k Commands
kb-memory-use-alarm
kb-memory-use-alarm
Syntax
kb-memory-use-alarm rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]
no kb-memory-use-warn
Context
[Tree] (config>system>thresholds kb-memory-use-alarm)
Full Context
configure system thresholds kb-memory-use-alarm
Description
This command configures memory use, in kilobytes, alarm thresholds.
The no form of the command removes the parameters from the configuration.
Parameters
- rising-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold value.
The threshold value represents units of kilobytes.
- falling-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal the rising-threshold value.
The threshold value represents units of kilobytes.
- seconds
-
Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.
- rmon-event-type
-
Specifies the type of notification action to be taken when this event occurs.
- startup-alarm alarm-type
-
Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, then a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
Platforms
All
kb-memory-use-warn
kb-memory-use-warn
Syntax
kb-memory-use-warn rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]
no kb-memory-use-warn
Context
[Tree] (config>system>thresholds kb-memory-use-warn)
Full Context
configure system thresholds kb-memory-use-warn
Description
This command configures memory usage, in kilobytes, for warning thresholds
Parameters
- rising-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold value.
The threshold value represents units of kilobytes.
- falling-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal the rising-threshold value.
The threshold value represents units of kilobytes.
- seconds
-
Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.
- rmon-event-type
-
Specifies the type of notification action to be taken when this event occurs.
- alarm-type
-
Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, then a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
Platforms
All
keep-alive
keep-alive
Syntax
keep-alive [interval seconds] [retry-count value] [timeout retry-seconds]
no keep-alive
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile keep-alive)
Full Context
configure subscriber-mgmt gtp peer-profile keep-alive
Description
This command configures Echo-Request messages.
The no form of this command reverts to the default values.
Default
keep-alive interval 60 retry-count 4 timeout 5
Parameters
- seconds
-
Specifies, in seconds, the interval between keep-alive Echo-Request messages towards the same peer.
- value
-
Specifies, in seconds, the interval between keep-alive Echo-Request messages towards the same peer.
- retry-seconds
-
Specifies the retry timeout, in seconds.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
keep-alive
Syntax
keep-alive timer
no keep-alive
Context
[Tree] (config>port>ethernet>dwl keep-alive)
Full Context
configure port ethernet down-when-looped keep-alive
Description
This command configures the time interval between keep-alive PDUs.
Default
no keep-alive
Parameters
- timer
-
Specifies the time interval, in seconds, between keep-alive PDUs.
Platforms
All
keep-alive
Syntax
keep-alive seconds
Context
[Tree] (config>li>x-interfaces>x3>timeouts keep-alive)
[Tree] (config>li>x-interfaces>x2>timeouts keep-alive)
Full Context
configure li x-interfaces x3 timeouts keep-alive
configure li x-interfaces x2 timeouts keep-alive
Description
This command configures the X2 and X3 keep-alive timeout.
Parameters
- seconds
-
Specifies the maximum time to wait for a LIC reply to a keep alive request. The system retries up to three more times, and if no reply is received, the system declares a connection fault and logs the failure event.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
keep-alive
Syntax
keep-alive
Context
[Tree] (config>service>sdp keep-alive)
Full Context
configure service sdp keep-alive
Description
This command enables the context to configure SDP connectivity monitoring keepalive messages for the SDP ID.
SDP ID keepalive messages use SDP Echo Request and Reply messages to monitor SDP connectivity. The operating state of the SDP is affected by the keepalive state on the SDP ID. SDP Echo Request messages are only sent when the SDP ID is completely configured and administratively up. If the SDP ID is administratively down, keepalives for that SDP ID are disabled. SDP Echo Requests (when sent for keepalive messages) are always sent with the originator-sdp-id. All SDP ID keepalive SDP Echo Replies are sent using generic IP/GRE OAM encapsulation.
When a keepalive response is received that indicates an error condition, the SDP ID will immediately be brought operationally down. Once a response is received that indicates the error has cleared and the hold-down-time interval has expired, the SDP ID will be eligible to be put into the operationally up state. If no other condition prevents the operational change, the SDP ID will enter the operational state.
A set of event counters track the number of keepalive requests sent, the size of the message sent, non-error replies received and error replies received. A keepalive state value is kept indicating the last response event. A keepalive state timestamp value is kept indicating the time of the last event. With each keepalive event change, a log message is generated indicating the event type and the timestamp value.
Keepalive Interpretation and Effect of SDP Echo Reply describes the keepalive interpretation of SDP echo reply response conditions and the effect on the SDP ID operational status.
Result of Request |
Stored Response State |
Operational State |
---|---|---|
keepalive request timeout without reply |
Request Timeout |
Down |
keepalive request not sent due to non-existent orig-sdp-id (This condition should not occur) |
Orig-SDP Non-Existent |
Down |
keepalive request not sent due to administratively down orig-sdp-id |
Orig-SDP Admin-Down |
Down |
keepalive reply received, invalid origination-id |
Far End: Originator-ID Invalid |
Down |
keepalive reply received, invalid responder-id |
Far End: Responder-ID Error |
Down |
keepalive reply received, No Error |
Success |
Up (If no other condition prevents) |
Platforms
All
keep-alive-interval
keep-alive-interval
Syntax
keep-alive-interval interval
no keep-alive-interval
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-lag keep-alive-interval)
Full Context
configure redundancy multi-chassis peer mc-lag keep-alive-interval
Description
This command sets the interval at which keep-alive messages are exchanged between two systems participating in MC-LAG. These keep-alive messages are used to determine remote-node failure and the interval is set in deciseconds.
The no form of this command sets the interval to default value.
Default
keep-alive-interval 10
Parameters
- interval
-
The time interval expressed in tenths of a second.
Platforms
All
keep-alive-interval
Syntax
keep-alive-interval interval
no keep-alive-interval
Context
[Tree] (config>service>vprn>sub-if>grp-if>srrp keep-alive-interval)
[Tree] (config>service>ies>sub-if>grp-if>srrp keep-alive-interval)
Full Context
configure service vprn subscriber-interface group-interface srrp keep-alive-interval
configure service ies subscriber-interface group-interface srrp keep-alive-interval
Description
This command defines the interval between SRRP advertisement messages sent when operating in the master state. The interval is also the basis for setting the master-down timer used to determine when the master is no longer sending. The system uses three times the keep-alive interval to set the timer. Every time an SRRP advertisement is seen that is better than the local priority, the timer is reset. If the timer expires, the SRRP instance assumes that a master does not exist and initiates the attempt to become master.
When in backup state, the SRRP instance takes the keep-alive interval of the master as represented in the masters SRRP advertisement message. Once in master state, the SRRP instance uses its own configured keep-alive interval.
The keep-alive-interval may be changed at any time, but will have no effect until the SRRP instance is in the master state.
The no form of this command restores the default interval.
Default
keep-alive-interval 10
Parameters
- interval
-
Specifies the interval, in deciseconds, between SRRP advertisement messages sent when operating in the master state.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
keep-alive-interval
Syntax
keep-alive-interval interval
no keep-alive-interval
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ep keep-alive-interval)
Full Context
configure redundancy multi-chassis peer mc-endpoint keep-alive-interval
Description
This command sets the interval at which keep-alive messages are exchanged between two systems participating in MC-EP when bfd is not enabled or is down. These fast keep-alive messages are used to determine remote-node failure and the interval is set in deciseconds.
The no form of this command sets the interval to default value
Default
no keep-alive-interval
Parameters
- interval
-
The time interval expressed in tenths of a second.
Platforms
All
keep-alive-interval
Syntax
keep-alive-interval interval
no keep-alive-interval
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec keep-alive-interval)
Full Context
configure redundancy multi-chassis peer mc-ipsec keep-alive-interval
Description
This command specifies the time interval of the mastership election protocol sending keep-alive packet.
The no form of this command reverts to the default.
Default
keep-alive-interval 10
Parameters
- interval
-
Specifies the keep alive interval in tenths of seconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
keep-count
keep-count
Syntax
keep-count count
no keep-count
Context
[Tree] (config>bmp>station>connection>tcp-keepalive keep-count)
Full Context
configure bmp station connection tcp-keepalive keep-count
Description
This command configures the number of missed keepalives before the TCP connection is declared down.
The no form of this command reverts to the default.
Default
keep-count 4
Parameters
- count
-
Specifies the number of missed keepalives before the TCP connection is declared down.
Platforms
All
keep-idle
keep-idle
Syntax
keep-idle idle
no keep-idle
Context
[Tree] (config>bmp>station>connection>tcp-keepalive keep-idle)
Full Context
configure bmp station connection tcp-keepalive keep-idle
Description
This command configures the time until the first TCP keepalive probe is sent.
The no form of this command reverts to the default.
Default
keep-idle 600
Parameters
- idle
-
Specifies the time, in seconds, until the first TCP keepalive probe is sent.
Platforms
All
keep-interval
keep-interval
Syntax
keep-interval interval
no keep-interval
Context
[Tree] (config>bmp>station>connection>tcp-keepalive keep-interval)
Full Context
configure bmp station connection tcp-keepalive keep-interval
Description
This command configures the time between two TCP keepalives probes.
The no form of this command reverts to the default.
Default
keep-interval 15
Parameters
- interval
-
Specifies the time, in seconds, between two TCP keepalives probes.
Platforms
All
keep-multiplier
keep-multiplier
Syntax
[no] keep-multiplier number
no keep-multiplier
Context
[Tree] (config>router>rsvp keep-multiplier)
Full Context
configure router rsvp keep-multiplier
Description
The keep-multiplier number is an integer used by RSVP to declare that a reservation is down or the neighbor is down.
The no form of this command reverts to the default value.
Default
keep-multiplier 3
Parameters
- number
-
Specifies the keep-multiplier value.
Platforms
All
keepalive
keepalive
Syntax
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context
[Tree] (config>service>vprn>l2tp>group>tunnel>ppp keepalive)
[Tree] (config>service>vprn>l2tp>group>ppp keepalive)
[Tree] (config>router>l2tp>group>tunnel>ppp keepalive)
[Tree] (config>router>l2tp>group>ppp keepalive)
Full Context
configure service vprn l2tp group tunnel ppp keepalive
configure service vprn l2tp group ppp keepalive
configure router l2tp group tunnel ppp keepalive
configure router l2tp group ppp keepalive
Description
This command configures the PPP keepalive interval and multiplier.
Default
keepalive 30 hold-up-multiplier 3
Parameters
- seconds
-
Specifies in seconds the interval.
- multiplier
-
Specifies the multiplier.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
keepalive
Syntax
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context
[Tree] (config>subscr-mgmt>ppp-policy keepalive)
Full Context
configure subscriber-mgmt ppp-policy keepalive
Description
This command defines the keepalive interval and the number of keepalives that can be missed before the session is declared down for this PPP policy.
The no form of this command reverts to the default value.
Default
keepalive 30 hold-up-multiplier 3
Parameters
- seconds
-
Specifies the keepalive interval in seconds.
- hold-up-multiplier multiplier
-
Specifies the number of keepalives that can be missed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
keepalive
Syntax
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>plcy-parms keepalive)
Full Context
configure subscriber-mgmt local-user-db ppp host ppp-policy-parameters keepalive
Description
This command configures the keepalive time interval in seconds at which LCP echo requests are transmitted for the PPP session and the number of LCP echo replies that can be missed before the PPP session is brought down. Overrides the values configured in subscriber-mgmt ppp-policy for PPPoE PTA sessions or in the Base router or VPRN service l2tp group context for L2TP LNS sessions.
The no form of this command removes the LCP keepalive parmeter overrides.
Default
no keepalive
Parameters
- seconds
-
Specifies the keepalive interval in seconds.
- hold-up-multiplier multiplier
-
Specifies the number of keepalives that can be missed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
keepalive
Syntax
keepalive seconds
no keepalive
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy keepalive)
Full Context
configure subscriber-mgmt bgp-peering-policy keepalive
Description
This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires.
The keepalive value is generally one-third of the hold-time interval. Even though the OS implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:
If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive is set to one third of the current hold-time value.
If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.
If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.
The no form of this command used at the global level reverts to the default value.
Default
keepalive 30
Parameters
- seconds
-
Specifies the keepalive timer in seconds, expressed as a decimal integer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
keepalive
Syntax
keepalive seconds
no keepalive
Context
[Tree] (config>service>vpls>gsmp>group keepalive)
[Tree] (config>service>vprn>gsmp>group keepalive)
Full Context
configure service vpls gsmp group keepalive
configure service vprn gsmp group keepalive
Description
This command configures keepalive values for the GSMP connections in this group.
The no form of this command reverts to the default.
Default
no keepalive
Parameters
- seconds
-
Specifies the GSMP keepalive timer value in seconds.
Platforms
All
keepalive
Syntax
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context
[Tree] (config>subscr-mgmt>pppoe-client-policy keepalive)
Full Context
configure subscriber-mgmt pppoe-client-policy keepalive
Description
This command defines the keepalive interval and the number of times the keepalive can be missed before the session is declared down for this PPPoE client policy.
The no form of this command reverts to the default.
Default
keepalive 30 hold-up-multiplier 3
Parameters
- seconds
-
Specifies the keepalive interval in seconds.
- multiplier
-
Specifies the number times keepalive can be missed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
keepalive
Syntax
keepalive seconds
no keepalive
Context
[Tree] (config>service>vprn>bgp keepalive)
[Tree] (config>service>vprn>bgp>group>neighbor keepalive)
[Tree] (config>service>vprn>bgp>group keepalive)
Full Context
configure service vprn bgp keepalive
configure service vprn bgp group neighbor keepalive
configure service vprn bgp group keepalive
Description
This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires. The seconds parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.
The keepalive value is generally one-third of the hold-time interval. Even though the OS implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:
If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive is set to one third of the current hold-time value.
If the specified hold-time interval is less than the configured hold-time value, then the keepalive value is reset to one third of the specified hold-time interval.
If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.
The no form of this command used at the global level reverts to the default value.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
keepalive 30
Parameters
- seconds
-
The keepalive timer in seconds, expressed as a decimal integer.
Platforms
All
keepalive
Syntax
keepalive timeout factor
no keepalive
Context
[Tree] (config>router>ldp>targ-session>peer-template keepalive)
[Tree] (config>router>ldp>if-params>ipv6 keepalive)
[Tree] (config>router>ldp>if-params>if>ipv6 keepalive)
[Tree] (config>router>ldp>targ-session>peer keepalive)
[Tree] (config>router>ldp>if-params>if>ipv4 keepalive)
[Tree] (config>router>ldp>if-params>ipv4 keepalive)
[Tree] (config>router>ldp>targ-session>ipv6 keepalive)
[Tree] (config>router>ldp>targ-session>ipv4 keepalive)
Full Context
configure router ldp targeted-session peer-template keepalive
configure router ldp interface-parameters ipv6 keepalive
configure router ldp interface-parameters interface ipv6 keepalive
configure router ldp targeted-session peer keepalive
configure router ldp interface-parameters interface ipv4 keepalive
configure router ldp interface-parameters ipv4 keepalive
configure router ldp targeted-session ipv6 keepalive
configure router ldp targeted-session ipv4 keepalive
Description
This command configures the time interval (in s), that LDP waits before tearing down the session. The factor parameter derives the keepalive interval.
The config>router>ldp>if-params>ipv6>keepalive and config>router>ldp>targ-session>ipv6>keepalive commands are not supported on the 7450 ESS.
If no LDP messages are exchanged for the configured time interval, the LDP session is torn down. Keepalive timeout is usually three times the keepalive interval. To maintain the session permanently, regardless of the activity, set the value to zero.
When LDP session is being set up, the keepalive timeout is negotiated to the lower of the two peers. Once an operational value is agreed upon, the keepalive factor is used to derive the value of the keepalive interval.
The no form of the command at the interface-parameters and targeted-session levels sets the keepalive timeout and the keepalive factor to the default value.
The no form of this command, at the interface level, sets the keepalive timeout and the keepalive factor to the value defined under the interface-parameters level.
The no form of this command, at the peer level, sets the keepalive timeout and the keepalive factor to the value defined under the targeted-session level.
The session must be flapped for the new settings to operate.
Default
Timeout Factor Defaults lists the default values.
Context |
Timeout |
Factor |
---|---|---|
config>router>ldp>if-params |
30 |
3 |
config>router>ldp>targ-session |
40 |
4 |
config>router>ldp>if-params>if |
Inherits values from interface-parameters context. |
|
config>router>ldp>targ-session>peer |
Inherits values from targeted-session context. |
Parameters
- timeout
-
Configures the time interval, in seconds, that LDP waits before tearing down the session.
- factor
-
Specifies the number of keepalive messages, expressed as a decimal integer, that should be sent on an idle LDP session in the keepalive timeout interval.
Platforms
All
keepalive
Syntax
[no] keepalive
Context
[Tree] (debug>router>ldp>peer>packet keepalive)
Full Context
debug router ldp peer packet keepalive
Description
This command enables debugging for LDP Keepalive packets.
The no form of the command disables the debugging output.
Platforms
All
keepalive
Syntax
keepalive seconds
no keepalive
Context
[Tree] (config>router>pcep>pce keepalive)
[Tree] (config>router>pcep>pcc keepalive)
Full Context
configure router pcep pce keepalive
configure router pcep pcc keepalive
Description
This command configures the PCEP session keep-alive value. A PCEP speaker (PCC or PCE) must send a keep-alive message if no other PCEP message is sent to the peer at the expiry of this timer. This timer is restarted every time a PCEP message or keep-alive message is sent.
The keep-alive mechanism is asymmetric, meaning that each peer can use a different keep-alive timer value at its end.
The no form of the command returns the keep-alive timer to the default value.
Default
keepalive 30
Parameters
- seconds
-
the keep-alive value, in seconds
Platforms
VSR-NRC
- configure router pcep pce keepalive
All
- configure router pcep pcc keepalive
keepalive
Syntax
keepalive deciseconds dropcount count
Context
[Tree] (config>isa>nat-group>inter-chassis-redundancy keepalive)
Full Context
configure isa nat-group inter-chassis-redundancy keepalive
Description
This command configures keepalives between the CPMs residing on different chassis. The keepalives are used to detect the presence of the peering node. If the redundant peer connectivity is lost beyond the limit defined by keepalives, then each node in the redundant pair transitions into a standalone mode. Keepalives use UDP transport.
Default
keepalive 30 dropcount 2
Parameters
- deciseconds
-
Specifies the number of keepalives that are transported periodically at intervals defined by this parameter.
- count
-
Specifies the drop count. If the number of consecutive keepalives defined by this parameter is lost, then the peer is considered unreachable and the node transitions into a standalone mode of operation.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
keepalive
Syntax
keepalive seconds
no keepalive
Context
[Tree] (config>router>bgp keepalive)
[Tree] (config>router>bgp>group>neighbor keepalive)
[Tree] (config>router>bgp>group keepalive)
Full Context
configure router bgp keepalive
configure router bgp group neighbor keepalive
configure router bgp group keepalive
Description
This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires.
The keepalive parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.
The keepalive value is generally one-third of the hold-time interval. Even though the implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:
-
If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored and the keepalive is set to one third of the current hold-time value.
-
If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.
-
If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.
The no form of this command used at the global level reverts to the default value.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
keepalive 30
Parameters
- seconds
-
Specifies the keepalive timer, in seconds, expressed as a decimal integer.
Platforms
All
keepalive
Syntax
keepalive [neighbor ip-addr | group name]
no keepalive
Context
[Tree] (debug>router>bgp keepalive)
Full Context
debug router bgp keepalive
Description
This command decodes and logs all sent and received keepalive messages in the debug log.
The no form of this command disables the debugging.
Parameters
- neighbor ip-address
-
Debugs only events affecting the specified BGP neighbor.
- group name
-
Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.
Platforms
All
keepalive-override
keepalive-override
Syntax
keepalive-override keepalive-timer
no keepalive-override
Context
[Tree] (config>mcast-mgmt>mcast-info-policy>bundle keepalive-override)
[Tree] (config>mcast-mgmt>mcast-info-policy>bundle>channel>source-override keepalive-override)
[Tree] (config>mcast-mgmt>mcast-info-policy>bundle>channel keepalive-override)
Full Context
configure mcast-management mcast-info-policy bundle keepalive-override
configure mcast-management mcast-info-policy bundle channel source-override keepalive-override
configure mcast-management mcast-info-policy bundle channel keepalive-override
Description
This command configures the keepalive timer override. The PIM (S,G) Keepalive Timer (KAT) is used to maintain the (S,G) state when (S,G) join is not received. Expiry of the KAT causes the (S,G) entry to be removed.
The KAT override configuration is performed with a multicast information policy, which must be applied to the related PIM routing instance. When a KAT override is configured under a channel (a group or a group range), it applies to all (S,G) entries that fall under it, except when the source-override is configured and a KAT override is also configured under the source-override. In this scenario, the specific KAT override must be used for the (S,G) entries that fall under the source-override, while other (S,G) entries under the bundle use the KAT override configured under the channel.
Parameters
- keepalive-timer
-
Specifies the keepalive timer override, in seconds.
kernel
kernel
Syntax
kernel password password
no kernel
Context
[Tree] (environment kernel)
Full Context
environment kernel
Description
This command enables and disables the kernel.
Parameters
- password
-
Specifies the password to access the kernel, up to 256 characters.
Platforms
All
kex
kex
Syntax
kex index name kex-name
no kex index
Context
[Tree] (config>system>security>ssh>client-kex-list kex)
[Tree] (config>system>security>ssh>server-kex-list kex)
Full Context
configure system security ssh client-kex-list kex
configure system security ssh server-kex-list kex
Description
This command allows the user to configure phase 1 SSH v2 KEX algorithms for SR OS as an SSH server or an SSH client. By default, the client and server lists are empty. If the user configures this list, SSH uses the hard-coded list with the first-listed algorithm having the highest priority and so on. An empty server or client list is the default list and contains the following algorithms:
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
The no form of this command removes the specified KEX index. If all KEX indexes are removed, the default list is used again.
Parameters
- index
-
Specifies the index of the algorithm in the list. The lowest index in the list is negotiated first on the SSH negotiation list, while the highest index is at the bottom of the SSH negotiation list.
- kex-name
-
Specifies the KEX algorithm for computing the shared secret key.
Platforms
All
key
key
Syntax
key key-file-name
Context
[Tree] (config>system>security>pki>cert-auto-upd>cert key)
Full Context
configure system security pki certificate-auto-update cert key
Description
This command configures the filename of the key corresponding to the certificate.
Parameters
- key-file-name
-
Specifies the filename of the key.
Platforms
All
key
Syntax
key packet-type {accept | request} attribute-type attribute-type [vendor vendor-id]
no key
Context
[Tree] (config>router>radius-proxy>server>cache key)
[Tree] (config>service>vprn>radius-proxy>server>cache key)
Full Context
configure router radius-proxy server cache key
configure service vprn radius-proxy server cache key
Description
This command specifies the RADIUS cache key that is used to match the information in subsequent DHCP requests for authorization.
Parameters
- packet-type
-
Specifies the packet type of the RADIUS messages to use to generate the key for the cache of this RADIUS proxy server.
- attribute-type
-
Specifies the RADIUS attribute type to cache for this RADIUS proxy. server.
- vendor-id
-
Specifies the RADIUS vendor ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
key
Syntax
key key-filename
no key
Context
[Tree] (config>ipsec>cert-profile>entry key)
Full Context
configure ipsec cert-profile entry key
Description
This command specifies the filename of an imported key for the cert-profile entry.
The no form of this command removes the key filename from the entry configuration.
Default
no key
Parameters
- key-filename
-
Specifies the filename of an imported key.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
key
Syntax
key password [hash | hash2 | custom] reference reference-number
no key reference reference-number
Context
[Tree] (config>system>security>pki>ca-profile>cmpv2>key-list key)
Full Context
configure system security pki ca-profile cmpv2 key-list key
Description
This command specifies a pre-shared key used for CMPv2 initial registration. Multiples of key commands are allowed to be configured under this context.
The password and reference-number is distributed by the CA via out-of-band means.
The configured password is stored in configuration file in an encrypted form by using SR OS hash2 algorithm.
The no form of this command removes the parameters from the configuration.
Parameters
- password
-
Specifies a printable ASCII string, up to 64 characters.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
- reference reference-number
-
Specifies a printable ASCII string, up to 64 characters in length.
Platforms
All
key
Syntax
key key-filename
no key
Context
[Tree] (config>system>security>tls>cert-profile>entry key)
Full Context
configure system security tls cert-profile entry key
Description
This command specifies the file name of an imported key for the cert-profile entry.
The no form of the command removes the key.
Default
no key
Parameters
- key-filename
-
Specifies the file name of the key.
Platforms
All
key-generation
key-generation
Syntax
key-generation dsa size bits
key-generation ecdsa curve curve
key-generation rsa size bits
key-generation same-as-existing-key
Context
[Tree] (config>system>security>pki>cert-upd-prof key-generation)
Full Context
configure system security pki certificate-update-profile key-generation
Description
This command configures the key generation algorithm and behavior.
Default
key-generation same-as-existing-key
Parameters
- bits
-
Specifies the size in bits..
- curve
-
Specifies the elliptic curve for key generation.
Platforms
All
key-list
key-list
Syntax
key-list
Context
[Tree] (config>system>security>pki>ca-profile>cmpv2 key-list)
Full Context
configure system security pki ca-profile cmpv2 key-list
Description
This command enables the context to configure pre-shared key list parameters.
Platforms
All
key-re-exchange
key-re-exchange
Syntax
key-re-exchange
Context
[Tree] (config>system>security>ssh key-re-exchange)
Full Context
configure system security ssh key-re-exchange
Description
This command enables the key re-exchange context.
Platforms
All
key-rollover-interval
key-rollover-interval
Syntax
key-rollover-interval key-rollover-interval
Context
[Tree] (config>service>vprn>ospf3>area key-rollover-interval)
Full Context
configure service vprn ospf3 area key-rollover-interval
Description
This command configures the key rollover interval.
The no form of this command reverts to the default.
Default
key-rollover-interval 10
Parameters
- key-rollover-interval
-
Specifies the time, in seconds, after which a key rollover will start.
Platforms
All
key-rollover-interval
Syntax
key-rollover-interval seconds
Context
[Tree] (config>router>ospf3>area key-rollover-interval)
Full Context
configure router ospf3 area key-rollover-interval
Description
This command configures the key rollover interval.
Default
key-rollover-interval 10
Parameters
- seconds
-
Specifies the time, in seconds, after which a key rollover will start.
Platforms
All
key-update
key-update
Syntax
key-update ca ca-profile-name newkey key-filename oldkey key-filename oldcert cert-filename [hash-alg hash-algorithm] save-as save-path-of-result-cert
Context
[Tree] (admin>certificate>cmpv2 key-update)
Full Context
admin certificate cmpv2 key-update
Description
This command requests a new certificate from the CA to update an existing certificate due to reasons such as key refresh or replacing compromised key.
In some cases, the CA may not return certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.
Parameters
- ca-profile-name
-
Specifies a ca-profile name which includes CMP server information, up to 32 characters.
- newkey key-filename
-
Specifies the key file of the requesting certificate, up to 95 characters.
- oldkey key-filename
-
Specifies the key to be replaced, up to 95 characters.
- cert-filename
-
Specifies the file name of an imported certificate to be replaced, up to 95 characters.
- hash-algorithm
-
Specifies the hash algorithm for RSA key.
- save-path-of-result-cert
-
Specifies the save full path name of saving the result certificate, up to 200 characters.
Platforms
All
key-value
key-value
Syntax
key-value public-key-value
no key-value
Context
[Tree] (config>system>security>user>public-keys>ecdsa>ecdsa-key key-value)
[Tree] (config>system>security>user>public-keys>rsa>rsa-key key-value)
Full Context
configure system security user public-keys ecdsa ecdsa-key key-value
configure system security user public-keys rsa rsa-key key-value
Description
This command configures a value for the RSA or ECDSA public key. The public key must be enclosed in quotation marks. For RSA, the key is between 768 and 4096 bits. For ECDSA, the key is between 1 and 1024 bits.
Default
no key-value
Parameters
- public-key-value
-
Specifies the public key value, up to 800 characters for RSA and up to 255 characters for ECDSA.
Platforms
All
keychain
keychain
Syntax
[no] keychain keychain-name
Context
[Tree] (config>system>security keychain)
Full Context
configure system security keychain
Description
This command enables the context to configure keychain parameters. A keychain must be configured on the system before it can be applied to a session.
The no form of this command removes the keychain nodal context and everything under it from the configuration. If the keychain to be removed is in use when the no keychain command is entered, the command will not be accepted and an error indicating that the keychain is in use will be printed.
Parameters
- keychain-name
-
Specifies a keychain name which identifies this particular keychain entry.
Platforms
All
keygroup-name
keygroup-name
Syntax
keygroup-name keygroup-name
no keygroup-name
Context
[Tree] (config>grp-encryp>encryp-keygrp keygroup-name)
Full Context
configure group-encryption encryption-keygroup keygroup-name
Description
This command is used to name the key group. The key group name can be used to reference a key group when configuring services or displaying information.
The no form of the command reverts to the default value.
Parameters
- keygroup-name
-
The name of the key group, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
kill-session
kill-session
Syntax
[no] kill-session
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization kill-session)
Full Context
configure system security profile netconf base-op-authorization kill-session
Description
This command authorizes a user associated with the profile to send a NETCONF <kill-session> operation. This kill session operation allows a NETCONF client to kill another NETCONF session, but not the session in which the operation is requested.
The no form of the command denies the user from requesting a kill-session.
Default
no kill-session
Platforms
All