c Commands

c-mcast-signaling

c-mcast-signaling

Syntax

c-mcast-signaling {bgp | pim}

no c-mcast-signaling

Context

[Tree] (config>service>vprn>mvpn c-mcast-signaling)

Full Context

configure service vprn mvpn c-mcast-signaling

Description

This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.

Changes may only be made to this command when the mvpn node is shutdown.

The no form of this command reverts it back to the default.

Default

c-mcast-signaling bgp

Parameters

bgp

Specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.

pim

Specifies to use PIM for PE-to-PE signaling of CE multicast states.

Platforms

All

ca-name

ca-name

Syntax

ca-name ca-name

no ca-name

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port ca-name)

Full Context

configure port ethernet dot1x macsec sub-port ca-name

Description

This command configures the Connectivity Association (CA) linked to this MACsec sub-port. The specified CA provides the MACsec parameter to be used or negotiated with other peers.

The no form of this command removes the CA from the MACsec sub-port.

Parameters

ca-name

Specifies the appropriate ca to be used under this MACsec sub-port, up to 32 characters.

Platforms

All

ca-profile

ca-profile

Syntax

[no] ca-profile name

Context

[Tree] (config>ipsec>cert-profile>entry>send-chain ca-profile)

Full Context

configure ipsec cert-profile entry send-chain ca-profile

Description

This command specifies a CA certificate in the specified ca-profile to be sent to the peer.

Multiple configurations (up to seven) of this command are allowed in the same entry.

Parameters

name

Specifies the profile name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ca-profile

Syntax

ca-profile name [create]

no ca-profile name

Context

[Tree] (config>system>security>pki ca-profile)

Full Context

configure system security pki ca-profile

Description

This command creates a new ca-profile or enters the configuration context of an existing ca-profile. Up to 128 ca-profiles can be created in the system. A shutdown of the ca-profile will not affect the current up and running ipsec-tunnel or ipsec-gw that is associated with the ca-profile. However, authentication afterwards will fail with a shutdown ca-profile.

Executing a no shutdown command in this context causes the system to reload the configured cert-file and crl-file.

A ca-profile can be applied under the ipsec-tunnel or ipsec-gw configuration.

The no form of this command removes the name parameter from the configuration. A ca-profile cannot be removed until all the associated entities (ipsec-tunnel/gw) have been removed.

Parameters

name

Specifies the name of the ca-profile up to 32 characters.

create

Keyword used to create a new ca-profile. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

ca-profile

Syntax

[no] ca-profile profile-name

Context

[Tree] (debug>certificate>cmpv2 ca-profile)

[Tree] (debug>certificate>ocsp ca-profile)

[Tree] (debug>certificate>auto-crl-update ca-profile)

Full Context

debug certificate cmpv2 ca-profile

debug certificate ocsp ca-profile

debug certificate auto-crl-update ca-profile

Description

This command debugs output of the specified CA profile.

  • Protection method of each message is logged.

  • All HTTP messages are logged. Format allows offline analysis using Wireshark.

  • In the event of failed transactions, saved certificates are not deleted from file system for further debug and analysis.

  • The system allows CMPv2 debugging for multiple ca-profile at the same time.

Parameters

profile-name

Specifies the name of the CA profile, up to 32 characters.

Platforms

All

ca-profile

Syntax

[no] ca-profile name

Context

[Tree] (config>system>security>tls>cert-profile>entry>send-chain ca-profile)

Full Context

configure system security tls cert-profile entry send-chain ca-profile

Description

This command enables a certificate authority (CA) certificate in the specified CA profile to be sent to the peer. Up to seven configurations of this command are permitted in the same entry.

The no form of the command disables the transmission of a CA certificate from the specified CA profile.

Parameters

name

Specifies the name of the certificate authority profile, up to 32 characters in length.

Platforms

All

cacert

cacert

Syntax

cacert est-profile name output output-cert-filename [force]

Context

[Tree] (admin>certificate>est cacert)

Full Context

admin certificate est cacert

Description

This command downloads a Certificate Authority (CA) certificate from an EST server specified by the EST profile. The downloaded certificate is imported and saved with the filename specified by the output-cert-filename.

Parameters

name

Specifies the EST profile name, up to 32 characters

output-cert-filename

Specifies the filename of the resulting CA certificate, up to 200 characters

force

Overwrites the existing file with same filename

Platforms

All

cache

cache

Syntax

cache [create]

no cache

Context

[Tree] (config>python>py-policy cache)

Full Context

configure python python-policy cache

Description

Commands in this context configure the limits of the caching API inside the Python scripts.

The no form of this command removes the configured cache parameters from the configuration.

Parameters

create

This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

All

cache

Syntax

cache

Context

[Tree] (config>service>vprn>radius-proxy>server cache)

[Tree] (config>router>radius-proxy>server cache)

Full Context

configure service vprn radius-proxy server cache

configure router radius-proxy server cache

Description

Commands in this context configure the cache under radius-proxy server. The cache contains per-subscriber authentication information learned from RADIUS authentication messages, and is used to authorize subsequent DHCP requests.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cache-reset

cache-reset

Syntax

[no] cache-reset

Context

[Tree] (debug>router>rpki-session>packet cache-reset)

Full Context

debug router rpki-session packet cache-reset

Description

This command enables debugging for cache reset RPKI packets.

The no form of this command disables debugging for cache reset RPKI packets.

Platforms

All

cache-response

cache-response

Syntax

[no] cache-response

Context

[Tree] (debug>router>rpki-session>packet cache-response)

Full Context

debug router rpki-session packet cache-response

Description

This command enables debugging for cache response RPKI packets.

The no form of this command disables debugging for cache response RPKI packets.

Platforms

All

cache-size

cache-size

Syntax

cache-size num-entries

no cache-size

Context

[Tree] (config>cflowd cache-size)

Full Context

configure cflowd cache-size

Description

This command specifies the maximum number of active flows to maintain in the flow cache table.

The no form of this command resets the number of active entries back to the default value.

Default

cache-size 65536

Parameters

num-entries

Specifies the maximum number of entries maintained in the cflowd cache. The number depends on the CPM version.

Values

For the 7450 ESS and 7750 SR (cfm-xp, SF/CPM3):

1000 to 250000

For the 7450 ESS and 7750 SR (CPM4 or CPM5):

1000 to 1000000

For the 7950 XRS:

1000 to 1500000

Default

For the 7450 ESS and 7750 SR:

65536 (64K)

For the 7950 XRS:

500000

Platforms

All

cak

cak

Syntax

cak hex-string [hash | hash2 | custom]

no cak

Context

[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key cak)

Full Context

configure macsec connectivity-association static-cak pre-shared-key cak

Description

Specifies the connectivity association key (CAK) for a pre-shared key. Two values are derived from CAK.

  • Key Encryption Key (KEK), this is used to encrypt the MKA and SAK (symmetric key used for data path PDUs) to be distributed between all members.

  • Integrity Check Value (ICK), this is used to authenticate the MKA and SAK PDUs to be distributed between all members.

The no form of this command removes the value.

Parameters

hex-string

Specifies the value of the CAK.

Values

up to 64 hexadecimal characters, 32 hexadecimal characters for 128-bit key and 64 hexadecimal characters for 256-bit key

hash

Keyword, specifying the hash scheme.

hash2

Keyword, specifying the hash scheme.

custom

Specifies the custom encryption for management interface.

Platforms

All

calculate-counts

calculate-counts

Syntax

[no] calculate-counts

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query calculate-counts)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query calculate-counts

Description

This command specifies whether or not to count the number of tunnels matching the specified criteria.

Note:

Do not enable this command if the expected number of tunnels is large.

Default

no calculate-counts

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

call-trace

call-trace

Syntax

call-trace

Context

[Tree] (config call-trace)

Full Context

configure call-trace

Description

Commands in this context configure parameters related to the call trace debugging tool.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

call-trace

Syntax

call-trace

Context

[Tree] (debug call-trace)

Full Context

debug call-trace

Description

Commands in this context set up various call trace debug sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute called-station-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute called-station-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute called-station-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute called-station-id

Description

This command includes called station ID attributes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp called-station-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp called-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp called-station-id

configure subscriber-mgmt diameter-application-policy gx include-avp called-station-id

Description

This command includes called station ID attributes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

called-station-id [called-station-id]

no called-station-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>include-avp called-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp called-station-id

Description

This command configures the value of the called station ID AVP.

The no form of this command returns the command to the default setting.

Parameters

called-station-id

Specifies the called station ID, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>ipsec>rad-acct-plcy>include called-station-id)

[Tree] (config>ipsec>rad-auth-plcy>include called-station-id)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute called-station-id

configure ipsec radius-authentication-policy include-radius-attribute called-station-id

Description

This command includes called station ID attributes.

The no form of this command excludes called station ID attributes.

Default

no called-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

called-station-id

Syntax

[no] called-station-id

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes called-station-id)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes called-station-id)

Full Context

configure aaa isa-radius-policy auth-include-attributes called-station-id

configure aaa isa-radius-policy acct-include-attributes called-station-id

Description

This command includes called station id attributes.

The no form of the command excludes called station id attributes.

Default

no called-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

calling-number-format

calling-number-format

Syntax

calling-number-format ascii-spec

no calling-number-format

Context

[Tree] (config>service>vprn>l2tp calling-number-format)

[Tree] (config>router>l2tp calling-number-format)

Full Context

configure service vprn l2tp calling-number-format

configure router l2tp calling-number-format

Description

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Default

calling-number-format "%S %s"

Parameters

ascii-spec

Specifies the L2TP calling number AVP.

Values

char-specification ascii-spec

char-specification

ascii-char | char-origin

ascii-char

a printable ASCII character

char-origin

%origin

origin

S | c | r | s | l

S

system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName

c

Agent Circuit Id

r

Agent Remote Id

s

SAP ID, formatted as a character string

l

Logical Line ID

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

calling-station-id

Syntax

[no] calling-station-id

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute calling-station-id)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

[no] calling-station-id

Context

[Tree] (config>ipsec>rad-auth-plcy>include calling-station-id)

[Tree] (config>ipsec>rad-acct-plcy>include calling-station-id)

Full Context

configure ipsec radius-authentication-policy include-radius-attribute calling-station-id

configure ipsec radius-accounting-policy include-radius-attribute calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

calling-station-id

calling-station-id {llid | mac | remote-id | sap-id | sap-string}

no calling-station-id

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute calling-station-id)

[Tree] (config>service>vpls>sap calling-station-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute calling-station-id)

[Tree] (config>service>vprn>if>sap calling-station-id)

[Tree] (config>service>ies>sub-if>grp-if>sap calling-station-id)

[Tree] (config>service>ies>if>sap calling-station-id)

[Tree] (config>service>vprn>sub-if>grp-if>sap calling-station-id)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute calling-station-id

configure service vpls sap calling-station-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute calling-station-id

configure service vprn interface sap calling-station-id

configure service ies subscriber-interface group-interface sap calling-station-id

configure service ies interface sap calling-station-id

configure service vprn subscriber-interface group-interface sap calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

The no form of this command reverts to the default.

Default

calling-station-id sap-string

Parameters

llid

Specifies that the logical link identifier (LLID) is mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-server.

mac

Specifies that the MAC address is sent.

remote-id

Specifies that the remote ID is sent.

sap-id

Specifies that the SAP ID is sent.

sap-string

Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

calling-station-id [type {llid | mac | remote-id | sap-id | sap-string}]

no calling-station-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp calling-station-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp calling-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp calling-station-id

configure subscriber-mgmt diameter-application-policy nasreq include-avp calling-station-id

Description

This command includes the calling-station-id AVP in the specified format.

The no form of this command reverts to the default.

Parameters

type

Specifies the format of the Calling-Station-ID AVP.

Values

llid — The logical link identifier (LLID) is the mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-serv

mac — Specifies that the MAC address is sent.

remote-id — Specifies that the remote ID is sent

sap-id — Specifies that the sap-id is sent

sap-string — Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

calling-station-id

Syntax

[no] calling-station-id

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes calling-station-id)

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes calling-station-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes calling-station-id

configure aaa isa-radius-policy auth-include-attributes calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cancel-commit

cancel-commit

Syntax

[no] cancel-commit

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization cancel-commit)

Full Context

configure system security profile netconf base-op-authorization cancel-commit

Description

This command enables the NETCONF cancel-commit operation.

The no form of this command disables the operation.

Default

no cancel-commit

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

candidate

candidate

Syntax

candidate

Context

[Tree] ( candidate)

Full Context

candidate

Description

Commands in this context edit candidate configurations.

Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.

Platforms

All

candidate

Syntax

[no] candidate

Context

[Tree] (config>system>netconf>capabilities candidate)

Full Context

configure system netconf capabilities candidate

Description

This command allows the SR OS NETCONF server to access the candidate configuration datastore. Configuring this command also enables using commit and discard-changes.

When configure system management-interface configuration-mode is set to classic, the candidate capability is disabled, even if this command is configured.

The no form of the command disables the SR OS NETCONF server from accessing the candidate datastore. If the candidate is disabled, requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session, the candidate capability is not advertised in the SR OS NETCONF Hello message.

Default

candidate

Platforms

All

cannot-change-password

cannot-change-password

Syntax

[no] cannot-change-password

Context

[Tree] (config>system>security>user>console cannot-change-password)

Full Context

configure system security user console cannot-change-password

Description

This command allows a user the privilege to change their password for both FTP and console login.

To disable a user’s privilege to change their password, use the cannot-change-password form of this command.

Note:

The cannot-change-password flag is not replicated when a user copy is performed. A new-password-at-login flag is created instead.

Default

no cannot-change-password

Platforms

All

capacity-cost

capacity-cost

Syntax

capacity-cost cost

no capacity-cost

Context

[Tree] (config>app-assure>group>policy>app-profile capacity-cost)

Full Context

configure application-assurance group policy app-profile capacity-cost

Description

This command configures an application profile capacity cost. Capacity-Cost based load balancing allows a cost to be assigned to diverted SAPs (with the app-profile) and this is then used for load-balancing SAPs between ISAs as well as for a threshold that notifies the operator if/when capacity planning has been exceeded.

Default

capacity-cost 1

Parameters

cost

Specifies the profile capacity cost.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

captive-redirect

captive-redirect

Syntax

captive-redirect

Context

[Tree] (config>app-assure>group>http-redirect captive-redirect)

Full Context

configure application-assurance group http-redirect captive-redirect

Description

This command configures the captive redirect capability for an HTTP redirect policy. HTTP redirect policies using captive redirect can be used in conjunction with a session filter policy and will terminate TCP flows in the ISA-AA card before reaching the Internet to redirect subscribers to the predefined redirect URL. Non-HTTP TCP flows are TCP reset. Captive redirect uses the provisioned VLAN id to send the HTTP response to subscribers; therefore this VLAN id must be properly assigned in the same VPN as the subscriber. The operator can select the URL arguments to include in the redirect URL using either a specific template id or by configuring the redirect URL using one of the supported macro substitution keywords.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

capture

capture

Syntax

capture [{start | stop}]

Context

[Tree] (debug>pcap capture)

Full Context

debug pcap capture

Description

This command starts and stops the packet capture process for the specified session-name.

Parameters

start

Starts the packet capture process and also start or restarts the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each). If the same file name is unchanged in the config>mirror>mirror-dest>pcap context between captures, this command overwrites the file content.

stop

Stops the packet capture process and also stops the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each).

Platforms

All

capture-sap

capture-sap

Syntax

capture-sap sap-id [encap-val qtag[.qtag]] [mode mode]

no capture-sap sap-id

Context

[Tree] (debug>dynsvc>data-triggers capture-sap)

Full Context

debug dynamic-services data-triggers capture-sap

Description

This command enables or disables the generation of dynamic services data trigger debug events, such as:

  • data trigger received

  • authentication

  • data trigger SAP created

  • dynamic service SAP created

  • dropped data trigger with drop reason such as data trigger exists or lockout active.

Multiple capture SAPs can be specified simultaneously.

Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.

Optionally, the debug output can be restricted to dropped data trigger events only.

Parameters

sap-id

Specifies the dynamic services data trigger capture SAP for which debug events should be logged.

encap-val qtag[.qtag]

Optionally restrict the debug output to data trigger events with the specified encapsulation.

Values

1 to 4094

mode

Optionally restrict the debug output to specific events.

Values

all—log all data trigger events

dropped-only—log only dropped data trigger events

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

card

card

Syntax

[no] card slot-number

Context

[Tree] (config card)

Full Context

configure card

Description

This mandatory command enables access to the chassis and context. In SR OS cards cover IOM, IMM, and XCM.

The no form of this command removes the card from the configuration. All associated ports, services, and MDAs must be shutdown.

Default

no card

Parameters

slot-number

Specifies the slot number of the card in the chassis. The maximum slot number is platform dependent. Refer to the hardware installation guides.

Values

1 to 10

Platforms

All

card-type

card-type

Syntax

card-type card-type [level card-level]

no card-type

Context

[Tree] (config>card card-type)

Full Context

configure card card-type

Description

This mandatory command adds an IOM/XCM to the device configuration for the slot. The card type can be preprovisioned, meaning that the card does not need to be installed in the chassis.

A card must be provisioned before an MDA, connector, or port can be configured.

A card can only be provisioned in a slot that is vacant, meaning no other card can be provisioned (configured) for that particular slot. To reconfigure a slot position, use the no form of this command to remove the current information.

A card can only be provisioned in a slot if the card type is allowed in the slot. An error message is generated if an attempt is made to provision a card type that is not allowed.

If a card is inserted that does not match the configured card type for the slot, then a log event and facility alarm is raised. The alarm is cleared when the correct card type is installed or the configuration is modified.

A log event and facility alarm are is raised if an administratively enabled card is removed from the chassis. The alarm is cleared when the correct card type is installed or the configuration is modified. A log event is issued when a card is removed that is administratively disabled.

Because IMMs do not have the capability to install separate MDAs, the configuration of the MDA is automatic. This configuration only includes the default parameters such as default buffer policies. Commands to manage the MDA such as shutdown and so on, remain in the MDA configuration context.

Some card hardware can support two different firmware loads. One load includes the base Ethernet functionality, including 10G WAN mode, but does not include 1588 port-based timestamping. The second load includes the base Ethernet functionality and 1588 port-based timestamping, but does not include 10G WAN mode. These are identified as two card types that are the same, except for a "-ptp” suffix to indicate the second loadset; for example, imm40-10gb-sfp and imm40-10gb-sfp-ptp. A hard reset of the card occurs when switching between the two provisioned types.

An appropriate alarm is raised if a partial or complete card failure is detected. The alarm is cleared when the error condition ceases.

New generations of cards include variants controlled by hardware and software licensing. For these cards, the license level must be provisioned in addition to the card type. A card can not become operational unless the provisioned license level matches the license level of the card installed into the slot. The set of license levels varies by card type.

The provisioned level controls aspects related to connector provisioning and the consumption of hardware egress queues and egress policers. Changes to the provisioned license level may be blocked if configuration exists that would not be permitted with the new target license level.

If the license level is not specified, the level is set to the highest license level for that card.

The no form of this command removes the card from the configuration.

Default

no card-type

Parameters

card-type

Specifies the type of card to be configured and installed in that slot. Values for this attribute vary by platform and release. The release notes include a listing of all supported card-types and their CLI strings. In addition, the command can be queried to check which card-types are relevant for the active platform type. Some examples include iom4-e-b and imm-2pac-fp3.

card-level

Specifies the license level of the card, up to 32 characters. Possible values vary by card type.

Platforms

All

carrier-carrier-vpn

carrier-carrier-vpn

Syntax

[no] carrier-carrier-vpn

Context

[Tree] (config>service>vprn carrier-carrier-vpn)

Full Context

configure service vprn carrier-carrier-vpn

Description

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of this command removes the Carrier Supporting Carrier capability from a VPRN.

Default

no carrier-carrier-vpn

Platforms

All

category

category

Syntax

category category-name [create]

no category category-name

Context

[Tree] (config>subscr-mgmt>cat-map category)

Full Context

configure subscriber-mgmt category-map category

Description

Commands in this context configure RADIUS credit control, Diameter credit control (Gy), Diameter Gx Usage Monitoring, or Idle-Timeout.

Up to sixteen categories can be configured per category map. The internal category for Gx session level Usage Monitoring is included in this limit. The instantiation of the internal category is controlled with the gx-session-level-usage command.

Parameters

category-name

Specifies the category name, up to 32 characters.

create

Keyword used to create a category instance. The create keyword can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category

Syntax

category category-name [create]

no category category-name

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map category)

Full Context

configure subscriber-mgmt sla-profile category-map category

Description

This command defines the category in the category map to be used for the idle timeout monitoring of subscriber hosts.

The no form of this command reverts to the default.

Parameters

category-name

Specifies the name, up to 32 characters, of the category where the queues and policers are defined for idle timeout monitoring of subscriber hosts.

create

Keyword used to create a category instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category

Syntax

category category block

no category category

Context

[Tree] (config>app-assure>group>url-filter>web-service>profile category)

Full Context

configure application-assurance group url-filter web-service profile category

Description

This command configures the category that will be blocked in the category profile.

The no form of this command removes the category blocking configuration.

Parameters

category

Specifies the URL category name for the configured web service, up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

category-map

category-map

Syntax

category-map category-map-name [create]

no category-map category-map-name

Context

[Tree] (config>subscr-mgmt category-map)

Full Context

configure subscriber-mgmt category-map

Description

This command specifies the category map name.

The no form of this command reverts to the default.

Parameters

category-map-name

Specifies the category map name, up to 32 characters.

create

Keyword used to create a category map instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category-map

Syntax

category-map category-map-name

no category-map

Context

[Tree] (config>subscr-mgmt>sla-prof category-map)

Full Context

configure subscriber-mgmt sla-profile category-map

Description

This command references the category-map to be used for the idle-timeout monitoring of subscriber hosts associated with this sla-profile. The category-map must already exist in the config>subscr-mgmt context.

The no form of this command reverts to the default.

Parameters

category-map-name

Specifies the name of the category map, up to 32 characters, where the activity-threshold and the category is defined for idle-timeout monitoring of subscriber hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

category-map-name

category-map-name

Syntax

category-map-name category-map-name [create]

no category-map-name category-map-name

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings category-map-name)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings category-map-name)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings category-map-name

configure subscriber-mgmt local-user-db ppp host identification-strings category-map-name

Description

This command specifies the category map name.

The no form of this command removes the category map name from the configuration.

Parameters

category-map-name

Specifies an existing category map name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cbs

cbs

Syntax

cbs percent-of-resv-cbs

no cbs

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths>primary-paths>queue-parameters cbs)

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths>secondary-paths>queue-parameters cbs)

Full Context

configure mcast-management bandwidth-policy t2-paths primary-paths queue-parameters cbs

configure mcast-management bandwidth-policy t2-paths secondary-paths queue-parameters cbs

Description

This command overrides the default Committed Buffer Size (CBS) for each individual path’s queue. The queues CBS threshold is used when requesting buffers from the systems ingress buffer pool to indicate whether the requested buffer should be removed from the reserved portion of the buffer pool or the shared portion. When the queue’s fill depth is below or equal to the CBS threshold, the requested buffer comes from the reserved portion. Once the queues depth exceeds the CBS threshold, buffers come from the shared portion.

The cbs percent-of-resv-cbs parameter is defined as a percentage of the reserved portion of the pool. The system allows the sum of all CBS values to equal more than 100% allowing for oversubscription of the reserved portion of the pool. If the reserved portion is oversubscribed and the queues are currently using more reserved space than provisioned in the pool, the pool automatically starts using the shared portion of the pool for within-CBS buffer allocation. The shared early detection slopes can assume more buffers that exist within the shared portion that may cause the early detection function to fail.

For the primary-path and secondary-path queues, the percentage is applied to a single queue for each path.

The no form of this command restores the path queues default CBS value.

Parameters

percent-of-resv-cbs

Specifies the percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 MB is the total buffers in the buffer pool, a value of 10 would reserve 1MB (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Default

Primary:

5

Secondary:

30

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>queue cbs)

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>queue cbs)

Full Context

configure subscriber-mgmt sla-profile egress qos queue cbs

configure subscriber-mgmt sla-profile ingress qos queue cbs

Description

This command can be used to override specific attributes of the specified queue's CBS parameters. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queues’ CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

The no form of this command returns the CBS size to the size as configured in the QoS policy.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576, default

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs size [bytes | kilobytes]

no cbs

Context

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer cbs)

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer cbs)

Full Context

configure subscriber-mgmt sla-profile ingress qos policer cbs

configure subscriber-mgmt sla-profile egress qos policer cbs

Description

This command is used to configure the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

Parameters

size

Specifies the size parameter and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456

bytes

Specifies the size parameter the size parameter in bytes. When bytes is defined, the value given for size is interpreted as the queue’s MBS value given in bytes.

kilobytes

Specifies the size parameter in kilobytes. When kilobytes is defined, the value is interpreted as the queue’s MBS value given in kilobytes.

Default

kilobyte

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue cbs)

[Tree] (config>service>vpls>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>vpls>sap>egress>queue-override>queue cbs)

Full Context

configure service ies interface sap ingress queue-override queue cbs

configure service ies interface sap egress queue-override queue cbs

configure service vpls sap ingress queue-override queue cbs

configure service vpls sap egress queue-override queue cbs

Description

This command overrides specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.

The no form of this command returns the CBS size to the default value.

Parameters

size-in-kbytes

Specifies the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576, default

Platforms

All

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue cbs)

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue cbs)

Full Context

configure service vprn interface sap egress queue-override queue cbs

configure service vprn interface sap ingress queue-override queue cbs

Description

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error occurs, preventing the CBS change.

The no form of this command returns the CBS to the default value.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. For a value of 10 kbytes, enter the number 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimum reserved size can be applied for scheduling purposes).

Values

0 to 131072 or default

Platforms

All

cbs

Syntax

cbs burst-size

no cbs

Context

[Tree] (config>subscr-mgmt>isa-policer cbs)

Full Context

configure subscriber-mgmt isa-policer cbs

Description

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

Default

cbs 0

Parameters

burst-size

Specifies the committed burst-size in kbytes.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs {size [bytes | kilobytes] | default}

no cbs

Context

[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr cbs)

[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr cbs)

Full Context

configure card fp ingress access queue-group policer-override policer cbs

configure card fp ingress network queue-group policer-override policer cbs

Description

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer’s defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

Parameters

size

Specifies that the size parameter is required when specifying cbs and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional bytes and kilobytes keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456

bytes

When bytes is defined, the value given for size is interpreted as the queue’s CBS value given in bytes.

kilobytes

When kilobytes is defined, the value is interpreted as the queue’s CBS value given in kilobytes.

Default

kilobyte

default

Specifying the keyword default sets the CBS to its default value.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>port>ethernet>network>egr>qover>q cbs)

[Tree] (config>port>ethernet>access>ing>qgrp>qover>q cbs)

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q cbs)

Full Context

configure port ethernet network egress queue-overrides queue cbs

configure port ethernet access ingress queue-group queue-overrides queue cbs

configure port ethernet access egress queue-group queue-overrides queue cbs

Description

This command defines the default committed buffer size for the template queue. Overall, the CBS command follows the same behavior and provisioning characteristics as the CBS command in the queue-group or network QoS policy. The exception is the addition of the cbs-value qualifier keywords bytes or kilobytes.

The no form of this command restores the default CBS size to the template queue.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576 or default

Platforms

All

cbs

Syntax

cbs size [bytes | kilobytes]

no cbs

Context

[Tree] (config>service>cpipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>epipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>ipipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>epipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr cbs)

Full Context

configure service cpipe sap egress policer-override policer cbs

configure service epipe sap ingress policer-override policer cbs

configure service ipipe sap egress policer-override policer cbs

configure service cpipe sap ingress policer-override policer cbs

configure service epipe sap egress policer-override policer cbs

configure service ipipe sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

The size parameter is required when specifying cbs override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

bytes

When bytes is defined, the value given for size is interpreted as the policer’s MBS value in bytes.

kilobytes

When kilobytes is defined, the value given for size is interpreted as the policer’s MBS value in kilobytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress policer-override policer cbs
  • configure service cpipe sap ingress policer-override policer cbs

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap egress policer-override policer cbs
  • configure service epipe sap egress policer-override policer cbs
  • configure service ipipe sap ingress policer-override policer cbs
  • configure service epipe sap ingress policer-override policer cbs

cbs

Syntax

cbs {size-in-kbytes | default}

no cbs

Context

[Tree] (config>service>epipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>cpipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>epipe>sap>egress>queue-override>queue cbs)

Full Context

configure service epipe sap ingress queue-override queue cbs

configure service cpipe sap egress queue-override queue cbs

configure service cpipe sap ingress queue-override queue cbs

configure service ipipe sap egress queue-override queue cbs

configure service ipipe sap ingress queue-override queue cbs

configure service epipe sap egress queue-override queue cbs

Description

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly to drop packets.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is wanted, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 131072, default

Platforms

All

  • configure service epipe sap ingress queue-override queue cbs
  • configure service epipe sap egress queue-override queue cbs
  • configure service ipipe sap ingress queue-override queue cbs
  • configure service ipipe sap egress queue-override queue cbs

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress queue-override queue cbs
  • configure service cpipe sap ingress queue-override queue cbs

cbs

Syntax

cbs size [{bytes | kilobytes}]

no cbs

Context

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr cbs)

[Tree] (config>service>vpls>sap>egress>policer-override>plcr cbs)

Full Context

configure service vpls sap ingress policer-override policer cbs

configure service vpls sap egress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs size [{bytes | kilobytes}]

no cbs

Context

[Tree] (config>service>ies>if>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>ies>if>sap>ingress>policer-over>plcr cbs)

Full Context

configure service ies interface sap egress policer-override policer cbs

configure service ies interface sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs size [{bytes | kilobytes}]

no cbs

Context

[Tree] (config>service>vprn>if>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>vprn>if>sap>ingress>policer-over>plcr cbs)

Full Context

configure service vprn interface sap egress policer-override policer cbs

configure service vprn interface sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs congested-cbs

no cbs

Context

[Tree] (config>app-assure>group>policer>congestion-override cbs)

[Tree] (config>app-assure>group>policer>congestion-override-stage2 cbs)

Full Context

configure application-assurance group policer congestion-override cbs

configure application-assurance group policer congestion-override-stage2 cbs

Description

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the congested CBS value from the configuration

Parameters

congested-cbs

Specifies the committed burst size, in kbytes, when the access-network-level, which the subscriber belongs to, is in a congested state.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs committed-burst-size

no cbs

Context

[Tree] (config>app-assure>group>tod-override cbs)

[Tree] (config>app-assure>group>policer cbs)

Full Context

configure application-assurance group tod-override cbs

configure application-assurance group policer cbs

Description

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the committed burst size from the configuration.

Parameters

committed-burst-size

Specifies an integer value defining size, in kbytes, for the CBS of the policer.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cbs

Syntax

cbs size [bytes | kilobytes]

no cbs

Context

[Tree] (config>qos>sap-egress>policer cbs)

[Tree] (config>qos>sap-ingress>policer cbs)

[Tree] (config>qos>sap-ingress>dyn-policer cbs)

[Tree] (config>qos>sap-egress>dyn-policer cbs)

Full Context

configure qos sap-egress policer cbs

configure qos sap-ingress policer cbs

configure qos sap-ingress dynamic-policer cbs

configure qos sap-egress dynamic-policer cbs

Description

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

By default, the CBS is 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

Parameters

size [bytes | kilobytes]

Specifies an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos sap-egress policer cbs
  • configure qos sap-ingress policer cbs

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure qos sap-ingress dynamic-policer cbs
  • configure qos sap-egress dynamic-policer cbs

cbs

Syntax

cbs size-in-kbytes

no cbs

Context

[Tree] (config>qos>sap-ingress>queue cbs)

[Tree] (config>qos>sap-egress>queue cbs)

Full Context

configure qos sap-ingress queue cbs

configure qos sap-egress queue cbs

Description

This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potentially large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.

If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.

The no form of this command returns the CBS size to the default value.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes) The CBS maximum value used is constrained by the pool size in which the queue exists.

Values

0 to 1048576 or default

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR, or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Platforms

All

cbs

Syntax

cbs percent

no cbs

Context

[Tree] (config>qos>network-queue>queue cbs)

Full Context

configure qos network-queue queue cbs

Description

The Committed Burst Size (cbs) command specifies the relative number of reserved buffers for a specific ingress network FP forwarding class queue or egress network port forwarding class queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the number of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool. Access to this shared pool space is controlled through Random Early Detection (RED) slope application.

Two RED slopes are maintained in each buffer pool. A high-priority slope is used by in-profile packets. A low-priority slope is used by out-of-profile packets. At egress, there are two additional RED slopes maintained in each buffer pool: the highplus slope is used by inplus-profile packets, and the exceed slope is used by exceed-profile packets. All network control and management packets are considered in-profile. Assured packets are handled by their in-profile and out-of-profile markings. All best-effort packets are considered out-of-profile. Premium queues should be configured such that the CBS percent is sufficient to prevent shared buffering of packets. This is generally taken care of by the CIR scheduling of premium queues and the overall small amount of traffic on the class. Premium queues in a properly designed system will drain before all others, limiting their buffer utilization.

The RED slopes will detect congestion conditions and work to discard packets and slow down random TCP session flows through the queue. The RED slope definitions can be defined, modified, or disabled through the slope policy assigned to the FP for the network ingress buffer pool or assigned to the network port for network egress buffer pools.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue to be unused and should be avoided.

The no form of this command returns the CBS size for the queue to the default for the forwarding class.

Default

The cbs forwarding class defaults are listed in the CBS Forwarding Class Defaults.

Table 1. CBS Forwarding Class Defaults

Forwarding Class

Forwarding Class Label

Default CBS

Network-Control

nc

3

High-1

h1

3

Expedited

ef

1

High-2

h2

1

Low-1

l1

3

Assured

af

1

Low-2

l2

3

Best-Effort

be

1

Parameters

percent

The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 Mbytes is the total buffer space in the buffer pool, a value of 10 would reserve 1 Mbyte (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Platforms

All

cbs

Syntax

cbs {size-in-kbytes | default}

no cbs

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer cbs)

[Tree] (config>qos>qgrps>ing>qgrp>policer cbs)

Full Context

configure qos queue-group-templates egress queue-group policer cbs

configure qos queue-group-templates ingress queue-group policer cbs

Description

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

Default

default

Parameters

size-in-kbytes

For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.

Values

0 to 2683435456, default

Minimum default value: 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

cbs

Syntax

cbs {size-in-kbytes | default}

no cbs

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue cbs)

[Tree] (config>qos>qgrps>ing>qgrp>queue cbs)

Full Context

configure qos queue-group-templates egress queue-group queue cbs

configure qos queue-group-templates ingress queue-group queue cbs

Description

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

Default

default

Parameters

size-in-kbytes

For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.

Values

0 to 1048576 or default

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Platforms

All

cbs

Syntax

cbs percent

no cbs

Context

[Tree] (config>qos>shared-queue>queue cbs)

Full Context

configure qos shared-queue queue cbs

Description

The Committed Burst Size (cbs) command specifies the relative amount of reserved buffers for a specific ingress shared queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the amount of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue being unused and should be avoided.

Default

The queue CBS defaults are listed in Queue CBS Default Values.

Table 2. Queue CBS Default Values

Queue

Default CBS

1

1

2

3

3

10

4

3

5

10

6

10

7

3

8

3

9

1

10

1

11

1

12

1

13

1

14

1

15

1

16

1

Parameters

percent

The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Platforms

All

cbs

Syntax

cbs cbs

no cbs

Context

[Tree] (config>sys>security>cpm-queue>queue cbs)

Full Context

configure system security cpm-queue queue cbs

Description

This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the queue’s buffer pool.

Parameters

cbs

Specifies the committed burst size in kbytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cc-error

cc-error

Syntax

[no] cc-error

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms cc-error)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms cc-error)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms cc-error)

Full Context

configure mcast-management multicast-info-policy bundle video analyzer alarms cc-error

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms cc-error

configure mcast-management multicast-info-policy bundle channel video analyzer alarms cc-error

Description

This command configures the analyzer to check the continuity counter. The continuity counter should be incremented per PID; otherwise, it is considered a continuity counter error.

Default

no cc-error

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

ccm-enable

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-enable)

Full Context

configure eth-tunnel path eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-enable)

[Tree] (config>lag>eth-cfm>mep ccm-enable)

Full Context

configure port ethernet eth-cfm mep ccm-enable

configure lag eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-enable)

Full Context

configure service epipe sap eth-cfm mep ccm-enable

configure service epipe spoke-sdp eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>vpls>eth-cfm>mep ccm-enable)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>vpls>mesh-sdp>mep ccm-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-enable)

Full Context

configure service vpls eth-cfm mep ccm-enable

configure service vpls spoke-sdp eth-cfm mep ccm-enable

configure service vpls mesh-sdp mep ccm-enable

configure service vpls sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-enable)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable

configure service ies interface spoke-sdp eth-cfm mep ccm-enable

configure service ies interface sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep ccm-enable
  • configure service ies interface spoke-sdp eth-cfm mep ccm-enable

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-enable)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-enable)

Full Context

configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable

configure service vprn interface sap eth-cfm mep ccm-enable

configure service vprn interface spoke-sdp eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep ccm-enable
  • configure service vprn interface spoke-sdp eth-cfm mep ccm-enable

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>router>if>eth-cfm>mep ccm-enable)

Full Context

configure router interface eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-enable

Syntax

[no] ccm-enable

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-enable)

Full Context

configure eth-ring path eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of the command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-hold-time

ccm-hold-time

Syntax

ccm-hold-time {down down-timeout] [up up-timeout}

no ccm-hold-time

Context

[Tree] (config>eth-tunnel ccm-hold-time)

Full Context

configure eth-tunnel ccm-hold-time

Description

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP will remain in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay

Parameters

down down-timeout

Specifies the time, in centiseconds, used for the hold-timer for associated Continuity Check (CC) Session down event dampening. This guards against reporting excessive member operational state transitions.

This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.

Values

0 to 1000

Default

0

up up-timeout

Specifies the time, in deciseconds, used for the hold-timer for associated Continuity Check (CC) Session up event dampening. This guards against reporting excessive member operational state transitions.

This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.

Values

0 to 5000

Default

20

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-hold-time

Syntax

ccm-hold-time down timer

no ccm-hold-time

Context

[Tree] (config>eth-cfm>domain>assoc ccm-hold-time)

Full Context

configure eth-cfm domain association ccm-hold-time

Description

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP remains in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay.

Default

no ccm-hold-time

Parameters

down timer

Specifies the amount of time to delay, in centiseconds.

Values

0 to 1000

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-hold-time

Syntax

ccm-hold-time [down down-timeout] [up up-timeout]

no ccm-hold-time

Context

[Tree] (config>eth-ring ccm-hold-time)

Full Context

configure eth-ring ccm-hold-time

Description

This command configures eth-ring dampening timers. See the down and up commands for more information.

The no form of the command sets the up and down timers to the default values.

Parameters

down-timeout

Specifies the down timeout, in centiseconds.

Values

0 to 5000

up-timeout

Specifies the hold-time for reporting the recovery, in deciseconds.

Values

0 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-interval

ccm-interval

Syntax

ccm-interval interval

no ccm-interval

Context

[Tree] (config>eth-cfm>domain>assoc ccm-interval)

Full Context

configure eth-cfm domain association ccm-interval

Description

This command configures the CCM transmission interval for all MEPs in the association.

The no form of this command reverts to the default value.

Default

no ccm-interval

Parameters

interval

Specifies the interval between CCM transmissions to be used by all MEPs in the MA.

Values

10 milliseconds, 100 milliseconds, 1 second, 10 seconds, 60 seconds, 600 seconds

Default

10 (seconds)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-ltm-priority)

Full Context

configure eth-tunnel path eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>lag>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>router>if>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>port>ethernet>eth-cfm>mep ccm-ltm-priority)

Full Context

configure lag eth-cfm mep ccm-ltm-priority

configure router interface eth-cfm mep ccm-ltm-priority

configure port ethernet eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority of the CCM and LTM messages transmitted by the MEP. Since CCM does not apply to the Router Facility MEP only the LTM priority is of value under that context.

The no form of this command reverts to the default values.

Default

no ccm-ltm-priority

Parameters

priority

Specifies the priority value.

Values

0 to 7

Default

7, highest priority for CCMs and LTMs transmitted by the MEP

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service epipe spoke-sdp eth-cfm mep ccm-ltm-priority

configure service ipipe sap eth-cfm mep ccm-ltm-priority

configure service epipe sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>vpls>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vpls>mesh-sdp>mep ccm-ltm-priority)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service vpls eth-cfm mep ccm-ltm-priority

configure service vpls sap eth-cfm mep ccm-ltm-priority

configure service vpls mesh-sdp mep ccm-ltm-priority

configure service vpls spoke-sdp eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service ies interface sap eth-cfm mep ccm-ltm-priority

configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep ccm-ltm-priority
  • configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-ltm-priority)

Full Context

configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority

configure service vprn interface sap eth-cfm mep ccm-ltm-priority

configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority
  • configure service vprn interface sap eth-cfm mep ccm-ltm-priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority

ccm-ltm-priority

Syntax

ccm-ltm-priority priority

no ccm-ltm-priority

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-ltm-priority)

Full Context

configure eth-ring path eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of the command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-padding-size

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>lag>eth-cfm>mep ccm-padding-size)

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-padding-size)

Full Context

configure lag eth-cfm mep ccm-padding-size

configure eth-tunnel path eth-cfm mep ccm-padding-size

Description

This command inserts additional padding in the CCM packets.

The no form of this command reverts to the default.

Parameters

ccm-padding

Specifies the additional padding in the CCM packets, in octets.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size ccm-padding

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-padding-size)

[Tree] (config>router>if>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>lag>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure port ethernet eth-cfm mep ccm-padding-size

configure router interface eth-cfm mep ccm-padding-size

configure service epipe sap eth-cfm mep ccm-padding-size

configure service epipe spoke-sdp eth-cfm mep ccm-padding-size

configure service vpls spoke-sdp eth-cfm mep ccm-padding-size

configure service vpls sap eth-cfm mep ccm-padding-size

configure lag eth-cfm mep ccm-padding-size

configure service vpls mesh-sdp eth-cfm mep ccm-padding-size

configure service ipipe sap eth-cfm mep ccm-padding-size

Description

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default

no ccm-padding-size

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size

configure service ies interface sap eth-cfm mep ccm-padding-size

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

Description

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default

ccm-padding-size

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size
  • configure service ies interface sap eth-cfm mep ccm-padding-size

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-padding-size)

Full Context

configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

configure service vprn interface sap eth-cfm mep ccm-padding-size

configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size

Description

This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer 2 encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep ccm-padding-size
  • configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size

ccm-padding-size

Syntax

ccm-padding-size ccm-padding

no ccm-padding-size

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-padding-size)

Full Context

configure eth-ring path eth-cfm mep ccm-padding-size

Description

This command inserts additional padding in the CCM packets.

The no form of the command reverts to the default.

Parameters

ccm-padding

Specifies the additional padding in the CCM packets.

Values

3 to 1500 octets

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccm-tlv-ignore

ccm-tlv-ignore

Syntax

ccm-tlv-ignore [interface-status] [port-status]

no ccm-tlv-ignore

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-tlv-ignore)

[Tree] (config>lag>eth-cfm>mep ccm-tlv-ignore)

[Tree] (config>router>if>eth-cfm>mep ccm-tlv-ignore)

Full Context

configure port ethernet eth-cfm mep ccm-tlv-ignore

configure lag eth-cfm mep ccm-tlv-ignore

configure router interface eth-cfm mep ccm-tlv-ignore

Description

This command allows the receiving MEP to ignore the specified TLVs in CCM PDU. Ignored TLVs will be reported as absent and will have no impact on the MEP state machine.

The no form of this command means the receiving MEP will process all recognized TLVs in the CCM PDU.

Default

no ccm-tlv-ignore

Parameters

interface-status

Ignores the interface status TLV on reception.

port-status

Ignores the port status TLV on reception.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ccrt-replay

ccrt-replay

Syntax

ccrt-replay

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy ccrt-replay)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx ccrt-replay)

Full Context

configure subscriber-mgmt diameter-application-policy gy ccrt-replay

configure subscriber-mgmt diameter-application-policy gx ccrt-replay

Description

Commands in this context configure CCR-T replay. CCR-T replay is enabled with a no shutdown of this context. If a communication failure between client and server occurs, CCR-T replay enables the retransmission of CCR-T messages for a Gx or Gy session at a configured intervals until a valid response (CCA-t) is received or until the configured max-lifetime period expires, whichever comes first.

In Gx, replaying CCR-T messages ensures that the Gx session is cleared on the PCRF side in cases where the peering session to the PCRF was not available at the time that the initial and the first retransmitted CCR-T was sent.

In Gy, replaying CCR-T messages ensures that the final credit control usage reporting is not lost for billing by the OCS.

The subscriber host or session that triggered the Gx or Gy session that is in CCR-T replay mode is deleted from the system at the time that the initial CCR-T is sent. All resources associated with the subscriber host or session, such as queues, DHCP lease states, and PPPoE session states are released. The orphaned Gx and Gy sessions in replay mode are left in the system.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cd

cd

Syntax

cd [file-url]

Context

[Tree] (file cd)

Full Context

file cd

Description

This command displays or changes the current working directory in the local file system.

Parameters

file-url

Specifies the file URL.

Values

local-url

[cflash-id/][file-path] up to 200 characters, including cflash-id directory length 99 chars max each

remote-url

[{ftp:// | tftp://}login:pswd@remote-locn/][file-path]

up to 247 characters

directory length up to 199 characters

remote-locn

[hostname | ipv4-address | [ipv6-address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - up to 32 characters, for link local addresses 255

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

If no file-url is entered, the current working directory is displayed.

..

signifies the parent directory. This can be used in place of an actual directory name in a directory-url.

directory-url

Specifies the destination directory.

Platforms

All

ce-address

ce-address

Syntax

ce-address ip-address

no ce-address

Context

[Tree] (config>service>ipipe>sap ce-address)

[Tree] (config>service>ipipe>spoke-sdp ce-address)

Full Context

configure service ipipe sap ce-address

configure service ipipe spoke-sdp ce-address

Description

This command specifies the IP address of the CE device associated with an Ipipe SAP or spoke SDP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. For a spoke SDP, it is the address of the CE device reachable through that spoke SDP (for example, attached to the SAP on the remote node). The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

On a 7450 ESS, this command specifies the IP address of the CE device associated with an Ipipe SAP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

Parameters

ip-address

Specifies the IP address of the CE device associated with an Ipipe SAP.

Platforms

All

ce-address-discovery

ce-address-discovery

Syntax

ce-address-discovery [keep]

ce-address-discovery ipv6 [keep]

no ce-address-discovery

Context

[Tree] (config>service>ipipe ce-address-discovery)

Full Context

configure service ipipe ce-address-discovery

Description

This command specifies whether the service will automatically discover the CE IP addresses.

When enabled, the addresses will be automatically discovered on SAPs that support address discovery, and on the spoke SDPs. When enabled, addresses configuration on the Ipipe SAP and spoke SDPs will not be allowed.

If disabled, CE IP addresses must be manually configured for the SAPs to become operationally up.

Default

no ce-address-discovery

Parameters

ipv6

The ipv6 keyword enables IPv6 CE address discovery support on the Ipipe so that both IPv4 and IPv6 address discovery are supported. If the ipv6 keyword is not included, then only IPv4 address discovery is supported and IPv6 packets are dropped.

keep

The keep keyword is only applicable to eth-legacy-fault-notification. This option maintains the CE address discovered even when the SAP on which the address was learned fails. The ARP entry will not be maintained if the SAP is administratively shutdown, the clear service id svc-id {arp | neighbor} is used to remove the ARP entry or the node reboots.

Platforms

All

cem

cem

Syntax

cem

Context

[Tree] (config>service>cpipe>sap cem)

[Tree] (config>service>epipe>sap cem)

Full Context

configure service cpipe sap cem

configure service epipe sap cem

Description

Commands in this context specify circuit emulation (CEM) properties.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap cem

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure service epipe sap cem

cem

Syntax

cem

Context

[Tree] (config>mirror>mirror-dest>sap cem)

Full Context

configure mirror mirror-dest sap cem

Description

Commands in this context specify circuit emulation (CEM) mirroring properties.

Ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cert

cert

Syntax

cert cert-filename

no cert

Context

[Tree] (config>ipsec>cert-profile>entry cert)

Full Context

configure ipsec cert-profile entry cert

Description

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of this command removes the cert-file-name from the entry configuration.

Default

no cert

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cert

Syntax

cert

Context

[Tree] (config>service>ies>if>sap>ipsec-gw cert)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>service>vprn>if>sap>ipsec-gw cert)

[Tree] (config>ipsec>trans-mode-prof>dyn cert)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn cert)

Full Context

configure service ies interface sap ipsec-gw cert

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert

configure service vprn interface sap ipsec-gw cert

configure ipsec ipsec-transport-mode-profile dynamic-keying cert

configure router interface ipsec ipsec-tunnel dynamic-keying cert

Description

Commands in this context configure certificate parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies interface sap ipsec-gw cert
  • configure service vprn interface sap ipsec-gw cert
  • configure ipsec ipsec-transport-mode-profile dynamic-keying cert

VSR

  • configure router interface ipsec ipsec-tunnel dynamic-keying cert
  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert
  • configure service ies interface ipsec ipsec-tunnel dynamic-keying cert

cert

Syntax

cert cert-filename

no cert

Context

[Tree] (config>system>security>tls>cert-profile>entry cert)

Full Context

configure system security tls cert-profile entry cert

Description

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of the command removes the certificate.

Default

no cert

Parameters

cert-filename

Specifies the file name of the TLS certificate, up to 95 characters in length.

Platforms

All

cert

Syntax

cert cert-file-name [create]

no cert

Context

[Tree] (config>system>security>pki>cert-auto-upd cert)

Full Context

configure system security pki certificate-auto-update cert

Description

This command configures the imported certificate filename for the certificate automatic update.

The no form of this command removes the cert-file-name from the configuration.

Parameters

cert-file-name

Specifies the filename of the certificate, up to 95 characters in length.

Platforms

All

cert-file

cert-file

Syntax

cert-file filename

no cert-file

Context

[Tree] (config>system>security>pki>ca-profile cert-file)

Full Context

configure system security pki ca-profile cert-file

Description

This command specifies the filename of a file in cf3:\system-pki\cert as the CA’s certificate of the ca-profile.

Notes:

  • The system will perform following checks against configured cert-file when a no shutdown command is issued:

    • Configured cert-file must be a DER formatted X.509v3 certificate file.

    • All non-optional fields defined in section 4.1 of RFC5280 must exist and conform to the RFC 5280 defined format.

    • Check the version field to see if its value is 0x2.

    • Check The Validity field to see that if the certificate is still in validity period.

    • X509 basic constraints extension must exists, and CA Boolean must be True.

    • If Key Usage extension exists, then at least keyCertSign and cRLSign should be asserted.

    • If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s certificate to verify if this certificate is signed by issuer’s CA; but if there is no such CA-profile configured, then system will just proceed with a warning message.

    • If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s CRL to verify that it has not been revoked; but if there is no such CA-profile configured or there is no such CRL, then system will just proceed with a warning message.

    If any of above checks fails, then the no shutdown command will fail.

  • Changing or removing of cert-file is only allowed when the ca-profile is in a shutdown state.

The no form of this command removes the filename from the configuration.

Parameters

filename

Specifies a local CF card file URL.

Platforms

All

cert-profile

cert-profile

Syntax

cert-profile profile-name [create]

no cert-profile profile-name

Context

[Tree] (config>ipsec cert-profile)

Full Context

configure ipsec cert-profile

Description

This command creates a new cert-profile or enters the configuration context of an existing cert-profile.

The no form of this command removes the profile name from the cert-profile configuration.

Parameters

profile-name

Specifies the name of the certification profile up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cert-profile

Syntax

cert-profile name

no cert-profile

Context

[Tree] (config>ipsec>trans-mode-prof>dyn>cert cert-profile)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert cert-profile)

[Tree] (config>service>ies>if>sap>ipsec-gw>cert cert-profile)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert cert-profile)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert cert-profile)

[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert cert-profile)

[Tree] (config>service>vprn>if>sap>ipsec-gw>cert cert-profile)

Full Context

configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure service ies interface sap ipsec-gw cert cert-profile

configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure service vprn interface sap ipsec-gw cert cert-profile

Description

This command specifies the name of certificate profile to be used for authentication.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies the profile name, up to 32 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-gw cert cert-profile
  • configure service ies interface sap ipsec-gw cert cert-profile
  • configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile
  • configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile

VSR

  • configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
  • configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

cert-profile

Syntax

cert-profile profile-name [create]

no cert-profile profile-name

Context

[Tree] (config>system>security>tls cert-profile)

Full Context

configure system security tls cert-profile

Description

This command configures TLS certificate profile information. The certificate profile contains the certificates that are sent to the TLS peer (server or client) to authenticate itself. It is mandatory for the TLS server to send this information. The TLS client may optionally send this information upon request from the TLS server.

The no form of the command deletes the specified TLS certificate profile.

Parameters

profile-name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

create

Keyword used to create the TLS certificate profile.

Platforms

All

cert-profile

Syntax

cert-profile name

no cert-profile

Context

[Tree] (config>system>security>tls>client-tls-profile cert-profile)

Full Context

configure system security tls client-tls-profile cert-profile

Description

This command assigns a TLS certificate profile to be used by the TLS client profile. This certificate is sent to the server for authentication of the client and public key.

The no form of the command removes the TLS certificate profile assignment.

Parameters

name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

Platforms

All

cert-profile

Syntax

cert-profile name

no cert-profile

Context

[Tree] (config>system>security>tls>server-tls-profile cert-profile)

Full Context

configure system security tls server-tls-profile cert-profile

Description

This command assigns a TLS certificate profile to be used by the TLS server profile. This certificate is sent to the client for authentication of the server and public key.

The no form of the command removes the TLS certificate profile assignment.

Parameters

name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

Platforms

All

cert-request

cert-request

Syntax

cert-request ca ca-profile-name current-key key-filename current-cert cert-filename [hash-alg hash-algorithm] newkey key-filename subject-dn subject-dn [domain-name domain-names] [ip-addr ip-address | ipv6-address] save-as save-path-of-result-cert

Context

[Tree] (admin>certificate>cmpv2 cert-request)

Full Context

admin certificate cmpv2 cert-request

Description

This command requests an additional certificate after the system has obtained the initial certificate from the CA.

The request is authenticated by a signature signed by the current-key, along with the current-cert. The hash algorithm used for signature is depends on the key type:

  • DSA key: SHA1

  • RSA key: MD5/SHA1/SHA224 | SHA256 | SHA384 | SHA512, by default is SHA1

In some cases, the CA may not return a certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.

Parameters

ca ca-profile-name

Specifies a ca-profile name which includes CMP server information up to 32 characters.

current-key key-filename

Specifies corresponding certificate issued by the CA up to 95 characters.

current-cert cert-filename

Specifies the file name of an imported certificate that is attached to the certificate request up to 95 characters.

newkey key-filename

Specifies the file name of the imported key up to 95 characters.

hash-alg hash-algorithm

Specifies the hash algorithm for RSA key.

Values

md5,sha1,sha224,sha256,sha384,sha512

subject-dn dn

Specifies the subject of the requesting certificate up to 256 characters.

Values

attr1=val1,attr2=val2 where: attrN={C | ST | O | OU | CN}

save-as save-path-of-result-cert

Specifies the save full path name of saving the result certificate, up to 200 characters.

domain-name domain-names

Specifies FQDNs for SubjectAltName of the requesting certificate, separated by commas, up to 512 characters.

ip-addr ip-address | ipv6-address

Specifies an IPv4 or IPv6 address for SubjectAltName of the requesting certificate.

Platforms

All

cert-sync

cert-sync

Syntax

[no] cert-sync

Context

[Tree] (admin>redundancy cert-sync)

[Tree] (config>redundancy cert-sync)

Full Context

admin redundancy cert-sync

configure redundancy cert-sync

Description

This command automatically synchronizes the certificate/CRL/key when importing or generating (for the key). If a new CF card is inserted into slot3 into the backup CPM, the system will sync the whole system-pki directory from the active CPM.

Default

enabled

Platforms

All

certificate

certificate

Syntax

certificate certificate-file

no certificate

Context

[Tree] (config>app-assure>group>certificate-profile certificate)

Full Context

configure application-assurance group certificate-profile certificate

Description

This command indicated the file name of the certificate to be added to the profile.

The no form of this command removes the certificate from the profile.

Default

no certificate

Parameters

certificate-file

Specifies the name of the certificate file, up to 95 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

certificate

Syntax

certificate

Context

[Tree] (admin certificate)

Full Context

admin certificate

Description

Commands in this context configure X.509 certificate related operational parameters. For information about CMPv6 admin certificate commands, see the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide.

Platforms

All

certificate

Syntax

certificate

Context

[Tree] (debug certificate)

Full Context

debug certificate

Description

Commands in this context debug certificates.

Platforms

All

certificate

Syntax

certificate filename

Context

[Tree] (debug>ipsec certificate)

Full Context

debug ipsec certificate

Description

This command enables debug for certificate chain computation in cert-profile.

Parameters

filename

Displays the filename of imported certificate, up to 95 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

certificate-auto-update

certificate-auto-update

Syntax

certificate-auto-update

Context

[Tree] (config>system>security>pki certificate-auto-update)

Full Context

configure system security pki certificate-auto-update

Description

This command configures automatic updates for the specified certificate. This must be an imported certificate.

Platforms

All

certificate-display-format

certificate-display-format

Syntax

certificate-display-format {ascii | utf8}

Context

[Tree] (config>system>security>pki certificate-display-format)

Full Context

configure system security pki certificate-display-format

Description

This command specifies the display format used for the Certificates and Certificate Revocation Lists.

Default

certificate-display-format ascii

Parameters

ascii

Specifies the ASCII format to use for the Certificates and Certificate Revocation Lists.

utf8

Specifies the UTF8 format to use for the Certificates and Certificate Revocation Lists.

Platforms

All

certificate-expiration-warning

certificate-expiration-warning

Syntax

certificate-expiration-warning hours [repeat repeat-hours]

no certificate-expiration-warning

Context

[Tree] (config>system>security>pki certificate-expiration-warning)

Full Context

configure system security pki certificate-expiration-warning

Description

With this command configured, the system issues two types of warnings related to certificate expiration:

  • BeforeExp — A warning message issued before certificate expire

  • AfterExp — A warning message issued when certificate expire

This command specifies when system will issue BeforeExp message before a certificate expires. For example, with certificate-expiration-warning 5, the system will issue a BeforeExp message 5 hours before a certificate expires. An optional repeat <repeat-hour> parameter will enable the system to repeat the BeforeExp message every hour until the certificate expires.

If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.

BeforeExp and AfterExp warnings can be cleared in following cases:

  • The certificate is reloaded by the admin certificate reload command. In this case, if the reloaded file is not expired, then AfterExp is cleared. And, if the reloaded file is outside of configured warning window, then the BeforeExp is also cleared.

  • When the ca-profile/ipsec-gw/ipsec-tunnel/cert-profile is shutdown, then BeforeExp and AfterExp of corresponding certificates are cleared.

  • When no certificate-expiration-warning command is configured, then all existing BeforeExp and AfterExp are cleared.

  • Users may change the configuration of the certificate-expiration-warning so that certain certificates are no longer in the warning window. BeforeExp of corresponding certificates are cleared.

  • If the system time changes so that the new time causes the certificates to no longer be in the warning window, then BeforeExp is cleared. If the new time causes an expired certificate to come non-expired, then AfterExp is cleared.

Default

no certificate-expiration-warning

Parameters

hours

Specifies the amount of time before a certificate expires when system issues BeforeExp.

Values

0 to 8760

repeat-hours

Specifies the time the system will repeat BeforeExp every repeat-hour.

Values

0 to 8760

Platforms

All

certificate-profile

certificate-profile

Syntax

certificate-profile cert-prof-name [create]

no certificate-profile cert-prof-name

Context

[Tree] (config>app-assure>group certificate-profile)

Full Context

configure application-assurance group certificate-profile

Description

This command creates a certificate profile to be used for certificate-based encryption in HTTP header enrichment.

The no form of this command removes the certificate profile.

Parameters

cert-profile-name

Specifies the name of the profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

certificate-update-profile

certificate-update-profile

Syntax

certificate-update-profile profile-name [create]

no certificate-profile profile-name

Context

[Tree] (config>system>security>pki certificate-update-profile)

Full Context

configure system security pki certificate-update-profile

Description

Commands in this context configure a certificate update profile that specifies the behavior of the automatic update certificate.

The no form of this command removes the profile.

Parameters

profile-name

Specifies the name of the profile, up to 32 characters.

create
Mandatory keyword to create a certificate update profile.

Platforms

All

cflash-cap-alarm

cflash-cap-alarm

Syntax

cflash-cap-alarm cflash-id rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]

no cflash-cap-alarm cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-alarm)

Full Context

configure system thresholds cflash-cap-alarm

Description

This command enables capacity monitoring of the compact flash specified in this command. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

Parameters

cflash-id

Specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created

If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example


cflash-cap-alarm cf1-A: rising-threshold 50000000 falling-threshold 49999900 
interval 120 rmon-event-type both start-alarm rising

Platforms

All

cflash-cap-alarm-pct

cflash-cap-alarm-pct

Syntax

cflash-cap-alarm-pct cflash-id rising-threshold percentage [falling-threshold percentage] interval seconds [rmon-event-type event-type] [startup-alarm alarm-type]

no cflash-cap-alarm-pct cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-alarm-pct)

Full Context

configure system thresholds cflash-cap-alarm-pct

Description

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

Parameters

cflash-id

Specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

falling-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

seconds

Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created.

If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-alarm-pct cf1-A: rising-threshold 70 falling-
threshold 60 interval 120 rmon-event-type both start-alarm rising

Platforms

All

cflash-cap-warn

cflash-cap-warn

Syntax

cflash-cap-warn cflash-id rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]

no cflash-cap-warn cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-warn)

Full Context

configure system thresholds cflash-cap-warn

Description

This command enables capacity monitoring of the compact flash specified in this command.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

Parameters

cflash-id

Specifies that the cflash-id specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and a SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-warn cf1-B: rising-threshold 2000000 falling-threshold 1999900 
interval 240 rmon-event-type trap start-alarm either

Platforms

All

cflash-cap-warn-pct

cflash-cap-warn-pct

Syntax

cflash-cap-warn-pct cflash-id rising-threshold percentage [falling-threshold percentage] interval seconds [rmon-event-type event-type] [startup-alarm alarm-type]

no cflash-cap-warn-pct cflash-id

Context

[Tree] (config>system>thresholds cflash-cap-warn-pct)

Full Context

configure system thresholds cflash-cap-warn-pct

Description

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

Parameters

cflash-id

Specifies that the cflash-id specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

falling-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both —Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example


cflash-cap-warn-pct cf1-B: rising-threshold 70 falling-threshold 60 
interval 240 rmon-event-type trap start-alarm either

Platforms

All

cflowd

cflowd

Syntax

[no] cflowd

Context

[Tree] (config>service>epipe>sap cflowd)

Full Context

configure service epipe sap cflowd

Description

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For L2 services, only ingress sampling is supported.

Default

no cflowd

Platforms

All

cflowd

Syntax

[no] cflowd

Context

[Tree] (config>service>vpls>sap cflowd)

Full Context

configure service vpls sap cflowd

Description

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For Layer 2 services, only ingress sampling is supported.

Default

no cflowd

Platforms

All

cflowd

Syntax

cflowd

Context

[Tree] (config>app-assure>group cflowd)

Full Context

configure application-assurance group cflowd

Description

Commands in this context configure cflowd parameters for the application assurance group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cflowd

Syntax

[no] cflowd

Context

[Tree] (config cflowd)

Full Context

configure cflowd

Description

This command creates the context to configure cflowd.

The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.

Default

no cflowd

Platforms

All

cflowd-parameters

cflowd-parameters

Syntax

cflowd-parameters

Context

[Tree] (config>service>ies>if cflowd-parameters)

[Tree] (config>service>vprn>sub-if>grp-if cflowd-parameters)

[Tree] (config>service>ies>sub-if>grp-if cflowd-parameters)

Full Context

configure service ies interface cflowd-parameters

configure service vprn subscriber-interface group-interface cflowd-parameters

configure service ies subscriber-interface group-interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When Cflowd is enabled at the interface level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

  • configure service ies interface cflowd-parameters

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface cflowd-parameters
  • configure service vprn subscriber-interface group-interface cflowd-parameters

cflowd-parameters

Syntax

cflowd-parameters

Context

[Tree] (config>service>vprn>nw-if cflowd-parameters)

[Tree] (config>service>vprn>if cflowd-parameters)

Full Context

configure service vprn network-interface cflowd-parameters

configure service vprn interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

cflowd-parameters

Syntax

cflowd-parameters

Context

[Tree] (config>router>if cflowd-parameters)

Full Context

configure router interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

cfm-mac-advertisement

cfm-mac-advertisement

Syntax

[no] cfm-mac-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn cfm-mac-advertisement)

Full Context

configure service vpls bgp-evpn cfm-mac-advertisement

Description

This command enables the advertisement and withdrawal, as appropriate, of the IEEE MAC address associated with the MP (MEP and MIP) created on a SAP, Spoke or Mesh, in an EVPN service.

The up-date occurs each time an MP is added or deleted, or an IEEE MAC address is changed for an MP on a SAP, Spoke or Mesh within the service. The size of the update depends on the number of MPs in the service affected by the modification.

Only enable this functionality, as required, for services that require a resident MAC address to properly forward unicast traffic and that do not perform layer two MAC learning as part of the data plane.

Local MP IEEE MAC addresses are not stored in the local FDB and, as such, cannot be advertised through a control plane to a peer without this command.

The no version of the command disables the functionality and withdraws all previously advertised MP IEEE MAC addresses.

Platforms

All

cfm-opcode

cfm-opcode

Syntax

cfm-opcode {lt | gt | eq} opcode

cfm-opcode range start end

no cfm-opcode

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match cfm-opcode)

Full Context

configure system security management-access-filter mac-filter entry match cfm-opcode

Description

This command specifies the type of opcode checking to be performed.

If the cfm-opcode match condition is configured then a check must be made to see if the Ethertype is either IEEE802.1ag or Y1731. If the Ethertype does not match then the packet is not CFM and no match to the cfm-opcode is attempted.

The CFM (ieee802.1ag or Y1731) opcode can be assigned as a range with a start and an end number or with a (less than lt, greater than gt, or equal to eq) operator.

If no range with a start and an end or operator (lt, gt, eq) followed by an opcode with the value between 0 and 255 is defined then the command is invalid.

Opcode Values lists the opcode values.

Table 3. Opcode Values

CFM PDU or Organization

Acronym

Configurable Numeric Value (Range)

Reserved for IEEE 802.1 0

0

Continuity Check Message

CCM

1

Loopback Reply

LBR

2

Loopback Message

LBM

3

Linktrace Reply

LTR

4

Linktrace Message

LTM

5

Reserved for IEEE 802.1

6 – 31

Reserved for ITU

32

AIS

33

Reserved for ITU

34

LCK

35

Reserved for ITU

36

TST

37

Reserved for ITU

38

APS

39

Reserved for ITU

40

MCC

41

LMR

42

LMM

43

Reserved for ITU

44

1DM

45

DMR

46

DMM

47

Reserved for ITU

48 – 63

Reserved for IEEE 802.1 0

64 - 255

Defined by ITU-T Y.1731 32 - 63

Defined by IEEE 802.1. 64 - 255

Default

no cfm-opcode

Parameters

opcode

Specifies the opcode checking to be performed.

start

specifies the start number.

Values

0 to 255

end

Specifies the end number.

Values

0 to 255

lt | gt | eq

Specifies comparison operators.

Platforms

All

cfm-vlan-tag

cfm-vlan-tag

Syntax

cfm-vlan-tag qtag1[.qtag2]

no cfm-vlan-tag

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>epipe>sap>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>sap>eth-cfm>mep cfm-vlan-tag)

Full Context

configure service vpls spoke-sdp eth-cfm mep cfm-vlan-tag

configure service epipe spoke-sdp eth-cfm mep cfm-vlan-tag

configure service vpls eth-cfm mep cfm-vlan-tag

configure service epipe sap eth-cfm mep cfm-vlan-tag

configure service vpls mesh-sdp eth-cfm mep cfm-vlan-tag

configure service vpls sap eth-cfm mep cfm-vlan-tag

Description

This command configures VLAN tags to apply to locally-generated CFM PDUs for egress processing.

The no form of the command removes the qtags from the configuration.

Parameters

qtag1

Specifies the outer VLAN ID.

Values

1 to 4094

qtag2

Specifies the inner VLAN ID and can only be specified if qtag1 is configured.

Values

1 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

chain-to-system-filter

chain-to-system-filter

Syntax

[no] chain-to-system-filter

Context

[Tree] (config>filter>ipv6-filter chain-to-system-filter)

[Tree] (config>filter>ip-filter chain-to-system-filter)

Full Context

configure filter ipv6-filter chain-to-system-filter

configure filter ip-filter chain-to-system-filter

Description

This command chains this filter to a currently active system filter. When the filter is chained to the system filter, the system filter rules are executed first, and the filter rules are only evaluated if no match on the system filter was found.

The no form of the command detaches this filter from the system filter.

Operational note:

If no system filter is currently active, the command has no effect.

Default

no chain-to-system-filter

Platforms

All

challenge

challenge

Syntax

challenge {always}

no challenge

Context

[Tree] (config>service>vprn>l2tp challenge)

[Tree] (config>router>l2tp challenge)

Full Context

configure service vprn l2tp challenge

configure router l2tp challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always

Specifies that the challenge-response authentication is always used.

Default

no challenge

Values

always

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

challenge

Syntax

challenge always

no challenge

Context

[Tree] (config>service>vprn>l2tp>group challenge)

Full Context

configure service vprn l2tp group challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always

Specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group.

Values

always

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

challenge

Syntax

challenge {always | never}

no challenge

Context

[Tree] (config>service>vprn>l2tp>group>tunnel challenge)

Full Context

configure service vprn l2tp group tunnel challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command removes the parameter from the configuration and indicates that the value on group level will be taken.

Default

no challenge

Parameters

always

Specifies that challenge-response authentication should always be used for the tunnel.

never

Specifies that challenge-response authentication should never be used for the tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

change-reporting-action

change-reporting-action

Syntax

change-reporting-action reporting-action

no change-reporting-action

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile change-reporting-action)

Full Context

configure subscriber-mgmt gtp peer-profile change-reporting-action

Description

This command specifies the value of the change reporting action IE sends to the peer in applicable messages. The peer needs to indicate support first using the appropriate flag in the indication IE.

This is overridden by AAA, if AAA explicitly request notification changes for either ECGI, TAI or both. If AAA does not request any notification changes or only the generic location change, the configured value is used.

The no form of this command indicates that the IE is not sent, unless specified by AAA.

Default

no change-reporting-action

Parameters

reporting-action

Specifies the reporting action value as per TS 29.274.

Values

0 to 255, cgi-sai, rai, tai, ecgi, cgi-sai-rai, tai-ecgi

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

channel

channel

Syntax

channel ip-address [ip-address] [create]

no channel ip-address [ip-address]

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle channel)

Full Context

configure mcast-management multicast-info-policy bundle channel

Description

This command defines explicit channels or channel ranges that are associated with the containing bundle. A channel or channel range is defined by their destination IP addresses. A channel may be defined using either IPv4 or IPv6 addresses. If a channel range is being defined, both the start and ending addresses must be the same type.

A specific channel may only be defined within a single channel or channel range within the multicast information policy. A defined channel range cannot overlap with an existing channel range.

If a channel range is to be shortened, extended, split or moved to another bundle, it must first be removed from its existing bundle.

Each specified channel range creates a containing context for any override parameters for the channel range. By default, no override parameters exist.

The no form of this command removes the specified multicast channel from the containing bundle.

Parameters

ip-address

Specifies the starting and ending destination IP addresses for a channel range. If only the start channel ip-address parameter is given, the channel ranges comprises of a single multicast channel.

If both the starting and ending address are specified, all addresses within the range including the specified address are part of the channel range.

IPv4 or IPv6 addresses may be defined. All specified addresses must be valid multicast destination addresses. The starting IP address must be numerically lower than the ending IP address.

Values

Any valid IP multicast destination address

create

This keyword is required if creating a new multicast channel range when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the specified channel range already exists.

Platforms

All

channel

Syntax

channel mcast-address source ip-address [channel-name channel-name]

no channel mcast-address source ip-address

Context

[Tree] (config>service>vprn>video-interface channel)

[Tree] (config>service>ies>video-interface channel)

Full Context

configure service vprn video-interface channel

configure service ies video-interface channel

Description

This command configures channel parameters for ad insertion.

Parameters

mcast-address

Specifies the multicast address.

source ip-address

Specifies the source IP address.

channel-name channel-name

Specifies the channel name up to 32 characters in length.

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

channel

Syntax

channel start-address end-address bw bandwidth [class class] [type type] [source prefix/prefix-length]

no channel start-address end-address [source prefix/prefix-length]

Context

[Tree] (config>router>mcac>policy>bundle channel)

Full Context

configure router mcac policy bundle channel

Description

This command creates a multicast channel within the bundle where it is configured. A join for a particular multicast channel can be accepted if:

  1. Mandatory channels:

    A sufficient bandwidth exists on the interface according to the policy settings for the interface. There is always sufficient BW available on the bundle level because mandatory channels get BW pre-reserved.

  2. Optional channels:

    A sufficient BW exists on both interface and bundle level.

A channel definition can be either IPv4 (start-address, end-address, source-address are IPv4 addresses) or IPv6. A single bundle can have either IPv4 or IPv6 or IPv6 and IPv4 channel definitions. A single policy can mix any of those bundles.

Overlapping channels are not allowed. Two channels overlap if they contain same groups and the same source address prefix (or both do not specify source address prefix). Two channels with same groups and different source prefixes (including one of the channels having no source configured or one of the channels having more specific prefix than the other) do not overlap and are treated as separate channels.

When joining a group from multiple sources, MCAC accounts for that only once when no source address is specified or a prefix for channel covers both sources. Channel BW should be adjusted accordingly or source-aware channel definition should be used if that is not desired.

If a bundle is removed, the channels associated are also removed and every multicast group that was previously policed (because it was in the bundle that contained the policy) becomes free of constraints.

When a new bundle is added to a MCAC policy, the bundle’s established groups on a given interfaces are accounted by the policy. Even if this action results in exceeding the bundle’s constrain, no active multicast groups are removed. When a leave message is received for an existing optional channel, then the multicast stream is pruned and subsequent new joins may be denied in accordance with the policy. It is possible that momentarily there may be insufficient bandwidth, even for mandatory channels, in this bundle.

Parameters

start-address

Specifies the beginning multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.

Values

This must be a valid IPv4 or IPv6 multicast group address

end-address

Specifies the ending multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.

Values

This must be a valid IPv4 or IPv6 multicast group address

prefix/prefix-length

Specifies the source of the multicast IP stream. This must be a valid IPv4 or IPv6 multicast source address prefix.

Values

address-prefix/prefix-length

address-prefix is valid IPv4/IPv6 multicast source IP address prefix (local scope excluded)

prefix-length [0 to 32] for IPv4 [0 to 128] for IPv6

bandwidth

Specifies the bandwidth required by this channel in kb/s. If this bandwidth is configured for a mandatory channel then this bandwidth is reserved by subtracting the amount from the total available bandwidth for all potential egress interfaces and the bundle.

If this bandwidth is configured as an optional channel then this bandwidth must be available for both the bundle and the egress interface requesting the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.

Values

10 to 10000000 kb/s

class

Provides deeper classification of channels used in the algorithm when LAG ports change state.

Values

high, low

Default

low

type

Specifies the channel to be either mandatory or optional.

mandatory — When the mandatory keyword is specified, then the bandwidth is reserved by subtracting it from the total available for all the potential egress interfaces and the bundle.

optional — When the optional keyword is specified then the bandwidth must be available on both the bundle and the egress interface that requests the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.

Values

mandatory, optional

Default

optional

Platforms

All

channel-group

channel-group

Syntax

[no] channel-group channel-group-id

Context

[Tree] (config>port>tdm>ds1 channel-group)

[Tree] (config>port>tdm>e1 channel-group)

Full Context

configure port tdm ds1 channel-group

configure port tdm e1 channel-group

Description

This command creates DS0 channel groups in a channelized DS1 or E1 circuit. Channel groups cannot be further subdivided.

The no form of this command deletes the specified DS1 or E1 channel.

Parameters

channel-group-id

Identifies the channel-group ID number.

Values

DS1: 1 to 24 E1: 1 to 32

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

channelized

channelized

Syntax

channelized {ds1 | e1}

no channelized

Context

[Tree] (config>port>tdm>ds3 channelized)

Full Context

configure port tdm ds3 channelized

Description

This command specifies that the associated DS-3 is a channelized DS-3 with DS-1/E-1 sub-channels. Depending on the MDA type, the DS-3 parameters must be disabled if clear channel is the default (for example, on m12-ds3 MDAs). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. The no form specifies the associated DS-3 is a clear channel circuit and cannot contain sub-channel DS-1s/E-1s. The sub-channels must be deleted first before the no command is executed.

Default

no channelized.

Parameters

ds1

Specifies that the channel is DS-1.

e1

Specifies that the channel is E-1.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

chap-challenge-length

chap-challenge-length

Syntax

chap-challenge-length min length max length

no chap-challenge-length

Context

[Tree] (config>router>l2tp>group>ppp chap-challenge-length)

[Tree] (config>service>vprn>l2tp>group>tunnel chap-challenge-length)

[Tree] (config>router>l2tp>group>tunnel>ppp chap-challenge-length)

Full Context

configure router l2tp group ppp chap-challenge-length

configure service vprn l2tp group tunnel chap-challenge-length

configure router l2tp group tunnel ppp chap-challenge-length

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

Default

32

max length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Default

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

chap-challenge-length

Syntax

chap-challenge-length min length max length

no chap-challenge-length

Context

[Tree] (config>service>vprn>l2tp>group>ppp chap-challenge-length)

Full Context

configure service vprn l2tp group ppp chap-challenge-length

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

max length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

characteristic

characteristic

Syntax

characteristic characteristic-name value value-name

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy-override>policy characteristic)

Full Context

configure application-assurance group policy-override policy characteristic

Description

This command configure an override characteristic and value.

Parameters

characteristic-name

Specifies the characteristic name, up to 32 characters.

value-name

Specifies the override characteristic value for the application profile characteristic used by the Application assurance subscriber.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

characteristic

Syntax

characteristic characteristic-name value value-name

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy>app-profile characteristic)

Full Context

configure application-assurance group policy app-profile characteristic

Description

This command assigns one of the existing values of an existing application service option characteristic to the application profile.

The no form of this command removes the characteristic from the application profile.

Parameters

characteristic-name

Specifies the name of an existing ASO characteristic.

value-name

Specifies the name for the application profile characteristic up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

characteristic

Syntax

characteristic characteristic-name

Context

[Tree] (config>app-assure>group>aqp>entry>action characteristic)

Full Context

configure application-assurance group app-qos-policy entry action characteristic

Description

This command enables the system to use the value of the characteristic name specified in the app-qos-policy url-filter action for the configurable ICAP x-header name provisioned in the url-filter policy. The ICAP server can then use this value to decide which url-filter policy to apply instead of applying a filter policy based on the subscriber name.

Parameters

characteristic-name

Specifies the name of the characteristic.

characteristic

Syntax

characteristic characteristic-name {eq | neq} value-name

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match characteristic)

Full Context

configure application-assurance group policy app-qos-policy entry match characteristic

Description

This command adds an existing characteristic and its value to the match criteria used by this AQP entry.

The no form of this command removes the characteristic from match criteria for this AQP entry.

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

characteristic-name

Specifies the name of the existing ASO characteristic, up to 32 characters in length.

value-name

Specifies the name of an existing value for the characteristic, up to 32 characters in length.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

characteristic

Syntax

characteristic characteristic-name [create]

no characteristic characteristic-name

Context

[Tree] (config>app-assure>group>policy>aso characteristic)

Full Context

configure application-assurance group policy app-service-options characteristic

Description

This command creates the characteristic of the application service options.

The no form of this command deletes characteristic option. To delete a characteristic, it must not be referenced by other components of application assurance.

Parameters

characteristic-name

Specifies a string of up to 32 characters uniquely identifying this characteristic.

create

Mandatory keyword used to create when creating a characteristic. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-characteristics

charging-characteristics

Syntax

charging-characteristics

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile charging-characteristics)

Full Context

configure subscriber-mgmt gtp peer-profile charging-characteristics

Description

Commands in this context configure charging characteristics.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-filter

charging-filter

Syntax

charging-filter

Context

[Tree] (config>app-assure>group>policy charging-filter)

Full Context

configure application-assurance group policy charging-filter

Description

Commands in this context configure a charging filter for application assurance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

charging-group

Syntax

charging-group charging-group-name

no charging-group

Context

[Tree] (config>app-assure>group>policy>chrg-fltr>entry charging-group)

Full Context

configure application-assurance group policy charging-filter entry charging-group

Description

This command configures an association between the charging group and the flows that match the charging filter entry.

The no form of this command removes the charging group.

Default

no charging-group

Parameters

charging-group-name

Specifies a string that uniquely identifies the charging group in the system, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group charging-group-name

no charging-group

Context

[Tree] (config>app-assure>group>policy>app-group charging-group)

[Tree] (config>app-assure>group>policy>application charging-group)

Full Context

configure application-assurance group policy app-group charging-group

configure application-assurance group policy application charging-group

Description

This command associates an application or app-group to an application assurance charging group.

The no form of this command deletes the charging group association.

Default

no charging-group

Parameters

charging-group-name

Specifies a string of up to 32 characters uniquely identifying an existing charging group in the system.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group {eq | neq} charging-group-name

no charging-group

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match charging-group)

Full Context

configure application-assurance group policy app-qos-policy entry match charging-group

Description

This command adds charging-group to match criteria used by this AQP entry.

The no form of this command removes the charging-group from match criteria for this AQP entry.

Default

no charging-group

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

charging-group-name

Specifies the name of the existing application group entry. The application-group name is configured in the config>app-assure>group>policy>aqp>entry>match context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group charging-group-name [create]

no charging-group charging-group-name

Context

[Tree] (config>app-assure>group>policy charging-group)

Full Context

configure application-assurance group policy charging-group

Description

This command creates a charging group for an application assurance policy.

The no form of this command deletes the charging group from the configuration. All associations must be removed to delete a group.

Default

no charging-group

Parameters

charging-group-name

Specifies a string of up to 32 characters uniquely identifying an existing charging group in the system.

create

Mandatory keyword used when creating an charging group. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-group

Syntax

charging-group charging-group-name export-using export-method [export-method...(up to 2 max)]

charging-group charging-group-name no-export

no charging-group charging-group-name

Context

[Tree] (config>app-assure>group>statistics>aa-sub charging-group)

Full Context

configure application-assurance group statistics aa-sub charging-group

Description

This command configures aa-sub accounting statistics for export of charging groups of a given AA ISA group/partition.

The no form of this command removes the parameters from the configuration.

Parameters

charging-group-name

Specifies the name of the charging group. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.

export-using export-method

Specifies that the method of stats export to be used.

Values

accounting-policy, radius-accounting-policy

no-export

Allows the operator to enable the referred to a charging group to be selected (via Diameter) for Gx-usage monitoring. Gx usage monitoring is enabled automatically (and this command is not shown) if the export-using parameter is selected for the respective charging group.

Usage monitoring must be enabled at the group:partition level (config>app-assure>group>statistics>aa-sub>usage-monitoring) as well in order to allow any application/application group/charging group usage monitoring.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

charging-rule-base-name

charging-rule-base-name

Syntax

charging-rule-base-name category-map-name

charging-rule-base-name string

no charging-rule-base-name

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp charging-rule-base-name)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp charging-rule-base-name

Description

This command includes the Charging-Rule-Base-Name AVP with the specified value in all Diameter DCCA CCR messages.

The no form of this command removes the Charging-Rule-Base-Name AVP from the Diameter DCCA CCR messages.

Default

charging-rule-base-name category-map-name

Parameters

category-map-name

This keyword specifies the name of the category-map in use.

string

Specifies a string of up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

chassis-level

chassis-level

Syntax

chassis-level

Context

[Tree] (config>mcast-management chassis-level)

Full Context

configure mcast-management chassis-level

Description

Commands in this context configure multicast plane bandwidth parameters. The chassis-level CLI node contains the multicast plane replication limit for each switch fabric multicast plane.

The chassis-level node always exists and contains the configuration command to define the total replication rates for primary and secondary associated ingress paths for each switch fabric multicast plane.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

chassis-mode

chassis-mode

Syntax

chassis-mode chassis-mode [force]

Context

[Tree] (config>system chassis-mode)

Full Context

configure system chassis-mode

Description

This command is retained for historic reasons, and was used to control the set of features and scaling available based on the variants of IOMs present in the node. As of release 15.0, the set of supported IOMs no longer requires this differentiation using this command. The command still exists but the mode is fixed at chassis mode d.

Default

chassis-mode d

Parameters

chassis-mode

Specifies the chassis modes:

d: This mode corresponds to scaling and feature set associated with iom3-xp.

force

Forces an upgrade from a lesser scaling and feature set to a greater one.

Platforms

7450 ESS, 7750 SR-7/12

check-id-kp-cmcra-only

check-id-kp-cmcra-only

Syntax

[no] check-id-kp-cmcra-only

Context

[Tree] (config>system>security>pki>est-profile check-id-kp-cmcra-only)

Full Context

configure system security pki est-profile check-id-kp-cmcra-only

Description

This command enables checking id-kp-cmcRA in the EST certificate. When enabled, instead of the subject or subject alternative name, only the id-kp-cmcRA existence in extended key usage extension of EST server certificate is checked. The id-kp-cmcRA identifies a Registration Authority.

The no form of this command reverts to the default value.

Default

no check-id-kp-cmcra-only

Platforms

All

check-zero

check-zero

Syntax

check-zero {enable | disable}

no check-zero

Context

[Tree] (config>service>vprn>ripng>group>neighbor check-zero)

[Tree] (config>service>vprn>rip check-zero)

[Tree] (config>service>vprn>ripng>group check-zero)

[Tree] (config>service>vprn>rip>group>neighbor check-zero)

[Tree] (config>service>vprn>ripng check-zero)

[Tree] (config>service>vprn>rip>group check-zero)

Full Context

configure service vprn ripng group neighbor check-zero

configure service vprn rip check-zero

configure service vprn ripng group check-zero

configure service vprn rip group neighbor check-zero

configure service vprn ripng check-zero

configure service vprn rip group check-zero

Description

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The no form of this command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

Default

no check-zero

Parameters

enable

Enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting noncompliant RIP messages.

disable

Disables the checking and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

Platforms

All

check-zero

Syntax

check-zero {enable | disable}

no check-zero

Context

[Tree] (config>router>rip>group check-zero)

[Tree] (config>router>rip check-zero)

[Tree] (config>router>ripng check-zero)

[Tree] (config>router>ripng>group>neighbor check-zero)

[Tree] (config>router>rip>group>neighbor check-zero)

[Tree] (config>router>ripng>group check-zero)

Full Context

configure router rip group check-zero

configure router rip check-zero

configure router ripng check-zero

configure router ripng group neighbor check-zero

configure router rip group neighbor check-zero

configure router ripng group check-zero

Description

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The check-zero enable command enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting non-compliant RIP messages.

The check-zero disable command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no check-zero), the setting from the less specific level is inherited by the lower level.

The no form of the command removes the check-zero command from the configuration.

Parameters

enable

Specifies to reject RIP messages which do not have zero in the RIPv1 and RIPv2 mandatory fields.

disable

Specifies allows receipt of RIP messages which do not have the mandatory zero fields reset.

Platforms

All

checksum

checksum

Syntax

checksum {md5 | sha256} file-url

Context

[Tree] (file checksum)

Full Context

file checksum

Description

This command computes and displays a checksum for a file.

Parameters

md5

Specifies the use of the MD5 algorithm to produce the file checksum.

sha256

Specifies the use of the SHA-256 algorithm to produce the file checksum.

file-url

Specifies the location of the file.

Values

local-url

[cflash-id/][file-path] up to 200 characters, including cflash-id directory length 99 chars max each

remote-url

[{ftp:// | tftp:// | http:// | https://}login:pswd@remote-locn/][file-path]

up to 247 characters

directory length up to 199 characters

remote-locn

[hostname | ipv4-address | [ipv6-address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - up to 32 characters, for link local addresses 255

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

child-control

child-control

Syntax

child-control

Context

[Tree] (config>qos>adv-config-policy child-control)

Full Context

configure qos adv-config-policy child-control

Description

This command contains parameters that are intended to allow more precise control of the method that hierarchical virtual scheduling employs to emulate the effect of a scheduling context upon a member child queue or policer.

This command edits the parameters that control the child requested bandwidth and parental bandwidth distribution for all policers and queues associated with the policy.

Platforms

All

chli-event

chli-event

Syntax

chli-event {forward | backward | aggregate} threshold raise-threshold [clear clear-threshold]

no chli-event {forward | backward | aggregate}

Context

[Tree] (config>oam-pm>session>ethernet>slm>loss-events chli-event)

[Tree] (config>oam-pm>session>ethernet>lmm>loss-events chli-event)

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events chli-event)

Full Context

configure oam-pm session ethernet slm loss-events chli-event

configure oam-pm session ethernet lmm loss-events chli-event

configure oam-pm session ip twamp-light loss-events chli-event

Description

This command sets the consecutive high loss interval (CHLI) threshold to be monitored and the associated thresholds using the counter of the specified direction. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no chli-event forward

no chli-event backward

no chli-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the numerical value compared to the CHLI counter that is the rising threshold that determines when the event is to be generated, when the percentage of loss value is reached.

Values

1 to 864000

clear-threshold

Specifies an optional numerical value compared to the CHLI counter used for stateful behavior that allows the operator to configure a value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the CHLI counter must be 0.

Platforms

All

  • configure oam-pm session ethernet slm loss-events chli-event
  • configure oam-pm session ethernet lmm loss-events chli-event

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure oam-pm session ip twamp-light loss-events chli-event

cipher

cipher

Syntax

cipher index name cipher-name

no cipher index

Context

[Tree] (config>system>security>ssh>server-cipher-list cipher)

[Tree] (config>system>security>ssh>client-cipher-list cipher)

Full Context

configure system security ssh server-cipher-list cipher

configure system security ssh client-cipher-list cipher

Description

This command configures a cipher. Client-ciphers are used when the SR OS is acting as an SSH client. Server-ciphers are used when the SR OS is acting as an SSH server.

The no form of this command removes the index and cipher name from the configuration.

Default

no cipher index

Parameters

index

Specifies the index of the cipher in the list.

Values

1 to 255

cipher-name

Specifies the algorithm used when performing encryption or decryption.

Values

Client ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr.

Server ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr.

The following table lists the default ciphers used for SSHv2.

Table 4. SSHv2 Default Ciphers

Cipher index value

Cipher name

190

aes256-ctr

192

aes192-ctr

194

aes128-ctr

200

aes128-cbc

205

3des-cbc

225

aes192-cbc

230

aes256-cbc

Platforms

All

cipher

Syntax

cipher index name cipher-suite-code

no cipher index

Context

[Tree] (config>system>security>tls>server-cipher-list cipher)

[Tree] (config>system>security>tls>client-cipher-list cipher)

Full Context

configure system security tls server-cipher-list cipher

configure system security tls client-cipher-list cipher

Description

This command configures the cipher suite to be negotiated by the server and client.

Parameters

index

Specifies the index number. The index number provides the location of the cipher in the negotiation list, with the lower index numbers being higher in the negotiation list and the higher index numbers being at the bottom of the list.

Values

1 to 255

cipher-suite-code

Specifies the cipher suite code.

Values

tls-rsa-with-null-md5

tls-rsa-with-null-sha

tls-rsa-with-null-sha256

tls-rsa-with-3des-ede-cbc-sha

tls-rsa-with-aes128-cbc-sha

tls-rsa-with-aes256-cbc-sha

tls-rsa-with-aes128-cbc-sha256

tls-rsa-with-aes256-cbc-sha256

tls-rsa-with-aes128-gcm-sha256

tls-rsa-with-aes256-gcm-sha384

Platforms

All

cipher-list

cipher-list

Syntax

cipher-list name

no cipher-list

Context

[Tree] (config>system>security>tls>client-tls-profile cipher-list)

Full Context

configure system security tls client-tls-profile cipher-list

Description

This command assigns the cipher list to be used by the TLS client profile for negotiation in the client Hello message.

Parameters

name

Specifies the name of the cipher list.

Platforms

All

cipher-list

Syntax

cipher-list name

no cipher-list

Context

[Tree] (config>system>security>tls>server-tls-profile cipher-list)

Full Context

configure system security tls server-tls-profile cipher-list

Description

This command assigns a cipher list to be used by the TLS server profile. This cipher list is used to find matching ciphers with the cipher list that is received from the client.

The no form of the command removes the cipher list.

Parameters

name

Specifies the name of the cipher list, up to 32 characters in length.

Platforms

All

cipher-suite

cipher-suite

Syntax

cipher-suite cipher-suite

no cipher-suite

Context

[Tree] (config>macsec>connectivity-association cipher-suite)

Full Context

configure macsec connectivity-association cipher-suite

Description

This command configures encryption of data path PDUs. When all parties in the Connectivity Association (CA) have the SAK, they use the above algorithm in conjunction with the SAK to encrypt the data path PDUs.

The XPN 64 bit (extended packet number) can be used for higher rate ports such as 10 GigE to minimize the window rollover and renegotiation of the SAK.

The no form of this command disables encryption of data path PDUs.

Default

cipher-suite gcm-aes-128

Parameters

cypher-suite

Specifies the algorithm.

Values

gcm-aes-128 — algorithm is used for control plain encryption

gcm-aes-256 — algorithm is used for control plain encryption

gcm-aes-xpn-128 — algorithm with extended packet number is used for control plain encryption

gcm-aes-xpn-256 — algorithm with extended packet number is used for control plain encryption

Platforms

All

cir

cir

Syntax

cir congested-cir

no cir

Context

[Tree] (config>app-assure>group>policer>congestion-override cir)

Full Context

configure application-assurance group policer congestion-override cir

Description

This command provides a mechanism to configure the CIR for the congestion override policer. It is recommended that the CIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. The CIR is configurable for dual-bucket bandwidth policers only.

The no form of this command resets the CIR value to its default.

Default

cir 0

Parameters

congested-cir

Specifies an integer value defining size, in kilobytes, for the CIR of the policer.

Values

0 to 100000000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cir

Syntax

cir cir-rate

no cir

Context

[Tree] (config>app-assure>group>policer>congestion-override-stage2 cir)

Full Context

configure application-assurance group policer congestion-override-stage2 cir

Description

This command provides a mechanism to configure the CIR for the congestion override policer. It is recommended that the CIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. The CIR is configurable for dual-bucket bandwidth policers only.

The no form of this command resets the CIR value to its default.

Default

cir 0

Parameters

cir-rate

Specifies an integer value defining size, in kilobytes, for the CIR of the policer.

Values

0 to 100000000, max

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

cir-non-profiling

cir-non-profiling

Syntax

[no] cir-non-profiling

Context

[Tree] (config>qos>sap-ingress>queue cir-non-profiling)

Full Context

configure qos sap-ingress queue cir-non-profiling

Description

This command prevents the modification of the profile of a packet depending on the queue rate compared to its configured CIR. The CIR continues to be used to affect the scheduling priority of a queue. The cir-non-profiling command and the queue police command are mutually exclusive.

The cir-non-profiling command is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

The cir-non-profiling command should not be configured under a SAP ingress QoS policy queue associated with a LAG which spans FP4-based and FP2- or FP3-based hardware as the resulting operation could be different depending on which hardware type the traffic ingresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

cir-non-profiling

Syntax

[no] cir-non-profiling

Context

[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue cir-non-profiling)

Full Context

configure qos queue-group-templates ingress queue-group queue cir-non-profiling

Description

This command prevents the modification of the profile of a packet-dependent queue rate compared to its configured CIR. The CIR continues to be used to affect the scheduling priority of a queue. The cir-non-profiling and the queue police commands are mutually exclusive.

cir-non-profiling is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

cir-non-profiling should not be configured under an ingress queue group template queue associated with a LAG which spans FP4-based and FP2/FP3-based hardware as the resulting operation could be different depending on which hardware type the traffic ingresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

circuit-id

circuit-id

Syntax

circuit-id string ascii-string

circuit-id hex hex-string

no circuit-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident circuit-id)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident circuit-id)

Full Context

configure subscriber-mgmt local-user-db ppp host host-identification circuit-id

configure subscriber-mgmt local-user-db ipoe host host-identification circuit-id

Description

This command specifies the circuit ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the circuit ID is matched against DHCP Option 82.

Note:

This command is only used when circuit-id is configured as one of the match-list parameters.

The no form of this command removes the circuit ID from the configuration.

Parameters

ascii-string

Specifies the circuit ID from the Option 82, up to 127 characters.

hex-string

Specifies the circuit ID in hexadecimal format from the Option 82.

Values

0x0 to 0xFFFFFFFF (maximum 254 hex nibbles)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

circuit-id sap-id

circuit-id string ASCII string

no circuit-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ali circuit-id)

Full Context

configure subscriber-mgmt local-user-db ppp host access-loop-information circuit-id

Description

This command specifies a circuit-id for PPPoE hosts. A circuit ID received in PPPoE tags has precedence over the LUDB specified circuit ID.

The no form of this command reverts to the default.

Parameters

sap-id

Specifies to use the SAP ID of the PPPoE session as the circuit ID.

ASCII string

Specifies the circuit ID as a string, up to 63 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

circuit-id

circuit-id {ascii-tuple | if-index | sap-id | vlan-ascii-tuple}

circuit-id hex [hex-string]

no circuit-id

Context

[Tree] (config>service>vprn>if>dhcp>option circuit-id)

[Tree] (config>service>ies>if>dhcp>option circuit-id)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option circuit-id)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option circuit-id)

[Tree] (config>service>vpls>sap>dhcp>option circuit-id)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option circuit-id)

Full Context

configure service vprn interface dhcp option circuit-id

configure service ies interface dhcp option circuit-id

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option circuit-id

configure service ies subscriber-interface group-interface dhcp option circuit-id

configure service vpls sap dhcp option circuit-id

configure service vprn subscriber-interface group-interface dhcp option circuit-id

Description

When enabled, the router sends an ASCII-encoded tuple in the circuit-id sub-option of the DHCP packet. This ASCII-tuple consists of the access-node-identifier, service-id, and SAP-ID, separated by "|”. If no keyword is configured, then the circuit-id sub-option will not be part of the information option (Option 82). When the command is configured without any parameters, it equals to circuit-id ascii-tuple.

To send a tuple in the circuit ID, the action replace command must be configured in the same context.

If disabled, the circuit-id sub-option of the DHCP packet is left empty.

The no form of this command specifies to leave the circuit-id option of the packet empty.

Default

circuit-id ascii-tuple

Parameters

ascii-tuple

Specifies that the ASCII-encoded concatenated tuple consisting of the access-node-identifier, service-id, and interface-name is used.

ifindex

Specifies that the interface index is used. The If Index of a router interface can be displayed using the command show>router>if>detail.

sap-id

Specifies that the SAP identifier is used.

vlan-ascii-tuple

Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Thus, when the Option 82 bits are stripped, dot1p bits are copied to the Ethernet header of an outgoing packet.

hex-string

Specifies the hex value of this option.

Values

0x0 to 0xFFFFFFFF...(up to 64 hex nibbles)

Platforms

All

  • configure service vprn interface dhcp option circuit-id
  • configure service ies interface dhcp option circuit-id
  • configure service vpls sap dhcp option circuit-id

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface dhcp option circuit-id
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option circuit-id
  • configure service vprn subscriber-interface group-interface dhcp option circuit-id

circuit-id

Syntax

[no] circuit-id

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute circuit-id)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute circuit-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute circuit-id

configure subscriber-mgmt authentication-policy include-radius-attribute circuit-id

Description

This command enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

[no] circuit-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>avp circuit-id)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp circuit-id

Description

This command includes the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

[no] circuit-id circuit-id

Context

[Tree] (debug>service>id>ppp circuit-id)

Full Context

debug service id ppp circuit-id

Description

This command enable PPP debug for the specified circuit-id.

Multiple circuit-id filters can be specified in the same debug command.

The no form of this command disables debugging.

Parameters

circuit-id

Specifies the circuit-id in PADI.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

[no] circuit-id

Context

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes circuit-id)

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes circuit-id)

Full Context

configure aaa isa-radius-policy auth-include-attributes circuit-id

configure aaa isa-radius-policy acct-include-attributes circuit-id

Description

This command enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.

Default

no circuit-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

circuit-id

Syntax

circuit-id {ascii-tuple | ifindex | if-name | port-id | vlan-ascii-tuple | none}

no circuit-id

Context

[Tree] (config>router>if>dhcp>option circuit-id)

Full Context

configure router interface dhcp option circuit-id

Description

When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>if>detail. This option specifies data that must be unique to the router that is relaying the circuit.

If disabled, the circuit-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default

circuit-id ascii-tuple

Parameters

ascii-tuple

Specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by "| ”.

ifindex

Specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.

if-name

Specifies the interface name.

port-id

Specifies the port ID.

vlan-ascii-tuple

Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

none

Specifies that no circuit should be used.

Platforms

All

circuit-id-from-auth

circuit-id-from-auth

Syntax

[no] circuit-id-from-auth

Context

[Tree] (config>subscr-mgmt>ipoe-plcy circuit-id-from-auth)

Full Context

configure subscriber-mgmt ipoe-session-policy circuit-id-from-auth

Description

This command takes the circuit ID value from the authentication server to identify the session.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cisco-nas-port

cisco-nas-port

Syntax

cisco-nas-port [ethernet binary-spec-eth] [atm binary-spec-atm]

no cisco-nas-port

Context

[Tree] (config>router>l2tp cisco-nas-port)

[Tree] (config>service>vprn>l2tp cisco-nas-port)

Full Context

configure router l2tp cisco-nas-port

configure service vprn l2tp cisco-nas-port

Description

This command configures the L2TP Cisco NAS port AVP.

The no form of this command removes the specified L2TP Cisco NAS port AVP.

Default

no cisco-nas-port

Parameters

binary-spec-eth

Specifies the string to put in the Cisco-NAS-Port AVP for L2TP control messages related to a PPPoE session in this L2TP protocol instance.

binary-spec-atm

Specifies the string to put in the Cisco-NAS-Port AVP, for L2TP control messages related to a PPPoA (PPP over ATM) session in this L2TP protocol instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cisco-nas-port

Syntax

cisco-nas-port [ethernet binary-spec] [ atm binary-spec]

no cisco-nas-port

Context

[Tree] (config>service>vprn>l2tp cisco-nas-port)

Full Context

configure service vprn l2tp cisco-nas-port

Description

This command enables the AVP Cisco-nas-port to include the slot/mda/port along with the pseudowire port ID. If the pseudowire is terminated on a LAG, the slot/mda/port cannot be populated and only the pseudowire ID is included.

The no form of this command enables the AVP Cisco-nas-port.

Default

no cisco-nas-port

Parameters

binary-spec

Specifies the NAS port attribute.

Values

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 to 32

origin

s | m | p | o | i | v | c

s

slot number

m

MDA number

p

port number, lag-id, pw-id or pxc-id

o

outer VLAN ID

i

inner VLAN ID

v

ATM VPI

c

ATM VCI or PXC subport (subport a = 0, subport b = 1)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ckn

ckn

Syntax

ckn hex-string

no ckn

Context

[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key ckn)

Full Context

configure macsec connectivity-association static-cak pre-shared-key ckn

Description

Specifies the connectivity association key name (CKN) for a pre-shared key.

CKN is appended to the MKA for identification of the appropriate CAK by the peer.

The no form of this command reverts to the default value.

Parameters

hex-string

Specifies the value of the CKN.

Values

32 octets char (64 hex)

Platforms

All

class

class

Syntax

[no] class class-number

Context

[Tree] (config>port>ethernet>egress>hs-sec-shaper class)

Full Context

configure port ethernet egress hs-secondary-shaper class

Description

This command specifies the HS secondary shaper class.

The no form of this command reverts the rate for this class to the default value.

Parameters

class-number

Specifies the HS secondary shaper class identifier.

Values

1 to 6

Platforms

7750 SR-7/12/12e

class

Syntax

[no] class

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes class)

Full Context

configure aaa isa-radius-policy acct-include-attributes class

Description

This command enables the generation of the class RADIUS attribute.

Default

no class

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

class-forwarding

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>service>vprn class-forwarding)

Full Context

configure service vprn class-forwarding

Description

This command enables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.

The no form of this command disables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.

Default

no class-forwarding

Platforms

All

class-forwarding

Syntax

class-forwarding cbf-mode {lsr | ler | lsr-and-ler}

no class-forwarding

Context

[Tree] (config>router>ldp class-forwarding)

Full Context

configure router ldp class-forwarding

Description

This command enables class-based forwarding for packets that belong to one of the eight forwarding classes (be, l2, af, l1, h2, ef, h1, and nc). For the LER role, class-based forwarding is performed in conjunction with ECMP. At LER, this function applies to packets whose prefixes resolve to an LDP FEC. This LDP FEC resolves to a set of IGP shortcuts (RSVP-TE LSPs). At LSR, this function applies to labeled LDP packets whose FEC resolves to an IGP shortcut. Refer to "Class-based Forwarding of LDP Prefix Packets over IGP Shortcuts” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for detailed information on this capability.

The no form of this command disables class-based forwarding.

Default

no class-forwarding

Parameters

cbf-mode lsr

Enables class-forwarding at LSR and disables any previously enabled mode.

cbf-mode ler

Enables class-forwarding at LER and disables any previously enabled mode.

cbf-mode lsr-and-ler

Enables class-forwarding at both LSR and LER, and disables any previously enabled mode.

Platforms

All

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>router>mpls>lsp-template class-forwarding)

[Tree] (config>router>mpls>lsp class-forwarding)

Full Context

configure router mpls lsp-template class-forwarding

configure router mpls lsp class-forwarding

Description

Commands in this context configure class based forwarding parameters for a given LSP or LSP-template.

A change in the Class-Based Forwarding configuration may result in a change of forwarding behavior.

The no form removes any Class-Based Forwarding configuration associated to that LSP or LSP-template.

Default

no class-forwarding

Platforms

All

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>router class-forwarding)

Full Context

configure router class-forwarding

Description

This command enables class-based forwarding (CBF) over IGP shortcuts. When the class-forwarding command is enabled, the following types of packets are forwarded based on their forwarding class:

  • packets of BGP prefixes

  • CPM originated packets for the families (IPv4 only, IPv6 only, or both IPv4 and IPv6) which have been enabled over IGP shortcuts using the igp-shortcut CLI context in one or more IGP instances

The SR OS CBF implementation supports spraying of packets over a maximum of four forwarding sets of ECMP LSPs. The user must define a class-forwarding policy object in MPLS to configure the mapping of FCs to the forwarding sets. Then, the user assigns the CBF policy name and set ID to each MPLS LSP that is used in IGP shortcuts.

When a BGP IPv4 or IPv6 prefix is resolved, the FC of the packet is used to look up the forwarding set ID. Then, a modulo operation is performed on the tunnel next-hops of this set ID only, to spray packets of this FC. The data path concurrently implements CBF and ECMP within the tunnels of each set ID.

CPM-originated packets on the router, including control plane and OAM packets, are forwarded over a single LSP from the set of LSPs that the packet's FC is mapped to, as per the CBF configuration.

Note:

Weighted ECMP, at the transport tunnel level of BGP prefixes over IGP shortcuts and the CBF feature on a per BGP next-hop basis are mutually exclusive.

Default

no class-forwarding

Platforms

All

class-forwarding

Syntax

class-forwarding [default-lsp lsp-name]

no class-forwarding

Context

[Tree] (config>service>sdp class-forwarding)

Full Context

configure service sdp class-forwarding

Description

This command enables the forwarding of a service packet over the SDP based on the class of service of the packet. Specifically, the packet is forwarded on the RSVP LSP or static LSP whose forwarding class matches that of the packet. The user maps the system forwarding classes to LSPs using the config>service>sdp>class-forwarding>fc command. If there is no LSP that matches the packet’s forwarding class, the default LSP is used. If the packet is a VPLS multicast/broadcast packet and the user did not explicitly specify the LSP to use under the config>service>sdp>class-forwarding>multicast-lsp context, then the default LSP is used.

VLL service packets are forwarded based on their forwarding class only if shared queuing is enabled on the ingress SAP. Shared queuing must be enabled on the VLL ingress SAP if class-forwarding is enabled on the SDP the service is bound to. Otherwise, the VLL packets will be forwarded to the LSP which is the result of hashing the VLL service ID. Since there are eight entries in the ECMP table for an SDP, one LSP ID for each forwarding class, the resulting load balancing of VLL service ID is weighted by the number of times an LSP appears on that table. For instance, if there are eight LSPs, the result of the hashing will be similar to when class based forwarding is disabled on the SDP. If there are fewer LSPs, then the LSPs which were mapped to more than one forwarding class, including the default LSP, will have proportionally more VLL services forwarding to them.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.

The no form of the command deletes the configuration and the SDP reverts back to forwarding service packets based on the hash algorithm used for LAG and ECMP.

Default

no class-forwarding

Parameters

default-lsp lsp-name

Specifies the default LSP for the SDP. This LSP name must exist and must have been associated with this SDP using the lsp-name configured in the config>service>sdp>lsp context. The default LSP is used to forward packets when there is no available LSP which matches the packet’s forwarding class. This could be because the LSP associated with the packet’s forwarding class is down, or that the user did not configure a mapping of the packet’s forwarding class to an LSP using the config>service>sdp>class-forwarding>fc command. The default LSP is also used to forward VPLS service multicast/broadcast packets in the absence of a user configuration indicating an explicit association to one of the SDP LSPs.

Note:

When the default LSP is down, the SDP is also brought down. The user will not be able to enter the class-forwarding node if the default LSP was not previously specified. In other words, the class-forwarding for this SDP will remain shutdown.

Platforms

All

class-forwarding

Syntax

[no] class-forwarding

Context

[Tree] (config>router>ospf>segm-rtng class-forwarding)

[Tree] (config>router>isis>segm-rtng class-forwarding)

Full Context

configure router ospf segment-routing class-forwarding

configure router isis segment-routing class-forwarding

Description

This command enables Class Based Forwarding with ECMP for SR-ISIS or SR-OSPF resolved to RSVP-TE LSPs as IGP shortcuts. For CBF+ECMP to be effective, a class forwarding policy must be defined. In addition, FC to set associations and RSVP-TE LSPs to set associations must be defined.

The no form of this command disables Class Based Forwarding with ECMP for SR-ISIS or SR-OSPF resolved to RSVP-TE LSPs as IGP shortcuts.

Default

no class-forwarding

Platforms

All

class-forwarding-policy

class-forwarding-policy

Syntax

class-forwarding-policy policy-name

no class-forwarding-policy policy-name

Context

[Tree] (config>router>mpls class-forwarding-policy)

Full Context

configure router mpls class-forwarding-policy

Description

This command configures the class-based forwarding (CBF) policy used in the CBF feature of an LDP FEC or a BGP prefix over IGP shortcuts.

Parameters

policy-name

Specifies the name of the class forwarding policy, up to 32 characters.

Platforms

All

class-pool

class-pool

Syntax

[no] class-pool alt-class-pool-id

Context

[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools class-pool)

Full Context

configure qos hs-port-pool-policy alt-port-class-pools class-pool

Description

Commands in this context configure a class pool's parent mid-pool, dynamic port bandwidth weight, explicit percentage of mid-pool size, or a slope policy. Six alternate port-class pools always exist (one for each of the six scheduling classes) and do not need to be created.

The no form of the command restores the default parent-mid-pool association to mid-pool none, restores the default allocation port-bw-weight 1 setting (explicit-percent disabled), and restores the default slope policy to the specified class-pool.

Parameters

alt-class-pool-id

Specifies the class pool ID.

Values

1 to 6

Platforms

7750 SR-7/12/12e

class-pool

Syntax

[no] class-pool std-class-pool-id

Context

[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools class-pool)

Full Context

configure qos hs-port-pool-policy std-port-class-pools class-pool

Description

Commands in this context configure class pool's parent mid-pool, dynamic port bandwidth weight, explicit percentage of mid-pool size, or a slope policy. Six alternate port-class pools always exist (one for each of the six scheduling classes) and do not need to be created.

The no form of the command restores the default parent-mid-pool association to mid-pool 1, restores the default allocation port-bw-weight 1 setting (explicit-percent disabled), and restore the default slope policy to the specified class-pool.

Parameters

std-class-pool-id

Specifies the class pool ID.

Values

1 to 6

Platforms

7750 SR-7/12/12e

class-type

class-type

Syntax

class-type ct-number

no class-type

Context

[Tree] (config>router>mpls>lsp>secondary class-type)

[Tree] (config>router>mpls>lsp class-type)

[Tree] (config>router>mpls>lsp-template class-type)

[Tree] (config>router>mpls>lsp>primary class-type)

Full Context

configure router mpls lsp secondary class-type

configure router mpls lsp class-type

configure router mpls lsp-template class-type

configure router mpls lsp primary class-type

Description

This command configures the Diff-Serv Class Type (CT) for an LSP, the LSP primary path, or the LSP secondary path. The path level configuration overrides the LSP level configuration. However, only one CT per LSP path will be allowed as per RFC 4124.

The signaled CT of a dynamic bypass is always be CT0 regardless of the CT of the primary LSP path. The setup and hold priorities must be set to default values, that is, 7 and 0 respectively. This assumes that the operator configured a couple of TE classes, one which combines CT0 and a priority of 7 and the other which combines CT0 and a priority of 0. If not, the bypass LSP will not be signaled and will go into the down state.

The operator cannot configure the CT, setup priority, and hold priority of a manual bypass. They are always signaled with CT0 and the default setup and holding priorities.

The signaled CT and setup priority of a detour LSP must match those of the primary LSP path it is associated with.

If the operator changes the CT of an LSP or of an LSP path, or changes the setup and holding priorities of an LSP path, the path will be torn down and retried.

An LSP which does not have the CT explicitly configured will behave like a CT0 LSP when Diff-Serv is enabled.

If the operator configured a combination of a CT and a setup priority and/or a combination of a CT and a holding priority for an LSP path that are not supported by the user-defined TE classes, the LSP path will be kept in a down state and an error code will be displayed in the show command output for the LSP path.

The no form of this command reverts to the default value.

Default

class-type 0

Parameters

ct-number

Specifies the Diff-Serv Class Type number.

Values

0 to 7

Platforms

All

class-type-bw

class-type-bw

Syntax

class-type-bw ct0 %-link-bandwidth ct1%-link-bandwidth ct2%-link-bandwidth ct3%-link-bandwidth ct4%-link-bandwidth ct5%-link-bandwidth ct6%-link-bandwidth ct7%-link-bandwidth

no class-type-bw

Context

[Tree] (config>router>rsvp>diffserv-te class-type-bw)

[Tree] (config>router>rsvp>interface class-type-bw)

Full Context

configure router rsvp diffserv-te class-type-bw

configure router rsvp interface class-type-bw

Description

This command configures the percentage of RSVP interface bandwidth each CT shares, for example, the Bandwidth Constraint (BC).

The absolute value of the CT share of the interface bandwidth is derived as the percentage of the bandwidth advertised by IGP in the Maximum Reservable Link Bandwidth TE parameter, for example, the link bandwidth multiplied by the RSVP interface subscription percentage parameter.

Note:

This configuration also exists at RSVP interface level and the interface specific configured value overrides the global configured value. The BC value can be changed at any time.

The RSVP interface subscription percentage parameter is configured in the config>router>rsvp>interface context.

The operator can specify the Bandwidth Constraint (BC) for a CT which is not used in any of the TE class definition but that does not get used by any LSP originating or transiting this node.

When Diff-Serv is disabled on the node, this model degenerates into a single default CT internally with eight preemption priorities and a non-configurable BC equal to the Maximum Reservable Link Bandwidth. This would behave exactly like CT0 with eight preemption priorities and BC= Maximum Reservable Link Bandwidth if Diff-Serv was enabled.

The no form of this command reverts to the default value.

Parameters

ct0 (ct1/ct2/ —ct7) %link-bandwidth

The Diff-Serv Class Type number. One or more system forwarding classes can be mapped to a CT.

Values

0 to 100 %

Default

0

Platforms

All

class-weight

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>ipipe>sap>egress>queue-override>hs-wrr-group class-weight)

[Tree] (config>service>epipe>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service ipipe sap egress queue-override hs-wrr-group class-weight

configure service epipe sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>vpls>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service vpls sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>ies>if>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service ies interface sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

class-weight

Syntax

class-weight weight

no class-weight

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>hs-wrr-group class-weight)

Full Context

configure service vprn interface sap egress queue-override hs-wrr-group class-weight

Description

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters

weight

Specifies the class weight of the HS WRR group.

Values

1, 2, 4, 8

Platforms

7750 SR-7/12/12e

classes

classes

Syntax

classes limit

no classes

Context

[Tree] (config>card>fp>ingress>policy-accounting classes)

Full Context

configure card fp ingress policy-accounting classes

Description

This command configures the maximum number of source and destination classes that can be instantiated for accounting purposes on the interfaces of a specific card or FP.

The no form of this command specifies that no resources are reserved for source or destination classes.

Parameters

limit

Specifies the number of accounting classes.

Values

1000 to 128000

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

classic-cli

classic-cli

Syntax

classic-cli

Context

[Tree] (config>system>management-interface>cli classic-cli)

Full Context

configure system management-interface cli classic-cli

Description

Commands in this context configure the classic CLI management interface.

Platforms

All

classic-cli

Syntax

classic-cli

Context

[Tree] (config>system>security>management-interface classic-cli)

Full Context

configure system security management-interface classic-cli

Description

Commands in this context configure hash-control for the classic CLI interface.

Platforms

All

classic-lsn-max-subscriber-limit

classic-lsn-max-subscriber-limit

Syntax

classic-lsn-max-subscriber-limit max

no classic-lsn-max-subscriber-limit

Context

[Tree] (config>router>nat>inside>deterministic classic-lsn-max-subscriber-limit)

[Tree] (config>service>vprn>nat>inside>deterministic classic-lsn-max-subscriber-limit)

Full Context

configure router nat inside deterministic classic-lsn-max-subscriber-limit

configure service vprn nat inside deterministic classic-lsn-max-subscriber-limit

Description

This command affects ingress hashing of the subscribers for deterministic NAT. It will also affect hashing of the subscribers for non-deterministic NAT if the both types of NAT are configured simultaneously. The hashing will ensure that traffic load is distributed over multiple MS-ISAs in the system. For deterministic LSN44, (32 – n) bits of the source IP address will be considered for hashing, where 2^n= classic-lsn-max-subscriber-limit.

The scope of this command is the inside routing instance. This command must match the largest subscriber limit of all pools that are referenced by nat-policies configured within the corresponding inside routing instance.

This parameter must be configured before any prefix is configured and can be modified only if there are no prefixes configured under the deterministic NAT CLI hierarchy.

If non-deterministic NAT is not used simultaneously with deterministic NAT within a routing context, then hashing for non-deterministic NAT will be performed based on the subscriber.

Default

no classic-lsn-max-subscriber-limit

Parameters

max

The power of 2 (2^n) number that must match the largest subscriber limit number in a deterministic pool referenced from this inside routing instance. The range for this command is the same as the subscriber-limit command under the pool hierarchy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classic-lsn-max-subscriber-limit

Syntax

classic-lsn-max-subscriber-limit max

no classic-lsn-max-subscriber-limit

Context

[Tree] (config>service>vprn>nat>inside classic-lsn-max-subscriber-limit)

[Tree] (config>router>nat>inside classic-lsn-max-subscriber-limit)

Full Context

configure service vprn nat inside classic-lsn-max-subscriber-limit

configure router nat inside classic-lsn-max-subscriber-limit

Description

This command sets the granularity of traffic distribution in the upstream direction across the MS-ISA within the scope of an inside routing context. Traffic distribution mechanism is based on the source IPv4 addresses/prefixes. More granular distribution is based on the IPv4 address, while distribution based on the IPv4 prefix (determined by prefix length) will be less granular. The granularity will further decrease with shorter prefix length.

For example, a prefix length of 32 will distribute individual /32 IPv4 addresses over multiple MS-ISAs in an ISA group. This will ensure better traffic load balancing at the expense of forwarding table utilization on the outside (public side) where each /32 is installed in the forwarding table. On the contrary, shorter prefixes will ensure better utilization of the forwarding table on the outside, at the expense of coarser spread of IP addresses over multiple MS-ISAs.

This command affects all flavors of LSN44 within the inside routing contexts, although its primary use is intended for deterministic NAT and dnat-only.

The length of the prefix that is used for distribution purposes is (32-n), where 2^n= classic-lsn-max-subscriber-limit. For example, if traffic distribution is based on the IPv4 address (prefix length = 32), then n must be 0. From here, it follows that classic-lsn-max-subscriber-limit must be set to 1:

Prefix length = 32 -> 32-n = 32 -> n=0 -> 2^0= 1 = classic-lsn-max-subscriber-limit classic-lsn-max-subscriber-limit = 1

The implicit method given by this command uses power of 2 calculations to provide prefix length for traffic distribution purposes. This roundabout approach to determine the prefix-length has roots in deterministic NAT where this command was originally introduced.

Even though deterministic NAT and dnat-only have very little in common, the method (and CLI syntax) for calculating the prefix length using the classic-lsn-max-subscriber-limit parameter for traffic distribution purposes is shared between the two. In dnat-only, this parameter is important from an operational perspective since it affects traffic load balancing over MS-ISA and the size of the routing table.

This command must be configured before any prefix is configured and can be modified only if there are no prefixes configured under the deterministic NAT.

Parameters

max

The power of 2 (2^n) value which in deterministic NAT must match the largest subscriber-limit value in any deterministic pool referenced from this inside routing instance.

In dnat-only, this value can be set to any value from the allowed range.

In both cases, this value will determine the prefix-length (17-32) that will directly influence load distribution between the MS-ISAs and the size of the routing table.

Values

1,2,4,8 to 32768

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classic-lsn-sub

classic-lsn-sub

Syntax

[no] classic-lsn-sub router router-instance ip ip-address

Context

[Tree] (config>li>li-source>nat classic-lsn-sub)

Full Context

configure li li-source nat classic-lsn-sub

Description

This command configures a classic LSN subscriber sources.

The no form of this command removes the parameter from the configuration.

Parameters

router-instance

Specifies the router instance the pool belongs to, either by router name or service ID.

Values

router-name: "Base” | "management”

Default

Base

ip-address

Specifies the IP address in a.b.c.d format.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classification-overrides

classification-overrides

Syntax

classification-overrides

Context

[Tree] (config>app-assure>group>url-filter>web-service classification-overrides)

Full Context

configure application-assurance group url-filter web-service classification-overrides

Description

Commands in this context create a classification override and allows the operator to manually set the category of a hostname.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

classifier

classifier

Syntax

classifier classifier category-set-id category-set

no classifier

Context

[Tree] (config>app-assure>group>url-filter>web-service classifier)

Full Context

configure application-assurance group url-filter web-service classifier

Description

This command selects the web service to use from the supported web services.

The no form of this command removes the selected web service.

Default

no classifier

Parameters

classifier

Specifies the web service to use.

Values

web-service-1 | web-service-2

category-set

Specifies the category ID set to use for URL categorization. A category-set ID defines the list of categories that the web service uses to perform URL categorization.

Values

1 to 2

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

clear

clear

Syntax

clear

Context

[Tree] (admin clear)

Full Context

admin clear

Description

Commands in this context clear statistics.

Platforms

All

clear-alarm-msg

clear-alarm-msg

Syntax

clear-alarm-msg message-string

no clear-alarm-msg

Context

[Tree] (config>system>alarm-contact-input clear-alarm-msg)

Full Context

configure system alarm-contact-input clear-alarm-msg

Description

This command configures a message string to send with SNMP trap and log event messages that are generated when the system clears an alarm. The system generates the default message "Alarm Input Cleared” if no message is configured. The clear-alarm-msg string is included in the log event when the pin changes to the normal state.

The no form of this command reverts to the default message "Alarm Input Cleared”.

Default

no clear-alarm-msg

Parameters

message-string

Specifies a printable character string, up to 160 characters.

Platforms

7750 SR-a

clear-df-bit

clear-df-bit

Syntax

[no] clear-df-bit

Context

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel clear-df-bit)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel clear-df-bit)

[Tree] (config>service>ies>if>sap>ip-tunnel clear-df-bit)

[Tree] (config>router>if>ipsec>ipsec-tunnel clear-df-bit)

[Tree] (config>service>vprn>if>ipsec>ip-tunnel clear-df-bit)

Full Context

configure service ies interface ipsec ipsec-tunnel clear-df-bit

configure service vprn interface sap ipsec-tunnel clear-df-bit

configure service ies interface sap ip-tunnel clear-df-bit

configure router interface ipsec ipsec-tunnel clear-df-bit

configure service vprn interface ipsec ip-tunnel clear-df-bit

Description

This command instructs the MS-ISA to reset the DF bit to 0 in all payload IP packets associated with the GRE or IPsec tunnel, before any potential fragmentation resulting from the ip-mtu command (this requires a modification of the header checksum).

The no form of this command disables the DF bit reset.

Default

no clear-df-bit

Platforms

VSR

  • configure service ies interface ipsec ipsec-tunnel clear-df-bit
  • configure router interface ipsec ipsec-tunnel clear-df-bit

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies interface sap ip-tunnel clear-df-bit
  • configure service vprn interface sap ipsec-tunnel clear-df-bit

clear-df-bit

Syntax

[no] clear-df-bit

Context

[Tree] (config>service>vprn>if clear-df-bit)

Full Context

configure service vprn interface clear-df-bit

Description

This command specifies whether to clear the Do not Fragment (DF) bit in the outgoing packets in this tunnel.

Platforms

All

clear-df-bit

Syntax

[no] clear-df-bit

Context

[Tree] (config>ipsec>tnl-temp clear-df-bit)

Full Context

configure ipsec tunnel-template clear-df-bit

Description

This command enables clearing of the Do-not-Fragment bit.

Default

no clear-df-bit

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

clear-ocsp-cache

clear-ocsp-cache

Syntax

clear-ocsp-cache [entry-id]

Context

[Tree] (admin>certificate clear-ocsp-cache)

Full Context

admin certificate clear-ocsp-cache

Description

This command clears the current OCSP response cache. If optional issuer and serial-number are not specified, then all current cached results are cleared.

Parameters

entry-id

Specifies the local cache entry identifier of the certificate to clear.

Values

1 to 2000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

clear-request

clear-request

Syntax

clear-request ca ca-profile-name

Context

[Tree] (admin>certificate>cmpv2 clear-request)

Full Context

admin certificate cmpv2 clear-request

Description

This command clears current pending CMPv2 requests toward the specified CA. If there are no pending requests, it will clear the saved result of prior request.

Parameters

ca ca-profile-name

Specifies a ca-profile name up to 32 characters.

Platforms

All

clear-tag-mode

clear-tag-mode

Syntax

clear-tag-mode clear-tag-mode

no clear-tag-mode

Context

[Tree] (config>macsec>connectivity-association clear-tag-mode)

Full Context

configure macsec connectivity-association clear-tag-mode

Description

This command puts 802.1Q tags in cleartext before the SecTAG. There are two modes: single-tag and dual-tag.

Encrypted Dot1q and QinQ Packet Format explains the encrypted dot1q and QinQ packet format when clear-tag-mode single-tag or dual-tag is configured.

The no form of this command puts all dot1q tags encrypted after the SecTAG.

Table 5. Encrypted Dot1q and QinQ Packet Format

Unencrypted format

Clear-tag-mode

Pre-encryption (Tx)

Pre-decryption (Rx)

Single tag (dot1q)

single-tag

DA, SA, TPID, VID, Etype

DA, SA, TPID, VID, SecTag

Single tag (dot1q)

dual-tag

DA, SA, TPID, VID, Etype

DA, SA, TPID, VID, SecTag

Double tag (q-in-q)

single-tag

DA, SA, TPID1, VID1, IPID2, VID2, Etype

DA, SA, TPID1, VID1, SecTag

Double tag (QinQ)

dual-tag

DA, SA, TPID1, VID1, IPID2, VID2, Etype

DA, SA, TPID1, VID1, IPID2, VID2, SecTag

Default

no clear-tag-mode

Parameters

clear-tag-mode

Specifies the clear tag mode.

Values

single-tag, dual-tag

Platforms

All

cli

cli

Syntax

[no] cli

Context

[Tree] (debug>dynsvc>scripts>inst>event cli)

[Tree] (debug>dynsvc>scripts>event cli)

[Tree] (debug>dynsvc>scripts>script>event cli)

Full Context

debug dynamic-services scripts instance event cli

debug dynamic-services scripts event cli

debug dynamic-services scripts script event cli

Description

This command enables/disables the generation of a specific dynamic data service script debugging event output: cli.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cli

Syntax

cli

Context

[Tree] (config>system>management-interface cli)

Full Context

configure system management-interface cli

Description

Commands in this context configure the CLI management interfaces.

Platforms

All

cli

Syntax

cli {warning | info}

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>message-severity-level cli)

Full Context

configure system management-interface cli md-cli environment message-severity-level cli

Description

This command specifies the threshold for CLI messages.

Default

cli info

Parameters

warning

Specifies that WARNING messages are displayed but INFO messages are suppressed.

info

Specifies that INFO messages and WARNING messages are displayed.

Platforms

All

cli-engine

cli-engine

Syntax

cli-engine {classic-cli | md-cli} [{classic-cli | md-cli}]

no cli-engine

Context

[Tree] (config>system>management-interface>cli cli-engine)

Full Context

configure system management-interface cli cli-engine

Description

This command configures the system-wide CLI engine. The operator can configure one or both engines. For the configuration to take effect, exit the running CLI session and start a new session after committing the new value.

Parameters

classic-cli

Specifies the classic CLI.

md-cli

Specifies the MD-CLI.

Platforms

All

cli-script

cli-script

Syntax

cli-script

Context

[Tree] (config>system>security cli-script)

Full Context

configure system security cli-script

Description

Commands in this context configure the security parameters in the system.

Platforms

All

cli-session-group

cli-session-group

Syntax

cli-session-group session-group-name [create]

no cli-session-group session-group-name

Context

[Tree] (config>system>security cli-session-group)

Full Context

configure system security cli-session-group

Description

This command is used to configure a session group that can be used to limit the number of CLI sessions available to members of the group.

Parameters

session-group-name

Specifies a particular session group.

Platforms

All

cli-user

cli-user

Syntax

cli-user name

no cli-user

Context

[Tree] (config>service>dynsvc>policy cli-user)

Full Context

configure service dynamic-services dynamic-services-policy cli-user

Description

This command specifies the CLI user to be used to execute the dynamic data services CLI scripts. With the specified user’s profile, it is possible to further restrict the internal list of allowed commands to be executed via dynamic data service CLI scripts.

The no form of this command sets the CLI user to an internal user with all configuration rights.

Parameters

name

Specifies the CLI user name that must exist in the >config>system>security CLI context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cli-user

Syntax

cli-user user-name

no cli-user

Context

[Tree] (config>system>security>cli-script>authorization>event-handler cli-user)

[Tree] (config>system>security>cli-script>authorization>cron cli-user)

Full Context

configure system security cli-script authorization event-handler cli-user

configure system security cli-script authorization cron cli-user

Description

This command configures the user context under which various types of CLI scripts should execute in order to authorize the script commands. TACACS+ and RADIUS users and authorization are not permitted for cli-script authorization.

The no form of this command configures scripts to execute with no restrictions and without performing authorization.

Default

no cli-user

Parameters

user-name

The name of a user in the local node database. TACACS+ or RADIUS users can not be used. The user configuration should reference a valid local profile for authorization.

Platforms

All

client

client

Syntax

client client-index [create]

no client client-index

Context

[Tree] (config>ipsec>client-db client)

Full Context

configure ipsec client-db client

Description

This command creates a new IPsec client entry in the client-db or enters the configuration context of an existing client entry.

There may be multiple client entries defined in the same client-db. If there are multiple entries that match the new tunnel request, then the system will select the entry that has smallest client-index.

The no form of this command reverts to the default.

Parameters

client-index

Specifies the ID of the client entry.

Values

1 to 8000

create

Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client

Syntax

client all

client ip-address

no client

Context

[Tree] (debug>system>grpc client)

Full Context

debug system grpc client

Description

This command enables debug output for all clients for a particular client.

The no form of this command deactivates debugging for all clients.

Parameters

all

Specifies that debugging will occur for all clients.

ip-address

Specifies the IPv4 or IPv6 address of the client.

Platforms

All

client

Syntax

client

Context

[Tree] (config>system>security>ssh>key-re-exchange client)

Full Context

configure system security ssh key-re-exchange client

Description

Commands in this context enable the key re-exchange for SR OS as an SSH client.

Platforms

All

client-application

client-application

Syntax

client-application [ppp-v4] [ipoe-v4]

no client-application

Context

[Tree] (config>service>vprn>sub-if>grp-if>local-address-assignment client-application)

[Tree] (config>service>vprn>sub-if>local-address-assignment client-application)

[Tree] (config>service>ies>sub-if>local-address-assignment client-application)

[Tree] (config>service>ies>sub-if>grp-if>local-address-assignment client-application)

Full Context

configure service vprn subscriber-interface group-interface local-address-assignment client-application

configure service vprn subscriber-interface local-address-assignment client-application

configure service ies subscriber-interface local-address-assignment client-application

configure service ies subscriber-interface group-interface local-address-assignment client-application

Description

This command enables local DHCP Server pool management for PPPoXv4 clients.

A pool of IP addresses can be shared between IPoE clients that rely on DHCP protocol (lease renewal process) and PPPoX clients where address allocation is not dependent on DHCP messaging but instead an IP address allocation within the pool is tied to the PPPoX session.

The no form of this command disables Local Address Assignment for any protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-application

Syntax

client-application [ppp-slaac] [ipoe-wan] [ ipoe-slaac]

no client-application

Context

[Tree] (config>service>vprn>sub-if>grp-if>lcl-addr-assign>ipv6 client-application)

Full Context

configure service vprn subscriber-interface group-interface local-address-assignment ipv6 client-application

Description

This command defines the client application that uses the local address server to perform address assignment. This feature is relies on RADIUS or local-user-database to return a pool name. The pool name is matched again the pools defined in the local-dhcp6-server configuration. The name of the local-dhcp6-server must also be provisioned.

The no form of this command reverts to the default.

Parameters

ppp-slaac

Indicates using the local DHCPv6 prefix pool to assign SLAAC prefixes for hosts. The pool name where the prefixes are used for SLAAC prefix assignment are obtained from RADIUS or local-user-database during the authentication process. The RADIUS attribute Alc-slaac-ipv6-pool is used to indicate the SLAAC pool name for PPPoE hosts.

ipoe-wan

Indicates using the local DHCPv6 pool for IA_NA address assignment and a static pre-defined prefixes for IA_PD. Both the IA_NA pool name and the IA_PD static framed-prefix are either obtained from RADIUS or LUDB during authentication. With RADIUS, it must return both IA_NA Framed-IPv6-Pool and IA_PD Delegated-IPv6-Prefix after a successful authentication. With LUDB, it must have ipv6-wan-address-pool and ipv6-delegated-prefix populated. This feature is specific to this use case and is not required for other combinations of DHCPv6 assignments such as IA_NA and IA_PD address assignment through RADIUS or LUDB.

ipoe-slaac

Indicates using the local DHCPv6 prefix pool to assign SLAAC prefixes for hosts. The pool name where the prefixes are used for SLAAC prefix assignment are obtained from RADIUS or local-user-database during the authentication process. The RADIUS attribute Alc-slaac-ipv6-pool is used to indicate the SLAAC pool name for PPPoE hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-applications

client-applications

Syntax

client-applications [dhcp] [ppp]

no client-applications

Context

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>proxy client-applications)

[Tree] (config>service>vprn>sub-if>dhcp client-applications)

[Tree] (config>service>ies>sub-if>grp-if>dhcp client-applications)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy client-applications)

[Tree] (config>service>ies>sub-if>dhcp client-applications)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy client-applications)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp client-applications)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay client-applications)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy client-applications)

Full Context

configure service ies subscriber-interface ipv6 dhcp6 proxy-server client-applications

configure service vprn subscriber-interface dhcp client-applications

configure service ies subscriber-interface group-interface dhcp client-applications

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay client-applications

configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server client-applications

configure service ies subscriber-interface dhcp client-applications

configure service vprn subscriber-interface ipv6 dhcp6 relay client-applications

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay client-applications

configure service vprn subscriber-interface ipv6 dhcp6 proxy-server client-applications

configure service vprn subscriber-interface group-interface dhcp client-applications

configure service ies subscriber-interface ipv6 dhcp6 relay client-applications

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server client-applications

Description

This command enables DHCP relay and proxy-server for the configured client types.

The no form of this command reverts to the default.

Default

dhcp

Parameters

dhcp

Enables IPoE clients to use the DHCP relay or proxy-server.

ppp

Enables PPPoE clients to use the DHCP relay or proxy-server that PPPoE attempts to request an IP address for a PPPoE client from the DHCP server assigned to PPPoE node.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-cert-subject-key-id

client-cert-subject-key-id

Syntax

[no] client-cert-subject-key-id

Context

[Tree] (config>ipsec>rad-auth-plcy>include client-cert-subject-key-id)

Full Context

configure ipsec radius-authentication-policy include-radius-attribute client-cert-subject-key-id

Description

This command enables the inclusion of the Subject Key Identifier of the peer's certificate in the RADIUS Access-Request packet as VSA: Alc-Subject-Key-Identifier. Refer to the 7750 SR and VSR RADIUS Attributes Reference Guide for more information.

Default

no client-cert-subject-key-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-cipher-list

client-cipher-list

Syntax

client-cipher-list

Context

[Tree] (config>system>security>ssh client-cipher-list)

Full Context

configure system security ssh client-cipher-list

Description

Commands in this context configure a list of allowed ciphers by the SSH client.

Platforms

All

client-cipher-list

Syntax

client-cipher-list name [create]

no client-cipher-list name

Context

[Tree] (config>system>security>tls client-cipher-list)

Full Context

configure system security tls client-cipher-list

Description

This command creates a cipher list that the client sends to the server in the client Hello message. It is a list of ciphers that are supported and preferred by the SR OS to be used in the TLS session. The server matches this list against the server cipher list. The most preferred cipher found in both lists is chosen.

Parameters

name

Specifies the name of the client cipher list, up to 32 characters in length.

create

Keyword used to create the client cipher list.

Platforms

All

client-db

client-db

Syntax

client-db db-name [create]

no client-db db-name

Context

[Tree] (config>ipsec client-db)

Full Context

configure ipsec client-db

Description

This command creates a new IPsec client-db or enters the configuration context of an existing client-db.

An IPsec client-db can be used for IKEv2 dynamic LAN-to-LAN tunnel authentication and authorization. When a new tunnel request is received, the system will match the request to the client entries configured in client-db and use credentials returned by the matched client entry for authentication. If authentication succeeds, the system could also use the IPsec configuration parameters (such as private-service-id) returned by the matched entry to set up the tunnel.

The configured client-db is referenced under the ipsec-gw configuration context using the client-db command.

The no form of this command removes the db-name from the configuration.

Parameters

db-name

Specifies the name of this IPsec client up to 32 characters.

create

Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-db

Syntax

client-db name

client-db name fallback

client-db name no-fallback

no client-db

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw client-db)

[Tree] (config>service>ies>if>sap>ipsec-gw client-db)

Full Context

configure service vprn interface sap ipsec-gw client-db

configure service ies interface sap ipsec-gw client-db

Description

This command enables the use of an IPsec client database. The system uses the specified client database to authenticate IKEv2 dynamic LAN-to-LAN tunnel.

Default

no client-db

Parameters

name

Specifies the name of the client database.

fallback

Specifies whether or not this IPsec gateway falls back to the default authentication policy when the IPsec tunnel authentication request fails to match any clients in the IPsec database.

no-fallback

Specifies that if the client database lookup fails to return a matched result, the system will fail the tunnel setup.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-db

Syntax

[no] no client-db db-name

Context

[Tree] (debug>ipsec client-db)

Full Context

debug ipsec client-db

Description

This command enables debugging for the specified IPsec client-db.

Parameters

db-name

Specifies the IPsec client database name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-down-delay

client-down-delay

Syntax

client-down-delay client-down-delay

no client-down-delay

Context

[Tree] (config>system>satellite>eth-sat client-down-delay)

Full Context

configure system satellite eth-sat client-down-delay

Description

This command sets the delay between the last available uplink becoming unavailable and the disabling of associated Ethernet satellite client ports.

The no form of this command disables the delay and reverts to the current behavior.

Default

no client-down-delay

Parameters

client-down-delay

Sets the number of seconds to wait between the last available uplink becoming unavailable and the disabling of associated ethernet satellite client ports.

Values

0 to 1800

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

client-group-list

client-group-list

Syntax

client-group-list name [create]

no client-group-list name

Context

[Tree] (config>system>security>tls client-group-list)

Full Context

configure system security tls client-group-list

Description

This command configures a list of group suite codes that the client sends in a client Hello message.

The no form of this command removes the client group list.

Parameters

name

Specifies the name of the client group list, up to 32 characters.

create

Keyword used to create the client group list.

Platforms

All

client-id

client-id

Syntax

client-id {mac-pppoe-session-id}

no client-id

Context

[Tree] (config>service>vprn>sub-if>grp-if>pppoe>dhcp-client client-id)

[Tree] (config>service>ies>sub-if>grp-if>pppoe>dhcp-client client-id)

Full Context

configure service vprn subscriber-interface group-interface pppoe dhcp-client client-id

configure service ies subscriber-interface group-interface pppoe dhcp-client client-id

Description

This command inserts a DHCP client identifier option 61 in DHCP client messages for PPPoE sessions that obtain IPv4 addresses from a third party DHCP server. By default, a DHCP client identifier option 61 is not included.

The no form of this command reverts to the default.

Default

no client-id

Parameters

mac-pppoe-session-id

Specifies that the DHCP client identifier option 61 contains a type value with type set to zero (1 octet) and value set to the PPPoE client MAC address (6 octets) and the PPPoE session ID (2 octets). For example:

Opt 61 (hex) = 00 00 10 94 A0 45 E5 00 01

where:

00 = type

00 10 94 A0 45 E5 = PPPoE client MAC address

00 01 = PPPoE session ID

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-identification

client-identification

Syntax

client-identification

Context

[Tree] (config>ipsec>client-db>client client-identification)

Full Context

configure ipsec client-db client client-identification

Description

Commands in this context configure client ID information of this IPsec client.

If there are multiple match input are configured in the match-list of the client-db, then all corresponding match criteria must be configured for the client-entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-ip

client-ip

Syntax

client-ip {eq | neq} ip-address

no client-ip

Context

[Tree] (debug>app-assure>group>traffic-capture>match client-ip)

Full Context

debug application-assurance group traffic-capture match client-ip

Description

This command configures debugging of a client IP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-kex-list

client-kex-list

Syntax

client-kex-list

Context

[Tree] (config>system>security>ssh client-kex-list)

Full Context

configure system security ssh client-kex-list

Description

Commands in this context configure SSH KEX algorithms for SR OS as a client.

An empty list is the default list that the SSH KEX advertises. The default list contains the following:

diffie-hellman-group16-sha512

diffie-hellman-group14-sha256

diffie-hellman-group14-sha1

diffie-hellman-group1-sha1

Platforms

All

client-mac

client-mac

Syntax

client-mac {odd | even}

no client-mac

Context

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>osel client-mac)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>osel client-mac)

[Tree] (config>service>vprn>sub-if>dhcp>osel client-mac)

Full Context

configure service vprn subscriber-interface group-interface dhcp offer-selection client-mac

configure service ies subscriber-interface group-interface dhcp offer-selection client-mac

configure service vprn subscriber-interface dhcp offer-selection client-mac

Description

Commands in this context configure a delay for the Discover message from the designated client MAC addresses.

The no form of this command removes the client MAC configuration.

Parameters

odd

Specifies to use the odd client MAC address.

even

Specifies to use the even client MAC address.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-mac

Syntax

client-mac {odd | even}

no client-mac

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection client-mac)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection client-mac)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>advertise-selection client-mac)

Full Context

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection client-mac

Description

Commands in this context configure a solicit delay or preference option value in function of the source MAC address of the solicit message.

The no form of this command removes the client MAC configuration.

Parameters

odd

Specifies to use the odd client MAC address.

even

Specifies to use the even client MAC address.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

client-mac-address

client-mac-address

Syntax

[no] client-mac-address

Context

[Tree] (config>service>vprn>if>dhcp>option>vendor client-mac-address)

[Tree] (config>service>ies>sub-if>dhcp>option client-mac-address)

[Tree] (config>service>vpls>sap>dhcp>option>vendor client-mac-address)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor client-mac-address)

[Tree] (config>service>ies>if>dhcp>option>vendor client-mac-address)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor client-mac-address)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor client-mac-address)

Full Context

configure service vprn interface dhcp option vendor-specific-option client-mac-address

configure service ies subscriber-interface dhcp option client-mac-address

configure service vpls sap dhcp option vendor-specific-option client-mac-address

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option client-mac-address

configure service ies interface dhcp option vendor-specific-option client-mac-address

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address

Description

This command enables the sending of the MAC address in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the MAC address in the Nokia vendor-specific sub-option of the DHCP relay packet.

Platforms

All

  • configure service vprn interface dhcp option vendor-specific-option client-mac-address
  • configure service vpls sap dhcp option vendor-specific-option client-mac-address
  • configure service ies interface dhcp option vendor-specific-option client-mac-address

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option client-mac-address
  • configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address
  • configure service ies subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address

client-mac-address

Syntax

[no] client-mac-address

Context

[Tree] (config>router>if>dhcp>option client-mac-address)

Full Context

configure router interface dhcp option client-mac-address

Description

This command enables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.

The no form of this command disables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.

Default

no client-mac-address

Platforms

All

client-mac-list

client-mac-list

Syntax

client-mac-list

Context

[Tree] (config>system>security>ssh client-mac-list)

Full Context

configure system security ssh client-mac-list

Description

Commands in this context configure SSH MAC algorithms for SR OS as a client.

Platforms

All

client-meg-level

client-meg-level

Syntax

client-meg-level [[level [level]]

no client-meg-level

Context

[Tree] (config>port>ethernet>eth-cfm>mep>ais-enable client-meg-level)

[Tree] (config>lag>eth-cfm>mep>ais-enable client-meg-level)

Full Context

configure port ethernet eth-cfm mep ais-enable client-meg-level

configure lag eth-cfm mep ais-enable client-meg-level

Description

This command configures the client maintenance entity group (MEG) level(s) to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level. Only the lowest client MEG level will be used for facility MEPs.

The no form of this command reverts to the default values.

Parameters

level

Specifies the client MEG level.

Values

1 to 7

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

client-meg-level

Syntax

client-meg-level [[level [level ...]]

no client-meg-level

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>ais-enable client-meg-level)

[Tree] (config>service>epipe>sap>eth-cfm>mep client-meg-level)

Full Context

configure service epipe spoke-sdp eth-cfm ais-enable client-meg-level

configure service epipe sap eth-cfm mep client-meg-level

Description

This command configures the client maintenance entity group (MEG) level or levels to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level.

Parameters

level

Specifies the client MEG level.

Values

1 to 7

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

client-meg-level

Syntax

client-meg-level [[level [level ...]]

no client-meg-level

Context

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>ais-enable client-meg-level)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>ais-enable client-meg-level)

Full Context

configure service vpls mesh-sdp eth-cfm mep ais-enable client-meg-level

configure service vpls spoke-sdp eth-cfm mep ais-enable client-meg-level

Description

This command configures the client maintenance entity group (MEG) level(s) to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level.

Parameters

level

Specifies the client MEG level

Values

1 to 7

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

client-name

client-name

Syntax

client-name name

no client-name

Context

[Tree] (config>ipsec>client-db>client client-name)

Full Context

configure ipsec client-db client client-name

Description

This command specifies the name of the client entry. The client name can be used in CLI navigation or in show commands.

Default

no client-name

Parameters

name

Specifies the name of the client.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-port

client-port

Syntax

client-port {eq | neq} port-num

no client-port

Context

[Tree] (debug>app-assure>group>traffic-capture>match client-port)

Full Context

debug application-assurance group traffic-capture match client-port

Description

This command configures debugging of a client port.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

client-signature-list

client-signature-list

Syntax

client-signature-list name [create]

no client-signature-list name

Context

[Tree] (config>system>security>tls client-signature-list)

Full Context

configure system security tls client-signature-list

Description

This command configures a list of TLS 1.3-supported signature suite codes that the client sends in a client Hello message.

The no form of this command removes the client signature list.

Parameters

name

Specifies the name of the client signature list, up to 32 characters.

create

Keyword used to create the client signature list.

Platforms

All

client-tls-profile

client-tls-profile

Syntax

client-tls-profile name

no client-tls-profile

Context

[Tree] (config>system>security>pki>est-profile client-tls-profile)

Full Context

configure system security pki est-profile client-tls-profile

Description

This command configures the TLS client profile to be assigned to applications for encryption. The profile creates the TLS connection to the EST server.

The no form of this command removes the name from the configuration.

Default

no client-tls-profile

Parameters

name

Specifies the name of the client TLS profile, up to 32 characters

Platforms

All

client-tls-profile

Syntax

client-tls-profile name [create]

no client-tls-profile name

Context

[Tree] (config>system>security>tls client-tls-profile)

Full Context

configure system security tls client-tls-profile

Description

This command configures the TLS client profile to be assigned to applications for encryption.

Parameters

name

Specifies the name of the client TLS profile, up to 32 characters in length.

create

Keyword used to create the client TLS profile.

Platforms

All

client-tls-profile

Syntax

client-tls-profile name

no client-tls-profile

Context

[Tree] (config>system>management-interface>remote-management client-tls-profile)

Full Context

configure system management-interface remote-management client-tls-profile

Description

This command configures the TLS client profile used for encryption by all remote managers. This command and allow-unsecure-connection are mutually exclusive.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command causes the profile configuration not to be used.

Parameters

name

Specifies the name of the client TLS profile, up to 32 characters.

Platforms

All

client-tls-profile

Syntax

client-tls-profile name

no client-tls-profile

Context

[Tree] (config>system>management-interface>remote-management>manager client-tls-profile)

Full Context

configure system management-interface remote-management manager client-tls-profile

Description

This command configures the TLS client profile used for encryption by this remote manager. This command and allow-unsecure-connection are mutually exclusive.

This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).

The no form of this command causes the profile configuration to be inherited from the global context (config>system>management-interface>remote-management).

Parameters

name

Specifies the name of the client TLS profile, up to 32 characters.

Platforms

All

clli-code

clli-code

Syntax

clli-code clli-code

no clli-code

Context

[Tree] (config>system clli-code)

Full Context

configure system clli-code

Description

This command creates a Common Language Location Identifier (CLLI) code string for the SR-series router. A CLLI code is an 11-character standardized geographic identifier that uniquely identifies geographic locations and certain functional categories of equipment unique to the telecommunications industry.

No CLLI validity checks other than truncating or padding the string to eleven characters are performed.

Only one CLLI code can be configured, if multiple CLLI codes are configured the last one entered overwrites the previous entry.

The no form of the command removes the CLLI code.

Default

no clli-code

Parameters

clli-code

Specifies the 11 character string CLLI code. Any printable, seven bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. If more than 11 characters are entered, the string is truncated. If less than 11 characters are entered the string is padded with spaces.

Platforms

All

clock-offset

clock-offset

Syntax

clock-offset seconds

no clock-offset

Context

[Tree] (config>oam-pm>session>meas-interval clock-offset)

Full Context

configure oam-pm session meas-interval clock-offset

Description

This command allows measurement intervals with a boundary-type of clock aligned to be offset from the default time of day clock. The configured offset must be smaller than the size of the measurement interval. As an example, an offset of 120 (seconds) shifts the start times of the measurement intervals by two minutes from their default alignments with respect to the time of day clock.

The no form of this command sets the offset to 0.

Default

clock-offset 0

Parameters

seconds

Specifies the number of seconds to offset a clock-alignment measurement interval from its default.

Values

0 to 86399

Default

0

Platforms

All

clock-source

clock-source

Syntax

clock-source {loop-timed | node-timed}

Context

[Tree] (config>port>sonet-sdh clock-source)

Full Context

configure port sonet-sdh clock-source

Description

This command configures the clock to be used for transmission of data out towards the line. The options are to use the locally recovered clock from the line's receive data stream or the node central reference.

When changing the clock source for a port on an OC-48 MDA, a brief transmit interruption can occur on all ports of that MDA. Note that all SONET/SDH MDAs support loop timing.

The node-timed parameter in this command is supported by TDM satellite.

Parameters

loop-timed

The link recovers the clock from the received data stream.

node-timed

The link uses the internal clock when transmitting data.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

clock-source

Syntax

clock-source {loop-timed | node-timed | adaptive | differential}

Context

[Tree] (config>port>tdm>e3 clock-source)

[Tree] (config>port>tdm>ds1 clock-source)

[Tree] (config>port>tdm>ds3 clock-source)

[Tree] (config>port>tdm>e1 clock-source)

Full Context

configure port tdm e3 clock-source

configure port tdm ds1 clock-source

configure port tdm ds3 clock-source

configure port tdm e1 clock-source

Description

This command configures the clock to be used for transmission of data out towards the line. The options are to use the locally recovered clock from the line's receive data stream, the node central reference, or an adaptively recovered clock using the received packets.

The following tables show MDAs that support loop timing at DS3/E3 and DS1/E1 channelization options.

TDM DS3/E3

LoopTimed

Default

Channelized OC-12

No

node-timed

Channelized OC-3

No

node-timed

Channelized DS3/E3

No

node-timed

Channelized ASAP OC-12

Yes

node-timed

Channelized ASAP OC-3

Yes

node-timed

Channelized ASAP DS3/E3

Yes

node-timed

CES OC-3

Yes

node-timed

TDM DS1/E1

LoopTimed

Default

Channelized OC-12

Yes

loop-timed

Channelized OC-3

Yes

loop-timed

Channelized DS3/E3

Yes

loop-timed

Channelized ASAP OC-12

Yes

loop-timed

Channelized ASAP OC-3

Yes

loop-timed

Channelized ASAP DS3/E3

Yes

loop-timed

CES OC-3

Yes

loop-timed

Parameters

loop-timed

The link recovers the clock from the received data stream.

node-timed

The link uses the internal clock when transmitting data.

adaptive

The clock is adaptively recovered from the rate at which data is received and not from the physical layer. Adaptive timing is only supported on ds1 and e1 channels.

differential

The clock is recovered from differential RTP timestamp header. Differential timing is only supported on ds1 and e1 channels.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

clock-type

clock-type

Syntax

clock-type boundary

clock-type ordinary {master | slave}

Context

[Tree] (config>system>ptp clock-type)

Full Context

configure system ptp clock-type

Description

This command configures the type of clock. The clock type can only be changed when PTP is shutdown.

The clock type cannot be changed to ordinary timeTransmitter if the PTP reference is no shutdown. In addition, the clock type cannot be changed to ordinary timeTransmitter if there are peers configured. The clock type is restricted based on the profile. See the profile command description for the details of the restrictions.

When enabling a PTP with clock-type boundary, at least one reference into the central frequency clock must be enabled using the configure system sync-if-timing [bits |ref1 |ref2 | ptp| synce] command.

Default

clock-type ordinary slave

Parameters

boundary

Specifies that the system is a boundary clock, which may be anywhere in the PTP clock hierarchy. It can obtain timing from a timeTransmitter clock, and provide timing to multiple timeReceiver clocks concurrently.

ordinary master

Specifies that the system is a grandmaster clock in the PTP hierarchy. The system provides timing to multiple timeReceiver clocks in the network.

ordinary slave

Specifies that the system is always a timeReceiver clock in the PTP hierarchy. The system derives its timing from one or more timeTransmitter clocks in the network.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

close-session

close-session

Syntax

[no] close-session

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization close-session)

Full Context

configure system security profile netconf base-op-authorization close-session

Description

This command enables the NETCONF close-session operation.

The no form of this command disables the operation.

Default

no close-session

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

cluster

cluster

Syntax

cluster cluster-id

no cluster

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy cluster)

Full Context

configure subscriber-mgmt bgp-peering-policy cluster

Description

This command configures the cluster ID for a route reflector server.

Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.

When a route reflector receives a route, first it must select the best path from all the paths received. If the route was received from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.

For redundancy, a cluster can have multiple route reflectors.

Confederations can also be used to remove the full IBGP mesh requirement within an AS.

The no form of this command deletes the cluster ID and effectively disables the Route Reflection for the given group.

Parameters

cluster-id

Specifies the route reflector cluster ID is expressed in dot decimal notation.

Values

Any 32 bit number in dot decimal notation. (0.0.0.1 to 255.255.255.255)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cluster

Syntax

cluster cluster-id

no cluster

Context

[Tree] (config>service>vprn>bgp>group>neighbor cluster)

[Tree] (config>service>vprn>bgp>group cluster)

[Tree] (config>service>vprn>bgp cluster)

Full Context

configure service vprn bgp group neighbor cluster

configure service vprn bgp group cluster

configure service vprn bgp cluster

Description

This command configures the cluster ID for a route reflector server.

Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.

When a route reflector receives a route, first it must select the best path from all the paths received. If the route was received from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.

For redundancy, a cluster can have multiple route reflectors.

Confederations can also be used to remove the full IBGP mesh requirement within an AS.

The no form of this command deletes the cluster ID and effectively disables the Route Reflection for the given group.

Default

no cluster — No cluster ID is defined.

Parameters

cluster-id

The route reflector cluster ID is expressed in dot decimal notation.

Values

Any 32 bit number in dot decimal notation. (0.0.0.1 to 255.255.255.255)

Platforms

All

cluster

Syntax

cluster cluster-id orr-location location-id [ allow-local-fallback]]

Context

[Tree] (config>router>bgp cluster)

Full Context

configure router bgp cluster

Description

This command configures the cluster ID for a route reflector server ID and implicitly configures the associated BGP sessions as route reflector clients of the BGP instance. If an ORR location ID is specified with the cluster ID, the clients in that cluster receive routes optimal for that specific location; refer to draft-ietf-idr-bgp-optimal-route-reflection for more information.

Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.

When a route reflector receives best path from a non-client peer, it sends the route to all clients. When the route reflector receives a best path from a client peer it sends the route to all non-client and all client peers except the originator.

With optimal route reflection, the best path advertised to a client takes location ID into account, which means that if the tie-break for best path (or Add-Paths) comes down to next-hop IGP cost, the IGP costs will be calculated relative to the specified location. In the SR OS implementation, the IGP costs from arbitrary ORR locations are calculated using OSPF/OSPFv3, IS-IS, or BGP-LS information in the TE DB.

Default

no cluster

Parameters

ip-address

Specifies the route reflector cluster ID is expressed in dot decimal notation.

Values

Any 32 bit number in dot decimal notation. (0.0.0.1 to 255.255.255.255)

orr-location location-id

Specifies the optimal route reflection location index for this set of route reflector clients.

Values

1 to 255

allow-local-fallback

Controls the behavior when there are no BGP routes to advertise to the RR clients that are reachable from the perspective of their ORR location. If this option is configured, the RR is allowed (in this circumstance only), to advertise the best reachable BGP path from its own topology location. If this option is not configured and this situation applies, then no route is advertised to the clients.

Platforms

All

cluster

Syntax

cluster cluster-id orr-location location-id [ allow-local-fallback]]

cluster cluster-id

no cluster

Context

[Tree] (config>router>bgp>group cluster)

[Tree] (config>router>bgp>group>neighbor cluster)

Full Context

configure router bgp group cluster

configure router bgp group neighbor cluster

Description

This command configures the cluster ID for a route reflector server ID and implicitly configures the associated BGP sessions as route reflector clients of the BGP instance. If an ORR location ID is specified with the cluster ID, the clients in that cluster receive routes optimal for that specific location; see draft-ietf-idr-bgp-optimal-route-reflection for more information.

Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.

When a route reflector receives best path from a non-client peer, it sends the route to all clients. When the route reflector receives a best path from a client peer it sends the route to all non-client and all client peers except the originator.

With optimal route reflection, the best path advertised to a client takes location ID into account, which means that if the tie-break for best path (or Add-Paths) comes down to next-hop IGP cost, the IGP costs will be calculated relative to the specified location. In the SR OS implementation, the IGP costs from arbitrary ORR locations are calculated using OSPF/OSPFv3, IS-IS, or BGP-LS information in the TE DB.

The no form of this command deletes the cluster ID and effectively disables route reflection for the group.

Default

no cluster

Parameters

ip-address

Specifies the route reflector cluster ID is expressed in dot decimal notation.

Values

Any 32 bit number in dot decimal notation. (0.0.0.1 to 255.255.255.255)

orr-location location-id

Specifies the optimal route reflection location index for this set of route reflector clients.

Values

1 to 255

allow-local-fallback

Controls the behavior when there are no BGP routes to advertise to the RR clients that are reachable from the perspective of their ORR location. If this option is configured, the RR is allowed (in this circumstance only), to advertise the best reachable BGP path from its own topology location. If this option is not configured and this situation applies, then no route is advertised to the clients.

Platforms

All

cluster-id

cluster-id

Syntax

cluster-id ip-address/mask [ip-address/mask]

cluster-id none

no cluster-id

Context

[Tree] (config>router>policy-options>policy-statement>entry>from cluster-id)

Full Context

configure router policy-options policy-statement entry from cluster-id

Description

This command enables BGP routes to be matched based on the IP addresses encoded in the CLUSTER_LIST attribute.

The first ip-address/mask pair is matched against the most recently added cluster ID. Each subsequent ip-address/mask pair is tested against the next most recent cluster ID.

For example, to match all routes reflected by the RR with cluster ID 1.1.1.1 and then any other RR before reaching the router where the policy is applied, use the command cluster-id 0.0.0.0/0 1.1.1.1/32.

Note:

The command matches routes with two or more cluster IDs; the third and older cluster IDs are not evaluated and are automatically considered matching.

The cluster-id none form of this command only matches BGP routes without any CLUSTER_LIST attribute.

A non-BGP route does not match a policy entry if it contains the cluster-id command.

Default

no cluster-id

Parameters

ip-address

Specifies the 32-bit cluster ID in dotted decimal notation.

Values

a.b.c.d

mask

Specifies a bit mask to apply to the ip-address parameter.

Values

0 to 32 (0 is only allowed if the ip-address is 0.0.0.0)

none

Specifies that only BGP routes without a CLUSTER_LIST attribute should be matched.

Platforms

All

cmpv2

cmpv2

Syntax

cmpv2

Context

[Tree] (admin>certificate cmpv2)

Full Context

admin certificate cmpv2

Description

Commands in this context configure CMPv2 operations.

Platforms

All

cmpv2

Syntax

cmpv2

Context

[Tree] (config>system>security>pki>ca-profile cmpv2)

Full Context

configure system security pki ca-profile cmpv2

Description

Commands in this context configure CMPv2 parameters.

Platforms

All

cmpv2

Syntax

[no] cmpv2

Context

[Tree] (debug>certificate cmpv2)

Full Context

debug certificate cmpv2

Description

This command enables debugging of CMPv2 operations.

Platforms

All

cn

cn

Syntax

[no] cn index type type value common-name-value

Context

[Tree] (config>system>security>pki>common-name-list cn)

Full Context

configure system security pki common-name-list cn

Description

This command creates a CN list entry in text or regexp format.

The no form of this command removes the specified entry.

Parameters

index

Specifies the index number of the entry.

type

Specifies the type of the entry.

Values

ip-address, domain-name

common-name-value

Specifies the IP address or domain name value, up to 255 characters maximum.

Platforms

All

coa

coa

Syntax

coa [port udp-port]

no coa

Context

[Tree] (config>aaa>isa-radius-plcy>servers>server coa)

Full Context

configure aaa isa-radius-policy servers server coa

Description

This command configures Change of Authorization (CoA) messages.

Default

no coa

Parameters

udp-port

Specifies the UDP port number on which to contact the RADIUS server for authentication.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

coa-script-policy

coa-script-policy

Syntax

coa-script-policy policy-name

no coa-script-policy

Context

[Tree] (config>subscr-mgmt>auth-plcy coa-script-policy)

Full Context

configure subscriber-mgmt authentication-policy coa-script-policy

Description

This command configures the RADIUS script policy used to change the RADIUS attributes of the Change-of-Authorization messages.

The no form of this command removes the policy name from the configuration.

Parameters

policy-name

Specifies the Python script policy to modify the Change-of-Authorization messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

coa-script-policy

Syntax

coa-script-policy policy-name

no coa-script-policy

Context

[Tree] (config>router>radius-server>server coa-script-policy)

[Tree] (config>service>vprn>radius-server>server coa-script-policy)

Full Context

configure router radius-server server coa-script-policy

configure service vprn radius-server server coa-script-policy

Description

This command specifies the RADIUS script policy to modify the Change-of-Authorization messages sent from this RADIUS server.

The no form of this command removes the policy name from the configuration.

Parameters

policy-name

Specifies the name of radius-script-policy up to 80 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

code-type

code-type

Syntax

code-type [sonet | sdh]

[no] code-type

Context

[Tree] (config>port>ethernet>ssm code-type)

Full Context

configure port ethernet ssm code-type

Description

This command configures the encoding of synchronization status messages. For example, whether to use an SDH or SONET set of values. Configuring the network-type is only applicable to SyncE ports. It is not configurable on SONET/SDH ports. For the network-type, sdh refers to ITU-T G.781 Option I, while sonet refers to G.781 Option II (equivalent to Telcordia GR-253-CORE).

Default

code-type sdh

Parameters

sdh

Specifies the values used on a G.781 Option 1 compliant network.

sonet

Specifies the values used on a G.781 Option 2 compliant network.

Platforms

All

coherent

coherent

Syntax

coherent

Context

[Tree] (config>port>dwdm coherent)

Full Context

configure port dwdm coherent

Description

This command configures the coherent optical module parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cold-start-wait

cold-start-wait

Syntax

cold-start-wait seconds

no cold-start-wait

Context

[Tree] (config>log>app-route-notifications cold-start-wait)

Full Context

configure log app-route-notifications cold-start-wait

Description

The time delay that must pass before notifying specific CPM applications that a route is available after a cold reboot.

Default

no cold-start-wait

Parameters

seconds

Time delay in seconds.

Values

1 to 300

Platforms

All

collect-aa-acct-stats

collect-aa-acct-stats

Syntax

[no] collect-aa-acct-stats

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm collect-aa-acct-stats)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm collect-aa-acct-stats)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt collect-aa-acct-stats

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt collect-aa-acct-stats

Description

This command enables Application Assurance account statistics collection.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

collect-lmm-fc-stats

collect-lmm-fc-stats

Syntax

collect-lmm-fc-stats

Context

[Tree] (config>service>ipipe>sap>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>epipe>sap>eth-cfm collect-lmm-fc-stats)

Full Context

configure service ipipe sap eth-cfm collect-lmm-fc-stats

configure service epipe spoke-sdp eth-cfm collect-lmm-fc-stats

configure service epipe sap eth-cfm collect-lmm-fc-stats

Description

Commands in this context configure per-forwarding class (FC) LMM information collection.

This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

collect-lmm-fc-stats

Syntax

collect-lmm-fc-stats

Context

[Tree] (config>service>vpls>sap>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm collect-lmm-fc-stats)

Full Context

configure service vpls sap eth-cfm collect-lmm-fc-stats

configure service vpls mesh-sdp eth-cfm collect-lmm-fc-stats

configure service vpls spoke-sdp eth-cfm collect-lmm-fc-stats

Description

Commands in this context configure per-forwarding class (FC) LMM information collection.

This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

collect-lmm-fc-stats

Syntax

collect-lmm-fc-stats

Context

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>ies>if>sap>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm collect-lmm-fc-stats)

Full Context

configure service ies interface spoke-sdp eth-cfm collect-lmm-fc-stats

configure service ies interface sap eth-cfm collect-lmm-fc-stats

configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats

Description

Commands in this context configure per-forwarding class (FC) LMM information collection.

This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm collect-lmm-fc-stats
  • configure service ies interface spoke-sdp eth-cfm collect-lmm-fc-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats

collect-lmm-fc-stats

Syntax

collect-lmm-fc-stats

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm collect-lmm-fc-stats)

[Tree] (config>service>vprn>if>sap>eth-cfm collect-lmm-fc-stats)

Full Context

configure service vprn interface spoke-sdp eth-cfm collect-lmm-fc-stats

configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats

configure service vprn interface sap eth-cfm collect-lmm-fc-stats

Description

Commands in this context configure per-forwarding class (FC) LMM information collection.

This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm collect-lmm-fc-stats
  • configure service vprn interface sap eth-cfm collect-lmm-fc-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats

collect-lmm-fc-stats

Syntax

collect-lmm-fc-stats

Context

[Tree] (config>router>if>eth-cfm>mep collect-lmm-fc-stats)

Full Context

configure router interface eth-cfm mep collect-lmm-fc-stats

Description

This command enables the collection of per-forwarding class LMM statistics.

The collect-lmm-fc-stats and collect-lmm-stats commands are mutually exclusive when there is entity resource contention.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

collect-lmm-stats

collect-lmm-stats

Syntax

[no] collect-lmm-stats

Context

[Tree] (config>router>if>eth-cfm>mep collect-lmm-stats)

[Tree] (config>port>ethernet>eth-cfm>mep collect-lmm-stats)

[Tree] (config>lag>eth-cfm>mep collect-lmm-stats)

Full Context

configure router interface eth-cfm mep collect-lmm-stats

configure port ethernet eth-cfm mep collect-lmm-stats

configure lag eth-cfm mep collect-lmm-stats

Description

This command enables the collection of statistics on the facility MEPs. This command is an object under the Facility MEP. This is at a different level of the hierarchy than collection of lmm statistics for service SAPs and MPLS SDP Bindings. The show mep command can be used to determine is the Facility MEP is collecting stats.

The no form of this command disables and deletes the counters for this SAP, Binding or facility.

Default

no collect-lmm-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

collect-lmm-stats

Syntax

[no] collect-lmm-stats

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm collect-lmm-stats)

[Tree] (config>service>ipipe>sap>eth-cfm collect-lmm-stats)

[Tree] (config>service>epipe>sap>eth-cfm collect-lmm-stats)

[Tree] (config>service>vpls>sap>eth-cfm collect-lmm-stats)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm collect-lmm-stats)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm collect-lmm-stats)

Full Context

configure service vpls spoke-sdp eth-cfm collect-lmm-stats

configure service ipipe sap eth-cfm collect-lmm-stats

configure service epipe sap eth-cfm collect-lmm-stats

configure service vpls sap eth-cfm collect-lmm-stats

configure service vpls mesh-sdp eth-cfm collect-lmm-stats

configure service epipe spoke-sdp eth-cfm collect-lmm-stats

Description

This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display entities that are collecting stats.

The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.

Default

no collect-lmm-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

collect-lmm-stats

Syntax

[no] collect-lmm-stats

Context

[Tree] (config>service>ies>if>sap>eth-cfm collect-lmm-stats)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm collect-lmm-stats)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm collect-lmm-stats)

Full Context

configure service ies interface sap eth-cfm collect-lmm-stats

configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-stats

configure service ies interface spoke-sdp eth-cfm collect-lmm-stats

Description

This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display which entities are collecting stats.

The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.

Default

no collect-lmm-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm collect-lmm-stats
  • configure service ies interface spoke-sdp eth-cfm collect-lmm-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-stats

collect-lmm-stats

Syntax

collect-lmm-stats

no collect-lmm-stats

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm collect-lmm-stats)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm collect-lmm-stats)

[Tree] (config>service>vprn>if>sap>eth-cfm collect-lmm-stats)

Full Context

configure service vprn interface spoke-sdp eth-cfm collect-lmm-stats

configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-stats

configure service vprn interface sap eth-cfm collect-lmm-stats

Description

This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show>service>sap-using>eth-cfm>collect-lmm-stats command and the show>service>sdp-using>eth-cfm>collect-lmm-stats command can be used to display which entities are collecting stats.

The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.

Default

no collect-lmm-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm collect-lmm-stats
  • configure service vprn interface sap eth-cfm collect-lmm-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-stats

collect-stats

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>subscr-mgmt>sub-prof collect-stats)

Full Context

configure subscriber-mgmt sub-profile collect-stats

Description

When enabled, the agent collects non-RADIUS accounting statistics.

When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

collect-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap collect-stats)

[Tree] (config>service>ies>sub-if>grp-if>sap collect-stats)

Full Context

configure service vprn subscriber-interface group-interface sap collect-stats

configure service ies subscriber-interface group-interface sap collect-stats

Description

When enabled, the agent collects non-RADIUS accounting statistics on a subscriber profile.

When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic.

Default

collect-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>service>vpls>spoke-sdp collect-stats)

[Tree] (config>service>vpls>mesh-sdp collect-stats)

[Tree] (config>service>ies>if>sap collect-stats)

[Tree] (config>service>vpls>sap collect-stats)

Full Context

configure service vpls spoke-sdp collect-stats

configure service vpls mesh-sdp collect-stats

configure service ies interface sap collect-stats

configure service vpls sap collect-stats

Description

This command enables accounting and statistical data collection for either the SAP or SDP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

collect-stats

Platforms

All

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>card>fp>ingress>network>queue-group collect-stats)

[Tree] (config>card>fp>ingress>access>queue-group collect-stats)

Full Context

configure card fp ingress network queue-group collect-stats

configure card fp ingress access queue-group collect-stats

Description

This command enables the collection of accounting and statistical data for the queue group on the forwarding plane. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued, the statistics are still accumulated, however, the CPU does not obtain the results and write them to the billing file. If the collect-stats command is issued again (enabled), then the counters written to the billing file will include the traffic collected while the no collect-stats command was in effect.

Default

no collect-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>port>ethernet>network collect-stats)

[Tree] (config>port>tdm>e3>network collect-stats)

[Tree] (config>port>ethernet collect-stats)

[Tree] (config>port>ethernet>network>egr>qgrp collect-stats)

[Tree] (config>port>tdm>e1>channel-group>network collect-stats)

[Tree] (config>port>sonet-sdh>path>network collect-stats)

[Tree] (config>port>ethernet>access>ing>qgrp collect-stats)

[Tree] (config>port>tdm>ds3>network collect-stats)

[Tree] (config>port>tdm>ds1>channel-group>network collect-stats)

[Tree] (config>port>ethernet>access>egr>qgrp collect-stats)

Full Context

configure port ethernet network collect-stats

configure port tdm e3 network collect-stats

configure port ethernet collect-stats

configure port ethernet network egress queue-group collect-stats

configure port tdm e1 channel-group network collect-stats

configure port sonet-sdh path network collect-stats

configure port ethernet access ingress queue-group collect-stats

configure port tdm ds3 network collect-stats

configure port tdm ds1 channel-group network collect-stats

configure port ethernet access egress queue-group collect-stats

Description

This command enables the collection of accounting and statistical data for the network interface. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued, the statistics are still accumulated by the XCM/IOM cards, however, the CPU does not obtain the results and write them to the billing file. If the collect-stats command is issued again (enabled), then the counters written to the billing file will include the traffic collected while the no collect-stats command was in effect.

Default

no collect-stats

Platforms

All

  • configure port ethernet collect-stats
  • configure port ethernet network egress queue-group collect-stats
  • configure port ethernet access egress queue-group collect-stats
  • configure port ethernet network collect-stats
  • configure port ethernet access ingress queue-group collect-stats

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm ds1 channel-group network collect-stats
  • configure port tdm ds3 network collect-stats
  • configure port tdm e3 network collect-stats
  • configure port tdm e1 channel-group network collect-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path network collect-stats

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>service>cpipe>sap collect-stats)

[Tree] (config>service>epipe>spoke-sdp collect-stats)

[Tree] (config>service>ipipe>sap collect-stats)

[Tree] (config>service>epipe>sap collect-stats)

Full Context

configure service cpipe sap collect-stats

configure service epipe spoke-sdp collect-stats

configure service ipipe sap collect-stats

configure service epipe sap collect-stats

Description

This command enables accounting and statistical data collection for either the SAP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

no collect-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap collect-stats

All

  • configure service epipe spoke-sdp collect-stats
  • configure service ipipe sap collect-stats
  • configure service epipe sap collect-stats

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>service>ies>if>spoke-sdp collect-stats)

Full Context

configure service ies interface spoke-sdp collect-stats

Description

This command enables statistics collection.

Platforms

All

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>service>vprn>if>sap collect-stats)

[Tree] (config>service>vprn>if>spoke-sdp collect-stats)

Full Context

configure service vprn interface sap collect-stats

configure service vprn interface spoke-sdp collect-stats

Description

This command enables accounting and statistical data collection for either an interface SAP or interface SAP spoke SDP, or network port. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

no collect-stats

Platforms

All

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>router>ldp>egr-stats collect-stats)

Full Context

configure router ldp egr-stats collect-stats

Description

This command enables accounting and statistical data collection. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the forwarding engine. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

collect-stats

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>router>mpls>lsp>egr-stats collect-stats)

[Tree] (config>router>mpls>ingr-stats>p2p-template-lsp collect-stats)

[Tree] (config>router>mpls>ingr-stats>p2mp-template-lsp collect-stats)

[Tree] (config>router>mpls>lsp-template>egr-stats collect-stats)

[Tree] (config>router>mpls>lsp>ingr-stats collect-stats)

[Tree] (config>router>mpls>ingr-stats>lsp collect-stats)

Full Context

configure router mpls lsp egress-statistics collect-stats

configure router mpls ingress-statistics p2p-template-lsp collect-stats

configure router mpls ingress-statistics p2mp-template-lsp collect-stats

configure router mpls lsp-template egress-statistics collect-stats

configure router mpls lsp ingress-statistics collect-stats

configure router mpls ingress-statistics lsp collect-stats

Description

This command enables accounting and statistical data collection. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

The config>router>mpls>ingr-stats>p2mp-template-lsp>collect-stats command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.

When the no collect-stats command is issued, the statistics are still accumulated by the forwarding engine. However, the CPU does not write the results to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic collected while the no collect-stats command was in effect.

Default

collect-stats

Platforms

All

  • configure router mpls ingress-statistics lsp collect-stats
  • configure router mpls ingress-statistics p2mp-template-lsp collect-stats
  • configure router mpls lsp egress-statistics collect-stats
  • configure router mpls ingress-statistics p2p-template-lsp collect-stats
  • configure router mpls lsp-template egress-statistics collect-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure router mpls lsp ingress-statistics collect-stats

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>app-assure>group>statistics>aa-sub-study collect-stats)

[Tree] (config>app-assure>group>statistics>app-grp collect-stats)

[Tree] (config>app-assure>group>statistics>app collect-stats)

[Tree] (config>app-assure>group>statistics>aa-sub collect-stats)

[Tree] (config>app-assure>group>statistics>aa-part collect-stats)

[Tree] (config>app-assure>group>statistics>aa-admit-deny collect-stats)

[Tree] (config>isa>aa-grp>statistics>perform collect-stats)

[Tree] (config>app-assure>group>statistics>protocol collect-stats)

Full Context

configure application-assurance group statistics aa-sub-study collect-stats

configure application-assurance group statistics app-group collect-stats

configure application-assurance group statistics application collect-stats

configure application-assurance group statistics aa-sub collect-stats

configure application-assurance group statistics aa-partition collect-stats

configure application-assurance group statistics aa-admit-deny collect-stats

configure isa application-assurance-group statistics performance collect-stats

configure application-assurance group statistics protocol collect-stats

Description

This command enables statistic collection within the applicable context.

Default

no collect-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

collect-stats

Syntax

[no] collect-stats

Context

[Tree] (config>service>sdp collect-stats)

[Tree] (config>service>pw-template collect-stats)

Full Context

configure service sdp collect-stats

configure service pw-template collect-stats

Description

This command enables accounting and statistical data collection for either the SDP. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the IOM or XCM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

no collect-stats

Platforms

All

collection-interval

collection-interval

Syntax

collection-interval minutes

no collection-interval

Context

[Tree] (config>log>acct-policy collection-interval)

Full Context

configure log accounting-policy collection-interval

Description

This command configures the accounting collection interval.

Parameters

minutes

Specifies the interval between collections, in minutes.

Values

1 to 120 A range of 1 to 4 is only allowed when the record type is set to SAA.

Platforms

All

collector

collector

Syntax

collector ip-address[:port] [ create]

no collector ip-address[:port]

Context

[Tree] (config>app-assure>group>cflowd collector)

Full Context

configure application-assurance group cflowd collector

Description

This command defines a flow data collector for cflowd data. The IP address of the flow collector must be specified. The UDP port number is an optional parameter. If it is not set, the default of 2055 is used.

Parameters

ip-address

Specifies the IP address of the flow data collector in dotted decimal notation.

port

Specifies the UDP port of flow data collector.

Values

1 to 65535

Default

2055

create

Keyword used to create the flow data collector.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

collector

Syntax

collector router router-instance ip ip-address [create]

no collector router router-instance ip ip-address

Context

[Tree] (config>service>ipfix>export-policy collector)

Full Context

configure service ipfix ipfix-export-policy collector

Description

This command defines an external collector node that will collect IPFIX records sent by 7750 SR node. The IPFIX records will be streamed to the collector node using UDP transport. Traffic is originated from a random ephemeral UDP port to the destination port 4739. Up to two collector nodes can be defined for redundancy purposes.

UDP streams are stateless due to the significant volume of transactions. However they do contain 32bit sequence numbers such that packet loss can be identified.

Multiple IPFIX records are sent in a single UDP packet. UDP packet transmission is triggered when the packet size containing IPFIX records exceeds the configured MTU value or the internal timer which is set to 250ms, whichever occurs first.

Parameters

router router-instance

Router instance from which the collector node is reachable.

Values

<router-name> | <service-id>

router-name:

"Base"

service-id:

1 to 2147483647

ip ip-address

IPv4 address of the external collector node to which IPFIX records will be sent.

create

Keyword used to create the collector instance.

Platforms

All

collector

Syntax

collector router router-name ip ip-address [create]

collector service-name service-name ip ip-address [create]

no collector router router-name ip ip-address

no collector service-name service-name ip ip-address

Context

[Tree] (config>service>nat>syslog>syslog-export-policy collector)

Full Context

configure service nat syslog syslog-export-policy collector

Description

This command defines an external collector node that collects syslog records. The syslog records are streamed to the collector node using UDP transport. Traffic is originated from a random ephemeral UDP port to the destination port 514. Up to two collector nodes can be defined for redundancy purposes.

Stateless UDP streams are used as transport due to the significant volume of transactions. However, they do contain 32-bit sequence numbers so packet loss can be identified. The sequence numbers are generated per BB-ISA per collector, and within each stream they are monotonically increased by 1. Overlapping sequence numbers between BB-ISAs can be differentiated by the MDA ID field carried in the syslog message.

Multiple syslog records are sent in a single UDP packet. UDP packet transmission is triggered when the packet size containing syslog records exceeds the configured MTU value or the configurable timer, whichever occurs first.

The no form of the command removes the parameters from the configuration.

Parameters

router-name

Specifies the router instances from which the collector node is reachable.

ip-address

Specifies the IPv4 address of the external collector node to which the syslog records are sent.

service-name

Specifies the service name from which the collector node is reachable.

create

Keyword used to create the collector instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

collector

Syntax

collector ip-address[:port] [version version]

no collector ip-address[:port]

Context

[Tree] (config>cflowd collector)

Full Context

configure cflowd collector

Description

This command defines a flow data collector for cflowd data. The IP address and version of the flow collector must be specified. The UDP port number is an optional parameter. If it is not set, the default of 2055 is used for all collector versions. To connect to an IPFIX (version 10) collector using the IPFIX default port, specify port 4739 when defining the collector. A maximum of eight collectors can be configured.

The no form of this command removes the flow collector definition from the config and stops the export of data to the collector. The collector needs to be shut down to be deleted.

Parameters

ip-address

Specifies the address of a remote cflowd collector host to receive the exported cflowd data.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

port

Specifies the UDP port number on the remote cflowd collector host to receive the exported cflowd data.

Values

1 to 65535

Default

2055

version

Specifies the version of the flow data collector.

Values

5, 8, 9, 10

Default

5

Platforms

All

collector

Syntax

collector collector-id [create]

no collector collector-id

Context

[Tree] (config>app-assure>group>cflowd>direct-export collector)

Full Context

configure application-assurance group cflowd direct-export collector

Description

This command configures the Cflowd direct export collector.

The system uses the collectors when the Cflowd admin state shuts down and then re-enabled (no shutdown state). The system re-assigns the collectors to the groups or AA-ISAs or when a Cflowd collector ID is created. The collector IDs are used when a new group is added later.

When a collector ID is removed, the groups (AA-ISAs) that are assigned to this collector are removed and assigned to another available collector. The affected ISAs reset their collector statistics as they change to the new collector.

In addition, a Cflowd collector assignment to a group or AA-ISA is done only in the following conditions:

  • the admin state is in a no shutdown state for the AA group or the AA group Cflowd

  • a collector is available under the AA group with at least one address in a no shutdown admin state

If an AA group or AA-ISA is assigned a collector, shutting down, or the group unassigns the group from the cflowd collector.

The no form of this command removes the collector ID from the configuration.

Parameters

collector-id

Specifies the Cflowd direct export collector ID.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

color

color

Syntax

color color

no color

Context

[Tree] (conf>router>segment-routing>sr-policies>policy color)

Full Context

configure router segment-routing sr-policies static-policy color

Description

This command associates a color value with a statically defined segment routing policy. This is a mandatory parameter and configuration command to enable the segment routing policy; if the color parameter value is not configured, the execution of the no shutdown command on the static segment routing policy fails.

The no form of this command removes the color association.

Default

no color

Parameters

color

Specifies the color ID.

Values

0 to 4294967295

Platforms

All

color

Syntax

color color-id

no color

Context

[Tree] (config>router>policy-options>policy-statement>entry>from color)

Full Context

configure router policy-options policy-statement entry from color

Description

This command configures an SR Policy color ID as a route policy match criterion.

This match criterion is only used in import policies.

The no form of this command removes the configuration.

Parameters

color-id

Specifies the SR policy color ID.

Values

0 to 4294967295

Platforms

All

combined-max-sessions

combined-max-sessions

Syntax

combined-max-sessions number-of-sessions

no combined-max-sessions

Context

[Tree] (config>system>security>cli-session-group combined-max-sessions)

[Tree] (config>system>security>profile combined-max-sessions)

Full Context

configure system security cli-session-group combined-max-sessions

configure system security profile combined-max-sessions

Description

This command is used to limit the number of combined SSH/TELNET based sessions available to all users that are part of a specific profile, or to all users of all profiles that are part of the same cli-session-group.

The no form of this command disables the command and the profile or group limit is not applied to the number of combined sessions.

Default

no combined-max-sessions

Parameters

number-of-sessions

Specifies the maximum number of allowed combined SSH/TELNET based sessions.

Values

0 to 50

Platforms

All

command-accounting-during-load

command-accounting-during-load

Syntax

[no] command-accounting-during-load

Context

[Tree] (config>system>security>management-interface>md-cli command-accounting-during-load)

Full Context

configure system security management-interface md-cli command-accounting-during-load

Description

This command controls command accounting performed on the contents of a file loaded using the MD-CLI load or rollback command.

When enabled, all commands in the loaded file are logged, which may decrease the system response time with large files.

When disabled, command accounting is not performed during a load or rollback operation, which may increase the system response time by reducing the number of command accounting messages, especially when remote AAA servers are used.

The load or rollback command itself is always logged.

The no form of this command disables command accounting during a load or rollback operation.

Default

command-accounting-during-load

Platforms

All

command-completion

command-completion

Syntax

command-completion

Context

[Tree] (config>system>management-interface>cli>md-cli>environment command-completion)

Full Context

configure system management-interface cli md-cli environment command-completion

Description

This command configures keystrokes to trigger command completion.

Platforms

All

comment

comment

Syntax

comment comment-string

[no] comment

Context

[Tree] (config>app-assure>group>ip-id-asst>pdns>trst-srv comment)

Full Context

configure application-assurance group ip-identification-assist passive-dns trusted-server comment

Description

This command specifies a name or description to associate with the DNS server.

The no form of this command removes the name or description given to the DNS server.

Parameters

comment-string

Specifies a name or description, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

commit

commit

Syntax

commit

Context

[Tree] (config>app-assure>group>policy commit)

Full Context

configure application-assurance group policy commit

Description

This command commits changes made during the current editing session. None of the policy changes done will take effect until commit command is issued. If the changes can be successfully committed, no errors detected during the commit during cross-reference verification against exiting application assurance configuration, the editing session will also be closed.

The newly committed policy takes effect immediately for all new flows, existing flows will transition onto the new policy shortly after the commit.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

commit

Syntax

commit

Context

[Tree] (config>router>bfd commit)

Full Context

configure router bfd commit

Description

This command saves the changes made to a BFD template during an active session and makes the changes active.

Platforms

All

commit

Syntax

commit

Context

[Tree] (config>router>route-next-hop-policy commit)

Full Context

configure router route-next-hop-policy commit

Description

This command saves the changes made to route next-hop templates during an active session.

Default

commit

Platforms

All

commit

Syntax

commit [confirmed timeout] [comment comment]

commit no-checkpoint [confirmed timeout]

Context

[Tree] (candidate commit)

Full Context

candidate commit

Description

This command applies the changes in the candidate configuration to the active running configuration. The candidate changes will take operational effect.

If a commit operation is successful then all of the candidate changes will take operational effect and the candidate is cleared. If there is an error in the processing of the commit, or a 'commit confirmed’ is not confirmed and an auto-revert occurs, then the router will return to a configuration state with none of the candidate changes applied. The operator can then continue editing the candidate and try a commit later.

By default, the SR OS will automatically create a new rollback checkpoint after a commit operation. The rollback checkpoint will contain the new configuration changes made by the commit. An optional no-checkpoint keyword can be used to avoid the auto-creation of a rollback checkpoint after a commit.

A commit operation is blocked if a rollback revert is currently being processed.

Parameters

confirmed

specifies that the commit operation (if successful) should be automatically reverted (undone) at the end of the timeout period unless the operator issues the confirm command before the timeout period expires. A rollback checkpoint is created after the commit operation (if successful) and will remain available whether the commit is auto-reverted or not. The contents of the candidate will remain visible (candidate view) and changes to the candidate are blocked until the timeout is completed or the candidate confirm command is executed. If the timeout expires and an auto-revert occurs, then the original candidate config will be available in edit-cfg mode.

Standard line-by-line non-transactional configuration commands (including via SNMP) are not blocked during the countdown period and any changes made to the configuration during the countdown period will be rolled back if the timeout expires. The confirmed option is useful when changes are being made that could impact management reachability to the router.

A rollback revert is blocked during the countdown period until the commit has been confirmed.

timeout

Specifies the auto-revert timeout period, in minutes.

Values

1 to 168

no-checkpoint

Specifies to avoid the automatic creation of a rollback checkpoint for a successful commit.

comment comment

Adds a comment up to 255 characters to the automatic rollback checkpoint.

Platforms

All

commit

Syntax

commit

Context

[Tree] (config>system>sync-if-timing commit)

Full Context

configure system sync-if-timing commit

Description

This command saves changes made to the system synchronous interface timing configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

commit

Syntax

commit

Context

[Tree] (config>router>policy-options commit)

Full Context

configure router policy-options commit

Description

This command is required to save changes made to a route policy.

Platforms

All

commit

Syntax

[no] commit

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization commit)

Full Context

configure system security profile netconf base-op-authorization commit

Description

This command enables the NETCONF commit operation.

The no form of this command disables the operation.

Default

no commit

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

common-name-list

common-name-list

Syntax

common-name-list name [create]

Context

[Tree] (config>system>security>pki common-name-list)

Full Context

configure system security pki common-name-list

Description

This command configures a list of common names (CNs) that will be used to authenticate X.509.3 certificates. If the CN field of the X.509.3 certificate matches any of the CNs in the list, then the certificate can be used.

Parameters

name

Specifies the name of the CN list, up to 32 characters maximum.

Platforms

All

community

community

Syntax

community community-name [hash | hash2 | custom] [access-permissions] [ version SNMP-version] [src-access-list list-name]

no community community-name [hash | hash2 | custom]

Context

[Tree] (config>service>vprn>snmp community)

Full Context

configure service vprn snmp community

Description

This command sets the SNMP community name(s) to be used with the associated VPRN instance. These VPRN community names are used to associate SNMP v1/v2c requests with a particular vprn context and to return a reply that contains VPRN-specific data or limit SNMP access to data in a specific VPRN instance.

VPRN snmp communities configured with an access permission of 'r' are automatically associated with the default access group "snmp-vprn-ro” and the "vprn-view” view (read only). VPRN snmp communities configured with an access permission of 'rw' are automatically associated with the default access group "snmp-vprn” and the "vprn-view” view (read/write).

The community in an SNMP v1/v2 request determines the SNMP context (i.e., the vprn# for accessing SNMP tables) and not the VPRN of the incoming interface on which the request was received. When an SNMP request arrives on VPRN 5 interface "ringo” with a destination IP address equal to the "ringo” interface, but the community in the SNMP request is the community configured against VPRN 101, then the SNMP request will be processed using the VPRN 101 context. (the response will contain information about VPRN 101). It is recommended to avoid using a simple series of vprn snmp-community values that are similar to each other (for example, avoid my-vprncomm-1, my-vprn-comm-2, etc).

The no form of this command removes the SNMP community name from the given VPRN context.

Parameters

community-name

Specifies the SNMP v1/v2c community name. This is a secret/confidential key used to access SNMP and specify a context (base vs vprn1 vs vprn2).

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

version SNMP-version

Specifies the SNMP version.

Values

v1, v2c, both

access-permissions

Specifies the access rights to MIB objects.

Values

r — Grants only read access to MIB objects. Creates an association of the community-name with the snmp-vprn-ro access group.rw — Grants read and write access to MIB objects. Creates an association of the community-name with the snmp-vprn access group.

list-name

Configures the community to reference a specific src-access-list (created under configure system security snmp), which will be used to validate the source IP address of all received SNMP requests that use this community. Multiple community (vprn or base router) and usm-community instances can reference the same src-access-list.

Platforms

All

community

Syntax

community comm-id [comm-id]

no community [comm-id [comm-id]]

Context

[Tree] (config>service>vprn>static-route-entry community)

Full Context

configure service vprn static-route-entry community

Description

This command associates a list of up to 12 BGP communities (any mix of standard, extended, and large communities) with the static route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the static route.

The communities specified at this level of the static route causes communities configured under the next-hop, black-hole, and indirect contexts of the static route to be ignored.

The no form of this command removes the association.

Default

no community

Parameters

comm-id

Specifies a BGP community value, up to 72 characters.

Values

[as-num:comm-val | well-known-comm | ext-comm | large-comm]

where:

  • as-num — 0 to 65535

  • comm-val — 0 to 65535

  • well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole

  • ext-comm — the extended community, defined as one of the following:

    • {target | origin}:ip-address:comm-val

    • {target | origin}:asnum:ext-comm-val

    • {target | origin}:ext-asnum:comm-val

    • bandwidth:asnum:val-in-mbps

    • ext:4300:ovstate

    • ext:value1:value2

    • color:co-bits:color-value

    where:

    • target — route target

    • origin — route origin

    • ip-address — a.b.c.d

    • ext-comm-val — 0 to 4294967295

    • ext-asnum — 0 to 4294967295

    • val-in-mbps — 0 to 16777215

    • ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)

    • value1 — 0000 to FFFF

    • value2 — 0 to FFFFFFFFFFFF

    • co-bits — 00, 01, 10 or 11

    • color-value — 0 to 4294967295

  • large-commasn-or-ex:val-or-ex:val-or-ex

Platforms

All

community

Syntax

community comm-id

no community [comm-id]

Context

[Tree] (config>service>vprn>static-route-entry>indirect community)

[Tree] (config>service>vprn>static-route-entry>black-hole community)

[Tree] (config>service>vprn>static-route-entry>next-hop community)

Full Context

configure service vprn static-route-entry indirect community

configure service vprn static-route-entry black-hole community

configure service vprn static-route-entry next-hop community

Description

This command associates one BGP community (standard, extended or large) with a next-hop of the static route. This community can be matched in route policies and automatically added to BGP routes that are created from the static route.

Any community specified in one of these contexts is overridden by any communities specified at the prefix level of the static route entry.

The no form of this command removes the association.

Default

no community

Parameters

comm-id

Specifies a BGP community value, up to 72 characters.

Values

[as-num:comm-val | well-known-comm | ext-comm | large-comm]

where:

  • as-num — 0 to 65535

  • comm-val — 0 to 65535

  • well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole

  • ext-comm — the extended community, defined as one of the following:

    • {target | origin}:ip-address:comm-val

    • {target | origin}:asnum:ext-comm-val

    • {target | origin}:ext-asnum:comm-val

    • bandwidth:asnum:val-in-mbps

    • ext:4300:ovstate

    • ext:value1:value2

    • color:co-bits:color-value

    where:

    • target — route target

    • origin — route origin

    • ip-address — a.b.c.d

    • ext-comm-val — 0 to 4294967295

    • ext-asnum — 0 to 4294967295

    • val-in-mbps — 0 to 16777215

    • ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)

    • value1 — 0000 to FFFF

    • value2 — 0 to FFFFFFFFFFFF

    • co-bits — 00, 01, 10 or 11

    • color-value — 0 to 4294967295

  • large-commasn-or-ex:val-or-ex:val-or-ex

Platforms

All

community

Syntax

community comm-id

no community [comm-id]

Context

[Tree] (config>service>vprn>static-route-entry>ip-sec-tunnel community)

Full Context

configure service vprn static-route-entry ip-sec-tunnel community

Description

This configuration option associates a BGP community with the static route. The community can be matched in route policies and is automatically added to BGP routes exported from the static route.

The no form of this command removes the community association.

Default

no community

Parameters

comm-id

Specifies community IDs, up to 72 characters.

Values

[2 byte asnumber:comm-val | well-known-comm]

where:

  • 2 byte as-number — 0 to 65535

  • comm-val — 0 to 65535

  • well-known-commno-export | no-export-subconfed | no-advertise

community

Syntax

community community-name

no community

Context

[Tree] (config>router>ldp>session-params>peer community)

[Tree] (config>router>ldp>targeted-session>peer-template community)

Full Context

configure router ldp session-parameters peer community

configure router ldp targeted-session peer-template community

Description

This command configures a community name associated with a targeted session to a specified peer. The community is a local configuration for a targeted session. FECs received over a session of a given community are taken to belong to that community, and are redistributed over sessions of the same community.

The SR OS router uses the following rules for community:

  • If both the session parameters for a specified peer and targeted peer template that is applied to session have the default configuration then no community applies.

  • If the session parameters for a peer have the default configuration, but targeted session peer template has an explicit configuration for community, then the targeted peer template configuration will be used.

  • If the session parameters have an explicit configuration for community, and the targeted session peer template has the default configuration, then the session parameter configuration applies.

  • If both session parameters and targeted peer template have an explicit configuration for community, then the session parameter configuration is used.

The no form of this command removes the community from the session to the peer. FEC subsequently received over the session are treated as having no community.

Default

no community

Parameters

community-name

Specifies the string defining the LDP community assigned to the session. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string.

Platforms

All

community

Syntax

community comm-id

no community [comm-id]

Context

[Tree] (config>router>static-route-entry>next-hop community)

[Tree] (config>router>static-route-entry>black-hole community)

[Tree] (config>router>static-route-entry>indirect community)

Full Context

configure router static-route-entry next-hop community

configure router static-route-entry black-hole community

configure router static-route-entry indirect community

Description

This command associates one BGP community (standard, extended or large) with a next-hop of the static route. This community can be matched in route policies and automatically added to BGP routes that are created from the static route.

Any community specified in one of these contexts is overridden by any communities specified at the prefix level of the static route entry.

The no form of this command removes the association.

Default

no community

Parameters

comm-id

Specifies a BGP community value, up to 72 characters.

Values

[as-num:comm-val | well-known-comm | ext-comm | large-comm]

where:

  • as-num — 0 to 65535

  • comm-val — 0 to 65535

  • well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole

  • ext-comm — the extended community, defined as one of the following:

    • {target | origin}:ip-address:comm-val

    • {target | origin}:asnum:ext-comm-val

    • {target | origin}:ext-asnum:comm-val

    • bandwidth:asnum:val-in-mbps

    • ext:4300:ovstate

    • ext:value1:value2

    • color:co-bits:color-value

    where:

    • target — route target

    • origin — route origin

    • ip-address — a.b.c.d

    • ext-comm-val — 0 to 4294967295

    • ext-asnum — 0 to 4294967295

    • val-in-mbps — 0 to 16777215

    • ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)

    • value1 — 0000 to FFFF

    • value2 — 0 to FFFFFFFFFFFF

    • co-bits — 00, 01, 10 or 11

    • color-value — 0 to 4294967295

  • large-commasn-or-ex:val-or-ex:val-or-ex

Platforms

All

community

Syntax

community comm-id [comm-id]

no community [comm-id [comm-id]]

Context

[Tree] (config>router>static-route-entry community)

Full Context

configure router static-route-entry community

Description

This command associates a list of up to 12 BGP communities (any mix of standard, extended, and large communities) with the static route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the static route.

The communities specified at this level of the static route causes communities configured under the next-hop, black-hole and indirect contexts of the static route to be ignored.

The no form of this command removes the association.

Default

no community

Parameters

comm-id

Specifies a BGP community value, up to 72 characters.

Values

[as-num:comm-val | well-known-comm | ext-comm | large-comm]

where:

  • as-num — 0 to 65535

  • comm-val — 0 to 65535

  • well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole

  • ext-comm — the extended community, defined as one of the following:

    • {target | origin}:ip-address:comm-val

    • {target | origin}:asnum:ext-comm-val

    • {target | origin}:ext-asnum:comm-val

    • bandwidth:asnum:val-in-mbps

    • ext:4300:ovstate

    • ext:value1:value2

    • color:co-bits:color-value

    where:

    • target — route target

    • origin — route origin

    • ip-address — a.b.c.d

    • ext-comm-val — 0 to 4294967295

    • ext-asnum — 0 to 4294967295

    • val-in-mbps — 0 to 16777215

    • ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)

    • value1 — 0000 to FFFF

    • value2 — 0 to FFFFFFFFFFFF

    • co-bits — 00, 01, 10 or 11

    • color-value — 0 to 4294967295

  • large-commasn-or-ex:val-or-ex:val-or-ex

Platforms

All

community

Syntax

community community-string [hash | hash2 | custom] access-permissions [version SNMP-version] [src-access-list list-name]

no community community-string [hash | hash2 | custom]

Context

[Tree] (config>system>security>snmp community)

Full Context

configure system security snmp community

Description

This command creates SNMP community strings for SNMPv1 and SNMPv2c access. This command is used in combination with the predefined access groups and views. To create custom access groups and views and associate them with SNMPv1 or SNMPv2c access use the usm-community command.

When configured, community implies a security model for SNMPv1 and SNMPv2c only.

For SNMPv3 security, the access group command must be configured.

The no form of the command removes the specified community string.

Parameters

community-string

Configures the SNMPv1 and/or SNMPv2c community string.

Values

community-string — Specifies the community string. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

hash-key — Up to 33 characters

hash2-key — Up to 96 characters

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

access-permissions

Configures the access permissions for objects in the MIB.

r — Grants only read access to objects in the MIB, except security objects, using the internal "snmp-ro" access group and the "no-security" snmp view.

rw — Grants read and write access to all objects in the MIB, using the internal "snmp-rw" access group and the "no-security" snmp view.

rwa — Grants read and write access to all objects in the MIB, including security, using the internal snmp-rwa access group and the iso snmp view.

mgmt — Assigns a unique SNMP community string for SNMP access via the management router instance. This community uses the internal snmp-mgmt access group and the mgmt snmp view.

vpls-mgmt — Assigns a unique SNMP community string for SNMP access via the vpls-management router instance. This community uses the internal snmp-vpls-mgmt access group and mgmt-view snmp view.

version {v1 | v2c | both}

Configures the scope of the community string to be for SNMPv1, SNMPv2c, or both SNMPv1 and SNMPv2c access.

Default

both

list-name

Configures the community to reference a specific src-access-list, which will be used to validate the source IP address of all received SNMP requests that use this community. Multiple community, usm-community, or VPRN SNMP community instances can reference the same src-access-list.

Platforms

All

community

Syntax

[no] community name

Context

[Tree] (config>router>policy-options community)

Full Context

configure router policy-options community

Description

This command creates a route policy community list or expression to use in route policy entries. A community list is an unordered set of community values (members). In general a route matches a community list if it has any of the member values. A community expression is a set of community values that are arranged in a logical expression using operators such as AND, OR, and NOT. A route matches a community expression if it satisfies the logic of the expression.

For additional information, see the expression and members commands in the config> router>policy-options>community context.

The no form of this command deletes the community list or the provided community ID.

Default

no community

Parameters

name

Specifies the community list name. Allowed values are any string up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

Platforms

All

community

Syntax

community add name [name]

community remove name [name]

community replace name [name]

no community

Context

[Tree] (config>router>policy-options>policy-statement>entry>action community)

[Tree] (config>router>policy-options>policy-statement>default-action community)

Full Context

configure router policy-options policy-statement entry action community

configure router policy-options policy-statement default-action community

Description

This command adds or removes a BGP community list to or from routes matching the route policy statement entry.

If no community list is specified, the community path attribute is not changed.

The community list changes the community path attribute according to the add and remove keywords.

The no form of this command disables the action to edit the community path attribute for the route policy entry.

Default

no community

Parameters

name

Specifies up to 28 names.

add

The specified community list is added to any existing list of communities.

remove

The specified community list is removed from the existing list of communities.

replace

The specified community list replaces any existing community attribute. name — The community list name. Allowed values are any string up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".

Platforms

All

community

Syntax

community comm-name

community expression expression

no community

Context

[Tree] (config>router>policy-options>policy-statement>entry>from community)

Full Context

configure router policy-options policy-statement entry from community

Description

This command adds or removes a BGP community list to or from routes matching the route policy statement entry.

If no community list is specified, the community path attribute is not changed.

The community list changes the community path attribute according to the add and remove keywords.

The no form of this command disables the action to edit the community path attribute for the route policy entry.

Default

no community

Parameters

comm-name

Specifies up to 28 names.

expression

Applies parameters to routes matching the entry.

Values

expression is one of the following up to 900 characters:

<expression> {AND| OR} <expression>

[NOT] ( <expression> )

[NOT] "["<comm-name>"]

Platforms

All

community-count

community-count

Syntax

community-count count [equal | or-higher | or-lower] [standard | extended | large]

no community-count

Context

[Tree] (config>router>policy-options>policy-statement>entry>from community-count)

Full Context

configure router policy-options policy-statement entry from community-count

Description

This command matches BGP routes based on community length (that is, the number of community members in the COMMUNITY, EXTENDED_COMMUNITY, or LARGE_COMMUNITY the attributes).

If no comparison qualifiers are present (equal, or-higher, or-lower), then equal is the implied default.

Without the optional standard, extended, or large keyword, the community length applies to the total number of communities, of all types. If some keywords are present, then only the types specified are counted against the limit.

A non-BGP route does not match a policy entry if it contains the community-count command.

Default

no community-count

Parameters

count

Specifies the number of community members.

Values

0 to 1024, or a parameter, up to 32 characters, name delimited by a starting and ending at-sign (@) character

equal

Specifies that matched routes should have the same number of AS path elements as the value specified.

or-higher

Specifies that matched routes should have the same or a greater number of community members as the value specified.

or-lower

Specifies that matched routes should have the same or a lower number of community members as the value specified.

standard

Specifies that only communities in the COMMUNITY attribute should be counted.

extended

Specifies that only communities in the EXTENDED_COMMUNITY attribute should be counted.

large

Specifies that only communities in the LARGE_COMMUNITY attribute should be counted.

Platforms

All

compare

compare

Syntax

compare source1 to source2

Context

[Tree] (admin compare)

Full Context

admin compare

Description

This command displays the differences between rollback checkpoints and the active operational configuration, with source1 as the base/first file to which source2 is compared.

A compare operation does not check authorization of each line of output. Permission to execute the compare operation from the admin branch of CLI (authorization for the admin rollback compare or admin compare command itself) should only be given to users who are allowed to view the entire configuration, similar to permissions for admin display-config.

Default

The defaults for source1 and source2 are context aware and differ based on the branch in which the command is executed. In general, the default for source1 matches the context from which the command is issued.

  • In the admin node: No defaults. source1 and source2 must be specified.

  • In the admin>rollback node:

    source1 default = active-cfg, source2 default = latest-rb

    compare: equivalent to "compare active-cfg to latest-rb”

    compare to source2: equivalent to "compare active-cfg to source2”

  • In a config>xx node:

    compare to source2: equivalent to "compare active-cfg to source2”

Parameters

source1, source2

Specifies comparison information.

Values

active-cfg — The current operational configuration that is active in the node.

latest-rb — The most recent rollback checkpoint (the checkpoint file at the configured rollback-location with "*.rb” as the suffix).

rescue — The rescue configuration (at the configured rescue-location).

checkpoint-id — An ID indicating a specific rollback checkpoint. A checkpoint-id of 1 indicates the rollback checkpoint file (at the configured rollback-location) with "*.rb.1” as the suffix, 2 for file "*.rb.2”, and so on.

Platforms

All

compare

Syntax

compare [to checkpoint2]

compare checkpoint1 to checkpoint2

Context

[Tree] (admin>rollback compare)

Full Context

admin rollback compare

Description

This command can be used in any branch under configure, but not with configure itself. The command syntax, parameter names, and default values are context aware and will differ based on the branch in which the command is executed.

This command displays the differences between rollback checkpoints and the active operational configuration, with checkpoint1 as the base/first file to which checkpoint2 is compared. This command displays the comparison for the configuration context where it is entered and all branches below that context level.

A compare operation does not check authorization of each line of output. Permission to execute the compare operation from the admin branch of CLI (authorization for the admin rollback compare or admin compare command itself) should only be given to users who are allowed to view the entire configuration, similar to permissions for admin display-config.

Default

The defaults for checkpoint1 and checkpoint2 are context-aware and differ based on the branch in which the command is executed. In general, the default for checkpoint1 matches the context from which the command is issued.

  • In the admin node: No defaults. checkpoint1 and checkpoint2 must be specified.

  • In the admin>rollback node:

    checkpoint1 default = active-cfg, checkpoint2 default = latest-rb

    compare: equivalent to "compare active-cfg to latest-rb”

    compare to checkpoint2: equivalent to "compare active-cfg to checkpoint2”

  • In a config>xx node:

    compare to checkpoint2: equivalent to "compare active-cfg to checkpoint2”

Parameters

checkpoint1, checkpoint2

Specifies comparison information.

Values

active-cfg — The current operational configuration that is active in the node.

latest-rb — The most recent rollback checkpoint (the checkpoint file at the configured rollback-location with "*.rb” as the suffix).

rescue — The rescue configuration (at the configured rescue-location).

checkpoint-id — An ID indicating a specific rollback checkpoint. A checkpoint-id of 1 indicates the rollback checkpoint file (at the configured rollback-location) with "*.rb.1” as the suffix, 2 for file "*.rb.2”, and so on.

Platforms

All

compare-origin-validation-state

compare-origin-validation-state

Syntax

[no] compare-origin-validation-state

Context

[Tree] (config>service>vprn>bgp>best-path-selection compare-origin-validation-state)

Full Context

configure service vprn bgp best-path-selection compare-origin-validation-state

Description

This command enables the comparison of origin validation states during the BGP decision process. When this command is configured, a new step is inserted in the BGP decision process after the removal of invalid routes and before the comparison of Local Preference. This step compares the origin validation state so a BGP route with a "Valid” state is preferred over a BGP route with a "Not-Found” state. A BGP route with a "Not-Found” state is preferred over a BGP route with an "Invalid” state assuming that these routes are considered "usable”.

This comparison only applies to BGP routes learned from VPRN BGP peers. It does not apply to any comparison involving BGP-VPN routes that have been imported into the VPRN.

The no form of this command causes the new step to be skipped during the BGP decision process.

Default

no compare-origin-validation-state

Platforms

All

compare-origin-validation-state

Syntax

[no] compare-origin-validation-state

Context

[Tree] (config>router>bgp>best-path-selection compare-origin-validation-state)

Full Context

configure router bgp best-path-selection compare-origin-validation-state

Description

When this command is configured, a new step is inserted in the BGP decision process after removal of invalid routes and before the comparison of Local Preference. The new step compares the RPKI origin validation state so that a BGP route with a 'Valid’ state is preferred over a BGP route with a 'Not-Found’ state, and a BGP route with a 'Not-Found’ state is preferred over a BGP route with an 'Invalid’ state assuming that these routes are considered 'usable’.

The new step is skipped when no compare-origin-validation-state is configured.

Default

no compare-origin-validation-state

Platforms

All

compatibility

compatibility

Syntax

compatibility mode

Context

[Tree] (config>port>dwdm>coherent compatibility)

Full Context

configure port dwdm coherent compatibility

Description

This command configures the optical mode and rate of operation.

Parameters

mode

Specifies the optical mode.

Values

long-haul - The port operates in the native long-haul mode.

long-haul-non-diff - The port operates in the native long-haul mode using non-differential encoding.

metro - The port operates in the native metro regional mode.

access - The port operates in the native access mode (80km reach).

interop - The port operates in the third party interop mode.

interop2 - The port operates in the third party interop mode with alternate differential encoding.

interop3 - The port operates in the CFP2-DCO Rev A0 Staircase FEC interop mode.

oif-400g-zr - The port operates in compliance with the OIF 400G ZR implementation agreement (IA). This parameter is only supported for use with 400G ZR and 400G ZR+ pluggable transceiver modules.

open-zrp-ofec1 - The port operates in compliance with the OpenZR+ multi-source agreement (MSA) (100GHz spacing). This parameter is only supported for use with 400G ZR and 400G ZR+ pluggable transceiver modules.

open-zrp-ofec2 - The port operates in compliance with the OpenZR+ MSA (75 GHz spacing). This parameter is only supported for use with 400G ZR and 400G ZR+ pluggable transceiver modules.

Default

long-haul

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

compatible-rfc1583

compatible-rfc1583

Syntax

[no] compatible-rfc1583

Context

[Tree] (config>service>vprn>ospf compatible-rfc1583)

Full Context

configure service vprn ospf compatible-rfc1583

Description

This command enables OSPF summary and external route calculations in compliance with RFC 1583 and earlier RFCs.

RFC 1583 and earlier RFCs use a different method to calculate summary and external route costs. To avoid routing loops, all routers in an OSPF domain should perform the same calculation method.

Although it would be favorable to require all routers to run a more current compliance level, this command allows the router to use obsolete methods of calculation.

This command is not supported in OSPF3.

The no form of this command enables the post-RFC1583 method of summary and external route calculation.

Default

compatible-rfc1583 — RFC 1583 compliance is enabled.

Platforms

All

compatible-rfc1583

Syntax

[no] compatible-rfc1583

Context

[Tree] (config>router>ospf compatible-rfc1583)

Full Context

configure router ospf compatible-rfc1583

Description

This command enables OSPF summary and external route calculations in compliance with RFC1583 and earlier RFCs.

RFC1583 and earlier RFCs use a different method to calculate summary and external route costs. To avoid routing loops, all routers in an OSPF domain should perform the same calculation method.

Although it would be favorable to require all routers to run a more current compliance level, this command allows the router to use obsolete methods of calculation.

The no form of this command enables the post-RFC1583 method of summary and external route calculation.

Default

compatible-rfc1583

Platforms

All

compatible-version

compatible-version

Syntax

compatible-version version

no compatible-version

Context

[Tree] (config>eth-ring compatible-version)

Full Context

configure eth-ring compatible-version

Description

This command configures eth-ring compatibility version for the G.8032 state machine and messages. The default is version 2 and all router switches use this version. If there is a need to interwork with third party devices that only support version 1 this can be set to version 1.

The no form of this command set the compatibility version to 2.

Default

compatible-version 2

Parameters

version

Specifies the version of the G.8032 state machine.

Values

1, 2

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

complexity-rules

complexity-rules

Syntax

complexity-rules

Context

[Tree] (config>system>security>password complexity-rules)

Full Context

configure system security password complexity-rules

Description

This command defines a list of rules for configurable password options.

Note:

This command applies to local users.

Platforms

All

comprehensive

comprehensive

Syntax

comprehensive

Context

[Tree] (config>app-assure>group>cflowd comprehensive)

Full Context

configure application-assurance group cflowd comprehensive

Description

Commands in this context configure cflowd comprehensive statistics output parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

conditional-expression

conditional-expression

Syntax

conditional-expression

Context

[Tree] (config>router>policy-options>policy-statement>entry conditional-expression)

Full Context

configure router policy-options policy-statement entry conditional-expression

Description

This command creates the context to configure a route existence expression.

Platforms

All

confederation

confederation

Syntax

confederation confed-as-num [members as-number [as-number]]

no confederation confed-as-num members as-number [as-number]

no confederation

Context

[Tree] (config>service>vprn confederation)

Full Context

configure service vprn confederation

Description

This command configures the VPRN BGP instance to participate in a BGP confederation. BGP confederations can be used to reduce the number of IBGP sessions required within an AS.

When a VPRN BGP instance is part of a confederation, it can form confederation-EBGP sessions with CE router peers in a different sub-autonomous systems of the same confederation as well as regular EBGP sessions with CE router peers outside the confederation. A VPRN BGP instance that is part of a confederation cannot import or export its routes to the base router instance (as VPN-IP routes).

The no form of this command deletes the specified member AS from the confederation. When members are not specified in the no statement, the entire list is removed and confederations is disabled. When the last member of the list is removed, confederations is disabled.

Default

no confederation

Parameters

confed-as-num

The confederation AS number defined as a decimal value.

Values

1 to 4294967295

members as-number

The AS number(s) that are members of the confederation, each expressed as a decimal integer. Configure up to 15 members per confed-as-num.

Values

1 to 4294967295

Platforms

All

confederation

Syntax

confederation confed-as-num [members as-number [as-number]]

no confederation confed-as-num members as-number [as-number]

no confederation

Context

[Tree] (config>router confederation)

Full Context

configure router confederation

Description

This command creates confederation autonomous systems within an AS.

This technique is used to reduce the number of IBGP sessions required within an AS. Route reflection is another technique that is commonly deployed to reduce the number of IBGP sessions.

The no form of this command deletes the specified member AS from the confederation.

When no members are specified in the no statement, the entire list is removed and confederation is disabled.

When the last member of the list is removed, confederation is disabled.

Default

no confederation - no confederations are defined.

Parameters

confed-as-num

Specifies the confederation AS number expressed as a decimal integer.

Values

1 to 65535

as-number

Specifies the AS number of members that are part of the confederation, expressed as a decimal integer. Up to 15 members per confed-as-num can be configured.

Values

1 to 65535

Platforms

All

confidence

confidence

Syntax

confidence eq equal-value

confidence gte greater-than-or-equal-value

confidence lt less-than-value

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match>flow-attribute confidence)

[Tree] (config>app-assure>group>policy>charging-filter>entry>match>flow-attribute confidence)

Full Context

configure application-assurance group policy app-qos-policy entry match flow-attribute confidence

configure application-assurance group policy charging-filter entry match flow-attribute confidence

Description

This command configures the confidence level of the flow attribute for use as match criteria.

Parameters

eq equal-value

Specifies that a successful match occurs when the flow attribute confidence level is equal to the specified value.

Values

0 to 100

gte greater-than-or-equal-value

Specifies that a successful match occurs when the flow attribute confidence level is greater than or equal to the specified value.

Values

0 to 100

lt less-than-value

Specifies that a successful match occurs when the flow attribute confidence level is less than the specified value.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

config-backup

config-backup

Syntax

config-backup count

no config-backup

Context

[Tree] (config>system config-backup)

Full Context

configure system config-backup

Description

This command configures the maximum number of backup versions maintained for configuration files and BOF.

For example, assume the config-backup count is set to 5 and the configuration file is called xyz.cfg. When the configuration is saved, the file xyz.cfg is saved with a 1 extension. Each configuration save increments the numeric extension until the maximum count is reached.

xyz.cfg xyz.cfg.1 xyz.cfg.2 xyz.cfg.3 xyz.cfg.4 xyz.cfg.5

Each classic CLI persistent index file is updated at the same time as the associated configuration file. When the index file is updated, then the save is performed to xyz.cfg and the index file is created as xyz.ndx. Synchronization between the active and standby CPM is performed for all configurations and their associated persistent index files.

The no form of the command returns the configuration to the default value.

Default

config-backup 50

Parameters

count

Specifies the maximum number of backup revisions.

Values

1 to 200

Platforms

All

configuration-mode

configuration-mode

Syntax

configuration-mode {classic | mixed | model-driven}

Context

[Tree] (config>system>management-interface configuration-mode)

Full Context

configure system management-interface configuration-mode

Description

This command controls which management interfaces are used for editing and changing the configuration of the router.

Any management interface can be used in any configuration mode (to gather state information or perform operations, for example), but only specific management interfaces (CLI, NETCONF, and so on) are allowed to edit the configuration of the router in different modes. For example, only classic CLI and SNMP can be used to edit the configuration when in classic mode.

Default

configuration-mode model-driven

Parameters

classic

Enables editing of router configuration via classic CLI and SNMP management interfaces, but not using model-driven interfaces.

model-driven

Enables editing of router configuration via model-driven management interfaces (NETCONF with 'Nokia' YANG models, MD-CLI or gRPC), but not using classic interfaces.

mixed

Enables editing of router configuration using a mix of classic CLI and/or model-driven management interfaces (with some restrictions and limitations).

Platforms

All

configure

configure

Syntax

configure

Context

[Tree] ( configure)

Full Context

configure

Description

Commands in this context edit the system configuration.

Platforms

All

confirm

confirm

Syntax

confirm

Context

[Tree] (candidate confirm)

Full Context

candidate confirm

Description

This command is used to stop an automatic reversion to the previous configuration after the candidate commit confirmed command was used. If the confirm command is not executed before the commit confirmed timeout period expires then the previous commit changes will be undone and the previous candidate configuration will be available for editing and a subsequent commit.

During the countdown the contents of the candidate will remain visible (candidate view) and changes to the candidate are blocked until the timeout is completed or the candidate confirm command is executed. Executing the confirm command clears the contents of the candidate and allows editing of the candidate.

Platforms

All

cong-priority-threshold

cong-priority-threshold

Syntax

cong-priority-threshold preference-level

no cong-priority-threshold

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle cong-priority-threshold)

Full Context

configure mcast-management multicast-info-policy bundle cong-priority-threshold

Description

This command defines the preference level threshold where records change from low congestion priority to high congestion priority. Congestion priority is used by the ingress multicast path queues to map packets entering the queue to either the low drop-tail or the MBS drop-tail threshold. If congestion occurs on the queue, the queue depth increases. As the queue depth increases beyond the low drop-tail, packets with low priority congestion priority are discarded. This leaves room in the queue for packets with high congestion priority until the queue reaches the MBS threshold.

The default congestion priority threshold is 4. This means that multicast channels with a preference level of 0 to 3 are treated as having low congestion priority and channels with preference level of 4 to 7 are treated as having a high congestion priority. The cong-priority-threshold command can be used to change the default threshold. Any multicast channel with a preference equal to or higher than the configured threshold is treated with high congestion priority.

The cong-priority-threshold value is also used by the multicast CAC manager to derive the class of a channel matched by the multicast information policy. Channels with a preference less than the configured threshold are treated as low class and channels with a preference equal to or greater than the threshold is treated as high class.

Changing the cong-priority-threshold value causes all channels congestion priority to be reevaluated. Both the ingress multicast path managers and multicast CAC managers must be updated.

The no form of this command restores the default congestion priority preference threshold value.

Default

cong-priority-threshold 4

Parameters

preference-level

Specifies the cong-priority-threshold where records change from low congestion priority to high congestion priority.

Values

0 to 7

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

congestion-override

congestion-override

Syntax

congestion-override

Context

[Tree] (config>app-assure>group>policer congestion-override)

Full Context

configure application-assurance group policer congestion-override

Description

Commands in this context configure per subscriber congestion bandwidth policer override rates.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

congestion-override-stage2

congestion-override-stage2

Syntax

congestion-override-stage2

Context

[Tree] (config>app-assure>group>policer congestion-override-stage2)

Full Context

configure application-assurance group policer congestion-override-stage2

Description

Commands in this context configure per-subscriber stage 2 congestion bandwidth policer override rates.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

congestion-threshold

congestion-threshold

Syntax

congestion-threshold percent

no congestion-threshold

Context

[Tree] (config>qos>hw-agg-shap-sched-plcy congestion-threshold)

Full Context

configure qos hw-agg-shaper-scheduler-policy congestion-threshold

Description

This command configures the congestion threshold for the hardware aggregate shaper scheduler policy, which, if exceeded, triggers the hardware aggregate scheduler algorithm.

Default

congestion-threshold 90

Parameters

percent

Specifies the congestion threshold as a percentage of the scheduler rate.

Values

0 to 100

Platforms

7750 SR-1, 7750 SR-s

connect-retry

connect-retry

Syntax

connect-retry seconds

no connect-retry

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy connect-retry)

Full Context

configure subscriber-mgmt bgp-peering-policy connect-retry

Description

This command configures the BGP connect retry timer value in seconds.

When this timer expires, BGP tries to reconnect to the configured peer.

The no form of this command used at the global level reverts to the default value.

Default

connect-retry 120

Parameters

seconds

The BGP Connect Retry timer value in seconds, expressed as a decimal integer.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

connect-retry

Syntax

connect-retry seconds

no connect-retry

Context

[Tree] (config>service>vprn>bgp>group connect-retry)

[Tree] (config>service>vprn>bgp connect-retry)

[Tree] (config>service>vprn>bgp>group>neighbor connect-retry)

Full Context

configure service vprn bgp group connect-retry

configure service vprn bgp connect-retry

configure service vprn bgp group neighbor connect-retry

Description

This command configures the BGP connect retry timer value in seconds.

When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), peer-group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

120 seconds

Parameters

seconds

Specifies the BGP connect retry timer value in seconds, expressed as a decimal integer.

Values

1 to 65535

Platforms

All

connect-retry

Syntax

connect-retry seconds

no connect-retry

Context

[Tree] (config>router>origin-validation>rpki-session connect-retry)

Full Context

configure router origin-validation rpki-session connect-retry

Description

This command configures the time in seconds to wait between one TCP connection attempt that fails and the next attempt. The default (with no connect-retry) is 120 seconds.

Default

no connect-retry

Parameters

seconds

Specifies time in seconds.

Values

1 to 65535

Platforms

All

connect-retry

Syntax

connect-retry seconds

no connect-retry

Context

[Tree] (config>router>bgp>group>neighbor connect-retry)

[Tree] (config>router>bgp connect-retry)

[Tree] (config>router>bgp>group connect-retry)

Full Context

configure router bgp group neighbor connect-retry

configure router bgp connect-retry

configure router bgp group connect-retry

Description

This command configures the BGP connect retry timer value in seconds.

When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), peer-group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

connect-retry 120

Parameters

seconds

The BGP Connect Retry timer value in seconds expressed as a decimal integer.

Values

1 to 65535

Platforms

All

connect-retry

Syntax

connect-retry seconds

no connect-retry

Context

[Tree] (config>bmp>station>connection connect-retry)

Full Context

configure bmp station connection connect-retry

Description

This command configures the BMP connect retry timer value. When this timer expires, BMP tries to reconnect to the configured monitoring station. This timer is applicable when the connection to the monitoring station is not yet established.

The no form of this command reverts to the default value.

Default

connect-retry 120

Parameters

seconds

Specifies the BMP connect retry timer in seconds.

Values

1 to 65535

Platforms

All

connection

connection

Syntax

connection connection-id [create]

no connection connection-id

Context

[Tree] (config>service>ies>sub-if>grp-if>bonding-parameters connection)

[Tree] (config>service>vprn>sub-if>grp-if>bonding-parameters connection)

Full Context

configure service ies subscriber-interface group-interface bonding-parameters connection

configure service vprn subscriber-interface group-interface bonding-parameters connection

Description

This command configures a node where per-connection parameters can be defined. The ID is used as a connection identifier for bonding whenever differentiation between connections is required.

The no form of this command removes the connection configuration from this bonding context, which can only be done when bonding is administratively disabled.

Parameters

connection-id

Specifies the connection ID to be assigned to connections matching the node’s parameters.

Values

1,2

connection

Syntax

connection connection-id

connection use-incoming

Context

[Tree] (config>service>vprn>sub-if>grp-if>bonding-parameters>mcast connection)

[Tree] (config>service>ies>sub-if>grp-if>bonding-parameters>mcast connection)

Full Context

configure service vprn subscriber-interface group-interface bonding-parameters mcast connection

configure service ies subscriber-interface group-interface bonding-parameters mcast connection

Description

This command configures the connection that should be used for sending out multicast traffic in a bonding context. Traffic can either be forced to use one connection-id or follow the connection where the setup message (IGMP/MLD) was received first (use-incoming).

The no form of this command removes the connection configuration from this bonding context, which can only be done when bonding is administratively disabled.

Default

connection use-incoming

Parameters

connection-id

Specifies the connection ID.

Values

1, 2

connection

Syntax

connection

Context

[Tree] (config>bmp>station connection)

Full Context

configure bmp station connection

Description

Commands in this context configure connection parameters for the BMP monitoring station.

Platforms

All

connection-profile-vlan

connection-profile-vlan

Syntax

connection-profile-vlan conn-prof-id [create]

no connection-profile-vlan conn-prof-id

Context

[Tree] (config connection-profile-vlan)

Full Context

configure connection-profile-vlan

Description

Commands in this context configure the VLAN ranges that will be associated with a service SAP.

Each connection-profile-vlan must be explicitly configured.

Parameters

conn-prof-id

Specifies the connection-profile identifier. This value will be configured in the service along with the SAP when the user associates a VLAN bundle to a single SAP. For example, a SAP defined in a dot1q port 1/1/1 that matches all the VLANs defined in the connection-profile-vlan 1 will be created as 'sap 1/1/1:cp-1 create'.

Values

1 to 8000

Platforms

All

connection-timeout

connection-timeout

Syntax

connection-timeout seconds

no connection-timeout

Context

[Tree] (config>system>management-interface>remote-management connection-timeout)

Full Context

configure system management-interface remote-management connection-timeout

Description

This command configures the amount of time that all remote managers cannot be reached before they are considered to be down.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command reverts to the default.

Default

connection-timeout 60

Parameters

seconds

Specifies the connection timeout in seconds.

Values

1 to 3600

Platforms

All

connection-timeout

Syntax

connection-timeout seconds

no connection-timeout

Context

[Tree] (config>system>management-interface>remote-management>manager connection-timeout)

Full Context

configure system management-interface remote-management manager connection-timeout

Description

This command configures the amount of time that this remote manager cannot be reached before it is considered to be down.

This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).

The no form of this command reverts to the default.

Default

connection-timeout 60

Parameters

seconds

Specifies the connection timeout in seconds.

Values

1 to 3600

Platforms

All

connection-timer

connection-timer

Syntax

connection-timer seconds

no connection-timer

Context

[Tree] (config>aaa>diam>node connection-timer)

[Tree] (config>aaa>diam>node>peer connection-timer)

Full Context

configure aaa diameter node connection-timer

configure aaa diameter node peer connection-timer

Description

This command configures the Diameter node connection timer that defines the time the systems waits before attempting to reconnect to a peer after the connection was lost.

The no form of this command reverts to the default.

Default

connection-timer 30

Parameters

seconds

Specifies the Diameter node connection timer.

Values

1 to 1000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

connectivity-association

connectivity-association

Syntax

connectivity-association ca-name [create]

no connectivity-association ca-name

Context

[Tree] (config>macsec connectivity-association)

Full Context

configure macsec connectivity-association

Description

This command configures a connectivity association. MACsec connectivity associations are applied to a port dot1x configuration to enable MACsec on that port.

The no form of this command removes the connectivity association.

Parameters

ca-name

The name of the connectivity association, a string up to 32 characters long.

create

Mandatory while creating an entry.

Platforms

All

connectivity-verification

connectivity-verification

Syntax

connectivity-verification [count nr-of-attempts] [timeout timeout-seconds] [retry-time retry-seconds]

no connectivity-verification

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile connectivity-verification)

Full Context

configure subscriber-mgmt vrgw brg brg-profile connectivity-verification

Description

This command configures the BRG connectivity verification. The system uses ICMP Echo request messages for connectivity verification.

When the last host associated with a BRG is removed, a ping mechanism is used to verify if the BRG is still active. This command specifies the parameters used in this mechanism.

The no form of this command disables the BRG ping mechanism and removes the BRG without verification. Any configured hold time still applies.

Default

connectivity-verification count 3 timeout 30 retry-time 900

Parameters

nr-of-attempts

Specifies the number of connectivity verification attempts this system makes before a BRG is considered down.

Values

1 to 5

timeout-seconds

Specifies the time, in seconds, after which an unanswered ping is considered failed.

Values

5 to 60

retry-seconds

Specifies the time, in seconds, that the system waits while it considers a BRG down before it starts a new connectivity verification cycle. If a ping succeeds, the mechanism will be retried after this time.

Values

300 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

connectivity-verify

connectivity-verify

Syntax

connectivity-verify

Context

[Tree] (config>redundancy>mc>peer>mcr>ring connectivity-verify)

[Tree] (config>redundancy>mc>peer>mc>l3-ring connectivity-verify)

Full Context

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify

configure redundancy multi-chassis peer multi-chassis l3-ring connectivity-verify

Description

Commands in this context configure a node connectivity check.

Platforms

All

connector

connector

Syntax

connector

Context

[Tree] (config>port connector)

Full Context

configure port connector

Description

Commands in this context configure connector parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

consider-system-ip-in-gep

consider-system-ip-in-gep

Syntax

[no] consider-system-ip-in-gep

Context

[Tree] (config>router>ldp consider-system-ip-in-gep)

Full Context

configure router ldp consider-system-ip-in-gep

Description

When this command is enabled, the system interprets the presence or absence of the system IP and its associated action in the applied Global Export Policies in the same way as for other interfaces' IP addresses. In that case:

  • if the system IP is not present, its FEC will not be exported or it will be withdrawn if it has been exported

  • if the system IP is present with "accept", its FEC will be exported

  • if the system IP is present with "deny", its FEC will not be exported or it will be withdrawn if it had been exported

Enabling or disabling this command leads to the applied Global Export Policies being reevaluated.

The no form of this command causes the system to not interpret the presence or absence of the system IP in applied Global Export Policies, and the FEC for the system IP is exported (default behavior).

Default

no consider-system-ip-in-gep

Platforms

All

console

console

Syntax

console

Context

[Tree] (config>system>management-interface>cli>md-cli>environment console)

Full Context

configure system management-interface cli md-cli environment console

Description

Commands in this context configure console parameters.

Platforms

All

console

Syntax

console

Context

[Tree] (config>system>security>user-template console)

[Tree] (config>system>security>user console)

Full Context

configure system security user-template console

configure system security user console

Description

This command creates the context to configure user profile membership for the console (either Telnet or CPM serial port user).

Platforms

All

console-speed

console-speed

Syntax

console-speed baud-rate

no console-speed

Context

[Tree] (bof console-speed)

Full Context

bof console-speed

Description

This command configures the console port baud rate.

When this command is issued while editing the BOF file used for the most recent boot, both the BOF file and the active configuration are changed immediately.

The no form of this command reverts to the default value.

Default

console-speed 115200

Parameters

baud-rate

Specifies the console port baud rate, expressed as a decimal integer.

Values

9600, 19200, 38400, 57600, 115200

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s, 7950 XRS, VSR

constellation

constellation

Syntax

constellation gps [galileo]

Context

[Tree] (config>port>gnss constellation)

Full Context

configure port gnss constellation

Description

This command configures the GNSS systems used by the GNSS receiver on platforms containing one or more embedded GNSS receivers.

The GNSS receiver uses GPS by default. GPS must always be enabled when the GNSS receiver is used, and the GNSS receiver can be configured to use additional GNSS systems simultaneously.

Default

gps

Parameters

gps

Enables the use of the American GPS GNSS system. This keyword is always required when using the GNSS receiver.

galileo

Enables the use of the European Galileo GNSS system. This keyword is only supported on 7750 SR FP5 GNSS platforms.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se

contact

contact

Syntax

contact contact-information

no contact contact-information

Context

[Tree] (config>service>cust contact)

Full Context

configure service customer contact

Description

This command configures contact information for a customer.

Include any customer-related contact information such as a technician’s name or account contract name.

The no form of this command removes the contact information from the customer ID.

Default

no contact

Parameters

contact-information

Specifies customer contact information entered as an ASCII character string up to 80 characters in length. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Any printable, seven bit ASCII characters may be used within the string.

Platforms

All

contact

Syntax

contact contact-name

no contact

Context

[Tree] (config>system contact)

Full Context

configure system contact

Description

This command creates a text string that identifies the contact name for the device.

Only one contact can be configured, if multiple contacts are configured the last one entered will overwrite the previous entry.

The no form of the command reverts to default.

Default

no contact

Parameters

contact-name

Specifies the contact name character string. The string can be up to 80 characters long. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

context

context

Syntax

[no] context

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt context)

Full Context

configure system management-interface cli md-cli environment prompt context

Description

This command displays the current command context in the prompt.

The no form of this command suppresses the current command context in the prompt.

Default

context

Platforms

All

continuous

continuous

Syntax

[no] continuous

Context

[Tree] (config>saa>test continuous)

Full Context

configure saa test continuous

Description

This command specifies whether the SAA test is continuous. Once a test is configured as continuous, it cannot be started or stopped with the oam saa test-name {start | stop} command.

This option is not applicable to all SAA test types. Support is included for the following types:

  • cpe-ping

  • dns

  • eth-cfm-loopback

  • eth-cfm-two-way-delay

  • eth-cfm-two-way-slm

  • icmp-ping (not applicable to rapid type)

  • lsp-ping

  • mac-ping

  • sdp-ping

  • vccv-ping

  • vprn-ping

The no form of this command disables the continuous execution of the test.

Platforms

All

control

control

Syntax

control

Context

[Tree] (config>subscr-mgmt>sla-profile control)

Full Context

configure subscriber-mgmt sla-profile control

Description

This command specifies whether this SLA profile can be used by a session that is set up by a specific control plane.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

control

Syntax

control

Context

[Tree] (config>subscr-mgmt>sub-profile control)

Full Context

configure subscriber-mgmt sub-profile control

Description

Commands in this context configure the subscriber profile to be used by a session that is set up by a specific control plane.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

control-channel-status

control-channel-status

Syntax

[no] control-channel-status

Context

[Tree] (config>service>vpls>spoke-sdp control-channel-status)

[Tree] (config>service>epipe>spoke-sdp control-channel-status)

[Tree] (config>service>cpipe>spoke-sdp control-channel-status)

Full Context

configure service vpls spoke-sdp control-channel-status

configure service epipe spoke-sdp control-channel-status

configure service cpipe spoke-sdp control-channel-status

Description

This command enables the configuration of static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF.

A control-channel-status no shutdown is allowed only if all of the following are true:

  • SDP signaling is off.

  • The control-word is enabled (the control-word is disabled by default)

  • The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN

  • Mate SDP signaling is off (in vc-switched services)

  • The pw-path-id is configured for this spoke SDP.

The no form of this command removes control channel status signaling from a spoke SDP. It can only be removed if control channel status is shut down.

Default

no control-channel-status

Platforms

All

  • configure service vpls spoke-sdp control-channel-status
  • configure service epipe spoke-sdp control-channel-status

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp control-channel-status

control-channel-status

Syntax

control-channel-status

Context

[Tree] (config>service>ies>if>spoke-sdp control-channel-status)

Full Context

configure service ies interface spoke-sdp control-channel-status

Description

This command enables the configuration of static pseudowire status signaling on a spoke-SDP for which signaling for its SDP is set to OFF.

A control-channel-status no shutdown is allowed only if all of the following are true:

  • SDP signaling is off.

  • The control-word is enabled (the control-word is disabled by default)

  • The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN

  • Mate SDP signaling is off (in vc-switched services)

  • The pw-path-id is configured for this spoke-SDP.

The no form of this command removes control channel status signaling from a spoke-SDP. It can only be removed if control channel status is shut down.

Default

no control-channel-status

Platforms

All

control-channel-status

Syntax

control-channel-status

Context

[Tree] (config>service>vprn>if>spoke-sdp control-channel-status)

[Tree] (config>service>vprn>red-if>spoke-sdp control-channel-status)

Full Context

configure service vprn interface spoke-sdp control-channel-status

configure service vprn redundant-interface spoke-sdp control-channel-status

Description

This command enables the configuration of static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF.

A control-channel-status no shutdown is allowed only if all of the following are true:

  • SDP signaling is off.

  • The control-word is enabled (the control-word is disabled by default)

  • The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN

  • Mate SDP signaling is off (in vc-switched services)

  • The pw-path-id is configured for this spoke SDP.

The no form of this command removes control channel status signaling from a spoke SDP. It can only be removed if control channel status is shut down.

Default

no control-channel-status

Platforms

All

  • configure service vprn interface spoke-sdp control-channel-status

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn redundant-interface spoke-sdp control-channel-status

control-channel-status

Syntax

control-channel-status

Context

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp control-channel-status)

[Tree] (config>mirror>mirror-dest>spoke-sdp control-channel-status)

Full Context

configure mirror mirror-dest remote-source spoke-sdp control-channel-status

configure mirror mirror-dest spoke-sdp control-channel-status

Description

Commands in this context configure static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF. For more information about control channel status configuration for the spoke SDP, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN Services Guide.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

control-mep

control-mep

Syntax

[no] control-mep

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep control-mep)

Full Context

configure eth-tunnel path eth-cfm mep control-mep

Description

This command enables the Ethernet tunnel control on the MEP. The use of control-mep command is mandatory for an Ethernet tunnel. MEP detection of failure using CCM may be enabled or disabled independently of the control mep.

The no form of this command disables Ethernet ring control.

Default

no control-mep

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

control-mep

Syntax

[no] control-mep

Context

[Tree] (config>eth-ring>path>eth-cfm>mep control-mep)

Full Context

configure eth-ring path eth-cfm mep control-mep

Description

This command enables the Ethernet ring control on the MEP. The use of control-mep command is mandatory for a ring. MEP detection of failure using CCM may be enabled or disabled independently of the control mep.

The no form of this command disables Ethernet ring control.

Default

no control-mep

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

control-tag

control-tag

Syntax

control-tag qtag[.qtag]

no control-tag

Context

[Tree] (config>eth-tunnel>path control-tag)

Full Context

configure eth-tunnel path control-tag

Description

This command specifies the VLAN-ID to be used for Ethernet CFM and G.8031 control plane exchanges. If the operator wants to replace an existing control-tag, the parent path needs to be in shutdown state, then deleted and recreated before a new control-tag can be specified.

The no form of this command is used just to indicate that a control-tag is not configured. The procedure described above, based on 'no path’ command must be used to un-configure/change the control-tag assigned to the path.

Default

no control-tag

Parameters

qtag[.qtag]

Specifies the value of the VLAN ID to be used for the control tag.

Values

0 to 4094, untagged option is not supported, *

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

control-word

control-word

Syntax

[no] control-word

Context

[Tree] (config>service>vpls>bgp-evpn>mpls control-word)

[Tree] (config>service>epipe>bgp-evpn>mpls control-word)

Full Context

configure service vpls bgp-evpn mpls control-word

configure service epipe bgp-evpn mpls control-word

Description

This command enables the transmission and reception of the control-word. As defined in RFC7432, the use of the control-word helps avoid frame disordering.

It is enabled or disabled for all EVPN-MPLS destinations at the same time.

Default

no control-word

Platforms

All

control-word

Syntax

[no] control-word

Context

[Tree] (config>service>sdp>binding>pw-port control-word)

Full Context

configure service sdp binding pw-port control-word

Description

This command enables the setting of the control word bit in the label message. Control words are used to distinguish a PW payload (Ethernet) from an IP payload (identified by the first nibble past the bottom MPLS label, either 4 or 6) carried over an MPLS network.

Based on the payload type, the transit MPLS node can make an appropriate load balancing decision. Load balancing can rely on the MPLS labels, or rely on additional fields that are available only in IP header (source and destination IP addresses and ports).

The presence of a control word indicates that the header following the last MPLS label in the frame is not an IP header.

The no form of this command disables setting the control word bit in the label message.

Default

no control-word

Platforms

All

control-word

Syntax

[no] control-word

Context

[Tree] (config>service>epipe>spoke-sdp control-word)

[Tree] (config>service>ipipe>spoke-sdp control-word)

[Tree] (config>service>cpipe>spoke-sdp control-word)

Full Context

configure service epipe spoke-sdp control-word

configure service ipipe spoke-sdp control-word

configure service cpipe spoke-sdp control-word

Description

The control word command provides the option to add a control word as part of the packet encapsulation for pseudowire types for which the control word is optional. These are Ethernet pseudowires (Epipe). For the 7750 SR only, ATM N:1 cell mode pseudowires (apipe vc-types atm-vcc and atm-vpc) and VT pseudowire (apipe vc-type atm-cell).

The configuration for the two directions of the pseudowire must match because the control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported. The C-bit in the pseudowire FEC sent in the label mapping message is set to 1 when the control word is enabled. Otherwise, it is set to 0.

The service will only come up if the same C-bit value is signaled in both directions. If a spoke-sdp is configured to use the control word but the node receives a label mapping message with a C-bit clear, the node releases the label with the an "Illegal C-bit” status code as per Section 6.1 of RFC 4447. As soon as the user also enabled the control the remote peer, the remote peer will withdraw its original label and will send a label mapping with the C-bit set to 1 and the VLL service will be up in both nodes. The control word must be enabled to allow MPLS-TP OAM to be used on a static spoke-sdp in a Apipe, Epipe and Cpipe service.

Platforms

All

  • configure service epipe spoke-sdp control-word
  • configure service ipipe spoke-sdp control-word

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp control-word

control-word

Syntax

[no] control-word

Context

[Tree] (config>service>vpls>spoke-sdp control-word)

Full Context

configure service vpls spoke-sdp control-word

Description

The control word command provides the option to add a control word as part of the packet encapsulation for pseudowire types for which the control word is optional. These are Ethernet pseudowires (Epipe). For the 7750 SR only, ATM N:1 cell mode pseudowires (apipe vc-types atm-vcc and atm-vpc) and VT pseudowire (apipe vc-type atm-cell).

The configuration for the two directions of the pseudowire must match because the control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported. The C-bit in the pseudowire FEC sent in the label mapping message is set to 1 when the control word is enabled. Otherwise, it is set to 0.

The service will only come up if the same C-bit value is signaled in both directions. If a spoke-sdp is configured to use the control word but the node receives a label mapping message with a C-bit clear, the node releases the label with the an "Illegal C-bit” status code as per Section 6.1 of RFC 4447. As soon as the user also enabled the control the remote peer, the remote peer will withdraw its original label and will send a label mapping with the C-bit set to 1 and the VLL service will be up in both nodes. The control word must be enabled to allow MPLS-TP OAM to be used on a static spoke-sdp in a Apipe, Epipe and Cpipe service.

Platforms

All

control-word

Syntax

[no] control word

Context

[Tree] (config>service>vpls>spoke-sdp control-word)

[Tree] (config>service>vpls>mesh-sdp control-word)

Full Context

configure service vpls spoke-sdp control-word

configure service vpls mesh-sdp control-word

Description

This command enables the use of the control word on pseudowire packets in VPLS and enables the use of the control word individually on each mesh SDP or spoke-SDP. By default, the control word is disabled. When the control word is enabled, all VPLS packets, including the BPDU frames, are encapsulated with the control word when sent over the pseudowire. The T-LDP control plane behavior is the same as in the implementation of control word for VLL services. The configuration for the two directions of the Ethernet pseudowire should match. The no form of this command reverts the mesh SDP or spoke-SDP to the default behavior of not using the control word. The control word must be enabled to use MPLS-TP OAM on a static spoke-sdp terminating in a VPLS.

Default

no control word

Platforms

All

control-word

Syntax

[no] control-word

Context

[Tree] (config>service>ies>if>spoke-sdp control-word)

Full Context

configure service ies interface spoke-sdp control-word

Description

This command enables the PW control word on spoke-SDPs terminated on an IES or VPRN interface. The control word must be enabled to allow MPLS-TP OAM on the spoke-sdp

It is only valid for MPLS-TP spoke-SDPs when used with IES and VPRN services.

Default

no control-word

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

control-word

Syntax

[no] control-word

Context

[Tree] (config>service>vprn>red-if>spoke-sdp control-word)

[Tree] (config>service>vprn>if>spoke-sdp control-word)

Full Context

configure service vprn redundant-interface spoke-sdp control-word

configure service vprn interface spoke-sdp control-word

Description

This command enables the PW control word on spoke SDPs terminated on an IES or VPRN interface. The control word must be enabled to allow MPLS-TP OAM on the spoke SDP

It is only valid for MPLS-TP spoke SDPs when used with IES and VPRN services.

The no form of this command disables the control work on spoke SDPs.

Default

no control-word

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn redundant-interface spoke-sdp control-word

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp control-word

control-word

Syntax

[no] control-word

Context

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp control-word)

[Tree] (config>mirror>mirror-dest>spoke-sdp control-word)

Full Context

configure mirror mirror-dest remote-source spoke-sdp control-word

configure mirror mirror-dest spoke-sdp control-word

Description

This command enables the PW control word on spoke SDPs that are part of a mirror-destination.

The control word must be enabled to allow MPLS-TP OAM on a spoke SDP.

It is only valid for spoke SDPs that are part of a mirror service of type ether.

The no form of this command disables the control word.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure mirror mirror-dest remote-source spoke-sdp control-word

All

  • configure mirror mirror-dest spoke-sdp control-word

control-word

Syntax

control-word

Context

[Tree] (config>test-oam>build-packet>header control-word)

Full Context

configure test-oam build-packet header control-word

Description

This command creates a control-word header for inclusion in a build packet instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

controlword

controlword

Syntax

[no] controlword

Context

[Tree] (config>service>pw-template controlword)

Full Context

configure service pw-template controlword

Description

This command enables the use of the control word on pseudowire packets in VPLS and VPWS and enables the use of the control word individually on each mesh-sdp or spoke-sdp. By default, the control word is disabled. When the control word is enabled, all VPLS/VPWS packets, including the BPDU frames, are encapsulated with the control word when sent over the pseudowire. The T-LDP control plane behavior is the same as in the implementation of control word for VLL services. The configuration for the two directions of the Ethernet pseudowire should match.

The no form of the command reverts the mesh SDP or spoke-sdp to the default behavior of not using the control word.

Default

no controlword

Platforms

All

convergence

convergence

Syntax

convergence

Context

[Tree] (config>service>vprn>bgp convergence)

Full Context

configure service vprn bgp convergence

Description

Commands in this context configure route convergence delay.

Platforms

All

convergence

Syntax

convergence

Context

[Tree] (config>router>bgp convergence)

Full Context

configure router bgp convergence

Description

Commands in this context configure route convergence delay.

Platforms

All

convert-file

convert-file

Syntax

convert-file filename to output-file-name format {secure | legacy} [force]

Context

[Tree] (admin>certificate convert-file)

Full Context

admin certificate convert-file

Description

This command converts imported certificates and keys in the cf3:/system-pki directory between secure and legacy format.

Parameters

filename

Specifies an existing filename, up to 95 characters.

output-file-name

Specifies the output file name, up to 95 characters. If the output filename already exists, and the force keyword is not selected, the system prompts to proceed or abort.

format

Specifies the target format.

Values

secure — Specifies the enhanced secure format

legacy — Specifies the legacy format

force

Forces the conversion even if there is an existing file with the same output filename.

Platforms

All

cookie

cookie

Syntax

cookie [cookie1] [cookie2]

no cookie

Context

[Tree] (config>service>epipe>spoke-sdp>ingress>l2tpv3 cookie)

[Tree] (config>service>epipe>spoke-sdp>egress>l2tpv3 cookie)

Full Context

configure service epipe spoke-sdp ingress l2tpv3 cookie

configure service epipe spoke-sdp egress l2tpv3 cookie

Description

This command configures the RX/TX cookie for L2TPv3 spoke SDPs for Epipe services. The RX cookie must match the configured TX cookie on a far-end node, while the TX cookie must match the configured RX cookie on a far-end node. If a mismatch is detected between the configured (far-end binding cookie) to what is received by the local IP address of the SDP a flag is set and must be manually cleared by an operator.

The purpose of the cookie is to provide validation against misconfiguration of service endpoints, and to ensure that the right service egress is being used.

One egress cookie and up to two ingress cookies may be configured per spoke SDP binding. One or two cookies can be configured for matching ingress packets from the far-end node, in order to support cookie rollover without dropping packets. When a cookie is not configured, SR OS assumes a value of 00:00:00:00:00:00:00:00.

A cookie is not mandatory. An operator may delete an egress cookie or either or both ingress cookies.

Default

no cookie1 cookie2

Parameters

cookie1

Specifies the first cookie, in the form of a 64-bit colon-separated hex value.

cookie2

Specifies the second cookie, in the form of a 64-bit colon-separated hex value.

Platforms

All

cookie

Syntax

cookie cookie1-value [cookie2-value]

no cookie

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp>egress>l2tpv3 cookie)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>ingress>l2tpv3 cookie)

[Tree] (config>mirror>mirror-dest>spoke-sdp>ingress>l2tpv3 cookie)

Full Context

configure mirror mirror-dest spoke-sdp egress l2tpv3 cookie

configure mirror mirror-dest remote-source spoke-sdp ingress l2tpv3 cookie

configure mirror mirror-dest spoke-sdp ingress l2tpv3 cookie

Description

This command configures the RX/TX cookie for L2TPv3 spoke SDPs for the mirror destination. The command can configure L2TPv3 a single cookie for the egress spoke SDP or one or two cookies for the remote source ingress spoke SDP.

The purpose of the cookie is to provide validation against misconfiguration of service endpoints, and to ensure that the right service egress is being used.

When a cookie is not configured, SR OS assumes a value of 00:00:00:00:00:00:00:00. A cookie is not mandatory. An operator may delete the egress cookie or either or both ingress cookies.

Parameters

cookie1-value

Specifies a 64-bit colon separated hex value.

Values

xx-xx-xx-xx-xx-xx-xx-xx or xx:xx:xx:xx:xx:xx:xx:xx

cookie2-value

Specifies a second 64-bit colon separated hex value.

Values

xx-xx-xx-xx-xx-xx-xx-xx or xx:xx:xx:xx:xx:xx:xx:xx

Platforms

All

cookie-length

cookie-length

Syntax

cookie-length {4 | 8 | default}

no cookie-length

Context

[Tree] (config>service>vprn>l2tp>group>l2tpv3 cookie-length)

[Tree] (config>service>vprn>l2tp>l2tpv3 cookie-length)

[Tree] (config>router>l2tp>l2tpv3 cookie-length)

Full Context

configure service vprn l2tp group l2tpv3 cookie-length

configure service vprn l2tp l2tpv3 cookie-length

configure router l2tp l2tpv3 cookie-length

Description

This command configures the length of the optional cookie field.

The no form of this command returns the cookie-length to a default of none.

Default

no cookie-length

Parameters

4

Specifies the cookie length as 4 bytes.

8

Specifies the cookie length as 8 bytes.

default

When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the cookie-length configuration within the config>service>vprn>l2tp>l2tpv3 context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

coordinates

coordinates

Syntax

coordinates coordinates

no coordinates

Context

[Tree] (config>system coordinates)

Full Context

configure system coordinates

Description

This command creates a text string that identifies the system coordinates for the device location. For example, the command coordinates "37.390 -122.0550" is read as latitude 37.390 north and longitude 122.0550 west.

Only one set of coordinates can be configured. If multiple coordinates are configured, the last one entered overwrites the previous entry.

The no form of the command reverts to the default value.

Parameters

coordinates

Specifies the coordinates describing the device location character string. The string may be up to 80 characters long. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. If the coordinates are subsequently used by an algorithm that locates the exact position of this node then the string must match the requirements of the algorithm.

Platforms

All

copy

copy

Syntax

copy source-name to dest-name

Context

[Tree] (config>service>mrp copy)

Full Context

configure service mrp copy

Description

This command copies existing MRP policy list entries for a specific policy name to another policy name. The copy command is a configuration level maintenance tool used to create a new MRP policy using an existing MRP policy.

An error will occur if the destination policy name exists.

Parameters

source-name

Identifies the source MRP policy from which the copy command will attempt to copy. The MRP policy with this name must exist for the command to be successful.

dest-name

Identifies the destination MRP policy to which the copy command will attempt to copy. If the MRP policy with dest-name exist within the system an error message is generated.

Platforms

All

copy

Syntax

copy

Context

[Tree] (config>qos copy)

Full Context

configure qos copy

Description

Commands in this context copy existing QoS policy entries for a QoS policy-id to another QoS policy-id.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Platforms

All

copy

Syntax

copy

Context

[Tree] (config>filter copy)

Full Context

configure filter copy

Description

This command copies existing filter list entries for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new filters using existing filters. It also allows bulk modifications to an existing policy with the use of the overwrite keyword. If overwrite is not specified, an error will occur if the destination policy ID exists.

Platforms

All

copy

Syntax

copy source-file-url dest-file-url [force] [no-redirect] [ client-tls-profile profile] [proxy proxy-url]

Context

[Tree] (file copy)

Full Context

file copy

Description

This command copies a file or all files in a directory from a source URL to a destination URL. At least one of the specified URLs should be a local URL. The optional wildcard (*) can be used to copy multiple files that share a common (partial) prefix and/or (partial) suffix.

When a file is copied to a destination with the same file name, the original file is overwritten by the new file specified in the operation. The following prompt appears if the destination file already exists:

"Overwrite destination file (y/n)?”

For example:

To copy a file named srcfile in a directory called test on cf2 in slot B to a file called destfile in a directory called production on cf1 in slot A, the syntax is:

sr1>file cf2:\ # copy cf2-B/test/srcfile cf1-A/production/destfile

To FTP a file named 121201.cfg in directory mydir stored on cf1 in slot A to a network FTP server with IP address 192.0.2.79 in a directory called backup with a destination file name of 121201.cfg, the FTP syntax is:

copy cf1-A/mydir/121201.cfg 192.0.2.79/backup/121201.cfg

Parameters

source-file-url

Specifies the location of the source file or directory to be copied.

Values

local-url

[cflash-id/][file-path] up to 200 characters, including cflash-id directory length 99 chars max each

remote-url

[{ftp:// | tftp:// | http:// | https://}login:pswd@remote-locn/][file-path]

up to 247 characters

directory length up to 199 characters

remote-locn

[hostname | ipv4-address | [ipv6-address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - up to 32 characters, for link local addresses 255

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

dest-file-url

Specifies the destination of the copied file or directory.

force

Specifies to force an immediate copy of the specified file(s). Executes the command without displaying a user prompt message. This command also automatically accepts HTTP redirects unless overridden by the no-redirect parameter.

profile

Specifies the TLS client profile configured under config>system>security>tls>client-tls-profile to use.

proxy-url

Specifies the URL of an HTTP proxy. For example, http://proxy.mydomain.com:8000. This URL must be an HTTP URL and not an HTTPS URL.

no-redirect

Specifies to automatically refuse any HTTP redirects without prompting the user.

Platforms

All

copy

Syntax

copy [line]

Context

[Tree] (candidate copy)

Full Context

candidate copy

Description

This command copies the selected CLI node (which includes all sub-branches) into a temporary buffer that can be used for a subsequent insert. The contents of the temporary buffer are deleted when the operator exits the candidate edit mode.

Parameters

line

Specifies which line to copy.

Values

line, offset, first, edit-point, last

line — absolute line number

offset — relative line number to the current edit point. Prefixed with '+’ or '-’.

first — keyword to indicate the first line

edit-point — keyword to indicate the current edit point

last — keyword to indicate the last line that is not 'exit’

Platforms

All

copy

Syntax

copy {user source-user | profile source-profile} to destination [overwrite]

Context

[Tree] (config>system>security copy)

Full Context

configure system security copy

Description

This command copies a profile or user from a source profile to a destination profile.

Parameters

source-profile

Specifies an existing profile to copy.

dest-profile

Specifies the copied profile is copied to the destination profile.

overwrite

Specifies that the destination profile configuration is overwritten with the copied source profile configuration. A profile is not overwritten if the overwrite command is not specified.

Platforms

All

copy-config

copy-config

Syntax

[no] copy-config

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization copy-config)

Full Context

configure system security profile netconf base-op-authorization copy-config

Description

This command enables the NETCONF copy-config operation.

The no form of this command disables the operation.

Default

no copy-config

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

copy-traffic-class-upon-decapsulation

copy-traffic-class-upon-decapsulation

Syntax

[no] copy-traffic-class-upon-decapsulation

Context

[Tree] (config>service>ies>interface>ipsec>ipsec-tunnel copy-traffic-class-upon-decapsulation)

[Tree] (config>ipsec>tnl-temp copy-traffic-class-upon-decapsulation)

[Tree] (config>router>if>ipsec>ipsec-tunnel copy-traffic-class-upon-decapsulation)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel copy-traffic-class-upon-decapsulation)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel copy-traffic-class-upon-decapsulation)

Full Context

configure service ies interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation

configure ipsec tunnel-template copy-traffic-class-upon-decapsulation

configure router interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation

configure service vprn interface sap ipsec-tunnel copy-traffic-class-upon-decapsulation

configure service vprn interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation

Description

This command copies the traffic class from the outer tunnel IP packet header to the payload IP packet header upon tunnel decapsulation (public to private direction).

The no form of this command disables the traffic copying.

Default

copy-traffic-class-upon-decapsulation

Platforms

VSR

  • configure router interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
  • configure service ies interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
  • configure service vprn interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template copy-traffic-class-upon-decapsulation
  • configure service vprn interface sap ipsec-tunnel copy-traffic-class-upon-decapsulation

core-connectivity

core-connectivity

Syntax

[no] core-connectivity

Context

[Tree] (debug>service>id>stp core-connectivity)

Full Context

debug service id stp core-connectivity

Description

This command enables STP debugging for core connectivity.

The no form of the command disables debugging.

Platforms

All

core-mvpn

core-mvpn

Syntax

[no] core-mvpn service-id

Context

[Tree] (config>service>vprn>mvpn>rpf-select core-mvpn)

Full Context

configure service vprn mvpn rpf-select core-mvpn

Description

This command enables context for VRF extranet mapping for C-instance receivers in this receiver MVPN instance to multicast streams in the specified P-instance core MVPN instance.

Platforms

All

cores

cores

Syntax

cores core-count

no cores

Context

[Tree] (config>esa>vm cores)

Full Context

configure esa vm cores

Description

This command configures the number of CPU physical cores to be allocated to the ESA-VM instance. If an invalid value is configured for the number of cores, the VM remains in a failed state.

The no form of this command removes the core allocation. To modify the number of cores, you must use the no core command first.

Parameters

core-count

Specifies the number of cores.

Values

0 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

correlation-id

correlation-id

Syntax

x-interfaces

Context

[Tree] (config>li>x-interfaces correlation-id)

Full Context

configure li x-interfaces correlation-id

Description

Commands in this context configure the origin of the correlation identifiers.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

count

count

Syntax

count value

no count

Context

[Tree] (config>service>mac-notification count)

Full Context

configure service mac-notification count

Description

This command configures how often MAC notification messages are sent.

Parameters

value

Specifies, in seconds, how often MAC notification messages are sent

Values

1 to 10

Platforms

All

count

Syntax

count value

no count

Context

[Tree] (config>service>vpls>mac-notification count)

Full Context

configure service vpls mac-notification count

Description

This command configures how often MAC notification messages are sent.

Parameters

value

Specifies, in seconds, how often MAC notification messages are sent

Values

1 to 10

Default

Inherits the chassis level configuration from config>service>mac-notification

Platforms

All

count

Syntax

count number

no count

Context

[Tree] (config>system>cron>sched count)

Full Context

configure system cron schedule count

Description

This command configures the total number of times a CRON "interval” schedule is run. For example, if the interval is set to 600 and the count is set to 4, the schedule runs 4 times at 600 second intervals.

Default

no count

Parameters

number

Specifies the number of times the schedule is run.

Values

1 to 65535

Default

65535

Platforms

All

cpe-check

cpe-check

Syntax

cpe-check cpe-ip-address

no cpe-check [cpe-ip-address]

Context

[Tree] (config>service>vprn>static-route-entry>indirect cpe-check)

[Tree] (config>service>vprn>static-route-entry>next-hop cpe-check)

Full Context

configure service vprn static-route-entry indirect cpe-check

configure service vprn static-route-entry next-hop cpe-check

Description

This command enables CPE-check and specifies the IP address of the target CPE device.

This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route.

Note:

A node that is sourcing CPE-check packets waits an additional full interval before taking action, which gives the CPE time to respond. For example, with a drop-count of 3 and an interval of 1s, three CPE-check packets are sent out and the node waits for the duration of another interval before acting on the loss. Failure declaration may take extra time depending on the load, interval, and other factors. In line with multitasking, multi-priority operating principles of the node, and the relative priority of cpe-ping, the node paces these minor events.

The no form of this command disables the cpe-check option.

Default

no cpe-check

Parameters

cpe-ip-address

Specifies the IP address of the CPE device.

Platforms

All

cpe-check

Syntax

cpe-check cpe-ip-address

no cpe-check [cpe-ip-address]

Context

[Tree] (config>router>static-route-entry>indirect cpe-check)

[Tree] (config>router>static-route-entry>next-hop cpe-check)

Full Context

configure router static-route-entry indirect cpe-check

configure router static-route-entry next-hop cpe-check

Description

This command enables CPE-check and specifies the IP address of the target CPE device.

This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route.

Note:

A node that is sourcing CPE-check packets waits an additional full interval before taking action, which gives the CPE time to respond. For example, with a drop-count of 3 and an interval of 1s, three CPE-check packets are sent out and the node waits for the duration of another interval before acting on the loss. Failure declaration may take extra time depending on the load, interval, and other factors. In line with multitasking, multi-priority operating principles of the node, and the relative priority of cpe-ping, the node paces these minor events.

The no form of this command disables the cpe-check option.

Default

no cpe-check

Parameters

cpe-ip-address

Specifies the IP address of the CPE device.

Platforms

All

cpe-check

Syntax

[no] cpe-check [ip-address]

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry cpe-check)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry cpe-check)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check

Description

This command enables the CPE check and specifies the IP address of the target CPE device.

The no form of this command disables the cpe-check option.

Default

no cpe-check

Parameters

ip-address

Specifies the IP address of the CPE device.

Values

ipv4-prefix: a.b.c.d

ipv6-prefix:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cpe-ping

cpe-ping

Syntax

cpe-ping service service-id destination ip-address source ip-address [source-mac ieee-address] [fc fc-name [profile {in | out}]] [ttl vc-label-ttl] [count send-count] [return-control] [interval interval]

Context

[Tree] (config>saa>test>type cpe-ping)

[Tree] (oam cpe-ping)

Full Context

configure saa test type cpe-ping

oam cpe-ping

Description

This ping utility determines the IP connectivity to a CPE within a specified VPLS service.

Parameters

service-id

Specifies the service ID of the service to diagnose or manage.

Values

service-id:

1 to 2147483647

svc-name:

64 characters maximum

destination ip-address

Specifies the IP address to be used as the destination for performing an OAM ping operations.

Values

a.b.c.d

source ip-address

Specifies an unused IP address in the same network that is associated with the VPLS or PBB Epipe.

Values

a.b.c.d

ieee-address

Specifies the source MAC address that is sent to the CPE. If not specified or set to 0, the MAC address configured for the CPM or CFM is used. This parameter is not applicable to CPE ping on Epipes.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

All zeros and multicast is not allowed.

fc-name

Specifies the forwarding class of the MPLS echo request encapsulation.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

be

profile {in | out}

Specifies the profile state of the MPLS echo request encapsulation for VPLS and the ARP packet for PBB Epipe and Epipe VLLs.

Default

out

vc-label-ttl

Specifies the TTL value in the VC label for the OAM MAC request, expressed as a decimal integer.

Values

1 to 255

Default

255

send-count

Specifies the number of messages to send to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.

Values

1 to 100

Default

1

return-control

Specifies the MAC OAM reply to a data plane MAC OAM request be sent using the control plane instead of the data plane. This parameter is only valid for VPLS services.

interval

Specifies the interval parameter in seconds, expressed as a decimal integer. This parameter is used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

If the interval is set to 1 second where the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.

Values

1 to 10

Default

1

Platforms

All

cpipe

cpipe

Syntax

cpipe service-id [customer customer-id] [vpn vpn-id] [vc-type {satop-e1 | satop-t1 | [vc-switching] | cesopsn | cesopsn-cas}] [vc-switching] [test] [create] [name name]

no cpipe service-id

Context

[Tree] (config>service cpipe)

Full Context

configure service cpipe

Description

This command configures a Circuit Emulation Services instance.

When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

After a service is created, the use of the customer customer-id parameter is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.

By default, no services exist until they are explicitly created with this command.

The no form of this command deletes the service instance with the specified service-id. The service cannot be deleted until the service has been shutdown.

Parameters

service-id

The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: Specifies an existing service name up to 64 characters in length.

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn vpn-id

Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN ID. If this parameter is not specified, the VPN ID uses the same service ID number.

Values

1 to 2147483647

Default

null (0)

vc-type

The vc-type defines the type of unstructured or structured circuit emulation service to be configured.

Values

satop-e1: Unstructured E1 circuit emulation service.

satop-t1: Unstructured DS1 circuit emulation service.

cesopsn: Basic structured N*64 kb/s circuit emulation service.

cesopsn-cas: Structured N*64 kb/s circuit emulation service with signaling.

Default

satop-e1

vc-switching

Specifies if the pseudowire switching signaling is used for the spoke SDPs configured in this service.

test

Specifies a unique test service type for the service context which contains only a SAP configuration. The test service can be used to test the throughput and performance of a path for MPLS-TP PWs. This parameter applies to the 7450 ESS and 7750 SR only.

create

Keyword used to create the service. The create keyword requirement can be enabled/disabled in the environment>create context.

name name

Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values

name: up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cpm-filter

cpm-filter

Syntax

cpm-filter

Context

[Tree] (config>system>security cpm-filter)

Full Context

configure system security cpm-filter

Description

Commands in this context configure a CPM filter. A CPM filter is a hardware filter done by the P chip on the CPM and CFM that applies to all the traffic going to the CPM CPU. It can be used to drop, accept packets, as well as allocate dedicated hardware queues for the traffic.

The no form of this command disables the CPM filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cpm-http-redirect

cpm-http-redirect

Syntax

cpm-http-redirect

Context

[Tree] (config>system cpm-http-redirect)

Full Context

configure system cpm-http-redirect

Description

Commands in this context configure cpm-http-redirect settings for enabling or disabling the optimized-mode.

Platforms

All

cpm-queue

cpm-queue

Syntax

cpm-queue

Context

[Tree] (config>system>security cpm-queue)

Full Context

configure system security cpm-queue

Description

Commands in this context configure a CPM queue.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cpr-window-size

cpr-window-size

Syntax

cpr-window-size window-size

Context

[Tree] (config>port>dwdm>coherent cpr-window-size)

Full Context

configure port dwdm coherent cpr-window-size

Description

This command configures the window size used for carrier phase recovery.

Default

32

Parameters

window-size

Indicates the number of symbols used for carrier phase recovery algorithm of the receiver. When this parameter is changed, the link bounces because the receiver needs to be reconfigured.

Values

2, 4, 8, 16, 32, 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cpu-alarm

cpu-alarm

Syntax

cpu-alarm high-threshold high-percentage low-threshold low-percentage

no cpu-alarm

Context

[Tree] (config>li>x-interfaces>x3>alarms cpu-alarm)

Full Context

configure li x-interfaces x3 alarms cpu-alarm

Description

This command configures the thresholds for raising the CPU alarm. The low threshold value must be configured with a smaller value than the high threshold.

The no form of this command reverts to the default values.

Parameters

high-percentage

Specifies the high threshold value, as a percentage.

Values

1 to 100

Default

100

low-percentage

Specifies the low threshold value, as a percentage.

Values

0 to 99

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

cpu-protection

cpu-protection

Syntax

cpu-protection

Context

[Tree] (config>sys>security cpu-protection)

Full Context

configure system security cpu-protection

Description

Commands in this context configure CPU protection policies.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

cpu-protection

Syntax

cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]] | [ip-src-monitoring]

no cpu-protection

Context

[Tree] (config>service>vprn>if>sap cpu-protection)

[Tree] (config>service>ies>if>sap cpu-protection)

[Tree] (config>service>ies>if>spoke-sdp cpu-protection)

[Tree] (config>service>vpls>sap cpu-protection)

[Tree] (config>service>vprn>sub-if>grp-if>sap cpu-protection)

[Tree] (config>service>ies>sub-if>grp-if>sap cpu-protection)

[Tree] (config>service>vprn>if>spoke-sdp cpu-protection)

Full Context

configure service vprn interface sap cpu-protection

configure service ies interface sap cpu-protection

configure service ies interface spoke-sdp cpu-protection

configure service vpls sap cpu-protection

configure service vprn subscriber-interface group-interface sap cpu-protection

configure service ies subscriber-interface group-interface sap cpu-protection

configure service vprn interface spoke-sdp cpu-protection

Description

This command assigns an existing CPU protection policy to the SAP or interface. The CPU protection policies are configured in the config>sys>security>cpuprotection>policy cpu-protection-policy-id context.

If no CPU-protection policy is assigned to a SAP, then a default policy is used to limit the overall-rate according to the default policy. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.

The no form of this command removes the association of the CPU protection policy from the associated SAP or interface configuration and reverts to the default policy values.

Default

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

The configuration of no cpu-protection returns the msap-policy to the default policies as shown above.

Parameters

mac-monitoring

Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.

ip-src-monitoring

Enables per SAP + IP source address rate limiting for certain protocol packets using the per-source-rate and include-protocols from the associated cpu-protection policy. The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In Layer 3 aggregation scenarios all packets from all subscribers behind the same aggregation router arrives with the same source MAC address and as such the mac-monitoring functionality can not differentiate traffic from different subscribers.

eth-cfm-monitoring

Enables the Ethernet Connectivity Fault Management cpu-protection extensions on the associated SAP, SDP, or template.

aggregate

applies the rate limit to the sum of the per-peer packet rates.

car

(Committed Access Rate (CAR) causes Eth-CFM packets to be ignored when enforcing the overall-rate.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

  • configure service vprn interface spoke-sdp cpu-protection
  • configure service vprn interface sap cpu-protection
  • configure service vpls sap cpu-protection
  • configure service ies interface sap cpu-protection
  • configure service ies interface spoke-sdp cpu-protection

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s

  • configure service ies subscriber-interface group-interface sap cpu-protection
  • configure service vprn subscriber-interface group-interface sap cpu-protection

cpu-protection

Syntax

cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]]

no cpu-protection

Context

[Tree] (config>service>epipe>spoke-sdp cpu-protection)

[Tree] (config>service>vpls>spoke-sdp cpu-protection)

[Tree] (config>service>epipe>sap cpu-protection)

[Tree] (config>service>template>vpls-sap-template cpu-protection)

[Tree] (config>service>vpls>sap cpu-protection)

[Tree] (config>service>ipipe>sap cpu-protection)

[Tree] (config>service>vpls>mesh-sdp cpu-protection)

Full Context

configure service epipe spoke-sdp cpu-protection

configure service vpls spoke-sdp cpu-protection

configure service epipe sap cpu-protection

configure service template vpls-sap-template cpu-protection

configure service vpls sap cpu-protection

configure service ipipe sap cpu-protection

configure service vpls mesh-sdp cpu-protection

Description

Use this command to apply a specific CPU protection policy to the associated SAP, SDP or template. If the mac-monitoring keyword is given then per-MAC-rate limiting should be performed, using the per-source-rate from the associated CPU protection policy.

The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU protection policy is assigned to a SAP, then a default policy is used to limit the overall-rate according to the default policy. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.

The no form of this command reverts to the default values.

Default

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

Parameters

mac-monitoring

Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.

eth-cfm-monitoring

Enables the Ethernet Connectivity Fault Management cpu-protection extensions on the associated SAP/SDP/template.

aggregate

applies the rate limit to the sum of the per-peer packet rates.

car

(Committed Access Rate) Ignores Eth-CFM packets when enforcing overall-rate.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

cpu-protection

Syntax

cpu-protection policy-id

no cpu-protection

Context

[Tree] (config>service>ies>video-interface cpu-protection)

[Tree] (config>service>vprn>interface cpu-protection)

[Tree] (config>router>interface cpu-protection)

[Tree] (config>service>ies>interface cpu-protection)

[Tree] (config>service>vprn>video-interface cpu-protection)

[Tree] (config>service>vprn>network-interface cpu-protection)

Full Context

configure service ies video-interface cpu-protection

configure service vprn interface cpu-protection

configure router interface cpu-protection

configure service ies interface cpu-protection

configure service vprn video-interface cpu-protection

configure service vprn network-interface cpu-protection

Description

This command assigns an existing CPU protection policy to the associated interface. For these interface types, the per-source rate limit is not applicable.

The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU-protection policy is assigned to an interface, then the default policy is used to limit the overall-rate. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.

The no form of this command reverts to the default values.

Default

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

no cpu-protection (for video interfaces)

Parameters

policy-id

Specifies an existing CPU protection policy.

Values

1 to 255

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

  • configure service vprn video-interface cpu-protection
  • configure service ies video-interface cpu-protection

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

  • configure service vprn network-interface cpu-protection
  • configure service vprn interface cpu-protection
  • configure router interface cpu-protection
  • configure service ies interface cpu-protection

cpu-protection

Syntax

cpu-protection policy-id [mac-monitoring] [ip-src-monitoring]

no cpu-protection

Context

[Tree] (config>subscr-mgmt>msap-policy cpu-protection)

Full Context

configure subscriber-mgmt msap-policy cpu-protection

Description

Use this command to apply a specific CPU protection policy to the associated MSAP policy. The specified CPU protection policy is automatically applied to any MSAPs that are create using the MSAP policy.

If no CPU protection policy is assigned to a SAP, then a default policy is used to limit the overall-rate according to the default policy. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.

The no form of this command reverts to the default values.

Default

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

The configuration of no cpu-protection returns the msap-policy to the default policies as shown above.

Parameters

policy-id

Specifies an existing CPU protection policy.

Values

1 to 255

mac-monitoring

Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.

ip-src-monitoring

Enables per SAP + IP source address rate limiting for certain protocol packets using the per-source-rate and included-protocols from the associated cpu-protection policy. The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In Layer 3 aggregation scenarios all packets from all subscribers behind the same aggregation router arrives with the same source MAC address and as such the mac-monitoring functionality can not differentiate traffic from different subscribers.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s

cpu-protection

Syntax

cpu-protection

cpu-protection policy-id [ip-src-monitoring] [mac-monitoring]

Context

[Tree] (config>subscr-mgmt>sap-template cpu-protection)

Full Context

configure subscriber-mgmt sap-template cpu-protection

Description

This command assigns an existing CPU protection policy to the SAP or interface.

CPU protection policies are configured in the config>sys>security>cpu-protection context.

Default

cpu-protection 254

Parameters

policy-id

Specifies an existing CPU protection policy is assigned to the SAP or interface.

Values

1 to 255

ip-src-monitoring

Specifies to enable IP source monitoring.

mac-monitoring

Specifies to enable MAC monitoring.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s

crc

crc

Syntax

crc {16 | 32}

Context

[Tree] (config>port>sonet-sdh>path crc)

Full Context

configure port sonet-sdh path crc

Description

A 16 bit CRC can only be configured on an OC-3 channel, all other channel speeds must use a 32 bit CRC except for the paths configured with encap-type atm at OC3 speed.

Default

crc 16 for OC-3, DS-1, DS-3 crc 32 for OC-12, OC-48, ATM-OC12/3, AT-MOC-3, and so on

Note:

The CRC default is 32 when the encap-type is set to ATM and also, the default cannot be changed when the encap-type is set to ATM.

Parameters

16

Use 16 bit checksum for the associated port/channel.

32

Use 32 bit checksum for the associated port/channel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

crc

Syntax

crc {16 | 32}

Context

[Tree] (config>port>tdm>ds3 crc)

[Tree] (config>port>tdm>e3 crc)

Full Context

configure port tdm ds3 crc

configure port tdm e3 crc

Description

This command configures the precision of the cyclic redundancy check (CRC).

Default

crc 16 for non-ATM E-3 and DS-3 channel/ports.

crc 32 for ATM E-3 and DS-3 channels/ports. The default cannot be changed.

Parameters

16

Uses 16 bit checksum for the associated port/channel.

32

Uses 32 bit checksum for the associated port/channel.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

crc-monitor

crc-monitor

Syntax

crc-monitor

Context

[Tree] (config>port>ethernet crc-monitor)

Full Context

configure port ethernet crc-monitor

Description

This command configures Ethernet CRC Monitoring parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

create

create

Syntax

[no] create

Context

[Tree] (environment create)

Full Context

environment create

Description

By default, the create command is required to create a new OS entity.

The no form of the command disables requiring the create keyword.

Default

create

Platforms

All

create-mpls-tunnel

create-mpls-tunnel

Syntax

[no] create-mpls-tunnel

Context

[Tree] (config>router>policy-options>policy-statement>entry>action create-mpls-tunnel)

Full Context

configure router policy-options policy-statement entry action create-mpls-tunnel

Description

This command enables the creation of an MPLS tunnel to the BGP next-hop. It is supported for the following address families:

  • vpn-ipv4

  • vpn-ipv6

  • evpn

  • label-ipv4

  • label-ipv6

  • ipv4

  • ipv6

The no form of the command disables the creation of an MPLS tunnel.

Default

no create-mpls-tunnel

Platforms

All

create-subscription

create-subscription

Syntax

[no] create-subscription

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization create-subscription)

Full Context

configure system security profile netconf base-op-authorization create-subscription

Description

This command enables the NETCONF create-subscription operation in the default user profile.

The base-op-authorization create-subscription configuration is not pre-emptive, which means that it is checked only at the time of the initial subscription. Configuration changes to the base-op-authorization do not cancel any in-progress subscriptions and operators who successfully subscribed continue to receive messages.

The no form of this command disables the operation.

Default

no create-subscription

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

create-udp-tunnel

create-udp-tunnel

Syntax

create-udp-tunnel

no create-udp-tunnel

Context

[Tree] (config>router>policy-options>policy-statement>entry>action create-udp-tunnel)

[Tree] (config>router>policy-options>policy-statement>default-action create-udp-tunnel)

Full Context

configure router policy-options policy-statement entry action create-udp-tunnel

configure router policy-options policy-statement default-action create-udp-tunnel

Description

This command instructs the router to create an MPLS-over-UDP tunnel upon receiving BGP routes that match the import policy.

Default

no create-udp-tunnel

Platforms

All

credential

credential

Syntax

credential

Context

[Tree] (config>ipsec>client-db>client credential)

Full Context

configure ipsec client-db client credential

Description

Commands in this context configure the parameters used to authenticate peers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

credit-control-policy

credit-control-policy

Syntax

credit-control-policy policy-name [create]

credit-control-policy diameter policy-name

no credit-control-policy policy-name

Context

[Tree] (config>subscr-mgmt credit-control-policy)

Full Context

configure subscriber-mgmt credit-control-policy

Description

This command creates, configures or deletes a credit control policy.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the policy name, up to 32 characters.

create

Keyword used to create the credit control policy. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credit-control-policy

Syntax

credit-control-policy policy-name

no credit-control-policy

Context

[Tree] (config>subscr-mgmt>sla-prof credit-control-policy)

Full Context

configure subscriber-mgmt sla-profile credit-control-policy

Description

This command configures the credit policy for this SLA profile.

Default

no credit-control-policy

Parameters

policy-name

Specifies the credit control policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credit-control-quota

credit-control-quota

Syntax

[no] credit-control-quota

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes credit-control-quota)

Full Context

configure aaa isa-radius-policy acct-include-attributes credit-control-quota

Description

This command includes any unconsumed volume quota in the Alc-Credit-Control-Quota attribute.

The no form of this command excludes the Alc-Credit-Control-Quota attribute.

Default

no credit-control-quota

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

credit-control-server

credit-control-server

Syntax

credit-control-server radius

no credit-control-server

Context

[Tree] (config>subscr-mgmt>credit-control-policy credit-control-server)

Full Context

configure subscriber-mgmt credit-control-policy credit-control-server

Description

This command configures the credit control server to use. In case of RADIUS, the servers defined in the authentication policy are used. For Diameter, the peers defined in the specified Diameter policy are used.

The no form of this command reverts to the default.

Default

credit-control-server radius

Parameters

radius

Specifies to use the RADIUS authentication servers defined in the RADIUS authentication policy in the group interface to report credit usage and obtain new credit.

diameter policy-name

Specifies to use the diameter peers specified in the diameter policy to report credit usage and obtain new credit.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credit-exhaust-threshold

credit-exhaust-threshold

Syntax

credit-exhaust-threshold threshold-percentage

no credit-exhaust-threshold

Context

[Tree] (config>subscr-mgmt>cat-map credit-exhaust-threshold)

Full Context

configure subscriber-mgmt category-map credit-exhaust-threshold

Description

This command specifies the credit exhaust threshold considered to act.

The no form of this command reverts the configured value to the default.

Default

credit-exhaust-threshold 100

Parameters

threshold-percentage

Specifies the percentage to use for the credit exhaust threshold.

Values

50 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credit-mcs-interval

credit-mcs-interval

Syntax

credit-mcs-interval interval

no credit-mcs-interval

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx credit-mcs-interval)

Full Context

configure subscriber-mgmt diameter-application-policy gx credit-mcs-interval

Description

This command configures the usage monitoring between the redundant chassis that is synchronized periodically per Gx session, from the active Gx session to the standby Gx session.

The no form of this command reverts to the default value.

Default

credit-mcs-interval 10

Parameters

interval

Specifies the interval time, in minutes, between synchronization moments for syncing volume to the multi-chassis redundant chassis in case of Gx usage monitoring on a CCI that belongs to a multi-chassis redundant host.

Values

5 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credit-type

credit-type

Syntax

credit-type {volume | time}

no credit-type

Context

[Tree] (config>subscr-mgmt>cat-map credit-type)

Full Context

configure subscriber-mgmt category-map credit-type

Description

This command specifies whether volume or time based accounting is performed.

The no form of this command reverts to the default.

Default

credit-type volume

Parameters

volume

Specifies volume-based accounting.

time

Specifies time-based accounting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credit-type-override

credit-type-override

Syntax

credit-type-override {volume | time}

no credit-type-override

Context

[Tree] (config>subscr-mgmt>cat-map>category credit-type-override)

Full Context

configure subscriber-mgmt category-map category credit-type-override

Description

This command overrides the credit-type configured in the config>subscr-mgmt>cat-map context for the given category.

The no form of this command reverts to the default.

Parameters

volume

If different than the value specified in the credit-type command, the value overrides the credit-type.

time

If different than the value specified in the credit-type command, the value overrides the credit-type.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

credits

credits

Syntax

credits [lowercase credits] [uppercase credits] [numeric credits] [special-character credits]

no credits

Context

[Tree] (config>system>security>password>complexity-rules credits)

Full Context

configure system security password complexity-rules credits

Description

The maximum credits given for usage of the different character classes in the local passwords.

The no form of this command resets to default.

Default

no credits

Parameters

credits

Specifies the number of credits that can be used for each characters class.

Values

0 to 10

Platforms

All

criteria-overrides

criteria-overrides

Syntax

criteria-overrides

Context

[Tree] (config>service>ies>if>sap>ingress criteria-overrides)

[Tree] (config>service>ipipe>sap>ingress criteria-overrides)

[Tree] (config>service>cpipe>sap>ingress criteria-overrides)

[Tree] (config>service>vprn>if>sap>ingress criteria-overrides)

[Tree] (config>service>vpls>sap>ingress criteria-overrides)

[Tree] (config>service>epipe>sap>ingress criteria-overrides)

Full Context

configure service ies interface sap ingress criteria-overrides

configure service ipipe sap ingress criteria-overrides

configure service cpipe sap ingress criteria-overrides

configure service vprn interface sap ingress criteria-overrides

configure service vpls sap ingress criteria-overrides

configure service epipe sap ingress criteria-overrides

Description

Commands in this context configure IPv4 and IPv6 criteria overrides.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

critical-event

critical-event

Syntax

[no] critical-event

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>local-sf-action>info-notification critical-event)

Full Context

configure port ethernet efm-oam link-monitoring local-sf-action info-notification critical-event

Description

This command sets the critical event Flag field in the Information OAMPDU when the local signal failure (sf-threshold) threshold is reached. This is maintained in all subsequent Information OAM PDUs until the situation is cleared.

Interactions: The signal failure threshold triggers these actions.

Default

no critical-event

Platforms

All

critical-event

Syntax

critical-event local-port-action {log-only | out-of-service}

Context

[Tree] (config>port>ethernet>efm-oam>peer-rdi-rx critical-event)

Full Context

configure port ethernet efm-oam peer-rdi-rx critical-event

Description

This command defines how to react to the reception of a critical event Flag field set in the informational OAMPDU.

Default

critical-event local-port-action out-of-service

Parameters

local-port-action

Defines whether or not the local port will be affected when a critical event is received from a peer.

log-only

Keyword that prevents the port from being affected when the local peer receives a critical event. The critical event will be logged but the port will remain operational.

out-of-service

Keyword that causes the port to enter a non-operation down state with a port state of link up. The error is logged upon reception of critical event. The port is not available to service data but continues to carry Link OAM traffic to ensure the link is monitored.

Platforms

All

crl-expiration-warning

crl-expiration-warning

Syntax

crl-expiration-warning hours [repeat repeat-hours]

no crl-expiration-warning

Context

[Tree] (config>system>security>pki crl-expiration-warning)

Full Context

configure system security pki crl-expiration-warning

Description

This command specifies when the systems issues a BeforeExp message before a CRL expires. For example, with certificate-expiration-warning 5, the system issues a BeforeExp message 5 hours before a CRL expires. An optional repeat repeat-hour parameter enables the system to repeat the BeforeExp message every hour until the CRL expires.

If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.

BeforeExp and AfterExp warnings can be cleared in following cases:

  • The CRL is reloaded by the admin certificate reload command. In this case, if the reloaded file is not expired, then AfterExp is cleared. And, if the reloaded file is outside of configured warning window, then the BeforeExp is also cleared.

  • When the ca-profile is shutdown, then BeforeExp and AfterExp of corresponding certificates are cleared.

  • When no crl-expiration-warning command is configured, then all existing BeforeExp and AfterExp are cleared.

  • Users may change the configuration of the crl-expiration-warning so that certain CRL are no longer in the warning window. BeforeExp of corresponding CRL are cleared.

  • If the system time changes so that the new time causes the CRL to no longer be in the warning window, then BeforeExp is cleared. If the new time causes an expired CRL to come non-expired, then AfterExp is cleared.

Default

no crl-expiration-warning

Parameters

hours

Specifies the amount of time before a CRL expires when system issues BeforeExp

Values

0 to 8760

repeat-hour

Specifies that the system repeats BeforeExp every repeat-hour

Values

0 to 8760

Platforms

All

crl-file

crl-file

Syntax

crl-file filename

no crl-file

Context

[Tree] (config>system>security>pki>ca-profile crl-file)

Full Context

configure system security pki ca-profile crl-file

Description

This command specifies the name of a file in cf3:\system-pki\crl as the Certification Revoke List file of the ca-profile.

Notes:

  • The system performs following checks against configured crl-file when a no shutdown command is issued:

    • A valid cert-file of the ca-profile must be already configured.

    • Configured crl-file must be a DER formatted CRLv2 file.

    • All non-optional fields defined in section 5.1 of RFC5280 must exist and conform to the RFC5280 defined format.

    • Check the version field to see if its value is 0x1.

    • Delta CRL Indicator must not exist (delta CRL is not supported).

    • CRL’s signature must be verified by using the cert-file of ca-profile.

    If any of above checks fail, the no shutdown command fails.

  • Changing or removing the crl-file is only allowed when the ca-profile is in a shutdown state.

The no form of this command removes the filename from the configuration.

Parameters

filename

Specifies the name of CRL file stored in cf3:\system-pki\crl.

Platforms

All

crl-update

crl-update

Syntax

crl-update ca ca-profile-name

Context

[Tree] (admin>certificate crl-update)

Full Context

admin certificate crl-update

Description

This command manually triggers the Certificate Revocation List file (CRL) update for the specified ca-profile.

Using this command requires shutting down the auto-crl-update.

Parameters

ca-profile-name

Specifies the name of the Certificate Authority profile.

Platforms

All

crl-urls

crl-urls

Syntax

crl-urls

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update crl-urls)

Full Context

configure system security pki ca-profile auto-crl-update crl-urls

Description

Commands in this context configure crl-urls parameters. The system allows up to eight URL entries to be configured and tries each URL in order and stop when a qualified CRL is successfully downloaded. A qualified CRL is a valid CRL signed by the CA and is more recent than the existing CRL.

If none of the configured URLs returns a qualified CRL, then:

  • If the schedule-type is next-update-based, system will wait for configure retry-interval before it start from beginning of the list again.

  • If the schedule-type is periodic, then system will wait till next periodic update time.

If the user wants to manually stop the download, shutting down of auto-crl-retrieval could be used to achieve this.

Platforms

All

cron

cron

Syntax

cron

Context

[Tree] (config>system cron)

Full Context

configure system cron

Description

This command creates the context to create scripts, script parameters and schedules which support the Service Assurance Agent (SAA) functions.

CRON features are saved to the configuration file on both primary and backup control modules. If a control module switchover occurs, CRON events are restored when the new configuration is loaded. If a control module switchover occurs during the execution of a cron script, the failover behavior will be determined by the contents of the script.

Platforms

All

cron

Syntax

cron

Context

[Tree] (config>system>security>cli-script>authorization cron)

Full Context

configure system security cli-script authorization cron

Description

Commands in this context configure authorization for the Cron job-scheduler.

Platforms

All

cross-connect

cross-connect

Syntax

[no] cross-connect

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state cross-connect)

Full Context

configure subscriber-mgmt wlan-gw ue-query state cross-connect

Description

This command enables matching on cross-connected UEs.

The no form of this command disables matching on cross-connected UEs, unless all state matching is disabled.

Default

no cross-connect

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

csf-enable

csf-enable

Syntax

[no] csf-enable

Context

[Tree] (config>lag>eth-cfm>mep csf-enable)

[Tree] (config>port>ethernet>eth-cfm>mep csf-enable)

Full Context

configure lag eth-cfm mep csf-enable

configure port ethernet eth-cfm mep csf-enable

Description

This command configures the reception of Client Signal Fail (CSF) message parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

csf-enable

Syntax

[no] csf-enable

Context

[Tree] (config>service>vprn>if>sap>eth-cfm>mep csf-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep csf-enable)

[Tree] (config>service>ies>if>sap>eth-cfm>mep csf-enable)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep csf-enable)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep csf-enable)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep csf-enable)

[Tree] (config>service>epipe>sap>eth-cfm>mep csf-enable)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep csf-enable)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep csf-enable)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep csf-enable)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm csf-enable)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep csf-enable)

Full Context

configure service vprn interface sap eth-cfm mep csf-enable

configure service vpls sap eth-cfm mep csf-enable

configure service ies interface sap eth-cfm mep csf-enable

configure service vpls mesh-sdp eth-cfm mep csf-enable

configure service ies subscriber-interface group-interface sap eth-cfm mep csf-enable

configure service vprn interface spoke-sdp eth-cfm mep csf-enable

configure service epipe sap eth-cfm mep csf-enable

configure service vpls spoke-sdp eth-cfm mep csf-enable

configure service ies interface spoke-sdp eth-cfm mep csf-enable

configure service vprn subscriber-interface group-interface sap eth-cfm mep csf-enable

configure service ies subscriber-interface group-interface sap eth-cfm csf-enable

configure service epipe spoke-sdp eth-cfm mep csf-enable

Description

Commands in this context configure the reception and local processing of ETH-CSF frames.

The no form of this command disables the reception of Client Signal Fail (CSF) message parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep csf-enable
  • configure service vpls sap eth-cfm mep csf-enable
  • configure service vprn interface spoke-sdp eth-cfm mep csf-enable
  • configure service epipe spoke-sdp eth-cfm mep csf-enable
  • configure service vpls mesh-sdp eth-cfm mep csf-enable
  • configure service vpls spoke-sdp eth-cfm mep csf-enable
  • configure service ies interface spoke-sdp eth-cfm mep csf-enable
  • configure service epipe sap eth-cfm mep csf-enable
  • configure service ies interface sap eth-cfm mep csf-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm csf-enable
  • configure service ies subscriber-interface group-interface sap eth-cfm mep csf-enable
  • configure service vprn subscriber-interface group-interface sap eth-cfm mep csf-enable

csnp-authentication

csnp-authentication

Syntax

[no] csnp-authentication

Context

[Tree] (config>service>vprn>isis csnp-authentication)

[Tree] (config>service>vprn>isis>level csnp-authentication)

Full Context

configure service vprn isis csnp-authentication

configure service vprn isis level csnp-authentication

Description

This command enables authentication of individual ISIS packets of complete sequence number PDUs (CSNP) type for the VPRN instance.

Platforms

All

csnp-authentication

Syntax

[no] csnp-authentication

Context

[Tree] (config>router>isis csnp-authentication)

[Tree] (config>router>isis>level csnp-authentication)

Full Context

configure router isis csnp-authentication

configure router isis level csnp-authentication

Description

This command enables authentication of individual IS-IS packets of complete sequence number PDUs (CSNP) type.

The no form of this command suppresses authentication of CSNP packets.

Default

csnp-authentication

Platforms

All

csnp-interval

csnp-interval

Syntax

csnp-interval seconds

no csnp-interval

Context

[Tree] (config>service>vprn>isis>if csnp-interval)

Full Context

configure service vprn isis interface csnp-interval

Description

This command configures the time interval, in seconds, to send complete sequence number (CSN) PDUs from the interface. IS-IS must send CSN PDUs periodically.

The no form of this command reverts to the default value.

Default

csnp-interval 10 — CSN PDUs are sent every 10 seconds for LAN interfaces.

csnp-interval 5 — CSN PDUs are sent every 5 seconds for point-to-point interfaces.

Parameters

seconds

The time interval, in seconds between successive CSN PDUs sent from this interface expressed as a decimal integer.

Values

1 to 65535

Platforms

All

csnp-interval

Syntax

csnp-interval seconds

no csnp-interval

Context

[Tree] (config>router>isis>interface csnp-interval)

Full Context

configure router isis interface csnp-interval

Description

This command configures the time interval, in seconds, to send complete sequence number (CSN) PDUs from the interface. IS-IS must send CSN PDUs periodically.

The no form of this command reverts to the default value.

Default

csnp-interval 10 — CSN PDUs are sent every 10 seconds for LAN interfaces.

csnp-interval 5 — CSN PDUs are sent every 5 seconds for point-to-point interfaces.

Parameters

seconds

Specifies the time interval, in seconds, between successive CSN PDUs sent from this interface expressed as a decimal integer.

Values

1 to 65535

Platforms

All

cspf

cspf

Syntax

[no] cspf

Context

[Tree] (debug>router>isis cspf)

Full Context

debug router isis cspf

Description

This command enables debugging for IS-IS cspf.

The no form of the command disables debugging.

Platforms

All

cspf

Syntax

cspf [ip-address]

no cspf

Context

[Tree] (debug>router>ospf cspf)

Full Context

debug router ospf cspf

Description

This command enables debugging for an OSPF constraint-based shortest path first (CSPF).

Parameters

ip-address

Specifies the IP address for the range used for CSPF.

Platforms

All

cspf-on-loose-hop

cspf-on-loose-hop

Syntax

[no] cspf-on-loose-hop

Context

[Tree] (config>router>mpls cspf-on-loose-hop)

Full Context

configure router mpls cspf-on-loose-hop

Description

This command enables the option to do CSPF calculations until the next loose hop or the final destination of LSP on LSR. On receiving a PATH message on LSR and processing of all local hops in the received ERO, if the next hop is loose, then the LSR node will first do a CSPF calculation until the next loose hop. On successful completion of CSPF calculation, ERO in PATH message is modified to include newly calculated intermediate hops and propagate it forward to the next hop. This allows setting up inter-area LSPs based on ERO expansion method.

Note:

The LSP may fail to set up if this option is enabled on an LSR that is not an area border router and receives a PATH message without proper next loose hop in ERO. The 'cspf-on-loose-hop’ configuration is allowed to change dynamically and applied to new LSP setup after change.

Default

no cspf-on-loose-hop

Platforms

All

cumulative-factor

cumulative-factor

Syntax

[no] cumulative-factor cumulative-factor

Context

[Tree] (config>service>template>vpls-template>mac-move>secondary-ports cumulative-factor)

[Tree] (config>service>vpls>mac-move>secondary-ports cumulative-factor)

[Tree] (config>service>vpls>mac-move>primary-ports cumulative-factor)

[Tree] (config>service>template>vpls-template>mac-move>primary-ports cumulative-factor)

Full Context

configure service template vpls-template mac-move secondary-ports cumulative-factor

configure service vpls mac-move secondary-ports cumulative-factor

configure service vpls mac-move primary-ports cumulative-factor

configure service template vpls-template mac-move primary-ports cumulative-factor

Description

This command defines a factor defining how many mac-relearn measurement periods can be used to measure mac-relearn rate. The rate must be exceeded during the defined number of consecutive periods before the corresponding port is blocked by the mac-move feature. The cumulative-factor of primary ports must be higher than cumulative-factor of secondary ports.

Default

cumulative-factor 2 — secondary ports

cumulative-factor 3 — primary ports

Parameters

factor

Specifies the factor defining the number of mac-relearn measurement periods can be used to measure mac-relearn rate

Values

2 to 10

Platforms

All

cups

cups

Syntax

[no] cups

Context

[Tree] (config>subscr-mgmt>sla-profile>control cups)

Full Context

configure subscriber-mgmt sla-profile control cups

Description

This command enables a session that is set up with remote CUPS control plane handling to use this SLA profile.

The no form of this command disables a session that is set up with remote CUPS control- plane handling from using this SLA profile.

Default

no cups

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

cups

Syntax

[no] cups

Context

[Tree] (config>subscr-mgmt>sub-profile>control cups)

Full Context

configure subscriber-mgmt sub-profile control cups

Description

This command enables a session that is set up with remote CUPS control plane handling to use this subscriber profile.

The no form of this command disables a session that is set up with remote CUPS control- plane handling from using this subscriber profile.

Default

no cups

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

current-hop-limit

current-hop-limit

Syntax

current-hop-limit limit

no current-hop-limit

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv current-hop-limit)

[Tree] (config>service>vprn>router-advert>if current-hop-limit)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv current-hop-limit)

[Tree] (config>subscr-mgmt>rtr-adv-plcy current-hop-limit)

[Tree] (config>service>ies>sub-if>ipv6>rtr-adv current-hop-limit)

[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv current-hop-limit)

Full Context

configure service vprn subscriber-interface group-interface ipv6 router-advertisements current-hop-limit

configure service vprn router-advertisement interface current-hop-limit

configure service ies subscriber-interface group-interface ipv6 router-advertisements current-hop-limit

configure subscriber-mgmt router-advertisement-policy current-hop-limit

configure service ies subscriber-interface ipv6 router-advertisements current-hop-limit

configure service vprn subscriber-interface ipv6 router-advertisements current-hop-limit

Description

This command configures the hop limit to be advertised.

The no form of this command returns the command to the default setting.

Default

current-hop-limit 64

Parameters

limit

Specifies the default value to be placed in the current hop limit field in router advertisement policies sent.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface ipv6 router-advertisements current-hop-limit
  • configure service ies subscriber-interface ipv6 router-advertisements current-hop-limit
  • configure service vprn subscriber-interface ipv6 router-advertisements current-hop-limit
  • configure subscriber-mgmt router-advertisement-policy current-hop-limit
  • configure service vprn subscriber-interface group-interface ipv6 router-advertisements current-hop-limit

All

  • configure service vprn router-advertisement interface current-hop-limit

current-hop-limit

Syntax

current-hop-limit number

no current-hop-limit

Context

[Tree] (config>router>router-advert>if current-hop-limit)

Full Context

configure router router-advertisement interface current-hop-limit

Description

This command configures the current-hop-limit in the router advertisement messages. It informs the nodes on the subnet about the hop-limit when originating IPv6 packets.

Default

current-hop-limit 64

Parameters

number

Specifies the hop limit.

Values

0 to 255. A value of zero means there is an unspecified number of hops.

Platforms

All

custom-option

custom-option

Syntax

custom-option option-number address [ip-address]

custom-option option-number address ipv6-address [ipv6-address]

custom-option option-number domain [domain-string]

custom-option option-number hex hex-string

custom-option option-number string ascii-string

no custom-option option-number

Context

[Tree] (config>router>dhcp>server>pool>subnet>options custom-option)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options custom-option)

[Tree] (config>service>vprn>dhcp>server>pool>options custom-option)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options custom-option)

[Tree] (config>router>dhcp>server>pool>options custom-option)

Full Context

configure router dhcp local-dhcp-server pool subnet options custom-option

configure subscriber-mgmt local-user-db ppp host options custom-option

configure service vprn dhcp local-dhcp-server pool options custom-option

configure subscriber-mgmt local-user-db ipoe host options custom-option

configure router dhcp local-dhcp-server pool options custom-option

Description

This command configures specific DHCP options. The options defined here can overrule options in the local user database.

The no form of the removes the custom option parameters from the configuration.

Parameters

option-number

Specifies up to four option numbers that the DHCP server uses to send the identification strings to the DHCP client.

Values

1 to 254

ip-address

Specifies the IP address of a host.

Values

a.b.c.d

ipv6-address

Specifies the IPv6 address of a host. Applicable to DHCP6 only.

Values

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

domain-string

Specifies the domain name, up to 127 characters.

hex-string

Specifies the hex value of this option.

Values

0x0 to 0xFFFFFFFF (up to 254 hex nibbles)

ascii-string

Specifies the value of this option, up to 127 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

custom-option

Syntax

custom-option option-number address [ipv6-address]

custom-option option-number domain [domain-string]

custom-option option-number hex hex-string

custom-option option-number string ascii-string

no custom-option option-number

Context

[Tree] (config>service>vprn>dhcp6>server>pool>options custom-option)

[Tree] (config>router>dhcp6>server>pool>options custom-option)

[Tree] (config>router>dhcp6>server>pool>prefix>options custom-option)

[Tree] (config>service>vprn>dhcp6>server>pool>prefix>options custom-option)

[Tree] (config>router>dhcp6>server>defaults>options custom-option)

Full Context

configure service vprn dhcp6 local-dhcp-server pool options custom-option

configure router dhcp6 local-dhcp-server pool options custom-option

configure router dhcp6 local-dhcp-server pool prefix options custom-option

configure service vprn dhcp6 local-dhcp-server pool prefix options custom-option

configure router dhcp6 local-dhcp-server defaults options custom-option

Description

This command configures specific DHCP6 options. The options defined here can overrule options in the local user database.

The no form of the removes the custom option parameters from the configuration.

Parameters

option-number

Specifies up to four option numbers that the DHCP6 server uses to send the identification strings to the DHCP6 client.

Values

1 to 254

ipv6-address

Specifies the IPv6 address of a host.

Values

:ipv6-address

x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

domain-string

Specifies the domain name, up to 127 characters.

hex-string

Specifies the hex value of this option.

Values

0x0 to 0xFFFFFFFF (up to 254 hex nibbles)

ascii-string

Specifies the value of this option, up to 127 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router dhcp6 local-dhcp-server pool prefix options custom-option
  • configure service vprn dhcp6 local-dhcp-server pool prefix options custom-option
  • configure service vprn dhcp6 local-dhcp-server pool options custom-option
  • configure router dhcp6 local-dhcp-server pool options custom-option

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure router dhcp6 local-dhcp-server defaults options custom-option

custom-option

Syntax

custom-option protocol option-number address ip-address

custom-option protocol option-number hex hex-string

custom-option protocol option-number string ascii-string

no custom-option protocol option-number

Context

[Tree] (config>subscr-mgmt>ppp-policy>options custom-option)

Full Context

configure subscriber-mgmt ppp-policy ppp-options custom-option

Description

This command provides the ability to configure custom PPP options.

Note:

Standard options such as the DNS name is returned from DHCP or RADIUS and be converted to PPP automatically. Compression is not supported.

The no form of this command removes the custom options from the configuration.

Parameters

protocol

Specifies a protocol for the custom option.

Values

lcp, ipcp, ipv6cp

option-number

Assigns an identifying number for the custom option.

Values

0 to 255

ip-address

Specifies the IP address in the a.b.c.d format.

ascii-string

Specifies an ASCII format string for the custom option up to 127 characters.

hex-string

Specifies a hex value for the custom option.

Values

[0x0 to 0xFFFFFF (up to 254 hex nibbles)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

custom-option

Syntax

custom-option option-number address [ip-address]

custom-option option-number hex hex-string

custom-option option-number string ascii-string

no custom-option option-number

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile>dhcp-pool>options custom-option)

Full Context

configure subscriber-mgmt vrgw brg brg-profile dhcp-pool options custom-option

Description

This command configures DHCP options.

Parameters

option-number

Specifies the number of this DHCP option.

ip-address

Specifies the IP address of this option. Up to 4 addresses can be assigned.

hex-string

Specifies the hex value of this option.

Values

0x0 to 0xFFFFFFFF (maximum 254 hex nibbles)

ascii-string

Specifies an ASCII value of this option.

Values

127 characters maximum

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

custom-protocol

custom-protocol

Syntax

custom-protocol custom-protocol-id ip-protocol-num protocol-id [create]

custom-protocol custom-protocol-id

no custom-protocol custom-protocol-id

Context

[Tree] (config>app-assure>group>policy custom-protocol)

Full Context

configure application-assurance group policy custom-protocol

Description

This command creates and enters configuration context for custom protocols. Custom protocols allow the creation of TCP and UDP-based custom protocols (based on the ip-protocol-num option) that employ pattern-match at offset in protocol signature definition.

Operator-configurable custom-protocols are evaluated ahead of any Nokia-provided protocol signature in order of custom-protocol-id (the lower ID is matched first in case of flow matching multiple custom-protocols) within the context the protocol is defined.

Custom protocols must be created before they can be used in application definition but do not have to be enabled. To reference a custom protocol in application definition, or any other CLI configuration one must use protocol name that is a concatenation of "custom_” and <custom-protocol-id>, (for example custom_01, custom_02 ... custom_10, and so on). This concatenation is also used when reporting custom protocol statistics.

Parameters

custom-protocol-id

Specifies the index into the protocol list that defines a custom protocol for application assurance.

Values

1 to 10

protocol-id

Specifies the IP protocol to match against for the custom protocol.

Values

6, 17, Protocol numbers accepted in DHB, keywords: tcp, udp

create

Mandatory keyword used when creating custom protocol. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

custom-record

custom-record

Syntax

[no] custom-record

Context

[Tree] (config>subscr-mgmt>acct-plcy custom-record)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record

Description

Commands in this context configure the layout and setting for a custom accounting record associated with this accounting policy.

The no form of this command reverts the configured values to the defaults.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

custom-record

Syntax

[no] custom-record

Context

[Tree] (config>log>acct-policy custom-record)

Full Context

configure log accounting-policy custom-record

Description

Commands in this context configure the layout and setting for a custom accounting record associated with this accounting policy.

The no form of this command reverts the configured values to the defaults.

Platforms

All

custom-x-header

custom-x-header

Syntax

custom-x-header x-header-name

no custom-x-header

Context

[Tree] (config>app-assure>group>url-filter>icap custom-x-header)

Full Context

configure application-assurance group url-filter icap custom-x-header

Description

This command configures the url-filter ICAP policy to include a new x-header field; the content of the x-header is populated based on AQP url-filter action which can optionally specify the ASO characteristic value to include in the x-header.

Default

no custom-x-header

Parameters

x-header-name

Specifies the name of the x-header added to the ICAP request.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

customer

customer

Syntax

customer customer-id [create] [ name name]

no customer customer-id

Context

[Tree] (config>service customer)

Full Context

configure service customer

Description

This command creates a customer ID and customer context used to associate information with a particular customer. Services can later be associated with this customer at the service level.

Each customer-id must be unique. The create keyword must follow each new customer customer-id entry.

Enter an existing customer customer-id (without the create keyword) to edit the customer’s parameters.

An optional customer name can be specified and is tied to the customer-name in the customer context (setting either customer-name or name will cause the other to change as well).

The no form of this command removes a customer-id and all associated information. Before removing a customer-id, all references to that customer in all services must be deleted or changed to a different customer ID.

Default

customer 1 always exists on the system and cannot be deleted.

Parameters

customer-id

Specifies the ID number to be associated with the customer, expressed as an integer.

Values

customer-id: 1 to 2147483647

customer-name: 64 characters maximum

create

This keyword is required when first creating the configuration context. Once the context is created, it is possible to navigate into the context without the create keyword.

name name

This parameter configures an optional customer name, up to 64 characters in length, which adds a name identifier to a given customer to then use that customer name in configuration references as well as display and use customer names in show commands throughout the system. This helps the service provider/administrator to identify and manage services within the SR OS platforms.

All services are required to assign a customer ID to initially create a customer. However, either the customer ID or the customer name can be used to identify and reference a given customer once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the customer-id as the name.

Values

name: 64 characters maximum

Platforms

All

customer-id-range

customer-id-range

Syntax

customer-id-range start customer-id end customer-id

no customer-id-range

Context

[Tree] (config>service>md-auto-id customer-id-range)

Full Context

configure service md-auto-id customer-id-range

Description

This command specifies the range of IDs used by SR OS to automatically assign an ID to customers that are created in model-driven interfaces without an ID explicitly specified by the user or client.

A customer created with an explicitly-specified ID cannot use an ID in this range. In the classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.

The no form of this command removes the range values.

See the config>service md-auto-id command for further details.

Default

no customer-id-range

Parameters

start customer-id

Specifies the lower value of the ID range. The value must be less than or equal to the end value.

Values

2 to 2147483647

end customer-id

Specifies the upper value of the ID range. The value must be greater than or equal to the start value.

Values

2 to 2147483647

Platforms

All

cut-through-packets

cut-through-packets

Syntax

cut-through-packets cut-through-packets

Context

[Tree] (debug>app-assure>group>traffic-capture>record cut-through-packets)

Full Context

debug application-assurance group traffic-capture record cut-through-packets

Description

This command records cut-through packet conditions.

Parameters

cut-through-packets

Indicates whether to capture cut-through only packets or cut-through and other packets, or to exclude them all together.

Values

exclude, include, only

Default

include

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR