criterion.
Parameters
- eq | neq
-
Specifies the operator match type. Valid operators are listed in Valid Operators.
Table 3. Valid Operators Operator
Notes
eq
equal to
neq
not equal to
- application-id
-
The application name string.
Platforms
All
application
Syntax
application app [ip-int-name | ip-address]
no application app
Context
[Tree] (config>system>security>source-address application)
Full Context
configure system security source-address application
Description
This command configures the source IP address specified by the source-address command.
The no form of this command removes the interface name or IP address from the command.
Parameters
- app
-
Specifies the application name.
- ip-int-name
-
Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- ip-address
-
Specifies the source IP address.
Platforms
All
application
Syntax
application application [keychain keychain-name]
no application application
Context
[Tree] (config>redundancy>multi-chassis>peer>sync>transport-encryption application)
Full Context
configure redundancy multi-chassis peer sync transport-encryption application
Description
This command configures transport encryption.
The no form of this command removes the specified application.
Parameters
- application
-
Specifies a Multi-Chassis Synchronization (MCS) client application
- keychain-name
-
Specifies a keychain name, up to 32 characters
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application
Syntax
application {eq | neq} app-group-name
no application
Context
[Tree] (config>app-assure>group>policy>chrg-fltr>entry>match application)
Full Context
configure application-assurance group policy charging-filter entry match application
Description
This command configures the addition of an application to the match criteria used by this charging filter entry.
The no form of this command removes the application match criteria.
Default
no application
Parameters
- eq
-
Specifies that the value configured and the value in the flow must be equal.
- neq
-
Specifies that the value configured and the value in the flow must differ.
- app-group-name
-
Specifies the name of the application group, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application-assurance
application-assurance
Syntax
application-assurance
Context
[Tree] (admin application-assurance)
Full Context
admin application-assurance
Description
Commands in this context perform Application Assurance (AA) configuration operations.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application-assurance
Syntax
application-assurance
Context
[Tree] (config application-assurance)
Full Context
configure application-assurance
Description
Commands in this context perform Application Assurance (AA) configuration operations.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application-assurance
Syntax
application-assurance
Context
[Tree] (config>system>persistence application-assurance)
Full Context
configure system persistence application-assurance
Description
Commands in this context configure application assurance persistence parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application-assurance
Syntax
application-assurance app-profile-name
Context
[Tree] (config>subscr-mgmt>http-rdr-plcy application-assurance)
Full Context
configure subscriber-mgmt http-redirect-policy application-assurance
Description
This command specifies the AA application profile used for HTTP redirect portal authentication. This forwards all UDP/TCP traffic to AA for packet filtering. Any forwarding entries under the HTTP redirect policy are not taken into account because only UDP/TCP can be configured. Outbound ICMP and ICMPv6 traffic is always dropped.
Parameters
- app-profile-name
-
Specifies an AA application profile name, up to 32 characters, that is configured in the config>app-assur>group>policy>app-prof context.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
application-assurance-group
application-assurance-group
Syntax
application-assurance-group application-assurance-group-index [create] [aa-sub-scale sub-scale]
no application-assurance-group application-assurance-group-index
Context
[Tree] (config>isa application-assurance-group)
Full Context
configure isa application-assurance-group
Description
Commands in this context create an application assurance group with the specified system-unique index and configure that group’s parameters.
The no form of this command deletes the specified application assurance group from the system. The group must be shutdown first.
Parameters
- application-assurance-group-index
-
Specifies an integer to identify the AA group
- create
-
Mandatory keyword used when creating an application assurance group in the ISA context. The create keyword requirement can be enabled or disabled in the environment>create context.
- sub-scale
-
Specifies the set of scaling limits that are supported with regards to the maximum number of AA subscribers per ISA, the max flow scale, and the corresponding policy scale that can be specified.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application-link-attributes
application-link-attributes
Syntax
[no] application-link-attributes
Context
[Tree] (config>router>isis>traffic-engineering-options application-link-attributes)
Full Context
configure router isis traffic-engineering-options application-link-attributes
Description
Commands in this context configure the advertisement of the TE attributes of each link on a per-application basis. Two applications are supported in SR OS: RSVP-TE and SR-TE.
The legacy mode of advertising TE attributes that is used in RSVP-TE is still supported but it can be disabled by using the no legacy command, which also enables per-application TE attribute advertisement for RSVP-TE.
The no form of this command deletes the context.
Default
no application-link-attributes
Platforms
All
application-policy
application-policy
Syntax
[no] application-policy name
Context
[Tree] (config>app-assure>group>transit-ip>diameter application-policy)
Full Context
configure application-assurance group transit-ip-policy diameter application-policy
Description
This command specifies the Diameter application to be used by seen IP transit subs. The application policy is defined using the config>subscr-mgmt>diameter-application-policy command.
The no form of this command removes the policy.
Default
no application-policy
Parameters
- name
-
Specifies the name of the application policy configured using the diameter-application-policy command up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
application6
application6
Syntax
application6 app ipv6-address
no application6 app
Context
[Tree] (config>service>vprn>source-address application6)
Full Context
configure service vprn source-address application6
Description
This command specifies the IPv6 source address and application.
The no form of this command removes the application and IPv6 address from the configuration.
Parameters
- app
-
Specifies the application name.
- ipv6-address
-
Specifies the IPv6 address.
Platforms
All
application6
Syntax
application6 app ipv6-address
no application6
Context
[Tree] (config>system>security>source-address application6)
Full Context
configure system security source-address application6
Description
This command configures the application to use the source IPv6 address specified by the source-address command.
The no form of this command removes the application and IPv6 address from the configuration.
Parameters
- app
-
Specifies the application name.
- ipv6-address
-
Specifies the IPv6 address.
Platforms
All
applications
applications
Syntax
applications all
applications [connectivity-management] [gx] [gy] [nasreq] [radius-auth] [radius-acct] [python] [ludb] [msap] [ppp-event]
no applications
Context
[Tree] (config>call-trace>trace-profile applications)
Full Context
configure call-trace trace-profile applications
Description
This command enables tracing of messages and events for the specified applications.
Default
applications all
Parameters
- all
-
Enables tracing of all packets and events, with the exception of PPP events.
- connectivity-management
-
Enables tracing for connectivity protocols, such as DHCP, ARP, and DHCPv6, and events related to connectivity management; for example, migrant or data-triggered host creation, idling, or session timeout.
- gx
-
Enables tracing of Diameter Gx messages.
- gy
-
Enables tracing of Diameter Gy messages.
- nasreq
-
Enables tracing of Diameter NASREQ messages.
- radius-auth
-
Enables tracing of messages and events related to RADIUS authentication, including CoA and Disconnect.
- radius-acct
-
Enables tracing of messages and events related to RADIUS-based accounting.
- python
-
Enables tracing of python script execution.
- ludb
-
Enables tracing of local user database lookups.
- msap
-
Enables tracing of MSAP creation events.
- ppp-event
-
Enables tracing of all events related to the PPP state machine. This can result in a large amount of event messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
apply-bgp-nh-override
apply-bgp-nh-override
Syntax
[no] apply-bgp-nh-override
Context
[Tree] (config>service>vprn>pim apply-bgp-nh-override)
Full Context
configure service vprn pim apply-bgp-nh-override
Description
This command forces the RPF check to be performed via IPv4 VPN AF next-hop and not via IPv4 VPN AF VRF import extended community.
Default
no apply-bgp-nh-override
Platforms
All
apply-function-specific-behavior
apply-function-specific-behavior
Syntax
[no] apply-function-specific-behavior
Context
[Tree] (config>app-assure>group>url-filter apply-function-specific-behavior)
Full Context
configure application-assurance group url-filter apply-function-specific-behavior
Description
If this command is enabled, the default-action, default-http-redirect, and http-redirect commands at the url-filter function level (ICAP, local filtering and web service) will apply.
The no form of this command indicates that the configuration at the url-filter level will apply to all of the configured url-filter functions.
Default
no apply-function-specific-behavior
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
apply-path
apply-path
Syntax
[no] apply-path
Context
[Tree] (config>filter>match-list>ipv6-prefix-list apply-path)
[Tree] (config>filter>match-list>ip-prefix-list apply-path)
Full Context
configure filter match-list ipv6-prefix-list apply-path
configure filter match-list ip-prefix-list apply-path
Description
Commands in this context configure the auto-generation of address prefixes for IPv4 or IPv6 address prefix match lists. The context in which the command is executed governs whether IPv4 or IPv6 prefixes will be auto-generated.
The no form of this command removes all auto-generation configuration under the apply-path context.
Default
no apply path
Platforms
All
apply-to
apply-to
Syntax
apply-to {all | none}
Context
[Tree] (config>service>vprn>pim apply-to)
Full Context
configure service vprn pim apply-to
Description
This command creates a PIM interface with default parameters.
If a manually created interface or modified interface is deleted, the interface will be recreated when the apply-to command is executed. If PIM is not required on a specific interface, then execute a shutdown command.
The apply-to command is saved first in the PIM configuration structure, all subsequent commands either create new structures or modify the defaults as created by the apply-to command.
Default
apply-to none
Parameters
- all
-
Specifies that all VPRN and non-VPRN interfaces are automatically applied in PIM.
- none
-
No interfaces are automatically applied in PIM. PIM interfaces must be manually configured.
Platforms
All
apply-to
Syntax
apply-to {ies | non-ies | all | none}
Context
[Tree] (config>router>pim apply-to)
Full Context
configure router pim apply-to
Description
This command creates a PIM interface with default parameters.
If a manually created or a modified interface is deleted, the interface is recreated when (re)processing the apply-to command and if PIM is not required on a specific interface a shutdown should be executed.
The apply-to command is first saved in the PIM configuration structure. Then, all subsequent commands either create new structures or modify the defaults as created by the apply-to command.
Default
apply-to none
Parameters
- ies
-
Specifies to apply all IES interfaces in PIM.
- non-ies
-
Specifies to apply non-IES interfaces created in PIM.
- all
-
Specifies to apply all IES and non-IES interfaces created in PIM.
- none
-
Removes all interfaces that are not manually created or modified. It also removes explicit no interface commands if present.
Platforms
All
aps
aps
Syntax
aps
Context
[Tree] (config>port aps)
Full Context
configure port aps
Description
This command configures APS (Automatic Protection Switching). APS is used by SONET/SDH add/drop multiplexers (ADMs) or other SONET/SDH-capable equipment to protect against circuit or equipment failure.
An APS group contains a working and a protect circuit and can span a single node (SC-APS) or two nodes (MC-APS).
The working and protection configurations on the 7750 SRs must match the circuit configurations on the peer. This means that the working circuit on the 7750 SR must be connected to the peer’s working circuit and the protect circuit must be connected to the peer’s protection circuit.
The aps command is only available for APS groups and not physical ports.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
aqp-initial-lookup
aqp-initial-lookup
Syntax
aqp-initial-lookup
no aqp-initial-lookup
Context
[Tree] (config>app-assure>group aqp-initial-lookup)
Full Context
configure application-assurance group aqp-initial-lookup
Description
This command allows AA to perform AQP lookups on flows prior to complete application identification. As usual, AQP will be looked up again on identification complete. Without this, AA executes AQPs that are part of what so called "sub-default policy”. Sub-default policy is formed by regular AQPs that contain ASOs, subID and/or flow direction as matching conditions.
This behavior is required, for example, in order to be able apply GTP and SCTP filtering on the first packet of a new GTP/SCTP flow (AQP matching conditions in this case contains protocol id).
The no form of this command forces complete AQP look up on identification finish stage only.
Default
no aqp-initial-lookup
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
arbiter
arbiter
Syntax
arbiter arbiter-name [create]
no arbiter arbiter-name
Context
[Tree] (config>qos>plcr-ctrl-plcy>tier arbiter)
Full Context
configure qos policer-control-policy tier arbiter
Description
This command is used to create an arbiter within the context of tier 1 or tier 2. An arbiter is a child policer bandwidth control object that manages the throughput of a set of child policers. An arbiter allows child policers or other arbiters to parent to one of eight strict levels. Each arbiter is itself parented to either another tiered arbiter or to the root arbiter.
The root arbiter starts with its defined maximum rate and distributes the bandwidth to its directly attached child policers and arbiters beginning with priority 8. As the children at each priority level are distributed bandwidth according to their needs and limits, the root proceeds to the next lower priority until either all children’s needs are met or it runs out of bandwidth. The bandwidth given to a tiered arbiter is then divided between that arbiter’s children (child policers or a tier 2 arbiter) in the same fashion. A tiered arbiter may also have a rate limit defined that limits the amount of bandwidth it may receive from its parent.
An arbiter that is currently parented by another arbiter cannot be deleted.
Each time the policer-control-policy is applied to either a SAP, or a subscriber (through association with a sub-profile that has the policy applied), or a multiservice site, an instance of the parent policer and the arbiters is created.
Any child policer that uses the arbiter’s name in its parenting command will be associated with the arbiter instance. The child policer will also become associated with any arbiter to which its parent arbiter is parented (grandparent). Having child policers parented to an arbiter does not prevent that arbiter from being removed from the policer-control-policy. When removed, the child policers become orphaned.
You can create up to 31 tiered arbiters within the policer-control-policy on either tier 1 or tier 2 (in addition to the arbiter).
The no form of this command is used to remove an arbiter from tier 1 or tier 2. If the specified arbiter does not exist, the command returns without an error. If the specified arbiter is currently specified as the parent for another arbiter, the command will fail. When an arbiter is removed from a policer-control-policy, all instances of the arbiter will also be removed. Any child policers currently parented to the arbiter instance will become orphans and will not be bandwidth managed by the policer control policy instances parent policer.
Parameters
- arbiter-name
-
Any unique name within the policy. Up to 31 arbiters may be created.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
area
area
Syntax
[no] area area-id
Context
[Tree] (config>service>vprn>ospf3 area)
[Tree] (config>service>vprn>ospf area)
Full Context
configure service vprn ospf3 area
configure service vprn ospf area
Description
This command creates the context to configure an OSPF area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted decimal notation or as a 32-bit decimal integer.
The no form of this command deletes the specified area from the configuration. Deleting the area also removes the OSPF configuration of all the interfaces, virtual-links, sham-links, address-ranges and so on, that are currently assigned to this area.
Default
no area — No OSPF areas are defined.
Parameters
- area-id
-
The OSPF area ID expressed in dotted decimal notation or as a 32-bit decimal integer.
Platforms
All
area
Syntax
[no] area area-id
Context
[Tree] (config>router>ospf3 area)
[Tree] (config>router>ospf area)
Full Context
configure router ospf3 area
configure router ospf area
Description
This command creates the context to configure an OSPF or OSPF3 area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted decimal notation or as a 32-bit decimal integer.
The no form of this command deletes the specified area from the configuration. Deleting the area also removes the OSPF configuration of all the interfaces, virtual-links, and address-ranges and so on, that are currently assigned to this area.
Default
no area
Parameters
- area-id
-
The OSPF area ID expressed in dotted decimal notation or as a 32-bit decimal integer.
Platforms
All
area
Syntax
area [area-id]
no area
Context
[Tree] (debug>router>ospf area)
[Tree] (debug>router>ospf3 area)
Full Context
debug router ospf area
debug router ospf3 area
Description
This command enables debugging for an OSPF area.
Parameters
- area-id
-
Specifies the OSPF area ID expressed in dotted decimal notation or as a 32-bit decimal integer.
Platforms
All
area
Syntax
area area-id
no area
Context
[Tree] (config>router>policy-options>policy-statement>entry>from area)
Full Context
configure router policy-options policy-statement entry from area
Description
This command configures an OSPF area as a route policy match criterion.
This match criterion is only used in export policies.
All OSPF routes (internal and external) are matched using this criterion if the best path for the route is by the specified area.
The no form of this command removes the OSPF area match criterion.
Default
no area
Parameters
- area-id
-
Specifies the OSPF area ID expressed in dotted decimal notation or as a 32-bit decimal integer.
Platforms
All
area-id
area-id
Syntax
[no] area-id area-address
Context
[Tree] (config>service>vprn>isis area-id)
Full Context
configure service vprn isis area-id
Description
This command configures the area ID portion of NSAP addresses for the VPRN instance. This identifies a point of connection to the network, such as a router interface, and is called a Network Service Access Point (NSAP). Addresses in the IS-IS protocol are based on the ISO NSAP addresses and Network Entity Titles (NETs), not IP addresses.
A maximum of 3 area addresses can be configured for the VPRN instance.
NSAP addresses are divided into three parts. Only the area ID portion is configurable.
-
Area ID — A variable length field between 1 and 13 bytes long. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.
-
System ID — A six-byte system identification. This value is not configurable. The system ID is derived from the system or router ID.
-
Selector ID — A one-byte selector identification that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.
The NET is constructed like an NSAP but the selector byte contains a 00 value. NET addresses are exchanged in hello and LSP PDUs. All net addresses configured on the node are advertised to its neighbors.
For Level 1 interfaces, neighbors can have different area IDs, but, they must have at least one area ID (AFI + area) in common. Sharing a common area ID, they become neighbors and area merging between the potentially different areas can occur.
For Level 2 (only) interfaces, neighbors can have different area IDs. However, if they have no area IDs in common, they become only Level 2 neighbors and Level 2 LSPs are exchanged.
For Level 1 and Level 2 interfaces, neighbors can have different area IDs. If they have at least one area ID (AFI + area) in common, they become neighbors. In addition to exchanging Level 2 LSPs, area merging between potentially different areas can occur.
If multiple area-id commands are entered, the system ID of all subsequent entries must match the first area address.
The no form of this command removes the area address.
Platforms
All
area-id
Syntax
[no] area-id area-address
Context
[Tree] (config>router>isis area-id)
Full Context
configure router isis area-id
Description
This command was previously named the net network-entity-title command. The area-id command allows you to configure the area ID portion of NSAP addresses which identifies a point of connection to the network, such as a router interface, and is called a Network Service Access Point (NSAP). Addresses in the IS-IS protocol are based on the ISO NSAP addresses and Network Entity Titles (NETs), not IP addresses.
A maximum of three area addresses can be configured.
NSAP addresses are divided into three parts. Only the area ID portion is configurable.
-
Area ID — A variable length field between 1 and 13 bytes long. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.
-
System ID — A six-byte system identification. This value is not configurable. The system ID is derived from the system or router ID.
-
Selector ID — A one-byte selector identification that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.
The NET is constructed like an NSAP but the selector byte contains a 00 value. NET addresses are exchanged in hello and LSP PDUs. All net addresses configured on the node are advertised to its neighbors.
For Level 1 interfaces, neighbors can have different area IDs, but, they must have at least one area ID (AFI + area) in common. Sharing a common area ID, they become neighbors and area merging between the potentially different areas can occur.
For Level 2 (only) interfaces, neighbors can have different area IDs. However, if they have no area IDs in common, they become only Level 2 neighbors and Level 2 LSPs are exchanged.
For Level 1 and Level 2 interfaces, neighbors can have different area IDs. If they have at least one area ID (AFI + area) in common, they become neighbors. In addition to exchanging Level 2 LSPs, area merging between potentially different areas can occur.
If multiple area-id commands are entered, the system ID of all subsequent entries must match the first area address.
The no form of this command removes the area address.
Parameters
- area-address
-
Specifies a 1 — 13-byte address. Of the total 20 bytes comprising the NET, only the first 13 bytes can be manually configured. As few as one byte can be entered or, at most, 13 bytes. If less than 13 bytes are entered, the rest is padded with zeros.
Platforms
All
area-range
area-range
Syntax
area-range ip-prefix/prefix-length [advertise | not-advertise]
no area-range ip-prefix/mask
area-range ipv6-prefix/prefix-length [advertise | not-advertise]
no area-range ipv6-prefix/prefix-length
Context
[Tree] (config>service>vprn>ospf>area area-range)
[Tree] (config>service>vprn>ospf3>area>nssa area-range)
[Tree] (config>service>vprn>ospf>area>nssa area-range)
[Tree] (config>service>vprn>ospf3>area area-range)
Full Context
configure service vprn ospf area area-range
configure service vprn ospf3 area nssa area-range
configure service vprn ospf area nssa area-range
configure service vprn ospf3 area area-range
Description
This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, it is configured to be advertised or not advertised into other areas. Multiple range commands are used to summarize or hide different ranges. In the case of overlapping ranges, the most specific range command applies.
ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.
The no form of this command deletes the range (non) advertisement.
Default
no area-range
Parameters
- ipv6-prefix/prefix-length
-
The IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.
- mask
-
The subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation.
- advertise | not-advertise
-
Specifies whether or not to advertise the summarized range of addresses into other areas. The advertise keyword indicates the range will be advertised, and the keyword not-advertise indicates the range will not be advertised.
The default is advertise.
Platforms
All
area-range
Syntax
area-range ip-prefix/mask [ advertise | not-advertise]
no area-range ip-prefix/mask
Context
[Tree] (config>router>ospf>area area-range)
[Tree] (config>router>ospf>area>nssa area-range)
Full Context
configure router ospf area area-range
configure router ospf area nssa area-range
Description
This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised into other areas. Multiple range commands may be used to summarize or hide different ranges. In the case of overlapping ranges, the most specific range command applies.
ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.
The no form of this command deletes the range (non) advertisement.
Default
no area-range
Parameters
- ip-prefix
-
Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.
- mask
-
Specifies the subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation.
- advertise | not-advertise
-
Specifies whether to advertise the summarized range of addresses into other areas. The advertise keyword indicates the range will be advertised, and the keyword not-advertise indicates the range will not be advertised.
Platforms
All
area-range
Syntax
area-range ipv4-prefix/mask | ipv6-prefix/prefix-length [advertise | not-advertise]
no area-range ipv4-prefix/mask | ipv6-prefix/prefix-length
Context
[Tree] (config>router>ospf3>area area-range)
[Tree] (config>router>ospf3>area>nssa area-range)
Full Context
configure router ospf3 area area-range
configure router ospf3 area nssa area-range
Description
This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised into other areas. Multiple range commands may be used to summarize or hide different ranges. In the case of overlapping ranges, the most specific range command applies.
ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.
The no form of this command deletes the range (non) advertisement.
Default
no area-range
Parameters
- ip-prefix/prefix-length
-
Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.
- advertise | not-advertise
-
Specifies whether or not to advertise the summarized range of addresses into other areas. The advertise keyword indicates the range will be advertised, and the keyword not-advertise indicates the range will not be advertised.
Platforms
All
area-range
Syntax
area-range [ip-address]
no area-range
Context
[Tree] (debug>router>ospf area-range)
[Tree] (debug>router>ospf3 area-range)
Full Context
debug router ospf area-range
debug router ospf3 area-range
Description
This command enables debugging for an OSPF area range.
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address for the range used by the ABR to advertise the area into another area.
Platforms
All
arp
arp
Syntax
arp arp-value
no arp
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile>mme>qos arp)
[Tree] (config>subscr-mgmt>gtp>peer-profile>ggsn>qos arp)
[Tree] (config>subscr-mgmt>gtp>peer-profile>pgw>qos arp)
Full Context
configure subscriber-mgmt gtp peer-profile mme qos arp
configure subscriber-mgmt gtp peer-profile ggsn qos arp
configure subscriber-mgmt gtp peer-profile pgw qos arp
Description
The command configures the allocation and retention priority to be used in the GTP messages as QoS IE (for a Gn interface) or Bearer QoS (for GTPv2).
The no form of this command reverts to the default.
Default
arp 1
Parameters
- arp-value
-
Specifies the Allocation/Retention Priority (ARP).
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
arp
Syntax
arp
Context
[Tree] (config>service>vprn>if>vpls>evpn arp)
[Tree] (config>service>ies>if>vpls>evpn arp)
Full Context
configure service vprn interface vpls evpn arp
configure service ies interface vpls evpn arp
Description
Commands in this context configure ARP host route parameters.
Platforms
All
arp
Syntax
arp
Context
[Tree] (debug>router>ip arp)
Full Context
debug router ip arp
Description
This command configures route table debugging.
Platforms
All
arp-host
arp-host
Syntax
arp-host
Context
[Tree] (config>service>vpls>sap arp-host)
[Tree] (config>service>vprn>sub-if>grp-if arp-host)
[Tree] (config>subscr-mgmt>msap-policy>vpls-only arp-host)
[Tree] (config>service>ies>sub-if>grp-if arp-host)
Full Context
configure service vpls sap arp-host
configure service vprn subscriber-interface group-interface arp-host
configure subscriber-mgmt msap-policy vpls-only-sap-parameters arp-host
configure service ies subscriber-interface group-interface arp-host
Description
Commands in this context configure ARP host parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
arp-host
Syntax
[no] arp-host
Context
[Tree] (debug>service>id arp-host)
Full Context
debug service id arp-host
Description
This command enables and configures ARP host debugging.
The no form of this command disables ARP host debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
arp-host-route
arp-host-route
Syntax
arp-host-route
Context
[Tree] (config>service>vprn>if arp-host-route)
[Tree] (config>service>ies>if arp-host-route)
Full Context
configure service vprn interface arp-host-route
configure service ies interface arp-host-route
Description
Commands in this context configure ARP host routes to populate.
Platforms
All
arp-learn-unsolicited
arp-learn-unsolicited
Syntax
[no] arp-learn-unsolicited
Context
[Tree] (config>service>vprn>if arp-learn-unsolicited)
[Tree] (config>router>if arp-learn-unsolicited)
[Tree] (config>service>ies>if arp-learn-unsolicited)
Full Context
configure service vprn interface arp-learn-unsolicited
configure router interface arp-learn-unsolicited
configure service ies interface arp-learn-unsolicited
Description
This command allows the ARP application to learn new entries based on any received ARP message (GARP, ARP-Request, or ARP-Reply, such as any frame with ethertype 0x0806).
The no form of this command disables the above behavior and causes ARP entries to only be learned when needed, that is, when the router receives an ARP-reply after an ARP-request triggered by received traffic.
Platforms
All
arp-limit
arp-limit
Syntax
arp-limit limit [log-only] [threshold percent]
no arp-limit
Context
[Tree] (config>service>ies>interface arp-limit)
Full Context
configure service ies interface arp-limit
Description
This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface.
When the number of dynamic ARP entries reaches the configured percentage of this limit, a log event is raised. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.
The no form of this command removes the arp-limit.
Default
no arp-limit
Parameters
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
- percent
-
The threshold value (as a percentage) that triggers a warning message to be sent.
- limit
-
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic ARP learning is disabled and no dynamic ARP entries are learned.
Platforms
All
arp-limit
Syntax
arp-limit limit [log-only] [threshold percent]
no arp-limit
Context
[Tree] (config>service>vprn>if arp-limit)
Full Context
configure service vprn interface arp-limit
Description
This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface.
When the number of dynamic ARP entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.
The no form of this command removes the arp-limit.
Default
90 percent
Parameters
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
- percent
-
The threshold value (as a percentage) that triggers a warning message to be sent.
- limit
-
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic ARP learning is disabled and no dynamic ARP entries are learned.
Platforms
All
arp-limit
Syntax
arp-limit limit [log-only] [threshold percent]
no arp-limit
Context
[Tree] (config>router>if arp-limit)
Full Context
configure router interface arp-limit
Description
This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface.
When the number of dynamic ARP entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.
The no form of this command removes the arp-limit.
Default
no arp-limit
Parameters
- limit
-
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic ARP learning is disabled and no dynamic ARP entries are learned.
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
- percent
-
The threshold value (as a percentage) that triggers a warning message to be sent.
Platforms
All
arp-nd-extended-community-advertisement
arp-nd-extended-community-advertisement
Syntax
[no] arp-nd-extended-community-advertisement
Context
[Tree] (config>service>vpls>bgp-evpn arp-nd-extended-community-advertisement)
Full Context
configure service vpls bgp-evpn arp-nd-extended-community-advertisement
Description
This command enables the advertisement of the RFC9047 ARP/ND extended community along with the MAC/IP routes that are advertised for local static and dynamic proxy ARP or ND entries. This command also controls the processing of the ARP/ND extended community and the selection of ARP or ND entries based on the inmutable flag.
The no form of this command disables the advertisement of the RFC9047 ARP/ND extended community.
Default
no arp-nd-extended-community-advertisement
Platforms
All
arp-populate
arp-populate
Syntax
[no] arp-populate
Context
[Tree] (config>service>ies>if arp-populate)
[Tree] (config>service>vprn>sub-if>grp-if arp-populate)
[Tree] (config>service>ies>sub-if>grp-if arp-populate)
[Tree] (config>service>vprn>if arp-populate)
Full Context
configure service ies interface arp-populate
configure service vprn subscriber-interface group-interface arp-populate
configure service ies subscriber-interface group-interface arp-populate
configure service vprn interface arp-populate
Description
This command, when enabled, disables dynamic learning of ARP entries. Instead, the ARP table is populated with static and dynamic entries from the DHCP Lease State Table (enabled with lease-populate), and optionally with static entries entered with the static-host command.
The host’s IP address and MAC address are placed in the system ARP cache as a managed entry. Static hosts must be defined on the interface using the static-host command. Dynamic hosts are enabled on the system through enabling lease-populate in the IP interface DHCP context.
In the event that both a static host and a dynamic host share the same IP and MAC address, the system’s ARP cache retains the host information until both the static and dynamic information are removed.
Both static and dynamic hosts override static ARP entries. Static ARP entries are marked as inactive when they conflict with static or dynamic hosts and will be repopulated once all static and dynamic host information for the IP address are removed. Since static ARP entries are not possible when static subscriber hosts are defined or when DHCP lease state table population is enabled, conflict between static ARP entries and the arp-populate function is not an issue.
Enabling the arp-populate command removes any dynamic ARP entries learned on this interface from the ARP cache.
The arp-populate command fails if an existing static ARP entry exists for this interface.
When arp-populate is enabled, the system does not send out ARP requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with arp-populate enabled. The arp-populate command can only be enabled on IES and VPRN interfaces supporting Ethernet encapsulation.
The no form of this command disables ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information for this interface is removed from the system’s ARP cache. Any existing static ARP entries previously inactive due to static or dynamic hosts will be populated in the system ARP cache.
Default
no arp-populate
Platforms
All
- configure service vprn interface arp-populate
- configure service ies interface arp-populate
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface arp-populate
- configure service ies subscriber-interface group-interface arp-populate
arp-populate-host-route
arp-populate-host-route
Syntax
[no] arp-populate-host-route
Context
[Tree] (config>service>ies>if arp-populate-host-route)
Full Context
configure service ies interface arp-populate-host-route
Description
This command enables the addition or deletion of host routes in the route table derived from ARP entries in the ARP cache. To enable this command, the interface must be shut down. The command triggers the population of host routes in the route table out of their corresponding static, dynamic, or EVPN types in the ARP table. ARP entries installed by subscriber management, local interfaces, and others, do not create host routes.
The no form of this command disables the creation of host routes from the ARP cache.
Platforms
All
arp-proactive-refresh
arp-proactive-refresh
Syntax
[no] arp-proactive-refresh
Context
[Tree] (config>service>ies>if arp-proactive-refresh)
Full Context
configure service ies interface arp-proactive-refresh
Description
This command enables the router to always send out a single refresh message with no entries 30 seconds prior to the timeout of the entry.
The no form of this command sets the default behavior, in which an entry is marked as stale 30 seconds prior to age-out, and the router only sends an ARP request to refresh the entry if the IOM receives traffic that uses it. If so, the IOM asks the ARP application to send a refresh message. With arp-proactive-refresh enabled, the ARP module sends a refresh message regardless of whether the IOM receives traffic.
Platforms
All
arp-proactive-refresh
Syntax
[no] arp-proactive-refresh
Context
[Tree] (config>service>vprn>if arp-proactive-refresh)
Full Context
configure service vprn interface arp-proactive-refresh
Description
This command enables the router to always send out a refresh message 30 seconds prior to the timeout of the entry (a single refresh message with no retries).
The no form of this command sets the default behavior, in which an entry is marked as stale 30 seconds prior to age-out, and the router only sends an ARP request to refresh the entry if the IOM receives traffic that uses it. If so, the IOM asks the ARP application to send a refresh message. With arp-proactive-refresh enabled, the ARP module sends a refresh message regardless of the IOM receiving traffic.
Platforms
All
arp-proactive-refresh
Syntax
[no] arp-proactive-refresh
Context
[Tree] (config>router>if arp-proactive-refresh)
Full Context
configure router interface arp-proactive-refresh
Description
This command enables the router to always send out a refresh message 30 seconds prior to the timeout of the entry (a single refresh message with no retries).
The no form of this command sets the default behavior, in which an entry is marked as stale 30 seconds prior to age-out, and the router only sends an ARP request to refresh the entry if the IOM receives traffic that uses it. If so, the IOM asks the ARP application to send a refresh message. With arp-proactive-refresh enabled, the ARP module sends a refresh message regardless of the IOM receiving traffic.
Platforms
All
arp-reply-agent
arp-reply-agent
Syntax
arp-reply-agent [sub-ident]
no arp-reply-agent
Context
[Tree] (config>service>vpls>sap arp-reply-agent)
Full Context
configure service vpls sap arp-reply-agent
Description
This command enables a special ARP response mechanism in the system for ARP requests destined to static or dynamic hosts associated with the SAP. The system responds to each ARP request using the host’s MAC address as the both the source MAC address in the Ethernet header and the target hardware address in the ARP header.
ARP replies and requests received on a SAP with arp-reply-agent enabled is evaluated by the system against the anti-spoof filter entries associated with the ingress SAP (if the SAP has anti-spoof filtering enabled). ARPs from unknown hosts on the SAP is discarded when anti-spoof filtering is enabled.
The ARP reply agent only responds if the ARP request enters an interface (SAP, spoke SDP or mesh SDP) associated with the VPLS instance of the SAP.
A received ARP request that is not in the ARP reply agent table is flooded to all forwarding interfaces of the VPLS capable of broadcast except the ingress interface while honoring split-horizon constraints.
Static hosts can be defined on the SAP using the host command. Dynamic hosts are enabled on the system by enabling the lease-populate command in the SAP’s dhcp context. If both a static host and a dynamic host share the same IP and MAC address, the VPLS ARP reply agent will retain the host information until both the static and dynamic information are removed. If both a static and dynamic host share the same IP address, but different MAC addresses, the VPLS ARP reply agent is populated with the static host information.
The arp-reply-agent command fails if an existing static host on the SAP does not have both MAC and IP addresses specified. Once the ARP reply agent is enabled, creating a static host on the SAP without both an IP address and MAC address will fail.
The apr-reply-agent can only be enabled on SAPs supporting Ethernet encapsulation.
The no form of the command disables arp-reply-agent functions for static and dynamic hosts on the SAP.
Default
no arp-reply-agent
Parameters
- sub-ident
-
Configures the arp-reply-agent to discard ARP requests received on the SAP that are targeted for a known host on the same SAP with the same subscriber identification.
Hosts are identified by their subscriber information. For DHCP subscriber hosts, the subscriber hosts, the subscriber information is configured using the optional subscriber parameter string.
When arp-reply-agent is enabled with sub-ident:
-
If the subscriber information for the destination host exactly matches the subscriber information for the originating host and the destination host is known on the same SAP as the source, the ARP request is silently discarded.
-
If the subscriber information for the destination host or originating host is unknown or undefined, the source and destination hosts are not considered to be the same subscriber. The ARP request is forwarded outside the SAP’s Split Horizon Group.
-
When sub-ident is not configured, the arp-reply-agent does not attempt to identify the subscriber information for the destination or originating host and will not discard an ARP request based on subscriber information.
-
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
arp-reply-agent
Syntax
arp-reply-agent [sub-ident]
no arp-reply-agent
Context
[Tree] (config>subscr-mgmt>msap-policy>vpls-only arp-reply-agent)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters arp-reply-agent
Description
This command enables a special ARP response mechanism in the system for ARP requests destined to static or dynamic hosts associated with the SAP. The system responds to each ARP request using the hosts MAC address as the both the source MAC address in the Ethernet header and the target hardware address in the ARP header.
ARP replies and requests received on an MSAP with arp-reply-agent enabled is evaluated by the system against the anti-spoof filter entries associated with the ingress SAP (if the SAP has anti-spoof filtering enabled). ARPs from unknown hosts on the SAP is discarded when anti-spoof filtering is enabled.
The ARP reply agent only responds if the ARP request enters an interface (SAP, spoke-SDP or mesh-SDP) associated with the VPLS instance of the MSAP.
A received ARP request that is not in the ARP reply agent table is flooded to all forwarding interfaces of the VPLS capable of broadcast except the ingress interface while honoring split-horizon constraints.
Static hosts can be defined using the host command. Dynamic hosts are enabled on the system by enabling the lease-populate command in the dhcp context. In the event that both a static host and a dynamic host share the same IP and MAC address, the VPLS ARP reply agent will retain the host information until both the static and dynamic information are removed. In the event that both a static and dynamic host share the same IP address, but different MAC addresses, the VPLS ARP reply agent is populated with the static host information.
The arp-reply-agent command will fail if an existing static host does not have both MAC and IP addresses specified. Once the ARP reply agent is enabled, creating a static host on the MSAP without both an IP address and MAC address will fail.
The ARP-reply-agent may only be enabled on SAPs supporting Ethernet encapsulation.
The no form of this command disables ARP-reply-agent functions for static and dynamic hosts on the MSAP.
Parameters
- sub-ident
-
Configures the arp-reply-agent to discard ARP requests received on the MSAP that are targeted for a known host on the same MSAP with the same subscriber identification.
Hosts are identified by their subscriber information. For DHCP subscriber hosts, the subscriber hosts, the subscriber information is configured using the optional subscriber parameter string.
When arp-reply-agent is enabled with sub-ident:
-
If the subscriber information for the destination host exactly matches the subscriber information for the originating host and the destination host is known on the same MSAP as the source, the ARP request is silently discarded.
-
If the subscriber information for the destination host or originating host is unknown or undefined, the source and destination hosts are not considered to be the same subscriber. The ARP request is forwarded outside the MSAP’s Split Horizon Group.
-
When sub-ident is not configured, the arp-reply-agent does not attempt to identify the subscriber information for the destination or originating host and will not discard an ARP request based on subscriber information.
-
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
arp-retry-timer
arp-retry-timer
Syntax
arp-retry-timer timer-multiple
no arp-retry-timer
Context
[Tree] (config>service>ies>if arp-retry-timer)
Full Context
configure service ies interface arp-retry-timer
Description
This command allows the arp retry timer to be configured to a specific value.
The timer value is entered as a multiple of 100 ms. So a timer value of 1, means the ARP timer will be set to 100 ms.
The no form of this command removes the command from the active configuration and returns the ARP retry timer to its default value of 5 seconds.
Default
arp-retry-timer 50
Parameters
- timer-multiple
-
Specifies the multiple of 100 ms that the ARP retry timer will be configured as.
Platforms
All
arp-retry-timer
Syntax
arp-retry-timer timer-multiple
no arp-retry-timer
Context
[Tree] (config>service>vprn>if arp-retry-timer)
[Tree] (config>service>vprn>network-interface arp-retry-timer)
Full Context
configure service vprn interface arp-retry-timer
configure service vprn network-interface arp-retry-timer
Description
This command allows the arp retry timer to be configured to a specific value.
The timer value is entered as a multiple of 100 ms. So a timer value of 1, means the ARP timer will be set to 100 ms.
The no form of this command removes the command from the active configuration and returns the ARP retry timer to its default value of 5 s.
Default
arp-retry-timer 50
Parameters
- timer-multiple
-
Specifies the multiple of 100 ms that the ARP retry timer will be configured as.
Platforms
All
arp-retry-timer
Syntax
arp-retry-timer timer-multiple
no arp-retry-timer
Context
[Tree] (config>router>if arp-retry-timer)
Full Context
configure router interface arp-retry-timer
Description
This command allows the arp retry timer to be configured to a specific value.
The timer value is entered as a multiple of 100 ms. So a timer value of 1, means the ARP timer will be set to 100 ms.
The no form of this command removes the command from the active configuration and returns the ARP retry timer to its default value of 5 seconds.
Default
arp-retry-timer 50
Parameters
- timer-multiple
-
Specifies the multiple of 100 ms that the ARP retry timer will be configured as.
Platforms
All
arp-timeout
arp-timeout
Syntax
arp-timeout seconds
no arp-timeout
Context
[Tree] (config>service>ies>sub-if>grp-if arp-timeout)
[Tree] (config>service>vprn>sub-if>grp-if arp-timeout)
[Tree] (config>service>ies>if arp-timeout)
[Tree] (config>service>vprn>if arp-timeout)
Full Context
configure service ies subscriber-interface group-interface arp-timeout
configure service vprn subscriber-interface group-interface arp-timeout
configure service ies interface arp-timeout
configure service vprn interface arp-timeout
Description
This command configures the minimum time in seconds an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.
When the arp-populate and lease-populate commands are enabled on an interface, the ARP table entries will no longer be dynamically learned, but instead by snooping DHCP ACK message from a DHCP server. In this case the configured arp-timeout value has no effect.
The default value for arp-timeout is 14400 seconds (4 hours).
The no form of this command reverts to the default value.
Default
arp-timeout 14400
Parameters
- seconds
-
Specifies the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries will not be aged.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface arp-timeout
- configure service ies subscriber-interface group-interface arp-timeout
All
- configure service vprn interface arp-timeout
- configure service ies interface arp-timeout
arp-timeout
Syntax
arp-timeout seconds
no arp-timeout
Context
[Tree] (config>service>vpls>interface arp-timeout)
Full Context
configure service vpls interface arp-timeout
Description
This command configures the minimum time in seconds an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.
The default value for arp-timeout is 14400 seconds (4 hours).
The no form of this command restores arp-timeout to the default value.
Default
arp-timeout 14400
Parameters
- seconds
-
The minimum number of seconds a learned ARP entry will be stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries will not be aged.
Platforms
All
arp-timeout
Syntax
arp-timeout seconds
no arp-timeout
Context
[Tree] (config>router>if arp-timeout)
Full Context
configure router interface arp-timeout
Description
This command configures the minimum time, in seconds, an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host. Otherwise, the ARP entry is aged from the ARP table. If the arp-timeout value is set to 0 seconds, ARP aging is disabled.
The no form of this command reverts to the default value.
Default
no arp-timeout
Parameters
- seconds
-
The minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of 0 specifies that the timer is inoperative and learned ARP entries will not be aged.
Platforms
All
as-matrix
as-matrix
Syntax
[no] as-matrix
Context
[Tree] (config>cflowd>collector>aggregation as-matrix)
Full Context
configure cflowd collector aggregation as-matrix
Description
This command specifies that the aggregation data should be based on autonomous system (AS) information. An AS matrix contains packet and byte counters for traffic from either source-destination autonomous systems or last-peer to next-peer autonomous systems.
The no form of this command removes this type of aggregation from the collector configuration.
Default
no as-matrix
Platforms
All
as-override
as-override
Syntax
[no] as-override
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy as-override)
Full Context
configure subscriber-mgmt bgp-peering-policy as-override
Description
This command replaces all instances of the peer's AS number with the local AS number in a BGP route's AS_PATH.
This command breaks BGP's loop detection mechanism. It should be used carefully.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
as-override
Syntax
[no] as-override
Context
[Tree] (config>service>vprn>bgp>group as-override)
[Tree] (config>service>vprn>bgp>group>neighbor as-override)
Full Context
configure service vprn bgp group as-override
configure service vprn bgp group neighbor as-override
Description
This command replaces all instances of the peer's AS number with the local AS number in a BGP route's AS_PATH.
This command breaks BGP's loop detection mechanism. It should be used carefully.
Default
no as-override
Platforms
All
as-override
Syntax
[no] as-override
Context
[Tree] (config>router>bgp>group as-override)
[Tree] (config>router>bgp>group>neighbor as-override)
Full Context
configure router bgp group as-override
configure router bgp group neighbor as-override
Description
This command enables BGP to monitor the outbound routes toward the peer and whenever there is a route with the peer’s autonomous system number (ASN) in the AS_PATH, all occurrences are removed and replaced with the advertising router’s local ASN (or its confederation ID if the peer is outside the confederation).
In the group context, the no form of this command disables the functionality. In the neighbor context, the no form of this command causes the setting to be inherited from the group level.
Default
no as-override
Platforms
All
as-path
as-path
Syntax
[no] as-path name
Context
[Tree] (config>router>policy-options as-path)
Full Context
configure router policy-options as-path
Description
This command creates a route policy AS path to use in route policy entries.
The no form of this command deletes the AS path.
Default
no as-path
Parameters
- name
-
The AS path regular expression name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
as-path
Syntax
as-path name
no as-path
Context
[Tree] (config>router>policy-options>policy-statement>entry>from as-path)
Full Context
configure router policy-options policy-statement entry from as-path
Description
This command configures an AS path regular expression statement as a match criterion for the route policy entry.
If no AS path criterion is specified, any AS path is considered to match.
AS path regular expression statements are configured at the global route policy level (config>router>policy-options>as-path name).
The no form of this command removes the AS path regular expression statement as a match criterion.
Default
no as-path
Parameters
- name
-
Specifies the AS path regular expression name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end", " @variable@end", or "start@variable@".
Platforms
All
as-path
Syntax
as-path {add | replace} name
no as-path
Context
[Tree] (config>router>policy-options>policy-statement>default-action as-path)
[Tree] (config>router>policy-options>policy-statement>entry>action as-path)
Full Context
configure router policy-options policy-statement default-action as-path
configure router policy-options policy-statement entry action as-path
Description
This command assigns a BGP AS path list to routes matching the route policy statement entry.
If no AS path list is specified, the AS path attribute is not changed.
The no form of this command disables the AS path list editing action from the route policy entry.
Default
no as-path
Parameters
- add
-
Specifies that the AS path list is to be prepended to an existing AS list.
- replace
-
Specifies AS path list replaces any existing as path attribute.
- name
-
Specifies the AS path list name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".
The name specified must already be defined.
Platforms
All
as-path-group
as-path-group
Syntax
[no] as-path-group name
Context
[Tree] (config>router>policy-options as-path-group)
Full Context
configure router policy-options as-path-group
Description
This command creates a route policy AS path regular expression statement to use in route policy entries.
The no form of this command deletes the AS path regular expression statement.
Default
no as-path-group
Parameters
- name
-
Specifies the AS path regular expression name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.
Platforms
All
as-path-group
Syntax
as-path-group name
no as-path-group name
Context
[Tree] (config>router>policy-options>policy-statement>entry>from as-path-group)
Full Context
configure router policy-options policy-statement entry from as-path-group
Description
This command creates a route policy AS path regular expression statement to use in route policy entries.
The no form of this command deletes the AS path regular expression statement.
Default
no as-path-group
Parameters
- name
-
Specifies the AS path regular expression name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end", " @variable@end", or "start@variable@".
Platforms
All
as-path-ignore
as-path-ignore
Syntax
as-path-ignore [ipv4] [ipv6] [ label-ipv4] [label-ipv6]
no as-path-ignore
Context
[Tree] (config>service>vprn>bgp>path-selection as-path-ignore)
Full Context
configure service vprn bgp best-path-selection as-path-ignore
Description
This command configures whether AS path length is considered in the selection of the best BGP route for a prefix.
If an address family is listed in this command, the length of AS paths is not a factor in the route selection process for routes of that address family.
The no form of this command removes the parameter from the configuration.
Default
no as-path-ignore
Parameters
- ipv4
-
Specifies that the AS path length is ignored for all unlabeled unicast IPv4 routes.
- ipv6
-
Specifies that the AS path length is ignored for all unlabeled unicast IPv6 routes.
- label-ipv4
-
Specifies that the AS path length is ignored for all labeled unicast IPv4 routes.
- label-ipv6
-
Specifies that the AS path length is ignored for all labeled unicast IPv6 routes.
Platforms
All
as-path-ignore
Syntax
as-path-ignore [ipv4] [label-ipv4] [ vpn-ipv4] [ipv6] [ label-ipv6] [vpn-ipv6] [mcast-ipv4] [mcast-ipv6] [ mvpn-ipv4] [mvpn-ipv6] [l2-vpn]
no as-path-ignore
Context
[Tree] (config>router>bgp>best-path-selection as-path-ignore)
Full Context
configure router bgp best-path-selection as-path-ignore
Description
This command configures whether AS path length is considered in the selection of the best BGP route for a prefix.
If an address family is listed in this command, then the length of AS paths is not a factor in the route selection process for routes of that address family.
The no form of this command removes the parameter from the configuration.
Default
no as-path-ignore
Parameters
- ipv4
-
Specifies that the AS-path length will be ignored for all unlabeled unicast IPv4 routes.
- label-ipv4
-
Specifies that the AS-path length will be ignored for all labeled-unicast IPv4 routes.
- vpn-ipv4
-
Specifies that the length AS-path will be ignored for all VPN IPv4 (SAFI 128) routes.
- ipv6
-
Specifies that the AS-path length will be ignored for all unlabeled unicast IPv6 routes.
- label-ipv6
-
Specifies that the AS-path length will be ignored for all labeled-unicast IPv6 routes.
- vpn-ipv6
-
Specifies that the AS-path length will be ignored for all VPN IPv6 (SAFI 128) routes.
- mcast-ipv4
-
Specifies that the AS-path length will be ignored for all IPv4 multicast routes.
- mcast-ipv6
-
Specifies that the AS-path length will be ignored for all IPv6 multicast routes.
- mvpn-ipv4
-
Specifies that the AS-path length will be ignored for all IPv4 MVPN routes.
- mvpn-ipv6
-
Specifies that the AS-path length will be ignored for all IPv6 MVPN routes.
- l2-vpn
-
Specifies that the AS-path length will be ignored for all L2-VPN NLRIs.
Platforms
All
as-path-length
as-path-length
Syntax
as-path-length length [equal | or-higher | or-lower] [unique]
no as-path-length
Context
[Tree] (config>router>policy-options>policy-statement>entry>from as-path-length)
Full Context
configure router policy-options policy-statement entry from as-path-length
Description
This command matches BGP routes based on their AS path length (the number of AS numbers in the AS_PATH).
If no comparison qualifiers are present (equal, or-higher, or-lower), then equal is the implied default.
Confederation member AS numbers in the AS_PATH do not count towards the total. An AS_SET element is considered to have a length of 1.
The unique option counts.
A non-BGP route does not match a policy entry if it contains the as-path-length command.
Default
no as-path-length
Parameters
- length
-
Specifies the length of the AS path.
- equal
-
Specifies that matched routes should have the same number of AS path elements as the value specified.
- or-higher
-
Specifies that matched routes should have the same or a greater number of AS path elements as the value specified.
- or-lower
-
Specifies that matched routes should have the same or a lower number of AS path elements as the value specified.
- unique
-
Specifies that only the unique AS numbers should be counted (that is, multiple occurrences of the same AS number in the sequence count as one).
Platforms
All
as-path-prepend
as-path-prepend
Syntax
as-path-prepend as-path [repeat]
as-path-prepend most-recent [repeat]
no as-path-prepend
Context
[Tree] (config>router>policy-options>policy-statement>entry>action as-path-prepend)
[Tree] (config>router>policy-options>policy-statement>default-action as-path-prepend)
Full Context
configure router policy-options policy-statement entry action as-path-prepend
configure router policy-options policy-statement default-action as-path-prepend
Description
The command prepends a BGP AS number once or numerous times to the AS path attribute of routes matching the route policy statement entry.
If an AS number is not configured, the AS path is not changed.
If the optional number is specified, then the AS number is prepended as many times as indicated by the number.
The no form of this command disables the AS path prepend action from the route policy entry.
Default
no as-path-prepend
Parameters
- as-path
-
Specifies the AS number to prepend expressed as a decimal integer.
- repeat
-
Specifies the number of times to prepend the specified AS number expressed as a decimal integer.
- most-recent
-
Specifies that the most recent AS number must be prepended to the AS-Path attribute of the route.
Platforms
All
asbr
asbr
Syntax
[no] asbr [trace-path domain-id]
no asbr
[no] asbr
Context
[Tree] (config>router>ospf3 asbr)
[Tree] (config>router>ospf asbr)
Full Context
configure router ospf3 asbr
configure router ospf asbr
Description
This command configures the router as an Autonomous System Boundary Router (ASBR) if the router is to be used to export routes from the Routing Table Manager (RTM) into this instance of OSPF. After a router is configured as an ASBR, the export policies into this OSPF domain take effect. If no policies are configured, no external routes are redistributed into the OSPF domain.
The no form of this command removes the ASBR status and withdraws the routes redistributed from the Routing Table Manager into this instance of OSPF from the link state database.
When configuring multiple instances of OSPF, there is a risk of loops because networks are advertised by multiple domains configured with multiple interconnections to one another. To prevent this from happening, all routers in a domain should be configured with the same domain ID. Each domain (OSPF-instance) should be assigned a specific bit value in the 32-bit tag mask.
When an external route is originated by an ASBR using an internal OSPF route in a given domain, the corresponding bit is set in the AS-external LSA. As the route gets redistributed from one domain to another, more bits are set in the tag mask, each corresponding to the OSPF domain the route visited. Route redistribution looping is prevented by checking the corresponding bit as part of the export policy; if the bit corresponding to the announcing OSPF process is already set, the route is not exported there.
Domain IDs are incompatible with any other use of normal tags. The domain ID should be configured with a value between 1 and 31 by each router in a given OSPF domain (OSPF Instance).
When an external route is originated by an ASBR using an internal OSPF route in a given domain, the corresponding (1-31) bit is set in the AS-external LSA.
As the route gets redistributed from one domain to another, more bits are set in the tag mask, each corresponding to the OSPF domain the route visited. Route redistribution looping is prevented by checking the corresponding bit as part of the export policy; if the bit corresponding to the announcing OSPF process is already set, the route is not exported there.
Default
no asbr
Parameters
- domain-id
-
Specifies the domain ID.
Platforms
All
assert
assert
Syntax
assert [group grp-ip-address] [source ip-address] [detail]
no assert
Context
[Tree] (debug>router>pim assert)
Full Context
debug router pim assert
Description
This command enables debugging for PIM assert mechanism.
The no form of this command disables PIM assert debugging.
Parameters
- grp-ip-address
-
Debugs information associated with the PIM assert mechanism.
- ip-address
-
Debugs information associated with the PIM assert mechanism.
- detail
-
Debugs detailed information on the PIM assert mechanism.
Platforms
All
assert-period
assert-period
Syntax
assert-period assert-period
no assert-period
Context
[Tree] (config>service>vprn>pim>if assert-period)
Full Context
configure service vprn pim interface assert-period
Description
This command configures the period in seconds for periodic refreshes of PIM Assert messages on an interface.
The no form of this command reverts to the default.
Default
assert-period 60
Parameters
- assert-period
-
Specifies the period, in seconds, for periodic refreshes of PIM Assert messages on an interface.
Platforms
All
assert-period
Syntax
assert-period assert-period
no assert-period
Context
[Tree] (config>router>pim>interface assert-period)
Full Context
configure router pim interface assert-period
Description
This command configures the period for periodic refreshes of PIM Assert messages on an interface.
The no form of this command removes the assert-period from the configuration.
Default
no assert-period
Parameters
- assert-period
-
Specifies the period, in seconds, for periodic refreshes of PIM Assert messages on an interface.
Platforms
All
assignment
assignment
Syntax
assignment {port port-id | card slot-number}
no assignment
Context
[Tree] (config>service>cust>multi-service-site assignment)
Full Context
configure service customer multi-service-site assignment
Description
This command assigns a multi-service customer site to a specific chassis slot, port, or channel. This allows the system to allocate the resources necessary to create the virtual schedulers defined in the ingress and egress scheduler policies as they are specified. This also verifies that each SAP assigned to the site exists within the context of the proper customer ID and that the SAP was configured on the proper slot, port, or channel. The assignment must be given prior to any SAP associations with the site.
The no form of this command removes the port, channel, or slot assignment. If the customer site has not yet been assigned, the command has no effect and returns without any warnings or messages.
Default
no assignment
Parameters
- port-id
-
Assigns the multi-service customer site to the port-id or port-id.channel-id given. When the multi-service customer site is assigned to a specific port or channel, all SAPs associated with this customer site must be on a service owned by the customer and created on the defined port or channel. The defined port or channel must already have been pre-provisioned on the system but need not be installed when the customer site assignment is made.
Syntax: port-id[:encap-val]
- slot-number
-
Assigns the multi-service customer site to the slot-number given. When the multi-service customer site is assigned to a specific slot in the chassis, all SAPs associated with this customer site must be on a service owned by the customer and created on the defined chassis slot. The defined slot must already be pre-provisioned on the system but need not be installed when the customer site assignment is made.
- fpe-id
-
Specifies the multi-service-site (MSS) assignment to an FPE object for the purpose of controlling aggregated bandwidth across a set of PW SAPs.
Platforms
All
assignment-id
assignment-id
Syntax
assignment-id assignment-id
Context
[Tree] (debug>router>l2tp assignment-id)
Full Context
debug router l2tp assignment-id
Description
This command enables and configures debugging for the L2TP tunnel with a given assignment ID.
Parameters
- assignment-id
-
Specifies a string that distinguishes this L2TP tunnel, up to 63 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
assisted-replication
assisted-replication
Syntax
assisted-replication {replicator | leaf} [replicator-activation-time seconds]
no assisted-replication
Context
[Tree] (config>service>vpls>vxlan assisted-replication)
Full Context
configure service vpls vxlan assisted-replication
Description
This command enables the Assisted Replication (AR) function for VXLAN tunnels in the service. The execution of this command triggers the BGP EVPN to send an update containing the inclusive multicast route for the service and the AR type=AR Replicator (AR-R) or AR Leaf (AR-L).
The Replicators switch the VXLAN traffic back to VXLAN destinations when the IP destination address matches their own AR-IP address. Leaf nodes select a Replicator node and send all the Broadcast or Multicast frames to it so that the Replicator can replicate the traffic on their behalf.
Enabling or disabling the AR function, or changing the role between the replicator and leaf requires the BGP EVPN MPLS to be shutdown.
If the leaf parameter is configured, the system creates a Broadcast or Multicast (BM) destination to the selected AR-R and Unknown Unicast (U) destinations to the rest of the VTEPs. If no replicator exists, the leaf creates BUM bindings to all the VTEPs.
If the replicator parameter is configured, the system will create BUM destinations to the remote leafs, Regular Network Virtualization Edge routers (RNVE), and other AR-Rs. The system will perform assisted replication for traffic from known VTEPs only (that is, where the routes have been received and programmed toward a VTEP).
The no version of this command removes the AR function from the service.
Default
no assisted-replication
Parameters
- replicator-activation-time seconds
-
Optional parameter that can be added to the leaf parameter. It specifies the wait time before the leaf can begin sending traffic to a new replicator and is used to allow some time for the replicator to learn about the leaf.
- replicator | leaf
-
Selects the AR role of the router for the service.
Platforms
All
assisted-replication-ip
assisted-replication-ip
Syntax
assisted-replication-ip ip-address
no assisted-replication-ip
Context
[Tree] (config>service>system>vxlan assisted-replication-ip)
Full Context
configure service system vxlan assisted-replication-ip
Description
The assisted-replication-ip (AR-IP) command defines the IP address that supports the AR-R function in the router. The AR-IP address must also be defined as a loopback address in the base router and advertised in the IGP/BGP so that it is accessible to the remote NVE/PEs in the Overlay network.
If the AR-R function is enabled in a service, the Broadcast and Multicast frames encapsulated in VXLAN packets arriving at the router are replicated to the other VXLAN destinations within the service (except the destination pointing at the originator of the packet).
The no version of this command removes the AR IP address.
Default
no assisted-replication-ip
Parameters
- ip-address
-
Specifies the assisted replication IP address.
Platforms
All
assistive-address-resolution
assistive-address-resolution
Syntax
[no] assistive-address-resolution
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext assistive-address-resolution)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext assistive-address-resolution)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext assistive-address-resolution
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext assistive-address-resolution
Description
This command enables assistive address resolution (AAR) for HLE services.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
association
association
Syntax
association name
no association
Context
[Tree] (config>service>vpls>sap>pfcp association)
Full Context
configure service vpls sap pfcp association
Description
This command links this capture SAP to a PFCP association. This command enables CUPS for this capture SAP and makes any trigger packets eligible for forwarding to the BNG CUPS CPF.
The no form of this command disables CUPS for this capture SAP.
Parameters
- name
-
Specifies the name of the association, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
association
Syntax
association ma-index [format {format}] name ma-name [admin-name admin-name]
association ma-index
no association ma-index
Context
[Tree] (config>eth-cfm>domain association)
Full Context
configure eth-cfm domain association
Description
This command configures the Maintenance Association (MA) for the domain.
Parameters
- ma-index
-
Specifies the MA index value.
- format
-
Specifies a value that represents the type (format).
- ma-name
-
Specifies the part of the maintenance association identifier which is unique within the maintenance domain name.
- admin-name admin-name
-
Specifies a creation time required parameter that allows the operator to assign a name value to the domain container. This is used for information and migration purposes. This value cannot be modified without destroying the domain. If no admin-name exists, the configured md-index value will be converted into a character string to become the admin-name reference. When upgrading from a release that does not include the admin-name configuration option, the md-index will be converted into a character string. Once a value is assigned to this admin-name value it cannot be modified.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
association-id
association-id
Syntax
association-id association-id
no association-id
Context
[Tree] (config>router>pcep>pcc>pce-assoc>div association-id)
Full Context
configure router pcep pcc pce-associations diversity association-id
Description
This command configures the diversity association ID. The user must specify an association ID.
The no form of the command removes the association ID from the diversity association.
Default
no association-id
Parameters
- association-id
-
Specifies the diversity association ID.
Platforms
All
association-id
Syntax
association-id association-id
no association-id
Context
[Tree] (config>router>pcep>pcc>pce-assoc>plcy association-id)
Full Context
configure router pcep pcc pce-associations policy association-id
Description
This command configures the policy association ID. The user must specify an association ID.
The no form of the command removes the association ID from the policy association.
Default
no association-id
Parameters
- association-id
-
Specifies the policy association ID.
Platforms
All
association-source
association-source
Syntax
association-source ip-address
no association-source
Context
[Tree] (config>router>pcep>pcc>pce-assoc>div association-source)
Full Context
configure router pcep pcc pce-associations diversity association-source
Description
This command configures the source IP address of the diversity association.
The no form of the command removes the IP address from the diversity association.
Default
no association-source
Parameters
- ip-address
-
Specifies the source IP address.
Platforms
All
association-source
Syntax
association-source ip-address
no association-source
Context
[Tree] (config>router>pcep>pcc>pce-assoc>plcy association-source)
Full Context
configure router pcep pcc pce-associations policy association-source
Description
This command configures the source IP address of the policy association.
The no form of the command removes IP address from the policy association.
Default
no association-source
Parameters
- ip-address
-
Specifies the source IP address.
Platforms
All
async-mapping
async-mapping
Syntax
[no] async-mapping
Context
[Tree] (config>port>otu async-mapping)
Full Context
configure port otu async-mapping
Description
This command allows the user to configure the port to support asynchronous mapping of the payload inside the OTU. If the port is configured for async-mapping and the payload clock is asynchronous to the OTU clock, there will be positive or negative pointer justification that will show up in the OTU statistics and the data will be received error free. If the port is configured for synchronous mapping and the received data is asynchronously mapped, there will be errors in the received data.
async-mapping is the only mode of operation that is supported on the OTU3 encapsulated 40-Gigabit Ethernet and therefore the 'no async-mapping' is not supported on that port type and the default on the is async-mapping.
The no form of this command configures the port to receive synchronously mapped data.
Default
no async-mapping
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
asynchronous-execution
asynchronous-execution
Syntax
asynchronous-execution seconds
asynchronous-execution never
Context
[Tree] (config>system>management-interface>ops>global-timeout asynchronous-execution)
Full Context
configure system management-interface operations global-timeouts asynchronous-execution
Description
This command configures the period of time that operations launched as "asynchronous” are allowed to execute before being automatically stopped by the SR OS.
An asynchronous operation is not deleted from the system when it is stopped. See the asynchronous-retention command.
If a specific execution timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies.
This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter).
Default
asynchronous-execution 3600
Parameters
- seconds
-
Specifies the period of time, in seconds, that asynchronous operations are allowed to execute.
- never
-
Keyword to specify that an execution timeout is not applied to asynchronous operations.
Platforms
All
asynchronous-retention
asynchronous-retention
Syntax
asynchronous-retention seconds
asynchronous-retention never
Context
[Tree] (config>system>management-interface>ops>global-timeout asynchronous-retention)
Full Context
configure system management-interface operations global-timeouts asynchronous-retention
Description
This command configures the period of time that data related to operations launched as "asynchronous” is retained in the system. After the retention timeout expires, all information related to the operation is deleted, including any status information and result data.
If a specific retention timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies.
Default
asynchronous-retention 86400
Parameters
- seconds
-
Specifies the period of time, in seconds, that data related to asynchronous operations is retained in the system.
- never
-
Keyword to specify that data related to asynchronous operations will persist in memory until explicitly deleted.
Platforms
All
attempts
attempts
Syntax
attempts count [time minutes1 [lockout minutes2]
no attempts
Context
[Tree] (config>system>security>password attempts)
Full Context
configure system security password attempts
Description
This command configures a threshold value of unsuccessful login attempts allowed in a specified time frame.
If the threshold is exceeded, the user is locked out for a specified time period.
If multiple attempts commands are entered, each command overwrites the previously entered command.
The no attempts command resets all values to default.
This command applies to a local user, in addition to users on RADIUS, TACACS, and LDAP.
Default
attempts 3 time 5 lockout 10
Parameters
- count
-
Specifies the number of unsuccessful login attempts allowed for the specified time. This is a mandatory value that must be explicitly entered.
- minutes
-
Specifies the period of time, in minutes, that a specified number of unsuccessful attempts can be made before the user is locked out.
- minutes
-
Specifies the lockout period, in minutes, during which the user is not allowed to login.
Platforms
All
attempts
Syntax
attempts [count] [time minutes1] [lockout minutes2]
no attempts
Context
[Tree] (config>system>security>snmp attempts)
Full Context
configure system security snmp attempts
Description
This command configures a threshold value of unsuccessful SNMPv2 or SNMPv3 connection attempts allowed in a specified time frame. The command parameters are used to counter denial of service (DoS) attacks through SNMP.
If the threshold is exceeded, the host is locked out for the lockout time period.
The no form of the command restores the default values.
Default
attempts 20 time 5 lockout 10
Parameters
- count
-
Specifies the number unsuccessful SNMP attempts allowed for the specified time.
- minutes1
-
Specifies period of time, in minutes, that a specified number of unsuccessful attempts can be made before the host is locked out.
- minutes2
-
Specifies the lockout period in minutes where the host is not allowed to login. When the host exceeds the attempted count times in the specified time, then that host is locked out from any further login attempts for the configured time period.
Platforms
All
attrib
attrib
Syntax
attrib [+r | -r] file-url
attrib
Context
[Tree] (file attrib)
Full Context
file attrib
Description
This command sets or clears/resets the read-only attribute for a file in the local file system. To list all files and their current attributes enter attrib or attrib x where x is either the filename or a wildcard (*).
When an attrib command is entered to list a specific file or all files in a directory, the file’s attributes are displayed with or without an "R” preceding the filename. The "R” implies that the +r is set and that the file is read-only. Files without the "R” designation implies that the -r is set and that the file is read-write-all. For example:
ALA-1>file cf3:\ # attrib
cf3:\bootlog.txt
cf3:\bof.cfg
cf3:\boot.ldr
cf3:\sr1.cfg
cf3:\test
cf3:\bootlog_prev.txt
cf3:\BOF.SAV
Parameters
- file-url
-
Specifies the URL for the local file.
- +r
-
Sets the read-only attribute on the specified file.
- -r
-
Clears/resets the read-only attribute on the specified file.
Platforms
All
attribute
attribute
Syntax
attribute [vendor vendor-id] attribute-type attribute-type
no attribute
Context
[Tree] (config>router>nat>inside>subscriber-identification attribute)
[Tree] (config>service>vprn>nat>inside>subscriber-identification attribute)
Full Context
configure router nat inside subscriber-identification attribute
configure service vprn nat inside subscriber-identification attribute
Description
This command defines the attribute that will in addition to framed-ip-address (inside IP address) and service-id be used for correlating BNG subscriber with the NAT subscriber.
Only a single attribute at the time can be configured. The attribute will be extracted from the BNG accounting start and/or interim-update messages via RADIUS accounting proxy server. This attribute can be then optionally passed to the Large Scale NAT44 accounting server. User-name attribute (if included) in Large Scale NAT44 accounting messages will be automatically set to the subscriber-id string.
The attribute parameter can be changed at any given time and the change will be reflected automatically when the next interim-update message from the BNG host is received by the RADIUS accounting proxy.
In case that the BNG accounting message in RADIUS accounting proxy does not contain this attribute, subscriber aware Large Scale NAT44 functionality for this particular subscriber will be disabled.
Default
attribute vendor "nokia" attribute-type "alc-sub-string"
Parameters
- vendor vendor-id
-
specifies the RADIUS vendor ID.
- attribute-type attribute-type
-
Specifies the RADIUS attribute to be used as subscriber. identifier
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
attribute-matching
attribute-matching
Syntax
attribute-matching
Context
[Tree] (config>service>vprn>radius-proxy>server attribute-matching)
[Tree] (config>router>radius-proxy>server attribute-matching)
Full Context
configure service vprn radius-proxy server attribute-matching
configure router radius-proxy server attribute-matching
Description
Commands in this context select the RADIUS policy for authentication and accounting based on the RADIUS attribute. This feature is supported for both the ESM RADIUS proxy and the ISA RADIUS proxy.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
attribute-table-high-wmark
attribute-table-high-wmark
Syntax
no attribute-table-high-wmark high-water-mark
no attribute-table-high-wmark
Context
[Tree] (config>service>vpls>mrp>mmrp attribute-table-high-wmark)
[Tree] (config>service>vpls>mrp>mvrp attribute-table-high-wmark)
Full Context
configure service vpls mrp mmrp attribute-table-high-wmark
configure service vpls mrp mvrp attribute-table-high-wmark
Description
This command specifies the percentage filling level of the MMRP attribute table where logs and traps are sent.
Default
attribute-table-high-wmark 95
Parameters
- high-water-mark
-
Specifies the utilization of the MRP attribute table of this service at which a table full alarm will be raised by the agent, as a percentage.
Platforms
All
attribute-table-low-wmark
attribute-table-low-wmark
Syntax
attribute-table-low-wmark low-water-mark
no attribute-table-low-wmark
Context
[Tree] (config>service>vpls>mrp>mvrp attribute-table-low-wmark)
[Tree] (config>service>vpls>mrp>mmrp attribute-table-low-wmark)
Full Context
configure service vpls mrp mvrp attribute-table-low-wmark
configure service vpls mrp mmrp attribute-table-low-wmark
Description
This command specifies the MMRP attribute table low watermark as a percentage. When the percentage filling level of the MMRP attribute table drops below the configured value, the corresponding trap is cleared and/or a log entry is added.
Default
attribute-table-low-wmark 90
Parameters
- low-water-mark
-
Specifies utilization of the MRP attribute table of this service at which a table full alarm will be cleared by the agent, as a percentage.
Platforms
All
attribute-table-size
attribute-table-size
Syntax
attribute-table-size max-attributes
no attribute-table-size
Context
[Tree] (config>service>vpls>mrp>mmrp attribute-table-size)
Full Context
configure service vpls mrp mmrp attribute-table-size
Description
This command controls the number of attributes accepted on a per B-VPLS basis. When the limit is reached, no new attributes will be registered.
If a new lower limit (smaller than the current number of attributes) from a local or dynamic I-VPLS is being provisioned, a CLI warning will be issued stating that the system is currently beyond the new limit. The value will be accepted, but any creation of new attributes will be blocked under the attribute count drops below the new limit; the software will then start enforcing the new limit.
Default
maximum number of attributes
Parameters
- value
-
The maximum number of attributes accepted per B-VPLS.
Platforms
All
attribute-table-size
Syntax
[no] attribute-table-size value
Context
[Tree] (config>service>vpls>mrp>mvrp attribute-table-size)
Full Context
configure service vpls mrp mvrp attribute-table-size
Description
This command controls the number of attributes accepted on a per M-VPLS basis. When the limit is reached, no new attributes will be registered.
If a new lower limit (smaller than the current number of attributes) is being provisioned, a CLI warning will be issued stating that the system is currently beyond the new limit. The value will be accepted, but any creation of new attributes will be blocked under the attribute count drops below the new limit; the software will then start enforcing the new limit.
Default
maximum number of attributes
Parameters
- value
-
Specifies the number of attributes accepted on a per M-VPLS basis
Platforms
All
audio-template
audio-template
Syntax
audio-template
Context
[Tree] (config>app-assure>group>cflowd>rtp-perf audio-template)
Full Context
configure application-assurance group cflowd rtp-performance audio-template
Description
Commands in this context configure the audio template for cflowd fields.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
augment-route-table
augment-route-table
Syntax
[no] augment-route-table
Context
[Tree] (config>router>isis>loopfree-alternates augment-route-table)
Full Context
configure router isis loopfree-alternates augment-route-table
Description
This command enables IS-IS to attach Remote LFA specific information to RTM entries for use by other protocols. This command requires configure router isis lfa remote-lfa to be enabled. Currently only LDP makes use of this additional information.
The no form of this command disables IS-IS to attach Remote LFA specific information to RTM entries for use by other protocols.
Platforms
All
augment-route-table
Syntax
[no] augment-route-table
Context
[Tree] (config>router>ospf>loopfree-alternates augment-route-table)
Full Context
configure router ospf loopfree-alternates augment-route-table
Description
This command enables OSPF to attach Remote LFA (rLFA) information to RTM entries for use by other protocols. Before this command is configured, the configure router ospf lfa remote-lfa command, must be enabled on the system. Currently, only LDP makes use of this additional information.
The no form of this command disables the attachment of rLFA-specific information to RTM entries for use by other protocols.
Default
no augment-route-table
Platforms
All
auth
auth
Syntax
[no] auth
Context
[Tree] (debug>router>rsvp>event auth)
Full Context
debug router rsvp event auth
Description
This command debugs auth events.
The no form of the command disables the debugging.
Platforms
All
auth
Syntax
[no] auth [neighbor ip-int-name | ip-address]
Context
[Tree] (debug>router>rip auth)
Full Context
debug router rip auth
Description
This command enables debugging for RIP authentication.
Parameters
- ip-int-name | ip-address
-
Debugs the RIP authentication for the neighbor IP address or interface.
Platforms
All
auth-domain-name
auth-domain-name
Syntax
auth-domain-name domain-name
no auth-domain-name
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host auth-domain-name)
Full Context
configure subscriber-mgmt local-user-db ipoe host auth-domain-name
Description
This command sets the domain name which can be appended to user-name in RADIUS-authentication-request message for the given host.
The no form of this command removes the domain name from the host configuration.
Parameters
- domain-name
-
Specifies the domain name, up to 32 characters, to be appended to user-name in RADIUS-authentication-request message for the given host.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auth-include-attributes
auth-include-attributes
Syntax
[no] auth-include-attributes
Context
[Tree] (config>aaa>isa-radius-plcy auth-include-attributes)
Full Context
configure aaa isa-radius-policy auth-include-attributes
Description
This command configures attributes to be included in RADIUS authentication messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
auth-keychain
auth-keychain
Syntax
auth-keychain name
no auth-keychain
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy auth-keychain)
Full Context
configure subscriber-mgmt bgp-peering-policy auth-keychain
Description
This command configures the BGP authentication key for all peers.
The keychain allows the rollover of authentication keys during the lifetime of a session.
The no form of this command reverts to the default.
Parameters
- name
-
Specifies the name of an existing keychain, up to 32 characters, to use for the specified TCP session or sessions.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>service>vprn>bgp>group>neighbor auth-keychain)
[Tree] (config>service>vprn>bgp auth-keychain)
[Tree] (config>service>vprn>bgp>group auth-keychain)
Full Context
configure service vprn bgp group neighbor auth-keychain
configure service vprn bgp auth-keychain
configure service vprn bgp group auth-keychain
Description
This command configures the BGP authentication key for all peers.
The keychain allows the rollover of authentication keys during the lifetime of a session.
Default
no auth-keychain
Parameters
- name
-
Specifies the name of an existing keychain, up to 32 characters, to use for the specified TCP session or sessions.
Platforms
All
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>service>vprn>isis auth-keychain)
[Tree] (config>service>vprn>isis>level auth-keychain)
Full Context
configure service vprn isis auth-keychain
configure service vprn isis level auth-keychain
Description
This command configures an authentication keychain to use for the protocol interface for the VPRN instance. The keychain allows the rollover of authentication keys during the lifetime of a session.
Default
no auth-keychain
Parameters
- name
-
Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.
Platforms
All
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>router>isis>level auth-keychain)
[Tree] (config>router>isis auth-keychain)
Full Context
configure router isis level auth-keychain
configure router isis auth-keychain
Description
This command configures an authentication keychain to use for the protocol interface. The keychain allows the rollover of authentication keys during the lifetime of a session.
Parameters
- name
-
Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.
Platforms
All
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>service>vprn>ospf>area>virtual-link auth-keychain)
[Tree] (config>service>vprn>ospf>area>if auth-keychain)
[Tree] (config>service>vprn>ospf>area>sham-link auth-keychain)
Full Context
configure service vprn ospf area virtual-link auth-keychain
configure service vprn ospf area interface auth-keychain
configure service vprn ospf area sham-link auth-keychain
Description
This command enables the authentication keychain.
Parameters
- name
-
Specifies the name of the authentication keychain, up to 32 characters.
Platforms
All
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>router>ldp>tcp-session-params auth-keychain)
[Tree] (config>router>ldp>tcp-session-params>peer-transport auth-keychain)
Full Context
configure router ldp tcp-session-parameters auth-keychain
configure router ldp tcp-session-parameters peer-transport auth-keychain
Description
This command configures the TCP authentication keychain to use for the TCP session. The per-peer authentication configuration takes precedence over the global authentication configuration.
Parameters
- name
-
Specifies the name of the keychain, up to 32 characters. This keychain is used for the specified TCP session or sessions, and allows the rollover of authentication keys during the lifetime of a session. The peer address used must be the TCP session transport address.
Platforms
All
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>router>rsvp>interface auth-keychain)
Full Context
configure router rsvp interface auth-keychain
Description
This command configures an authentication keychain to use for authentication of protocol messages sent and received over the associated interface. The keychain must include a valid entry to properly authenticate protocol messages, including a key, specification of a supported authentication algorithm, and beginning time. Each entry may also include additional options to control the overall lifetime of each entry to allow for the seamless rollover of without affecting the protocol adjacencies.
The no form of the auth-keychain command removes the association between the routing protocol and any keychain currently used.
Default
no auth-keychain
Parameters
- name
-
Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.
Platforms
All
auth-keychain
Syntax
auth-keychain name
Context
[Tree] (config>router>bgp>group>neighbor auth-keychain)
[Tree] (config>router>bgp>group auth-keychain)
[Tree] (config>router>bgp auth-keychain)
Full Context
configure router bgp group neighbor auth-keychain
configure router bgp group auth-keychain
configure router bgp auth-keychain
Description
This command configures a TCP authentication keychain to use for the session. The keychain allows the rollover of authentication keys during the lifetime of a session.
Default
no auth-keychain
Parameters
- name
-
Specifies the name of the keychain, up to 32 characters, to use for the specified TCP session or sessions.
Platforms
All
auth-keychain
Syntax
auth-keychain
Context
[Tree] (config>router>ospf>area>interface auth-keychain)
[Tree] (config>router>ospf>area>virtual-link auth-keychain)
Full Context
configure router ospf area interface auth-keychain
configure router ospf area virtual-link auth-keychain
Description
This command configures an authentication keychain to use for the protocol interface. The keychain allows the rollover of authentication keys during the lifetime of a session.
The no form of this command removes the association to a previously specified keychain.
Default
no auth-keychain
Parameters
- name
-
Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.
Platforms
All
auth-method
auth-method
Syntax
auth-method {psk | plain-psk-xauth | cert-auth | psk-radius | cert-radius | eap | auto-eap-radius | auto-eap}
no auth-method
Context
[Tree] (config>ipsec>ike-policy auth-method)
Full Context
configure ipsec ike-policy auth-method
Description
This command specifies the authentication method used with this IKE policy.
The no form of this command removes the parameter from the configuration.
Default
no auth-method
Parameters
- psk
-
Both client and gateway authenticate each other by a hash derived from a pre-shared secret. Both client and gateway must have the PSK. This work with both IKEv1 and IKEv2
- plain-psk-xauth
-
Both client and gateway authenticate each other by pre-shared key and RADIUS. This work with IKEv1 only.
- psk-radius
-
Use the pre-shared-key and RADIUS to authenticate. IKEv2 remote-access tunnel only.
- cert-radius
-
Use the certificate, public/private key and RADIUS to authenticate. IKEv2 remote-access tunnel only.
- eap
-
Use the EAP to authenticate peer. IKEv2 remote-access tunnel only
- auto-eap-radius
-
Use EAP or potentially other method to authenticate the peer. IKEv2 remote-access tunnel only. Also see config>ipsec>ike-policy auto-eap-method and config>ipsec>ike-policy auto-eap-own-method.
- auto-eap
-
Use the EAP or potentially other RADIUS-related method to authenticate the peer. IKEv2 remote-access tunnel only. Also see config>ipsec>ike-policy auto-eap-method and config>ipsec>ike-policy auto-eap-own-method.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
auth-policy
auth-policy
Syntax
auth-policy policy-name
no auth-policy
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host auth-policy)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host auth-policy)
Full Context
configure subscriber-mgmt local-user-db ipoe host auth-policy
configure subscriber-mgmt local-user-db ppp host auth-policy
Description
This command configures the authentication policy of this host and PPPoE hosts. This authentication policy is only used if no authentication policy is defined at the interface level. For DHCP hosts, the host entry should not contain any other information needed for setup of the host (IP address, ESM strings, and so on.). For PPPoE hosts, the authentication policy configured here must have its PPPoE authentication method set to pap-chap, otherwise the request is dropped.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies the authentication policy name, up to 32 characters
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auth-port
auth-port
Syntax
auth-port port
no auth-port
Context
[Tree] (config>service>vprn>radius-server>server auth-port)
[Tree] (config>router>radius-server>server auth-port)
Full Context
configure service vprn radius-server server auth-port
configure router radius-server server auth-port
Description
This command specifies the UDP listening port for RADIUS authentication requests.
The no form of this commands resets the UDP port to its default value (1812)
Default
auth-port 1812
Parameters
- port
-
Specifies the UDP listening port for accounting requests of the external RADIUS server.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auth-request-script-policy
auth-request-script-policy
Syntax
auth-request-script-policy policy-name
no auth-request-script-policy
Context
[Tree] (config>aaa>radius-srv-plcy auth-request-script-policy)
Full Context
configure aaa radius-server-policy auth-request-script-policy
Description
This command specifies the name of the RADIUS script policy used to change the RADIUS attributes of the Access-Request messages.
Parameters
- policy-name
-
Specifies the name of the Python script to modify Access-Request messages, up to 32 characters
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authenticate
authenticate
Syntax
[no] authenticate
Context
[Tree] (config>service>vprn>ntp authenticate)
Full Context
configure service vprn ntp authenticate
Description
This command enables authentication for the NTP server.
Platforms
All
authenticate-client
authenticate-client
Syntax
authenticate-client
Context
[Tree] (config>system>security>tls>server-tls-profile authenticate-client)
Full Context
configure system security tls server-tls-profile authenticate-client
Description
Commands in this context configure client authentication parameters.
Platforms
All
authenticate-on-dhcp
authenticate-on-dhcp
Syntax
[no] authenticate-on-dhcp
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range authenticate-on-dhcp)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range authenticate-on-dhcp)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range authenticate-on-dhcp
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range authenticate-on-dhcp
Description
This command enables initial authentication (when there is no state for the UE on the ISA), to be triggered by DHCP DISCOVER or REQUEST. The default behavior is authentication based on first Layer 3 packet.
The no form of this command reverts to the default.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
authenticated-brg-only
authenticated-brg-only
Syntax
[no] authenticated-brg-only
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>brg authenticated-brg-only)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>vrgw>brg authenticated-brg-only)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>vrgw>brg authenticated-brg-only)
[Tree] (config>service>ies>sub-if>grp-if>brg authenticated-brg-only)
[Tree] (config>service>vprn>sub-if>grp-if>brg authenticated-brg-only)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>brg authenticated-brg-only)
Full Context
configure service ies subscriber-interface group-interface wlan-gw ranges range brg authenticated-brg-only
configure service ies subscriber-interface group-interface wlan-gw vlan-ranges range vrgw brg authenticated-brg-only
configure service vprn subscriber-interface group-interface wlan-gw vlan-ranges range vrgw brg authenticated-brg-only
configure service ies subscriber-interface group-interface brg authenticated-brg-only
configure service vprn subscriber-interface group-interface brg authenticated-brg-only
configure service vprn subscriber-interface group-interface wlan-gw ranges range brg authenticated-brg-only
Description
This command indicates that only BRGs that are pre-authenticated using the RADIUS proxy are allowed in this context.
The no form of this command removes the restriction.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication
authentication
Syntax
authentication {chap | pap | pref-chap | prep-pap}
Context
[Tree] (config>router>l2tp>group>ppp authentication)
[Tree] (config>router>l2tp>group>tunnel>ppp authentication)
[Tree] (config>service>vprn>l2tp>group>tunnel>ppp authentication)
[Tree] (config>service>vprn>l2tp>group>ppp authentication)
Full Context
configure router l2tp group ppp authentication
configure router l2tp group tunnel ppp authentication
configure service vprn l2tp group tunnel ppp authentication
configure service vprn l2tp group ppp authentication
Description
This command configures the PPP authentication protocol to negotiate authentication.
Default
authentication pref-chap
Parameters
- chap
-
Specifies to always use CHAP for authentication.
- pap
-
Specifies to always use PAP for authentication.
- pref-chap
-
Specifies to use CHAP as the preferred authentication method, and to use PAP if that attempt fails.
- pref-pap
-
Specifies to use PAP as the preferred authentication method, and to use CHAP if that attempt fails.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication
Syntax
authentication
Context
[Tree] (config>service>dynsvc>policy authentication)
Full Context
configure service dynamic-services dynamic-services-policy authentication
Description
Commands in this context configure authentication parameters for data-triggered dynamic services.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication
Syntax
authentication [policy policy-name] [mac-addr ieee-address] [circuit-id circuit-id]
Context
[Tree] (debug>subscr-mgmt authentication)
Full Context
debug subscriber-mgmt authentication
Description
This command debugs subscriber authentication.
Parameters
- policy-name
-
Specifies an existing subscriber management authentication policy name.
- ieee-address
-
Specifies the 48-bit MAC address xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
- circuit-id
-
Specify the circuit-id, up to 256 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication
Syntax
authentication
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range authentication)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range authentication)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range authentication
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range authentication
Description
Commands in this context create configuration for authenticating a user from the WLAN-GW ISA.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
authentication
Syntax
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
no authentication
Context
[Tree] (config>service>vprn>ospf3>area>virtual-link authentication)
[Tree] (config>service>vprn>ospf3>area>if authentication)
Full Context
configure service vprn ospf3 area virtual-link authentication
configure service vprn ospf3 area interface authentication
Description
This command configures OPSFv3 confidentiality authentication.
The no form of this command removes the SA name from the configuration.
Parameters
- bidirectional sa-name
-
Specifies the IPsec security association name in case the OSPFv3 traffic on the interface has to be authenticated.
- inbound sa-name
-
Specifies the IPsec security association name in case the OSPFv3 traffic on the interface has to be authenticated.
- outbound sa-name
-
Specifies the IPsec security association name in case the OSPFv3 traffic on the interface has to be authenticated.
Platforms
All
authentication
Syntax
authentication ascii-algorithm ascii-key ascii-string [hash | hash2 | custom]
authentication auth-algorithm hex-key hex-string [hash | hash2 | custom]
no authentication
Context
[Tree] (config>ipsec>static-sa authentication)
Full Context
configure ipsec static-sa authentication
Description
This command configures the authentication algorithm to use for an IPsec manual SA.
Default
no authentication
Parameters
- auth-algorithm
-
Specifies the authentication algorithm to be used.
- ascii-string
-
Specifies an ASCII key; 16 characters for md5 and 20 characters for sha1.
- hex-string
-
Specifies a HEX key; 32 hex nibbles for md5 and 40 hex nibbles for sha1.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication
Syntax
authentication [port udp-port]
no authentication
Context
[Tree] (config>aaa>isa-radius-plcy>servers>server authentication)
Full Context
configure aaa isa-radius-policy servers server authentication
Description
This command configures authentication for this server.
Default
no authentication
Parameters
- udp-port
-
Specifies the UDP port number on which to contact the RADIUS server for authentication.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
authentication
Syntax
[no] authentication
Context
[Tree] (config>li>x-interfaces>lics>lic authentication)
Full Context
configure li x-interfaces lics lic authentication
Description
This command configures the parameters for authentication of INE and LIC on the X1 and X2 interfaces.
The no form of this command removes the configured parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
authentication
Syntax
authentication none
authentication authentication-protocol authentication-key [privacy-none] [hash | hash2 | custom]
authentication authentication-protocol authentication-key privacy privacy-protocol privacy-key [hash | hash2 | custom]
no authentication
Context
[Tree] (config>system>security>user>snmp authentication)
Full Context
configure system security user snmp authentication
Description
This command configures the SNMPv3 authentication and privacy protocols for the user to communicate with the router. The keys are stored in an encrypted format in the configuration.
The keys configured with these commands must be localized keys, which are a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate localized authentication and privacy keys.
Default
authentication none
Parameters
- none
-
Keyword to specify that no authentication protocol is used. If none is specified, privacy cannot be configured.
- authentication-protocol
-
Specifies the SNMPv3 authentication protocol.
- authentication-key
-
Specifies the localized authentication key, which is entered as a hexadecimal string; the character length depends on the specified authentication protocol. The following table lists the authentication protocol key lengths.
Table 4. Authentication protocol key lengths Authentication protocol
Character lengths
HMAC-MD5-96
32
HMAC-SHA-96
40
HMAC-SHA-224
56
HMAC-SHA-256 64
HMAC-SHA-384
96
HMAC-SHA-512
128
- privacy-none
-
Keyword to specify that a privacy protocol is not used in the communication.
- privacy-protocol
-
Specifies the SNMPv3 privacy protocol.
- privacy-key
-
Specifies the localized privacy key, which is entered as a hexadecimal string; the character length depends on the specified privacy protocol. The following table lists the privacy protocol key lengths.
Table 5. Privacy protocol key lengths Privacy protocol Character length
CBC-DES
32
CFB128-AES-128
32
CFB128-AES-192
48
CFB128-AES-256
64
- hash
-
Keyword that specifies the key is entered in an encrypted form. If the hash or hash2 keyword is not specified, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Keyword that specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone; that is, the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 keyword is not specified, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Keyword that specifies the custom encryption to the management interface.
Platforms
All
authentication
Syntax
authentication bidirectional sa-name
authentication [inbound sa-name outbound sa-name]
no authentication
Context
[Tree] (config>router>ospf3>area>interface authentication)
[Tree] (config>router>ospf3>area>virtual-link authentication)
Full Context
configure router ospf3 area interface authentication
configure router ospf3 area virtual-link authentication
Description
This command configures the password used by the OSPF3 interface or virtual-link to send and receive OSPF3 protocol packets on the interface when simple password authentication is configured.
All neighboring routers must use the same type of authentication and password for proper protocol communication.
By default, no authentication key is configured.
The no form of this command removes the authentication.
Default
no authentication
Parameters
- bidirectional sa-name
-
Specifies bidirectional OSPF3 authentication.
- inbound sa-name
-
Specifies the inbound security association (SA) name for OSPF3 authentication.
- outbound sa-name
-
Specifies the outbound SA name for OSPF3 authentication.
Platforms
All
authentication-check
authentication-check
Syntax
[no] authentication-check
Context
[Tree] (config>service>vprn>isis authentication-check)
Full Context
configure service vprn isis authentication-check
Description
This command sets an authentication check to reject PDUs that do not match the type or key requirements for the VPRN instance.
The default behavior when authentication is configured is to reject all IS-IS protocol PDUs that have a mismatch in either the authentication type or authentication key.
When no authentication-check is configured, authentication PDUs are generated and IS-IS PDUs are authenticated on receipt. However, mismatches cause an event to be generated and will not be rejected.
The no form of this command allows authentication mismatches to be accepted and generates a log event.
Default
authentication-check — Rejects authentication mismatches.
Platforms
All
authentication-check
Syntax
[no] authentication-check
Context
[Tree] (config>service>vprn>ntp authentication-check)
Full Context
configure service vprn ntp authentication-check
Description
This command provides the option to skip the rejection of NTP PDUs that do not match the authentication key-id, type or key requirements. The default behavior when authentication is configured is to reject all NTP protocol PDUs that have a mismatch in either the authentication key-id, type or key.
When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key-id, one for type, value mismatches. These counters are visible in a show command.
The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.
Default
authentication-check — Rejects authentication mismatches.
Platforms
All
authentication-check
Syntax
[no] authentication-check
Context
[Tree] (config>system>time>ntp authentication-check)
Full Context
configure system time ntp authentication-check
Description
This command provides the option to skip the rejection of NTP PDUs that do not match the authentication key-id, type or key requirements. The default behavior when authentication is configured is to reject all NTP protocol PDUs that have a mismatch in either the authentication key-id, type or key.
When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key-id, one for type, value mismatches. These counters are visible in a show command.
The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.
Default
authentication-check
Platforms
All
authentication-check
Syntax
[no] authentication-check
Context
[Tree] (config>router>isis authentication-check)
Full Context
configure router isis authentication-check
Description
This command sets an authentication check to reject PDUs that do not match the type or key requirements.
The default behavior when authentication is configured is to reject all IS-IS protocol PDUs that have a mismatch in either the authentication type or authentication key.
When no authentication-check is configured, authentication PDUs are generated and IS-IS PDUs are authenticated on receipt. However, mismatches cause an event to be generated and will not be rejected.
The no form of this command allows authentication mismatches to be accepted and generates a log event.
Default
authentication-check
Platforms
All
authentication-key
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy authentication-key)
Full Context
configure subscriber-mgmt bgp-peering-policy authentication-key
Description
This command configures the BGP authentication key.
The MD5 message-based digest is used to perform authentication between neighboring routers before setting up the BGP session by verifying the password. The authentication key can be any combination of letters or numbers from 1 to 16.
The no form of this command removes the authentication password from the configuration and effectively disables authentication.
Parameters
- authentication-key
-
Specifies an authentication key. The key can be up to 255 characters (unencrypted).
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 342 characters (encrypted).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to the management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>redundancy>multi-chassis>peer authentication-key)
Full Context
configure redundancy multi-chassis peer authentication-key
Description
This command configures the authentication key used between this node and the multi-chassis peer. The authentication key can be any combination of letters or numbers. The no form of the command removes the authentication key.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies the authentication key. Allowed values are any string up to 20 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 33 (hash1-key) or 55 (hash2-key) characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>subscr-mgmt>rip-policy authentication-key)
Full Context
configure subscriber-mgmt rip-policy authentication-key
Description
This command configures the BGP authentication key.
Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD5 message-based digest. The authentication key can be any combination of letters or numbers from 1 to 16.
The no form of this command removes the authentication password from the configuration and effectively disables authentication.
Default
Authentication is disabled and the authentication password is empty.
Parameters
- authentication-key
-
Specifies the authentication key. The key can be any combination of ASCII characters up to 255 characters (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 342 characters (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2| custom]
no authentication-key
Context
[Tree] (config>service>ies>if>vrrp authentication-key)
Full Context
configure service ies interface vrrp authentication-key
Description
The authentication-key command, within the vrrp virtual-router-id context, is used to assign a simple text password authentication key to generate master VRRP advertisement messages and validating received VRRP advertisement messages.
The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, the authentication-key command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.
To change the current in-use password key on multiple virtual router instances:
-
Identify the current master
-
Shutdown the virtual router instance on all backups
-
Execute the authentication-key command on the master to change the password key
-
Execute the authentication-key command and no shutdown command on each backup key
The no form of the command removes the authentication key.
Default
No default. The authentication data field contains the value 0 in all 16 octets.
Parameters
- authentication-key
-
The key parameter identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The key parameter is expressed as a string consisting up to eight alpha-numeric characters. Spaces must be contained in quotation marks (" ”). The quotation marks are not considered part of the string.
The string is case sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>service>vprn>bgp>group authentication-key)
[Tree] (config>service>vprn>bgp authentication-key)
[Tree] (config>service>vprn>bgp>group>neighbor authentication-key)
Full Context
configure service vprn bgp group authentication-key
configure service vprn bgp authentication-key
configure service vprn bgp group neighbor authentication-key
Description
This command configures the BGP authentication key.
Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD5 message-based digest. The authentication key can be any combination of letters or numbers from 1 to 16.
The no form of this command removes the authentication password from the configuration and effectively disables authentication.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies an authentication key. The key can be up to 255 characters (unencrypted).
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>service>vprn>if>vrrp authentication-key)
Full Context
configure service vprn interface vrrp authentication-key
Description
The authentication-key command, within the vrrp virtual-router-id context, is used to assign a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.
To change the current in-use password key on multiple virtual router instances:
-
Identify the current master
-
Shut down the virtual router instance on all backups
-
Execute the authentication-key command on the master to change the password key
-
Execute the authentication-key command and the no shutdown command on each backup key
The no form of this command restores the default null string to the value of key.
Parameters
- authentication-key
-
The key parameter identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The key parameter is expressed as a string consisting of up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( " ” ). The quotation marks are not considered part of the string.
The string is case sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”)
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>service>vprn>isis>level authentication-key)
[Tree] (config>service>vprn>isis authentication-key)
Full Context
configure service vprn isis level authentication-key
configure service vprn isis authentication-key
Description
This command sets the authentication key used to verify PDUs sent by neighboring routers on the interface for the VPRN instance.
Neighboring routers use passwords to authenticate PDUs sent from an interface. For authentication to work, both the authentication key and the authentication type on a segment must match. The OSPF Commands statement must also be included.
To configure authentication on the global level, configure this command in the config>router>isis context. When this parameter is configured on the global level, all PDUs are authenticated including the Hello PDU.
To override the global setting for a specific level, configure the authentication-key command in the config>router>isis>level context. When configured within the specific level, hello PDUs are not authenticated.
The no form of this command removes the authentication key.
Default
no authentication-key — No authentication key is configured.
Parameters
- authentication-key
-
The authentication key. The key can be any combination of ASCII characters up to 255 characters in length (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>service>vprn>msdp>peer authentication-key)
[Tree] (config>service>vprn>msdp>group>peer authentication-key)
Full Context
configure service vprn msdp peer authentication-key
configure service vprn msdp group peer authentication-key
Description
This command configures a Message Digest 5 (MD5) authentication key to be used with a specific Multicast Source Discovery Protocol (MSDP) peering session. The authentication key must be configured per peer as such no global or group configuration is possible.
The no form of this command removes the authentication key.
Default
no authentication-key (All MSDP messages are accepted and the MD5 signature option authentication key is disabled.)
Parameters
- authentication-key
-
Specifies the authentication key. Allowed values are any string up to 256 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), enclose the entire string in quotation marks (" ”).
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 451 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key key-id key key [hash | hash2 | custom] type {des | message-digest}
no authentication-key key-id
Context
[Tree] (config>service>vprn>ntp authentication-key)
Full Context
configure service vprn ntp authentication-key
Description
This command sets the authentication key-id, type and key used to authenticate NTP PDUs sent by the broadcast server function toward external clients or to authenticate NTP PDUs received from external unicast clients within the VPRN routing instance. For authentication to work, the authentication key-id, type, and key value must match.
The no form of this command removes the authentication key.
Parameters
- key-id
-
Configure the authentication key-id that will be used by the node when transmitting or receiving Network Time Protocol packets.
Entering the authentication-key command with a key-id value that matches an existing configuration key will result in overriding the existing entry.
Recipients of the NTP packets must have the same authentication key-id, type, and key value in order to use the data transmitted by this node. This is an optional parameter.
- key
-
The authentication key associated with the configured key-id, the value configured in this parameter is the actual value used by other network elements to authenticate the NTP packet.
The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (".”).
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
- type
-
This parameter determines if DES or message-digest authentication is used.
This is a required parameter; either DES or message-digest must be configured.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>service>vprn>ospf>area>sham-link authentication-key)
[Tree] (config>service>vprn>ospf>area>if authentication-key)
[Tree] (config>service>vprn>ospf>area>virtual-link authentication-key)
Full Context
configure service vprn ospf area sham-link authentication-key
configure service vprn ospf area interface authentication-key
configure service vprn ospf area virtual-link authentication-key
Description
This command configures the password used by the OSPF interface or virtual-link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.
This command is not valid in the OSPF3 context.
All neighboring routers must use the same type of authentication and password for proper protocol communication. If the authentication-type is configured as password, then this key must be configured.
By default, no authentication key is configured.
This command is not supported in the OSPF context.
The no form of this command removes the authentication key.
Default
no authentication-key — No authentication key is defined.
Parameters
- authentication-key
-
The authentication key. The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>service>vprn>rip>group authentication-key)
[Tree] (config>service>vprn>rip authentication-key)
[Tree] (config>service>vprn>rip>group>neighbor authentication-key)
Full Context
configure service vprn rip group authentication-key
configure service vprn rip authentication-key
configure service vprn rip group neighbor authentication-key
Description
This command sets the authentication password to be passed between RIP neighbors.
The authentication type and authentication key must match exactly to authenticate and then process the RIP message.
The no form of this command removes the authentication password from the configuration and disables authentication.
Default
no authentication-key
Parameters
- authentication-key
-
The authentication key. The key can be any combination of ASCII characters up to 16 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 33 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>router>ldp>tcp-session-params>peer-transport authentication-key)
[Tree] (config>router>ldp>tcp-session-params authentication-key)
Full Context
configure router ldp tcp-session-parameters peer-transport authentication-key
configure router ldp tcp-session-parameters authentication-key
Description
This command specifies the authentication key used to establish a session between LDP peers. Authentication uses the MD5 message-based digest. The peer address used in authentication must be the TCP session transport address. If one or more transport addresses used in the Hello adjacencies to the same peer LSR are different from the LSR-ID value, the user must add each transport address to the authentication-key configuration as a separate peer. As a result, when the TCP connection is bootstrapped by a specific Hello adjacency, the authentication can operate over that TCP connection by using its specific transport address. The per peer authentication configuration takes precedence over global authentication configuration, and authentication keychain configuration takes precedence over authentication key configuration.
The no form of this command disables authentication.
Parameters
- authentication-key
-
Specifies the authentication key. The key can be any combination of ASCII characters, up to 255 characters (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
Specifies the hash key. The key can be any combination of up to 33 alphanumeric characters. If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex, encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to the management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>router>rsvp>interface authentication-key)
Full Context
configure router rsvp interface authentication-key
Description
This command specifies the authentication key for use between RSVP neighbors to authenticate RSVP messages. Authentication uses the MD5 message-based digest.
When enabled on an RSVP interface, authentication of RSVP messages operates in both directions of the interface. A router maintains a security association using one authentication key for each interface to an RSVP neighbor.
An RSVP neighbor transmits an authenticating digest of the RSVP message that is computed using the shared authentication key and a keyed-hash algorithm. The message digest is included in an INTEGRITY object, which also contains a flags field, a key identifier field, and a sequence number field. An RSVP neighbor uses the key together with the authentication algorithm to process received RSVP messages. The RSVP MD5 authentication complies to the procedures for RSVP message generation in RFC 2747, RSVP Cryptographic Authentication.
The MD5 implementation does not support the authentication challenge procedures in RFC 2747.
The no form of this command disables authentication.
Default
no authentication-key - The authentication key value is the null string.
Parameters
- authentication-key
-
Specifies the authentication key. The key can be any combination of ASCII characters up to 16 characters in length (unencrypted). If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- hash-key
-
Specifies the hash key. The key can be any combination of up 33 alphanumeric characters. If spaces are used in the string, enclose the entire string in quotation marks (" ”)
This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>router>msdp>peer authentication-key)
[Tree] (config>router>msdp>group>peer authentication-key)
Full Context
configure router msdp peer authentication-key
configure router msdp group peer authentication-key
Description
This command configures a Message Digest 5 (MD5) authentication key to be used with a specific Multicast Source Discovery Protocol (MSDP) peering session. The authentication key must be configured per peer as such no global or group configuration is possible.
The no form of the command configures acceptance of all MSDP messages and disables the MD5 signature option authentication key.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies the authentication key. The key can be any combination of printable, 7-bit ASCII characters, up to 255 characters long in the config>router>msdp>peer context, or up to 127 characters long in the config>router>msdp>group>peer context. If the string contains special characters (#, $, spaces, and so on), enclose the entire string in quotation marks (" ”).
- hash-key
-
Specifies a hash key. The key can be any combination of ASCII characters up to 451 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, although, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [{hash | hash2 | custom}]
no authentication-key
Context
[Tree] (config>router>if>vrrp authentication-key)
Full Context
configure router interface vrrp authentication-key
Description
This command sets the simple text authentication key used to generate master VRRP advertisement messages and validates VRRP advertisements.
If simple text password authentication is not required, the authentication-key command is not required.
The command is configurable in both non-owner and owner vrrp nodal contexts.
The key parameter identifies the simple text password to be used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses an eight octet long string that is inserted into all transmitted VRRP advertisement messages and is compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The key string is case sensitive and is left justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field similarly holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with a 0 value in the corresponding octet.
If the command is re-executed with a different password key defined, the new key is used immediately.
The authentication-key command can be executed at anytime.
To change the current in-use password key on multiple virtual router instances:
Identify the current master.
-
Shutdown the virtual router instance on all backups.
-
Execute the authentication-key command on the master to change the password key.
-
Execute the authentication-key command and no shutdown command on each backup.
The no form of the command reverts to the default value.
Default
no authentication-key — The authentication key value is the null string.
Parameters
- authentication-key
-
The authentication key. Allowed values are any string up to 8 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- hash-key
-
The hash key. The key can be any combination of ASCII characters up to 22 (hash-key1) or 121 (hash-key2) characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key key-id key key [hash | hash2 | custom] type {des | message-digest}
no authentication-key key-id
Context
[Tree] (config>system>time>ntp authentication-key)
Full Context
configure system time ntp authentication-key
Description
This command sets the authentication key-id, type and key used to authenticate NTP PDUs sent to or received by other network elements participating in the NTP protocol. For authentication to work, the authentication key-id, type and key value must match.
The no form of the command removes the authentication key.
Parameters
- key-id
-
Configures the authentication key-id that will be used by the node when transmitting or receiving Network Time Protocol packets
Entering the authentication-key command with a key-id value that matches an existing configuration key will result in overriding the existing entry.
Recipients of the NTP packets must have the same authentication key-id, type, and key value in order to use the data transmitted by this node. This is an optional parameter.
- key
-
Specifies the authentication key associated with the configured key-id, the value configured in this parameter is the actual value used by other network elements to authenticate the NTP packet.
The key can be any combination of ASCII characters up to 32 characters for message-digest (md5) or 8 characters for des (length limits are unencrypted lengths). If spaces are used in the string, enclose the entire string in quotation marks (".”).
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
- type
-
Determines if DES or message-digest authentication is used.
This is a required parameter; either DES or message-digest must be configured.
- des
-
Specifies that DES authentication is used for this key. The des option is not permitted in FIPS-140-2 mode.
- message-digest
-
Specifies that MD5 authentication in accordance with RFC 2104 is used for this key.
Platforms
All
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>router>bgp>group>neighbor authentication-key)
[Tree] (config>router>bgp>group authentication-key)
[Tree] (config>router>bgp authentication-key)
Full Context
configure router bgp group neighbor authentication-key
configure router bgp group authentication-key
configure router bgp authentication-key
Description
This command configures the BGP authentication key.
Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD5 message based digest.
The no form of this command reverts to the default value.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies an authentication key. The key can be up to 255 characters (unencrypted).
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>router>isis authentication-key)
[Tree] (config>router>isis>level authentication-key)
Full Context
configure router isis authentication-key
configure router isis level authentication-key
Description
This command sets the authentication key used to verify PDUs sent by neighboring routers on the interface.
Neighboring routers use passwords to authenticate PDUs sent from an interface. For authentication to work, both the authentication key and the authentication type on a segment must match. The authentication-type command must also be included.
To configure authentication on the global level, configure this command in the config>router>isis context. When this parameter is configured on the global level, all PDUs are authenticated, including the hello PDU.
To override the global setting for a specific level, configure the authentication-key command in the config>router>isis>level context. When configured within the specific level, hello PDUs are not authenticated.
The no form of this command removes the authentication key.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies the authentication key. The key can be any combination of ASCII characters up to 255 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context
[Tree] (config>router>ospf>area>interface authentication-key)
[Tree] (config>router>ospf>area>virtual-link authentication-key)
Full Context
configure router ospf area interface authentication-key
configure router ospf area virtual-link authentication-key
Description
This command configures the password used by the OSPF interface or virtual link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.
All neighboring routers must use the same type of authentication and password for proper protocol communication. If authentication-type password is configured, this key must be configured.
By default, no authentication key is configured.
The no form of this command removes the authentication key.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies the authentication key. The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 22 characters (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [{hash | hash2 | custom}]
no authentication-key
Context
[Tree] (config>router>rip>group authentication-key)
[Tree] (config>router>rip authentication-key)
[Tree] (config>router>rip>group>neighbor authentication-key)
Full Context
configure router rip group authentication-key
configure router rip authentication-key
configure router rip group neighbor authentication-key
Description
This command sets the authentication password to be passed between RIP neighbors.
The authentication type and authentication key must match exactly for the RIP message to be considered authentic and processed.
The no form of the command removes the authentication password from the configuration and disables authentication.
Default
no authentication-key
Parameters
- authentication-key
-
Specifies the authentication key. Allowed values are any string up to 16 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- hash-key
-
Specifies the hash key. The key can be any combination of ASCII characters up to 33 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
Platforms
All
authentication-order
authentication-order
Syntax
authentication-order [method-1] [method-2] [method-3] [method-4] [exit-on-reject]
no authentication-order
Context
[Tree] (config>system>security>password authentication-order)
Full Context
configure system security password authentication-order
Description
This command configures the sequence in which password authentication, authorization, and accounting is attempted among the local user database, RADIUS servers, TACACS+ servers, and LDAP servers.
The authentication order should be from the most preferred authentication method to the least preferred. The presence of all methods in the command line does not guarantee that they are all operational. Specifying options that are not available delays user authentication.
If all (operational) methods are attempted and no authentication for a particular login has been granted, then an entry in the security log documents the failed attempt. Both the attempted login identification and originating IP address are logged with a timestamp.
The no form of this command reverts to the default authentication sequence.
The authentication-order is not applicable to SNMPv3. SNMPv3 messages ignore the configured authentication-order and are authorized using the locally configured users only. TACACS+, RADIUS, and LDAP are not supported for SNMPv3 authentication.
This command applies to a local user, in addition to users on RADIUS, TACACS, and LDAP.
Default
authentication-order radius tacplus ldap local
Parameters
- method-1
-
Specifies the first password authentication method to attempt.
- method-2
-
Specifies the second password authentication method to attempt.
- method-3
-
Specifies the third password authentication method to attempt.
- method-4
-
Specifies the fourth password authentication method to attempt.
- local
-
Specifies the password authentication based on the local password database.
- radius
-
Specifies RADIUS authentication.
- tacplus
-
Specifies TACACS+ authentication.
- ldap
-
Specifies LDAP authentication.
- exit-on-reject
-
When enabled and if one of the AAA methods configured in the authentication order sends a reject, then the next method in the order will not be tried. If the exit-on-reject keyword is not specified and if one AAA method sends a reject, the next AAA method will be attempted. If in this process, all the AAA methods are exhausted, it will be considered as a reject.
A rejection is distinct from an unreachable authentication server. When the exit-on-reject keyword is specified, authorization and accounting will only use the method that provided an affirmation authentication; only if that method is no longer readable or is removed from the configuration will other configured methods be attempted. If the local keyword is the first authentication and:
-
exit-on-reject is configured and the user does not exist, the user is not authenticated
-
the user is authenticated locally, then other methods, if configured, it is used for authorization and accounting
-
the user is configured locally but without console access, login is denied
-
Platforms
All
authentication-origin
authentication-origin
Syntax
authentication-origin
Context
[Tree] (config>subscr-mgmt authentication-origin)
Full Context
configure subscriber-mgmt authentication-origin
Description
Commands in this context configure a subscriber’s authentication origin.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-over-bypass
authentication-over-bypass
Syntax
authentication-over-bypass [enable | disable]
Context
[Tree] (config>router>rsvp authentication-over-bypass)
Full Context
configure router rsvp authentication-over-bypass
Description
This command configures the MD5 authentication over the bypass LSP of all Point of Local Repairs (PLRs) and Merge Points (MPs) on the router. Only enable this command when the TE interfaces in the RSVP-TE network use the same MD5 authentication parameters.
When a Point of Local Repair (PLR) activates a bypass LSP towards a Merge Point (MP), by default, the INTEGRITY object corresponding to the bypass LSP interface is not added to a transmitted RSVP message except for packets of routed RSVP messages (Resv, Srefresh, and ACK), and only when the packet is intended for a bypass LSP endpoint (PLR or MP) that is a directly connected neighbor.
When this command is enabled, the INTEGRITY object of the interface corresponding to the bypass LSP is added to a transmitted RSVP message regardless of whether the bypass LSP endpoint (PLR or MP) is a directly connected RSVP neighbor. The INTEGRITY object is included with the following RSVP messages: Path, PathTear, PathErr, Resv, ResvTear, ResvErr, Srefresh, and ACK.
In all cases, an RSVP message received from a PLR or a MP (sender address in the SenderTemplate/FilterSpec is different from an Extended Tunnel Id in a Session Object), and which includes the INTEGRITY object is authenticated against the bypass LSP interface. An RSVP message received from a PLR or MP without the INTEGRITY object is also accepted.
Default
authentication-over-bypass disable
Parameters
- enable
-
Enables the MD5 authentication over the bypass LSP of all PLRs on the node.
- disable
-
Disables the MD5 authentication over the bypass LSP of all PLRs on the node.
Platforms
All
authentication-policy
authentication-policy
Syntax
authentication-policy auth-policy-name
no authentication-policy
Context
[Tree] (config>service>vprn>l2tp>group>ppp authentication-policy)
[Tree] (config>router>l2tp>group>tunnel>ppp authentication-policy)
[Tree] (config>service>vprn>l2tp>group>tunnel>ppp authentication-policy)
[Tree] (config>router>l2tp>group>ppp authentication-policy)
Full Context
configure service vprn l2tp group ppp authentication-policy
configure router l2tp group tunnel ppp authentication-policy
configure service vprn l2tp group tunnel ppp authentication-policy
configure router l2tp group ppp authentication-policy
Description
This command configures the RADIUS authentication policy that will be used to authenticate PPP sessions on the LNS.
The no form of this command reverts to the default value.
Default
no authentication-policy
Parameters
- auth-policy-name
-
Specifies the authentication policy name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-policy
Syntax
authentication-policy name [create]
no authentication-policy
Context
[Tree] (config>subscr-mgmt authentication-policy)
Full Context
configure subscriber-mgmt authentication-policy
Description
This command creates a RADIUS authentication policy containing parameters to authenticate subscriber sessions. The policies can be applies to an IES or VPRN interface or group interface, or a VPLS SAP.
The no form of this command removes the policy from the configuration.
Parameters
- name
-
Specifies the name of the authentication profile. The string is case sensitive and limited to 32 ASCII 7-bit printable characters.
- create
-
Keyword used to create the authentication policy. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-policy
Syntax
authentication-policy name
no authentication-policy
Context
[Tree] (config>service>vprn>if authentication-policy)
[Tree] (config>service>ies>sub-if>grp-if authentication-policy)
[Tree] (config>service>vprn>sub-if>grp-if authentication-policy)
[Tree] (config>service>ies>if authentication-policy)
Full Context
configure service vprn interface authentication-policy
configure service ies subscriber-interface group-interface authentication-policy
configure service vprn subscriber-interface group-interface authentication-policy
configure service ies interface authentication-policy
Description
This command assigns a RADIUS authentication policy to the interface.
The no form of this command removes the policy from the interface configuration.
Parameters
- name
-
Specifies the authentication policy name.
Platforms
All
- configure service ies interface authentication-policy
- configure service vprn interface authentication-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface authentication-policy
- configure service ies subscriber-interface group-interface authentication-policy
authentication-policy
Syntax
authentication-policy name
no authentication-policy
Context
[Tree] (config>service>vpls>sap authentication-policy)
Full Context
configure service vpls sap authentication-policy
Description
For a regular SAP (bridged CO model), this command defines which subscriber authentication policy must be applied when a DHCP message is received on the interface. The authentication policies must already be defined. The policy is only applied when DHCP snooping is enabled on the SAP.
For a capture SAP, this command specifies the RADIUS authentication policy to use for subscriber session authentication when a valid trigger packet is received. The same authentication policy must be assigned on the group-interface where the MSAP for the subscriber session is created.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-policy
Syntax
authentication-policy policy-name
no authentication-policy
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>authentication authentication-policy)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>authentication authentication-policy)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range authentication authentication-policy
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range authentication authentication-policy
Description
This command assigns a RADIUS authentication policy configured under the aaa context for authenticating users on WLAN-GW ISA.
The no form of this command removes the policy from the configuration.
Parameters
- policy-name
-
Specifies the name of the authentication policy up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
authentication-policy
Syntax
authentication-policy name
no authentication-policy
Context
[Tree] (config>app-assure>group>transit-ip>radius authentication-policy)
Full Context
configure application-assurance group transit-ip-policy radius authentication-policy
Description
This command configures the RADIUS authentication-policy for the IP transit policy.
Default
no authentication-policy
Parameters
- name
-
Specifies the authentication policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
authentication-type
authentication-type
Syntax
authentication-type {none | password | message-digest | message-digest-20}
no authentication-type
Context
[Tree] (config>subscr-mgmt>rip-plcy authentication-type)
Full Context
configure subscriber-mgmt rip-policy authentication-type
Description
This command sets the type of authentication to be used between RIP neighbors. The type and password must match exactly for the RIP message to be considered authentic and processed.
The no form of this command removes the authentication type from the configuration and effectively disables authentication.
Parameters
- none
-
Disables authentication at a given level (global, group, neighbor). If the command does not exist in the configuration, the parameter is inherited.
- password
-
Specifies enable simple password (plain text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
- message-digest
-
Configures 16 byte message digest for MD5 authentication. If this option is configured, then at least one message-digest-key must be configured.
- message-digest-20
-
Configures 20 byte message digest for MD5 authentication in accordance with RFC 2082, RIP-2 MD5 Authentication. If this option is configured, then at least one message-digest-key must be configured.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
authentication-type
Syntax
authentication-type {password | message-digest}
no authentication
Context
[Tree] (config>service>vprn>isis>level authentication-type)
[Tree] (config>service>vprn>isis authentication-type)
Full Context
configure service vprn isis level authentication-type
configure service vprn isis authentication-type
Description
This command enables either simple password or message digest authentication or must go in either the global IS-IS or IS-IS level context.
Both the authentication key and the authentication type on a segment must match. The authentication-key statement must also be included.
Configure the authentication type on the global level in the config>router>isis context.
Configure or override the global setting by configuring the authentication type in the config>router>isis>level context.
The no form of this command disables authentication.
Default
no authentication-type — No authentication type is configured and authentication is disabled.
Parameters
- password
-
Specifies that simple password (plain text) authentication is required.
- message-digest
-
Specifies that MD5 authentication in accordance with RFC2104 is required.
Platforms
All
authentication-type
Syntax
authentication-type {password | message-digest}
no authentication-type
Context
[Tree] (config>service>vprn>ospf>area>sham-link authentication-type)
[Tree] (config>service>vprn>ospf>area>virtual-link authentication-type)
[Tree] (config>service>vprn>ospf>area>if authentication-type)
Full Context
configure service vprn ospf area sham-link authentication-type
configure service vprn ospf area virtual-link authentication-type
configure service vprn ospf area interface authentication-type
Description
This command enables authentication and specifies the type of authentication to be used on the OSPF interface, virtual-link, and sham-link.
This command is not valid in the OSPF3 context.
Both simple password and message-digest authentication are supported.
The no form of this command disables authentication on the interface.
Default
no authentication-type — No authentication is enabled on an interface.
Parameters
- password
-
This keyword enables simple password (plain text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
- message-digest
-
This keyword enables message digest MD5 authentication in accordance with RFC1321. If this option is configured, then at least one message-digest-key must be configured.
Platforms
All
authentication-type
Syntax
authentication-type {none | password | message-digest | message-digest-20}
no authentication-type
Context
[Tree] (config>service>vprn>rip authentication-type)
[Tree] (config>service>vprn>rip>group authentication-type)
[Tree] (config>service>vprn>rip>group>neighbor authentication-type)
Full Context
configure service vprn rip authentication-type
configure service vprn rip group authentication-type
configure service vprn rip group neighbor authentication-type
Description
This command defines the type of authentication used between RIP neighbors. The type and password must match exactly to authenticate and then process the RIP message.
The no form of this command removes the authentication type from the configuration and effectively disables authentication.
Default
no authentication-type
Parameters
- none
-
No authentication is used.
- password
-
A simple cleartext password is sent.
- message-digest
-
MD5 authentication is used.
- message-digest-20
-
MD20 authentication is used.
Platforms
All
authentication-type
Syntax
authentication-type {password | message-digest}
no authentication
Context
[Tree] (config>router>isis>level authentication-type)
[Tree] (config>router>isis authentication-type)
Full Context
configure router isis level authentication-type
configure router isis authentication-type
Description
This command enables either simple password or message digest authentication or must go in either the global IS-IS or IS-IS level context.
Both the authentication key and the authentication type on a segment must match. The authentication-key statement must also be included.
Configure the authentication type on the global level in the config>router>isis context.
Configure or override the global setting by configuring the authentication type in the config>router>isis>level context.
The no form of this command disables authentication.
Parameters
- password
-
Specifies that simple password (plain text) authentication is required.
- message-digest
-
Specifies that MD5 authentication in accordance with RFC2104 is required.
Platforms
All
authentication-type
Syntax
authentication-type {password | message-digest}
no authentication-type
Context
[Tree] (config>router>ospf>area>interface authentication-type)
[Tree] (config>router>ospf>area>virtual-link authentication-type)
Full Context
configure router ospf area interface authentication-type
configure router ospf area virtual-link authentication-type
Description
This command enables authentication and specifies the type of authentication to be used on the OSPF interface.
Both simple password and message-digest authentication are supported.
By default, authentication is not enabled on an interface.
The no form of this command disables authentication on the interface.
Default
no authentication-type
Parameters
- password
-
Enables the simple password (plain text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
- message-digest
-
Enables message digest MD5 authentication in accordance with RFC1321. If this option is configured, then at least one message-digest-key must be configured.
Platforms
All
authentication-type
Syntax
authentication-type {none | password | message-digest | message-digest-20}
no authentication-type
Context
[Tree] (config>router>rip>group authentication-type)
[Tree] (config>router>rip>group>neighbor authentication-type)
[Tree] (config>router>rip authentication-type)
Full Context
configure router rip group authentication-type
configure router rip group neighbor authentication-type
configure router rip authentication-type
Description
This command sets the type of authentication to be used between RIP neighbors.
The type and password must match exactly for the RIP message to be considered authentic and processed.
The no form of the command removes the authentication type from the configuration and effectively disables authentication.
Default
no authentication-type
Parameters
- none
-
The none parameter explicitly disables authentication at a given level (global, group, neighbor). If the command does not exist in the configuration, the parameter is inherited.
- password
-
Specifies that the password enables simple password (plain text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
- message-digest
-
Configures 16 byte message digest for MD5 authentication. If this option is configured, then at least one message-digest-key must be configured.
- message-digest-20
-
Configures 20 byte message digest for MD5 authentication in accordance with RFC 2082, RIP-2 MD5 Authentication. If this option is configured, then at least one message-digest-key must be configured.
Platforms
All
authenticator-init
authenticator-init
Syntax
[no] authenticator-init
Context
[Tree] (config>port>ethernet>dot1x>per-host-authentication authenticator-init)
Full Context
configure port ethernet dot1x per-host-authentication authenticator-init
Description
This command configures the authenticator-initiated mode of the host.
The no form of this command disables the authenticator-initiated mode of the host.
Default
authenticator-init
Platforms
All
authorization
authorization
Syntax
authorization
Context
[Tree] (config>system>security>cli-script authorization)
Full Context
configure system security cli-script authorization
Description
Commands in this context authorize CLI script execution.
Platforms
All
authorization
Syntax
[no] authorization
Context
[Tree] (config>service>vprn>aaa>remote-servers>radius authorization)
Full Context
configure service vprn aaa remote-servers radius authorization
Description
This command configures RADIUS authorization parameters for the system.
Default
no authorization
Platforms
All
authorization
Syntax
[no] authorization
Context
[Tree] (config>system>security>radius authorization)
Full Context
configure system security radius authorization
Description
This command configures RADIUS authorization parameters for the system.
Default
no authorization
Platforms
All
authorization
Syntax
[no] authorization [use-priv-lvl]
Context
[Tree] (config>system>security>tacplus authorization)
[Tree] (config>service>vprn>aaa>remote-servers>tacplus authorization)
Full Context
configure system security tacplus authorization
configure service vprn aaa remote-servers tacplus authorization
Description
This command controls how TACACS+ is used for command authorization.
If this command is enabled without the use-priv-lvl option, then each command is sent to the TACACS+ server for authorization (this is true whether the tacplus use-default-template setting is enabled or not).
If the tacplus authorization command is disabled, and the tacplus use-default-template setting is enabled, then the local profile in the user-template tacplus_default is used for command authorization.
Default
no authorization
Parameters
- use-priv-lvl
-
Automatically performs a single authorization request to the TACACS+ server for cmd* (all commands) immediately after login, and then use the local profile associated (via the priv-lvl-map) with the priv-lvl returned by the TACACS+ server for all subsequent authorization (except enable-admin). After the initial authorization for cmd*, no further authorization requests are sent to the TACACS+ server (except enable-admin). If the TACACS+ server does not return a priv-lvl for a user, the profile from the user-template tacplus_default is used for command authorization (as long as tacplus use-default-template is enabled, otherwise all commands are rejected).
Platforms
All
authorized-only
authorized-only
Syntax
[no] authorized-only
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state authorized-only)
Full Context
configure subscriber-mgmt wlan-gw ue-query state authorized-only
Description
This command enables matching on UEs in an authorized state.
The no form of this command disables matching on UEs in an authorized state, unless all state matching is disabled.
Default
no authorized-only
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
auto-bandwidth
auto-bandwidth
Syntax
[no] auto-bandwidth
Context
[Tree] (config>router>mpls>lsp auto-bandwidth)
[Tree] (config>router>mpls>lsp-template auto-bandwidth)
Full Context
configure router mpls lsp auto-bandwidth
configure router mpls lsp-template auto-bandwidth
Description
This command enables (and the no form disables) automatic adjustments of LSP bandwidth.
Auto-bandwidth at the LSP level cannot be executed unless adaptive is configured in the config>router>mpls>lsp context.
Default
no auto-bandwidth
Platforms
All
auto-bandwidth-multipliers
auto-bandwidth-multipliers
Syntax
auto-bandwidth-multipliers sample-multiplier number1 adjust-multiplier number2
no auto-bandwidth-multipliers
Context
[Tree] (config>router>mpls auto-bandwidth-multipliers)
Full Context
configure router mpls auto-bandwidth-multipliers
Description
This command specifies the number of collection intervals in the adjust interval.
Default
auto-bandwidth-multipliers sample-multiplier 1 adjust-multiplier 288
Parameters
- sample-multiplier number1
-
Specifies the multiplier for collection intervals in a sample interval.
- adjust-multiplier number2
-
Specifies the number of collection intervals in the adjust interval.
Platforms
All
auto-bind-tunnel
auto-bind-tunnel
Syntax
auto-bind-tunnel
Context
[Tree] (config>service>epipe>bgp-evpn>mpls auto-bind-tunnel)
[Tree] (config>service>vpls>bgp-evpn>mpls auto-bind-tunnel)
[Tree] (config>service>vprn>bgp-evpn>mpls auto-bind-tunnel)
[Tree] (config>service>vprn>bgp-ipvpn>mpls auto-bind-tunnel)
Full Context
configure service epipe bgp-evpn mpls auto-bind-tunnel
configure service vpls bgp-evpn mpls auto-bind-tunnel
configure service vprn bgp-evpn mpls auto-bind-tunnel
configure service vprn bgp-ipvpn mpls auto-bind-tunnel
Description
Commands in this context configure automatic binding of a VPRN service using tunnels to MP-BGP peers.
The auto-bind-tunnel node is simply a context to configure the binding of BGP IPVPN or EVPN routes to tunnels. The user must configure the resolution option to enable auto-bind resolution to tunnels in TTM. If the resolution option is explicitly set to disabled, the auto-binding to tunnel is removed.
If resolution is set to any, any supported tunnel type in the Epipe/VPRN/VPLS context is selected following TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, then only these tunnel types are selected again following the TTM preference.
The user must set resolution to filter in order to activate the list of tunnel-types configured under resolution-filter.
In VPRN services and for BGP-IPVPN, when an explicit SDP to a BGP next hop is configured (config>service>vprn>spoke-sdp), it overrides the auto-bind-tunnel selection for that BGP next hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke-sdp in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next hop.
Platforms
All
auto-boot
auto-boot
Syntax
auto-boot [management-port] [inband [ vlan vlan-id | vlan-discovery]] [ipv4] [ipv6] [client-identifier {string ascii-string | hex hex-string | chassis-mac}] [include-user-class] [timeout minutes]
auto-boot ospf [neid neid-hex-string] [vendor-id vendor-id] [neip-ipv4 ip-address] [neip-ipv6 ipv6-address] [port-mtu mtu-bytes] [ospf-mtu ip-mtu-bytes] [vlan vlan-id] [timeout minutes]
no auto-boot
Context
[Tree] (bof auto-boot)
Full Context
bof auto-boot
Description
This command enables the auto-boot flag in the BOF and configures the auto-boot options for ZTP. When modifying auto-boot options using CLI, all required options must be explicitly configured, as the default cases will no longer be used.
The no form of this command disables the auto-boot flag.
Default
no auto-boot
Parameters
- management-port
-
Specifies that the out-of-band management port (Mgmt port) should be used for ZTP.
- inband
-
Specifies that in-band management through an Ethernet port should be used for ZTP. Unless the vlan-discovery flag is used, the inband option disables VLAN discovery.
- vlan-id
-
Specifies an in-band VLAN to use for the auto-boot process.
- vlan-discovery
-
Floods all VLANs (1 to 4094) with DHCP discovery messages and is supported only on inband ports. The first offer received on a specific VLAN is processed.
- ipv4
-
Enables IPv4 DHCP discovery. This parameter is mandatory if the ipv6 parameter is not specified.
- ipv6
-
Enables IPv6 DHCP solicitation. This parameter is mandatory if the ipv4 parameter is not specified.
- ascii-string
-
Specifies a DHCP client identification string, up to 58 ASCII characters, to be used for Option 61 (IPv4) or Option 1 (IPv6).
- hex-string
-
Specifies a DHCP client identification string, up to 116 hexadecimal nibbles, to be used for Option 61 (IPv4) or Option 1 (IPv6).
- chassis-mac
-
Specifies that the chassis MAC address should be used as the DHCP client identification string for Option 61 (IPv4) or Option 1 (IPv6).
- include-user-class
-
Specifies that Option 77 should be included in DHCP messages.
- client-identifier
-
Specifies that a custom client ID should be used in network discovery requests.
- minutes
-
Specifies the time interval after which, if the auto-boot process is unsuccessful (in the case of auto-boot using OSPF, if no OSPF adjacency is found), the node is rebooted and the auto-boot process is retried.
- ospf
-
Specifies that OSPF auto-discovery should be used.
- neid-hex-string
-
Specifies a hexadecimal network element identification string.
- ip-address
-
Specifies the IPv4 address for the network element.
- ipv6-address
-
Specifies the IPv6 address for the network element.
- vendor-id
-
Specifies the vendor identification number. The number 140 corresponds to "Nokia”.
- ip-mtu-bytes
-
Specifies the OSPF MTU in bytes.
- mtu-bytes
-
Specifies the port MTU in bytes.
Platforms
7450 ESS-7, 7750 SR-1, 7750 SR-7, 7750 SR-1e, 7750 SR-2e, 7750 SR-s
auto-config
auto-config
Syntax
[no] auto-config
Context
[Tree] (config>service>epipe>spoke-sdp-fec auto-config)
Full Context
configure service epipe spoke-sdp-fec auto-config
Description
This command enables single sided automatic endpoint configuration of the spoke SDP. The router acts as the passive T-PE for signaling this MS-PW.
Automatic Endpoint Configuration allows the configuration of a spoke SDP endpoint without specifying the TAII associated with that spoke SDP. It allows a single-sided provisioning model where an incoming label mapping message with a TAII that matches the SAII of that spoke SDP to be automatically bound to that endpoint. In this mode, the far end T-PE actively initiates MS-PW signaling and will send the initial label mapping message using T-LDP, while the router T-PE for which auto-config is specified will act as the passive T-PE.
The auto-config command is blocked in CLI if signaling active has been enabled for this spoke SDP. It is only applicable to spoke SDPs configured under the Epipe, IES and VPRN interface context.
The no form of this command means that the router T-PE either acts as the active T-PE (if signaling active is configured) or automatically determines which router will initiate MS-PW signaling based on the prefix values configured in the SAII and TAII of the spoke SDP. If the SAII has the greater prefix value, then the router will initiate MS-PW signaling without waiting for a label mapping message from the far end. However, if the TAII has the greater value prefix, then the router will assume that the far end T-PE will initiate MS-PW signaling and will wait for that label mapping message before responding with a T-LDP label mapping message for the MS-PW in the reverse direction.
Default
no auto-config
Platforms
All
auto-config-save
auto-config-save
Syntax
[no] auto-config-save
Context
[Tree] (config>system>management-interface>cli>md-cli auto-config-save)
Full Context
configure system management-interface cli md-cli auto-config-save
Description
This command enables the functionality to automatically write the running configuration to the saved configuration file as part of a successful commit operation.
The no form of this command disables this functionality.
Default
auto-config-save
Platforms
All
auto-config-save
Syntax
[no] auto-config-save
Context
[Tree] (config>system>netconf auto-config-save)
Full Context
configure system netconf auto-config-save
Description
This command enables the functionality to automatically write the running configuration to the saved configuration file as part of a successful commit operation.
The no form of this command disables this functionality.
Default
auto-config-save
Platforms
All
auto-config-save
Syntax
[no] auto-config-save
Context
[Tree] (config>system>grpc>gnmi auto-config-save)
Full Context
configure system grpc gnmi auto-config-save
Description
This command enables the functionality to automatically write the running configuration to the saved configuration file as part of a successful commit operation.
The no form of this command disables this functionality.
Default
auto-config-save
Platforms
All
auto-creation
auto-creation
Syntax
[no] auto-creation
Context
[Tree] (config>qos>fp-resource-policy>aggregate-shapers auto-creation)
Full Context
configure qos fp-resource-policy aggregate-shapers auto-creation
Description
This command enables the auto-creation of hardware aggregate shapers on the specified FP. After enabling, the corresponding FP is rebooted.
The no version of this command disables auto-creation of hardware aggregate shapers.
Default
no auto-creation
Platforms
7750 SR-1, 7750 SR-s
auto-crl-update
auto-crl-update
Syntax
auto-crl-update [create]
no auto-crl-update
Context
[Tree] (config>system>security>pki>ca-prof auto-crl-update)
Full Context
configure system security pki ca-profile auto-crl-update
Description
This command creates an auto CRL update configuration context with the create parameter, or enters the auto-crl-update configuration context without the create parameter.
This mechanism auto downloads a CRL file from a list of configured HTTP URLs either periodically or before existing CRL expires. If the downloaded CRL is more recent than the existing one, then the existing one will be replaced.
The configured URL must point to a DER encoded CRL file.
Parameters
- create
-
Creates an auto CRL update for the ca-profile.
Platforms
All
auto-crl-update
Syntax
[no] auto-crl-update
Context
[Tree] (debug>certificate auto-crl-update)
Full Context
debug certificate auto-crl-update
Description
This command enables trace for automated and manual CRL updates.
Platforms
All
auto-disc-route-advertisement
auto-disc-route-advertisement
Syntax
[no] auto-disc-route-advertisement
Context
[Tree] (config>service>vpls>bgp-evpn>vxlan auto-disc-route-advertisement)
Full Context
configure service vpls bgp-evpn vxlan auto-disc-route-advertisement
Description
This command enables sending route advertisements on auto-discovery.
The no form of this command disables sending route advertisements on auto-discovery.
Default
no auto-disc-route-advertisement
Platforms
All
auto-discovery
auto-discovery
Syntax
auto-discovery [default | mdt-safi] [source-address ip-address]
Context
[Tree] (config>service>vprn>mvpn auto-discovery)
Full Context
configure service vprn mvpn auto-discovery
Description
This command enables MVPN membership auto-discovery through BGP. When auto-discovery is enabled, PIM peering on the inclusive provider tunnel is disabled. Changing auto-discovery configuration requires shutdown of this VPRN instance.
The no form of this command disables MVPN membership auto-discovery through BGP.
Default
auto-discovery default
Parameters
- default
-
Enables AD route exchange based on format defined in NG-MVPN (RFC6514).
- mdt-safi
-
Enables AD route exchange based on mdt-safi format defined in draft-rosen-vpn-mcast.
This command optionally specifies a source-address - an IP address to be used by Rosen MVPN or NG-MVPN for core diversity, non-default IGP instances (not using system IP). Two unique IP addresses for PIM or GRE MVPNs are supported. The two unique IP address restriction does not apply to MVPNs with MPLS tunnels (for example, RSVP and MLDP). For instances using default System IP, source address configuration should not be specified to avoid consuming one of the addresses.
Explicitly defining a source-address allows GRE-encapsulated Rosen MVPN or NG-MVPN multicast traffic (Default and Data MDT) to originate from a configured IP address, so the source IP address of the GRE packets will not be the default system IP address.
Value:
- ip-address
-
An IPv4 address. To achieve the desired functionality the address should be a pre-configured non-default ISIS or OSPF loopback address for an IGP instance using loopback address different from the system IP loopback.
Platforms
All
auto-discovery
Syntax
auto-discovery [default]
no auto-discovery
Context
[Tree] (config>router>pim>gtm auto-discovery)
Full Context
configure router pim gtm auto-discovery
Description
This command enables multicast auto-discovery over BGP for GTM.
The no form of this command disables auto-discovery.
Default
no auto-discovery
Parameters
- default
-
Enables the default auto-discovery mode.
Platforms
All
auto-discovery-disable
auto-discovery-disable
Syntax
[no] auto-discovery-disable
Context
[Tree] (config>service>vprn>mvpn>pt>selective auto-discovery-disable)
Full Context
configure service vprn mvpn provider-tunnel selective auto-discovery-disable
Description
This command disables C-trees to P-tunnel binding auto-discovery through BGP so it is signaled using PIM join TLVs.
This command requires the c-mcast-signaling parameter to be set to PIM.
For multi-stream S-PMSI, this command must be enabled for BGP auto-discovery to function.
The no form of this command enables multicast VPN membership auto-discovery through BGP.
Default
auto-discovery-disable
Platforms
All
auto-eap-method
auto-eap-method
Syntax
auto-eap-method {psk | cert | psk-or-cert}
Context
[Tree] (config>ipsec>ike-policy auto-eap-method)
Full Context
configure ipsec ike-policy auto-eap-method
Description
This command enables following behavior for IKEv2 remote-access tunnel when auth-method is configured as auto-eap-radius:
-
If there is no AUTH payload in IKE_AUTH request, then system use EAP to authenticate client and also will own-auth-method to generate AUTH payload.
-
If there is AUTH payload in IKE_AUTH request:
-
if auto-eap-method is psk, then system proceed as auth-method:psk-radius
-
if auto-eap-method is cert, then system proceed as auth-method:cert-radius
-
if auto-eap-method is psk-or-cert, then:
-
if the "Auth Method" field of AUTH payload is PSK, then system proceed as auth-method:psk-radius
-
if the "Auth Method" field of AUTH payload is RSA or DSS, then system proceed as auth-method:cert-radius
-
-
The system will use auto-eap-own-method to generate AUTH payload.
-
This command only applies when auth-method is configured as auto-eap-radius.
Default
auto-eap-method cert
Parameters
- psk
-
Uses the pre-shared-key as the authentication method.
- cert
-
Uses the certificate as the authentication method.
- psk-or-cert
-
Uses either the pre-shared-key or certificate based on the "Auth Method” field of the received AUTH payload.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
auto-eap-own-method
auto-eap-own-method
Syntax
auto-eap-own-method {psk | cert}
Context
[Tree] (config>ipsec>ike-policy auto-eap-own-method)
Full Context
configure ipsec ike-policy auto-eap-own-method
Description
This command enables following behavior for IKEv2 remote-access tunnel when auth-method is configured as auto-eap-radius:
-
If there is no AUTH payload in IKE_AUTH request, then system use EAP to authenticate client and also will own-auth-method to generate AUTH payload.
-
If there is AUTH payload in IKE_AUTH request:
-
if auto-eap-method is psk, then system proceed as auth-method:psk-radius.
-
if auto-eap-method is cert, then system proceed as auth-method:cert-radius.
-
if auto-eap-method is psk-or-cert, then:
-
if the "Auth Method" field of AUTH payload is PSK, then system proceed as auth-method:psk-radius.
-
if the "Auth Method" field of AUTH payload is RSA or DSS, then system proceed as auth-method:cert-radius.
-
-
The system will use auto-eap-own-method to generate AUTH payload.
-
This command only applies when auth-method is configured as auto-eap-radius.
Default
auto-eap-own-method cert
Parameters
- psk
-
Uses a pre-shared-key to generate AUTH payload.
- cert
-
Uses a public/private key to generate AUTH payload.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
auto-edge
auto-edge
Syntax
[no] auto-edge
Context
[Tree] (config>service>vpls>spoke-sdp>stp auto-edge)
[Tree] (config>service>template>vpls-sap-template>stp auto-edge)
[Tree] (config>service>vpls>sap>stp auto-edge)
Full Context
configure service vpls spoke-sdp stp auto-edge
configure service template vpls-sap-template stp auto-edge
configure service vpls sap stp auto-edge
Description
This command configures automatic detection of the edge port characteristics of the SAP or spoke-SDP.
If auto-edge is enabled, and STP concludes there is no bridge behind the spoke-SDP, the OPER_EDGE variable will dynamically be set to true. If auto-edge is enabled, and a BPDU is received, the OPER_EDGE variable will dynamically be set to true (see edge-port [config>service>vpls>sap>stp edge-port, config>service>template>vpls-sap-template>stp edge-port, config>service>vpls>spoke-sdp>stp edge-port]).
The no form of this command returns the auto-detection setting to the default value.
Default
auto-edge
Platforms
All
auto-edge
Syntax
[no] auto-edge
Context
[Tree] (config>service>pw-template>stp auto-edge)
Full Context
configure service pw-template stp auto-edge
Description
This command configures automatic detection of the edge port characteristics of the SAP or spoke SDP.
If auto-edge is enabled, and STP concludes there is no bridge behind the spoke SDP, the OPER_EDGE variable will dynamically be set to true. If auto-edge is enabled, and a BPDU is received, the OPER_EDGE variable will dynamically be set to true (see config>service>pw-template>stp edge-port).
The no form of this command returns the auto-detection setting to the default value.
Default
auto-edge
Platforms
All
auto-esi
auto-esi
Syntax
auto-esi {none | type-1}
Context
[Tree] (config>service>system>bgp-evpn>eth-seg auto-esi)
Full Context
configure service system bgp-evpn ethernet-segment auto-esi
Description
This command configures the auto-ESI type to use in the Ethernet segment (ES).
The default mode is none and forces the user to configure a manual ESI. When type-1 is configured, a manual ESI cannot be configured and the ESI is auto-derived in accordance with the RFC 7432 ESI type 1 definition.
An ESI type 1 encodes 0x01 in the ESI type octet (T=0x01) and indicates that IEEE 802.1AX LACP is used between the PEs and CEs.
The ESI is auto-derived from the LACP PDUs by concatenating the following parameters:
-
CE LACP system MAC address (6 octets)
The CE LACP system MAC address is encoded in the high-order 6 octets of the ESI value field.
-
CE LACP port Key (2 octets)
The CE LACP port key is encoded in the 2 octets next to the system MAC address.
-
the remaining octet is set to 0x00.
Parameters
- type-1
-
Specifies an auto-generated ESI value.
- none
-
Specifies the configuration of a manual ESI.
Platforms
All
auto-establish
auto-establish
Syntax
[no] auto-establish
Context
[Tree] (config>router>l2tp>group>tunnel auto-establish)
Full Context
configure router l2tp group tunnel auto-establish
Description
This command specifies if this tunnel is to be automatically set up by the system.
Default
no auto-establish
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auto-establish
Syntax
[no] auto-establish
Context
[Tree] (config>service>vprn>l2tp>group>tunnel auto-establish)
Full Context
configure service vprn l2tp group tunnel auto-establish
Description
This command specifies if this tunnel is to be automatically set up by the system.
Default
no auto-establish
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auto-establish
Syntax
[no] auto-establish
Context
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn auto-establish)
[Tree] (config>ipsec>trans-mode-prof>dyn auto-establish)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn auto-establish)
[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn auto-establish)
[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn auto-establish)
Full Context
configure service ies interface ipsec ipsec-tunnel dynamic-keying auto-establish
configure ipsec ipsec-transport-mode-profile dynamic-keying auto-establish
configure service vprn interface ipsec ipsec-tunnel dynamic-keying auto-establish
configure router interface ipsec ipsec-tunnel dynamic-keying auto-establish
configure service vprn interface sap ipsec-tunnel dynamic-keying auto-establish
Description
This command enables automatic attempts to establish a phase 1 exchange.
The system automatically establishes a phase 1 SA as soon as the tunnel is provisioned and enabled (no shutdown). This option should only be configured on one side of the tunnel.
Any associated static routes remains up as long as the tunnel is up, even though it may actually be operationally down according to the CLI.
The no form of this command disables the automatic attempts to establish a phase 1 exchange.
Default
no auto-establish
Platforms
VSR
- configure service vprn interface ipsec ipsec-tunnel dynamic-keying auto-establish
- configure service ies interface ipsec ipsec-tunnel dynamic-keying auto-establish
- configure router interface ipsec ipsec-tunnel dynamic-keying auto-establish
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ipsec-tunnel dynamic-keying auto-establish
- configure ipsec ipsec-transport-mode-profile dynamic-keying auto-establish
auto-learn-mac-protect
auto-learn-mac-protect
Syntax
[no] auto-learn-mac-protect
Context
[Tree] (config>service>vpls>endpoint auto-learn-mac-protect)
[Tree] (config>service>pw-template>split-horizon-group auto-learn-mac-protect)
Full Context
configure service vpls endpoint auto-learn-mac-protect
configure service pw-template split-horizon-group auto-learn-mac-protect
Description
This command enables the automatic protection of source MAC addresses learned on the associated object. MAC protection is used in conjunction with the restrict-protected-src, restrict-unprotected-dst, and mac-protect commands. When auto-learn-mac-protect command is applied or removed, the MAC addresses are cleared from the related object.
When the auto-learn-mac-protect is enabled on an SHG the action only applies to the associated SAPs (no action is taken by default for spoke SDPs in the SHG). To enable this function for spoke SDPs within a SHG, the auto-learn-mac-protect command must be enabled explicitly under the spoke SDP. If required, the auto-learn-mac-protect command can also be enabled explicitly under specific SAPs within the SHG.
The no form of the command reverts to the default.
Default
no auto-learn-mac-protect
Platforms
All
auto-learn-mac-protect
Syntax
auto-learn-mac-protect [exclude-list name]
no auto-learn-mac-protect
Context
[Tree] (config>service>vpls>split-horizon-group auto-learn-mac-protect)
[Tree] (config>service>pw-template auto-learn-mac-protect)
[Tree] (config>service>vpls>spoke-sdp auto-learn-mac-protect)
[Tree] (config>service>vpls>mesh-sdp auto-learn-mac-protect)
[Tree] (config>service>vpls>sap auto-learn-mac-protect)
Full Context
configure service vpls split-horizon-group auto-learn-mac-protect
configure service pw-template auto-learn-mac-protect
configure service vpls spoke-sdp auto-learn-mac-protect
configure service vpls mesh-sdp auto-learn-mac-protect
configure service vpls sap auto-learn-mac-protect
Description
This command specifies whether to enable automatic population of the MAC protect list with source MAC addresses learned on the associated object under which the command is configured.
When configured, dynamically learned MAC Source Addresses (SA) are protected only if they are learned on an object with ALMP configured and there is no exclude list associated to the same object or if there is an exclude list but the MAC does not match any entry.
The same list can be used in multiple objects of the same or different service. If the list is empty, ALMP does not exclude any learned MAC from protection on the object.
The no form of the command disables the automatic population of the MAC protect list.
Default
auto-learn-mac-protect
Parameters
- name
-
Specifies the name of the exclude list, up to 32 characters.
Platforms
All
auto-lifetimes
auto-lifetimes
Syntax
[no] auto-lifetimes
Context
[Tree] (config>subscr-mgmt>rtr-adv-plcy>pfx-opt>stateful auto-lifetimes)
Full Context
configure subscriber-mgmt router-advertisement-policy prefix-options stateful auto-lifetimes
Description
This command adjusts the valid and preferred lifetime values of the router advertisement from the DHCP lease of the subscriber. Every router advertisement sent to the subscriber is derived from the DHCP lease in real time. The route advertisement is always sent on a DHCP Renew.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auto-lsp
auto-lsp
Syntax
auto-lsp lsp-template template-name {policy peer-prefix-policy [peer-prefix-policy] | one-hop}
no auto-lsp lsp-template template-name
Context
[Tree] (config>router>mpls auto-lsp)
Full Context
configure router mpls auto-lsp
Description
This command enables the automatic creation of an RSVP point-to-point LSP to a destination node whose router ID matches a prefix in the specified peer prefix policy. This LSP type is referred to as auto-LSP of type mesh.
The user can associate multiple templates with same or different peer prefix policies. Each application of an LSP template with a given prefix in the prefix list results in the instantiation of a single CSPF computed LSP primary path using the LSP template parameters as long as the prefix corresponds to a router ID for a node in the TE database. This command does not support the automatic signaling of a secondary path for an LSP. If the signaling of multiple LSPs to the same destination node is required, the user must apply a separate LSP template to the same or different prefix list that contains the same destination node. Each instantiated LSP will have a unique LSP ID and a unique tunnel ID. This command also does not support the signaling of a non-CSPF LSP. The selection of the no cspf option in the LSP template is blocked.
Up to five peer prefix policies can be associated with a given LSP template at all times. Each time the user runs the auto-lsp command with the same or different prefix policy associations, or the user changes a prefix policy associated with an LSP template, the system re-evaluates the prefix policy. The outcome of the re-evaluation tells MPLS if an existing LSP needs to be torn down or if a new LSP needs to be signaled to a destination address that is already in the TE database.
If a /32 prefix is added to (removed from) or if a prefix range is expanded (shrunk) in a prefix list associated with an LSP template, the preceding prefix policy re-evaluation is performed.
The user must perform a no shutdown of the template before the template takes effect. After a template is in use, the user must shut down the template before effecting any changes to the parameters, except for those LSP parameters for which the change can be handled with the Make-Before-Break (MBB) procedures. These parameters are bandwidth and enabling fast-reroute with or without the hop-limit or node-protect options. For all other parameters, the user must shut down the template, makes the change, and perform a no shutdown. This results in the existing instances of the LSP using this template to be torn down and re-signaled.
When a router with a router ID that matches a prefix in the prefix list appears in the TE database, it is a trigger to signal the LSP. The signaled LSP is installed in the Tunnel Table Manager (TTM) and is available to applications such as LDP-over-RSVP, resolution of BGP label routes, resolution of BGP, IGP, and static routes. It is, however, not available for use as a provisioned SDP for explicit binding or auto-binding by services.
Except for the MBB limitations to the configuration parameter change in the LSP template, MBB procedures for manual and timer based re-signaling of the LSP, for TE Graceful Shutdown and for soft preemption are supported.
The one-to-one option under fast-reroute, the LSP Diff-Serv class-type and backup-class-type parameters are not supported. If diffserv-te is enabled under RSVP, the auto-created LSP is still signaled but with the default LSP class type.
If the one-hop option is specified instead of a prefix list, this command enables the automatic signaling of one-hop point-to-point LSPs using the specified template to all directly connected neighbors. This LSP type is referred to as auto-LSP of type one-hop. Although the provisioning model and CLI syntax differ from that of a mesh LSP only by the absence of a prefix list, the actual behavior is quite different. When this command is executed, the TE database keeps track of each TE link that comes up to a directly connected IGP neighbor whose router ID is discovered. It then instructs MPLS to signals an LSP with a destination address matching the router ID of the neighbor and with a strict hop consisting of the address of the interface used by the TE link. Thus, the auto-lsp command with the one-hop option results in one or more LSPs signaled to the neighboring router.
An auto-created mesh or one-hop LSP can collect egress statistics at the ingress LER by adding the egress-statistics node configuration into the LSP template. The user can also collect ingress statistics at the egress LER by using the same ingress-statistics node configuration. The user must specify the full LSP name as signaled by the ingress LER in the RSVP session name field of the Session Attribute object in the received Path message.
This feature also provides for the auto-creation of an SR-TE mesh LSP and for an SR-TE one-hop LSP.
The SR-TE mesh LSP feature specifically binds a mesh-p2p-srte LSP template with one or more prefix lists. When the TE database discovers a router that has a router ID matching an entry in the prefix list, it triggers MPLS to instantiate an SR-TE LSP to that router using the LSP parameters in the LSP template.
The SR-TE one-hop LSP feature specifically activates a one-hop-p2p-srte LSP template. In this case, the TE database keeps track of each TE link that comes up to a directly connected IGP neighbor. It then instructs MPLS to instantiate a SR-TE LSP with the following parameters:
-
the source address of the local router
-
an outgoing interface matching the interface index of the TE-link
-
a destination address matching the router ID of the neighbor on the TE link
In both types of SR-TE auto-LSP, the router’s hop-to-label translation computes the label stack required to instantiate the LSP.
An SR-TE auto-LSP can be reported to a PCE but cannot be delegated or have its paths computed by PCE.
The no form of this command deletes all LSPs signaled using the specified template and prefix policy. When the one-hop option is used, it deletes all one-hop LSPs signaled using the specified template to all directly-connected neighbors.
Parameters
- lsp-template template-name
-
Specifies an LSP template name, up to 32 characters in length.
- policy peer-prefix-policy
-
Specifies an peer prefix policy name, up to 32 characters in length.
- one-hop
-
Enables the automatic signaling of one-hop point-to-point LSPs.
Platforms
All
auto-mep-discovery
auto-mep-discovery
Syntax
[no] auto-mep-discovery
Context
[Tree] (config>eth-cfm>domain>assoc auto-mep-discovery)
Full Context
configure eth-cfm domain association auto-mep-discovery
Description
This command enables the ability to auto-discover remote MEPs from a peer MEP sending ETH-CC.
The no form of this command disables the ability to auto-discover remote MEPs from a peer MEP sending ETH-CC.
Default
no auto-mep-discovery
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
auto-reply
auto-reply
Syntax
[no] auto-reply
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6 auto-reply)
[Tree] (config>service>ies>sub-if>grp-if>ipv6 auto-reply)
Full Context
configure service vprn subscriber-interface group-interface ipv6 auto-reply
configure service ies subscriber-interface group-interface ipv6 auto-reply
Description
This command assists IP-only static hosts to resolve their default gateway and MAC. By default, the BNG anti-spoof filter drops packets from unknown hosts. The auto-reply features first allow hosts to resolve their default gateway and afterwards allow them to forward traffic. Using the data traffic, the BNG can utilize the data-trigger mechanism to learn the host’s MAC and populate the full IP+MAC static host entry.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auto-rp
auto-rp
Syntax
auto-rp [detail]
no auto-rp
Context
[Tree] (debug>router>pim auto-rp)
Full Context
debug router pim auto-rp
Description
This command enables debugging for PIM auto-RP.
The no form of this command disables PIM auto-RP debugging.
Parameters
- detail
-
Debugs detailed information on the PIM auto-RP mechanism.
Platforms
All
auto-rp-discovery
auto-rp-discovery
Syntax
auto-rp-discovery [candidate] [mapping-agent]
no auto-rp-discovery
Context
[Tree] (config>service>vprn>pim>rp auto-rp-discovery)
Full Context
configure service vprn pim rp auto-rp-discovery
Description
This command enables the auto-RP protocol in discovery mode. In discovery mode, RP-mapping and RP-candidate messages are received and forwarded to downstream nodes. RP-mapping messages are received locally to learn the availability of RP nodes present in the network. In a VPRN configuration, Nokia recommends that a local loopback interface should be created with the same IP address as the system IP address.
The following configuration guidelines apply.
-
Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together.
-
bsr-candidate for IPv6 and auto-rp-discovery for IPv4 can be enabled together.
-
auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.
This command also enables the auto-RP listener functionality. The auto-RP listener forwards the candidate 224.0.1.39 and mapping 224.0.1.40 messages over the PIM interfaces.
The no form of this command disables auto-RP discovery, auto-RP listener, candidate, and mapping-agent.
Default
no auto-rp-discovery
Parameters
- candidate
-
Specifies that the RP is a candidate RP. The auto-RP C-RP announces the candidate RP messages on the 224.0.1.39 multicast address. This functionality is in addition to the listener functionality enabled by the auto RP discovery.
The default value is no candidate.
- mapping agent
-
Specifies the mapping agent on the node. The auto-RP MA observes the auto-rp-announcement messages, selects the RP, and generates the RP discovery 224.0.1.40 messages. This functionality is in addition to the auto RP discovery functionality.
The default value is no mapping-agent.
Platforms
All
auto-rp-discovery
Syntax
auto-rp-discovery [candidate] [mapping-agent]
no auto-rp-discovery
Context
[Tree] (config>router>pim>rp auto-rp-discovery)
Full Context
configure router pim rp auto-rp-discovery
Description
This command enables the auto-RP protocol in discovery mode. In discovery mode, RP-mapping and RP candidate messages are received and forwarded to downstream nodes. RP-mapping messages are received locally to learn the availability of RP nodes present in the network.
The following configuration guidelines apply.
-
Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together.
-
bsr-candidate for IPv6 and auto-rp-discovery for IPv4 can be enabled together.
This command also enables the auto-RP listener functionality. The auto-RP listener forwards the candidate 224.0.1.39 and mapping 224.0.1.40 messages over the PIM interfaces.
The no form of this command disables auto-RP discovery, auto-RP listener, candidate, and mapping-agent.
Default
no auto-rp-discovery
Parameters
- candidate
-
Specifies that the RP is a candidate RP. The auto-RP C-RP announces the candidate RP messages on the 224.0.1.39 multicast address. This functionality is in addition to the listener functionality enabled by the auto RP discovery.
The default value is no candidate.
- mapping agent
-
Specifies the mapping agent on the node. The auto-RP MA observes the auto-rp-announcement messages, selects the RP, and generates the RP discovery 224.0.1.40 messages. This functionality is in addition to the auto RP discovery functionality.
The default value is no mapping-agent.
Platforms
All
auto-rx
auto-rx
Syntax
auto-rx
Context
[Tree] (config>router>ldp>targeted-session auto-rx)
Full Context
configure router ldp targeted-session auto-rx
Description
Commands in this context configure an automatic targeted LDP session and accept targeted Hello messages from any peer.
Platforms
All
auto-srrp-id-range
auto-srrp-id-range
Syntax
auto-srrp-id-range start start-id end end-id
no auto-srrp-id-range
Context
[Tree] (config>redundancy>srrp auto-srrp-id-range)
Full Context
configure redundancy srrp auto-srrp-id-range
Description
This command reserves IDs for internal SRRP objects created for inter-UPF resiliency. Manually provisioned SRRP instances cannot use these reserved IDs.
The no form of this command removes the reservation of IDs.
Parameters
- start-id
-
Specifies the lower bound of the ID range.
- end-id
-
Specifies the upper bound of the ID range.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auto-sub-id-key
auto-sub-id-key
Syntax
auto-sub-id-key
Context
[Tree] (config>subscr-mgmt auto-sub-id-key)
Full Context
configure subscriber-mgmt auto-sub-id-key
Description
Commands in this context configure auto-generated subscriber identification key parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
auto-tx
auto-tx
Syntax
auto-tx
Context
[Tree] (config>router>ldp>targeted-session auto-tx)
Full Context
configure router ldp targeted-session auto-tx
Description
Commands in this context configure an automatic targeted LDP session and send targeted Hello messages towards PQ nodes determined by the rLFA algorithm.
Platforms
All
autoconfigure
autoconfigure
Syntax
autoconfigure
Context
[Tree] (bof autoconfigure)
Full Context
bof autoconfigure
Description
Commands in this context autoconfigure the IP address for the BOF. The IPv4 DHCP client, IPv6 DHCP client, and NDP/RA can be configured on the management interface.
Default
no autoconfigure
Platforms
7450 ESS-7, 7750 SR-1, 7750 SR-7, 7750 SR-1e, 7750 SR-2e, 7750 SR-s
autonegotiate
autonegotiate
Syntax
autonegotiate [limited]
no autonegotiate
Context
[Tree] (config>port>ethernet autonegotiate)
Full Context
configure port ethernet autonegotiate
Description
This command enables speed and duplex autonegotiation on Fast Ethernet ports and enables far-end fault indicator support on Gb ports.
There are three possible settings for autonegotiation:
-
"on” or enabled with full port capabilities advertised
-
"off” or disabled where there are no autonegotiation advertisements
-
"limited” where a single speed/duplex is advertised.
When autonegotiation is enabled on a port, the link attempts to automatically negotiate the link speed and duplex parameters. If autonegotiation is enabled, the configured duplex and speed parameters are ignored.
When autonegotiation is disabled on a port, the port does not attempt to autonegotiate and will only operate at the speed and duplex settings configured for the port. Note that disabling autonegotiation on Gb ports is not allowed as the IEEE 802.3 specification for Gb Ethernet requires autonegotiation be enabled for far end fault indication.
If the autonegotiate limited keyword option is specified the port will auto-negotiate but will only advertise a specific speed and duplex. The speed and duplex advertised are the speed and duplex settings configured for the port. One use for limited mode is for multi-speed Gb ports to force Gb operation while keeping autonegotiation enabled for compliance with IEEE 802.3.
Router requires that autonegotiation be disabled or limited for ports in a Link Aggregation Group to guarantee a specific port speed.
The no form of this command disables autonegotiation on this port.
Default
autonegotiate
Parameters
- limited
-
The Ethernet interface will automatically negotiate link parameters with the far end, but will only advertise the speed and duplex mode specified by the Ethernet config>port>ethernet speed and config>port>ethernet duplex commands.
Platforms
All
autonegotiate
Syntax
[no] autonegotiate
Context
[Tree] (bof autonegotiate)
Full Context
bof autonegotiate
Description
This command enables speed and duplex autonegotiation on the management Ethernet port in the running configuration and the Boot Option File (BOF).
When autonegotiation is enabled, the link attempts to automatically negotiate the link speed and duplex parameters. If autonegotiation is enabled, then the configured duplex and speed parameters are ignored.
The no form of this command disables the autonegotiate feature on this port.
Platforms
All
autonomous
autonomous
Syntax
[no] autonomous
Context
[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv>pfx-op autonomous)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt autonomous)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv>pfx-opt autonomous)
[Tree] (config>service>ies>sub-if>ipv6>rtr-adv>pfx-opt autonomous)
Full Context
configure service vprn subscriber-interface ipv6 rtr-adv pfx-op autonomous
configure service ies subscriber-interface group-interface ipv6 router-advertisements prefix-options autonomous
configure service vprn subscriber-interface group-interface ipv6 router-advertisements prefix-options autonomous
configure service ies subscriber-interface ipv6 router-advertisements prefix-options autonomous
Description
This command enables the option that determines whether or not the prefix can be used for stateless address autoconfiguration.
The no form of this command disables the option.
Default
no autonomous
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
autonomous
Syntax
[no] autonomous
Context
[Tree] (config>service>vprn>router-advert>if>prefix autonomous)
Full Context
configure service vprn router-advertisement interface prefix autonomous
Description
This command specifies whether the prefix can be used for stateless address autoconfiguration.
Default
autonomous
Platforms
All
autonomous
Syntax
[no] autonomous
Context
[Tree] (config>router>router-advert>if>prefix autonomous)
Full Context
configure router router-advertisement interface prefix autonomous
Description
This command specifies whether the prefix can be used for stateless address autoconfiguration.
Default
autonomous
Platforms
All
autonomous-system
autonomous-system
Syntax
autonomous-system as-number
no autonomous-system
Context
[Tree] (config>service>vprn autonomous-system)
Full Context
configure service vprn autonomous-system
Description
This command defines the autonomous system (AS) to be used by this VPN routing/forwarding (VRF). This command defines the autonomous system to be used by this VPN routing
The no form of this command removes the defined AS from this VPRN context.
Default
no autonomous-system
Parameters
- as-number
-
Specifies the AS number for the VPRN service.
Platforms
All
autonomous-system
Syntax
autonomous-system autonomous-system
no autonomous-system
Context
[Tree] (config>router autonomous-system)
Full Context
configure router autonomous-system
Description
This command configures the autonomous system (AS) number for the router. A router can only belong to one AS. An AS number is a globally unique number with an AS. This number is used to exchange exterior routing information with neighboring ASs and as an identifier of the AS itself.
If the AS number is changed on a router with an active BGP instance, the new AS number is not used until the BGP instance is restarted either by administratively disabling/enabling (shutdown/no shutdown) the BGP instance or rebooting the system with the new configuration.
Default
no autonomous-system
Parameters
- autonomous-system
-
Specifies the autonomous system number expressed as a decimal integer.
Platforms
All
autonomous-system-type
autonomous-system-type
Syntax
autonomous-system-type {origin | peer}
Context
[Tree] (config>cflowd>collector autonomous-system-type)
Full Context
configure cflowd collector autonomous-system-type
Description
This command defines whether the autonomous system (AS) information included in the flow data is based on the originating AS or external peer AS of the routes.
This option is only allowed if the collector is configured as Version 5 or Version 8.
Default
autonomous-system-type origin
Parameters
- origin
-
Specifies that the AS information included in the flow data is based on the originating AS.
- peer
-
Specifies that the AS information included in the flow data is based on the peer AS.
Platforms
All
aux-channel-enable
aux-channel-enable
Syntax
[no] aux-channel-enable
Context
[Tree] (config>open-flow>of-switch aux-channel-enable)
Full Context
configure open-flow of-switch aux-channel-enable
Description
This command enables auxiliary connections for the given H-OFS instance. If enabled, the H-OFS switch sets up a statistics auxiliary channel (Auxiliary ID 1) and a packet-in auxiliary channel (Auxiliary ID 2) for the main connection to every configured OpenFlow controller.
The no form of this command disables auxiliary connections.
Default
no aux-channel-enable
Platforms
All
aux-stats
aux-stats
Syntax
[no] aux-stats sr
Context
[Tree] (config>router>mpls aux-stats)
Full Context
configure router mpls aux-stats
Description
This command enables and configures counters for the specified labeled traffic type in an auxiliary MPLS statistics table. The sr keyword indicates to the system to increment packet and octet counters of that table for any type of Segment Routing traffic (SR-OSPF, SR-ISIS, SR-TE, and so on). This command cannot be used in specific system configurations. This command does not impact the overall counting of MPLS packets and octets shown, for example, by the show router mpls interface [ip-int-name | ip-address] statistics command.
The no form of this command disables the counters of the auxiliary MPLS statistics table. The no form of this command cannot be used if dark bandwidth accounting is enabled (config>router>rsvp>dbw-accounting).
Default
aux-stats sr
Parameters
- sr
-
Specifies the type of traffic to count in the auxiliary MPLS statistics table. Refers to any type of Segment Routing traffic (SR-OSPF, SR-ISIS, SR-TE, and so on).
Platforms
7750 SR, 7750 SR-s, 7950 XRS, VSR
availability
availability
Syntax
availability
Context
[Tree] (config>oam-pm>session>ethernet>lmm availability)
Full Context
configure oam-pm session ethernet lmm availability
Description
Commands in this context activate, collect, and record availability statistics for LMM tests. These computations are not enabled by default. In order to modify parameters within a session, including these availability parameters, the LMM test must be shut down.
Platforms
All
avg-flr-event
avg-flr-event
Syntax
avg-flr-event {forward | backward} threshold raise-threshold-percentage [clear clear-threshold-percentage]
no avg-flr-event {forward | backward}
Context
[Tree] (config>oam-pm>session>ethernet>slm>loss-events avg-flr-event)
[Tree] (config>oam-pm>session>ethernet>lmm>loss-events avg-flr-event)
[Tree] (config>oam-pm>session>ip>twamp-light>loss-events avg-flr-event)
Full Context
configure oam-pm session ethernet slm loss-events avg-flr-event
configure oam-pm session ethernet lmm loss-events avg-flr-event
configure oam-pm session ip twamp-light loss-events avg-flr-event
Description
This command sets the frame loss ratio threshold configuration to be applied and checked at the end of the measurement interval for the specified direction. This is a percentage based on average frame loss ratio over the entire measurement interval. If the clear-threshold-percent value is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and without regard to any previous window. Each unique event can only be raised once within measurement interval. If the optional clear-threshold-percent value is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is not raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.
The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.
Default
no avg-flr-event forward
no avg-flr-event backward
Parameters
- forward
-
Specifies the threshold is applied to the forward direction value.
- backward
-
Specifies the threshold is applied to the backward direction value.
- raise-threshold-percentage
-
Specifies the rising percentage that determines when the event is to be generated.
- clear-threshold-percentage
-
Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.
Platforms
All
- configure oam-pm session ethernet lmm loss-events avg-flr-event
- configure oam-pm session ethernet slm loss-events avg-flr-event
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure oam-pm session ip twamp-light loss-events avg-flr-event
avg-frame-overhead
avg-frame-overhead
Syntax
avg-frame-overhead percent
no avg-frame-overhead
Context
[Tree] (config>subscr-mgmt>sla-prof>egress>qos>queue avg-frame-overhead)
Full Context
configure subscriber-mgmt sla-profile egress qos queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a SONET or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
-
Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queues current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.
For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame encapsulation overhead would be 50 x 20 or 1000 octets.
-
Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queues offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead is the same as the packet to frame factor making this calculation unnecessary.
-
Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queues configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
-
Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).
As a special case, when a policer, queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.
-
Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
-
Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.
Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to determine the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.
SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command reverts to the default. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
avg-frame-overhead 0
Parameters
- percent
-
Specifies the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
avg-frame-overhead
Syntax
avg-frame-overhead percent
no avg-frame-overhead
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>egress>queue-override>queue avg-frame-overhead)
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue avg-frame-overhead)
[Tree] (config>service>ies>if>sap>egress>queue-override>queue avg-frame-overhead)
[Tree] (config>service>vpls>sap>ingress>queue-override>queue avg-frame-overhead)
Full Context
configure service ies subscriber-interface group-interface sap egress queue-override queue avg-frame-overhead
configure service ies interface sap ingress queue-override queue avg-frame-overhead
configure service ies interface sap egress queue-override queue avg-frame-overhead
configure service vpls sap ingress queue-override queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue expands during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-Load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet-based offered-load.
-
Frame-encapsulation overhead — Using the avg-frame-overhead parameter, the frame-encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10,000 octets and the avg-frame-overhead equals 10%, the frame-encapsulation overhead would be 10,000 x 0.1 or 1,000 octets.
For egress Ethernet queues, the frame-encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame-encapsulation overhead would be 50 x 20 or 1,000 octets.
-
Frame-based offered-load — The frame-based offered-load is calculated by adding the offered-load to the frame-encapsulation overhead. If the offered-load is 10,000 octets and the encapsulation overhead was 1,000 octets, the frame-based offered-load would equal 11,000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame-encapsulation overhead by the queue’s offered-load (packet-based). If the frame-encapsulation overhead is 1,000 octets and the offered-load is 10,000 octets then the packet to frame factor would be 1,000 / 10,000 or 0.1. When in use, the avg-frame-overhead is the same as the packet to frame factor making this calculation unnecessary.
-
Frame-based CIR — The frame-based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR, then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame-based CIR would be 500 x 1.1 or 550 octets.
-
Frame-based within-CIR offered-load — The frame-based within-CIR offered-load is the portion of the frame-based offered-load considered to be within the frame-based CIR. The frame-based within-CIR offered-load is the lesser of the frame-based offered-load and the frame-based CIR. If the frame-based offered-load equaled 11000 octets and the frame-based CIR equaled 550 octets, the frame-based within-CIR offered-load would be limited to 550 octets. If the frame-based offered-load equaled 450 octets and the frame-based CIR equaled 550 octets, the frame-based within-CIR offered-load would equal 450 octets (or the entire frame-based offered-load).
As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame-based within-CIR offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-CIR pass.
-
Frame-based PIR — The frame-based PIR is calculated by multiplying the packet to frame factor with the queue’s-configured PIR, then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame-based PIR would be 7,500 x 1.1 or 8,250 octets.
-
Frame-based within-pir offered-load — The frame-based within-pir offered-load is the portion of the frame-based offered-load considered to be within the frame-based PIR. The frame-based within-pir offered-load is the lesser of the frame-based offered-load and the frame-based PIR. If the frame-based offered-load equaled 11,000 octets and the frame-based PIR equaled 8250 octets, the frame-based within-pir offered-load would be limited to 8,250 octets. If the frame-based offered-load equaled 7,000 octets and the frame-based PIR equaled 8,250 octets, the frame-based within-pir offered load would equal 7,000 octets.
Port Scheduler Operation Using Frame Transformed Rates — The port scheduler uses the frame-based rates to figure the maximum rates that each queue may receive during the within-CIR and above-CIR bandwidth allocation passes. During the within-CIR pass, a queue may receive up to its frame-based within-CIR offered-load. The maximum it may receive during the above-CIR pass is the difference between the frame-based within-pir offered load and the amount of actual bandwidth allocated during the within-CIR pass.
SAP and Subscriber SLA-Profile Average Frame Overhead Override — The average frame overhead parameter on a sap-egress may be overridden on an individual egress queue basis; on each SAP and within the sla-profile policy used by subscribers. An avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance uses its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet-based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
avg-frame-overhead 0
Parameters
- percent
-
Sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues. This parameter only applies to the 7450 ESS and 7750 SR.
Platforms
All
avg-frame-overhead
Syntax
avg-frame-overhead percent
no avg-frame-overhead
Context
[Tree] (config>service>vpls>sap>egress>queue-override>queue avg-frame-overhead)
Full Context
configure service vpls sap egress queue-override queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a SONET or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
-
Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.
For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame encapsulation overhead would be 50 x 20 or 1000 octets.
-
Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queue’s offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
-
Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
-
Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).
As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.
-
Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
-
Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.
Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to calculate the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.
SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
avg-frame-overhead 0
Parameters
- percent
-
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Platforms
All
avg-frame-overhead
Syntax
avg-frame-overhead percentage
no avg-frame-overhead
Context
[Tree] (config>service>cpipe>sap>egress>queue-override>queue avg-frame-overhead)
[Tree] (config>service>epipe>sap>egress>queue-override>queue avg-frame-overhead)
[Tree] (config>service>ipipe>sap>egress>queue-override>queue avg-frame-overhead)
Full Context
configure service cpipe sap egress queue-override queue avg-frame-overhead
configure service epipe sap egress queue-override queue avg-frame-overhead
configure service ipipe sap egress queue-override queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a SONET or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
-
Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.
For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets, then the frame encapsulation overhead would be 50 x 20 or 1000 octets.
-
Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queue’s offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets, then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
-
Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
-
Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).
As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.
-
Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
-
Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.
Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to figure the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.
On the 7450 ESS and 7750 SR, SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
avg-frame-overhead 0
Parameters
- percent
-
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap egress queue-override queue avg-frame-overhead
All
- configure service epipe sap egress queue-override queue avg-frame-overhead
- configure service ipipe sap egress queue-override queue avg-frame-overhead
avg-frame-overhead
Syntax
avg-frame-overhead percent
no avg-frame-overhead
Context
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue avg-frame-overhead)
Full Context
configure service vprn interface sap egress queue-override queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
-
Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.
For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame encapsulation overhead would be 50 x 20 or 1000 octets.
-
Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queue’s offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
-
Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
-
Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).
As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.
-
Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
-
Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.
Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to determine the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.
SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
0
Parameters
- percent
-
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Platforms
All
avg-frame-overhead
Syntax
avg-frame-overhead percent
no avg-frame-overhead
Context
[Tree] (config>qos>sap-egress>queue avg-frame-overhead)
Full Context
configure qos sap-egress queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-Load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet-based offered-load.
-
Frame-encapsulation overhead — Using the avg-frame-overhead parameter, the frame-encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10,000 octets and the avg-frame-overhead equals 10%, the frame-encapsulation overhead would be 10,000 x 0.1 or 1,000 octets.
For egress Ethernet queues, the frame-encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets, then the frame-encapsulation overhead would be 50 x 20 or 1,000 octets.
-
Frame-based offered-load — The frame-based offered-load is calculated by adding the offered-load to the frame-encapsulation overhead. If the offered-load is 10,000 octets and the encapsulation overhead was 1,000 octets, the frame-based offered-load would equal 11,000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame-encapsulation overhead by the queue’s offered-load (packet-based). If the frame-encapsulation overhead is 1,000 octets and the offered-load is 10,000 octets, then the packet to frame factor would be 1,000 / 10,000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
-
Frame-based CIR — The frame-based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR, then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame-based CIR would be 500 x 1.1 or 550 octets.
-
Frame-based within-CIR offered-load — The frame-based within-CIR offered-load is the portion of the frame-based offered-load considered to be within the frame-based CIR. The frame-based within-CIR offered-load is the lesser of the frame-based offered-load and the frame-based CIR. If the frame-based offered-load equaled 11000 octets and the frame-based CIR equaled 550 octets, the frame-based within-CIR offered-load would be limited to 550 octets. If the frame-based offered-load equaled 450 octets and the frame-based CIR equaled 550 octets, the frame-based within-CIR offered-load would equal 450 octets (or the entire frame-based offered-load).
As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame-based within-CIR offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-CIR pass.
-
Frame-based PIR — The frame-based PIR is calculated by multiplying the packet to frame factor with the queue’s-configured PIR, then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame-based PIR would be 7,500 x 1.1 or 8,250 octets.
-
Frame-based within-pir offered-load — The frame-based within-pir offered-load is the portion of the frame-based offered-load considered to be within the frame-based PIR. The frame-based within-pir offered-load is the lesser of the frame-based offered-load and the frame-based PIR. If the frame-based offered-load equaled 11,000 octets and the frame-based PIR equaled 8250 octets, the frame-based within-pir offered-load would be limited to 8,250 octets. If the frame-based offered-load equaled 7,000 octets and the frame-based PIR equaled 8,250 octets, the frame-based within-pir offered load would equal 7,000 octets.
Port Scheduler Operation Using Frame Transformed Rates — The port scheduler uses the frame-based rates to figure the maximum rates that each queue may receive during the within-CIR and above-CIR bandwidth allocation passes. During the within-CIR pass, a queue may receive up to its frame-based within-CIR offered-load. The maximum it may receive during the above-CIR pass is the difference between the frame-based within-pir offered load and the amount of actual bandwidth allocated during the within-CIR pass.
SAP and Subscriber SLA-Profile Average Frame Overhead Override — The average frame overhead parameter on a sap-egress may be overridden on an individual egress queue basis; on each SAP and within the sla-profile policy used by subscribers. An avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet-based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
no avg-frame-overhead
Parameters
- percent
-
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues. This parameter only applies to the 7450 ESS and 7750 SR.
Platforms
All
avg-frame-overhead
Syntax
avg-frame-overhead percent
no avg-frame-overhead
Context
[Tree] (config>qos>network-queue>queue avg-frame-overhead)
Full Context
configure qos network-queue queue avg-frame-overhead
Description
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a SONET or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
-
Offered-Load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet-based offered-load.
-
Frame-encapsulation overhead — Using the avg-frame-overhead parameter, the frame-encapsulation overhead is the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10 000 octets and the avg-frame-overhead equals 10%, the frame-encapsulation overhead would be 10 000 x 0.1 or 1000 octets.
For egress Ethernet queues, the frame-encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets, the frame-encapsulation overhead would be 50 x 20 or 1000 octets.
-
Frame-based offered-load — The frame-based offered-load is calculated by adding the offered-load to the frame-encapsulation overhead. If the offered-load is 10,000 octets and the encapsulation overhead was 1000 octets, the frame-based offered-load would equal 11 000 octets.
-
Packet to frame factor — The packet to frame factor is calculated by dividing the frame-encapsulation overhead by the queue’s offered-load (packet-based). If the frame-encapsulation overhead is 1000 octets and the offered-load is 10 000 octets, then the packet to frame factor would be 1000 / 10 000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor, making this calculation unnecessary.
-
Frame-based CIR — The frame-based CIR is calculated by multiplying the packet to frame factor with the queue’s-configured CIR, then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame-based CIR would be 500 x 1.1 or 550 octets.
-
Frame-based within-CIR offered-load — The frame-based within-CIR offered-load is the portion of the frame-based offered-load considered to be within the frame-based CIR. The frame-based within-CIR offered-load is the lesser of the frame-based offered-load and the frame-based CIR. If the frame-based offered-load equaled 11 000 octets and the frame-based CIR equaled 550 octets, the frame-based within-CIR offered-load would be limited to 550 octets. If the frame-based offered-load equaled 450 octets and the frame-based CIR equaled 550 octets, the frame-based within-CIR offered-load would equal 450 octets (or the entire frame-based offered-load).
As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame-based within-CIR offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-CIR pass.
-
Frame-based PIR — The frame-based PIR is calculated by multiplying the packet to frame factor with the queue’s-configured PIR, then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame-based PIR would be 7500 x 1.1 or 8250 octets.
-
Frame-based within-pir offered-load — The frame-based within-pir offered-load is the portion of the frame-based offered-load considered to be within the frame-based PIR. The frame-based within-pir offered-load is the lesser of the frame-based offered-load and the frame-based PIR. If the frame-based offered-load equaled 11,000 octets and the frame-based PIR equaled 8250 octets, the frame-based within-pir offered-load would be limited to 8,250 octets. If the frame-based offered-load equaled 7,000 octets and the frame-based PIR equaled 8,250 octets, the frame-based within-pir offered load would equal 7,000 octets.
Port Scheduler Operation Using Frame Transformed Rates — The port scheduler uses the frame-based rates to figure the maximum rates that each queue may receive during the within-CIR and above-CIR bandwidth allocation passes. During the within-CIR pass, a queue may receive up to its frame-based within-CIR offered load. The maximum it may receive during the above-CIR pass is the difference between the frame-based within-PIR offered load and the amount of actual bandwidth allocated during the within-CIR pass.
SAP and Subscriber SLA-Profile Average Frame Overhead Override (applies only to the 7450 ESS and 7750 SR) — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers, an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress-defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0%. When set to 0, the system uses the packet-based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
Default
no avg-frame-overhead
Parameters
- percent
-
This parameter sets the average number of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Platforms
All
avp-hiding
avp-hiding
Syntax
avp-hiding {sensitive | always}
no avp-hiding
Context
[Tree] (config>service>vprn>l2tp avp-hiding)
[Tree] (config>router>l2tp avp-hiding)
Full Context
configure service vprn l2tp avp-hiding
configure router l2tp avp-hiding
Description
This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP.
The no form of this command reverts to the default value.
Default
no avp-hiding
Parameters
- sensitive
-
AVP hiding is used only for sensitive information (such as username/password).
- always
-
AVP hiding is always used.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
avp-hiding
Syntax
avp-hiding {sensitive | always}
no avp-hiding
Context
[Tree] (config>service>vprn>l2tp>group avp-hiding)
Full Context
configure service vprn l2tp group avp-hiding
Description
This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP.
The no form of this command returns the value to never allow AVP hiding.
Default
no avp-hiding
Parameters
- avp-hiding
-
Specifies the method to be used for the authentication of the tunnels in this L2TP group.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
avp-hiding
Syntax
avp-hiding {never | sensitive | always}
no avp-hiding
Context
[Tree] (config>service>vprn>l2tp>group>tunnel avp-hiding)
Full Context
configure service vprn l2tp group tunnel avp-hiding
Description
This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP.
Nokia recommends that sensitive information not be sent in cleartext.
The no form of this command removes the parameter of the configuration and indicates that the value on group level will be taken.
Default
no avp-hiding
Parameters
- avp-hiding
-
Specifies the method to be used for the authentication of the tunnel.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR