g Commands
garp-flood-evpn
garp-flood-evpn
Syntax
[no] garp-flood-evpn
Context
[Tree] (config>service>vpls>proxy-arp garp-flood-evpn)
Full Context
configure service vpls proxy-arp garp-flood-evpn
Description
This command controls whether the system floods GARP-requests and GARP-replies to the EVPN. The GARPs impacted by this command are identified by the sender's IP being equal to the target's IP and the MAC DA being broadcast.
The no form of the command only floods to local SAPs or binds but not to EVPN destinations.
Disabling this command is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood GARP messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.
Default
garp-flood-evpn
Platforms
All
gateway
gateway
Syntax
gateway name name tunnel ip-address[:port] [nat-ip nat-ip[:port]] [detail] [no-dpd-debug] [ display-keys]
no gateway name name tunnel ip-address[:port] [nat-ip nat-ip[:port]
gateway name name tunnel-subnet ip-prefix/ip-prefix-length [port port] [detail] [no-dpd-debug] [display-keys]
no gateway name name tunnel-subnet ip-prefix/ip-prefix-length
Context
[Tree] (debug>ipsec gateway)
Full Context
debug ipsec gateway
Description
This command enables debugging for dynamic IPsec tunnels that terminate on the specified IPsec gateway.
The tunnel to be debugged can be specified by either its source address or source subnet. If a subnet is specified, the system will enable debugging for all tunnels with source addresses in the specified subnet.
Parameters
- name
-
Specifies the name of the IPsec gateway up to 32 characters.
- ip-address:port
-
Specifies the tunnel IP address of the remote peer and, optionally, the remote UDP port of IKE.
- nat-ip:port
-
Specifies the inside IP address of the NAT tunnel and, optionally, the port.
- detail
-
Specifies to display detailed debug information.
- no-dpd-debug
-
Specifies to stop logging IKEv1 and IKEv2 DPD events during debug in order to produce less noise.
- ip-prefix/ip-prefix-length
-
Specifies the subnet of the peer’s tunnel address.
- display-keys
-
Specifies the IKE-SA and CHILD-SA keys for inclusion in the debug output.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gateway
Syntax
gateway [create]
no gateway
Context
[Tree] (config>mirror>mirror-dest>encap>layer-3-encap gateway)
Full Context
configure mirror mirror-dest encap layer-3-encap gateway
Description
This command configures the parameters to send the mirrored packets to a remote destination gateway. Once a gateway is created, no changes to the layer-3-encap type, router or direction-bit are allowed.
Platforms
All
gen-keypair
gen-keypair
Syntax
gen-keypair url-string curve {secp256r1 | secp384r1 | secp521r1}
gen-keypair url-string [size key-size] [type {rsa | dsa}]
Context
[Tree] (admin>certificate gen-keypair)
Full Context
admin certificate gen-keypair
Description
This command generates RSA, DSA, or ECDSA private key or public key pairs at the specified location.
Parameters
- url-string
-
Specifies the path of the key file.
- curve
-
Generates an ECDSA key with a specified curve.
- key-size
-
Specifies the key size in bits.
The minimum key-size is 1024 when running in FIPS-140-2 mode.
- type
-
Specifies the type of key.
Platforms
All
gen-local-cert-req
gen-local-cert-req
Syntax
gen-local-cert-req keypair url-string subject-dn subject-dn [domain-name name] [ip-addr ip-address] file cert-req-file-url [hash-alg hash-algorithm]
Context
[Tree] (admin>certificate gen-local-cert-req)
Full Context
admin certificate gen-local-cert-req
Description
This command generates a PKCS#10 formatted certificate request by using a local existing key pair file.
Parameters
- url-string
-
Specifies the name of the keyfile in cf3:\system-pki\key that is used to generate a certificate request.
- subject-dn
-
Specifies the distinguish name that is used as the subject in a certificate request, including:
-
C-Country
-
ST-State
-
O-Organization name
-
OU-Organization Unit name
-
CN-common name
This parameter is formatted as a text string including any of the above attributes. The attribute and its value is linked by using "=”, and ",” is used to separate different attributes.
For example: C=US,ST=CA,O=ALU,CN=SR12
-
- domain-name
-
Specifies a domain name string can be specified and included as the dNSName in the Subject Alternative Name extension of the certificate request.
- ip-address
-
Specifies an IPv4 address string can be specified and included as the ipAddress in the Subject Alternative Name extension of the certificate request.
- cert-req-file-url
-
Specifies the certificate URL. This URL could be either a local CF card path and filename to save the certificate request; or an FTP URL to upload the certificate request.
- hash-algorithm
-
Specifies the hash algorithm to be used in a certificate request.
Platforms
All
general-port
general-port
Syntax
general-port port-number
no general-port
Context
[Tree] (config>system>snmp general-port)
Full Context
configure system snmp general-port
Description
This command configures the port number used to receive SNMP request messages and send replies.
For the port used for SNMP notifications, configure the configure log snmp-trap-group trap-target port command.
The no form of the command reverts to the default value.
Default
general-port 161
Parameters
- port-number
-
Specifies the port number used to send SNMP traffic other than traps.
Platforms
All
generate-basic-fec-only
generate-basic-fec-only
Syntax
[no] generate-basic-fec-only
Context
[Tree] (config>router>ldp generate-basic-fec-only)
Full Context
configure router ldp generate-basic-fec-only
Description
This command enables mLDP to generate a basic FEC despite the actual root node being resolved using BGP. This functionality is useful if a connected router does not support the mLDP recursive FEC type.
This command only operates with recursive opaque type 7 FECs and non-recursive type 1 FECs.
The no form of the command causes mLDP to generate a recursive FEC if the actual root node is resolved using BGP.
Default
no generate-basic-fec-only
Platforms
All
generate-icmp
generate-icmp
Syntax
[no] generate-icmp
Context
[Tree] (config>service>vprn>static-route-entry>black-hole generate-icmp)
Full Context
configure service vprn static-route-entry black-hole generate-icmp
Description
This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.
This command can only be associated with a static route that has a black-hole next-hop
The no form of this command removes the black-hole next-hop from static route configuration.
Default
no generate-icmp
Platforms
All
generate-icmp
Syntax
[no] generate-icmp
Context
[Tree] (config>router>static-route-entry>black-hole generate-icmp)
Full Context
configure router static-route-entry black-hole generate-icmp
Description
This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.
This command can only be associated with a static route that has a blackhole next-hop
The no form of this command removes the black-hole nexthop from the static route configuration.
Default
no generate-icmp
Platforms
All
generate-traps
generate-traps
Syntax
[no] generate-traps
Context
[Tree] (config>system>network-element-discovery generate-traps)
Full Context
configure system network-element-discovery generate-traps
Description
This command configures whether traps are generated every time a node is updated, added, or removed from the OSPF opaque database (using LSA type 10 opaque update).
The no form of causes traps to not be generated for database changes.
Platforms
All
get
get
Syntax
[no] get
Context
[Tree] (config>service>nat>pcp-server-policy>opcode get)
Full Context
configure service nat pcp-server-policy opcode get
Description
This command enables/disables support for the get opcode.
Default
no get
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
get
Syntax
[no] get
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization get)
Full Context
configure system security profile netconf base-op-authorization get
Description
This command enables the NETCONF get operation.
The no form of this command disables the operation.
Default
no get
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
get-config
get-config
Syntax
[no] get-config
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization get-config)
Full Context
configure system security profile netconf base-op-authorization get-config
Description
This command enables the NETCONF get-config operation.
The no form of this command disables the operation.
Default
no get-config
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
get-data
get-data
Syntax
[no] get-data
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization get-data)
Full Context
configure system security profile netconf base-op-authorization get-data
Description
This command enables the NETCONF get-data operation.
The no form of this command disables the operation.
Default
no get-data
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
get-schema
get-schema
Syntax
[no] get-schema
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization get-schema)
Full Context
configure system security profile netconf base-op-authorization get-schema
Description
This command enables the NETCONF get-schema operation.
The no form of this command disables the operation.
Default
no get-schema
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
ggsn
ggsn
Syntax
ggsn
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile ggsn)
Full Context
configure subscriber-mgmt gtp peer-profile ggsn
Description
Commands in this context configure communication with a GGSN Mobile Gateway.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
ggsn-address
ggsn-address
Syntax
ggsn-address {ipv4 | ipv6}
no ggsn-address
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp ggsn-address)
Full Context
configure subscriber-mgmt diameter-application-policy gy include-avp ggsn-address
Description
The command includes the GGSN-Address AVP value in all Diameter DCCA CCR messages. The value is either the local IPv4 address or local IPv6 address used to set up the diameter peer.
The no form of this command removes the GGSN-Address AVP from the Diameter DCCA CCR messages.
Parameters
- ipv4 | ipv6
-
Specifies to include either the IPv4 or IPv6 address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gi-address
gi-address
Syntax
gi-address ip-address
no gi-address
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host gi-address)
Full Context
configure subscriber-mgmt local-user-db ipoe host gi-address
Description
This command allows selection of GI addresses based on the host entry in LUDB.
The gi-address must be a valid address (associated with an interface) within the routing context that received the DHCP message on the access side.
The no form of this command reverts to the default.
Parameters
- ip-address
-
Specifies the IPv4 gi-address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gi-address
Syntax
gi-address ip-address [src-ip-address]
no gi-address
Context
[Tree] (config>service>ies>sub-if>dhcp gi-address)
[Tree] (config>service>ies>if>dhcp gi-address)
[Tree] (config>service>vprn>sub-if>dhcp gi-address)
[Tree] (config>service>vprn>if>dhcp gi-address)
[Tree] (config>service>ies>sub-if>grp-if>dhcp gi-address)
Full Context
configure service ies subscriber-interface dhcp gi-address
configure service ies interface dhcp gi-address
configure service vprn subscriber-interface dhcp gi-address
configure service vprn interface dhcp gi-address
configure service ies subscriber-interface group-interface dhcp gi-address
Description
This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.
By default, the GI address used in the relayed DHCP packet is the primary IP address of a normal IES interface. Specifying the GI address allows the user to choose a secondary address. For group interfaces a GI address must be specified under the group interface DHCP context or subscriber-interface DHCP context in order for DHCP to function.
The no form of this command reverts to the default.
Parameters
- ip-address
-
Specifies the host IP address to be used for DHCP relay packets.
- src-ip-address
-
Specifies that this GI address is to be the source IP address for DHCP relay packets. This parameter is not applicable for PPPoE DHCP client messages (dhcp client-applications ppp).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface dhcp gi-address
- configure service ies subscriber-interface group-interface dhcp gi-address
- configure service ies subscriber-interface dhcp gi-address
All
- configure service vprn interface dhcp gi-address
- configure service ies interface dhcp gi-address
gi-address
Syntax
gi-address ip-address
no gi-address
Context
[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp gi-address)
[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp gi-address)
Full Context
configure service ies interface sap ipsec-gw dhcp gi-address
configure service vprn interface sap ipsec-gw dhcp gi-address
Description
This command specifies the gateway IP address of the DHCPv4 packets sent by the system. IPsec DHCP Relay uses only the gi-address configuration found under the IPsec gateway and does not take into account gi-address with src-ip-addr configuration below other interfaces.
Default
no gi-address
Parameters
- ip-address
-
Specifies the host IP address to be used for DHCP relay packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gi-address
Syntax
gi-address ip-address [src-ip-addr]
no gi-address
Context
[Tree] (config>router>if>dhcp gi-address)
Full Context
configure router interface dhcp gi-address
Description
This command configures the gateway interface address for the DHCP relay. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.
Default
no gi-address
Parameters
- ip-address
-
Specifies the host IP address to be used for DHCP relay packets.
- src-ip-addr
-
Uses the GI address as the source IP.
Platforms
All
global
global
Syntax
global file-url
no global
Context
[Tree] (config>system>login-control>login-scripts global)
Full Context
configure system login-control login-scripts global
Description
This command enables an operator to define a common CLI script that executes when any user logs into a CLI session. This login exec script is executed when any user (authenticated by any means including local user database, TACACS+, or RADIUS) opens a CLI session. This allows a user, for example, to define a common set of CLI aliases that are made available on the router for all users. This global login exec script is executed before any user-specific login exec files that may be configured.
This CLI script executes in the context of the user who opens the CLI session. Any commands in the script that the user is not authorized to execute will fail.
The no form of this command disables the execution of a global login-script.
Default
no global
Parameters
- file-url
-
The path or directory name.
Platforms
All
global-id
global-id
Syntax
global-id global-id
no global-id
Context
[Tree] (config>router>mpls>mpls-tp global-id)
Full Context
configure router mpls mpls-tp global-id
Description
This command configures the MPLS-TP Global ID for the node. This is used as the 'from’ Global ID used by MPLS-TP LSPs originating at this node. If a value is not entered, the Global ID is taken to be Zero. This is used if the global-id is not configured. If an operator expects that inter-domain LSPs will be configured, then it is recommended that the global ID should be set to the local ASN of the node, as configured under config>system. If two-byte ASNs are used, then the most significant two bytes of the global-id are padded with zeros.
In order to change the value of the global-id, config>router>mpls>mpls-tp must be in the shutdown state. This will bring down all of the MPLS-TP LSPs on the node. New values a propagated to the system when a no shutdown is performed.
Default
no global-id
Parameters
- global-id
-
Specifies the global ID for the node.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
global-sampling-rate
global-sampling-rate
Syntax
global-sampling-rate sampling-rate
no global-sampling-rate
Context
[Tree] (config>mirror global-sampling-rate)
Full Context
configure mirror global-sampling-rate
Description
This command configures the global sampling rate. The global sampling rate provides a higher sampling rate than the sampling rate specified on the mirror destination. The global sampling rate, when set, applies to all mirror destination services with the use-global-sampling-rate command configured.
The global sampling rate takes precedence over the sampling rate specified on a mirror destination. This means that when both the global-sampling-rate command and configure mirror mirror-dest sampling-rate command are configured under the same mirror destination, the system automatically samples using higher rate configured with the global-sampling-rate command and ignores the lower rate configured with the sampling-rate command.
The no form of this command removes all mirror destinations associated with the global sampling rate and causes all mirror destinations to mirror at the full rate, which means every packet is mirrored unless a mirror destination rate is specified. You must first remove the use-global-sampling-rate configuration, before you remove the global-sampling-rate configuration.
Default
no global-sampling-rate
Parameters
- sampling-rate
-
Specifies the global sampling rate. The highest global sampling rate is 1 out of 2 packets and the lowest rate is 1 out of 255. For example, when 2 is the configured rate, the mirror destination samples 1 out of every 2 packets, or equivalent to sampling 50% of packets.
Platforms
All
global-sid-entries
global-sid-entries
Syntax
global-sid-entries global-sid-entries
Context
[Tree] (conf>router>sr>srv6>micro-segment global-sid-entries)
Full Context
configure router segment-routing segment-routing-v6 micro-segment global-sid-entries
Description
This command configures the maximum number of unique micro-segment locators that can be configured network wide. The value is expressed as the number of multiples of 1024 and must be the same on every platform network wide.
Default
global-sid-entries 16
Parameters
- global-sid-entries
-
Specifies the maximum number of unique micro-segment locators.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
global-timeouts
global-timeouts
Syntax
global-timeouts
Context
[Tree] (config>system>management-interface>ops global-timeouts)
Full Context
configure system management-interface operations global-timeouts
Description
Commands in this context configure system timeout parameters for operational commands.
Timeout parameters provide default system-level control for various types of operational commands in model-driven interfaces. The timeout values are used when specific execution and retention timeouts are not requested for a specific operation.
Platforms
All
global-variables
global-variables
Syntax
global-variables
no global-variables
Context
[Tree] (config>router>policy-options global-variables)
Full Context
configure router policy-options global-variables
Description
This command enables the global-variables configuration context.
The no form of this command removes all global variables.
Platforms
All
gnmi
gnmi
Syntax
gnmi
Context
[Tree] (config>system>grpc gnmi)
Full Context
configure system grpc gnmi
Description
Commands in this context configure a gNMI service on gRPC.
Platforms
All
gnmi-capabilities
gnmi-capabilities
Syntax
gnmi-capabilities {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-capabilities)
Full Context
configure system security profile grpc rpc-authorization gnmi-capabilities
Description
This command permits the use of Capability RPC for a user associated with the given format.
The no form of this command reverts to the default value.
Default
gnmi-capabilities permit
Parameters
- permit
-
Specifies that the use of the Capability RPC is permitted.
- deny
-
Specifies that the use of the Capability RPC is denied.
Platforms
All
gnmi-get
gnmi-get
Syntax
gnmi-get {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-get)
Full Context
configure system security profile grpc rpc-authorization gnmi-get
Description
This command permits the use of Get RPC.
The no form of this command reverts to the default value.
Default
gnmi-get permit
Parameters
- permit
-
Specifies that the use of the Get RPC is permitted.
- deny
-
Specifies that the use of the Get RPC is denied.
Platforms
All
gnmi-set
gnmi-set
Syntax
gnmi-set {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-set)
Full Context
configure system security profile grpc rpc-authorization gnmi-set
Description
This command permits the use of Set RPC.
The no form of this command reverts to the default value.
Default
gnmi-set permit
Parameters
- permit
-
Specifies that the use of the Set RPC is permitted.
- deny
-
Specifies that the use of the Set RPC is denied.
Platforms
All
gnmi-subscribe
gnmi-subscribe
Syntax
gnmi-subscribe {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-subscribe)
Full Context
configure system security profile grpc rpc-authorization gnmi-subscribe
Description
This command permits the use of Subscribe RPC.
The no form of this command reverts to the default value.
Default
gnmi-subscribe permit
Parameters
- permit
-
Specifies that the use of the Subscribe RPC is permitted.
- deny
-
Specifies that the use of the Subscribe RPC is denied.
Platforms
All
gnoi-cert-mgmt-cangenerate
gnoi-cert-mgmt-cangenerate
Syntax
gnoi-cert-mgmt-cangenerate {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-cangenerate)
Full Context
configure system security profile grpc rpc-authorization gnoi-cert-mgmt-cangenerate
Description
This command permits the use of gNOI CanGenerateCSR RPCs for the user profile.
The no form of this command reverts to the default value.
Default
gnoi-cert-mgmt-cangenerate deny
Parameters
- permit
-
Specifies that the use of the gNOI CanGenerateCSR RPCs for the user profile is permitted.
- deny
-
Specifies that the use of the gNOI CanGenerateCSR RPCs for the user profile is denied.
Platforms
All
gnoi-cert-mgmt-getcert
gnoi-cert-mgmt-getcert
Syntax
gnoi-cert-mgmt-getcert {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-getcert)
Full Context
configure system security profile grpc rpc-authorization gnoi-cert-mgmt-getcert
Description
This command permits the use of gNOI GetCertificate RPCs for the user profile.
The no form of this command reverts to the default value.
Default
gnoi-cert-mgmt-getcert deny
Parameters
- permit
-
Specifies that the use of the gNOI GetCertificate RPCs for the user profile is permitted.
- deny
-
Specifies that the use of the gNOI GetCertificate RPCs for the user profile is denied.
Platforms
All
gnoi-cert-mgmt-install
gnoi-cert-mgmt-install
Syntax
gnoi-cert-mgmt-install {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-install)
Full Context
configure system security profile grpc rpc-authorization gnoi-cert-mgmt-install
Description
This command permits the use of gNOI Install RPCs for the user profile.
The no form of this command reverts to the default value.
Default
gnoi-cert-mgmt-install deny
Parameters
- permit
-
Specifies that the use of the gNOI Install RPCs for the user profile is permitted.
- deny
-
Specifies that the use of the gNOI Install RPCs for the user profile is denied.
Platforms
All
gnoi-cert-mgmt-revoke
gnoi-cert-mgmt-revoke
Syntax
gnoi-cert-mgmt-revoke {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-revoke)
Full Context
configure system security profile grpc rpc-authorization gnoi-cert-mgmt-revoke
Description
This command permits or denies the use of gNOI RevokeCertificates RPCs for the user profile.
The no form of this command reverts to the default value.
Default
gnoi-cert-mgmt-revoke deny
Parameters
- permit
-
Specifies that the use of gNOI RevokeCertificates RPCs for the user profile is permitted.
- deny
-
Specifies that the use of gNOI RevokeCertificates RPCs for the user profile is denied.
Platforms
All
gnoi-cert-mgmt-rotate
gnoi-cert-mgmt-rotate
Syntax
gnoi-cert-mgmt-rotate {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-rotate)
Full Context
configure system security profile grpc rpc-authorization gnoi-cert-mgmt-rotate
Description
This command permits the use of gNOI Rotate RPCs for the user profile.
Default
gnoi-cert-mgmt-rotate deny
Parameters
- permit
-
Specifies that the use of the gNOI Rotate RPCs for the user profile is permitted.
- deny
-
Specifies that the use of the gNOI Rotate RPCs for the user profile is denied.
Platforms
All
gnoi-file-get
gnoi-file-get
Syntax
gnoi-file-get {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-get)
Full Context
configure system security profile grpc rpc-authorization gnoi-file-get
Description
This command permits the use of gNOI File Get RPC for a file from a target location.
Default
gnoi-file-get permit
Parameters
- permit
-
Specifies that the use of the gNOI File Get RPC is permitted.
- deny
-
Specifies that the use of the gNOI File Get RPC is denied.
Platforms
All
gnoi-file-put
gnoi-file-put
Syntax
gnoi-file-put {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-put)
Full Context
configure system security profile grpc rpc-authorization gnoi-file-put
Description
This command permits the use of gNOI File Put RPC to write to a file on a target location.
Default
gnoi-file-put permit
Parameters
- permit
-
Specifies that the use of the gNOI File Put RPC is permitted.
- deny
-
Specifies that the use of the gNOI File Put RPC is denied.
Platforms
All
gnoi-file-remove
gnoi-file-remove
Syntax
gnoi-file-remove {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-remove)
Full Context
configure system security profile grpc rpc-authorization gnoi-file-remove
Description
This command permits the use of gNOI File Remove RPC to remove a file from the specified target location.
Default
gnoi-file-remove permit
Parameters
- permit
-
Specifies that the use of the gNOI File Remove RPC is permitted.
- deny
-
Specifies that the use of the gNOI File Remove RPC is denied.
Platforms
All
gnoi-file-stat
gnoi-file-stat
Syntax
gnoi-file-stat {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-stat)
Full Context
configure system security profile grpc rpc-authorization gnoi-file-stat
Description
This command permits the use of gNOI File Stat RPC to retrieve metadata for a file from the specified target location.
Default
gnoi-file-stat permit
Parameters
- permit
-
Specifies that the use of the gNOI File Stat RPC is permitted.
- deny
-
Specifies that the use of the gNOI File Stat RPC is denied.
Platforms
All
gnoi-file-transfertoremote
gnoi-file-transfertoremote
Syntax
gnoi-file-transfertoremote {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-transfertoremote)
Full Context
configure system security profile grpc rpc-authorization gnoi-file-transfertoremote
Description
This command permits the use of the gNOI File TransferToRemote RPC to transfer the file from the target node to a specified remote location.
Default
gnoi-file-transfertoremote permit
Parameters
- permit
-
Specifies that the use of the gNOI File TransferToRemote RPC is permitted.
- deny
-
Specifies that the use of the gNOI File TransferToRemote RPC is denied.
Platforms
All
gnoi-system-cancelreboot
gnoi-system-cancelreboot
Syntax
gnoi-system-cancelreboot {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-cancelreboot)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-cancelreboot
Description
This command permits the use of gNOI System CancelReboot RPC for a user-given profile.
Default
gnoi-system-cancelreboot deny
Parameters
- permit
-
Specifies that the use of gNOI System CancelReboot RPC is permitted.
- deny
-
Specifies that the use of gNOI System CancelReboot RPC is denied.
Platforms
All
gnoi-system-ping
gnoi-system-ping
Syntax
gnoi-system-ping {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-ping)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-ping
Description
This command permits the use of the gNOI Ping RPC to execute the ping command on the target node and stream back the results.
Default
gnoi-system-ping permit
Parameters
- permit
-
Specifies that the use of the gNOI Ping RPC is permitted.
- deny
-
Specifies that the use of the gNOI Ping RPC is denied.
Platforms
All
gnoi-system-reboot
gnoi-system-reboot
Syntax
gnoi-system-reboot {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-reboot)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-reboot
Description
This command permits the use of gNOI System Reboot RPC for a user-given profile.
The no form of this command reverts to the default value.
Default
gnoi-system-reboot deny
Parameters
- permit
-
Specifies that the use of gNOI System Reboot RPC is permitted.
- deny
-
Specifies that the use of gNOI System Reboot RPC is denied.
Platforms
All
gnoi-system-rebootstatus
gnoi-system-rebootstatus
Syntax
gnoi-system-rebootstatus {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-rebootstatus)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-rebootstatus
Description
This command permits the use of gNOI System RebootStatus RPC for a user-given profile.
The no form of this command reverts to the default value.
Default
gnoi-system-rebootstatus deny
Parameters
- permit
-
Specifies that the use of gNOI System RebootStatus RPC is permitted for a user-given profile.
- deny
-
Specifies that the use of gNOI System RebootStatus RPC is denied.
Platforms
All
gnoi-system-setpackage
gnoi-system-setpackage
Syntax
gnoi-system-setpackage {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-setpackage)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-setpackage
Description
This command permits the use of gNOI System SetPackage RPC for a user-given profile.
The no form of this command reverts to the default value.
Default
gnoi-system-setpackage deny
Parameters
- deny
-
Specifies that the use of gNOI System SetPackage RPC is denied.
- permit
-
Specifies that the use of gNOI System SetPackage RPC is permitted.
Platforms
All
gnoi-system-switchcontrolprocessor
gnoi-system-switchcontrolprocessor
Syntax
gnoi-system-switchcontrolprocessor {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-switchcontrolprocessor)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-switchcontrolprocessor
Description
This command permits the use of gNOI System SwitchControlProcessor RPC for a user-given profile.
The no form of this command reverts to the default value.
Default
gnoi-system-switchcontrolprocessor deny
Parameters
- deny
-
Specifies that the use of gNOI System SwitchControlProcessor RPC is denied.
- permit
-
Specifies that the use of gNOI System SwitchControlProcessor RPC is permitted.
Platforms
All
gnoi-system-time
gnoi-system-time
Syntax
gnoi-system-time {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-time)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-time
Description
This command permits the use of the gNOI Time RPC to return the current time on the target node.
Default
gnoi-system-time permit
Parameters
- permit
-
Specifies that the use of the gNOI Time RPC is permitted.
- deny
-
Specifies that the use of the gNOI Time RPC is denied.
Platforms
All
gnoi-system-traceroute
gnoi-system-traceroute
Syntax
gnoi-system-traceroute {permit | deny}
Context
[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-traceroute)
Full Context
configure system security profile grpc rpc-authorization gnoi-system-traceroute
Description
This command permits the use of the gNOI Traceroute RPC to execute the traceroute command on the target node and stream back the results.
Default
gnoi-system-traceroute permit
Parameters
- permit
-
Specifies that the use of the gNOI Traceroute RPC is permitted.
- deny
-
Specifies that the use of the gNOI Traceroute RPC is denied.
Platforms
All
gnss
gnss
Syntax
gnss
Context
[Tree] (config>port gnss)
Full Context
configure port gnss
Description
Commands in this context configure global navigation satellite systems (GNSS) port attributes for platforms that support one or more embedded GNSS receivers. This command is supported for use with the following ports:
- A/gnss (7750 SR FP5 single-slot platforms and slot A of 7750 SR-2e platforms)
- B/gnss (slot B of 7750 SR-2e platforms)
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se
gnss
Syntax
gnss
Context
[Tree] (config>system>sync-if-timing gnss)
Full Context
configure system sync-if-timing gnss
Description
Commands in this context configure parameters for system timing using global navigation satellite systems (GNSS) on platforms that support one or more embedded GNSS receivers.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se
goto
goto
Syntax
goto line
Context
[Tree] (candidate goto)
Full Context
candidate goto
Description
This command changes the edit point of the candidate configuration. The edit point is the point after which new commands are inserted into the candidate configuration as an operator navigates the CLI and issues commands in edit-cfg mode.
Parameters
- line
-
Indicates which line to change starting at the point indicated by the following options.
Platforms
All
gprs-negotiated-qos-profile
gprs-negotiated-qos-profile
Syntax
[no] gprs-negotiated-qos-profile
Context
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute gprs-negotiated-qos-profile)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute gprs-negotiated-qos-profile
Description
This command enables the inclusion of the 3GPP QoS specification in AAA protocols as signaled in the incoming GTP setup message.
The no form of this command disables the inclusion of the attribute.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gr-helper
gr-helper
Syntax
gr-helper [enable | disable]
Context
[Tree] (config>router>rsvp>if gr-helper)
Full Context
configure router rsvp interface gr-helper
Description
This command enables the RSVP Graceful Restart Helper feature.
The RSVP-TE Graceful Restart helper mode allows the SR OS based system (the helper node) to provide another router that has requested it (the restarting node) a grace period, during which the system will continue to use RSVP sessions to neighbors requesting the grace period. This is typically used when another router is rebooting its control plane but its forwarding plane is expected to continue to forward traffic based on the previously available Path and Resv states.
The user can enable Graceful Restart helper on each RSVP interface separately. When the GR helper feature is enabled on an RSVP interface, the node starts inserting a new Restart_Cap Object in the Hello packets to its neighbor. The restarting node does the same and indicates to the helper node the desired Restart Time and Recovery Time.
The GR Restart helper consists of a couple of phases. Once it loses Hello communication with its neighbor, the helper node enters the Restart phase. During this phase, it preserves the state of all RSVP sessions to its neighbor and waits for a new Hello message.
Once the Hello message is received indicating the restarting node preserved state, the helper node enters the recovery phase in which it starts refreshing all the sessions that were preserved. The restarting node will activate all the stale sessions that are refreshed by the helper node. Any Path state which did not get a Resv message from the restarting node once the Recovery Phase time is over is considered to have expired and is deleted by the helper node causing the proper Path Tear generation downstream.
The duration of the restart phase (recovery phase) is equal to the minimum of the neighbor’s advertised Restart Time (Recovery Time) in its last Hello message and the locally configured value of the max-restart (max-recovery) parameter.
When GR helper is enabled on an RSVP interface, its procedures apply to the state of both P2P and P2MP RSVP LSP to a neighbor over this interface.
Default
disable
Platforms
All
gr-helper-time
gr-helper-time
Syntax
gr-helper-time max-recovery recovery-interval max-restart restart-interval
no gr-helper-time
Context
[Tree] (config>router>rsvp gr-helper-time)
Full Context
configure router rsvp gr-helper-time
Description
This command configures the local values for the max-recovery and the max-restart intervals used in the RSVP Graceful Restart Helper feature.
The values are configured globally in RSVP but separate instances of the timers are applied to each RSVP interface that has the RSVP Graceful Restart Helper enabled.
The no version of this command re-instates the default value for the delay timer.
Default
gr-helper-time max-recovery 300 max-restart 120
Parameters
- recovery-interval
-
Specifies the max recovery interval value in seconds.
- restart-interval
-
Specifies the max restart interval value in seconds.
Platforms
All
grace
grace
Syntax
grace
Context
[Tree] (config>eth-ring>path>eth-cfm>mep grace)
[Tree] (config>eth-tunnel>path>eth-cfm>mep grace)
[Tree] (config>port>ethernet>eth-cfm>mep grace)
[Tree] (config>lag>eth-cfm>mep grace)
Full Context
configure eth-ring path eth-cfm mep grace
configure eth-tunnel path eth-cfm mep grace
configure port ethernet eth-cfm mep grace
configure lag eth-cfm mep grace
Description
Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grace
Syntax
grace
Context
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep grace)
[Tree] (config>service>ipipe>sap>eth-cfm>mep grace)
[Tree] (config>service>epipe>sap>eth-cfm>mep grace)
Full Context
configure service epipe spoke-sdp eth-cfm mep grace
configure service ipipe sap eth-cfm mep grace
configure service epipe sap eth-cfm mep grace
Description
Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grace
Syntax
grace
Context
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep grace)
[Tree] (config>service>vpls>eth-cfm>mep grace)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep grace)
[Tree] (config>service>vpls>sap>eth-cfm>mep grace)
Full Context
configure service vpls mesh-sdp eth-cfm mep grace
configure service vpls eth-cfm mep grace
configure service vpls spoke-sdp eth-cfm mep grace
configure service vpls sap eth-cfm mep grace
Description
Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grace
Syntax
grace
Context
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep grace)
[Tree] (config>service>ies>if>sap>eth-cfm>mep grace)
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep grace)
Full Context
configure service ies interface spoke-sdp eth-cfm mep grace
configure service ies interface sap eth-cfm mep grace
configure service ies subscriber-interface group-interface sap eth-cfm mep grace
Description
Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface sap eth-cfm mep grace
- configure service ies interface spoke-sdp eth-cfm mep grace
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm mep grace
grace
Syntax
grace
Context
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep grace)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep grace)
[Tree] (config>service>vprn>if>sap>eth-cfm>mep grace)
Full Context
configure service vprn interface spoke-sdp eth-cfm mep grace
configure service vprn subscriber-interface group-interface sap eth-cfm mep grace
configure service vprn interface sap eth-cfm mep grace
Description
Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface sap eth-cfm mep grace
- configure service vprn interface spoke-sdp eth-cfm mep grace
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm mep grace
grace
Syntax
grace
Context
[Tree] (config>router>if>eth-cfm>mep grace)
Full Context
configure router interface eth-cfm mep grace
Description
Commands in this context configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grace-tx-enable
grace-tx-enable
Syntax
[no] grace-tx-enable
Context
[Tree] (config>port>ethernet>efm-oam grace-tx-enable)
[Tree] (config>system>ethernet>efm-oam grace-tx-enable)
Full Context
configure port ethernet efm-oam grace-tx-enable
configure system ethernet efm-oam grace-tx-enable
Description
Enables the sending of grace for all the enabled EFM-OAM sessions on the node. Disabled by default at the system level and enabled by default at the port level. The combination of the system level and port level configuration will determine if the grace function is enabled on the individual ports. Both the system level and the port level must be enabled in order to support grace on a specific port. If either level is disabled, grace is not enabled on those ports. Enabling grace during an active ISSU or soft reset does not invoke the grace function for the active event.
When both grace-tx-enable and config>system>ethernet>efm-oam dying-gasp-tx-on-reset, config>port>ethernet>efm-oam dying-gasp-tx-on-reset are active on the same port, grace-tx-enable takes precedence when a soft reset is invoked if the Peer Vendor OUI being received is 00:16:4d (ALU) or the configured config>port>ethernet>efm-oam grace-vendor-oui value. The grace-tx-enable command should not be configured if the Nokia Vendor Specific Grace TLV is not supported on the remote peer.
The no form of this command disables the sending of the Nokia Vendor Specific Grace TLV.
Default
config>system>ethernet>efm-oam>no grace-tx-enable
config>port>ethernet>efm-oam>grace-tx-enable
Platforms
All
grace-tx-enable
Syntax
[no] grace-tx-enable
Context
[Tree] (config>eth-cfm>system grace-tx-enable)
Full Context
configure eth-cfm system grace-tx-enable
Description
This command enables ETH-CFM grace transmission at the system level when a soft reset message is received and processed by the ETH-CFM module. Individual MEP configuration determines which of the two supported grace functions, ETH-VSM or ETH-ED, is used to announce grace.
This command controls the overall capability to transmit grace and does not control which grace announcement to use. This command also has no impact on the reception and processing of grace-style PDUs.
The no form of this command disables ETH-CFM grace transmission at the system level.
Default
grace-tx-enable
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grace-vendor-oui
grace-vendor-oui
Syntax
grace-vendor-oui oui
no grace-vendor-oui
Context
[Tree] (config>port>ethernet>efm-oam grace-vendor-oui)
Full Context
configure port ethernet efm-oam grace-vendor-oui
Description
This optional command configures an additional peer vendor OUI which indicates support for the Vendor Specific EFM-OAM Grace functionality, allowing grace to be preferred over dying gasp when both are configured. This is in addition to the Nokia Vendor OUI 00:16:4d.
When both grace-tx-enable (config>system>ethernet>efm-oam grace-tx-enable, config>port>ethernet>efm-oam grace-tx-enable) and dying-gasp-tx-on-reset (config>system>ethernet>efm-oam dying-gasp-tx-on-reset, config>port>ethernet>efm-oam dying-gasp-tx-on-reset) are active on the same port, grace-tx-enable takes precedence when a soft reset is invoked if the Peer Vendor OUI being received is 00:16:4d (ALU) or the configured grace-vendor-oui value. The grace-tx-enable command should not be configured if the Nokia Vendor Specific Grace TLV is not supported on the remote peer, including Nokia 7750 SR equipment prior to release 11.0 R4.
The no form of this command removes the additional Vendor OUI but does not remove the Nokia 00:16:4d value.
Default
no grace-vendor-oui
Parameters
- oui
-
Hex value in the range 00:00:00 to FF:FF:FF.
Platforms
All
graceful-restart
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>service>vprn>bgp>group>neighbor graceful-restart)
[Tree] (config>service>vprn>bgp graceful-restart)
[Tree] (config>service>vprn>bgp>group graceful-restart)
Full Context
configure service vprn bgp group neighbor graceful-restart
configure service vprn bgp graceful-restart
configure service vprn bgp group graceful-restart
Description
This command enables BGP graceful restart helper procedures (the "receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. In a VPRN, SR OS can support GR helper functionality for IPv4, IPv6, label-ipv4, flow-ipv4 (IPv4 FlowSpec) and flow-ipv6 (IPv6 FlowSpec) routes.
When a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.
The no form of this command disables graceful restart.
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>service>vprn>isis graceful-restart)
Full Context
configure service vprn isis graceful-restart
Description
This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.
The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.
Default
no graceful-restart
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>service>vprn>ospf graceful-restart)
[Tree] (config>service>vprn>ospf3 graceful-restart)
Full Context
configure service vprn ospf graceful-restart
configure service vprn ospf3 graceful-restart
Description
This command enables OSPF graceful restart (GR) to minimize service interruption.
When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.
The no form of this command disables GR and removes the GR configuration from the OSPF instance.
Default
no graceful-restart
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>router>ldp graceful-restart)
Full Context
configure router ldp graceful-restart
Description
This command enables graceful restart helper.
The no form of this command disables graceful restart.
Graceful restart helper configuration changes, enable/disable, or change of a parameter will cause the LDP session to bounce.
Default
no graceful-restart (disabled) — Graceful-restart must be explicitly enabled.
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>router>bgp graceful-restart)
[Tree] (config>router>bgp>group graceful-restart)
[Tree] (config>router>bgp>group>neighbor graceful-restart)
Full Context
configure router bgp graceful-restart
configure router bgp group graceful-restart
configure router bgp group neighbor graceful-restart
Description
This command enables BGP graceful restart helper procedures (the "receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. SR OS can support GR helper functionality for IPv4, IPv6, VPN-IPv4, VPN-IPv6, Label-IPv4, Label-IPv6, L2-VPN, Route-Target (RTC), Flow-IPv4 (IPv4 FlowSpec) and Flow-IPv6 (IPv6 FlowSpec) routes.
If a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.
The no form of this command disables graceful restart.
Default
no graceful-restart
Platforms
All
graceful-restart
Syntax
graceful-restart [neighbor ip-address | group name]
no graceful-restart
Context
[Tree] (debug>router>bgp graceful-restart)
Full Context
debug router bgp graceful-restart
Description
This command enables debugging for BGP graceful restart.
The no form of this command disables the debugging.
Parameters
- neighbor ip-address
-
Debugs only events affecting the specified BGP neighbor.
- group name
-
Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>router>isis graceful-restart)
Full Context
configure router isis graceful-restart
Description
This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.
The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.
Default
no graceful-restart
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (debug>router>isis graceful-restart)
Full Context
debug router isis graceful-restart
Description
This command enables debugging for IS-IS graceful-restart.
The no form of the command disables debugging.
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (config>router>ospf3 graceful-restart)
[Tree] (config>router>ospf graceful-restart)
Full Context
configure router ospf3 graceful-restart
configure router ospf graceful-restart
Description
This command enables OSPF graceful restart (GR) to minimize service disruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router comes back up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, then the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.
The no form of this command disables graceful restart and removes the graceful restart configuration from the OSPF instance.
Default
no graceful-restart
Platforms
All
graceful-restart
Syntax
[no] graceful-restart
Context
[Tree] (debug>router>ospf graceful-restart)
[Tree] (debug>router>ospf3 graceful-restart)
Full Context
debug router ospf graceful-restart
debug router ospf3 graceful-restart
Description
This command enables debugging for OSPF and OSPF3 graceful restart.
Platforms
All
graceful-shutdown
graceful-shutdown
Syntax
[no] graceful-shutdown
Context
[Tree] (config>router>rsvp graceful-shutdown)
[Tree] (config>router>rsvp>interface graceful-shutdown)
Full Context
configure router rsvp graceful-shutdown
configure router rsvp interface graceful-shutdown
Description
This command initiates a graceful shutdown of the specified RSVP interface or all RSVP interfaces on the node if applied at the RSVP level. These are referred to as maintenance interface and maintenance node, respectively.
To initiate a graceful shutdown the maintenance node generates a PathErr message with a specific error sub-code of Local Maintenance on TE Link required for each LSP that is exiting the maintenance interface.
The node performs a single make-before-break attempt for all adaptive CSPF LSPs it originates and LSP paths using the maintenance interfaces. If an alternative path for an affected LSP is not found, then the LSP is maintained on its current path. The maintenance node also tears down and re-signals any detour LSP path using listed maintenance interfaces as soon as they are not active.
The maintenance node floods an IGP TE LSA/LSP containing Link TLV for the links under graceful shutdown with TE metric set to 0xffffffff and Unreserved Bandwidth parameter set to zero (0).
A head-end LER node, upon receipt of the PathErr message performs a single make-before-break attempt on the affected adaptive CSPF LSP. If an alternative path is not found, then the LSP is maintained on its current path.
A node does not take any action on the paths of the following originating LSPs after receiving the PathErr message:
a. An adaptive CSPF LSP for which the PathErr indicates a node address in the address list and the node corresponds to the destination of the LSP. In this case, there are no alternative paths which can be found.
b. An adaptive CSPF LSP whose path has explicit hops defined using the listed maintenance interface(s)/node(s).
c. A CSPF LSP with the adaptive option disabled and which current path is over the listed maintenance interfaces in the PathErr message. These are not subject to make-before-break.
d. A non CSPF LSP which current path is over the listed maintenance interfaces in the PathErr message.
The head-end LER node upon receipt of the updates IPG TE LSA/LSP for the maintenance interfaces updates the TE database. This information will be used at the next scheduled CSPF computation for any LSP which path may traverse any of the maintenance interfaces.
The no form of this command disables the graceful shutdown operation at the RSVP interface level or at the RSVP level. The configured TE parameters of the maintenance links are restored and the maintenance node floods the links.
Platforms
All
grafts
grafts
Syntax
grafts [source ip-address] [group grp-ip-address] [detail]
no grafts
Context
[Tree] (debug>router>pim grafts)
Full Context
debug router pim grafts
Description
This command enables debugging for PIM grafts.
The no form of this command disables PIM graft debugging.
Parameters
- ip-address
-
Debugs graft information associated with the specified source.
- grp-ip-address
-
Debugs graft information associated with the specified group.
- detail
-
Debugs detailed graft information.
Platforms
All
granularity
granularity
Syntax
granularity {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}
no granularity
Context
[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution granularity)
Full Context
configure qos adv-config-policy child-control bandwidth-distribution granularity
Description
This command is used to create a step-like behavior where the operational PIR will round up to the nearest increment of the specified granularity before being applied to the child. The only exception is when the distributed bandwidth is less than 1% above a lower step value, in which case the lower step value is used.
This step-like behavior may be useful when the bandwidth used by an active child is well known. While the above-offered-cap command automatically adds a specified amount to the operational PIR of a child, the granularity command only increments the operational PIR to the next step value. While not expected to be used in conjunction, the above-offered-cap and granularity commands may be used simultaneously, in which case the above-offered-cap increase will be applied first, followed by the granularity rounding to the next step value.
If the granularity command is used with a percent-based value, the rounding up function of the configured PIR value on the policer or queue is based on the child’s administrative PIR. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.
If the child’s administrative PIR is modified while a percent-based granularity is in effect, the system automatically uses the new relative rounding value the next time the child’s operational PIR is determined.
When this command is not specified or removed, the system makes no attempt to round up the child’s determined operational PIR.
The no form of this command is used to remove the operational PIR rounding behavior from all child policers and queues associated with the policy.
Parameters
- percent-of-admin-pir
-
When the percent qualifier is used, the following percent-of-admin-pir parameter specifies the percentage of the child’s administrative PIR that should be used as the rounding step value. If a value of 0 or 0.00 is used, the system will interpret this equivalent to no granularity.
- rate-in-kilobits-per-second
-
When the rate qualifier is used, the following rate-in-kilobits-per-second parameter specifies an explicit rate, in kb/s, that should be used as the child’s rounding step value. If a rate step of 0 is specified, the system interprets this equivalent to no granularity.
Platforms
All
granularity
Syntax
granularity {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}
no granularity
Context
[Tree] (config>qos>adv-config-policy>child-control>offered-measurement granularity)
Full Context
configure qos adv-config-policy child-control offered-measurement granularity
Description
This command is used to adjust the sensitivity of the virtual scheduler to changes in the child offered rate. As the child offered rate is determined, it is compared to the previous offered rate. If the delta does not exceed the sensitivity threshold determined for the current offered rate, the change in offered rate is ignored for that iteration.
While it is assumed that changing the offered rate change sensitivity will be a rare occurrence, it may be prudent to react to smaller changes in the offered rate of a particular child policer or queue. Another possible reason for changing the sensitivity is that it may be desired to lower the impact of changes in offered rate on the virtual scheduler for a particular child by raising the granularity.
A side effect of higher sensitivity (lower granularity) is that the virtual scheduler may need to adjust the distributed bandwidth between all children more often, resulting in the possibility of lowering resources available to other virtual scheduler instances on the slot.
A side effect of lower sensitivity (higher granularity) is that the parent virtual scheduler may distribute insufficient bandwidth to the child resulting in dropped packets.
If the granularity command is used with a percent-based value, the sensitivity is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.
Except for the overall cap on the offered input into the virtual scheduler, the child’s administrative PIR has no effect on the calculated sensitivity if an explicit rate is specified.
If the child’s administrative PIR is modified while a percent-based granularity is in effect, the system automatically uses the new relative sensitivity value the next time the child’s offered rate is determined.
The no form of this command is used to restore the default offered rate sensitivity behavior to all child policers and queues associated with the policy.
Parameters
- percent-of-admin-pir
-
When the percent qualifier is used, this parameter specifies the percentage of the child’s administrative PIR that are used as the threshold sensitivity to offered rate change. If a value of 0 or 0.00 is used, the system will interpret this equivalent to no granularity.
- rate-in-kilobits-per-second
-
When the rate qualifier is used, this parameter specifies an explicit rate, in kb/s, that are used as the child’s offered rate change sensitivity value. If a rate sensitivity of 0 is specified, the system interprets this equivalent to no granularity.
Platforms
All
gratuitous-arp
gratuitous-arp
Syntax
gratuitous-arp {one-per-sap| one-per-outer-tag}
Context
[Tree] (config>subscr-mgmt>up-resiliency>fsg-template gratuitous-arp)
Full Context
configure subscriber-mgmt up-resiliency fate-sharing-group-template gratuitous-arp
Description
This command configures the granularity with which Gratuitous ARP packets are sent upon switchover events.
Parameters
- one-per-sap
-
Specifies to send a single GARP per SAP. The Sender Protocol Address is any subnet associated with the SAP. If no subnet is available, the system IP is used.
- one-per-outer-tag
-
Specifies to send a single GARP for all q-in-q SAPs sharing the same outer tag. For dot1q SAPs this behaves the same as one-per-sap. The Sender Protocol Address is any subnet associated with the SAP. If no subnet is available, the system IP is used.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gratuitous-rtr-adv
gratuitous-rtr-adv
Syntax
[no] gratuitous-rtr-adv
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipoe-linking gratuitous-rtr-adv)
[Tree] (config>service>ies>sub-if>ipoe-linking gratuitous-rtr-adv)
[Tree] (config>service>ies>sub-if>grp-if>ipoe-linking gratuitous-rtr-adv)
[Tree] (config>service>vprn>sub-if>ipoe-linking gratuitous-rtr-adv)
Full Context
configure service vprn subscriber-interface group-interface ipoe-linking gratuitous-rtr-adv
configure service ies subscriber-interface ipoe-linking gratuitous-rtr-adv
configure service ies subscriber-interface group-interface ipoe-linking gratuitous-rtr-adv
configure service vprn subscriber-interface ipoe-linking gratuitous-rtr-adv
Description
This command enables the generation of unsolicited Router-advertisement on creation of v4 host.
The no form of this command disables gratuitous-rtr-adv.
Default
gratuitous-rtr-adv
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gre
gre
Syntax
[no] gre
Context
[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>type gre)
Full Context
configure subscriber-mgmt wlan-gw tunnel-query type gre
Description
This command enables matching on GRE tunnels.
The no form of this command disables matching on GRE tunnels, unless no other tunnel type specifier is configured.
Default
no gre
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gre
Syntax
[no] gre
Context
[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter gre)
Full Context
configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter gre
Description
This command enables setting the tunnel type for the auto bind tunnel.
The gre encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted.
The no form of this command disables the setting the tunnel type for the auto bind tunnel.
Default
no gre
Platforms
All
gre
Syntax
gre
Context
[Tree] (config>test-oam>build-packet>header gre)
Full Context
configure test-oam build-packet header gre
Description
This command creates a GRE header for inclusion in test OAM build packet instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
gre-eth-bridged
gre-eth-bridged
Syntax
gre-eth-bridged
Context
[Tree] (config>service>system gre-eth-bridged)
Full Context
configure service system gre-eth-bridged
Description
Commands in this context configure parameters related to termination of a GRE tunnel carrying Ethernet payload onto a PW port by using Forwarding Path Extensions (FPE).
Platforms
All
gre-header
gre-header
Syntax
gre-header send-key send-key receive-key receive-key
no gre-header
Context
[Tree] (config>service>ies>if>sap>ip-tunnel gre-header)
[Tree] (config>service>vprn>if>sap>ip-tunnel gre-header)
Full Context
configure service ies interface sap ip-tunnel gre-header
configure service vprn interface sap ip-tunnel gre-header
Description
This command configures the type of the IP tunnel. If the gre-header command is configured then the tunnel is a GRE tunnel with a GRE header inserted between the outer and inner IP headers. If the no form of this command is configured then the tunnel is a simple IP-IP tunnel.
Default
no gre-header
Parameters
- send-key send-key
-
Specifies a 32-bit unsigned integer.
- receive-key receive-key
-
Specifies a 32-bit unsigned integer.
Platforms
All
gre-key
gre-key
Syntax
gre-key if-index
no gre-key
Context
[Tree] (config>filter>gre-tun-tmp>ipv4 gre-key)
Full Context
configure filter gre-tunnel-template ipv4 gre-key
Description
This command enables the population of the GRE key field in the GRE header sent with the encapsulated IP packet.
The no form of this command disables the population of the optional GRE key field when the matching IP packet is sent encapsulated in a GRE tunnel.
Parameters
- if-index
-
Causes the GRE key field to be populated with the ifIndex of the ingress interface on which the matching IP packet was received.
Platforms
All
gre-termination
gre-termination
Syntax
[no] gre-termination
Context
[Tree] (config>router>if gre-termination)
Full Context
configure router interface gre-termination
Description
This command enables the termination of MPLS-over-GRE and IP-over-GRE packets on destination IP addresses from a user-defined subnet. The user defines a subnet for the termination of GRE packets by applying the gre-termination command to a numbered network IP interface, including a loopback interface.
For more information, refer to "IP-over-GRE and MPLS-over-GRE Termination on a User-Configured Subnet” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.
The no form of this command disables the termination of MPLS-over-GRE and IP-over-GRE packets on the subnet of the interface. Packets are dropped.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
gre-tunnel-template
gre-tunnel-template
Syntax
gre-tunnel-template name [create]
no gre-tunnel-template name
Context
[Tree] (config>filter gre-tunnel-template)
Full Context
configure filter gre-tunnel-template
Description
Commands in this context configure a GRE tunnel template parameters to be used to tunnel associated traffic.
The no form of this command removes the GRE tunnel template from the configuration.
Parameters
- name
-
Specifies a GRE tunnel template name up to 32 characters.
- create
-
This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.
Platforms
All
group
group
Syntax
group name [create]
no group name
Context
[Tree] (config>qos>hw-agg-shap-sched-plcy group)
Full Context
configure qos hw-agg-shaper-scheduler-policy group
Description
This command creates a group within a hardware aggregate shaper scheduler policy.
The no form of this command removes the group from the policy.
Parameters
- name
-
Specifies a group name, up to 32 characters.
Platforms
7750 SR-1, 7750 SR-s
group
Syntax
group tunnel-group-name [service-id service-id]
no group
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>l2tp group)
Full Context
configure subscriber-mgmt local-user-db ppp host l2tp group
Description
This command configures the L2TP tunnel group. The tunnel-group-name is configured in the config>router>l2tp context. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.
Parameters
- tunnel-group-name
-
Specifies an existing tunnel L2TP group, up to 63 characters.
- service-id service-id
-
Specifies an existing service ID or service name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
group tunnel-group-name [create]
group tunnel-group-name [create] [protocol protocol]
no group tunnel-group-name
Context
[Tree] (config>router>l2tp group)
[Tree] (config>service>vprn>l2tp group)
Full Context
configure router l2tp group
configure service vprn l2tp group
Description
This command configures an L2TP tunnel group.
The no form of this command reverts removes the tunnel group name from the configuration.
Parameters
- tunnel-group-name
-
Specifies a name string to identify a L2TP group up to 63 characters in length.
- create
-
This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.
- protocol
-
Specifies the l2tp protocol for use.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
group tunnel-group-name
Context
[Tree] (debug>router>l2tp group)
Full Context
debug router l2tp group
Description
This command enables and configures debugging for an L2TP group.
Parameters
- tunnel-group-name
-
Specifies the tunnel group name, up to 63 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
group name [create]
no group name
Context
[Tree] (config>service>vpls>gsmp group)
[Tree] (config>service>vprn>gsmp group)
Full Context
configure service vpls gsmp group
configure service vprn gsmp group
Description
This command specifies a GSMP name. A GSMP group name is unique only within the scope of the service in which it is defined.
The no form of this command reverts to the default.
Parameters
- name
-
Specifies a GSMP name up to 32 characters.
- create
-
Keyword used to create the GSMP group name. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
All
group
Syntax
[no] group ip-address
Context
[Tree] (config>subscr-mgmt>igmp-policy>static group)
Full Context
configure subscriber-mgmt igmp-policy static group
Description
This command adds or removes a static multicast group.
The no form of this command reverts to the default value.
Parameters
- ip-address
-
Specifies the multicast group IP address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
[no] group grp-ipv6-address
Context
[Tree] (config>subscr-mgmt>mld-policy>static group)
Full Context
configure subscriber-mgmt mld-policy static group
Description
This command configures a static multicast group.
The no form of this command reverts to the default.
Parameters
- grp-ipv6-address
-
Specifies the IPv6 address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
[no] group group-name
Context
[Tree] (config>service>ies>rip group)
[Tree] (config>service>vprn>rip group)
Full Context
configure service ies rip group
configure service vprn rip group
Description
This command creates a context for configuring a RIP group of neighbors. RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.
The no form of this command deletes the RIP neighbor interface group. Deleting the group also removes the RIP configuration of all the neighbor interfaces currently assigned to this group.
Default
no group
Parameters
- group-name
-
The RIP group name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
group
Syntax
group group-id rate rate
no group group-id
Context
[Tree] (config>port>ethernet>egress>hs-sched-ovr group)
Full Context
configure port ethernet egress hs-scheduler-overrides group
Description
This command overrides a group rate configured in the HS scheduler policy applied to the port egress.
The no form of this command removes the rate override from the port egress configuration.
Parameters
- group-id
-
Specifies the group ID.
- rate
-
Specifies the maximum rate in megabits per second. When the max keyword follows the rate keyword, the bandwidth limitation is removed from the group. The max keyword is mutually exclusive to the rate parameter. Either the max keyword or a rate value must follow the rate keyword.
Platforms
7750 SR-7/12/12e
group
Syntax
group sonet-sdh-index payload {tu3 | vt2 | vt15}
Context
[Tree] (config>port>sonet-sdh group)
Full Context
configure port sonet-sdh group
Description
This command configures payload of the SONET/SDH group.
This command is supported by TDM satellite, however the tu3 parameter is not.
For example:
config>port>sonet-sdh#
group tug3-1.1 payload tu3 group tug3-1.2 payload vt2 group tug3-1.3 payload vt2 group tug3-2.1 payload vt15 group tug3-2.2 payload vt15 group tug3-2.3 payload tu3 group tug3-3.1 payload tu3 group tug3-3.2 payload tu3 group tug3-3.3 payload tu3
Parameters
- sonet-sdh-index
-
Specifies the components making up the specified SONET/SDH path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path.
- tu3
-
Specifies the Tributary Unit Group (TUG3) on a path. Configures the port or channel for transport network use.
- vt2
-
Configures the path as a virtual tributary group of type vt2.
- vt15
-
Configures the path as a virtual tributary group of type vt15.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
group
Syntax
[no] group name
Context
[Tree] (config>router>bgp group)
Full Context
configure router bgp group
Description
Commands in this context configure a BGP peer group.
The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.
Default
no group
Parameters
- name
-
Specifies the peer group name. Allowed values are any string, up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
group
Syntax
[no] group grp-ip-address
[no] group grp-ipv6-address
Context
[Tree] (config>service>vpls>mesh-sdp>mld-snooping>static group)
[Tree] (config>service>vpls>sap>igmp-snooping>static group)
[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>static group)
[Tree] (config>service>vpls>sap>mld-snooping>static group)
[Tree] (config>service>vpls>igmp-snooping>static group)
[Tree] (config>service>vpls>spoke-sdp>mld-snooping>static group)
[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>static group)
Full Context
configure service vpls mesh-sdp mld-snooping static group
configure service vpls sap igmp-snooping static group
configure service vpls mesh-sdp igmp-snooping static group
configure service vpls sap mld-snooping static group
configure service vpls igmp-snooping static group
configure service vpls spoke-sdp mld-snooping static group
configure service vpls spoke-sdp igmp-snooping static group
Description
Commands in this context add a static multicast group as a (*, G) or as one or more (S,G) records. When a static MLD or IGMP group is added, multicast data for that (*,G) or (S,G) is forwarded to the specific SAP or SDP without receiving any membership report from a host.
Parameters
- grp-ip-address
-
Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group.
- grp-ipv6-address
-
Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.
Platforms
All
group
Syntax
group name [esm-dynamic-peer]
no group name
Context
[Tree] (config>service>vprn>bgp group)
Full Context
configure service vprn bgp group
Description
This command creates a context to configure a BGP peer group.
The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.
Parameters
- name
-
Specifies the peer group name. Allowed values is a string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
- esm-dynamic-peer
-
Specifies that the given BGP group is used by BGP peers created dynamically based on subscriber-hosts pointing to corresponding BGP peering policy. There can be only one BGP group with this flag set in any given VPRN. No BGP neighbors can be manually configured in a BGP group with this flag set.
Platforms
All
group
Syntax
[no] group grp-ip-address
[no] group start grp-ip-address end grp-ip-address [step ip-address]
Context
[Tree] (config>service>vprn>igmp>if>static group)
Full Context
configure service vprn igmp interface static group
Description
This command adds a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.
When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.
Parameters
- grp-ip-address
-
Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted decimal notation.
- start grp-ip-address
-
Specifies the start multicast group address.
- end grp-ip-address
-
Specifies the end multicast group address.
- step ip-address
-
Specifies the step increment.
Platforms
All
group
Syntax
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
Context
[Tree] (config>service>vprn>mld>if>static group)
Full Context
configure service vprn mld interface static group
Description
Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.
When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.
The no form of this command removes the IPv6 address from the configuration.
Parameters
- grp-ipv6-address
-
Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.
- start grp-ipv6-address
-
Specifies the start multicast group address.
- end grp-ipv6-address
-
Specifies the end multicast group address.
- step ipv6-address
-
Specifies the step increment.
Platforms
All
group
Syntax
[no] group group-name
Context
[Tree] (config>service>vprn>msdp group)
Full Context
configure service vprn msdp group
Description
This command enables access to the context to create or modify a Multicast Source Discovery Protocol (MSDP) group. To configure multiple MSDP groups, include multiple group statements.
By default, the group’s options are inherited from the global MSDP options. To override these global options, group-specific options within the group statement can be configured.
If the group name provided is already configured then this command only provides the context to configure the options pertaining to this group.
If the group name provided is not already configured, then the group name must be created and the context to configure the parameters pertaining to the group should be provided. In this case, the $ prompt to indicate that a new entity (group) is being created should be used.
For a group to be of use, at least one peer must be configured.
Default
no group
Parameters
- group-name
-
Specifies a unique name for the MSDP group.
Platforms
All
group
Syntax
[no] group ip-address [/mask]
Context
[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi group)
Full Context
configure service vprn mvpn provider-tunnel selective multistream-spmsi group
Description
This command creates group prefixes that map to the multicast stream. At least one source must be specified for the policy to be active.
Parameters
- Ip-address/mask
-
Specifies the IP address.
Platforms
All
group
Syntax
group aa-group-id[:partition-id] [create]
no group aa-group-id:partition-id
Context
[Tree] (config>app-assure group)
Full Context
configure application-assurance group
Description
This command configures and enables the context to configure an application assurance group and partition parameters.
Parameters
- aa-group-id
-
Specifies a group of ISA MDAs.
- partition-id
-
Specifies a partition within a group.
- create
-
Keyword used to create the partition in the group.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
group aa-group-id
Context
[Tree] (admin>app-assure group)
Full Context
admin application-assurance group
Description
This commands performs a group-specific upgrade.
Parameters
- aa-group-id
-
Specifies the AA group identifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
group aa-group-id[:partition-id]
Context
[Tree] (debug>app-assure group)
Full Context
debug application-assurance group
Description
This command configures application-assurance within a group/partition debugging.
Parameters
- aa-group-id[:partition-id]
-
Specifies the existing application assurance group and partition id.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
[no] group grp-ip-address
[no] group start grp-ip-address end grp-ip-address [step ip-address]
Context
[Tree] (config>router>igmp>if>static group)
Full Context
configure router igmp interface static group
Description
Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.
When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.
Parameters
- ip-address
-
Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group.
- start grp-ip-address
-
Specifies the start multicast group address.
- end grp-ip-address
-
Specifies the end multicast group address.
- step ip-address
-
Specifies the step increment.
Platforms
All
group
Syntax
[no] group grp-ip-address
Context
[Tree] (config>router>igmp>tunnel-interface>static group)
Full Context
configure router igmp tunnel-interface static group
Description
Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records.
The user can assign static multicast group joins to a tunnel interface associated with an RSVP P2MP LSP.
A given (*,G) or (S,G) can only be associated with a single tunnel interface.
A multicast packet which is received on an interface and which succeeds the RPF check for the source address will be replicated and forwarded to all OIFs which correspond to the branches of the P2MP LSP. The packet is sent on each OIF with the label stack indicated in the NHLFE of this OIF. The packets will also be replicated and forwarded natively on all OIFs which have received IGMP or PIM joins for this (S,G).
The multicast packet can be received over a PIM or IGMP interface which can be an IES interface, a spoke SDP terminated IES interface, or a network interface.
Parameters
- grp-ip-address
-
Specifies a multicast group address that receives data on a tunnel interface. The IP address must be unique for each static group.
Platforms
All
group
Syntax
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
Context
[Tree] (config>router>mld>if>static group)
Full Context
configure router mld interface static group
Description
Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.
When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.
The no form of this command removes the IPv6 address from the configuration.
Parameters
- grp-ipv6-address
-
Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.
- start grp-ipv6-address
-
Specifies the start multicast group address.
- end grp-ipv6-address
-
Specifies the end multicast group address.
- step ipv6-address
-
Specifies the step increment.
Platforms
All
group
Syntax
[no] group group-name
Context
[Tree] (config>router>msdp group)
Full Context
configure router msdp group
Description
This command enables access to the context to create or modify a Multicast Source Discovery Protocol (MSDP) group. To configure multiple MSDP groups, include multiple group statements.
By default, the group’s options are inherited from the global MSDP options. To override these global options, group-specific options within the group statement can be configured.
If the group name provided is already configured then this command only provides the context to configure the options pertaining to this group.
If the group name provided is not already configured, then the group name must be created and the context to configure the parameters pertaining to the group should be provided. In this case, the $ prompt to indicate that a new entity (group) is being created should be used.
For a group to be of use, at least one peer must be configured.
The no form of this command removes the group-name from the MSDP configuration.
Default
no group
Parameters
- group-name
-
Species a MSDP group name, up to 32 characters.
Platforms
All
group
Syntax
group group-id rate rate
no group group-id
Context
[Tree] (config>qos>hs-scheduler-policy group)
Full Context
configure qos hs-scheduler-policy group
Description
This command defines the maximum rate allowed for the scheduling classes mapped to the specified group-id. A group is a scheduling component used to combine up to six consecutive scheduling classes into a single strict priority level. Each scheduling class within the group has an associated weight. When the scheduler is servicing the strict level associated with the group, the ratio of bandwidth allocated to each scheduling class within the group during congestion is relative to the ratio of the weight of each active member.
The no form of the command reverts to the default.
Default
group 1 rate max
Parameters
- group-id
-
Specifies the group ID. The group always exists and does not need to be created prior to defining group membership.
- rate
-
Specifies the maximum rate in megabits per second. When the max keyword follows the rate keyword, the bandwidth limitation is removed from the group. The max keyword and the rate parameter are mutually exclusive. Either max or a rate value must follow the rate keyword.
Platforms
7750 SR-7/12/12e
group
Syntax
group name [create]
no group name
Context
[Tree] (config>qos>port-scheduler-policy group)
Full Context
configure qos port-scheduler-policy group
Description
This command defines a weighted scheduler group within a port scheduler policy.
The port scheduler policy defines a set of eight priority levels. The weighted scheduler group allows for the application of a scheduling weight to groups of child queues competing at the same priority level of the port scheduler policy applied to a Vport defined in the context of the egress of an Ethernet port or applied to the egress of an Ethernet port.
Up to eight groups can be defined within each port scheduler policy. One or more levels can map to the same group. A group has a rate and, optionally, a cir-rate, and inherits the highest scheduling priority of its member levels. A group receives bandwidth from the port or from the Vport and distributes it within the member levels of the group according to the weight of each level within the group.
Each priority level will compete for bandwidth within the group based on its weight under a congestion situation. If there is no congestion, a priority level can achieve up to its rate (cir-rate) worth of bandwidth.
CLI will enforce that mapping of levels to a group are contiguous. A user would not be able to add a priority level to a group unless the resulting set of priority levels is contiguous.
The no form of this command removes the group from the port scheduler policy.
Parameters
- name
-
Specifies the name of the weighted scheduler group and can be up to 32 ASCII characters.
- create
-
This keyword is mandatory when creating the specified group.
Platforms
All
group
Syntax
group aa-group-id
Context
[Tree] (admin>application-assurance group)
Full Context
admin application-assurance group
Description
Commands in this context perform a group-specific upgrade.
Parameters
- aa-group-id
-
Specifies an AA ISA group ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group
Syntax
group group-name
no group
Context
[Tree] (config>system>security>user>snmp group)
Full Context
configure system security user snmp group
Description
This command associates (or links) a user to a group name. The group name must be configured with the config>system>security>user >snmp>group command. The config>system>security>user access command links the group with one or more views, security model (s), security level (s), and read, write, and notify permissions.
Parameters
- group-name
-
Enter the group name (between 1 and 32 alphanumeric characters) that is associated with this user. A user can be associated with one group-name per security model.
Platforms
All
group
Syntax
[no] group group-name
Context
[Tree] (config>router>ripng group)
[Tree] (config>router>rip group)
Full Context
configure router ripng group
configure router rip group
Description
This command creates a context for configuring a RIP group of neighbor interfaces.
RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.
The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.
Default
no group
Parameters
- group-name
-
Specifies the RIP group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
group
Syntax
[no] group ip-address [/mask]
Context
[Tree] (config>service>vprn>mvpn>pt>selective>umh-rm group)
Full Context
configure service vprn mvpn provider-tunnel selective umh-rate-monitoring group
Description
This command configures UMH bandwidth monitoring for the specified <S,G>.
The no form of the command removes UMH bandwidth monitoring from the specified <S,G>.
Parameters
- Ip-address/mask
-
Specifies the IP address.
Platforms
All
group
Syntax
group down time | no group down
group up time | no group up
Context
[Tree] (config>service>oper-group>hold-time group)
Full Context
configure service oper-group hold-time group
Description
The group down form of the command configures the number of seconds to wait before notifying clients monitoring this group when its operational status transitions from up to down.
The group up form of the command configures the number of seconds to wait before notifying clients monitoring this group when its operational status transitions from down to up. A value of zero indicates that transitions are reported immediately to monitoring clients. The up time option is a must to achieve fast convergence: when the group comes up, the monitoring MH site that tracks the group status may wait without impacting the overall convergence; there is usually a pair MH site that is already handling the traffic.
The no form of the command sets the values back to the default.
Default
group down 0
group up 4
Parameters
- time
-
Specifies the group up or group down time value.
Platforms
All
group-address
group-address
Syntax
group-address prefix-list-name
no group-address
Context
[Tree] (config>router>policy-options>policy-statement>entry>from group-address)
Full Context
configure router policy-options policy-statement entry from group-address
Description
This command specifies the multicast group-address prefix list containing multicast group-addresses that are embedded in the join or prune packet as a filter criterion. The prefix list must be configured prior to entering this command. Prefix lists are configured in the config>router>policy-options>prefix-list context.
The no form of this command removes the criterion from the configuration.
Default
no group-address
Parameters
- prefix-list-name
-
Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
The prefix-list-name is defined in the config>router>policy-options>prefix-list context.
Platforms
All
group-encryption
group-encryption
Syntax
group-encryption
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw group-encryption)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw group-encryption)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw group-encryption
configure service ies subscriber-interface group-interface wlan-gw group-encryption
Description
This command configures group encryption for the WLAN-GW group interface.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
group-encryption
Syntax
[no] group-encryption
Context
[Tree] (config>router>interface group-encryption)
Full Context
configure router interface group-encryption
Description
This command enables NGE on the router interface. When NGE is enabled on the interface, all received Layer 3 packets that have the protocol ID configured as ESP are considered to be NGE packets and must be encrypted using a valid set of keys from any preconfigured key group on the system.
The no form of this command disables NGE on the interface. NGE cannot be disabled unless all key groups and IP exception filters are removed.
Default
no group-encryption
Platforms
VSR
group-encryption
Syntax
group-encryption
Context
[Tree] (config group-encryption)
Full Context
configure group-encryption
Description
Commands in this context configure group encryption parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group-encryption-label
group-encryption-label
Syntax
group-encryption-label encryption-label
no group-encryption-label
Context
[Tree] (config>grp-encryp group-encryption-label)
Full Context
configure group-encryption group-encryption-label
Description
This command configures the group encryption label used to identify when an MPLS payload is encrypted. This label must be unique network-wide and must be configured consistently on all nodes participating in a network group encryption domain. The label cannot be changed or deleted when there are any key groups configured on the node.
The no form of the command reverts to the default setting.
Parameters
- encryption-label
-
The network-wide, unique reserved MPLS label for group encryption.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group-inserted-entries
group-inserted-entries
Syntax
group-inserted-entries application application location location
Context
[Tree] (config>filter>ipv6-filter group-inserted-entries)
[Tree] (config>filter>ip-filter group-inserted-entries)
Full Context
configure filter ipv6-filter group-inserted-entries
configure filter ip-filter group-inserted-entries
Description
This command groups automatically-inserted entries.
Parameters
- application
-
Specifies the application for which the group entries are inserted.
- location
-
Specifies the location in the entry list in which the group entries are inserted.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-interface
group-interface
Syntax
group-interface ip-int-name [prefix {port-id}] [suffix {port-id}]
no group-interface
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>msap-defaults group-interface)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>msap-defaults group-interface)
Full Context
configure subscriber-mgmt local-user-db ppp host msap-defaults group-interface
configure subscriber-mgmt local-user-db ipoe host msap-defaults group-interface
Description
This command configures the group interface.
The no form of this command removes the group interface parameters from the configuration.
Parameters
- ip-int-name
-
Specifies the IP interface name, up to 32 characters.
- prefix port-id
-
Specifies the port ID as the prefix to the specified IP interface name.
- suffix port-id
-
Specifies the port ID as the suffix to the specified IP interface name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-interface
Syntax
group-interface ip-int-name [create] [type]
no group-interface ip-int-name
Context
[Tree] (config>service>vprn>sub-if group-interface)
[Tree] (config>service>ies>sub-if group-interface)
Full Context
configure service vprn subscriber-interface group-interface
configure service ies subscriber-interface group-interface
Description
This command creates a group interface. This interface is designed for triple play services where multiple SAPs are part of the same subnet. A group interface may contain one or more SAPs.
The no form of this command removes the group interface from the subscriber interface.
Default
no group-interface
Parameters
- ip-int-name
-
Specifies the interface name of a group interface. If the string contains special characters (#, $, spaces, and so on.), the entire string must be enclosed within double quotes.
- type
-
Specifies the interface type.
- create
-
Keyword used to create the group interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-interface
Syntax
group-interface interface-name svc-id service-id
no group-interface
Context
[Tree] (config>subscr-mgmt>gtp>apn-policy>apn>defaults group-interface)
Full Context
configure subscriber-mgmt gtp apn-policy apn defaults group-interface
Description
This command configures the default group interface where the hosts of the GTP connection is enabled. The group interface must be of type gtp.
The no form of this command removes the default group interface. In this case, a group interface must be specified using authentication.
Default
no group-interface
Parameters
- interface-name
-
Specifies the name of the group interface, up to 32 characters.
- service-id
-
Specifies the ID of the service where the group interface resides.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
group-interface
Syntax
[no] group-interface ip-int-name
[no] group-interface fwd-service service-id ip-int-name
Context
[Tree] (config>service>vprn>igmp group-interface)
Full Context
configure service vprn igmp group-interface
Description
This command configures IGMP group interfaces.
The no form of this command reverts to the default.
Parameters
- ip-int-name
-
Specifies the name of the IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
- fwd-service service-id
-
Specifies the service ID. This is only configured in the retailer VRF. This construct references the wholesaler service under which the group-interface (and the subscriber) is actually defined.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-interface
Syntax
[no] group-interface [fwd-service service-id] [ip-int-name]
Context
[Tree] (debug>router>igmp group-interface)
Full Context
debug router igmp group-interface
Description
This command enables debugging for IGMP group-interface.
The no form of the command disables debugging.
Parameters
- service-id
-
Debugs information associated with the service ID.
- ip-int-name
-
Debugs information associated with the specified IP interface name.
Platforms
All
group-interface
Syntax
[no] group-interface ip-int-name
Context
[Tree] (config>router>igmp group-interface)
[Tree] (config>router>igmp>if group-interface)
Full Context
configure router igmp group-interface
configure router igmp interface group-interface
Description
This command enables IGMP on a group-interface in a VRF context. Activating IGMP under the group-interface is a prerequisite for subscriber replication. The group-interface is also needed so that MCAC can be applied and various IGMP parameters defined.
This command can be used in a regular, wholesaler or retailer type of VRF. The retailer VRF does not have the concept of group-interfaces under the subscriber-interface hierarchy. In the case that this command is applied to a retailer VRF instance, the optional fwd-service command must be configured. The fwd-service command is referencing the wholesaler VRF in which the traffic is ultimately replicated. Redirection in the retailer VRF is supported.
This command enables IGMP on a group-interface in the Global Routing Table (GRT). The group-interface in GRT is defined under the IES service. Activating IGMP under the group-interface is a prerequisite for subscriber replication. The group-interface is also needed so that MCAC can be applied and various IGMP parameters defined.
Parameters
- ip-int-name
-
Specifies the name of the group interface.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure router igmp group-interface
All
- configure router igmp interface group-interface
group-interface
Syntax
[no] group-interface ip-int-name
Context
[Tree] (config>router>mld group-interface)
Full Context
configure router mld group-interface
Description
This command creates and enables the context to configure MLD group interface parameters.
The no form of this command removes the interface name from the MLD configuration.
Parameters
- ip-int-name
-
Specifies the IP group interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-interface-statistics
group-interface-statistics
Syntax
group-interface-statistics
Context
[Tree] (config>subscr-mgmt group-interface-statistics)
Full Context
configure subscriber-mgmt group-interface-statistics
Description
Commands in this context enable or disable the collection of group interface statistics.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-interface-template
group-interface-template
Syntax
group-interface-template name [create]
no group-interface-template name
Context
[Tree] (config>subscr-mgmt group-interface-template)
Full Context
configure subscriber-mgmt group-interface-template
Description
This command creates a template for specifying parameters for automatically generated group interfaces, for example, the creation of CUPS sessions. When no specific name is specified, a template named "default” is used, if it has been manually provisioned.
Parameters
- name
-
Specifies the name of the group interface, up to 32 characters.
- create
-
Keyword used to create the group interface template.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
group-list
group-list
Syntax
group-list name
no group-list
Context
[Tree] (config>system>security>tls>client-tls-profile group-list)
Full Context
configure system security tls client-tls-profile group-list
Description
This command assigns an existing TLS 1.3 group list to the TLS client profile.
The no form of this command removes the group list from the client profile.
Default
no group-list
Parameters
- name
-
Specifies the name of the group list, up to 32 characters.
Platforms
All
group-list
Syntax
group-list name
no group-list
Context
[Tree] (config>system>security>tls>server-tls-profile group-list)
Full Context
configure system security tls server-tls-profile group-list
Description
This command assigns an existing TLS 1.3 group list to the TLS server profile.
The no form of this command removes the group list from the server profile.
Default
no group-list
Parameters
- name
-
Specifies the name of the group list, up to 32 characters.
Platforms
All
group-name
group-name
Syntax
group-name group-name value group-value
no group-name group-name
Context
[Tree] (config>service>sdp-group group-name)
Full Context
configure service sdp-group group-name
Description
This command defines SDP administrative groups, referred to as SDP admin groups.
SDP admin groups provide a way for services using a pseudowire template to automatically include or exclude specific provisioned SDPs. SDPs sharing a specific characteristic or attribute can be made members of the same admin group. When users configure a pseudowire template, they can include and/or exclude one or more admin groups. When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.
A maximum of 32 admin groups can be created. The group value ranges from zero (0) to 31. It is uniquely associated with the group name at creation time. If the user attempts to configure another group name for a group value that is already assigned to an existing group name, the SDP admin group creation is failed. The same happens if the user attempts to configure an SDP admin group with a new name but associates it to a group value already assigned to an existing group name.
The no option of this command deletes the SDP admin group but is only allowed if the group-name is not referenced in a PW template or SDP.
Parameters
- group-name
-
Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.
- group-value
-
Specifies the group value associated with this SDP admin group. This value is unique within the system.
Platforms
All
group-policy
group-policy
Syntax
group-policy policy-name
no group-policy
Context
[Tree] (config>service>vpls>mld-snooping>mvr group-policy)
[Tree] (config>service>vpls>sap>igmp-snooping>mvr group-policy)
[Tree] (config>service>vpls>pim-snooping group-policy)
[Tree] (config>service>vpls>igmp-snp>mvr group-policy)
Full Context
configure service vpls mld-snooping mvr group-policy
configure service vpls sap igmp-snooping mvr group-policy
configure service vpls pim-snooping group-policy
configure service vpls igmp-snooping mvr group-policy
Description
This command identifies filter policy of multicast groups to be applied to this VPLS entity. The sources of the multicast traffic must be a member of the VPLS.
The no form of this command removes the policy association from the VPLS configuration.
Default
no group-policy
Parameters
- policy-name
-
Specifies the group policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context. The router policy must be defined before it can be imported.
Platforms
All
group-prefix
group-prefix
Syntax
group-prefix ip-address/mask [ip-address/mask] [starg]
no group-prefix ip-address/mask
Context
[Tree] (config>service>vprn>mvpn>rpf-select>core-mvpn group-prefix)
Full Context
configure service vprn mvpn rpf-select core-mvpn group-prefix
Description
This command configures multicast group IPv4 prefixes for the MVPN with per-group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored.
When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.
The no form of this command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.
Parameters
- ip-address/mask
-
Specifies the IPv4 multicast address prefix with mask. Up to 8 addresses can be specified in a single statement.
Platforms
All
group-prefix
Syntax
group-prefix ip-address/mask [ ip-address/mask...(up to 8 max)] [starg]
group-prefix any
no group-prefix ip-address/mask
no group-prefix any
Context
[Tree] (config>service>vprn>pim>rpf-select>grt-extranet group-prefix)
Full Context
configure service vprn pim rpf-select grt-extranet group-prefix
Description
This command configures multicast group IPv4 prefixes for the multicast GRT/VRF with per group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored. Operator can either configure specific groups for extranet or specify all groups by using key-word any. The two options are mutually exclusive in configuration.
When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.
The no form of this command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.
Parameters
- ip-address/mask
-
Specifies the IPv4 multicast address prefix with mask.
group-prefix
Syntax
[no] group-prefix grp-ipv6-address/prefix-length
Context
[Tree] (config>service>vprn>pim>rp>ipv6>static group-prefix)
Full Context
configure service vprn pim rp ipv6 static group-prefix
Description
The group-prefix for a static-rp defines a range of multicast-ip-addresses for which this static RP is applicable.
The no form of this command removes the criterion.
Parameters
- grp-ipv6-address
-
Specifies the multicast IPv6 address.
- prefix-length
-
Specifies the address prefix length.
Platforms
All
group-prefix
Syntax
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
Context
[Tree] (config>service>vprn>pim>rp>static group-prefix)
Full Context
configure service vprn pim rp static group-prefix
Description
The group-prefix for a static-rp defines a range of multicast-ip-addresses for which a certain RP is applicable.
The no form of this command removes the criterion.
Parameters
- grp-ip-address
-
Specifies the multicast IP address.
- mask
-
Defines the mask of the multicast-ip-address.
- netmask
-
The subnet mask in dotted decimal notation.
Platforms
All
group-prefix
Syntax
[no] group-prefix grp-ipv6-address/prefix-length
Context
[Tree] (config>router>pim>rp>ipv6>static>address group-prefix)
[Tree] (config>router>pim>rp>static>address group-prefix)
Full Context
configure router pim rp ipv6 static address group-prefix
configure router pim rp static address group-prefix
Description
This command specifies the range of multicast group addresses which should be used by the router as the Rendezvous Point (RP). The config>router>pim>rp>static> address a.b.c.d implicitly defaults to deny all for all multicast groups (224.0.0.0/4). A group-prefix must be specified for that static address. This command does not apply to the whole group range.
The no form of this command removes the group-prefix from the configuration.
Parameters
- grp-ipv6-address
-
Specifies the multicast group IPv6 address expressed in dotted decimal notation.
- prefix-length
-
Specifies the prefix length of the IPv6 address.
Platforms
All
group-range
group-range
Syntax
[no] group-range {ipv6-address/prefix-length}
Context
[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate group-range)
[Tree] (config>service>vprn>pim>rp>ipv6>embedded-rp group-range)
Full Context
configure service vprn pim rp ipv6 rp-candidate group-range
configure service vprn pim rp ipv6 embedded-rp group-range
Description
This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).
The no form of this command removes the group address or range of group addresses for which this router can be the RP from the configuration.
Parameters
- ipv6-address
-
Specifies the addresses or address ranges that this router can be an RP.
- prefix-length
-
Specifies the address prefix length.
Platforms
All
group-range
Syntax
[no] group-range {ip-prefix/mask | ip-prefix netmask}
Context
[Tree] (config>service>vprn>pim>rp>rp-candidate group-range)
[Tree] (config>service>vprn>pim>ssm group-range)
Full Context
configure service vprn pim rp rp-candidate group-range
configure service vprn pim ssm-groups group-range
Description
This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).
Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.
Parameters
- ip-prefix
-
Specifies the addresses or address ranges that this router can be an RP.
- mask
-
Specifies the address mask with the address to define a range of addresses.
- netmask
-
Specifies the subnet mask in dotted decimal notation.
Platforms
All
group-range
Syntax
[no] group-range ipv6-address/prefix-length
Context
[Tree] (config>router>pim>rp>ipv6>rp-candidate group-range)
[Tree] (config>router>pim>rp>ipv6>embedded-rp group-range)
Full Context
configure router pim rp ipv6 rp-candidate group-range
configure router pim rp ipv6 embedded-rp group-range
Description
This command defines which multicast groups can embed RP address information besides FF70::/12. Embedded RP information is only used when the multicast group is in FF70::/12 or the configured group range.
The no form of this command removes the parameter from the
Parameters
- ipv6-address/prefix-length
-
Specifies the group range for embedded RP.
Platforms
All
group-range
Syntax
[no] group-range {grp-ip-address/mask | grp-ip-address netmask}
Context
[Tree] (config>router>pim>rp>rp-candidate group-range)
Full Context
configure router pim rp rp-candidate group-range
Description
This command configures the address ranges of the multicast groups for which this router can be an RP.
The no form of this commands removes the parameter from the configuration.
Parameters
- grp-ip-address
-
Specifies the multicast group IP address expressed in dotted decimal notation.
- mask
-
Specifies the mask associated with the IP prefix expressed as a mask length or in dotted decimal notation; for example, /16 for a sixteen-bit mask. The mask can also be entered in dotted decimal notation (255.255.0.0).
- netmask
-
Specifies the subnet mask in dotted decimal notation.
Platforms
All
group-range
Syntax
[no] group-range {ip-prefix/mask | ip-prefix netmask}
Context
[Tree] (config>router>pim>ssm-groups group-range)
Full Context
configure router pim ssm-groups group-range
Description
This command configures the address ranges of the multicast groups for this router. When there are parameters present, the command configures the SSM group ranges for IPv6 addresses and netmasks.
The no form of this command removes the parameter from the configuration.
Parameters
- ip-prefix/mask
-
Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area ipv6-prefix.
- netmask
-
Specifies the subnet mask in dotted decimal notation.
Platforms
All
group-session-limit
group-session-limit
Syntax
group-session-limit session-limit
group-session-limit unlimited
no group-session-limit
Context
[Tree] (config>router>l2tp group-session-limit)
[Tree] (config>service>vprn>l2tp group-session-limit)
Full Context
configure router l2tp group-session-limit
configure service vprn l2tp group-session-limit
Description
This command configures the session limit. The value controls how many L2TP session will be allowed within a given context (system, group, tunnel).
The no form of this command removes the session limit value from the configuration.
Default
no group-session-limit
Parameters
- session-limit
-
Specifies the allowed number of sessions within the given context.
- unlimited
-
Specifies to use the maximum number of sessions available.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
grp-if-query-src-ip
grp-if-query-src-ip
Syntax
grp-if-query-src-ip ip-address
no grp-if-query-src-ip
Context
[Tree] (config>service>vprn>igmp grp-if-query-src-ip)
Full Context
configure service vprn igmp grp-if-query-src-ip
Description
This command configures the query source IP address for all group interfaces.
The no form of this command removes the IP address.
Platforms
All
grp-if-query-src-ip
Syntax
grp-if-query-src-ip ip-address
no grp-if-query-src-ip
Context
[Tree] (config>router>igmp grp-if-query-src-ip)
Full Context
configure router igmp grp-if-query-src-ip
Description
This command configures the query source IP address for all group interfaces.
The no form of the command removes the IP address.
Parameters
- ip-address
-
Sets the query source IP address.
Platforms
All
grp-if-query-src-ip
Syntax
grp-if-query-src-ip ipv6-address
no grp-if-query-src-ip
Context
[Tree] (config>router>mld grp-if-query-src-ip)
Full Context
configure router mld grp-if-query-src-ip
Description
This command configures the query source IPv6 address for all group interfaces.
The no form of this command removes the IP address.
Parameters
- ipv6-address
-
Sets the source IPv6 address for all group interfaces. The address can be up to 64 characters. The source address should be link local.
Platforms
All
grp-range
grp-range
Syntax
[no] grp-range start end
Context
[Tree] (config>service>vprn>igmp>ssm-translate grp-range)
Full Context
configure service vprn igmp ssm-translate grp-range
Description
This command is used to configure group ranges which are translated to SSM (S,G) entries.
Parameters
- start
-
An IP address that specifies the start of the group range.
- end
-
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.
Platforms
All
grp-range
Syntax
[no] grp-range start end
Context
[Tree] (config>service>vprn>mld>ssm-translate grp-range)
Full Context
configure service vprn mld ssm-translate grp-range
Description
This command is used to configure group ranges which are translated to SSM (S,G) entries.
Parameters
- start
-
An IP address that specifies the start of the group range.
- end
-
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.
Platforms
All
grp-range
Syntax
[no] grp-range start end
Context
[Tree] (config>router>igmp>if>ssm-translate grp-range)
[Tree] (config>router>igmp>ssm-translate grp-range)
Full Context
configure router igmp interface ssm-translate grp-range
configure router igmp ssm-translate grp-range
Description
This command is used to configure group ranges which are translated to SSM (S,G) entries.
Parameters
- start
-
An IP address that specifies the start of the group range.
- end
-
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.
Platforms
All
grp-range
Syntax
[no] grp-range start end
Context
[Tree] (config>router>mld>ssm-translate grp-range)
[Tree] (config>router>mld>if>ssm-translate grp-range)
Full Context
configure router mld ssm-translate grp-range
configure router mld interface ssm-translate grp-range
Description
This command is used to configure group ranges which are translated to SSM (S,G) entries.
The no form of this command removes the start and end ranges from the configuration.
Parameters
- start
-
Specifies an IP address for the start of the group range.
- end
-
Specifies an IP address for the end of the group range. This value should always be greater than or equal to the value of the start value.
Platforms
All
grpc
grpc
Syntax
[no] grpc
Context
[Tree] (debug>system grpc)
Full Context
debug system grpc
Description
This command enables the debug context for gRPC.
The no form of this command removes any debug activation within the gRPC context.
Platforms
All
grpc
Syntax
grpc
Context
[Tree] (config>system>security>management-interface grpc)
Full Context
configure system security management-interface grpc
Description
Commands in this context configure hash-control for the gRPC interface.
Platforms
All
grpc
Syntax
grpc
Context
[Tree] (config>system>security>profile grpc)
Full Context
configure system security profile grpc
Description
Commands in this context configure a specific gRPC security profile.
Platforms
All
grpc
grpc-tunnel
grpc-tunnel
Syntax
grpc-tunnel
Context
[Tree] (config>system grpc-tunnel)
Full Context
configure system grpc-tunnel
Description
Commands in this context configure the GRPC tunnel.
Platforms
All
grt
grt
Syntax
[no] grt
Context
[Tree] (config>service>vprn>static-route-entry grt)
Full Context
configure service vprn static-route-entry grt
Description
This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.
This next-hop type cannot be used in conjunction with any other next-hop types.
Default
no grt
Platforms
All
grt-extranet
grt-extranet
Syntax
[no] grt-extranet
Context
[Tree] (config>service>vprn>pim grt-extranet)
Full Context
configure service vprn pim grt-extranet
Description
Commands in this context configure GRT/VRF extranet for this MVPN instance.
Platforms
All
grt-lookup
grt-lookup
Syntax
grt-lookup
Context
[Tree] (config>service>vprn grt-lookup)
Full Context
configure service vprn grt-lookup
Description
Commands in this context configure all Global Route Table (GRT) leaking commands. If all the supporting commands in the context are removed, this command is also removed.
Platforms
All
gsmp
gsmp
gtm
gtm
Syntax
gtm
Context
[Tree] (config>router gtm)
Full Context
configure router gtm
Description
Commands in this context configure GTM parameters.
Platforms
All
gtm
Syntax
gtm
Context
[Tree] (config>router>pim gtm)
Full Context
configure router pim gtm
Description
Commands in this context configure GTM parameters.
Platforms
All
gtm
Syntax
gtm
Context
[Tree] (config>router>pim gtm)
Full Context
configure router pim gtm
Description
Commands in this context configure GTM parameters.
Platforms
All
gtp
gtp
gtp
Syntax
gtp
Context
[Tree] (config>subscr-mgmt gtp)
Full Context
configure subscriber-mgmt gtp
Description
Commands in this context configure box-wide GTP parameters and profiles.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp
Syntax
gtp
Context
[Tree] (debug gtp)
Full Context
debug gtp
Description
Commands in this context configure debugging for GTP.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp
Syntax
[no] gtp
Context
[Tree] (config>service>vprn>wlan-gw gtp)
Full Context
configure service vprn wlan-gw gtp
Description
Commands in this context configure distributed GTP parameters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp
Syntax
gtp
Context
[Tree] (config>app-assure>group gtp)
Full Context
configure application-assurance group gtp
Description
Commands in this context configure GTP parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp
Syntax
[no] gtp
Context
[Tree] (config>sys>security>cpu-protection>ip>included-protocols gtp)
Full Context
configure system security cpu-protection ip-src-monitoring included-protocols gtp
Description
This command includes the extracted IPV4 GTP packets for ip-src-monitoring. IPv4 GTP packets will be subject to the per-source-rate of CPU protection policies.
Default
no gtp
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
gtp-authorized
gtp-authorized
Syntax
[no] gtp-authorized
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state gtp-authorized)
Full Context
configure subscriber-mgmt wlan-gw ue-query state gtp-authorized
Description
This command enables matching on UEs in a GTP-authorized state.
The no form of this command disables matching on UEs in a GTP-authorized state, unless all state matching is disabled.
Default
no gtp-authorized
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-change
gtp-change
Syntax
gtp-change
Context
[Tree] (config>subscr-mgmt>acct-plcy>triggered-updates gtp-change)
Full Context
configure subscriber-mgmt radius-accounting-policy triggered-updates gtp-change
Description
Commands in this context configure which GTP-related changes trigger an interim accounting update.
This command is mutually exclusive with the legacy gtp-mobility command, which triggers interim accounting updates for all changes.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-filter
gtp-filter
Syntax
gtp-filter gtp-filter-name
no gtp-filter
Context
[Tree] (config>app-assure>group>policy>aqp>entry>action gtp-filter)
Full Context
configure application-assurance group policy app-qos-policy entry action gtp-filter
Description
This command assigns an existing GTP filter as an action on flows matching this AQP entry.
The no form of this command removes this GTP filter from actions on flows matching this AQP entry.
Default
no gtp-filter
Parameters
- gtp-filter-name
-
Specifies the name of an existing GTP filter for this application assurance profile. The gtp-filter-name is configured in the config>app-assure>group[:partition]>gtp>gtp-filter context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-filter
Syntax
gtp-filter filter-name
Context
[Tree] (config>app-assure>group>statistics>tca gtp-filter)
Full Context
configure application-assurance group statistics threshold-crossing-alert gtp-filter
Description
This command configures TCA generation for a GTP filter.
Parameters
- filter-name
-
Specifies the name of the GTP filter, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-filter
Syntax
gtp-filter gtp-filter-name [create]
no gtp-filter gtp-filter-name
Context
[Tree] (config>app-assure>group>gtp gtp-filter)
Full Context
configure application-assurance group gtp gtp-filter
Description
This command allows AA to treat traffic on UDP port number 2152 as GTP-u. Without further specifying any other parameters within this GTP context, AA performs basic GTP-u header sanity checks and discards packets that are malformed. This GTP context allows the operator to configure various GTP filters (maximum of 128 GTP filters).
Parameters
- gtp-filter-name
-
Specifies a GTP filter name, up to 32 characters.
- create
-
Keyword used to create the GTP filter name and parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-filter-stats
gtp-filter-stats
Syntax
[no] gtp-filter-stats
Context
[Tree] (config>app-assure>group>statistics>aa-admit-deny gtp-filter-stats)
Full Context
configure application-assurance group statistics aa-admit-deny gtp-filter-stats
Description
This command configures whether to include or exclude GTP filter admit-deny statistics in accounting records.
Default
no gtp-filter-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-in-gtp
gtp-in-gtp
Syntax
gtp-in-gtp direction direction [create]
no gtp-in-gtp direction direction
Context
[Tree] (config>app-assure>group>statistics>tca>gtp-filter gtp-in-gtp)
Full Context
configure application-assurance group statistics threshold-crossing-alert gtp-filter gtp-in-gtp
Description
This command configures a TCA for the counter capturing drops due to the GTP filter GTP-in-GTP packet check. A gtp-in-gtp drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a gtp-in-gtp TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-in-gtp
Syntax
gtp-in-gtp
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr gtp-in-gtp)
Full Context
configure application-assurance group gtp gtp-filter gtp-in-gtp
Description
This command configures GTP-in-GTP packet filtering.
Default
gtp-in gtp permit
Parameters
- permit | deny
-
Specifies the action to take for GTP packets that are encapsulated in GTP (GTP-in-GTP).
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-local-breakout
gtp-local-breakout
Syntax
gtp-local-breakout
Context
[Tree] (config>filter>ip-filter>entry>action gtp-local-breakout)
Full Context
configure filter ip-filter entry action gtp-local-breakout
Description
This command specifies the filter entry action to gtp-local-breakout.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-parameters
gtp-parameters
Syntax
gtp-parameters
Context
[Tree] (config>service>ies>sub-if>grp-if gtp-parameters)
[Tree] (config>service>vprn>sub-if>grp-if gtp-parameters)
Full Context
configure service ies subscriber-interface group-interface gtp-parameters
configure service vprn subscriber-interface group-interface gtp-parameters
Description
Commands in this context configure GTP parameters. The configuration of parameters under this context is only allowed when the group interface is created with the GTP parameter specified.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gtp-peer-clear-timeout
gtp-peer-clear-timeout
Syntax
gtp-peer-clear-timeout seconds
no gtp-peer-clear-timeout
Context
[Tree] (config>service>vprn>wlan-gw>dsm gtp-peer-clear-timeout)
Full Context
configure service vprn wlan-gw dsm gtp-peer-clear-timeout
Description
This command configures a GTP peer cleanup timeout to terminate a handover wait state.
Parameters
- seconds
-
Specifies a GTP peer cleanup timeout, in seconds, to terminate a handover wait state.
gtp-ping
gtp-ping
Syntax
gtp-ping gtp-interface [router router-instance] [source ip-address] destination ip-address udp-port port-number [retry-count count] [time-out timeout]
Context
[Tree] (oam gtp-ping)
Full Context
oam gtp-ping
Description
This command verifies whether a GTPv2 peer is reachable and correctly responds to GTPv2-C Echo Request messages. This command can be executed if no peering exists for the specified peer.
Parameters
- gtp-interface
-
Specifies the GTP interface where the echo is sent.
- router-instance
-
Specifies the router or VRF in which the GTP echo is sent.
- source ip-address
-
Specifies the source IP address to be used in the GTP ping.
- destination ip-address
-
Specifies the destination IP address to be used in the GTP ping.
- port-number
-
Specifies the port number to be used. Suggested port numbers are 2123 (GTP-C) or 2152 (GTP-U).
- count
-
Specifies the number of echo message requests before the peer is considered unreachable.
- timeout
-
Specifies the timeout, in seconds, of a single echo message.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-sanity-drop
gtp-sanity-drop
Syntax
gtp-sanity-drop direction direction [create]
no gtp-sanity-drop direction direction
Context
[Tree] (config>app-assure>group>statistics>tca gtp-sanity-drop)
Full Context
configure application-assurance group statistics threshold-crossing-alert gtp-sanity-drop
Description
This command configures a TCA for the counter capturing drops due to basic GTP header sanity checks, such as validating that the GTP-U version is 1 and that the protocol bit is set to 1 for UDP traffic destined to port 2152. A GTP sanity drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a default action TCA.
Parameters
- direction
-
Specifies the traffic direction.
- create
-
Keyword used to create the TCA.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-traffic
gtp-traffic
Syntax
[no] gtp-traffic
Context
[Tree] (config>app-assure>group>policer gtp-traffic)
Full Context
configure application-assurance group policer gtp-traffic
Description
This command provides a mechanism to configure a policer to function at the GTP tunnel level. GTP tunnels are defined by a TEID and destination IP address as oppose to normal flows that are defined by IP 5 tuple values. By setting this value, the policer then can be used to limit GTP traffic (SeGW GTP firewall application).
The no form of this command resets policer behavior to act at the normal 5 tuple flow level and not at the GTP tunnel level.
Default
no gtp-traffic
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-tunnel-database
gtp-tunnel-database
Syntax
gtp-tunnel-database
Context
[Tree] (config>app-assure>group>gtp>gtp-fltr gtp-tunnel-database)
Full Context
configure application-assurance group gtp gtp-filter gtp-tunnel-database
Description
Commands in this context configure GTP advanced firewall functions (such as validating GTP tunnels, sequence numbers, source IP addresses).
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-tunnel-database
Syntax
gtp-tunnel-database size
Context
[Tree] (config>isa>aa-grp>shr-res-pool gtp-tunnel-database)
Full Context
configure isa application-assurance-group shared-resources gtp-tunnel-database
Description
This command configures the allocation of memory resources required for stateful GTP firewall deployment on 3GPP S5/S8/Gn/Gp interfaces.
Default
gtp-tunnel-database 0
Parameters
- size
-
Specifies the percentage of allocated memory resources.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtp-user
gtp-user
Syntax
gtp-user
Context
[Tree] (debug>oam>build-packet>packet>field-override>header gtp-user)
[Tree] (config>test-oam>build-packet>header gtp-user)
Full Context
debug oam build-packet packet field-override header gtp-user
configure test-oam build-packet header gtp-user
Description
This command causes the associated header to be defined as a GTP user header template and enables the context to define the GTP parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
gtp-user-name
gtp-user-name
Syntax
gtp-user-name {imsi | imsi-apn | msisdn | msisdn-apn}
no gtp-user-name
Context
[Tree] (config>subscr-mgmt>auth-plcy gtp-user-name)
Full Context
configure subscriber-mgmt authentication-policy gtp-user-name
Description
This command configures the username used to authenticate an FWA session. If a PAP message is present in the PCO IE of the Create Session request, the system uses that for authentication instead of the format specified for this command. If you specify a format that includes APN, the separator is an @ character; for example, msisdn@apn.
The no form of this command reverts to the default.
Default
gtp-user-name imsi
Parameters
- imsi
-
Specifies to use IMSI as the username.
- imsi-apn
-
Specifies to use IMSI and APN as the username; for example, imsi@apn.
- msisdn
-
Specifies to use MSISDN as the username.
- msisdn-apn
-
Specifies to use MSISDN and APN as the username; for example, msisdn@apn.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gtpc-inspection
gtpc-inspection
Syntax
[no] gtpc-inspection
Context
[Tree] (config>app-assure>group>gtp gtpc-inspection)
Full Context
configure application-assurance group gtp gtpc-inspection
Description
This command configures the inspection of GTP-C packets. This is relevant only when AA GTP FW is deployed on S8/S5/Gp/Gn interfaces. The gtpc-inspection command must be enabled before configuring related features, such as APN filtering, GTP tunnel validation, message-type-v2 filtering, sequence number validation, SRC IP validation.
The no form of this command disables GTP-C packet inspection.
Default
no gtpc-inspection
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gtpv1-c
gtpv1-c
Syntax
gtpv1-c type direction {ingress | egress} script [script]
no gtpv1-c type direction {ingress | egress}
Context
[Tree] (config>python>py-policy gtpv1-c)
Full Context
configure python python-policy gtpv1-c
Description
This command configures a Python script for the specified GTPv1-C message type in the specified direction.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the message type.
- direction {ingress | egress}
-
Specifies if the message is incoming or outgoing.
- script
-
Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.
Platforms
All
gtpv2-c
gtpv2-c
Syntax
gtpv2-c type direction {ingress | egress} script [script]
no gtpv2-c type direction {ingress | egress}
Context
[Tree] (config>python>py-policy gtpv2-c)
Full Context
configure python python-policy gtpv2-c
Description
This command configures a Python script for the specified GTPv2-C message type in the specified direction.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the message type
- direction {ingress | egress}
-
Specifies if the message is incoming or outgoing.
- script
-
Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.
Platforms
All
guard-time
guard-time
Syntax
guard-time time
no guard-time
Context
[Tree] (config>eth-ring guard-time)
Full Context
configure eth-ring guard-time
Description
This command configures the guard time for an Eth-Ring. The guard timer is standard and is configurable from "x” ms to 2 seconds.
The no form of this command restores the default guard-time.
Default
no guard-time
Parameters
- value
-
Specifies the guard-time, in deciseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
gw-address-range
gw-address-range
Syntax
gw-address-range start start end end
no gw-address-range
Context
[Tree] (config>subscr-mgmt>isa-svc-chain>evpn>export gw-address-range)
Full Context
configure subscriber-mgmt isa-service-chaining evpn export gw-address-range
Description
This command specifies the address range to be used for the gateway IP address field in EVPN type-5 routes that are advertised for configured NAT pools, to the peer for service-chaining. The system allocates one address for each ISA in the NAT group out of the specified range.
The no form of this command removes the values from the configuration.
Parameters
- start
-
Specifies the starting gateway address range (V4) for this EVPN service.
- end
-
Specifies the ending gateway address range (V4) for this EVPN service.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
gw-addresses
gw-addresses
Syntax
gw-addresses
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw gw-addresses)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw gw-addresses)
Full Context
configure service ies subscriber-interface group-interface wlan-gw gw-addresses
configure service vprn subscriber-interface group-interface wlan-gw gw-addresses
Description
This command specifies gateway endpoint address for the wlan-gw tunnel.
The no form of this command removes the gateway ipv4 or IPv6 endpoint address for the wlan-gw tunnel.
Parameters
- ip-address
-
Specifies the IP address of the wlan-gw tunnels on this group interface.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
gw-mac
gw-mac
Syntax
gw-mac mac-address
no gw-mac
Context
[Tree] (config>service>vprn>sub-if>grp-if>srrp gw-mac)
Full Context
configure service vprn subscriber-interface group-interface srrp gw-mac
Description
This command overrides the default SRRP gateway MAC address used by the SRRP instance. Unless specified, the system uses the same base MAC address for all SRRP instances with the last octet overridden by the lower 8 bits of the SRRP instance ID. The same SRRP gateway MAC address should be in-use by both the local and remote routers participating in the same SRRP context.
One reason to change the default SRRP gateway MAC address is if two SRRP instances sharing the same broadcast domain are using the same SRRP gateway MAC. The system will use the SRRP instance ID to separate the SRRP messages (by ignoring the messages that does not match the local instance ID), but a unique SRRP gateway MAC is essential to separate the routed packets for each gateway IP address.
The no form of this command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.
Parameters
- mac-address
-
Specifies a MAC address that is used to override the default SRRP base MAC address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gw-mac
Syntax
gw-mac mac-address
no gw-mac
Context
[Tree] (config>service>ies>sub-if>grp-if>srrp gw-mac)
Full Context
configure service ies subscriber-interface group-interface srrp gw-mac
Description
This command overrides the default SRRP gateway MAC address used by the SRRP instance. Unless specified, the system uses the same base MAC address for all SRRP instances with the last octet overridden by the lower 8 bits of the SRRP instance ID. The same SRRP gateway MAC address should be in-use by both the local and remote routers participating in the same SRRP context.
One reason to change the default SRRP gateway MAC address is if two SRRP instances sharing the same broadcast domain are using the same SRRP gateway MAC. The system will use the SRRP instance ID to separate the SRRP messages (by ignoring the messages that does not match the local instance ID), but a unique SRRP gateway MAC is essential to separate the routed packets for each gateway IP address.
The no form of this command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.
Parameters
- mac-address
-
Specifies a MAC address that is used to override the default SRRP base MAC address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gx
gx
Syntax
gx
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy gx)
Full Context
configure subscriber-mgmt diameter-application-policy gx
Description
Commands in this context configure Gx parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gx-session-level-usage
gx-session-level-usage
Syntax
[no] gx-session-level-usage
Context
[Tree] (config>subscr-mgmt>cat-map gx-session-level-usage)
Full Context
configure subscriber-mgmt category-map gx-session-level-usage
Description
This command controls the instantiation of an internal category required for Diameter Gx session level Usage Monitoring (per IP-CAN session).
When configured, Gx session level Usage Monitoring can be enabled for sessions associated with this category map.
The internal category for Gx session level Usage Monitoring is counted against the maximum of sixteen categories that can be configured.
When not configured (default), then no internal category is instantiated and Gx session level Usage Monitoring cannot be enabled for sessions associated with this category map.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
gy
gy
Syntax
gy
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy gy)
Full Context
configure subscriber-mgmt diameter-application-policy gy
Description
Commands in this context configure Diameter Credit Control Application or Gy-specific options.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR