g Commands

garp-flood-evpn

garp-flood-evpn

Syntax

[no] garp-flood-evpn

Context

[Tree] (config>service>vpls>proxy-arp garp-flood-evpn)

Full Context

configure service vpls proxy-arp garp-flood-evpn

Description

This command controls whether the system floods GARP-requests and GARP-replies to the EVPN. The GARPs impacted by this command are identified by the sender's IP being equal to the target's IP and the MAC DA being broadcast.

The no form of the command only floods to local SAPs or binds but not to EVPN destinations.

Disabling this command is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood GARP messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.

Default

garp-flood-evpn

Platforms

All

gateway

gateway

Syntax

gateway name name tunnel ip-address[:port] [nat-ip nat-ip[:port]] [detail] [no-dpd-debug] [ display-keys]

no gateway name name tunnel ip-address[:port] [nat-ip nat-ip[:port]

gateway name name tunnel-subnet ip-prefix/ip-prefix-length [port port] [detail] [no-dpd-debug] [display-keys]

no gateway name name tunnel-subnet ip-prefix/ip-prefix-length

Context

[Tree] (debug>ipsec gateway)

Full Context

debug ipsec gateway

Description

This command enables debugging for dynamic IPsec tunnels that terminate on the specified IPsec gateway.

The tunnel to be debugged can be specified by either its source address or source subnet. If a subnet is specified, the system will enable debugging for all tunnels with source addresses in the specified subnet.

Parameters

name

Specifies the name of the IPsec gateway up to 32 characters.

ip-address:port

Specifies the tunnel IP address of the remote peer and, optionally, the remote UDP port of IKE.

nat-ip:port

Specifies the inside IP address of the NAT tunnel and, optionally, the port.

detail

Specifies to display detailed debug information.

no-dpd-debug

Specifies to stop logging IKEv1 and IKEv2 DPD events during debug in order to produce less noise.

ip-prefix/ip-prefix-length

Specifies the subnet of the peer’s tunnel address.

display-keys

Specifies the IKE-SA and CHILD-SA keys for inclusion in the debug output.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gateway

Syntax

gateway [create]

no gateway

Context

[Tree] (config>mirror>mirror-dest>encap>layer-3-encap gateway)

Full Context

configure mirror mirror-dest encap layer-3-encap gateway

Description

This command configures the parameters to send the mirrored packets to a remote destination gateway. Once a gateway is created, no changes to the layer-3-encap type, router or direction-bit are allowed.

Platforms

All

gen-keypair

gen-keypair

Syntax

gen-keypair url-string curve {secp256r1 | secp384r1 | secp521r1}

gen-keypair url-string [size key-size] [type {rsa | dsa}]

Context

[Tree] (admin>certificate gen-keypair)

Full Context

admin certificate gen-keypair

Description

This command generates RSA, DSA, or ECDSA private key or public key pairs at the specified location.

Parameters

url-string

Specifies the path of the key file.

Values

url-string

<local-url> [up to 99 characters]

local-url

<cflash-id>/<file-path>

cflash-id

cf1: | cf2: | cf3:

curve

Generates an ECDSA key with a specified curve.

Values

secp256r1, secp384r1, secp521r1

key-size

Specifies the key size in bits.

The minimum key-size is 1024 when running in FIPS-140-2 mode.

Values

512 to 8192

Default

2048

type

Specifies the type of key.

Values

rsa, dsa

Default

rsa

Platforms

All

gen-local-cert-req

gen-local-cert-req

Syntax

gen-local-cert-req keypair url-string subject-dn subject-dn [domain-name name] [ip-addr ip-address] file cert-req-file-url [hash-alg hash-algorithm]

Context

[Tree] (admin>certificate gen-local-cert-req)

Full Context

admin certificate gen-local-cert-req

Description

This command generates a PKCS#10 formatted certificate request by using a local existing key pair file.

Parameters

url-string

Specifies the name of the keyfile in cf3:\system-pki\key that is used to generate a certificate request.

Values

url-string

<local-url> [up to 99 characters]

local-url

<cflash-id>/<file-path>

cflash-id

cf1: | cf2: | cf3:

subject-dn

Specifies the distinguish name that is used as the subject in a certificate request, including:

  • C-Country

  • ST-State

  • O-Organization name

  • OU-Organization Unit name

  • CN-common name

This parameter is formatted as a text string including any of the above attributes. The attribute and its value is linked by using "=”, and ",” is used to separate different attributes.

For example: C=US,ST=CA,O=ALU,CN=SR12

Values

attr1=val1,attr2=val2... where: attrN={C| ST| O| OU| CN}, 256 chars max

domain-name

Specifies a domain name string can be specified and included as the dNSName in the Subject Alternative Name extension of the certificate request.

ip-address

Specifies an IPv4 address string can be specified and included as the ipAddress in the Subject Alternative Name extension of the certificate request.

cert-req-file-url

Specifies the certificate URL. This URL could be either a local CF card path and filename to save the certificate request; or an FTP URL to upload the certificate request.

hash-algorithm

Specifies the hash algorithm to be used in a certificate request.

Values

sha1, sha224, sha256, sha384, sha512

Platforms

All

general-port

general-port

Syntax

general-port port-number

no general-port

Context

[Tree] (config>system>snmp general-port)

Full Context

configure system snmp general-port

Description

This command configures the port number used to receive SNMP request messages and send replies.

For the port used for SNMP notifications, configure the configure log snmp-trap-group trap-target port command.

The no form of the command reverts to the default value.

Default

general-port 161

Parameters

port-number

Specifies the port number used to send SNMP traffic other than traps.

Values

1 to 65535

Platforms

All

generate-basic-fec-only

generate-basic-fec-only

Syntax

[no] generate-basic-fec-only

Context

[Tree] (config>router>ldp generate-basic-fec-only)

Full Context

configure router ldp generate-basic-fec-only

Description

This command enables mLDP to generate a basic FEC despite the actual root node being resolved using BGP. This functionality is useful if a connected router does not support the mLDP recursive FEC type.

This command only operates with recursive opaque type 7 FECs and non-recursive type 1 FECs.

The no form of the command causes mLDP to generate a recursive FEC if the actual root node is resolved using BGP.

Default

no generate-basic-fec-only

Platforms

All

generate-icmp

generate-icmp

Syntax

[no] generate-icmp

Context

[Tree] (config>service>vprn>static-route-entry>black-hole generate-icmp)

Full Context

configure service vprn static-route-entry black-hole generate-icmp

Description

This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.

This command can only be associated with a static route that has a black-hole next-hop

The no form of this command removes the black-hole next-hop from static route configuration.

Default

no generate-icmp

Platforms

All

generate-icmp

Syntax

[no] generate-icmp

Context

[Tree] (config>router>static-route-entry>black-hole generate-icmp)

Full Context

configure router static-route-entry black-hole generate-icmp

Description

This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.

This command can only be associated with a static route that has a blackhole next-hop

The no form of this command removes the black-hole nexthop from the static route configuration.

Default

no generate-icmp

Platforms

All

generate-traps

generate-traps

Syntax

[no] generate-traps

Context

[Tree] (config>system>network-element-discovery generate-traps)

Full Context

configure system network-element-discovery generate-traps

Description

This command configures whether traps are generated every time a node is updated, added, or removed from the OSPF opaque database (using LSA type 10 opaque update).

The no form of causes traps to not be generated for database changes.

Platforms

All

get

get

Syntax

[no] get

Context

[Tree] (config>service>nat>pcp-server-policy>opcode get)

Full Context

configure service nat pcp-server-policy opcode get

Description

This command enables/disables support for the get opcode.

Default

no get

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

get

Syntax

[no] get

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get)

Full Context

configure system security profile netconf base-op-authorization get

Description

This command enables the NETCONF get operation.

The no form of this command disables the operation.

Default

no get

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

get-config

get-config

Syntax

[no] get-config

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get-config)

Full Context

configure system security profile netconf base-op-authorization get-config

Description

This command enables the NETCONF get-config operation.

The no form of this command disables the operation.

Default

no get-config

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

get-data

get-data

Syntax

[no] get-data

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get-data)

Full Context

configure system security profile netconf base-op-authorization get-data

Description

This command enables the NETCONF get-data operation.

The no form of this command disables the operation.

Default

no get-data

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

get-schema

get-schema

Syntax

[no] get-schema

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get-schema)

Full Context

configure system security profile netconf base-op-authorization get-schema

Description

This command enables the NETCONF get-schema operation.

The no form of this command disables the operation.

Default

no get-schema

Note:

The operation is enabled by default in the built-in system-generated administrative profile.

Platforms

All

ggsn

ggsn

Syntax

ggsn

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile ggsn)

Full Context

configure subscriber-mgmt gtp peer-profile ggsn

Description

Commands in this context configure communication with a GGSN Mobile Gateway.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ggsn-address

ggsn-address

Syntax

ggsn-address {ipv4 | ipv6}

no ggsn-address

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp ggsn-address)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp ggsn-address

Description

The command includes the GGSN-Address AVP value in all Diameter DCCA CCR messages. The value is either the local IPv4 address or local IPv6 address used to set up the diameter peer.

The no form of this command removes the GGSN-Address AVP from the Diameter DCCA CCR messages.

Parameters

ipv4 | ipv6

Specifies to include either the IPv4 or IPv6 address.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gi-address

gi-address

Syntax

gi-address ip-address

no gi-address

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host gi-address)

Full Context

configure subscriber-mgmt local-user-db ipoe host gi-address

Description

This command allows selection of GI addresses based on the host entry in LUDB.

The gi-address must be a valid address (associated with an interface) within the routing context that received the DHCP message on the access side.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IPv4 gi-address.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gi-address

Syntax

gi-address ip-address [src-ip-address]

no gi-address

Context

[Tree] (config>service>ies>sub-if>dhcp gi-address)

[Tree] (config>service>ies>if>dhcp gi-address)

[Tree] (config>service>vprn>sub-if>dhcp gi-address)

[Tree] (config>service>vprn>if>dhcp gi-address)

[Tree] (config>service>ies>sub-if>grp-if>dhcp gi-address)

Full Context

configure service ies subscriber-interface dhcp gi-address

configure service ies interface dhcp gi-address

configure service vprn subscriber-interface dhcp gi-address

configure service vprn interface dhcp gi-address

configure service ies subscriber-interface group-interface dhcp gi-address

Description

This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

By default, the GI address used in the relayed DHCP packet is the primary IP address of a normal IES interface. Specifying the GI address allows the user to choose a secondary address. For group interfaces a GI address must be specified under the group interface DHCP context or subscriber-interface DHCP context in order for DHCP to function.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the host IP address to be used for DHCP relay packets.

Values

a.b.c.d

src-ip-address

Specifies that this GI address is to be the source IP address for DHCP relay packets. This parameter is not applicable for PPPoE DHCP client messages (dhcp client-applications ppp).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface dhcp gi-address
  • configure service ies subscriber-interface group-interface dhcp gi-address
  • configure service ies subscriber-interface dhcp gi-address

All

  • configure service vprn interface dhcp gi-address
  • configure service ies interface dhcp gi-address

gi-address

Syntax

gi-address ip-address

no gi-address

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp gi-address)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp gi-address)

Full Context

configure service ies interface sap ipsec-gw dhcp gi-address

configure service vprn interface sap ipsec-gw dhcp gi-address

Description

This command specifies the gateway IP address of the DHCPv4 packets sent by the system. IPsec DHCP Relay uses only the gi-address configuration found under the IPsec gateway and does not take into account gi-address with src-ip-addr configuration below other interfaces.

Default

no gi-address

Parameters

ip-address

Specifies the host IP address to be used for DHCP relay packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gi-address

Syntax

gi-address ip-address [src-ip-addr]

no gi-address

Context

[Tree] (config>router>if>dhcp gi-address)

Full Context

configure router interface dhcp gi-address

Description

This command configures the gateway interface address for the DHCP relay. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

Default

no gi-address

Parameters

ip-address

Specifies the host IP address to be used for DHCP relay packets.

src-ip-addr

Uses the GI address as the source IP.

Platforms

All

global

global

Syntax

global file-url

no global

Context

[Tree] (config>system>login-control>login-scripts global)

Full Context

configure system login-control login-scripts global

Description

This command enables an operator to define a common CLI script that executes when any user logs into a CLI session. This login exec script is executed when any user (authenticated by any means including local user database, TACACS+, or RADIUS) opens a CLI session. This allows a user, for example, to define a common set of CLI aliases that are made available on the router for all users. This global login exec script is executed before any user-specific login exec files that may be configured.

This CLI script executes in the context of the user who opens the CLI session. Any commands in the script that the user is not authorized to execute will fail.

The no form of this command disables the execution of a global login-script.

Default

no global

Parameters

file-url

The path or directory name.

Platforms

All

global-id

global-id

Syntax

global-id global-id

no global-id

Context

[Tree] (config>router>mpls>mpls-tp global-id)

Full Context

configure router mpls mpls-tp global-id

Description

This command configures the MPLS-TP Global ID for the node. This is used as the 'from’ Global ID used by MPLS-TP LSPs originating at this node. If a value is not entered, the Global ID is taken to be Zero. This is used if the global-id is not configured. If an operator expects that inter-domain LSPs will be configured, then it is recommended that the global ID should be set to the local ASN of the node, as configured under config>system. If two-byte ASNs are used, then the most significant two bytes of the global-id are padded with zeros.

In order to change the value of the global-id, config>router>mpls>mpls-tp must be in the shutdown state. This will bring down all of the MPLS-TP LSPs on the node. New values a propagated to the system when a no shutdown is performed.

Default

no global-id

Parameters

global-id

Specifies the global ID for the node.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

global-sampling-rate

global-sampling-rate

Syntax

global-sampling-rate sampling-rate

no global-sampling-rate

Context

[Tree] (config>mirror global-sampling-rate)

Full Context

configure mirror global-sampling-rate

Description

This command configures the global sampling rate. The global sampling rate provides a higher sampling rate than the sampling rate specified on the mirror destination. The global sampling rate, when set, applies to all mirror destination services with the use-global-sampling-rate command configured.

The global sampling rate takes precedence over the sampling rate specified on a mirror destination. This means that when both the global-sampling-rate command and configure mirror mirror-dest sampling-rate command are configured under the same mirror destination, the system automatically samples using higher rate configured with the global-sampling-rate command and ignores the lower rate configured with the sampling-rate command.

The no form of this command removes all mirror destinations associated with the global sampling rate and causes all mirror destinations to mirror at the full rate, which means every packet is mirrored unless a mirror destination rate is specified. You must first remove the use-global-sampling-rate configuration, before you remove the global-sampling-rate configuration.

Default

no global-sampling-rate

Parameters

sampling-rate

Specifies the global sampling rate. The highest global sampling rate is 1 out of 2 packets and the lowest rate is 1 out of 255. For example, when 2 is the configured rate, the mirror destination samples 1 out of every 2 packets, or equivalent to sampling 50% of packets.

Values
2 to 255

Platforms

All

global-sid-entries

global-sid-entries

Syntax

global-sid-entries global-sid-entries

Context

[Tree] (conf>router>sr>srv6>micro-segment global-sid-entries)

Full Context

configure router segment-routing segment-routing-v6 micro-segment global-sid-entries

Description

This command configures the maximum number of unique micro-segment locators that can be configured network wide. The value is expressed as the number of multiples of 1024 and must be the same on every platform network wide.

Default

global-sid-entries 16

Parameters

global-sid-entries

Specifies the maximum number of unique micro-segment locators.

Values
4 to 60 (in steps of 4)

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

global-timeouts

global-timeouts

Syntax

global-timeouts

Context

[Tree] (config>system>management-interface>ops global-timeouts)

Full Context

configure system management-interface operations global-timeouts

Description

Commands in this context configure system timeout parameters for operational commands.

Timeout parameters provide default system-level control for various types of operational commands in model-driven interfaces. The timeout values are used when specific execution and retention timeouts are not requested for a specific operation.

Platforms

All

global-variables

global-variables

Syntax

global-variables

no global-variables

Context

[Tree] (config>router>policy-options global-variables)

Full Context

configure router policy-options global-variables

Description

This command enables the global-variables configuration context.

The no form of this command removes all global variables.

Platforms

All

gnmi

gnmi

Syntax

gnmi

Context

[Tree] (config>system>grpc gnmi)

Full Context

configure system grpc gnmi

Description

Commands in this context configure a gNMI service on gRPC.

Platforms

All

gnmi-capabilities

gnmi-capabilities

Syntax

gnmi-capabilities {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-capabilities)

Full Context

configure system security profile grpc rpc-authorization gnmi-capabilities

Description

This command permits the use of Capability RPC for a user associated with the given format.

The no form of this command reverts to the default value.

Default

gnmi-capabilities permit

Parameters

permit

Specifies that the use of the Capability RPC is permitted.

deny

Specifies that the use of the Capability RPC is denied.

Platforms

All

gnmi-get

gnmi-get

Syntax

gnmi-get {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-get)

Full Context

configure system security profile grpc rpc-authorization gnmi-get

Description

This command permits the use of Get RPC.

The no form of this command reverts to the default value.

Default

gnmi-get permit

Parameters

permit

Specifies that the use of the Get RPC is permitted.

deny

Specifies that the use of the Get RPC is denied.

Platforms

All

gnmi-set

gnmi-set

Syntax

gnmi-set {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-set)

Full Context

configure system security profile grpc rpc-authorization gnmi-set

Description

This command permits the use of Set RPC.

The no form of this command reverts to the default value.

Default

gnmi-set permit

Parameters

permit

Specifies that the use of the Set RPC is permitted.

deny

Specifies that the use of the Set RPC is denied.

Platforms

All

gnmi-subscribe

gnmi-subscribe

Syntax

gnmi-subscribe {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-subscribe)

Full Context

configure system security profile grpc rpc-authorization gnmi-subscribe

Description

This command permits the use of Subscribe RPC.

The no form of this command reverts to the default value.

Default

gnmi-subscribe permit

Parameters

permit

Specifies that the use of the Subscribe RPC is permitted.

deny

Specifies that the use of the Subscribe RPC is denied.

Platforms

All

gnoi-cert-mgmt-cangenerate

gnoi-cert-mgmt-cangenerate

Syntax

gnoi-cert-mgmt-cangenerate {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-cangenerate)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-cangenerate

Description

This command permits the use of gNOI CanGenerateCSR RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-cangenerate deny

Parameters

permit

Specifies that the use of the gNOI CanGenerateCSR RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI CanGenerateCSR RPCs for the user profile is denied.

Platforms

All

gnoi-cert-mgmt-getcert

gnoi-cert-mgmt-getcert

Syntax

gnoi-cert-mgmt-getcert {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-getcert)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-getcert

Description

This command permits the use of gNOI GetCertificate RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-getcert deny

Parameters

permit

Specifies that the use of the gNOI GetCertificate RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI GetCertificate RPCs for the user profile is denied.

Platforms

All

gnoi-cert-mgmt-install

gnoi-cert-mgmt-install

Syntax

gnoi-cert-mgmt-install {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-install)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-install

Description

This command permits the use of gNOI Install RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-install deny

Parameters

permit

Specifies that the use of the gNOI Install RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI Install RPCs for the user profile is denied.

Platforms

All

gnoi-cert-mgmt-revoke

gnoi-cert-mgmt-revoke

Syntax

gnoi-cert-mgmt-revoke {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-revoke)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-revoke

Description

This command permits or denies the use of gNOI RevokeCertificates RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-revoke deny

Parameters

permit

Specifies that the use of gNOI RevokeCertificates RPCs for the user profile is permitted.

deny

Specifies that the use of gNOI RevokeCertificates RPCs for the user profile is denied.

Platforms

All

gnoi-cert-mgmt-rotate

gnoi-cert-mgmt-rotate

Syntax

gnoi-cert-mgmt-rotate {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-rotate)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-rotate

Description

This command permits the use of gNOI Rotate RPCs for the user profile.

Default

gnoi-cert-mgmt-rotate deny

Parameters

permit

Specifies that the use of the gNOI Rotate RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI Rotate RPCs for the user profile is denied.

Platforms

All

gnoi-file-get

gnoi-file-get

Syntax

gnoi-file-get {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-get)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-get

Description

This command permits the use of gNOI File Get RPC for a file from a target location.

Default

gnoi-file-get permit

Parameters

permit

Specifies that the use of the gNOI File Get RPC is permitted.

deny

Specifies that the use of the gNOI File Get RPC is denied.

Platforms

All

gnoi-file-put

gnoi-file-put

Syntax

gnoi-file-put {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-put)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-put

Description

This command permits the use of gNOI File Put RPC to write to a file on a target location.

Default

gnoi-file-put permit

Parameters

permit

Specifies that the use of the gNOI File Put RPC is permitted.

deny

Specifies that the use of the gNOI File Put RPC is denied.

Platforms

All

gnoi-file-remove

gnoi-file-remove

Syntax

gnoi-file-remove {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-remove)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-remove

Description

This command permits the use of gNOI File Remove RPC to remove a file from the specified target location.

Default

gnoi-file-remove permit

Parameters

permit

Specifies that the use of the gNOI File Remove RPC is permitted.

deny

Specifies that the use of the gNOI File Remove RPC is denied.

Platforms

All

gnoi-file-stat

gnoi-file-stat

Syntax

gnoi-file-stat {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-stat)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-stat

Description

This command permits the use of gNOI File Stat RPC to retrieve metadata for a file from the specified target location.

Default

gnoi-file-stat permit

Parameters

permit

Specifies that the use of the gNOI File Stat RPC is permitted.

deny

Specifies that the use of the gNOI File Stat RPC is denied.

Platforms

All

gnoi-file-transfertoremote

gnoi-file-transfertoremote

Syntax

gnoi-file-transfertoremote {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-transfertoremote)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-transfertoremote

Description

This command permits the use of the gNOI File TransferToRemote RPC to transfer the file from the target node to a specified remote location.

Default

gnoi-file-transfertoremote permit

Parameters

permit

Specifies that the use of the gNOI File TransferToRemote RPC is permitted.

deny

Specifies that the use of the gNOI File TransferToRemote RPC is denied.

Platforms

All

gnoi-system-cancelreboot

gnoi-system-cancelreboot

Syntax

gnoi-system-cancelreboot {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-cancelreboot)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-cancelreboot

Description

This command permits the use of gNOI System CancelReboot RPC for a user-given profile.

Default

gnoi-system-cancelreboot deny

Parameters

permit

Specifies that the use of gNOI System CancelReboot RPC is permitted.

deny

Specifies that the use of gNOI System CancelReboot RPC is denied.

Platforms

All

gnoi-system-ping

gnoi-system-ping

Syntax

gnoi-system-ping {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-ping)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-ping

Description

This command permits the use of the gNOI Ping RPC to execute the ping command on the target node and stream back the results.

Default

gnoi-system-ping permit

Parameters

permit

Specifies that the use of the gNOI Ping RPC is permitted.

deny

Specifies that the use of the gNOI Ping RPC is denied.

Platforms

All

gnoi-system-reboot

gnoi-system-reboot

Syntax

gnoi-system-reboot {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-reboot)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-reboot

Description

This command permits the use of gNOI System Reboot RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-reboot deny

Parameters

permit

Specifies that the use of gNOI System Reboot RPC is permitted.

deny

Specifies that the use of gNOI System Reboot RPC is denied.

Platforms

All

gnoi-system-rebootstatus

gnoi-system-rebootstatus

Syntax

gnoi-system-rebootstatus {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-rebootstatus)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-rebootstatus

Description

This command permits the use of gNOI System RebootStatus RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-rebootstatus deny

Parameters

permit

Specifies that the use of gNOI System RebootStatus RPC is permitted for a user-given profile.

deny

Specifies that the use of gNOI System RebootStatus RPC is denied.

Platforms

All

gnoi-system-setpackage

gnoi-system-setpackage

Syntax

gnoi-system-setpackage {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-setpackage)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-setpackage

Description

This command permits the use of gNOI System SetPackage RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-setpackage deny

Parameters

deny

Specifies that the use of gNOI System SetPackage RPC is denied.

permit

Specifies that the use of gNOI System SetPackage RPC is permitted.

Platforms

All

gnoi-system-switchcontrolprocessor

gnoi-system-switchcontrolprocessor

Syntax

gnoi-system-switchcontrolprocessor {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-switchcontrolprocessor)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-switchcontrolprocessor

Description

This command permits the use of gNOI System SwitchControlProcessor RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-switchcontrolprocessor deny

Parameters

deny

Specifies that the use of gNOI System SwitchControlProcessor RPC is denied.

permit

Specifies that the use of gNOI System SwitchControlProcessor RPC is permitted.

Platforms

All

gnoi-system-time

gnoi-system-time

Syntax

gnoi-system-time {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-time)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-time

Description

This command permits the use of the gNOI Time RPC to return the current time on the target node.

Default

gnoi-system-time permit

Parameters

permit

Specifies that the use of the gNOI Time RPC is permitted.

deny

Specifies that the use of the gNOI Time RPC is denied.

Platforms

All

gnoi-system-traceroute

gnoi-system-traceroute

Syntax

gnoi-system-traceroute {permit | deny}

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-traceroute)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-traceroute

Description

This command permits the use of the gNOI Traceroute RPC to execute the traceroute command on the target node and stream back the results.

Default

gnoi-system-traceroute permit

Parameters

permit

Specifies that the use of the gNOI Traceroute RPC is permitted.

deny

Specifies that the use of the gNOI Traceroute RPC is denied.

Platforms

All

gnss

gnss

Syntax

gnss

Context

[Tree] (config>port gnss)

Full Context

configure port gnss

Description

Commands in this context configure global navigation satellite systems (GNSS) port attributes for platforms that support one or more embedded GNSS receivers. This command is supported for use with the following ports:

  • A/gnss (7750 SR FP5 single-slot platforms and slot A of 7750 SR-2e platforms)
  • B/gnss (slot B of 7750 SR-2e platforms)

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se

gnss

Syntax

gnss

Context

[Tree] (config>system>sync-if-timing gnss)

Full Context

configure system sync-if-timing gnss

Description

Commands in this context configure parameters for system timing using global navigation satellite systems (GNSS) on platforms that support one or more embedded GNSS receivers.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se

goto

goto

Syntax

goto line

Context

[Tree] (candidate goto)

Full Context

candidate goto

Description

This command changes the edit point of the candidate configuration. The edit point is the point after which new commands are inserted into the candidate configuration as an operator navigates the CLI and issues commands in edit-cfg mode.

Parameters

line

Indicates which line to change starting at the point indicated by the following options.

Values

line, offset, first, edit-point, last

line

absolute line number

offset

relative line number to current edit point. Prefixed with '+' or '-'

first

keyword - first line

edit-point

keyword - current edit point

last

keyword - last line that is not 'exit'

Platforms

All

gprs-negotiated-qos-profile

gprs-negotiated-qos-profile

Syntax

[no] gprs-negotiated-qos-profile

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute gprs-negotiated-qos-profile)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute gprs-negotiated-qos-profile

Description

This command enables the inclusion of the 3GPP QoS specification in AAA protocols as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the attribute.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gr-helper

gr-helper

Syntax

gr-helper [enable | disable]

Context

[Tree] (config>router>rsvp>if gr-helper)

Full Context

configure router rsvp interface gr-helper

Description

This command enables the RSVP Graceful Restart Helper feature.

The RSVP-TE Graceful Restart helper mode allows the SR OS based system (the helper node) to provide another router that has requested it (the restarting node) a grace period, during which the system will continue to use RSVP sessions to neighbors requesting the grace period. This is typically used when another router is rebooting its control plane but its forwarding plane is expected to continue to forward traffic based on the previously available Path and Resv states.

The user can enable Graceful Restart helper on each RSVP interface separately. When the GR helper feature is enabled on an RSVP interface, the node starts inserting a new Restart_Cap Object in the Hello packets to its neighbor. The restarting node does the same and indicates to the helper node the desired Restart Time and Recovery Time.

The GR Restart helper consists of a couple of phases. Once it loses Hello communication with its neighbor, the helper node enters the Restart phase. During this phase, it preserves the state of all RSVP sessions to its neighbor and waits for a new Hello message.

Once the Hello message is received indicating the restarting node preserved state, the helper node enters the recovery phase in which it starts refreshing all the sessions that were preserved. The restarting node will activate all the stale sessions that are refreshed by the helper node. Any Path state which did not get a Resv message from the restarting node once the Recovery Phase time is over is considered to have expired and is deleted by the helper node causing the proper Path Tear generation downstream.

The duration of the restart phase (recovery phase) is equal to the minimum of the neighbor’s advertised Restart Time (Recovery Time) in its last Hello message and the locally configured value of the max-restart (max-recovery) parameter.

When GR helper is enabled on an RSVP interface, its procedures apply to the state of both P2P and P2MP RSVP LSP to a neighbor over this interface.

Default

disable

Platforms

All

gr-helper-time

gr-helper-time

Syntax

gr-helper-time max-recovery recovery-interval max-restart restart-interval

no gr-helper-time

Context

[Tree] (config>router>rsvp gr-helper-time)

Full Context

configure router rsvp gr-helper-time

Description

This command configures the local values for the max-recovery and the max-restart intervals used in the RSVP Graceful Restart Helper feature.

The values are configured globally in RSVP but separate instances of the timers are applied to each RSVP interface that has the RSVP Graceful Restart Helper enabled.

The no version of this command re-instates the default value for the delay timer.

Default

gr-helper-time max-recovery 300 max-restart 120

Parameters

recovery-interval

Specifies the max recovery interval value in seconds.

Values

1 to 1800

restart-interval

Specifies the max restart interval value in seconds.

Values

1 to 300

Platforms

All

grace

grace

Syntax

grace

Context

[Tree] (config>eth-ring>path>eth-cfm>mep grace)

[Tree] (config>eth-tunnel>path>eth-cfm>mep grace)

[Tree] (config>port>ethernet>eth-cfm>mep grace)

[Tree] (config>lag>eth-cfm>mep grace)

Full Context

configure eth-ring path eth-cfm mep grace

configure eth-tunnel path eth-cfm mep grace

configure port ethernet eth-cfm mep grace

configure lag eth-cfm mep grace

Description

Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

grace

Syntax

grace

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep grace)

[Tree] (config>service>ipipe>sap>eth-cfm>mep grace)

[Tree] (config>service>epipe>sap>eth-cfm>mep grace)

Full Context

configure service epipe spoke-sdp eth-cfm mep grace

configure service ipipe sap eth-cfm mep grace

configure service epipe sap eth-cfm mep grace

Description

Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

grace

Syntax

grace

Context

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep grace)

[Tree] (config>service>vpls>eth-cfm>mep grace)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep grace)

[Tree] (config>service>vpls>sap>eth-cfm>mep grace)

Full Context

configure service vpls mesh-sdp eth-cfm mep grace

configure service vpls eth-cfm mep grace

configure service vpls spoke-sdp eth-cfm mep grace

configure service vpls sap eth-cfm mep grace

Description

Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

grace

Syntax

grace

Context

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep grace)

[Tree] (config>service>ies>if>sap>eth-cfm>mep grace)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep grace)

Full Context

configure service ies interface spoke-sdp eth-cfm mep grace

configure service ies interface sap eth-cfm mep grace

configure service ies subscriber-interface group-interface sap eth-cfm mep grace

Description

Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep grace
  • configure service ies interface spoke-sdp eth-cfm mep grace

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep grace

grace

Syntax

grace

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep grace)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep grace)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep grace)

Full Context

configure service vprn interface spoke-sdp eth-cfm mep grace

configure service vprn subscriber-interface group-interface sap eth-cfm mep grace

configure service vprn interface sap eth-cfm mep grace

Description

Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface sap eth-cfm mep grace
  • configure service vprn interface spoke-sdp eth-cfm mep grace

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm mep grace

grace

Syntax

grace

Context

[Tree] (config>router>if>eth-cfm>mep grace)

Full Context

configure router interface eth-cfm mep grace

Description

Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

grace-tx-enable

grace-tx-enable

Syntax

[no] grace-tx-enable

Context

[Tree] (config>port>ethernet>efm-oam grace-tx-enable)

[Tree] (config>system>ethernet>efm-oam grace-tx-enable)

Full Context

configure port ethernet efm-oam grace-tx-enable

configure system ethernet efm-oam grace-tx-enable

Description

Enables the sending of grace for all the enabled EFM-OAM sessions on the node. Disabled by default at the system level and enabled by default at the port level. The combination of the system level and port level configuration will determine if the grace function is enabled on the individual ports. Both the system level and the port level must be enabled in order to support grace on a specific port. If either level is disabled, grace is not enabled on those ports. Enabling grace during an active ISSU or soft reset does not invoke the grace function for the active event.

When both grace-tx-enable and config>system>ethernet>efm-oam dying-gasp-tx-on-reset, config>port>ethernet>efm-oam dying-gasp-tx-on-reset are active on the same port, grace-tx-enable takes precedence when a soft reset is invoked if the Peer Vendor OUI being received is 00:16:4d (ALU) or the configured config>port>ethernet>efm-oam grace-vendor-oui value. The grace-tx-enable command should not be configured if the Nokia Vendor Specific Grace TLV is not supported on the remote peer.

The no form of this command disables the sending of the Nokia Vendor Specific Grace TLV.

Default

config>system>ethernet>efm-oam>no grace-tx-enable

config>port>ethernet>efm-oam>grace-tx-enable

Platforms

All

grace-tx-enable

Syntax

[no] grace-tx-enable

Context

[Tree] (config>eth-cfm>system grace-tx-enable)

Full Context

configure eth-cfm system grace-tx-enable

Description

This command enables ETH-CFM grace transmission at the system level when a soft reset message is received and processed by the ETH-CFM module. Individual MEP configuration determines which of the two supported grace functions, ETH-VSM or ETH-ED, is used to announce grace.

This command controls the overall capability to transmit grace and does not control which grace announcement to use. This command also has no impact on the reception and processing of grace-style PDUs.

The no form of this command disables ETH-CFM grace transmission at the system level.

Default

grace-tx-enable

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

grace-vendor-oui

grace-vendor-oui

Syntax

grace-vendor-oui oui

no grace-vendor-oui

Context

[Tree] (config>port>ethernet>efm-oam grace-vendor-oui)

Full Context

configure port ethernet efm-oam grace-vendor-oui

Description

This optional command configures an additional peer vendor OUI which indicates support for the Vendor Specific EFM-OAM Grace functionality, allowing grace to be preferred over dying gasp when both are configured. This is in addition to the Nokia Vendor OUI 00:16:4d.

When both grace-tx-enable (config>system>ethernet>efm-oam grace-tx-enable, config>port>ethernet>efm-oam grace-tx-enable) and dying-gasp-tx-on-reset (config>system>ethernet>efm-oam dying-gasp-tx-on-reset, config>port>ethernet>efm-oam dying-gasp-tx-on-reset) are active on the same port, grace-tx-enable takes precedence when a soft reset is invoked if the Peer Vendor OUI being received is 00:16:4d (ALU) or the configured grace-vendor-oui value. The grace-tx-enable command should not be configured if the Nokia Vendor Specific Grace TLV is not supported on the remote peer, including Nokia 7750 SR equipment prior to release 11.0 R4.

The no form of this command removes the additional Vendor OUI but does not remove the Nokia 00:16:4d value.

Default

no grace-vendor-oui

Parameters

oui

Hex value in the range 00:00:00 to FF:FF:FF.

Platforms

All

graceful-restart

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>service>vprn>bgp>group>neighbor graceful-restart)

[Tree] (config>service>vprn>bgp graceful-restart)

[Tree] (config>service>vprn>bgp>group graceful-restart)

Full Context

configure service vprn bgp group neighbor graceful-restart

configure service vprn bgp graceful-restart

configure service vprn bgp group graceful-restart

Description

This command enables BGP graceful restart helper procedures (the "receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. In a VPRN, SR OS can support GR helper functionality for IPv4, IPv6, label-ipv4, flow-ipv4 (IPv4 FlowSpec) and flow-ipv6 (IPv6 FlowSpec) routes.

When a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.

The no form of this command disables graceful restart.

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>service>vprn>isis graceful-restart)

Full Context

configure service vprn isis graceful-restart

Description

This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.

Default

no graceful-restart

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>service>vprn>ospf graceful-restart)

[Tree] (config>service>vprn>ospf3 graceful-restart)

Full Context

configure service vprn ospf graceful-restart

configure service vprn ospf3 graceful-restart

Description

This command enables OSPF graceful restart (GR) to minimize service interruption.

When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.

The no form of this command disables GR and removes the GR configuration from the OSPF instance.

Default

no graceful-restart

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>router>ldp graceful-restart)

Full Context

configure router ldp graceful-restart

Description

This command enables graceful restart helper.

The no form of this command disables graceful restart.

Graceful restart helper configuration changes, enable/disable, or change of a parameter will cause the LDP session to bounce.

Default

no graceful-restart (disabled) — Graceful-restart must be explicitly enabled.

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>router>bgp graceful-restart)

[Tree] (config>router>bgp>group graceful-restart)

[Tree] (config>router>bgp>group>neighbor graceful-restart)

Full Context

configure router bgp graceful-restart

configure router bgp group graceful-restart

configure router bgp group neighbor graceful-restart

Description

This command enables BGP graceful restart helper procedures (the "receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. SR OS can support GR helper functionality for IPv4, IPv6, VPN-IPv4, VPN-IPv6, Label-IPv4, Label-IPv6, L2-VPN, Route-Target (RTC), Flow-IPv4 (IPv4 FlowSpec) and Flow-IPv6 (IPv6 FlowSpec) routes.

If a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.

The no form of this command disables graceful restart.

Default

no graceful-restart

Platforms

All

graceful-restart

Syntax

graceful-restart [neighbor ip-address | group name]

no graceful-restart

Context

[Tree] (debug>router>bgp graceful-restart)

Full Context

debug router bgp graceful-restart

Description

This command enables debugging for BGP graceful restart.

The no form of this command disables the debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>router>isis graceful-restart)

Full Context

configure router isis graceful-restart

Description

This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.

Default

no graceful-restart

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (debug>router>isis graceful-restart)

Full Context

debug router isis graceful-restart

Description

This command enables debugging for IS-IS graceful-restart.

The no form of the command disables debugging.

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (config>router>ospf3 graceful-restart)

[Tree] (config>router>ospf graceful-restart)

Full Context

configure router ospf3 graceful-restart

configure router ospf graceful-restart

Description

This command enables OSPF graceful restart (GR) to minimize service disruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router comes back up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, then the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the OSPF instance.

Default

no graceful-restart

Platforms

All

graceful-restart

Syntax

[no] graceful-restart

Context

[Tree] (debug>router>ospf graceful-restart)

[Tree] (debug>router>ospf3 graceful-restart)

Full Context

debug router ospf graceful-restart

debug router ospf3 graceful-restart

Description

This command enables debugging for OSPF and OSPF3 graceful restart.

Platforms

All

graceful-shutdown

graceful-shutdown

Syntax

[no] graceful-shutdown

Context

[Tree] (config>router>rsvp graceful-shutdown)

[Tree] (config>router>rsvp>interface graceful-shutdown)

Full Context

configure router rsvp graceful-shutdown

configure router rsvp interface graceful-shutdown

Description

This command initiates a graceful shutdown of the specified RSVP interface or all RSVP interfaces on the node if applied at the RSVP level. These are referred to as maintenance interface and maintenance node, respectively.

To initiate a graceful shutdown the maintenance node generates a PathErr message with a specific error sub-code of Local Maintenance on TE Link required for each LSP that is exiting the maintenance interface.

The node performs a single make-before-break attempt for all adaptive CSPF LSPs it originates and LSP paths using the maintenance interfaces. If an alternative path for an affected LSP is not found, then the LSP is maintained on its current path. The maintenance node also tears down and re-signals any detour LSP path using listed maintenance interfaces as soon as they are not active.

The maintenance node floods an IGP TE LSA/LSP containing Link TLV for the links under graceful shutdown with TE metric set to 0xffffffff and Unreserved Bandwidth parameter set to zero (0).

A head-end LER node, upon receipt of the PathErr message performs a single make-before-break attempt on the affected adaptive CSPF LSP. If an alternative path is not found, then the LSP is maintained on its current path.

A node does not take any action on the paths of the following originating LSPs after receiving the PathErr message:

a. An adaptive CSPF LSP for which the PathErr indicates a node address in the address list and the node corresponds to the destination of the LSP. In this case, there are no alternative paths which can be found.

b. An adaptive CSPF LSP whose path has explicit hops defined using the listed maintenance interface(s)/node(s).

c. A CSPF LSP with the adaptive option disabled and which current path is over the listed maintenance interfaces in the PathErr message. These are not subject to make-before-break.

d. A non CSPF LSP which current path is over the listed maintenance interfaces in the PathErr message.

The head-end LER node upon receipt of the updates IPG TE LSA/LSP for the maintenance interfaces updates the TE database. This information will be used at the next scheduled CSPF computation for any LSP which path may traverse any of the maintenance interfaces.

The no form of this command disables the graceful shutdown operation at the RSVP interface level or at the RSVP level. The configured TE parameters of the maintenance links are restored and the maintenance node floods the links.

Platforms

All

grafts

grafts

Syntax

grafts [source ip-address] [group grp-ip-address] [detail]

no grafts

Context

[Tree] (debug>router>pim grafts)

Full Context

debug router pim grafts

Description

This command enables debugging for PIM grafts.

The no form of this command disables PIM graft debugging.

Parameters

ip-address

Debugs graft information associated with the specified source.

Values

source address (ipv4, ipv6)

grp-ip-address

Debugs graft information associated with the specified group.

Values

multicast group address (ipv4, ipv6)

detail

Debugs detailed graft information.

Platforms

All

granularity

granularity

Syntax

granularity {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}

no granularity

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution granularity)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution granularity

Description

This command is used to create a step-like behavior where the operational PIR will round up to the nearest increment of the specified granularity before being applied to the child. The only exception is when the distributed bandwidth is less than 1% above a lower step value, in which case the lower step value is used.

This step-like behavior may be useful when the bandwidth used by an active child is well known. While the above-offered-cap command automatically adds a specified amount to the operational PIR of a child, the granularity command only increments the operational PIR to the next step value. While not expected to be used in conjunction, the above-offered-cap and granularity commands may be used simultaneously, in which case the above-offered-cap increase will be applied first, followed by the granularity rounding to the next step value.

If the granularity command is used with a percent-based value, the rounding up function of the configured PIR value on the policer or queue is based on the child’s administrative PIR. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.

If the child’s administrative PIR is modified while a percent-based granularity is in effect, the system automatically uses the new relative rounding value the next time the child’s operational PIR is determined.

When this command is not specified or removed, the system makes no attempt to round up the child’s determined operational PIR.

The no form of this command is used to remove the operational PIR rounding behavior from all child policers and queues associated with the policy.

Parameters

percent-of-admin-pir

When the percent qualifier is used, the following percent-of-admin-pir parameter specifies the percentage of the child’s administrative PIR that should be used as the rounding step value. If a value of 0 or 0.00 is used, the system will interpret this equivalent to no granularity.

Values

0.00 to 100.00

rate-in-kilobits-per-second

When the rate qualifier is used, the following rate-in-kilobits-per-second parameter specifies an explicit rate, in kb/s, that should be used as the child’s rounding step value. If a rate step of 0 is specified, the system interprets this equivalent to no granularity.

Values

0 to 100,000,000

Platforms

All

granularity

Syntax

granularity {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}

no granularity

Context

[Tree] (config>qos>adv-config-policy>child-control>offered-measurement granularity)

Full Context

configure qos adv-config-policy child-control offered-measurement granularity

Description

This command is used to adjust the sensitivity of the virtual scheduler to changes in the child offered rate. As the child offered rate is determined, it is compared to the previous offered rate. If the delta does not exceed the sensitivity threshold determined for the current offered rate, the change in offered rate is ignored for that iteration.

While it is assumed that changing the offered rate change sensitivity will be a rare occurrence, it may be prudent to react to smaller changes in the offered rate of a particular child policer or queue. Another possible reason for changing the sensitivity is that it may be desired to lower the impact of changes in offered rate on the virtual scheduler for a particular child by raising the granularity.

A side effect of higher sensitivity (lower granularity) is that the virtual scheduler may need to adjust the distributed bandwidth between all children more often, resulting in the possibility of lowering resources available to other virtual scheduler instances on the slot.

A side effect of lower sensitivity (higher granularity) is that the parent virtual scheduler may distribute insufficient bandwidth to the child resulting in dropped packets.

If the granularity command is used with a percent-based value, the sensitivity is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.

Except for the overall cap on the offered input into the virtual scheduler, the child’s administrative PIR has no effect on the calculated sensitivity if an explicit rate is specified.

If the child’s administrative PIR is modified while a percent-based granularity is in effect, the system automatically uses the new relative sensitivity value the next time the child’s offered rate is determined.

The no form of this command is used to restore the default offered rate sensitivity behavior to all child policers and queues associated with the policy.

Parameters

percent-of-admin-pir

When the percent qualifier is used, this parameter specifies the percentage of the child’s administrative PIR that are used as the threshold sensitivity to offered rate change. If a value of 0 or 0.00 is used, the system will interpret this equivalent to no granularity.

Values

1.00 to 100.00

rate-in-kilobits-per-second

When the rate qualifier is used, this parameter specifies an explicit rate, in kb/s, that are used as the child’s offered rate change sensitivity value. If a rate sensitivity of 0 is specified, the system interprets this equivalent to no granularity.

Values

0 to 100,000,000

Platforms

All

gratuitous-arp

gratuitous-arp

Syntax

gratuitous-arp {one-per-sap| one-per-outer-tag}

Context

[Tree] (config>subscr-mgmt>up-resiliency>fsg-template gratuitous-arp)

Full Context

configure subscriber-mgmt up-resiliency fate-sharing-group-template gratuitous-arp

Description

This command configures the granularity with which Gratuitous ARP packets are sent upon switchover events.

Parameters

one-per-sap

Specifies to send a single GARP per SAP. The Sender Protocol Address is any subnet associated with the SAP. If no subnet is available, the system IP is used.

one-per-outer-tag

Specifies to send a single GARP for all q-in-q SAPs sharing the same outer tag. For dot1q SAPs this behaves the same as one-per-sap. The Sender Protocol Address is any subnet associated with the SAP. If no subnet is available, the system IP is used.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gratuitous-rtr-adv

gratuitous-rtr-adv

Syntax

[no] gratuitous-rtr-adv

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipoe-linking gratuitous-rtr-adv)

[Tree] (config>service>ies>sub-if>ipoe-linking gratuitous-rtr-adv)

[Tree] (config>service>ies>sub-if>grp-if>ipoe-linking gratuitous-rtr-adv)

[Tree] (config>service>vprn>sub-if>ipoe-linking gratuitous-rtr-adv)

Full Context

configure service vprn subscriber-interface group-interface ipoe-linking gratuitous-rtr-adv

configure service ies subscriber-interface ipoe-linking gratuitous-rtr-adv

configure service ies subscriber-interface group-interface ipoe-linking gratuitous-rtr-adv

configure service vprn subscriber-interface ipoe-linking gratuitous-rtr-adv

Description

This command enables the generation of unsolicited Router-advertisement on creation of v4 host.

The no form of this command disables gratuitous-rtr-adv.

Default

gratuitous-rtr-adv

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gre

gre

Syntax

[no] gre

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>type gre)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query type gre

Description

This command enables matching on GRE tunnels.

The no form of this command disables matching on GRE tunnels, unless no other tunnel type specifier is configured.

Default

no gre

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gre

Syntax

[no] gre

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter gre)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter gre

Description

This command enables setting the tunnel type for the auto bind tunnel.

The gre encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted.

The no form of this command disables the setting the tunnel type for the auto bind tunnel.

Default

no gre

Platforms

All

gre

Syntax

gre

Context

[Tree] (config>test-oam>build-packet>header gre)

Full Context

configure test-oam build-packet header gre

Description

This command creates a GRE header for inclusion in test OAM build packet instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

gre-eth-bridged

gre-eth-bridged

Syntax

gre-eth-bridged

Context

[Tree] (config>service>system gre-eth-bridged)

Full Context

configure service system gre-eth-bridged

Description

Commands in this context configure parameters related to termination of a GRE tunnel carrying Ethernet payload onto a PW port by using Forwarding Path Extensions (FPE).

Platforms

All

gre-header

gre-header

Syntax

gre-header send-key send-key receive-key receive-key

no gre-header

Context

[Tree] (config>service>ies>if>sap>ip-tunnel gre-header)

[Tree] (config>service>vprn>if>sap>ip-tunnel gre-header)

Full Context

configure service ies interface sap ip-tunnel gre-header

configure service vprn interface sap ip-tunnel gre-header

Description

This command configures the type of the IP tunnel. If the gre-header command is configured then the tunnel is a GRE tunnel with a GRE header inserted between the outer and inner IP headers. If the no form of this command is configured then the tunnel is a simple IP-IP tunnel.

Default

no gre-header

Parameters

send-key send-key

Specifies a 32-bit unsigned integer.

Values

0 to 4294967295

receive-key receive-key

Specifies a 32-bit unsigned integer.

Values

0 to 4294967295

Platforms

All

gre-key

gre-key

Syntax

gre-key if-index

no gre-key

Context

[Tree] (config>filter>gre-tun-tmp>ipv4 gre-key)

Full Context

configure filter gre-tunnel-template ipv4 gre-key

Description

This command enables the population of the GRE key field in the GRE header sent with the encapsulated IP packet.

The no form of this command disables the population of the optional GRE key field when the matching IP packet is sent encapsulated in a GRE tunnel.

Parameters

if-index

Causes the GRE key field to be populated with the ifIndex of the ingress interface on which the matching IP packet was received.

Platforms

All

gre-termination

gre-termination

Syntax

[no] gre-termination

Context

[Tree] (config>router>if gre-termination)

Full Context

configure router interface gre-termination

Description

This command enables the termination of MPLS-over-GRE and IP-over-GRE packets on destination IP addresses from a user-defined subnet. The user defines a subnet for the termination of GRE packets by applying the gre-termination command to a numbered network IP interface, including a loopback interface.

For more information, refer to "IP-over-GRE and MPLS-over-GRE Termination on a User-Configured Subnet” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

The no form of this command disables the termination of MPLS-over-GRE and IP-over-GRE packets on the subnet of the interface. Packets are dropped.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

gre-tunnel-template

gre-tunnel-template

Syntax

gre-tunnel-template name [create]

no gre-tunnel-template name

Context

[Tree] (config>filter gre-tunnel-template)

Full Context

configure filter gre-tunnel-template

Description

Commands in this context configure a GRE tunnel template parameters to be used to tunnel associated traffic.

The no form of this command removes the GRE tunnel template from the configuration.

Parameters

name

Specifies a GRE tunnel template name up to 32 characters.

create

This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.

Platforms

All

group

group

Syntax

group name [create]

no group name

Context

[Tree] (config>qos>hw-agg-shap-sched-plcy group)

Full Context

configure qos hw-agg-shaper-scheduler-policy group

Description

This command creates a group within a hardware aggregate shaper scheduler policy.

The no form of this command removes the group from the policy.

Parameters

name

Specifies a group name, up to 32 characters.

Platforms

7750 SR-1, 7750 SR-s

group

Syntax

group tunnel-group-name [service-id service-id]

no group

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>l2tp group)

Full Context

configure subscriber-mgmt local-user-db ppp host l2tp group

Description

This command configures the L2TP tunnel group. The tunnel-group-name is configured in the config>router>l2tp context. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

Parameters

tunnel-group-name

Specifies an existing tunnel L2TP group, up to 63 characters.

service-id service-id

Specifies an existing service ID or service name.

Values

service-id: 1 to 214748364

service-name: up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

group tunnel-group-name [create]

group tunnel-group-name [create] [protocol protocol]

no group tunnel-group-name

Context

[Tree] (config>router>l2tp group)

[Tree] (config>service>vprn>l2tp group)

Full Context

configure router l2tp group

configure service vprn l2tp group

Description

This command configures an L2TP tunnel group.

The no form of this command reverts removes the tunnel group name from the configuration.

Parameters

tunnel-group-name

Specifies a name string to identify a L2TP group up to 63 characters in length.

create

This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.

protocol

Specifies the l2tp protocol for use.

Values

v2, v3, v3draft

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

group tunnel-group-name

Context

[Tree] (debug>router>l2tp group)

Full Context

debug router l2tp group

Description

This command enables and configures debugging for an L2TP group.

Parameters

tunnel-group-name

Specifies the tunnel group name, up to 63 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

group name [create]

no group name

Context

[Tree] (config>service>vpls>gsmp group)

[Tree] (config>service>vprn>gsmp group)

Full Context

configure service vpls gsmp group

configure service vprn gsmp group

Description

This command specifies a GSMP name. A GSMP group name is unique only within the scope of the service in which it is defined.

The no form of this command reverts to the default.

Parameters

name

Specifies a GSMP name up to 32 characters.

create

Keyword used to create the GSMP group name. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

group

Syntax

[no] group ip-address

Context

[Tree] (config>subscr-mgmt>igmp-policy>static group)

Full Context

configure subscriber-mgmt igmp-policy static group

Description

This command adds or removes a static multicast group.

The no form of this command reverts to the default value.

Parameters

ip-address

Specifies the multicast group IP address.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

[no] group grp-ipv6-address

Context

[Tree] (config>subscr-mgmt>mld-policy>static group)

Full Context

configure subscriber-mgmt mld-policy static group

Description

This command configures a static multicast group.

The no form of this command reverts to the default.

Parameters

grp-ipv6-address

Specifies the IPv6 address.

Values

ipv6-address - x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

- multicast group IPv6 address

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

[no] group group-name

Context

[Tree] (config>service>ies>rip group)

[Tree] (config>service>vprn>rip group)

Full Context

configure service ies rip group

configure service vprn rip group

Description

This command creates a context for configuring a RIP group of neighbors. RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of this command deletes the RIP neighbor interface group. Deleting the group also removes the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default

no group

Parameters

group-name

The RIP group name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

group

Syntax

group group-id rate rate

no group group-id

Context

[Tree] (config>port>ethernet>egress>hs-sched-ovr group)

Full Context

configure port ethernet egress hs-scheduler-overrides group

Description

This command overrides a group rate configured in the HS scheduler policy applied to the port egress.

The no form of this command removes the rate override from the port egress configuration.

Parameters

group-id

Specifies the group ID.

Values

1

rate

Specifies the maximum rate in megabits per second. When the max keyword follows the rate keyword, the bandwidth limitation is removed from the group. The max keyword is mutually exclusive to the rate parameter. Either the max keyword or a rate value must follow the rate keyword.

Values

1 to 100000, max

Platforms

7750 SR-7/12/12e

group

Syntax

group sonet-sdh-index payload {tu3 | vt2 | vt15}

Context

[Tree] (config>port>sonet-sdh group)

Full Context

configure port sonet-sdh group

Description

This command configures payload of the SONET/SDH group.

This command is supported by TDM satellite, however the tu3 parameter is not.

For example:

config>port>sonet-sdh#

group tug3-1.1 payload tu3 group tug3-1.2 payload vt2 group tug3-1.3 payload vt2 group tug3-2.1 payload vt15 group tug3-2.2 payload vt15 group tug3-2.3 payload tu3 group tug3-3.1 payload tu3 group tug3-3.2 payload tu3 group tug3-3.3 payload tu3

Parameters

sonet-sdh-index

Specifies the components making up the specified SONET/SDH path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path.

tu3

Specifies the Tributary Unit Group (TUG3) on a path. Configures the port or channel for transport network use.

vt2

Configures the path as a virtual tributary group of type vt2.

vt15

Configures the path as a virtual tributary group of type vt15.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

group

Syntax

[no] group name

Context

[Tree] (config>router>bgp group)

Full Context

configure router bgp group

Description

Commands in this context configure a BGP peer group.

The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.

Default

no group

Parameters

name

Specifies the peer group name. Allowed values are any string, up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

group

Syntax

[no] group grp-ip-address

[no] group grp-ipv6-address

Context

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>static group)

[Tree] (config>service>vpls>sap>igmp-snooping>static group)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>static group)

[Tree] (config>service>vpls>sap>mld-snooping>static group)

[Tree] (config>service>vpls>igmp-snooping>static group)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>static group)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>static group)

Full Context

configure service vpls mesh-sdp mld-snooping static group

configure service vpls sap igmp-snooping static group

configure service vpls mesh-sdp igmp-snooping static group

configure service vpls sap mld-snooping static group

configure service vpls igmp-snooping static group

configure service vpls spoke-sdp mld-snooping static group

configure service vpls spoke-sdp igmp-snooping static group

Description

Commands in this context add a static multicast group as a (*, G) or as one or more (S,G) records. When a static MLD or IGMP group is added, multicast data for that (*,G) or (S,G) is forwarded to the specific SAP or SDP without receiving any membership report from a host.

Parameters

grp-ip-address

Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group.

grp-ipv6-address

Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

group

Syntax

group name [esm-dynamic-peer]

no group name

Context

[Tree] (config>service>vprn>bgp group)

Full Context

configure service vprn bgp group

Description

This command creates a context to configure a BGP peer group.

The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.

Parameters

name

Specifies the peer group name. Allowed values is a string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

esm-dynamic-peer

Specifies that the given BGP group is used by BGP peers created dynamically based on subscriber-hosts pointing to corresponding BGP peering policy. There can be only one BGP group with this flag set in any given VPRN. No BGP neighbors can be manually configured in a BGP group with this flag set.

Default

disabled

Platforms

All

group

Syntax

[no] group grp-ip-address

[no] group start grp-ip-address end grp-ip-address [step ip-address]

Context

[Tree] (config>service>vprn>igmp>if>static group)

Full Context

configure service vprn igmp interface static group

Description

This command adds a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Parameters

grp-ip-address

Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted decimal notation.

start grp-ip-address

Specifies the start multicast group address.

end grp-ip-address

Specifies the end multicast group address.

step ip-address

Specifies the step increment.

Platforms

All

group

Syntax

[no] group grp-ipv6-address

[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]

Context

[Tree] (config>service>vprn>mld>if>static group)

Full Context

configure service vprn mld interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.

The no form of this command removes the IPv6 address from the configuration.

Parameters

grp-ipv6-address

Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

start grp-ipv6-address

Specifies the start multicast group address.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

end grp-ipv6-address

Specifies the end multicast group address.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

step ipv6-address

Specifies the step increment.

Platforms

All

group

Syntax

[no] group group-name

Context

[Tree] (config>service>vprn>msdp group)

Full Context

configure service vprn msdp group

Description

This command enables access to the context to create or modify a Multicast Source Discovery Protocol (MSDP) group. To configure multiple MSDP groups, include multiple group statements.

By default, the group’s options are inherited from the global MSDP options. To override these global options, group-specific options within the group statement can be configured.

If the group name provided is already configured then this command only provides the context to configure the options pertaining to this group.

If the group name provided is not already configured, then the group name must be created and the context to configure the parameters pertaining to the group should be provided. In this case, the $ prompt to indicate that a new entity (group) is being created should be used.

For a group to be of use, at least one peer must be configured.

Default

no group

Parameters

group-name

Specifies a unique name for the MSDP group.

Platforms

All

group

Syntax

[no] group ip-address [/mask]

Context

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi group)

Full Context

configure service vprn mvpn provider-tunnel selective multistream-spmsi group

Description

This command creates group prefixes that map to the multicast stream. At least one source must be specified for the policy to be active.

Parameters

Ip-address/mask

Specifies the IP address.

Values

ipv4-prefix

a.b.c.d

ipv4-prefix-le

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-le

[0..128]

Platforms

All

group

Syntax

group aa-group-id[:partition-id] [create]

no group aa-group-id:partition-id

Context

[Tree] (config>app-assure group)

Full Context

configure application-assurance group

Description

This command configures and enables the context to configure an application assurance group and partition parameters.

Parameters

aa-group-id

Specifies a group of ISA MDAs.

Values

1 to 255

partition-id

Specifies a partition within a group.

Values

1 to 65535

create

Keyword used to create the partition in the group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

group aa-group-id

Context

[Tree] (admin>app-assure group)

Full Context

admin application-assurance group

Description

This commands performs a group-specific upgrade.

Parameters

aa-group-id

Specifies the AA group identifier.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

group aa-group-id[:partition-id]

Context

[Tree] (debug>app-assure group)

Full Context

debug application-assurance group

Description

This command configures application-assurance within a group/partition debugging.

Parameters

aa-group-id[:partition-id]

Specifies the existing application assurance group and partition id.

Values

aa-group-id:parti* : aa-group-id[:partition-id]

aa-group-id

[1..255]

partition-id

[1..65535]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

[no] group grp-ip-address

[no] group start grp-ip-address end grp-ip-address [step ip-address]

Context

[Tree] (config>router>igmp>if>static group)

Full Context

configure router igmp interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Parameters

ip-address

Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group.

start grp-ip-address

Specifies the start multicast group address.

end grp-ip-address

Specifies the end multicast group address.

step ip-address

Specifies the step increment.

Platforms

All

group

Syntax

[no] group grp-ip-address

Context

[Tree] (config>router>igmp>tunnel-interface>static group)

Full Context

configure router igmp tunnel-interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records.

The user can assign static multicast group joins to a tunnel interface associated with an RSVP P2MP LSP.

A given (*,G) or (S,G) can only be associated with a single tunnel interface.

A multicast packet which is received on an interface and which succeeds the RPF check for the source address will be replicated and forwarded to all OIFs which correspond to the branches of the P2MP LSP. The packet is sent on each OIF with the label stack indicated in the NHLFE of this OIF. The packets will also be replicated and forwarded natively on all OIFs which have received IGMP or PIM joins for this (S,G).

The multicast packet can be received over a PIM or IGMP interface which can be an IES interface, a spoke SDP terminated IES interface, or a network interface.

Parameters

grp-ip-address

Specifies a multicast group address that receives data on a tunnel interface. The IP address must be unique for each static group.

Platforms

All

group

Syntax

[no] group grp-ipv6-address

[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]

Context

[Tree] (config>router>mld>if>static group)

Full Context

configure router mld interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.

The no form of this command removes the IPv6 address from the configuration.

Parameters

grp-ipv6-address

Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

start grp-ipv6-address

Specifies the start multicast group address.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

end grp-ipv6-address

Specifies the end multicast group address.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

step ipv6-address

Specifies the step increment.

Platforms

All

group

Syntax

[no] group group-name

Context

[Tree] (config>router>msdp group)

Full Context

configure router msdp group

Description

This command enables access to the context to create or modify a Multicast Source Discovery Protocol (MSDP) group. To configure multiple MSDP groups, include multiple group statements.

By default, the group’s options are inherited from the global MSDP options. To override these global options, group-specific options within the group statement can be configured.

If the group name provided is already configured then this command only provides the context to configure the options pertaining to this group.

If the group name provided is not already configured, then the group name must be created and the context to configure the parameters pertaining to the group should be provided. In this case, the $ prompt to indicate that a new entity (group) is being created should be used.

For a group to be of use, at least one peer must be configured.

The no form of this command removes the group-name from the MSDP configuration.

Default

no group

Parameters

group-name

Species a MSDP group name, up to 32 characters.

Platforms

All

group

Syntax

group group-id rate rate

no group group-id

Context

[Tree] (config>qos>hs-scheduler-policy group)

Full Context

configure qos hs-scheduler-policy group

Description

This command defines the maximum rate allowed for the scheduling classes mapped to the specified group-id. A group is a scheduling component used to combine up to six consecutive scheduling classes into a single strict priority level. Each scheduling class within the group has an associated weight. When the scheduler is servicing the strict level associated with the group, the ratio of bandwidth allocated to each scheduling class within the group during congestion is relative to the ratio of the weight of each active member.

The no form of the command reverts to the default.

Default

group 1 rate max

Parameters

group-id

Specifies the group ID. The group always exists and does not need to be created prior to defining group membership.

Values

1

rate

Specifies the maximum rate in megabits per second. When the max keyword follows the rate keyword, the bandwidth limitation is removed from the group. The max keyword and the rate parameter are mutually exclusive. Either max or a rate value must follow the rate keyword.

Values

1 to 100000, max

Platforms

7750 SR-7/12/12e

group

Syntax

group name [create]

no group name

Context

[Tree] (config>qos>port-scheduler-policy group)

Full Context

configure qos port-scheduler-policy group

Description

This command defines a weighted scheduler group within a port scheduler policy.

The port scheduler policy defines a set of eight priority levels. The weighted scheduler group allows for the application of a scheduling weight to groups of child queues competing at the same priority level of the port scheduler policy applied to a Vport defined in the context of the egress of an Ethernet port or applied to the egress of an Ethernet port.

Up to eight groups can be defined within each port scheduler policy. One or more levels can map to the same group. A group has a rate and, optionally, a cir-rate, and inherits the highest scheduling priority of its member levels. A group receives bandwidth from the port or from the Vport and distributes it within the member levels of the group according to the weight of each level within the group.

Each priority level will compete for bandwidth within the group based on its weight under a congestion situation. If there is no congestion, a priority level can achieve up to its rate (cir-rate) worth of bandwidth.

CLI will enforce that mapping of levels to a group are contiguous. A user would not be able to add a priority level to a group unless the resulting set of priority levels is contiguous.

The no form of this command removes the group from the port scheduler policy.

Parameters

name

Specifies the name of the weighted scheduler group and can be up to 32 ASCII characters.

create

This keyword is mandatory when creating the specified group.

Platforms

All

group

Syntax

group aa-group-id

Context

[Tree] (admin>application-assurance group)

Full Context

admin application-assurance group

Description

Commands in this context perform a group-specific upgrade.

Parameters

aa-group-id

Specifies an AA ISA group ID.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

group

Syntax

group group-name

no group

Context

[Tree] (config>system>security>user>snmp group)

Full Context

configure system security user snmp group

Description

This command associates (or links) a user to a group name. The group name must be configured with the config>system>security>user >snmp>group command. The config>system>security>user access command links the group with one or more views, security model (s), security level (s), and read, write, and notify permissions.

Parameters

group-name

Enter the group name (between 1 and 32 alphanumeric characters) that is associated with this user. A user can be associated with one group-name per security model.

Platforms

All

group

Syntax

[no] group group-name

Context

[Tree] (config>router>ripng group)

[Tree] (config>router>rip group)

Full Context

configure router ripng group

configure router rip group

Description

This command creates a context for configuring a RIP group of neighbor interfaces.

RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default

no group

Parameters

group-name

Specifies the RIP group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

group

Syntax

[no] group ip-address [/mask]

Context

[Tree] (config>service>vprn>mvpn>pt>selective>umh-rm group)

Full Context

configure service vprn mvpn provider-tunnel selective umh-rate-monitoring group

Description

This command configures UMH bandwidth monitoring for the specified <S,G>.

The no form of the command removes UMH bandwidth monitoring from the specified <S,G>.

Parameters

Ip-address/mask

Specifies the IP address.

Values

ipv4-prefix

a.b.c.d

ipv4-prefix-le

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-le

[0..128]

Platforms

All

group

Syntax

group down time | no group down

group up time | no group up

Context

[Tree] (config>service>oper-group>hold-time group)

Full Context

configure service oper-group hold-time group

Description

The group down form of the command configures the number of seconds to wait before notifying clients monitoring this group when its operational status transitions from up to down.

The group up form of the command configures the number of seconds to wait before notifying clients monitoring this group when its operational status transitions from down to up. A value of zero indicates that transitions are reported immediately to monitoring clients. The up time option is a must to achieve fast convergence: when the group comes up, the monitoring MH site that tracks the group status may wait without impacting the overall convergence; there is usually a pair MH site that is already handling the traffic.

The no form of the command sets the values back to the default.

Default

group down 0

group up 4

Parameters

time

Specifies the group up or group down time value.

Values

0 to 3600

Platforms

All

group-address

group-address

Syntax

group-address prefix-list-name

no group-address

Context

[Tree] (config>router>policy-options>policy-statement>entry>from group-address)

Full Context

configure router policy-options policy-statement entry from group-address

Description

This command specifies the multicast group-address prefix list containing multicast group-addresses that are embedded in the join or prune packet as a filter criterion. The prefix list must be configured prior to entering this command. Prefix lists are configured in the config>router>policy-options>prefix-list context.

The no form of this command removes the criterion from the configuration.

Default

no group-address

Parameters

prefix-list-name

Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The prefix-list-name is defined in the config>router>policy-options>prefix-list context.

Platforms

All

group-encryption

group-encryption

Syntax

group-encryption

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw group-encryption)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw group-encryption)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw group-encryption

configure service ies subscriber-interface group-interface wlan-gw group-encryption

Description

This command configures group encryption for the WLAN-GW group interface.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

group-encryption

Syntax

[no] group-encryption

Context

[Tree] (config>router>interface group-encryption)

Full Context

configure router interface group-encryption

Description

This command enables NGE on the router interface. When NGE is enabled on the interface, all received Layer 3 packets that have the protocol ID configured as ESP are considered to be NGE packets and must be encrypted using a valid set of keys from any preconfigured key group on the system.

The no form of this command disables NGE on the interface. NGE cannot be disabled unless all key groups and IP exception filters are removed.

Default

no group-encryption

Platforms

VSR

group-encryption

Syntax

group-encryption

Context

[Tree] (config group-encryption)

Full Context

configure group-encryption

Description

Commands in this context configure group encryption parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

group-encryption-label

group-encryption-label

Syntax

group-encryption-label encryption-label

no group-encryption-label

Context

[Tree] (config>grp-encryp group-encryption-label)

Full Context

configure group-encryption group-encryption-label

Description

This command configures the group encryption label used to identify when an MPLS payload is encrypted. This label must be unique network-wide and must be configured consistently on all nodes participating in a network group encryption domain. The label cannot be changed or deleted when there are any key groups configured on the node.

The no form of the command reverts to the default setting.

Parameters

encryption-label

The network-wide, unique reserved MPLS label for group encryption.

Values

32 to 2047

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

group-inserted-entries

group-inserted-entries

Syntax

group-inserted-entries application application location location

Context

[Tree] (config>filter>ipv6-filter group-inserted-entries)

[Tree] (config>filter>ip-filter group-inserted-entries)

Full Context

configure filter ipv6-filter group-inserted-entries

configure filter ip-filter group-inserted-entries

Description

This command groups automatically-inserted entries.

Parameters

application

Specifies the application for which the group entries are inserted.

Values

radius, credit-control

location

Specifies the location in the entry list in which the group entries are inserted.

Values

top, bottom

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-interface

group-interface

Syntax

group-interface ip-int-name [prefix {port-id}] [suffix {port-id}]

no group-interface

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>msap-defaults group-interface)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>msap-defaults group-interface)

Full Context

configure subscriber-mgmt local-user-db ppp host msap-defaults group-interface

configure subscriber-mgmt local-user-db ipoe host msap-defaults group-interface

Description

This command configures the group interface.

The no form of this command removes the group interface parameters from the configuration.

Parameters

ip-int-name

Specifies the IP interface name, up to 32 characters.

prefix port-id

Specifies the port ID as the prefix to the specified IP interface name.

suffix port-id

Specifies the port ID as the suffix to the specified IP interface name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-interface

Syntax

group-interface ip-int-name [create] [type]

no group-interface ip-int-name

Context

[Tree] (config>service>vprn>sub-if group-interface)

[Tree] (config>service>ies>sub-if group-interface)

Full Context

configure service vprn subscriber-interface group-interface

configure service ies subscriber-interface group-interface

Description

This command creates a group interface. This interface is designed for triple play services where multiple SAPs are part of the same subnet. A group interface may contain one or more SAPs.

The no form of this command removes the group interface from the subscriber interface.

Default

no group-interface

Parameters

ip-int-name

Specifies the interface name of a group interface. If the string contains special characters (#, $, spaces, and so on.), the entire string must be enclosed within double quotes.

type

Specifies the interface type.

Values

bonding — Specifies to use connection bonding.

gtp — Specifies to use GTP.

lns — Specifies to use LNS.

wlangw — Specifies to use WLANGW.

create

Keyword used to create the group interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-interface

Syntax

group-interface interface-name svc-id service-id

no group-interface

Context

[Tree] (config>subscr-mgmt>gtp>apn-policy>apn>defaults group-interface)

Full Context

configure subscriber-mgmt gtp apn-policy apn defaults group-interface

Description

This command configures the default group interface where the hosts of the GTP connection is enabled. The group interface must be of type gtp.

The no form of this command removes the default group interface. In this case, a group interface must be specified using authentication.

Default

no group-interface

Parameters

interface-name

Specifies the name of the group interface, up to 32 characters.

service-id

Specifies the ID of the service where the group interface resides.

Values

service-id:

1 to 2147483647

svc-name:

up to 64 characters

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

group-interface

Syntax

[no] group-interface ip-int-name

[no] group-interface fwd-service service-id ip-int-name

Context

[Tree] (config>service>vprn>igmp group-interface)

Full Context

configure service vprn igmp group-interface

Description

This command configures IGMP group interfaces.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies the name of the IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

fwd-service service-id

Specifies the service ID. This is only configured in the retailer VRF. This construct references the wholesaler service under which the group-interface (and the subscriber) is actually defined.

Values

1 to 2147483650, svc-name up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-interface

Syntax

[no] group-interface [fwd-service service-id] [ip-int-name]

Context

[Tree] (debug>router>igmp group-interface)

Full Context

debug router igmp group-interface

Description

This command enables debugging for IGMP group-interface.

The no form of the command disables debugging.

Parameters

service-id

Debugs information associated with the service ID.

Values

service-id: 1 to 2148278386

svc-name: up to 64 characters.

ip-int-name

Debugs information associated with the specified IP interface name.

Values

IP interface address

Platforms

All

group-interface

Syntax

[no] group-interface ip-int-name

Context

[Tree] (config>router>igmp group-interface)

[Tree] (config>router>igmp>if group-interface)

Full Context

configure router igmp group-interface

configure router igmp interface group-interface

Description

This command enables IGMP on a group-interface in a VRF context. Activating IGMP under the group-interface is a prerequisite for subscriber replication. The group-interface is also needed so that MCAC can be applied and various IGMP parameters defined.

This command can be used in a regular, wholesaler or retailer type of VRF. The retailer VRF does not have the concept of group-interfaces under the subscriber-interface hierarchy. In the case that this command is applied to a retailer VRF instance, the optional fwd-service command must be configured. The fwd-service command is referencing the wholesaler VRF in which the traffic is ultimately replicated. Redirection in the retailer VRF is supported.

This command enables IGMP on a group-interface in the Global Routing Table (GRT). The group-interface in GRT is defined under the IES service. Activating IGMP under the group-interface is a prerequisite for subscriber replication. The group-interface is also needed so that MCAC can be applied and various IGMP parameters defined.

Parameters

ip-int-name

Specifies the name of the group interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router igmp group-interface

All

  • configure router igmp interface group-interface

group-interface

Syntax

[no] group-interface ip-int-name

Context

[Tree] (config>router>mld group-interface)

Full Context

configure router mld group-interface

Description

This command creates and enables the context to configure MLD group interface parameters.

The no form of this command removes the interface name from the MLD configuration.

Parameters

ip-int-name

Specifies the IP group interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-interface-statistics

group-interface-statistics

Syntax

group-interface-statistics

Context

[Tree] (config>subscr-mgmt group-interface-statistics)

Full Context

configure subscriber-mgmt group-interface-statistics

Description

Commands in this context enable or disable the collection of group interface statistics.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-interface-template

group-interface-template

Syntax

group-interface-template name [create]

no group-interface-template name

Context

[Tree] (config>subscr-mgmt group-interface-template)

Full Context

configure subscriber-mgmt group-interface-template

Description

This command creates a template for specifying parameters for automatically generated group interfaces, for example, the creation of CUPS sessions. When no specific name is specified, a template named "default” is used, if it has been manually provisioned.

Parameters

name

Specifies the name of the group interface, up to 32 characters.

create

Keyword used to create the group interface template.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

group-list

group-list

Syntax

group-list name

no group-list

Context

[Tree] (config>system>security>tls>client-tls-profile group-list)

Full Context

configure system security tls client-tls-profile group-list

Description

This command assigns an existing TLS 1.3 group list to the TLS client profile.

The no form of this command removes the group list from the client profile.

Default

no group-list

Parameters

name

Specifies the name of the group list, up to 32 characters.

Platforms

All

group-list

Syntax

group-list name

no group-list

Context

[Tree] (config>system>security>tls>server-tls-profile group-list)

Full Context

configure system security tls server-tls-profile group-list

Description

This command assigns an existing TLS 1.3 group list to the TLS server profile.

The no form of this command removes the group list from the server profile.

Default

no group-list

Parameters

name

Specifies the name of the group list, up to 32 characters.

Platforms

All

group-name

group-name

Syntax

group-name group-name value group-value

no group-name group-name

Context

[Tree] (config>service>sdp-group group-name)

Full Context

configure service sdp-group group-name

Description

This command defines SDP administrative groups, referred to as SDP admin groups.

SDP admin groups provide a way for services using a pseudowire template to automatically include or exclude specific provisioned SDPs. SDPs sharing a specific characteristic or attribute can be made members of the same admin group. When users configure a pseudowire template, they can include and/or exclude one or more admin groups. When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.

A maximum of 32 admin groups can be created. The group value ranges from zero (0) to 31. It is uniquely associated with the group name at creation time. If the user attempts to configure another group name for a group value that is already assigned to an existing group name, the SDP admin group creation is failed. The same happens if the user attempts to configure an SDP admin group with a new name but associates it to a group value already assigned to an existing group name.

The no option of this command deletes the SDP admin group but is only allowed if the group-name is not referenced in a PW template or SDP.

Parameters

group-name

Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.

group-value

Specifies the group value associated with this SDP admin group. This value is unique within the system.

Values

0 to 31

Platforms

All

group-policy

group-policy

Syntax

group-policy policy-name

no group-policy

Context

[Tree] (config>service>vpls>mld-snooping>mvr group-policy)

[Tree] (config>service>vpls>sap>igmp-snooping>mvr group-policy)

[Tree] (config>service>vpls>pim-snooping group-policy)

[Tree] (config>service>vpls>igmp-snp>mvr group-policy)

Full Context

configure service vpls mld-snooping mvr group-policy

configure service vpls sap igmp-snooping mvr group-policy

configure service vpls pim-snooping group-policy

configure service vpls igmp-snooping mvr group-policy

Description

This command identifies filter policy of multicast groups to be applied to this VPLS entity. The sources of the multicast traffic must be a member of the VPLS.

The no form of this command removes the policy association from the VPLS configuration.

Default

no group-policy

Parameters

policy-name

Specifies the group policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context. The router policy must be defined before it can be imported.

Platforms

All

group-prefix

group-prefix

Syntax

group-prefix ip-address/mask [ip-address/mask] [starg]

no group-prefix ip-address/mask

Context

[Tree] (config>service>vprn>mvpn>rpf-select>core-mvpn group-prefix)

Full Context

configure service vprn mvpn rpf-select core-mvpn group-prefix

Description

This command configures multicast group IPv4 prefixes for the MVPN with per-group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored.

When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.

The no form of this command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.

Parameters

ip-address/mask

Specifies the IPv4 multicast address prefix with mask. Up to 8 addresses can be specified in a single statement.

Platforms

All

group-prefix

Syntax

group-prefix ip-address/mask [ ip-address/mask...(up to 8 max)] [starg]

group-prefix any

no group-prefix ip-address/mask

no group-prefix any

Context

[Tree] (config>service>vprn>pim>rpf-select>grt-extranet group-prefix)

Full Context

configure service vprn pim rpf-select grt-extranet group-prefix

Description

This command configures multicast group IPv4 prefixes for the multicast GRT/VRF with per group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored. Operator can either configure specific groups for extranet or specify all groups by using key-word any. The two options are mutually exclusive in configuration.

When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.

The no form of this command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.

Parameters

ip-address/mask

Specifies the IPv4 multicast address prefix with mask.

group-prefix

Syntax

[no] group-prefix grp-ipv6-address/prefix-length

Context

[Tree] (config>service>vprn>pim>rp>ipv6>static group-prefix)

Full Context

configure service vprn pim rp ipv6 static group-prefix

Description

The group-prefix for a static-rp defines a range of multicast-ip-addresses for which this static RP is applicable.

The no form of this command removes the criterion.

Parameters

grp-ipv6-address

Specifies the multicast IPv6 address.

prefix-length

Specifies the address prefix length.

Values

grp-ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[8 to 128]

Platforms

All

group-prefix

Syntax

[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}

Context

[Tree] (config>service>vprn>pim>rp>static group-prefix)

Full Context

configure service vprn pim rp static group-prefix

Description

The group-prefix for a static-rp defines a range of multicast-ip-addresses for which a certain RP is applicable.

The no form of this command removes the criterion.

Parameters

grp-ip-address

Specifies the multicast IP address.

mask

Defines the mask of the multicast-ip-address.

Values

4 to 32

netmask

The subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

Platforms

All

group-prefix

Syntax

[no] group-prefix grp-ipv6-address/prefix-length

Context

[Tree] (config>router>pim>rp>ipv6>static>address group-prefix)

[Tree] (config>router>pim>rp>static>address group-prefix)

Full Context

configure router pim rp ipv6 static address group-prefix

configure router pim rp static address group-prefix

Description

This command specifies the range of multicast group addresses which should be used by the router as the Rendezvous Point (RP). The config>router>pim>rp>static> address a.b.c.d implicitly defaults to deny all for all multicast groups (224.0.0.0/4). A group-prefix must be specified for that static address. This command does not apply to the whole group range.

The no form of this command removes the group-prefix from the configuration.

Parameters

grp-ipv6-address

Specifies the multicast group IPv6 address expressed in dotted decimal notation.

Values

grp-ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0..FFFF]H

d [0..255]D

prefix-length

Specifies the prefix length of the IPv6 address.

Values

8 to 128

Platforms

All

group-range

group-range

Syntax

[no] group-range {ipv6-address/prefix-length}

Context

[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate group-range)

[Tree] (config>service>vprn>pim>rp>ipv6>embedded-rp group-range)

Full Context

configure service vprn pim rp ipv6 rp-candidate group-range

configure service vprn pim rp ipv6 embedded-rp group-range

Description

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

The no form of this command removes the group address or range of group addresses for which this router can be the RP from the configuration.

Parameters

ipv6-address

Specifies the addresses or address ranges that this router can be an RP.

prefix-length

Specifies the address prefix length.

Values

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[8 to 128] // for embedded-rp

prefix-length

[16 to 128] // for rp-candidate

Platforms

All

group-range

Syntax

[no] group-range {ip-prefix/mask | ip-prefix netmask}

Context

[Tree] (config>service>vprn>pim>rp>rp-candidate group-range)

[Tree] (config>service>vprn>pim>ssm group-range)

Full Context

configure service vprn pim rp rp-candidate group-range

configure service vprn pim ssm-groups group-range

Description

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Parameters

ip-prefix

Specifies the addresses or address ranges that this router can be an RP.

Values

ipv4-prefix - a.b.c.d ipv4-prefix-le - [0 to 32] ipv6-prefix - x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x - [0 to FFFF]H d - [0 to 255]D ipv6-prefix-le - [0 to 128]

mask

Specifies the address mask with the address to define a range of addresses.

netmask

Specifies the subnet mask in dotted decimal notation.

Values

:a.b.c.d (network bits all 1 and host bits all 0)

Platforms

All

group-range

Syntax

[no] group-range ipv6-address/prefix-length

Context

[Tree] (config>router>pim>rp>ipv6>rp-candidate group-range)

[Tree] (config>router>pim>rp>ipv6>embedded-rp group-range)

Full Context

configure router pim rp ipv6 rp-candidate group-range

configure router pim rp ipv6 embedded-rp group-range

Description

This command defines which multicast groups can embed RP address information besides FF70::/12. Embedded RP information is only used when the multicast group is in FF70::/12 or the configured group range.

The no form of this command removes the parameter from the

Parameters

ipv6-address/prefix-length

Specifies the group range for embedded RP.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

    prefix-length: 16 to 128

Platforms

All

group-range

Syntax

[no] group-range {grp-ip-address/mask | grp-ip-address netmask}

Context

[Tree] (config>router>pim>rp>rp-candidate group-range)

Full Context

configure router pim rp rp-candidate group-range

Description

This command configures the address ranges of the multicast groups for which this router can be an RP.

The no form of this commands removes the parameter from the configuration.

Parameters

grp-ip-address

Specifies the multicast group IP address expressed in dotted decimal notation.

Values

224.0.0.0 to 239.255.255.255

mask

Specifies the mask associated with the IP prefix expressed as a mask length or in dotted decimal notation; for example, /16 for a sixteen-bit mask. The mask can also be entered in dotted decimal notation (255.255.0.0).

Values

4 to 32

netmask

Specifies the subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

Platforms

All

group-range

Syntax

[no] group-range {ip-prefix/mask | ip-prefix netmask}

Context

[Tree] (config>router>pim>ssm-groups group-range)

Full Context

configure router pim ssm-groups group-range

Description

This command configures the address ranges of the multicast groups for this router. When there are parameters present, the command configures the SSM group ranges for IPv6 addresses and netmasks.

The no form of this command removes the parameter from the configuration.

Parameters

ip-prefix/mask

Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area ipv6-prefix.

Values

ipv4-prefix:

  • a.b.c.d

ipv4-prefix-le: 0 to 32

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

ipv6-prefix-le: 0 to 128

Values

0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

netmask

Specifies the subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

Platforms

All

group-session-limit

group-session-limit

Syntax

group-session-limit session-limit

group-session-limit unlimited

no group-session-limit

Context

[Tree] (config>router>l2tp group-session-limit)

[Tree] (config>service>vprn>l2tp group-session-limit)

Full Context

configure router l2tp group-session-limit

configure service vprn l2tp group-session-limit

Description

This command configures the session limit. The value controls how many L2TP session will be allowed within a given context (system, group, tunnel).

The no form of this command removes the session limit value from the configuration.

Default

no group-session-limit

Parameters

session-limit

Specifies the allowed number of sessions within the given context.

Values

1 to 250000

unlimited

Specifies to use the maximum number of sessions available.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

grp-if-query-src-ip

grp-if-query-src-ip

Syntax

grp-if-query-src-ip ip-address

no grp-if-query-src-ip

Context

[Tree] (config>service>vprn>igmp grp-if-query-src-ip)

Full Context

configure service vprn igmp grp-if-query-src-ip

Description

This command configures the query source IP address for all group interfaces.

The no form of this command removes the IP address.

Platforms

All

grp-if-query-src-ip

Syntax

grp-if-query-src-ip ip-address

no grp-if-query-src-ip

Context

[Tree] (config>router>igmp grp-if-query-src-ip)

Full Context

configure router igmp grp-if-query-src-ip

Description

This command configures the query source IP address for all group interfaces.

The no form of the command removes the IP address.

Parameters

ip-address

Sets the query source IP address.

Platforms

All

grp-if-query-src-ip

Syntax

grp-if-query-src-ip ipv6-address

no grp-if-query-src-ip

Context

[Tree] (config>router>mld grp-if-query-src-ip)

Full Context

configure router mld grp-if-query-src-ip

Description

This command configures the query source IPv6 address for all group interfaces.

The no form of this command removes the IP address.

Parameters

ipv6-address

Sets the source IPv6 address for all group interfaces. The address can be up to 64 characters. The source address should be link local.

Platforms

All

grp-range

grp-range

Syntax

[no] grp-range start end

Context

[Tree] (config>service>vprn>igmp>ssm-translate grp-range)

Full Context

configure service vprn igmp ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters

start

An IP address that specifies the start of the group range.

end

An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

All

grp-range

Syntax

[no] grp-range start end

Context

[Tree] (config>service>vprn>mld>ssm-translate grp-range)

Full Context

configure service vprn mld ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters

start

An IP address that specifies the start of the group range.

end

An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

All

grp-range

Syntax

[no] grp-range start end

Context

[Tree] (config>router>igmp>if>ssm-translate grp-range)

[Tree] (config>router>igmp>ssm-translate grp-range)

Full Context

configure router igmp interface ssm-translate grp-range

configure router igmp ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters

start

An IP address that specifies the start of the group range.

end

An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

All

grp-range

Syntax

[no] grp-range start end

Context

[Tree] (config>router>mld>ssm-translate grp-range)

[Tree] (config>router>mld>if>ssm-translate grp-range)

Full Context

configure router mld ssm-translate grp-range

configure router mld interface ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

The no form of this command removes the start and end ranges from the configuration.

Parameters

start

Specifies an IP address for the start of the group range.

end

Specifies an IP address for the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

All

grpc

grpc

Syntax

[no] grpc

Context

[Tree] (debug>system grpc)

Full Context

debug system grpc

Description

This command enables the debug context for gRPC.

The no form of this command removes any debug activation within the gRPC context.

Platforms

All

grpc

Syntax

grpc

Context

[Tree] (config>system>security>management-interface grpc)

Full Context

configure system security management-interface grpc

Description

Commands in this context configure hash-control for the gRPC interface.

Platforms

All

grpc

Syntax

grpc

Context

[Tree] (config>system>security>profile grpc)

Full Context

configure system security profile grpc

Description

Commands in this context configure a specific gRPC security profile.

Platforms

All

grpc

Syntax

grpc

Context

[Tree] (config>system grpc)

[Tree] (admin>system>telemetry grpc)

Full Context

configure system grpc

admin system telemetry grpc

Description

Commands in this context configure gRPC parameters.

Platforms

All

grpc-tunnel

grpc-tunnel

Syntax

grpc-tunnel

Context

[Tree] (config>system grpc-tunnel)

Full Context

configure system grpc-tunnel

Description

Commands in this context configure the GRPC tunnel.

Platforms

All

grt

grt

Syntax

[no] grt

Context

[Tree] (config>service>vprn>static-route-entry grt)

Full Context

configure service vprn static-route-entry grt

Description

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default

no grt

Platforms

All

grt-extranet

grt-extranet

Syntax

[no] grt-extranet

Context

[Tree] (config>service>vprn>pim grt-extranet)

Full Context

configure service vprn pim grt-extranet

Description

Commands in this context configure GRT/VRF extranet for this MVPN instance.

Platforms

All

grt-lookup

grt-lookup

Syntax

grt-lookup

Context

[Tree] (config>service>vprn grt-lookup)

Full Context

configure service vprn grt-lookup

Description

Commands in this context configure all Global Route Table (GRT) leaking commands. If all the supporting commands in the context are removed, this command is also removed.

Platforms

All

gsmp

gsmp

Syntax

gsmp

Context

[Tree] (config>service>vpls gsmp)

[Tree] (config>service>vprn gsmp)

Full Context

configure service vpls gsmp

configure service vprn gsmp

Description

Commands in this context configure General Switch Management Protocol (GSMP) connections maintained in this service.

Platforms

All

gtm

gtm

Syntax

gtm

Context

[Tree] (config>router gtm)

Full Context

configure router gtm

Description

Commands in this context configure GTM parameters.

Platforms

All

gtm

Syntax

gtm

Context

[Tree] (config>router>pim gtm)

Full Context

configure router pim gtm

Description

Commands in this context configure GTM parameters.

Platforms

All

gtm

Syntax

gtm

Context

[Tree] (config>router>pim gtm)

Full Context

configure router pim gtm

Description

Commands in this context configure GTM parameters.

Platforms

All

gtp

gtp

Syntax

gtp

Context

[Tree] (config>router gtp)

[Tree] (config>service>vprn gtp)

Full Context

configure router gtp

configure service vprn gtp

Description

Commands in this context configure GTP parameters for the routing context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp

Syntax

gtp

Context

[Tree] (config>subscr-mgmt gtp)

Full Context

configure subscriber-mgmt gtp

Description

Commands in this context configure box-wide GTP parameters and profiles.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp

Syntax

gtp

Context

[Tree] (debug gtp)

Full Context

debug gtp

Description

Commands in this context configure debugging for GTP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp

Syntax

[no] gtp

Context

[Tree] (config>service>vprn>wlan-gw gtp)

Full Context

configure service vprn wlan-gw gtp

Description

Commands in this context configure distributed GTP parameters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp

Syntax

gtp

Context

[Tree] (config>app-assure>group gtp)

Full Context

configure application-assurance group gtp

Description

Commands in this context configure GTP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp

Syntax

[no] gtp

Context

[Tree] (config>sys>security>cpu-protection>ip>included-protocols gtp)

Full Context

configure system security cpu-protection ip-src-monitoring included-protocols gtp

Description

This command includes the extracted IPV4 GTP packets for ip-src-monitoring. IPv4 GTP packets will be subject to the per-source-rate of CPU protection policies.

Default

no gtp

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

gtp-authorized

gtp-authorized

Syntax

[no] gtp-authorized

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state gtp-authorized)

Full Context

configure subscriber-mgmt wlan-gw ue-query state gtp-authorized

Description

This command enables matching on UEs in a GTP-authorized state.

The no form of this command disables matching on UEs in a GTP-authorized state, unless all state matching is disabled.

Default

no gtp-authorized

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-change

gtp-change

Syntax

gtp-change

Context

[Tree] (config>subscr-mgmt>acct-plcy>triggered-updates gtp-change)

Full Context

configure subscriber-mgmt radius-accounting-policy triggered-updates gtp-change

Description

Commands in this context configure which GTP-related changes trigger an interim accounting update.

This command is mutually exclusive with the legacy gtp-mobility command, which triggers interim accounting updates for all changes.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-filter

gtp-filter

Syntax

gtp-filter gtp-filter-name

no gtp-filter

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action gtp-filter)

Full Context

configure application-assurance group policy app-qos-policy entry action gtp-filter

Description

This command assigns an existing GTP filter as an action on flows matching this AQP entry.

The no form of this command removes this GTP filter from actions on flows matching this AQP entry.

Default

no gtp-filter

Parameters

gtp-filter-name

Specifies the name of an existing GTP filter for this application assurance profile. The gtp-filter-name is configured in the config>app-assure>group[:partition]>gtp>gtp-filter context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-filter

Syntax

gtp-filter filter-name

Context

[Tree] (config>app-assure>group>statistics>tca gtp-filter)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter

Description

This command configures TCA generation for a GTP filter.

Parameters

filter-name

Specifies the name of the GTP filter, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-filter

Syntax

gtp-filter gtp-filter-name [create]

no gtp-filter gtp-filter-name

Context

[Tree] (config>app-assure>group>gtp gtp-filter)

Full Context

configure application-assurance group gtp gtp-filter

Description

This command allows AA to treat traffic on UDP port number 2152 as GTP-u. Without further specifying any other parameters within this GTP context, AA performs basic GTP-u header sanity checks and discards packets that are malformed. This GTP context allows the operator to configure various GTP filters (maximum of 128 GTP filters).

Parameters

gtp-filter-name

Specifies a GTP filter name, up to 32 characters.

create

Keyword used to create the GTP filter name and parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-filter-stats

gtp-filter-stats

Syntax

[no] gtp-filter-stats

Context

[Tree] (config>app-assure>group>statistics>aa-admit-deny gtp-filter-stats)

Full Context

configure application-assurance group statistics aa-admit-deny gtp-filter-stats

Description

This command configures whether to include or exclude GTP filter admit-deny statistics in accounting records.

Default

no gtp-filter-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-in-gtp

gtp-in-gtp

Syntax

gtp-in-gtp direction direction [create]

no gtp-in-gtp direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-filter gtp-in-gtp)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter gtp-in-gtp

Description

This command configures a TCA for the counter capturing drops due to the GTP filter GTP-in-GTP packet check. A gtp-in-gtp drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a gtp-in-gtp TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-in-gtp

Syntax

gtp-in-gtp

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr gtp-in-gtp)

Full Context

configure application-assurance group gtp gtp-filter gtp-in-gtp

Description

This command configures GTP-in-GTP packet filtering.

Default

gtp-in gtp permit

Parameters

permit | deny

Specifies the action to take for GTP packets that are encapsulated in GTP (GTP-in-GTP).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-local-breakout

gtp-local-breakout

Syntax

gtp-local-breakout

Context

[Tree] (config>filter>ip-filter>entry>action gtp-local-breakout)

Full Context

configure filter ip-filter entry action gtp-local-breakout

Description

This command specifies the filter entry action to gtp-local-breakout.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-parameters

gtp-parameters

Syntax

gtp-parameters

Context

[Tree] (config>service>ies>sub-if>grp-if gtp-parameters)

[Tree] (config>service>vprn>sub-if>grp-if gtp-parameters)

Full Context

configure service ies subscriber-interface group-interface gtp-parameters

configure service vprn subscriber-interface group-interface gtp-parameters

Description

Commands in this context configure GTP parameters. The configuration of parameters under this context is only allowed when the group interface is created with the GTP parameter specified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gtp-peer-clear-timeout

gtp-peer-clear-timeout

Syntax

gtp-peer-clear-timeout seconds

no gtp-peer-clear-timeout

Context

[Tree] (config>service>vprn>wlan-gw>dsm gtp-peer-clear-timeout)

Full Context

configure service vprn wlan-gw dsm gtp-peer-clear-timeout

Description

This command configures a GTP peer cleanup timeout to terminate a handover wait state.

Parameters

seconds

Specifies a GTP peer cleanup timeout, in seconds, to terminate a handover wait state.

Values

0 to 3600

gtp-ping

gtp-ping

Syntax

gtp-ping gtp-interface [router router-instance] [source ip-address] destination ip-address udp-port port-number [retry-count count] [time-out timeout]

Context

[Tree] (oam gtp-ping)

Full Context

oam gtp-ping

Description

This command verifies whether a GTPv2 peer is reachable and correctly responds to GTPv2-C Echo Request messages. This command can be executed if no peering exists for the specified peer.

Parameters

gtp-interface

Specifies the GTP interface where the echo is sent.

Values

s11, s1u, gnc, gnu, s2bc, s2bu, s2ac, s2au

router-instance

Specifies the router or VRF in which the GTP echo is sent.

Values

router-name — Base, management

vprn-svc-id — 1 to 2147483647

Default

Base

source ip-address

Specifies the source IP address to be used in the GTP ping.

Values

a.b.c.d

destination ip-address

Specifies the destination IP address to be used in the GTP ping.

Values

a.b.c.d

port-number

Specifies the port number to be used. Suggested port numbers are 2123 (GTP-C) or 2152 (GTP-U).

Values

1 to 65535

count

Specifies the number of echo message requests before the peer is considered unreachable.

Values

1 to 100

Default

1

timeout

Specifies the timeout, in seconds, of a single echo message.

Values

1 to 10

Default

5

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-sanity-drop

gtp-sanity-drop

Syntax

gtp-sanity-drop direction direction [create]

no gtp-sanity-drop direction direction

Context

[Tree] (config>app-assure>group>statistics>tca gtp-sanity-drop)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-sanity-drop

Description

This command configures a TCA for the counter capturing drops due to basic GTP header sanity checks, such as validating that the GTP-U version is 1 and that the protocol bit is set to 1 for UDP traffic destined to port 2152. A GTP sanity drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a default action TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-traffic

gtp-traffic

Syntax

[no] gtp-traffic

Context

[Tree] (config>app-assure>group>policer gtp-traffic)

Full Context

configure application-assurance group policer gtp-traffic

Description

This command provides a mechanism to configure a policer to function at the GTP tunnel level. GTP tunnels are defined by a TEID and destination IP address as oppose to normal flows that are defined by IP 5 tuple values. By setting this value, the policer then can be used to limit GTP traffic (SeGW GTP firewall application).

The no form of this command resets policer behavior to act at the normal 5 tuple flow level and not at the GTP tunnel level.

Default

no gtp-traffic

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-tunnel-database

gtp-tunnel-database

Syntax

gtp-tunnel-database

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr gtp-tunnel-database)

Full Context

configure application-assurance group gtp gtp-filter gtp-tunnel-database

Description

Commands in this context configure GTP advanced firewall functions (such as validating GTP tunnels, sequence numbers, source IP addresses).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-tunnel-database

Syntax

gtp-tunnel-database size

Context

[Tree] (config>isa>aa-grp>shr-res-pool gtp-tunnel-database)

Full Context

configure isa application-assurance-group shared-resources gtp-tunnel-database

Description

This command configures the allocation of memory resources required for stateful GTP firewall deployment on 3GPP S5/S8/Gn/Gp interfaces.

Default

gtp-tunnel-database 0

Parameters

size

Specifies the percentage of allocated memory resources.

Values

0 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtp-user

gtp-user

Syntax

gtp-user

Context

[Tree] (debug>oam>build-packet>packet>field-override>header gtp-user)

[Tree] (config>test-oam>build-packet>header gtp-user)

Full Context

debug oam build-packet packet field-override header gtp-user

configure test-oam build-packet header gtp-user

Description

This command causes the associated header to be defined as a GTP user header template and enables the context to define the GTP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

gtp-user-name

gtp-user-name

Syntax

gtp-user-name {imsi | imsi-apn | msisdn | msisdn-apn}

no gtp-user-name

Context

[Tree] (config>subscr-mgmt>auth-plcy gtp-user-name)

Full Context

configure subscriber-mgmt authentication-policy gtp-user-name

Description

This command configures the username used to authenticate an FWA session. If a PAP message is present in the PCO IE of the Create Session request, the system uses that for authentication instead of the format specified for this command. If you specify a format that includes APN, the separator is an @ character; for example, msisdn@apn.

The no form of this command reverts to the default.

Default

gtp-user-name imsi

Parameters

imsi

Specifies to use IMSI as the username.

imsi-apn

Specifies to use IMSI and APN as the username; for example, imsi@apn.

msisdn

Specifies to use MSISDN as the username.

msisdn-apn

Specifies to use MSISDN and APN as the username; for example, msisdn@apn.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gtpc-inspection

gtpc-inspection

Syntax

[no] gtpc-inspection

Context

[Tree] (config>app-assure>group>gtp gtpc-inspection)

Full Context

configure application-assurance group gtp gtpc-inspection

Description

This command configures the inspection of GTP-C packets. This is relevant only when AA GTP FW is deployed on S8/S5/Gp/Gn interfaces. The gtpc-inspection command must be enabled before configuring related features, such as APN filtering, GTP tunnel validation, message-type-v2 filtering, sequence number validation, SRC IP validation.

The no form of this command disables GTP-C packet inspection.

Default

no gtpc-inspection

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gtpv1-c

gtpv1-c

Syntax

gtpv1-c type direction {ingress | egress} script [script]

no gtpv1-c type direction {ingress | egress}

Context

[Tree] (config>python>py-policy gtpv1-c)

Full Context

configure python python-policy gtpv1-c

Description

This command configures a Python script for the specified GTPv1-C message type in the specified direction.

The no form of this command reverts to the default.

Parameters

type

Specifies the message type.

Values

echo-request, echo-response, version-not-supported, create-pdp-context-request, create-pdp-context-response, delete-pdp-context-request, delete-pdp-context-response, error-indication

direction {ingress | egress}

Specifies if the message is incoming or outgoing.

script

Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.

Platforms

All

gtpv2-c

gtpv2-c

Syntax

gtpv2-c type direction {ingress | egress} script [script]

no gtpv2-c type direction {ingress | egress}

Context

[Tree] (config>python>py-policy gtpv2-c)

Full Context

configure python python-policy gtpv2-c

Description

This command configures a Python script for the specified GTPv2-C message type in the specified direction.

The no form of this command reverts to the default.

Parameters

type

Specifies the message type

Values

echo-request, echo-response, version-not-supported, create-session-request, create-session-response, delete-session-request, delete-session-response, delete-bearer-request, delete-bearer-response, modify-bearer-request, modify-bearer-response, release-access-bearers-request, release-access-bearers-response, downlink-data-notification, downlink-data-notification-ack, change-notification-request, change-notification-response, stop-paging-indication

direction {ingress | egress}

Specifies if the message is incoming or outgoing.

script

Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.

Platforms

All

guard-time

guard-time

Syntax

guard-time time

no guard-time

Context

[Tree] (config>eth-ring guard-time)

Full Context

configure eth-ring guard-time

Description

This command configures the guard time for an Eth-Ring. The guard timer is standard and is configurable from "x” ms to 2 seconds.

The no form of this command restores the default guard-time.

Default

no guard-time

Parameters

value

Specifies the guard-time, in deciseconds.

Values

1 to 20

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

gw-address-range

gw-address-range

Syntax

gw-address-range start start end end

no gw-address-range

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>evpn>export gw-address-range)

Full Context

configure subscriber-mgmt isa-service-chaining evpn export gw-address-range

Description

This command specifies the address range to be used for the gateway IP address field in EVPN type-5 routes that are advertised for configured NAT pools, to the peer for service-chaining. The system allocates one address for each ISA in the NAT group out of the specified range.

The no form of this command removes the values from the configuration.

Parameters

start

Specifies the starting gateway address range (V4) for this EVPN service.

Values

ipv4-address: a.b.c.d

end

Specifies the ending gateway address range (V4) for this EVPN service.

Values

ipv4-address: a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

gw-addresses

gw-addresses

Syntax

gw-addresses

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw gw-addresses)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw gw-addresses)

Full Context

configure service ies subscriber-interface group-interface wlan-gw gw-addresses

configure service vprn subscriber-interface group-interface wlan-gw gw-addresses

Description

This command specifies gateway endpoint address for the wlan-gw tunnel.

The no form of this command removes the gateway ipv4 or IPv6 endpoint address for the wlan-gw tunnel.

Parameters

ip-address

Specifies the IP address of the wlan-gw tunnels on this group interface.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

gw-mac

gw-mac

Syntax

gw-mac mac-address

no gw-mac

Context

[Tree] (config>service>vprn>sub-if>grp-if>srrp gw-mac)

Full Context

configure service vprn subscriber-interface group-interface srrp gw-mac

Description

This command overrides the default SRRP gateway MAC address used by the SRRP instance. Unless specified, the system uses the same base MAC address for all SRRP instances with the last octet overridden by the lower 8 bits of the SRRP instance ID. The same SRRP gateway MAC address should be in-use by both the local and remote routers participating in the same SRRP context.

One reason to change the default SRRP gateway MAC address is if two SRRP instances sharing the same broadcast domain are using the same SRRP gateway MAC. The system will use the SRRP instance ID to separate the SRRP messages (by ignoring the messages that does not match the local instance ID), but a unique SRRP gateway MAC is essential to separate the routed packets for each gateway IP address.

The no form of this command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.

Parameters

mac-address

Specifies a MAC address that is used to override the default SRRP base MAC address.

Values

Any MAC address except all zeros, broadcast or multicast addresses. The offset is expressed in normal Ethernet MAC address notation. The defined gw-mac cannot be 00:00:00:00:00:00, ff:ff:ff:ff:ff:ff or any multicast address.

If not specified, the system uses the default SRRP gateway MAC address with the last octet set to the 8 least significant bits of the SRRP instance ID.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gw-mac

Syntax

gw-mac mac-address

no gw-mac

Context

[Tree] (config>service>ies>sub-if>grp-if>srrp gw-mac)

Full Context

configure service ies subscriber-interface group-interface srrp gw-mac

Description

This command overrides the default SRRP gateway MAC address used by the SRRP instance. Unless specified, the system uses the same base MAC address for all SRRP instances with the last octet overridden by the lower 8 bits of the SRRP instance ID. The same SRRP gateway MAC address should be in-use by both the local and remote routers participating in the same SRRP context.

One reason to change the default SRRP gateway MAC address is if two SRRP instances sharing the same broadcast domain are using the same SRRP gateway MAC. The system will use the SRRP instance ID to separate the SRRP messages (by ignoring the messages that does not match the local instance ID), but a unique SRRP gateway MAC is essential to separate the routed packets for each gateway IP address.

The no form of this command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.

Parameters

mac-address

Specifies a MAC address that is used to override the default SRRP base MAC address.

Values

Any MAC address except all zeros, broadcast or multicast addresses. The offset is expressed in normal Ethernet MAC address notation. The defined gw-mac cannot be 00:00:00:00:00:00, ff:ff:ff:ff:ff:ff or any multicast address.

If not specified, the system uses the default SRRP gateway MAC address with the last octet set to the 8 least significant bits of the SRRP instance ID.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gx

gx

Syntax

gx

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy gx)

Full Context

configure subscriber-mgmt diameter-application-policy gx

Description

Commands in this context configure Gx parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gx-session-level-usage

gx-session-level-usage

Syntax

[no] gx-session-level-usage

Context

[Tree] (config>subscr-mgmt>cat-map gx-session-level-usage)

Full Context

configure subscriber-mgmt category-map gx-session-level-usage

Description

This command controls the instantiation of an internal category required for Diameter Gx session level Usage Monitoring (per IP-CAN session).

When configured, Gx session level Usage Monitoring can be enabled for sessions associated with this category map.

The internal category for Gx session level Usage Monitoring is counted against the maximum of sixteen categories that can be configured.

When not configured (default), then no internal category is instantiated and Gx session level Usage Monitoring cannot be enabled for sessions associated with this category map.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

gy

gy

Syntax

gy

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy gy)

Full Context

configure subscriber-mgmt diameter-application-policy gy

Description

Commands in this context configure Diameter Credit Control Application or Gy-specific options.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR