u Commands

ua

ua

Syntax

[no] ua function-value

Context

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func ua)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua

Description

Commands in this context configure the attributes of the uA micro-SID function associated with a P2P interface. The uA micro-SID function encodes the behavior of an adjacency SID.

The range of allowed configurable values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uA micro-SID.

Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

A static function value can be configured for each combination of SRH mode and protection type.

For a specified interface, the static function value associated with the same combination of protection type and SRH mode overrides any corresponding automatically allocated function value (ua-auto-allocate command configuration).

If more than one value is configured for an interface and combination of SRH mode and protection type, they are all advertised in IS-IS.

When used in remote TI-LFA repair tunnel programming, IS-IS uses rules to select one uA value from the multiple values received in IS-IS link advertisements.

The values assigned to loopback and system interfaces are not advertised in IS-IS.

The uA micro-SID functions for adjacencies over broadcast interfaces are always automatically allocated based on the configuration of the following command:

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua-auto-allocate

The no form of this command removes the function value from the configuration.

Parameters

function-value

Specifies the SRv6 uA function.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ua-auto-allocate

ua-auto-allocate

Syntax

[no] ua-auto-allocate srh-mode srh-mode protection protection

Context

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func ua-auto-allocate)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua-auto-allocate

Description

This command configures a list entry for the automatic allocation of the uA micro-SID function for all adjacencies over all network interfaces on the router (P2P and broadcast interfaces).

Auto-allocated uA function value (N) is drawn by the system from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

A list entry is a combination of the protection type and the SRH mode. Any combinations in addition to the maximum number of entries supported by this command must be allocated statically for each P2P interface. The maximum number of entries in this list is two.

When no list entries are configured, no uA function values are automatically allocated by default for a micro-segment locator.

Note:

Any change to this list causes a re-allocation of new function values to all interfaces on the router that results in flooding them to the network and triggers a new SPF in all routers.

The no form of this command removes the function value from the configuration.

Parameters

srh-mode

Specifies the SRH mode for the SID.

Values

psp, usp

protection

Specifies whether the adjacency SID is protected.

Values

protected, unprotected

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udp

udp

Syntax

[no] udp

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter udp)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter udp)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter udp)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter udp)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter udp

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter udp

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter udp

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter udp

Description

This command selects the MPLS-over-UDP tunnel type programmed in TTM.

The udp value instructs BGP EVPN to search for a UDP LSP to the address of the BGP next hop.

The no form of this command removes the selected MPLS-over-UDP tunnel type.

Default

no udp

Platforms

All

udp

Syntax

udp [hrs hours] [min minutes] [sec seconds]

no udp

Context

[Tree] (config>service>nat>up-nat-policy>timeouts udp)

[Tree] (config>service>nat>nat-policy>timeouts udp)

[Tree] (config>service>nat>firewall-policy>timeouts udp)

Full Context

configure service nat up-nat-policy timeouts udp

configure service nat nat-policy timeouts udp

configure service nat firewall-policy timeouts udp

Description

This command configures the UDP mapping timeout.

Default

udp min 5

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy timeouts udp
  • configure service nat up-nat-policy timeouts udp

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy timeouts udp

udp

Syntax

udp src udp-port dest udp-port

no udp

Context

[Tree] (config>mirror>mirror-dest>encap>layer-3-encap>gateway udp)

Full Context

configure mirror mirror-dest encap layer-3-encap gateway udp

Description

This command configures the source UDP port and destination UDP port to use in the UDP header part of the routable LI encapsulation.

Parameters

udp-port

Specifies source UDP port.

Values

1 to 65535

Platforms

All

udp

Syntax

udp

Context

[Tree] (config>test-oam>build-packet>header udp)

[Tree] (debug>oam>build-packet>packet>field-override>header udp)

Full Context

configure test-oam build-packet header udp

debug oam build-packet packet field-override header udp

Description

This command creates a UDP header and enables the context to define the associated parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

udp

Syntax

[no] udp

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter udp)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter udp

Description

This command selects UDP tunnel in TTM for next-hop resolution.

Platforms

All

udp-dns

udp-dns

Syntax

udp-dns [hrs hours] [min minutes] [sec seconds]

no udp-dns

Context

[Tree] (config>service>nat>up-nat-policy>timeouts udp-dns)

[Tree] (config>service>nat>firewall-policy>timeouts udp-dns)

[Tree] (config>service>nat>nat-policy>timeouts udp-dns)

Full Context

configure service nat up-nat-policy timeouts udp-dns

configure service nat firewall-policy timeouts udp-dns

configure service nat nat-policy timeouts udp-dns

Description

This command configures the timeout applied to a UDP session with destination port 53.

Default

udp-dns sec 15

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat up-nat-policy timeouts udp-dns
  • configure service nat nat-policy timeouts udp-dns

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy timeouts udp-dns

udp-dst

udp-dst

Syntax

udp-dst udp-port

no udp-dst

Context

[Tree] (config>li>mirror-dest-template>layer-3-encap udp-dst)

Full Context

configure li mirror-dest-template layer-3-encap udp-dst

Description

This command configures the destination UDP port to be used in the UDP header of the routable LI encapsulation.

Parameters

udp-port

Specifies the destination UDP port.

Values

1 to 65535

Platforms

All

udp-dst-port

udp-dst-port

Syntax

udp-dst-port port

no udp-dst-port

Context

[Tree] (config>mcast-mgmt>mcast-rprt-dest udp-dst-port)

Full Context

configure mcast-management mcast-reporting-dest udp-dst-port

Description

This command specifies the UDP destination port of the external node to which IGMP events are exported.

The no form of this command reverts to the default.

Parameters

port

Specifies the UDP port to send multicast reports.

Values

1 to 65535

Platforms

All

udp-inbound-refresh

udp-inbound-refresh

Syntax

[no] udp-inbound-refresh

Context

[Tree] (config>service>nat>nat-policy udp-inbound-refresh)

[Tree] (config>service>nat>firewall-policy udp-inbound-refresh)

[Tree] (config>service>nat>up-nat-policy udp-inbound-refresh)

Full Context

configure service nat nat-policy udp-inbound-refresh

configure service nat firewall-policy udp-inbound-refresh

configure service nat up-nat-policy udp-inbound-refresh

Description

This command enables UDP session timeout extended on inbound traffic.

The no form of the command disables UDP session timeout extended on inbound traffic.

Default

no udp-inbound-refresh

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy udp-inbound-refresh
  • configure service nat up-nat-policy udp-inbound-refresh

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy udp-inbound-refresh

udp-initial

udp-initial

Syntax

udp-initial [min minutes] [sec seconds]

no udp-initial

Context

[Tree] (config>service>nat>nat-policy>timeouts udp-initial)

[Tree] (config>service>nat>firewall-policy>timeouts udp-initial)

[Tree] (config>service>nat>up-nat-policy>timeouts udp-initial)

Full Context

configure service nat nat-policy timeouts udp-initial

configure service nat firewall-policy timeouts udp-initial

configure service nat up-nat-policy timeouts udp-initial

Description

This command configures the UDP mapping timeout applied to new sessions.

Default

udp-initial sec 15

Parameters

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy timeouts udp-initial
  • configure service nat up-nat-policy timeouts udp-initial

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy timeouts udp-initial

udp-port

udp-port

Syntax

udp-port udp-port-number

Context

[Tree] (config>service>vprn>mtrace2 udp-port)

[Tree] (config>router>mtrace2 udp-port)

Full Context

configure service vprn mtrace2 udp-port

configure router mtrace2 udp-port

Description

This command specifies the destination and listening port for the mtrace2 command. When it is configured, this command generates Mtrace2 packets with the configured UDP port, and also listens on the same port for any incoming Mtrace2 packets.

Port 33435 is the IANA-assigned port for Mtrace2. On several operating systems (for example, Linux OS, SR OS), this port is also used by traceroute. On SR OS, if port 33435 is configured as the Mtrace2 port, SR OS does not respond to traceroute on this port.

Default

5000

Parameters

udp-port-number

Specifies the UDP port for the test.

Values

1024 to 49151

Platforms

All

udp-protocols

udp-protocols

Syntax

udp-protocols protocol-set

Context

[Tree] (config>app-assure>group>tether-detect>ttl-mon udp-protocols)

Full Context

configure application-assurance group tethering-detection ttl-monitoring udp-protocols

Description

This command configures whether AA analyzes all UDP traffic or only traffic from standard applications that generate consistent TTL values. Configuring AA to analyze only standard UDP traffic is recommended.

Default

udp-protocols standard

Parameters

protocol-set

Specifies the scope of analysis for UDP traffic.

Values

standard, all

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

udp-return-object

udp-return-object

Syntax

udp-return-object ip-address

no udp-return-object

Context

[Tree] (config>oam-pm>session>mpls>lsp>rsvp udp-return-object)

[Tree] (config>oam-pm>session>mpls>lsp>rsvp-auto udp-return-object)

Full Context

configure oam-pm session mpls lsp rsvp udp-return-object

configure oam-pm session mpls lsp rsvp-auto udp-return-object

Description

This command configures the destination IP address used by the far end of the test to send a test response. The UDP port in the UDP-Return Object is set to 64353 for MPLS DM PDUs.

RSVP tunnels are unidirectional and must include a configured local address for the responder can route the response back by the IP control plane. If the configuration is absent, the DN test fails to activate. If the configured IP address is not a local address, the command fails.

The no form of this command removes the udp-return-object IP address.

Parameters

ip-address

Specifies the destination IP.

Values

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

udp-src

udp-src

Syntax

udp-src udp-port

no udp-src

Context

[Tree] (config>li>mirror-dest-template>layer-3-encap udp-src)

Full Context

configure li mirror-dest-template layer-3-encap udp-src

Description

This command configures the source UDP port to be used in the UDP header of the routable LI encapsulation.

Parameters

udp-port

Specifies the source UDP port.

Values

1 to 65535

Platforms

All

udt2m

udt2m

Syntax

udt2m [function-value]

no udt2m

Context

[Tree] (config>service>vpls>srv6>ms-locator>function udt2m)

Full Context

configure service vpls segment-routing-v6 micro-segment-locator function udt2m

Description

This command configures the SRv6 uDT2M behavior and function value that is associated with the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPLS service.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT2M micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

If no value is configured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT2M function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt2u

udt2u

Syntax

udt2u [function-value]

no udt2u

Context

[Tree] (config>service>vpls>srv6>ms-locator>function udt2u)

Full Context

configure service vpls segment-routing-v6 micro-segment-locator function udt2u

Description

This command configures the SRv6 uDT2U behavior and function value that is associated with the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPLS service.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT2U micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

If no value is configured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT2U function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt4

udt4

Syntax

udt4 [function-value]

no udt4

Context

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func udt4)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function udt4

Description

This command configures the SRv6 micro-segment uDT4 behavior and function value associated with the base routing instance. This implies that decapsulation and table lookup for IPv4 prefixes occurs in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT4 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

When unconfigured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT4 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt4

Syntax

udt4 [function-value]

no udt4

Context

[Tree] (config>service>vprn>srv6>ms-locator>function udt4)

Full Context

configure service vprn segment-routing-v6 micro-segment-locator function udt4

Description

This command configures the SRv6 uDT4 behavior and function value that is associated with the SRv6 instance in the service. This implies that decapsulation and table lookup for IPv4 prefixes occurs in the VPRN.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT4 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

If no value is configured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT4 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt46

udt46

Syntax

udt46 [function-value]

no udt46

Context

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func udt46)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function udt46

Description

This command configures the SRv6 micro-segment uDT46 behavior and function value associated with the base routing instance. This implies that decapsulation and table lookup for IPv4 prefixes occurs in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT46 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

When unconfigured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT46 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt46

Syntax

udt46 [function-value]

no udt46

Context

[Tree] (config>service>vprn>srv6>ms-locator>function udt46)

Full Context

configure service vprn segment-routing-v6 micro-segment-locator function udt46

Description

This command configures the SRv6 uDT46 behavior and function value that is associated with the SRv6 instance in the service. This implies that decapsulation and table lookup for IPv4 and IPv6 prefixes occurs in the VPRN.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT46 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

If no value is configured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT46 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt6

udt6

Syntax

udt6 [function-value]

no udt6

Context

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func udt6)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function udt6

Description

This command configures the SRv6 micro-segment uDT6 behavior and function value associated with the base routing instance. This implies that decapsulation and table lookup for IPv4 prefixes occurs in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT6 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

When unconfigured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT6 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udt6

Syntax

udt6 [function-value]

no udt6

Context

[Tree] (config>service>vprn>srv6>ms-locator>function udt6)

Full Context

configure service vprn segment-routing-v6 micro-segment-locator function udt6

Description

This command configures the SRv6 uDT6 behavior and function value that is associated with the SRv6 instance in the service. This implies that decapsulation and table lookup for IPv6 prefixes occurs in the VPRN.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDT6 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

If no value is configured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDT6 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

udx2

udx2

Syntax

udx2 [function-value]

no udx2

Context

[Tree] (config>service>epipe>srv6>ms-locator>function udx2)

Full Context

configure service epipe segment-routing-v6 micro-segment-locator function udx2

Description

This command configures the SRv6 micro-segment uDX2 behavior and function value that is associated with the SRv6 instance in the service. This means that decapsulation and cross-connect to the egress SAP occurs in the Epipe service.

The range of allowed configurables values is [1, max-entries]. This draws the Nth value (where N = function-value) of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1] to form a uDX2 micro-SID. Static micro-SID values range in [1024*global-sid-entries, 1024*global-sid-entries + max-entries – 1].

If no value is configured, the system draws a function value (N) from the following range [max-entries + 1, 2^sid-length – 1024*global-sid-entries] and the effective micro-SID value is the Nth value of the local micro-SID range [1024*global-sid-entries, 2^sid-length – 1]. Dynamic micro-SID values range in [1024*global-sid-entries + max-entries, 2^sid-length – 1].

The no form of this command removes the function behavior and value from the configuration.

Parameters

function-value

Specifies the SRv6 micro-segment uDX2 function value.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ue

ue

Syntax

ue ieee-address [profile trace-profile-name]

no ue ieee-address

Context

[Tree] (debug>call-trace>wlan-gw ue)

Full Context

debug call-trace wlan-gw ue

Description

This command starts tracing the UE with the specified MAC address. The trace is started with default parameters or optionally parameters specified in the trace-profile.

The no form of this command stops the trace and make sure no new traces are started.

Parameters

ieee-address

Displays information about the MAC address of this UE.

trace-profile-name

Specifies the name of a configured trace profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ue-creation-type

ue-creation-type

Syntax

[no] ue-creation-type

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes ue-creation-type)

Full Context

configure aaa isa-radius-policy acct-include-attributes ue-creation-type

Description

This command enables including the Alc-Wlan-Ue-Creation-Type.

Default

no ue-creation-type

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ue-query

ue-query

Syntax

ue-query query-id [name name] [create]

no ue-query query-id

Context

[Tree] (config>subscr-mgmt>wlan-gw ue-query)

Full Context

configure subscriber-mgmt wlan-gw ue-query

Description

This command creates a UE query where filter criteria over WLAN-GW ISA UEs are defined. This query can later be used to retrieve state of the UEs matching the configured criteria.

The no form of this command removes the query.

Parameters

query-id

Specifies the ID assigned to a query.

Values

1 to 1024

name

Specifies the name assigned to a query, up to 32 characters.

create

Creates a UE query.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

ue-state

ue-state

Syntax

[no] ue-state

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query ue-state)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query ue-state

Description

This command enables matching on a specific UE state. Multiple states can be provisioned. If no UE state specifier is configured, UE state matching is disabled (all UEs match).

This match criteria can be combined with minimum and maximum match criteria, which will then apply only to UEs of the specified state.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

uli

uli

Syntax

[no] uli

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute uli)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute uli

Description

This command enables the inclusion of the User Location Information in AAA protocols as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the attribute.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

uli

Syntax

[no] uli

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute uli)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute uli

Description

This command, in case of ESM over GTP access, includes the ULI VSA in accounting. This VSA contains the last VSA as received via GTP. Use the configure subscriber-mgmt radius-accounting-policy triggered-updates gtp-change uli-change command to trigger an interim accounting update whenever ULI changes.

The no form of this command disables inclusion of the ULI VSA.

Default

no uli

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

uli-change

uli-change

Syntax

[no] uli-change

Context

[Tree] (config>subscr-mgmt>acct-plcy>triggered-updates>gc uli-change)

Full Context

configure subscriber-mgmt radius-accounting-policy triggered-updates gtp-change uli-change

Description

This command configures the router to send an interim accounting update when a user location change is detected.

The no form of the command configures the router not to send an interim accounting update when a user location change is detected.

Default

no uli-change

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

umh-pe

umh-pe

Syntax

umh-pe ip-address standby ip-address

no umh-pe ip-address

Context

[Tree] (config>service>vprn>mvpn>umh-pe-backup umh-pe)

Full Context

configure service vprn mvpn umh-pe-backup umh-pe

Description

This command assigns a standby PE to each primary PE that must be selected as an alternative PE in case the UFD session on tunnel from primary PE is detected down. Standby for a PE cannot be modified without shutting down the MVPN instance.

If a primary PE is not assigned a standby PE then the UMH selection would fall back to the default method.

Platforms

All

umh-pe-backup

umh-pe-backup

Syntax

umh-pe-backup

Context

[Tree] (config>service>vprn>mvpn umh-pe-backup)

Full Context

configure service vprn mvpn umh-pe-backup

Description

This command enables context to configure primary and standby upstream PE association for the MVPN.

Platforms

All

umh-rate-monitoring

umh-rate-monitoring

Syntax

umh-rate-monitoring

Context

[Tree] (config>service>vprn>mvpn>pt>selective umh-rate-monitoring)

[Tree] (config>service>vprn>mvpn>pt>inclusive umh-rate-monitoring)

Full Context

configure service vprn mvpn provider-tunnel selective umh-rate-monitoring

configure service vprn mvpn provider-tunnel inclusive umh-rate-monitoring

Description

Commands in this context configure bandwidth monitoring for UMH redundancy.

Platforms

All

umh-selection

umh-selection

Syntax

umh-selection {highest-ip | hash-based | tunnel-status | unicast-rt-pref}

no umh-selection

Context

[Tree] (config>service>vprn>mvpn umh-selection)

Full Context

configure service vprn mvpn umh-selection

Description

This command specifies which UMH selection mechanism to use, highest IP address, hash based or provider tunnel status.

The no form of this command resets it back to default.

Default

umh-selection highest-ip

Parameters

highest-ip

Specifies that the highest next-hop IP address is selected as UMH. The RTM may have just one next-hop to the source, but highest-ip uses all of the next-hops available to BGP that appear in the BGP database.

hash-based

Specifies that the UMH selection is based on hash-based procedures set out in RFC6513, section 5.1.3. The RTM may have just one next-hop to the source, but hash-based uses all of the next-hops available to BGP that appear in the BGP database.

tunnel-status

Specifies that UMH selection is based on the state of the tunnel as well as the available unicast routes through the tunnel. Not supported for IPv6.

unicast-rt-pref

When selected, best unicast route will decide which UMH is chosen. All PE routers shall prefer the same route to the UMH for the UMH selection criterion (for example BGP path selection criteria must not influence one PE to choose different UMH from another PE).

Platforms

All

un

un

Syntax

un

Context

[Tree] (conf>router>segment-routing>srv6>micro-segment-locator un)

Full Context

configure router segment-routing segment-routing-v6 micro-segment-locator un

Description

Commands in this context configure parameters associated with the uN function.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

unavailability-event

unavailability-event

Syntax

unavailability-event {forward | backward | aggregate} threshold raise-threshold [clear clear-threshold]

no unavailability-event {forward | backward | aggregate}

Context

[Tree] (config>oam-pm>session>ethernet>lmm>loss-events unavailability-event)

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events unavailability-event)

[Tree] (config>oam-pm>session>ethernet>slm>loss-events unavailability-event)

Full Context

configure oam-pm session ethernet lmm loss-events unavailability-event

configure oam-pm session ip twamp-light loss-events unavailability-event

configure oam-pm session ethernet slm loss-events unavailability-event

Description

This command sets the threshold to be applied to the overall count of the unavailability indicators, not transitions, per configured direction. This value is compared to the 32 bit unavailability counter specific to the direction which tracks the number of individual delta-ts that have been recorded as unavailable. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no unavailability-event forward

no unavailability-event backward

no unavailability-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies a numerical value compared to the unavailability counter that is the rising threshold that determines when the event is to be generated, when value reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the unavailability counter must be 0.

Platforms

All

  • configure oam-pm session ethernet slm loss-events unavailability-event
  • configure oam-pm session ethernet lmm loss-events unavailability-event

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure oam-pm session ip twamp-light loss-events unavailability-event

uncoloured-octets-offered-count

uncoloured-octets-offered-count

Syntax

[no] uncoloured-packets-offered-count

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>i-counters uncoloured-octets-offered-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>i-counters uncoloured-octets-offered-count)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters uncoloured-octets-offered-count

configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters uncoloured-octets-offered-count

Description

This command includes the uncoloured octets offered in the count.

The no form of this command excludes the uncoloured octets offered in the count.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

uncoloured-octets-offered-count

Syntax

[no] uncoloured-octets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters uncoloured-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record policer e-counters uncoloured-octets-offered-count

Description

This command includes the uncoloured octets offered count.

The no form of this command excludes the uncoloured octets offered count.

Default

no uncoloured-octets-offered-count

Platforms

All

uncoloured-octets-offered-count

Syntax

[no] uncoloured-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters uncoloured-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-queue i-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record policer i-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record queue i-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record ref-policer i-counters uncoloured-octets-offered-count

Description

This command includes the uncoloured octets offered in the count.

The no form of this command excludes the uncoloured octets offered in the count.

Default

no uncoloured-octets-offered-count

Platforms

All

uncoloured-packets-offered-count

uncoloured-packets-offered-count

Syntax

[no] uncoloured-packets-offered-count

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue>i-counters uncoloured-packets-offered-count)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue>i-counters uncoloured-packets-offered-count)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters uncoloured-packets-offered-count

configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters uncoloured-packets-offered-count

Description

This command includes the uncoloured packets offered count.

The no form of this command excludes the uncoloured packets offered count.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

uncoloured-packets-offered-count

Syntax

[no] uncoloured-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters uncoloured-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record policer e-counters uncoloured-packets-offered-count

Description

This command includes the uncoloured packets offered count.

The no form of this command excludes the uncoloured packets offered count.

Default

no uncoloured-packets-offered-count

Platforms

All

uncoloured-packets-offered-count

Syntax

[no] uncoloured-packets-offered-count

Context

[Tree] (config>log>acct-policy>cr>queue>i-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters uncoloured-packets-offered-count)

Full Context

configure log accounting-policy custom-record queue i-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record policer i-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record ref-queue i-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record ref-policer i-counters uncoloured-packets-offered-count

Description

This command includes the uncolored packets offered count.

The no form of this command excludes the uncoloured packets offered count.

Default

no uncoloured-packets-offered-count

Platforms

All

uncommitted-changes-indicator

uncommitted-changes-indicator

Syntax

[no] uncommitted-changes-indicator

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt uncommitted-changes-indicator)

Full Context

configure system management-interface cli md-cli environment prompt uncommitted-changes-indicator

Description

This command displays the change indicator.

The no form of this command suppresses the change indicator.

Default

uncommitted-changes-indicator

Platforms

All

unconstrained-bw

unconstrained-bw

Syntax

unconstrained-bw bandwidth mandatory-bw mandatory-bw

no unconstrained-bw

Context

[Tree] (config>subscr-mgmt>sub-mcac-plcy unconstrained-bw)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac unconstrained-bw)

Full Context

configure subscriber-mgmt sub-mcac-policy unconstrained-bw

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac unconstrained-bw

Description

This command configures the bandwidth for the interface or subscriber's multicast CAC policy traffic. When disabled (no unconstrained-bw), there is no checking of bandwidth constraints on the interface or subscriber level. When enabled and a policy is defined, enforcement is performed. The allocated bandwidth for optional channels should not exceed the unconstrained-bw minus the mandatory-bw and the mandatory channels have to stay below the specified value for the mandatory-bw. After this interface and subscriber check, the bundle checks are performed.

The no form of this command reverts to the default.

Parameters

bandwidth

Specifies bandwidth assigned for interface's MCAC policy traffic, in kilobits per second (kb/s).

Values

0 to 2147483647

mandatory-bw

Specifies the bandwidth pre-reserved for all the mandatory channels on a given interface in kilobits per second (kb/s).

If the bandwidth value is 0, no mandatory channels are allowed. If the value of bandwidth is '-1', then all mandatory and optional channels are allowed.

If the value of mandatory-bw is equal to the value of bandwidth, then all the unconstrained bandwidth on a given interface is allocated to mandatory channels configured through multicast CAC policy on that interface and no optional groups (channels) are allowed.

The value of mandatory-bw should always be less than or equal to that of bandwidth, An attempt to set the value of mandatory-bw greater than that of bandwidth, will result in inconsistent value error.

Values

0 to 2147483647

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure subscriber-mgmt sub-mcac-policy unconstrained-bw

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac unconstrained-bw

unconstrained-bw

Syntax

unconstrained-bw bandwidth mandatory-bw mandatory-bw

no unconstrained-bw

Context

[Tree] (config>service>vpls>sap>mld-snooping>mcac unconstrained-bw)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>mcac unconstrained-bw)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>mcac unconstrained-bw)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>mcac unconstrained-bw)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>mcac unconstrained-bw)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac unconstrained-bw)

Full Context

configure service vpls sap mld-snooping mcac unconstrained-bw

configure service vpls mesh-sdp mld-snooping mcac unconstrained-bw

configure service vpls spoke-sdp igmp-snooping mcac unconstrained-bw

configure service vpls spoke-sdp mld-snooping mcac unconstrained-bw

configure service vpls mesh-sdp igmp-snooping mcac unconstrained-bw

configure service vpls sap igmp-snooping mcac unconstrained-bw

Description

This command configures the bandwidth for the interface's multicast CAC policy traffic. When disabled (no unconstrained-bw) there will be no checking of bandwidth constraints on the interface level. When enabled and a policy is defined, enforcement is performed. The allocated bandwidth for optional channels should not exceed the unconstrained-bw minus the mandatory-bw and the mandatory channels have to stay below the specified value for the mandatory-bw. After this interface check, the bundle checks are performed.

Parameters

bandwidth

The bandwidth assigned for interface's MCAC policy traffic, in kilobits per second (kb/s)

Values

0 to 2147483647

mandatory-bw mandatory-bw

Specifies the bandwidth pre-reserved for all the mandatory channels on a specified interface in kilobits per second (kb/s)

If the bandwidth value is 0, no mandatory channels are allowed. If bandwidth is not configured, then all mandatory and optional channels are allowed.

If the value of mandatory-bw is equal to the value of bandwidth, then all the unconstrained bandwidth on a specified interface is allocated to mandatory channels configured through multicast CAC policy on that interface and no optional groups (channels) are allowed.

The value of mandatory-bw should always be less than or equal to that of bandwidth, An attempt to set the value of mandatory-bw greater than that of bandwidth, will result in inconsistent value error.

Values

0 to 2147483647

Platforms

All

unconstrained-bw

Syntax

unconstrained-bw bandwidth mandatory-bw mandatory-bw

no unconstrained-bw

Context

[Tree] (config>service>vprn>mld>if>mcac unconstrained-bw)

[Tree] (config>service>vprn>igmp>if>mcac unconstrained-bw)

[Tree] (config>service>vprn>pim>if>mcac unconstrained-bw)

[Tree] (config>service>vprn>igmp>grp-if>mcac unconstrained-bw)

[Tree] (config>service>vprn>mld>grp-if>mcac unconstrained-bw)

Full Context

configure service vprn mld interface mcac unconstrained-bw

configure service vprn igmp interface mcac unconstrained-bw

configure service vprn pim interface mcac unconstrained-bw

configure service vprn igmp group-interface mcac unconstrained-bw

configure service vprn mld group-interface mcac unconstrained-bw

Description

This command configures the bandwidth for the interface's multicast CAC policy traffic. When disabled (no unconstrained-bw) there will be no checking of bandwidth constraints on the interface level. When enabled and a policy is defined, enforcement is performed. The allocated bandwidth for optional channels should not exceed the unconstrained-bw minus the mandatory-bw and the mandatory channels have to stay below the specified value for the mandatory-bw. After this interface check, the bundle checks are performed.

Parameters

bandwidth

The bandwidth assigned for the interface’s MCAC policy traffic in kb/s.

Values

0 to 2147483647

mandatory-bw mandatory-bw

Specifies the bandwidth pre-reserved for all the mandatory channels on a given interface, in kb/s.

If the bandwidth value is 0, no mandatory channels are allowed. If bandwidth is not configured, then all mandatory and optional channels are allowed.

If the value of mandatory-bw is equal to the value of bandwidth, then all the unconstrained bandwidth on a given interface is allocated to mandatory channels configured through multicast CAC policy on that interface and no optional groups (channels) are allowed.

The value of mandatory-bw should always be less than or equal to that of bandwidth, An attempt to set the value of mandatory-bw greater than that of bandwidth, will result in inconsistent value error.

Values

0 to 2147483647

Platforms

All

  • configure service vprn pim interface mcac unconstrained-bw
  • configure service vprn mld interface mcac unconstrained-bw
  • configure service vprn igmp interface mcac unconstrained-bw

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn mld group-interface mcac unconstrained-bw
  • configure service vprn igmp group-interface mcac unconstrained-bw

unconstrained-bw

Syntax

unconstrained-bw bandwidth mandatory-bw mandatory-bw

no unconstrained-bw

Context

[Tree] (config>router>mcac>if-policy unconstrained-bw)

[Tree] (config>router>igmp>interface>mcac unconstrained-bw)

[Tree] (config>router>pim>interface>mcac unconstrained-bw)

[Tree] (config>router>mld>interface>mcac unconstrained-bw)

[Tree] (config>router>mld>grp-if>mcac unconstrained-bw)

[Tree] (config>router>igmp>grp-if>mcac unconstrained-bw)

Full Context

configure router mcac if-policy unconstrained-bw

configure router igmp interface mcac unconstrained-bw

configure router pim interface mcac unconstrained-bw

configure router mld interface mcac unconstrained-bw

configure router mld group-interface mcac unconstrained-bw

configure router igmp group-interface mcac unconstrained-bw

Description

This command enables MCAC (or HMCAC) function on the corresponding level (subscriber, group-interface or redirected interface). When MCAC (or HMCAC) is enabled and a channel definition policy is referenced, admission control is performed. The allocated bandwidth for optional channels should not exceed the unconstrained-bw minus the mandatory-bw. The mandatory channels have to stay below the specified value for the mandatory-bw.

In HMCAC, the subscriber is checked first against its bandwidth limits followed by the check on the redirected interface or the group-interface against the bandwidth limits defined there.

In case that redirection is enabled and HMCAC enabled, the channel definition policy must be referenced under the redirected interface level. If it is referenced under the group-interface level, it will be ignored.

Subscriber MCAC (only subscriber is checked for available resources) is supported only with direct subscriber replication (no redirection). In this case the channel definition policy must be referenced under the group-interface.

If the redirection is enabled but the policy is referenced only under the group-interface, no admission control is executed (HMCAC or MCAC).

The no form of this command removes the values from the configuration.

Default

no unconstrained-bw

Parameters

bandwidth

Specifies the unconstrained bandwidth in kb/s for the MCAC policy.

Values

0 to 2147483647

mandatory-bw

Specifies the mandatory bandwidth in kb/s for the MCAC policy.

Values

0 to 2147483647

Platforms

All

  • configure router mld interface mcac unconstrained-bw
  • configure router mcac if-policy unconstrained-bw
  • configure router igmp interface mcac unconstrained-bw
  • configure router pim interface mcac unconstrained-bw

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router mld group-interface mcac unconstrained-bw
  • configure router igmp group-interface mcac unconstrained-bw

unconsumed-agg-rate

unconsumed-agg-rate

Syntax

unconsumed-agg-rate percent percent-of-unconsumed-agg-rate

no unconsumed-agg-rate

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution>above-offered-allowance unconsumed-agg-rate)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution above-offered-allowance unconsumed-agg-rate

Description

This command configures the percentage of the unconsumed aggregate rate that can be given to a queue at the end of an H-QoS below CIR pass and above CIR pass. This command is only applicable when the port scheduler is configured to use the above-offered-allowance-control algorithm, otherwise it is ignored.

The no form of this command reverts the unconsumed-agg-rate percent to its default value.

Default

unconsumed-agg-rate 100.00

Parameters

percent-of-unconsumed-agg-rate

Specifies the percentage of the unconsumed aggregate rate that can be given to a queue.

Values

0.00 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

unconsumed-higher-tier-rate

unconsumed-higher-tier-rate

Syntax

unconsumed-higher-tier-rate percent percent-of-unconsumed-higher-tier-rate

no unconsumed-higher-tier-rate

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution>above-offered-allowance unconsumed-higher-tier-rate)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution above-offered-allowance unconsumed-higher-tier-rate

Description

This command configures the percentage of the unconsumed higher tier rate that can be given to a queue at the end of an H-QoS below CIR pass and above CIR pass. Higher tier refers to the Vport aggregate rate and port scheduler level, group, and maximum rates.

This command is only applicable when the port scheduler is configured to use the above-offered-allowance-control algorithm, otherwise it is ignored.

The no form of this command reverts the unconsumed-higher-tier-rate percent to its default value.

Default

unconsumed-higher-tier-rate 100.00

Parameters

percent-of-unconsumed-higher-tier-rate

Specifies the percentage of the unconsumed higher tier rate that can be given to a queue.

Values

0.00 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

underflow-limit

underflow-limit

Syntax

underflow-limit number threshold percent [bw bandwidth-in-mbps]

no underflow-limit

Context

[Tree] (config>router>mpls>lsp-template>auto-bandwidth underflow-limit)

[Tree] (config>router>mpls>lsp>auto-bandwidth underflow-limit)

Full Context

configure router mpls lsp-template auto-bandwidth underflow-limit

configure router mpls lsp auto-bandwidth underflow-limit

Description

This command configures underflow-triggered auto-bandwidth adjustment. An underflow auto-bandwidth adjustment can occur any time during the adjust-interval; it is triggered when the number of consecutive underflow samples reaches the threshold N configured as part of this command. The new bandwidth of the LSP after a successful underflow adjustment is the maximum data rate observed in the last N consecutive underflow samples.

A sample interval is counted as an underflow if the average data rate during the sample interval is lower than the currently reserved bandwidth by at least the thresholds configured as part of this command.

The no form of this command disables underflow-triggered automatic bandwidth adjustment.

Default

no underflow-limit

Parameters

number

Specifies the number of consecutive underflow samples that triggers an underflow auto-bandwidth adjustment attempt.

Values

0 to 10

percent

Specifies the minimum difference between the current bandwidth of the LSP and the sampled data rate, expressed as a percentage of the current bandwidth, for counting an underflow sample.

Values

0 to100

bandwidth-in-mbps

Specifies the minimum difference between the current bandwidth of the LSP and the sampled data rate, expressed as an absolute bandwidth (Mb/s) relative to the current bandwidth, for counting an underflow sample.

Values

0 to 6400000

Platforms

All

undet-availability-event

undet-availability-event

Syntax

undet-availability-event {forward | backward | aggregate} threshold raise-threshold [clear clear-threshold]

no undet-availability-event {forward | backward | aggregate}

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events undet-availability-event)

[Tree] (config>oam-pm>session>ethernet>slm>loss-events undet-availability-event)

[Tree] (config>oam-pm>session>ethernet>lmm>loss-events undet-availability-event)

Full Context

configure oam-pm session ip twamp-light loss-events undet-availability-event

configure oam-pm session ethernet slm loss-events undet-availability-event

configure oam-pm session ethernet lmm loss-events undet-availability-event

Description

This command sets the threshold to be applied to the overall count of the undetermined availability indicators, not transitions, per configured direction. This value is compared to the 32 bit unavailability counter specific to the direction which tracks the number of individual delta-ts that have been recorded as undetermined available. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no undet-availability-event forward

no undet-availability-event backward

no undet-availability-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the rising threshold that determines when the event is to be generated, when value reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the undetermined availability counter must be 0.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure oam-pm session ip twamp-light loss-events undet-availability-event

All

  • configure oam-pm session ethernet slm loss-events undet-availability-event
  • configure oam-pm session ethernet lmm loss-events undet-availability-event

undet-unavailability-event

undet-unavailability-event

Syntax

undet-unavailability-event {forward | backward | aggregate} threshold raise-threshold [clear clear-threshold]

no undet-unavailability-event {forward | backward | aggregate}

Context

[Tree] (config>oam-pm>session>ethernet>slm>loss-events undet-unavailability-event)

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events undet-unavailability-event)

[Tree] (config>oam-pm>session>ethernet>lmm>loss-events undet-unavailability-event)

Full Context

configure oam-pm session ethernet slm loss-events undet-unavailability-event

configure oam-pm session ip twamp-light loss-events undet-unavailability-event

configure oam-pm session ethernet lmm loss-events undet-unavailability-event

Description

This command sets the threshold to be applied to the overall count of the undetermined unavailability indicators, not transitions, per configured direction. This value is compared to the 32 bit unavailability counter specific to the direction which tracks the number of individual delta-ts that have been recorded as undetermined unavailable. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the clear clear-threshold parameter is not specified the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and without regard to any previous window. Each unique event can only be raised once within measurement interval. If the optional clear threshold is specified the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is not raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no undet-unavailable-event forward

no undet-unavailable-event backward

no undet-unavailable-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the rising threshold that determines when the event is to be generated, when value reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the undetermined availability counter must be 0.

Platforms

All

  • configure oam-pm session ethernet lmm loss-events undet-unavailability-event
  • configure oam-pm session ethernet slm loss-events undet-unavailability-event

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure oam-pm session ip twamp-light loss-events undet-unavailability-event

undo

undo

Syntax

undo [count]

Context

[Tree] (candidate undo)

Full Context

candidate undo

Description

This command removes the most recent change(s) done to the candidate. The changes can be reapplied using the redo command. All undo or redo history is lost when the operator exits the edit-cfg mode. Undo can not be used to recover a candidate that has been discarded with candidate discard.

An undo command is blocked if another user has made changes in the same CLI branches that would be impacted during the undo.

Parameters

count

Specifies the number of previous changes to remove.

Values

1 to 50

Default

1

Platforms

All

uni

uni

Syntax

uni

Context

[Tree] (config>system>security>keychain>direction uni)

Full Context

configure system security keychain direction uni

Description

This command configures keys for send or receive stream directions.

Platforms

All

unicast-address

unicast-address

Syntax

[no] unicast-address ip-address

Context

[Tree] (config>service>vprn>rip>group>neighbor unicast-address)

Full Context

configure service vprn rip group neighbor unicast-address

Description

This command configures the unicast IPv4 address, RIP updates messages will be sent to if the RIP send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv4 address.

The no form of this command deletes the specified IPv4 unicast address from the configuration.

Parameters

ip-address

Specifies the unicast IPv4 address in a.b.c.d format.

Platforms

All

unicast-address

Syntax

[no] unicast-address ipv6-address

Context

[Tree] (config>service>vprn>ripng>group>neighbor unicast-address)

Full Context

configure service vprn ripng group neighbor unicast-address

Description

This command configures the unicast IPv6 address, RIPng updates messages will be sent to if the RIPng send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv6 address.

The no form of this command deletes the specified IPv6 unicast address from the configuration.

Parameters

ipv6-address

Specifies the unicast IPv6 address.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

Platforms

All

unicast-address

Syntax

[no] unicast-address ipv6-address

Context

[Tree] (config>router>ripng>group>neighbor unicast-address)

[Tree] (config>router>rip>group>neighbor unicast-address)

Full Context

configure router ripng group neighbor unicast-address

configure router rip group neighbor unicast-address

Description

This command configures the unicast IPv6 address that RIP and RIPng update messages will be sent to if the send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv6 address.

The no form of the command deletes the specified IPv6 unicast address from the configuration.

Parameters

ipv6-address

Specifies the IPv6 unicast address to which unicast RIP or RIPng updates should be sent.

Platforms

All

unicast-import-disable

unicast-import-disable

Syntax

[no] unicast-import-disable [ipv4]

[no] unicast-import-disable [ipv6]

[no] unicast-import-disable [both]

Context

[Tree] (config>service>vprn>isis unicast-import-disable)

Full Context

configure service vprn isis unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM. Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured.

Default

no unicast-import-disable

Parameters

ipv4

Allows importation of IPv4 routes only.

ipv6

Allows importation of IPv6 routes only.

both

Allows importation of both IPv4 and IPv6 routes.

Platforms

All

unicast-import-disable

Syntax

[no] unicast-import-disable

Context

[Tree] (config>service>vprn>ospf unicast-import-disable)

Full Context

configure service vprn ospf unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM.

Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured

Default

no unicast-import-disable

Platforms

All

unicast-import-disable

Syntax

[no] unicast-import-disable [ipv4]

[no] unicast-import-disable [ipv6]

[no] unicast-import-disable [both]

Context

[Tree] (config>router>isis unicast-import-disable)

Full Context

configure router isis unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM.

Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes are not imported into RPF RTM, thus, an import policy must be explicitly configured.

Default

no unicast-import-disable both

Parameters

ipv4

Allows importation of IPv4 routes only.

ipv6

Allows importation of IPv6 routes only.

both

Allows importation of both IPv4 and IPv6 routes.

Platforms

All

unicast-import-disable

Syntax

[no] unicast-import-disable

Context

[Tree] (config>router>ospf3 unicast-import-disable)

[Tree] (config>router>ospf unicast-import-disable)

Full Context

configure router ospf3 unicast-import-disable

configure router ospf unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM. Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes are not imported into RPF RTM as such an import policy must be explicitly configured.

Default

no unicast-import-disable

Platforms

All

unicast-rt-test

unicast-rt-test

Syntax

[no] unicast-rt-test

Context

[Tree] (config>filter>redirect-policy>dest unicast-rt-test)

Full Context

configure filter redirect-policy destination unicast-rt-test

Description

This command configures a unicast route test for this destination. A destination is eligible for redirect if a valid unicast route to that destination exists in the routing instance specified by config>filter>redirect-policy>router. The unicast route test is mutually exclusive with other redirect-policy test types.

The test cannot be configured if no router is configured for this redirect policy.

The no form of the command disables the test.

Default

no unicast-rt-test

Platforms

All

unidirectional-measurement

unidirectional-measurement

Syntax

unidirectional-measurement measurement-type

Context

[Tree] (config>test-oam>link-meas>template unidirectional-measurement)

Full Context

configure test-oam link-measurement measurement-template unidirectional-measurement

Description

This command specifies the method used to compute the unidirectional delay value.

Default

unidirectional-measurement derived

Parameters

measurement-type

Specifies the method to compute a unidirectional delay measurement.

Values

actual — Keyword to use the forward delay as the unidirectional measurement. The forward delay is calculated using T2-T1 timestamps.

derived — Keyword to compute the unidirectional measurement using the round trip delay divided by two. This option should be used when the nodal clocks are not synchronized using an accurate time synchronization method or protocol, like PTP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

unique-sid-per-sap

unique-sid-per-sap

Syntax

unique-sid-per-sap [per-msap]

no unique-sid-per-sap

Context

[Tree] (config>subscr-mgmt>ppp-policy unique-sid-per-sap)

Full Context

configure subscriber-mgmt ppp-policy unique-sid-per-sap

Description

This command assigns a unique session ID to each PPPoE session active on a single SAP.

On a capture SAP, a unique session ID is assigned per capture SAP: multiple sessions that are active on the same or different MSAP have a unique session ID per capture SAP.

With the optional parameter per-msap, a unique session ID is assigned per MSAP:

  • multiple sessions that are active on the same MSAP have a unique session ID per MSAP

  • multiple sessions that are active on different MSAPs are not guaranteed to have a unique session ID

The session ID range is 1 to 8191.

By default, all PPPoE sessions with a different client MAC address and active on a given SAP or MSAP have a session ID of 1 (sid-allocation sequential) or a random value in the range 1 to 8191 (sid-allocation random).

The no form of this command reverts to the default.

Parameters

per-msap

Assigns a unique session ID for PPPoE sessions that are active on the same MSAP. This parameter has no effect on regular SAPs.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

unknown-arp-request-flood-evpn

unknown-arp-request-flood-evpn

Syntax

[no] unknown-arp-request-flood-evpn

Context

[Tree] (config>service>vpls>proxy-arp unknown-arp-request-flood-evpn)

Full Context

configure service vpls proxy-arp unknown-arp-request-flood-evpn

Description

This command controls whether unknown ARP-requests are flooded into the EVPN network. By default, the system floods ARP-requests, including EVPN (with source squelching), if there is no active proxy-arp entry for the requested IP.

The no form of the command will only flood to local SAPs/SDP-bindings and not to EVPN destinations.

Default

unknown-arp-request-flood-evpn

Platforms

All

unknown-mac-route

unknown-mac-route

Syntax

[no] unknown-mac-route

Context

[Tree] (config>service>vpls>bgp-evpn unknown-mac-route)

Full Context

configure service vpls bgp-evpn unknown-mac-route

Description

This command enables the advertisement of the unknown-mac-route in BGP. This will be coded in an EVPN MAC route where the MAC address is zero and the MAC address length 48. By using this unknown-mac-route advertisement, the user may decide to optionally turn off the advertisement of MAC addresses learned from SAPs and SDP-bindings, hence reducing the control plane overhead and the size of the FDB tables in the data center. All the receiving NVEs supporting this concept will send any unknown-unicast packet to the owner of the unknown-mac-route, as opposed to flooding the unknown-unicast traffic to all other nodes part of the same VPLS. Although the 7750 SR, 7450 ESS, or 7950 XRS can be configured to generate and advertise the unknown-mac-route, the router will never honor the unknown-mac-route and will flood to the vpls flood list when an unknown-unicast packet arrives to an ingress SAP/SDP-binding.

Use of the unknown-mac-route is only supported for BGP-EVPN VXLAN.

Default

no unknown-mac-route

Platforms

All

unknown-message-rate

unknown-message-rate

Syntax

unknown-message-rate integer

no unknown-message-rate

Context

[Tree] (config>router>pcep>pcc unknown-message-rate)

[Tree] (config>router>pcep>pce unknown-message-rate)

Full Context

configure router pcep pcc unknown-message-rate

configure router pcep pce unknown-message-rate

Description

This command configures the maximum rate of unknown messages which can be received on a PCEP session.

When the rate of received unrecognized or unknown messages reaches the configured limit, the PCEP speaker closes the session to the peer.

The no form of the command returns the unknown message rate to the default value.

Default

unknown-message-rate 10

Parameters

integer

the rate of unknown messages, in messages per minute

Values

1 to 255

Platforms

All

  • configure router pcep pcc unknown-message-rate

VSR-NRC

  • configure router pcep pce unknown-message-rate

unknown-ns-flood-evpn

unknown-ns-flood-evpn

Syntax

[no] unknown-ns-flood-evpn

Context

[Tree] (config>service>vpls>proxy-nd unknown-ns-flood-evpn)

Full Context

configure service vpls proxy-nd unknown-ns-flood-evpn

Description

This command controls whether unknown Neighbor Solicitation messages are flooded into the EVPN network. By default, the system floods NS (with source squelching) to SAPs/SDP-bindings including EVPN, if there is no active proxy-nd entry for the requested IPv6.

The no form of the command will only flood to local SAPs/SDP-bindings but not to EVPN destinations.

Default

unknown-ns-flood-evpn

Platforms

All

unknown-policer

unknown-policer

Syntax

unknown-policer policer-id [fp-redirect-group]

no unknown-policer

Context

[Tree] (config>qos>sap-ingress>fc unknown-policer)

Full Context

configure qos sap-ingress fc unknown-policer

Description

Within a sap-ingress QoS policy forwarding class context, the unknown-policer command is used to map packets that match the forwarding class and are considered unknown in nature to the specified policer-id. The specified policer-id must already exist within the sap-ingress QoS policy. While the system is determining the forwarding class of a packet, it is also looking up its forwarding destination based on the ingress service type and the service instance forwarding records. If the service type is VPLS and the destination MAC address is unicast, but the MAC has not been learned and populated within the VPLS services FDB, the packet is classified into the unknown forwarding type.

Unknown forwarding type packets are mapped to either an ingress multipoint queue (using the unknown queue-id or unknown queue-id group ingress-queue-group commands) or an ingress policer (unknown-policer policer-id). The unknown and unknown-policer commands within the forwarding class context are mutually exclusive. By default, the unknown forwarding type is mapped to the SAP ingress default multipoint queue. If the unknown-policer policer-id command is executed, any previous policer mapping or queue mapping for the unknown forwarding type within the forwarding class is overridden if the policer mapping is successful.

A policer defined within the sap-ingress policy is not actually created on an ingress SAP or a subscriber using an sla-profile where the policy is applied until at least one forwarding type (unicast, broadcast, unknown, or multicast) from one of the forwarding classes is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber or multiservice site, or ingress policing is not supported on the port associated with the SAP or subscriber or multiservice site, the initial forwarding class forwarding type mapping will fail.

The unknown-policer command is ignored for instances of the policer applied to SAPs or subscribers’ multiservice site where unknown packets are not supported.

When the unknown forwarding type within a forwarding class is mapped to a policer, the unknown packets classified to the subclasses within the forwarding class are also mapped to the policer.

The no form of this command is used to restore the mapping of the unknown forwarding type within the forwarding class to the default multipoint queue. If all forwarding class forwarding types had been removed from the default multipoint queue, the queue will not exist on the SAPs or subscriber or multiservice site associated with the QoS policy and the no broadcast-policer command will cause the system to attempt to create the default multipoint queue on each object. If the system cannot create the queue on each instance, the no unknown-policer command will fail and the unknown forwarding type within the forwarding class will continue its mapping to the existing policer-id. If the no unknown-policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscriber will be lost.

Parameters

policer-id

When the forwarding class unknown-policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.

Values

1 to 63

fp-redirect-group

Redirects a forwarding class to a forwarding plane queue-group as specified in a SAP QoS policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

unknown-protocol

unknown-protocol

Syntax

unknown-protocol [hrs hours] [min minutes] [sec seconds]

no unknown-protocol

Context

[Tree] (config>service>nat>firewall-policy>timeouts unknown-protocol)

Full Context

configure service nat firewall-policy timeouts unknown-protocol

Description

This command configures the timeout interval for unknown protocol mappings.

The no form of the command reverts the timeout interval to the default of 5 minutes.

Default

unknown-protocol min 5

Parameters

hours

Specifies the number of hours in the unknown protocol mapping timeout interval.

Values

0 to 24

minutes

Specifies the number of minutes in the unknown protocol mapping timeout interval.

Values

1 to 59

seconds

Specifies the number of seconds in the unknown protocol mapping timeout interval.

Values

0 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

unknown-protocols

unknown-protocols

Syntax

unknown-protocols

Context

[Tree] (config>service>nat>firewall-policy unknown-protocols)

Full Context

configure service nat firewall-policy unknown-protocols

Description

Commands in this context configure the treatment of flows of unknown Layer 4 protocols, which are protocols that cannot be natively handled by the system.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

unknown-queue

unknown-queue

Syntax

unknown-queue queue-id [group queue-group-name]

no unknown-queue

Context

[Tree] (config>qos>sap-ingress>fc unknown-queue)

Full Context

configure qos sap-ingress fc unknown-queue

Description

This command overrides the default unknown unicast forwarding type queue mapping for fc fc-name. The specified queue-id must exist within the policy as a multipoint queue before the mapping can be made. When the forwarding class mapping is executed, all unknown traffic on a SAP using this policy is forwarded using the queue-id.

The unknown forwarding type usually tracks the multicast forwarding type definition. This command overrides that default behavior.

The no form of this command sets the unknown forwarding type queue-id back to the default of tracking the multicast forwarding type queue mapping.

Parameters

queue-id

Specifies an existing multipoint queue defined in the config>qos>sap-ingress context.

Values

Any valid multipoint queue-id in the policy including 2 through 32.

Default

11

group queue-group-name

This optional parameter is used to redirect the forwarding type within the forwarding class to the specified queue-id within the queue-group-name. When the policy is applied, all packets matching the forwarding class and forwarding type will be redirected to the queue within the specified queue group. The queue-group-name are configured in the config>qos>queue-group-templates egress and ingress contexts.

Platforms

All

unknown-queue

Syntax

unknown-queue queue-id

no unknown-queue

Context

[Tree] (config>qos>shared-queue>fc unknown-queue)

Full Context

configure qos shared-queue fc unknown-queue

Description

This command configures the unknown unicast forwarding type queue mapping for fc fc-name. The specified queue-id must exist within the policy as a multipoint queue before the mapping can be made. When the forwarding class mapping is executed, all unknown traffic on a SAP using this policy is forwarded using the queue-id.

The unknown forwarding type usually tracks the multicast forwarding type definition. This command overrides that default behavior.

The no form of this command sets the unknown forwarding type queue-id back to the default of tracking the multicast forwarding type queue mapping.

Parameters

queue-id

The queue-id must be an existing, multipoint queue defined in the config>qos>sap-ingress context policer-output-queues profile. For the 7950 XRS, this is not configurable in the policer-output-queues profile.

Values

25 to 32

Platforms

All

unnumbered

unnumbered

Syntax

unnumbered [ip-int-name | ip-address]

no unnumbered

Context

[Tree] (config>service>ies>sub-if unnumbered)

[Tree] (config>service>vprn>sub-if unnumbered)

Full Context

configure service ies subscriber-interface unnumbered

configure service vprn subscriber-interface unnumbered

Description

This command can be configured only for subscriber interfaces that do not have an IPv4 address explicitly configured and is therefore operationally in a DOWN state. By configuring this command, the subscriber interface borrows the IPv4 address from the referenced interface (directly or indirectly via IP address) that must be operationally UP and located in the same routing instance as the subscriber interface. This allows the subscriber interface to be operationally UP and consequently allow forwarding of the subscriber traffic.

Such interface is referred as unnumbered interface, since it does not have explicitly configured a unique IP address. Subscriber hosts under the unnumbered subscriber interface are installed in the fib as /32 hosts.

Without this command the subscriber interface is operationally DOWN and subscriber-host instantiation is not possible.

This command is mutually exclusive with the allow-unmatched-subnets command under the same CLI hierarchy.

The operation of IPv6 host is not affected by this command.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies the interface name from which an IPv4 address is borrowed.

ip-address

Specifies the IP address from an optionally up interface that is used for subscriber interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

unnumbered

Syntax

unnumbered [ip-int-name | ip-address]

no unnumbered

Context

[Tree] (config>service>ies>sub-if unnumbered)

[Tree] (config>service>vprn>sub-if unnumbered)

Full Context

configure service ies subscriber-interface unnumbered

configure service vprn subscriber-interface unnumbered

Description

This command can be configured only for subscriber interfaces that do not have an IPv4 address explicitly configured and is therefore operationally in a DOWN state. By configuring this command, the subscriber interface borrows the IPv4 address from the referenced interface (directly or indirectly via IP address) that must be operationally UP and located in the same routing instance as the subscriber interface. This allows the subscriber interface to be operationally UP and consequently allow forwarding of the subscriber traffic.

Such interface is referred as unnumbered interface, since it does not have explicitly configured a unique IP address. Subscriber hosts under the unnumbered subscriber interface are installed in the fib as /32 hosts.

Without this command the subscriber interface is operationally DOWN and subscriber-host instantiation is not possible.

This command is mutually exclusive with the allow-unmatched-subnets command under the same CLI hierarchy.

The operation of IPv6 host is not affected by this command.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies the interface name from which an IPv4 address is borrowed.

ip-address

Specifies the IP address from an optionally up interface that is used for subscriber interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

unnumbered

Syntax

unnumbered [ip-int-name | ip-address]

no unnumbered

Context

[Tree] (config>service>vpls>interface unnumbered)

Full Context

configure service vpls interface unnumbered

Description

This command configures the interface as an unnumbered interface.

Parameters

ip-int-name

Specifies the name of the IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes

ip-address

Specifies an IP address which must be a valid address of another interface

Platforms

All

unnumbered

Syntax

unnumbered [ip-int-name | ip-address]

no unnumbered

Context

[Tree] (config>service>vpls>interface unnumbered)

Full Context

configure service vpls interface unnumbered

Description

This command configures the interface as an unnumbered interface.

Parameters

ip-int-name

Specifies the name of the IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes

ip-address

Specifies an IP address which must be a valid address of another interface

Platforms

All

unnumbered

Syntax

unnumbered {ip-int-name | ip-address}

no unnumbered

Context

[Tree] (config>service>ies>if unnumbered)

Full Context

configure service ies interface unnumbered

Description

This command configures the interface as an unnumbered interface. Unnumbered IP interfaces are supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

ip-address

Specifies an IP address.

Platforms

All

unnumbered

Syntax

unnumbered {ip-int-name | ip-address}

no unnumbered

Context

[Tree] (config>service>ies>if unnumbered)

Full Context

configure service ies interface unnumbered

Description

This command configures the interface as an unnumbered interface. Unnumbered IP interfaces are supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

ip-address

Specifies an IP address.

Platforms

All

unnumbered

Syntax

unnumbered [ip-int-name | ip-address]

no unnumbered

Context

[Tree] (config>service>vprn>if unnumbered)

[Tree] (config>service>vprn>nw-if unnumbered)

Full Context

configure service vprn interface unnumbered

configure service vprn nw-if unnumbered

Description

This command configures the interface as an unnumbered interface. An unnumbered IP interface is supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

ip-address

Specifies an IP address.

Platforms

All

unnumbered

Syntax

unnumbered [ip-int-name | ip-address]

no unnumbered

Context

[Tree] (config>service>vprn>if unnumbered)

[Tree] (config>service>vprn>nw-if unnumbered)

Full Context

configure service vprn interface unnumbered

configure service vprn nw-if unnumbered

Description

This command configures the interface as an unnumbered interface. An unnumbered IP interface is supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

ip-address

Specifies an IP address.

Platforms

All

unnumbered

Syntax

unnumbered [{ip-int-name | ip-address}]

no unnumbered

Context

[Tree] (config>router>if unnumbered)

Full Context

configure router interface unnumbered

Description

This command sets an IP interface as an unnumbered interface and specifies the IP address to be used for the interface.

To conserve IP addresses, unnumbered interfaces can be configured. The address used when generating packets on this interface is the ip-addr parameter configured.

An error message will be generated if an unnumbered interface is configured, and an IP address already exists on this interface.

The no form of this command removes the IP address from the interface, effectively removing the unnumbered property. The interface must be shutdown before no unnumbered is issued to delete the IP address from the interface, or an error message will be generated.

Default

no unnumbered

Parameters

ip-int-name | ip-address

Optional. Specifies the IP address or IP interface name to associate with the unnumbered IP interface in dotted decimal notation. The configured IP address must exist on this node. It is recommended to use the system IP address as it is not associated with a specific interface and is therefore always reachable. The system IP address is the default if no ip-addr or ip-int-name is configured.

Platforms

All

unnumbered-source-ip

unnumbered-source-ip

Syntax

unnumbered-source-ip {ip-address}

no unnumbered-source-ip

Context

[Tree] (config>subscr-mgmt>shcv-policy>layer-3 unnumbered-source-ip)

Full Context

configure subscriber-mgmt shcv-policy layer-3 unnumbered-source-ip

Description

This command configures the source IPv4 address (also known as the sender IP address) used in SHCV ARP requests for unnumbered hosts. When unconfigured, 0.0.0.0 is used as the source IPv4 address in SHCV ARP requests.

The no form of this command removes the IPv4 address from Layer 3.

Parameters

ip-address

Specifies the unicast IPv4 address to be used as the source address in SHCV ARP requests for unnumbered hosts.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

unreachables

unreachables

Syntax

unreachables [number seconds]

no unreachables[number seconds]

Context

[Tree] (config>service>vprn>if>icmp unreachables)

[Tree] (config>service>ies>if>icmp unreachables)

[Tree] (config>service>vprn>nw-if>icmp unreachables)

[Tree] (config>service>vprn>sub-if>grp-if>icmp unreachables)

[Tree] (config>service>ies>sub-if>grp-if>icmp unreachables)

[Tree] (config>service>vprn>if>ipv6>icmp6 unreachables)

Full Context

configure service vprn interface icmp unreachables

configure service ies interface icmp unreachables

configure service vprn network-interface icmp unreachables

configure service vprn subscriber-interface group-interface icmp unreachables

configure service ies subscriber-interface group-interface icmp unreachables

configure service vprn interface ipv6 icmp6 unreachables

Description

This command configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP destination unreachable messages on the router interface and reverts to the default values.

Default

unreachables 100 10

Parameters

number

Specifies the maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.

Values

10 to 2000

seconds

Specifies the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued.

Values

1 to 60

Platforms

All

  • configure service ies interface icmp unreachables
  • configure service vprn interface ipv6 icmp6 unreachables
  • configure service vprn network-interface icmp unreachables
  • configure service vprn interface icmp unreachables

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface icmp unreachables
  • configure service ies subscriber-interface group-interface icmp unreachables

unreachables

Syntax

unreachables [number seconds]

no unreachables

Context

[Tree] (config>service>ies>if>ipv6>icmp6 unreachables)

Full Context

configure service ies interface ipv6 icmp6 unreachables

Description

This command specifies that ICMPv6 host and network unreachable messages are generated by this interface.

When disabled, ICMPv6 host and network unreachable messages are not sent.

The no form of this command reverts to the default.

Default

unreachables 100 10

Parameters

number

Specifies the number of destination unreachable ICMPv6 messages are issued in the time frame specified by the seconds parameter.

Values

10 to 2000

seconds

Specifies the time frame, in seconds, that is used to limit the number of destination unreachable ICMPv6 messages to be issued.

Values

1 to 60

Platforms

All

unreachables

Syntax

unreachables [number number] [seconds seconds]

no unreachables

Context

[Tree] (config>subscr-mgmt>git>ipv4>icmp unreachables)

Full Context

configure subscriber-mgmt group-interface-template ipv4 icmp unreachables

Description

This command configures the generation of ICMP destination unreachable messages on the router interface. The rate at which ICMP unreachable messages are issued can be controlled with the optional number and seconds parameters, which indicate the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP destination unreachable messages on the router interface.

Default

unreachables number 100 seconds 10

Parameters

number

Specifies the maximum number of ICMP unreachable messages sent. This parameter must be specified with the seconds parameter.

Values

10 to 2000

seconds

Specifies the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued.

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

unreachables

Syntax

unreachables [number seconds]

no unreachables

Context

[Tree] (config>router>if>icmp unreachables)

Full Context

configure router interface icmp unreachables

Description

This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP destination unreachables on the router interface.

Default

unreachables 100 10 — Maximum of 100 unreachable messages in 10 seconds.

Parameters

number

The maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified.

Values

10 to 2000

seconds

The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer.

Values

1 to 60

Platforms

All

unreachables

Syntax

unreachables [number seconds]

no unreachables

Context

[Tree] (config>router>if>ipv6>icmp6 unreachables)

Full Context

configure router interface ipv6 icmp6 unreachables

Description

This command configures the rate for ICMPv6 unreachable messages. When enabled, ICMPv6 host and network unreachable messages are generated by this interface.

The no form of this command disables the generation of ICMPv6 host and network unreachable messages by this interface.

Default

unreachables 100 10 (when IPv6 is enabled on the interface)

Parameters

number

Determines the number destination unreachable ICMPv6 messages to issue in the time frame specified in seconds parameter.

Values

10 to 2000

seconds

Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6 messages issued per time frame.

Values

1 to 60

Platforms

All

untrusted

untrusted

Syntax

untrusted [default-forwarding default-forwarding]

no untrusted

Context

[Tree] (config>router>if untrusted)

Full Context

configure router interface untrusted

Description

This command configures the state of untrusted for a network IP interface.

The untrusted state identifies the participating interfaces in the label security feature for prefixes of a VPN family at an inter-AS boundary. The router supports a maximum of 15 network interfaces that can participate in this feature.

The user normally applies this command to an inter-AS interface. PIP keeps track of the untrusted status of each interface. In the data path, such an interface causes the default forwarding to be set to the default-forwarding value.

For backward compatibility reasons, the interface default-forwarding is set to the forward value; this means that labeled packets are checked in the normal way against the table of programmed ILMs to decide if they should be dropped or forwarded in a GRT, a VRF, or a L2 service context.

If the user sets the default-forwarding value to drop, all labeled packets received on that interface are automatically dropped.

This command sets the default behavior for an untrusted interface in the data path and for all ILMs. When enabling the label security for VPN IPv4 or VPN IPv6 prefixes, BGP programs the data path to provide an exception to the normal way of forwarding handling away from the default for those VPRN ILMs.

The no form of this command returns the interface into the default state of trusted.

Default

no untrusted

Parameters

default-forwarding

Specifies the default forwarding behavior of labeled packets received on this interface.

Values

forward, drop

Default

forward

Platforms

All

unzip

unzip

Syntax

unzip source-file-url [dest-file-url] list

unzip source-file-url dest-file-url [create-destination] [force]

Context

[Tree] (file unzip)

Full Context

file unzip

Description

This command expands the contents of a ZIP file to the local file system. Any file that is zipped using the store, deflate, or zip64 compression methods can be unzipped. The source ZIP file location can be a locally installed solid-state storage device or a remote FTP or TFTP server. Files can only be unzipped to the active CPM.

Parameters

source-file-url, dest-file-url

Specifies the source or destination file URL.

Values

local-url

[cflash-id/]file-path

200 chars max, including cflash-id

directory length 99 chars max each

remote-url

{ftp | tftp}://[login:pswd@]

remote-locn / [file-path]

247 chars max, file-path 199 chars max

remote-locn

{hostname | ipv4-address | "["ipv6-address"]" }[:port]|

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses

port

[0 to 65535]

cflash-id

cf1: | cf1-A: | cf2: | cf2-A: | cf3: | cf3-A:

create-destination

Specifies that a non-existent directory structure that is explicitly entered as the destination file URL is created as part of the unzip operation. This parameter is required to create new directories.

list

Lists the content of the ZIP file without performing the unzip operation.

force

Overwrites without prompting, any file or directory contained within the ZIP file that already exists in the destination URL. This keyword does not automatically create new directories explicitly specified by dest-file-url. To create these directories, use the create-destination flag.

Platforms

All

up

up

Syntax

up ip seconds

no up ip

up ipv6 seconds

no up ipv6

Context

[Tree] (config>service>vprn>nw-if>hold-time up)

[Tree] (config>service>ies>if>hold-time up)

[Tree] (config>service>vprn>sub-if>hold-time up)

[Tree] (config>service>vprn>if>hold-time up)

[Tree] (config>service>vpls>if>hold-time up)

[Tree] (config>service>vprn>red-if>hold-time up)

[Tree] (config>service>ies>red-if>hold-time up)

[Tree] (config>service>ies>sub-if>hold-time up)

Full Context

configure service vprn network-interface hold-time up

configure service ies interface hold-time up

configure service vprn subscriber-interface hold-time up

configure service vprn interface hold-time up

configure service vpls interface hold-time up

configure service vprn redundant-interface hold-time up

configure service ies redundant-interface hold-time up

configure service ies subscriber-interface hold-time up

Description

This command causes a delay in the deactivation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of this command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Default

no up ip

Parameters

seconds

The time delay, in seconds, to make the interface operational.

Values

1 to 1200

Platforms

All

  • configure service vpls interface hold-time up
  • configure service ies interface hold-time up
  • configure service vprn network-interface hold-time up
  • configure service vprn interface hold-time up

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn redundant-interface hold-time up
  • configure service vprn subscriber-interface hold-time up
  • configure service ies subscriber-interface hold-time up
  • configure service ies redundant-interface hold-time up

up-link

up-link

Syntax

up-link gbr rate mbr rate

no up-link

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile>ggsn>qos up-link)

[Tree] (config>subscr-mgmt>gtp>peer-profile>pgw>qos up-link)

[Tree] (config>subscr-mgmt>gtp>peer-profile>mme>qos up-link)

Full Context

configure subscriber-mgmt gtp peer-profile ggsn qos up-link

configure subscriber-mgmt gtp peer-profile pgw qos up-link

configure subscriber-mgmt gtp peer-profile mme qos up-link

Description

This command configures the up-link bitrate in kb/s to be used in the GTP messages.

The no form of this command reverts to the default.

Default

up-link gbr 5000 mbr 5000 - for ggsn

up-link gbr 0 mbr 0 - for mme and pgw

Parameters

gbr rate

Specifies the uplink Guaranteed Bit Rate (GBR) to be used in the GTP messages as QOS IE (GTPv1) or Bearer QOS (GTPv2).

mbr rate

Specifies the uplink Maximum Bit Rate (MBR) to be used in the GTP messages as QOS IE (GTPv1) or Bearer QOS (GTPv2).

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

up-nat-policy

up-nat-policy

Syntax

up-nat-policy name [ create]

Context

[Tree] (config>service>nat up-nat-policy)

Full Context

configure service nat up-nat-policy

Description

This command creates a NAT policy template for BNG CUPS UPF. This template is instantiated for a set of subscribers sharing in a NAT pool. The policy includes parameters that define the BNG CUPS UPF NAT behavior, such as, but not limited to, the following:

  • ALGs

  • filtering mode

  • watermarks

  • ports and NAT flow limits

  • priority NAT flows

  • protocol timers

When the BNG CPF does not receive the NAT policy template, a default template takes effect if it is configured on the BNG UPF. The name of the default NAT policy template on the BNG UPF must equal default.

Parameters

create

Keyword required to create a new NAT policy for BNG CUPS UPF.

name

Specifies the UP NAT policy name, up to 32 characters. The name default has a special meaning representing the default NAT policy template. The system uses the default template when the BNG CPF does not receive a more specific name when the subscriber is instantiated.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

up-resiliency

up-resiliency

Syntax

up-resiliency

Context

[Tree] (config>subscr-mgmt up-resiliency)

Full Context

configure subscriber-mgmt up-resiliency

Description

Commands in this context configure the inter-UPF resiliency in a CUPS system.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

up-resiliency

Syntax

up-resiliency

Context

[Tree] (config>service>vprn>subscriber-mgmt up-resiliency)

[Tree] (config>service>vpls>sap>pfcp up-resiliency)

[Tree] (config>service>ies>subscriber-mgmt up-resiliency)

Full Context

configure service vprn subscriber-mgmt up-resiliency

configure service vpls sap pfcp up-resiliency

configure service ies subscriber-mgmt up-resiliency

Description

Commands in this context configure inter-UPF resiliency service parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

up-threshold

up-threshold

Syntax

up-threshold percent-change [bw absolute-change]

Context

[Tree] (config>router>rsvp>dbw-accounting up-threshold)

Full Context

configure router rsvp dbw-accounting up-threshold

Description

This command sets the minimum change (in percent of the latest advertised value) above which an increase in MRLB (IS-IS TE sub-TLV 10) or MRB (OSPF TE sub-TLV 7) triggers an IGP-TE update. This configuration only applies to a change in MRLB or MRB caused by dark bandwidth. Other events affecting MRLB or MRB (such as the change of the subscription factor or the loss of link in a LAG over which the RSVP interface is defined) trigger an immediate TE update, regardless of the importance of the impact.

Optionally, the threshold can also be expressed as an absolute value. In this case, the evaluation of the change is made using the percent change and the absolute change. An IGP-TE update is sent if both of these thresholds are crossed. Changing this parameter in the course of dark bandwidth accounting does not affect the accounting cycle.

Default

up-threshold 0

Parameters

percent-change

Specifies the minimum increase in MRLB/MRB, expressed in percent.

Values

0 to 100

absolute-change

Specifies the minimum increase in MRLB/MRB, expressed in Mb/s.

Values

0 to 1000000

Platforms

7750 SR, 7750 SR-s, 7950 XRS, VSR

update

update

Syntax

update [neighbor ip-address | group name]

no update

Context

[Tree] (debug>router>bgp update)

Full Context

debug router bgp update

Description

This command decodes and logs all sent and received update messages in the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

Output

Use the following command to display debug router BGP update information.

Sample Output
debug router bgp update

17 2022/05/04 17:39:07.566 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Received BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 76
    Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
        Address Family L2VPN
        NextHop len 4 NextHop 192.0.2.4
        [VPLS/VPWS] preflen 21, veid: 4, vbo: 5, vbs: 1, label-base: 524252, RD 
192.0.2.4:801, csv: 0x00000000, type 1, len 1, 
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x80 Type: 4 Len: 4 MED: 0
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64500:801
        l2-vpn/vrf-imp:Encap=5: Flags=-TRC: MTU=1514: PREF=0
158 2022/05/10 08:05:21.767 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2
"Peer 1: 2001:db8::2: UPDATE
Peer 1: 2001:db8::2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 81
    Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.5
        Type: EVPN-AD Len: 25 RD: 192.0.2.5:201 ESI: ESI-0, tag: 5 Label: 838804
8 (Raw Label: 0x7ffdd0) PathId:
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 24 Extended Community:
        target:64500:201
        l2-attribute:MTU: 1514 C: 1 F: 1 P: 0 B: 0
        bgp-tunnel-encap:MPLS
"

367 2022/05/10 08:04:47.560 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::5
"Peer 1: 2001:db8::5: UPDATE
Peer 1: 2001:db8::5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 77
    Flag: 0x90 Type: 14 Len: 28 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-INCL-MCAST Len: 17 RD: 192.0.2.2:500, tag: 0, orig_addr len: 
32, orig_addr: 192.0.2.2 
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64500:500
        l2-attribute:MTU: 1514 C: 1 F: 1 P: 0 B: 0
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 22 Len: 9 PMSI:
        Tunnel-type Ingress Replication (6)
        Flags: (0x0)[Type: None BM: 0 U: 0 Leaf: not required]
        MPLS Label 8388512
        Tunnel-Endpoint 192.0.2.2

update-fault-tolerance

update-fault-tolerance

Syntax

[no] update-fault-tolerance

Context

[Tree] (config>service>vprn>bgp>error-handling update-fault-tolerance)

[Tree] (config>service>vprn>bgp>group>neighbor>error-handling update-fault-tolerance)

[Tree] (config>service>vprn>bgp>group>error-handling update-fault-tolerance)

Full Context

configure service vprn bgp error-handling update-fault-tolerance

configure service vprn bgp group neighbor error-handling update-fault-tolerance

configure service vprn bgp group error-handling update-fault-tolerance

Description

This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.

Default

no update-fault-tolerance

Platforms

All

update-fault-tolerance

Syntax

[no] update-fault-tolerance

Context

[Tree] (config>router>bgp>group>neighbor>error-handling update-fault-tolerance)

[Tree] (config>router>bgp>group>error-handling update-fault-tolerance)

[Tree] (config>router>bgp>error-handling update-fault-tolerance)

Full Context

configure router bgp group neighbor error-handling update-fault-tolerance

configure router bgp group error-handling update-fault-tolerance

configure router bgp error-handling update-fault-tolerance

Description

This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.

Default

no update-fault-tolerance

Platforms

All

update-interval

update-interval

Syntax

update-interval [hrs hours] [min minutes] [days days]

no update-interval

Context

[Tree] (config>service>dynsvc>acct-2 update-interval)

[Tree] (config>service>dynsvc>acct-1 update-interval)

Full Context

configure service dynamic-services dynamic-services-policy accounting-2 update-interval

configure service dynamic-services dynamic-services-policy accounting-1 update-interval

Description

This command specifies the interval between each RADIUS Accounting Interim-Update message (minimum 5 minutes; maximum 180 days).

The no form of this command disables the sending of Accounting Interim-Update messages.

A RADIUS specified Accounting Interim Interval overrides the CLI configured value.

Default

no update-interval (do not send Accounting Interim-Update messages)

Parameters

hrs

specifies the interval in hours.

Values

1 to 23

min

Specifies the interval in minutes.

Values

1 to 59

days

specifies the interval in days.

Values

1 to 180

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

update-interval

Syntax

update-interval [hrs hours] [min minutes] [days days]

no update-interval

Context

[Tree] (config>service>dynsvc>ladb>user>idx>acct update-interval)

Full Context

configure service dynamic-services local-auth-db user-name index accounting update-interval

Description

This command specifies the time between each dynamic data service accounting interim update for this accounting destination. This command overrides the local configured value in the dynamic services policy.

The no form of this command disables the generation of interim accounting updates to this destination.

The minimum update interval is 5 minutes.

Parameters

hours

Specifies the interval in hours.

Values

1 to 23

minutes

Specifies the interval in minutes.

Values

1 to 59

days

Specifies the interval in days.

Values

1 to 180

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

update-interval

Syntax

update-interval minutes

no update-interval

Context

[Tree] (config>subscr-mgmt>acct-plcy update-interval)

Full Context

configure subscriber-mgmt radius-accounting-policy update-interval

Description

This command specifies the interval at which accounting data of subscriber hosts is updated in a RADIUS Accounting Interim-Update message. Requires interim-update to be enabled when specifying the accounting mode in the radius accounting policy.

A RADIUS specified interim interval (attribute [85] Acct-Interim-Interval) overrides the CLI configured value.

The no form of this command reverts to the default.

Parameters

minutes

Specifies the interval, in minutes, at which accounting data of subscriber hosts is updated.

Values

5 to 259200

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

update-interval

Syntax

update-interval minutes [jitter seconds]

no update-interval

Context

[Tree] (config>ipsec>rad-acct-plcy update-interval)

Full Context

configure ipsec radius-accounting-policy update-interval

Description

This command enables the system to send RADIUS interim-update packets for IKEv2 remote-access tunnels. The RADIUS attributes in the interim-update packet are the same as acct-start. The value of the Acct-status-type in the interim-update message is 3.

Default

update-interval 10

Parameters

minutes

Specifies the interval in minutes.

Values

5 to 259200

seconds

Specifies the jitter as the number of seconds when the system sends each interim-update packet.

Values

0 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

update-interval

Syntax

update-interval seconds

Context

[Tree] (config>test-oam>link-meas>template>twl>ipv6-dest-disc update-interval)

Full Context

configure test-oam link-measurement measurement-template twamp-light ipv6-destination-discovery update-interval

Description

This command configures the transmission frequency used to maintain the peer address. IPv6 discovery packets are generated to ensure that the peer address has not changed. After the discovery-timer expires or a peer is discovered during the discovery-timer phase the value of update-interval is used to continue to monitor the address of the peer. When set to zero, maintaining the peer address is disabled after the initial discovery phase. If the peer has not been discovered during that phase, disabling and enabling the IPv6 protocol can be used to restart the discovery process.

Default

update-interval 600

Parameters

seconds

Specifies the frequency used for probe packets once discovery-timer expires.

Values

0 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

update-interval-jitter

update-interval-jitter

Syntax

update-interval-jitter absolute seconds

no update-interval-jitter

Context

[Tree] (config>service>dynsvc>acct-2 update-interval-jitter)

[Tree] (config>service>dynsvc>acct-1 update-interval-jitter)

Full Context

configure service dynamic-services dynamic-services-policy accounting-2 update-interval-jitter

configure service dynamic-services dynamic-services-policy accounting-1 update-interval-jitter

Description

This command specifies the absolute maximum random delay introduced on the update interval between two RADIUS Accounting Interim Update messages. The effective maximum random delay value is the minimum of the configured absolute jitter value and 10% of the configured update-interval.

A value of zero sends the accounting interim update message without introducing an additional random delay.

The no form of this command sets the default to 10% of the configured update-interval.

Default

no update-interval-jitter (10% of the configured update-interval)

Parameters

seconds

Specifies the absolute maximum jitter value in seconds.

Values

0 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

update-interval-jitter

Syntax

update-interval-jitter absolute seconds

no update-interval-jitter

Context

[Tree] (config>subscr-mgmt>acct-plcy update-interval-jitter)

Full Context

configure subscriber-mgmt radius-accounting-policy update-interval-jitter

Description

This command specifies the absolute maximum random delay introduced on the update interval between two accounting interim update messages. The effective maximum random delay value is the minimum of the configured absolute jitter value and 10% of the configured update-interval.

A value of zero will send the accounting interim update message without introducing an additional random delay.

The no form of this command sets the default to 10% of the configured update-interval.

Parameters

seconds

Specifies the absolute maximum jitter value in seconds.

Values

0 to 36000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

update-timer

update-timer

Syntax

update-timer seconds

no update-timer

Context

[Tree] (config>router>rsvp>te-threshold-update update-timer)

Full Context

configure router rsvp te-threshold-update update-timer

Description

This command is to control timer-based IGP TE updates. Timer-based IGP updates can be enabled by specifying a non-zero time value. Default value of update-timer is 0.

The no form of this command should reset update-timer to the default value and disable timer-based IGP update.

Default

no update-timer

Parameters

seconds

Specifies the time in seconds.

Values

0 to 300

Platforms

All

updated-error-handling

updated-error-handling

Syntax

[no] updated-error-handling

Context

[Tree] (config>service>vprn>bgp>group updated-error-handling)

[Tree] (config>service>vprn>bgp>group>neighbor updated-error-handling)

Full Context

configure service vprn bgp group updated-error-handling

configure service vprn bgp group neighbor updated-error-handling

Description

This command controls whether SR OS utilizes the new neighbor-complete bit when processing optional transitive path attributes and advertising them to the associated BGP neighbor.

This command also control if SR OS utilizes the error handling mechanism for optional-transitive path attributes.

Default

no updated-error-handling

Platforms

All

updates

updates

Syntax

[no] updates [neighbor ip-int-name | ip-address]

Context

[Tree] (debug>router>rip updates)

Full Context

debug router rip updates

Description

This command enables debugging for RIP updates.

Parameters

ip-int-name | ip-address

Debugs the RIP updates sent on the neighbor IP address or interface.

Platforms

All

updates

Syntax

[no] updates [neighbor ip-int-name | ipv6-address]

Context

[Tree] (debug>router>ripng updates)

Full Context

debug router ripng updates

Description

This command enables debugging for RIP updates.

Parameters

ip-int-name| ipv6-address

Debugs the RIP updates sent on the neighbor IP address or interface.

Platforms

All

upf-data-endpoint

upf-data-endpoint

Syntax

upf-data-endpoint interface interface-name fpe fep-id

no upf-data-endpoint

Context

[Tree] (config>service>vprn>gtp upf-data-endpoint)

[Tree] (config>router>gtp upf-data-endpoint)

Full Context

configure service vprn gtp upf-data-endpoint

configure router gtp upf-data-endpoint

Description

This command configures the GTP - User Plane (GTP-U) endpoint used by BNG CUPS FWA sessions.

The no form of the command disables GTP-U termination for BNG CUPS FWA sessions.

Default

no upf-data-endpoint

Parameters

interface-name

Specifies an interface name on which GTP-U packets terminate. The name must start with a letter and can be up to 32 characters.

fpe-id

Specifies the forwarding path extension (FPE) ID used to encapsulate and decapsulate GTP-U traffic.

Values

1 to 64

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

upgrade

upgrade

Syntax

upgrade index path upgrade-name

no upgrade index

Context

[Tree] (config>card>xiom upgrade)

[Tree] (config>card upgrade)

[Tree] (config>card>mda upgrade)

Full Context

configure card xiom upgrade

configure card upgrade

configure card mda upgrade

Description

This command assigns a license level upgrade to the card, XIOM, or XMA. There can be multiple upgrades applied to a card, XIOM, or XMA. The first upgrade must use index 1 and then next index 2 and so on. Also, when removing upgrades, the largest index must be removed first and then the next largest removed and so on.

The path indicates the starting level and the new level that will apply due to the upgrade. For example, "cr1200g-cr1600g" can be applied to an XMA that is currently at the cr1200g level and after application of the upgrade, the operational level of the XMA shall be cr1600g.

There must be an upgrade license available for the path specified. Available upgrades can be checked using the show licensing entitlements command.

Note:

Some upgrades require a hard reset of the card or MDA to take effect. In general, this is required when the Full Duplex bandwidth is being changed.

Parameters

index

Specifies the order of the upgrade.

Values

1 to 6

upgrade-name

Specifies the upgrade name to be applied, up to 32 characters.

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

  • configure card xiom upgrade

7450 ESS, 7750 SR, 7750 SR-1se

  • configure card upgrade

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

  • configure card mda upgrade

upgrade

Syntax

upgrade

Context

[Tree] (admin>app-assure upgrade)

Full Context

admin application-assurance upgrade

Description

Use this command to load a new isa-aa.tim file as part of a router-independent signature upgrade. An AA ISA reboot is required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

uplink

uplink

Syntax

[no] uplink

Context

[Tree] (config>service>vprn>gtp uplink)

[Tree] (config>router>gtp uplink)

Full Context

configure service vprn gtp uplink

configure router gtp uplink

Description

This command enables GTP configuration related to a GTP uplink using the Gn, S2a, or S2b interface.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

uplink

Syntax

uplink arbiter arbiter-name

uplink policer policer-id

uplink queue queue-id

uplink scheduler scheduler-name

no uplink

Context

[Tree] (config>subscr-mgmt>gtp>apn-policy>apn>ambr-qos-mapping uplink)

Full Context

configure subscriber-mgmt gtp apn-policy apn ambr-qos-mapping uplink

Description

When enabled, the uplink rate in the APN-AMBR IE in an incoming GTP message is interpreted as a rate override for the specified ingress QoS object. For queues and policers, the PIR is overridden.

This override uses standard SR OS QoS overrides. Therefore, a subsequent Gx/RADIUS-based override removes this override.

The no form of this command disables the override mechanism.

Default

no uplink

Parameters

arbiter-name

Specifies the name of the arbiter to be overridden, up to 32 characters.

policer-id

Specifies the ID of the policer to be overridden.

Values

1 to 63

queue-id

Specifies the ID of the queue to be overridden.

Values

1 to 32

scheduler-name

Specifies the name of the scheduler to be overridden, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

uplink

Syntax

uplink port-id

uplink system-default

uplink none

Context

[Tree] (config>system>satellite>port-template>port uplink)

Full Context

configure system satellite port-template port uplink

Description

This command configures the uplink association to be used for the associated satellite port.

Parameters

port-id

Specifies the satellite physical port ID. This must use the format slot/mda/port. All satellites have a single slot and a single MDA, so these values will always be 1. For example, port 10 would be specified as 1/1/10.

system-default

Specifies that the uplink association is returned to the system default.

none

Clears the uplink association.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

uplink-forwarding-while-standby

uplink-forwarding-while-standby

Syntax

[no] uplink-forwarding-while-standby

Context

[Tree] (config>subscr-mgmt>up-resiliency>fsg-template uplink-forwarding-while-standby)

Full Context

configure subscriber-mgmt up-resiliency fate-sharing-group-template uplink-forwarding-while-standby

Description

This command allows a standby BNG UPF to forward uplink traffic. To prevent the possibility of packet replication towards the network, this command should only be enabled if the access network is provisioned not to replicate unicast packets to the BNG UPF.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

uplink-initial-wait

uplink-initial-wait

Syntax

uplink-initial-wait seconds

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile uplink-initial-wait)

Full Context

configure subscriber-mgmt vrgw brg brg-profile uplink-initial-wait

Description

This command specifies how long to wait for the uplink to fully establish when using a non-routed uplink such as a PPPoE client. During this initial wait time, setup of devices in the home is blocked.

After the timer expires, if an uplink was successful on only one of two IP stacks, devices continue to be configured with the successful IP stack. Control plane message for the failed IP stack are dropped.

Default

uplink-initial-wait 30

Parameters

seconds

Specifies the timeout in seconds.

Values

10 to 300

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

uplink-mbr-gbr

uplink-mbr-gbr

Syntax

uplink-mbr-gbr arbiter arbiter-name

uplink-mbr-gbr policer policer-id

uplink-mbr-gbr queue queue-id

uplink-mbr-gbr scheduler scheduler-name

no uplink-mbr-gbr

Context

[Tree] (config>subscr-mgmt>sla-prof>pfcp>seq uplink-mbr-gbr)

Full Context

configure subscriber-mgmt sla-profile pfcp-mappings session-qer uplink-mbr-gbr

Description

This command configures the uplink MBR/GBR to QoS override mapping.

The no form of the command disables the uplink MBR/GBR mapping.

Default

no uplink-mbr-gbr

Parameters

arbiter-name

Specifies the arbiter target of the MBR/GBR override. The arbiter name can be up to 32 characters.

policer-id

Specifies the policer ID target of the MBR/GBR override.

Values

1 to 63

queue-id

Specifies the queue ID target of the MBR/GBR override.

Values

1 to 8

scheduler-name

Specifies the scheduler name target of the MBR/GBR override. The scheduler name can be up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

upnp

upnp

Syntax

upnp

Context

[Tree] (config>service upnp)

Full Context

configure service upnp

Description

Commands in this context configure UPnP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

upnp-mappings

upnp-mappings

Syntax

upnp-mappings [upnp-mappings]

no upnp-mappings

Context

[Tree] (config>isa>wlan-gw-group>nat>session-limits upnp-mappings)

Full Context

configure isa wlan-gw-group nat session-limits upnp-mappings

Description

This command limits the number of Universal Plug 'n Play mappings per member

The no form of this command reverts to the default value.

Default

upnp-mappings 524288

Parameters

upnp-mappings

specifies, for each MDA in this ISA group, the maximum number of Universal Plug 'n Play (UPnP) mappings.

Values

1 to 524288

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

upnp-mappings

Syntax

upnp-mappings limit no upnp-mappings

Context

[Tree] (config>isa>nat-group>session-limits upnp-mappings)

Full Context

configure isa nat-group session-limits upnp-mappings

Description

This command specifies the maximum number of UPnP mappings per ISA.

Default

524288

Parameters

limit

Specifies the maximum number of UPnP mappings.

Values

1 to 524288

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

upnp-policy

upnp-policy

Syntax

upnp-policy policy-name [create]

no upnp-policy policy-name

Context

[Tree] (config>service>upnp upnp-policy)

Full Context

configure service upnp upnp-policy

Description

This command creates a new upnp-policy or enters the configuration context of an existing upnp-policy.

The no form of the command removes the upnp-policy policy-name from the configuration.

Parameters

policy-name

Specifies the name of the UPnP policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

upnp-policy

Syntax

upnp-policy policy-name

no upnp-policy

Context

[Tree] (config>subscr-mgmt>sub-prof upnp-policy)

Full Context

configure subscriber-mgmt sub-profile upnp-policy

Description

This command enables UPnP IGD services for the subscriber. All ESM hosts of the subscriber could use the UPnP protocol to create port mapping. This feature only support L2-Aware NAT host.

UPnP parameters are defined in the referenced upnp-policy configured in the config> service>upnp context.

Default

no upnp-policy

Parameters

policy-name

Specifies the UPnP policy associated with this subscriber profile up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

upstream-ip-filter

upstream-ip-filter

Syntax

upstream-ip-filter filter-id

no upstream-ip-filter

Context

[Tree] (config>router>nat>outside upstream-ip-filter)

[Tree] (config>service>vprn>nat>outside upstream-ip-filter)

Full Context

configure router nat outside upstream-ip-filter

configure service vprn nat outside upstream-ip-filter

Description

This command configures the ip-filter for upstream traffic. This filter is applied to the upstream traffic after the NAT function and before it enters the outside virtual router instance; it is useful for traffic that bypasses the ingress filters applied in the inside virtual router instance, such as DS-Lite traffic.

Default

no upstream-ip-filter

Parameters

filter-id

Specifies the identifier of an IP filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

upstream-ipv6-filter

upstream-ipv6-filter

Syntax

upstream-ipv6-filter filter-id

no upstream-ipv6-filter

Context

[Tree] (config>router>nat>outside upstream-ipv6-filter)

[Tree] (config>service>vprn>nat>outside upstream-ipv6-filter)

Full Context

configure router nat outside upstream-ipv6-filter

configure service vprn nat outside upstream-ipv6-filter

Description

This command configures the ipv6-filter for upstream traffic. This filter is applied to the upstream traffic after the NAT function and before it enters the outside virtual router instance. This is useful for shared v6 filters that apply to all v6 DSM hosts.

Default

no upstream-ipv6-filter

Parameters

filter-id

Specifies the identifier of an ipv6-filter.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

url

url

Syntax

url rdr-url-sting

no url

Context

[Tree] (config>subscr-mgmt>http-rdr-plcy url)

Full Context

configure subscriber-mgmt http-redirect-policy url

Description

This command configures the HTTP URL to re-direct the matching traffic to. It also can specify inclusion of original URL, MAC address and IP address of the subscriber in the redirect URL.

Parameters

rdr-url-sting

Specifies the URL to redirect to.

Values

rdr-url-string

Up to 255 characters

macro substitutions:

$URL

Request-URI in the HTTP GET Request received

$MAC

A string that represents the MAC address of the subscriber host

$IP

A string that represents the IP address of the subscriber host

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

url

Syntax

url url-string [service-id service-id]

url url-string [service-name service-name]

no url

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 url)

Full Context

configure system security pki ca-profile cmpv2 url

Description

This command specifies HTTP URL of the CMPv2 server. The URL must be unique across all configured ca-profiles.

The URL will be resolved by the DNS server configured (if configured) in the corresponding router context.

If the service-id is 0 or omitted, then system will try to resolve the FQDN via DNS server configured in bof.cfg. After resolution, the system will connect to the address in management routing instance first, then base routing instance.

If the service is VPRN, then the system only allows HTTP ports 80 and 8080.

Default

no url

Parameters

url-string

Specifies the HTTP URL of the CMPv2 server up to 180 characters.

service-id service-id

Specifies the service instance that used to reach CMPv2 server.

Values

Service ID: 1 to 2147483647

base-router: 0

Platforms

All

url

Syntax

url url

no url

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update>crl-urls>url-entry url)

Full Context

configure system security pki ca-profile auto-crl-update crl-urls url-entry url

Description

This command specifies the HTTP URL of the CRL file for the url-entry. The system supports both IPv4 and IPv6 HTTP connections.

Note:

The URL must point to a DER encoded CRL.

Default

no url

Parameters

url

Specifies the URL, which specifies the location, where an updated CRL can be downloaded from.

Platforms

All

url

Syntax

url url-string [service-id service-id]

url url-string [service-name service-name]

no url

Context

[Tree] (config>system>security>pki>ca-profile>cmp2 url)

Full Context

configure system security pki ca-profile cmp2 url

Description

This command specifies HTTP URL of the CMPv2 server. The URL must be unique across all configured ca-profiles.

The URL will be resolved by the DNS server configured (if configured) in the corresponding router context.

If the service-id is 0 or omitted, then system will try to resolve the FQDN via DNS server configured in bof.cfg. After resolution, the system will connect to the address in management routing instance first, then base routing instance.

Note:

If the service is VPRN, then the system only allows HTTP ports 80 and 8080.

Parameters

url-string

Specifies the HTTP URL of the CMPv2 server, up to 180 characters.

service-id service-id

Specifies the service instance that used to reach CMPv2 server.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The url url-string service-name service-name variant can be used in all configuration modes.

Values

service-id: 1 to 2147483647 base-router: 0

service-name service-name

Identifies the service, up to 64 characters.

url-entry

url-entry

Syntax

url-entry entry-id [ create]

no url-entry entry-id

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update>crl-urls url-entry)

Full Context

configure system security pki ca-profile auto-crl-update crl-urls url-entry

Description

This command creates a new crl-url entry with the create parameter, or enters an existing url-entry configuration context without create parameter.

The no form of this command removes the specified entry.

Parameters

entry-id

Specifies a URL configured on this system.

Values

1 to 8

create

Creates an auto URL entry.

Platforms

All

url-filter

url-filter

Syntax

url-filter url-filter-name [characteristic characteristic-name]

no url-filter

Context

[Tree] (config>app-assure>group>aqp>entry>action url-filter)

Full Context

configure application-assurance group app-qos-policy entry action url-filter

Description

This command configures a url-filter action for flows matching this entry.

Parameters

url-filter-name

Specifies the name of the url-filter policy.

characteristic-name

Specifies the name of the characteristic.

url-filter

Syntax

url-filter url-filter-name [create]

no url-filter url-filter-name

Context

[Tree] (config>app-assure>group url-filter)

Full Context

configure application-assurance group url-filter

Description

This command configures a URL filter action for flows of a specific type matching this entry.

If no URL filters are specified then no URL filters will be evaluated.

Parameters

url-filter-name

Specifies the Application-Assurance URL filter that will be evaluated.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

url-list

url-list

Syntax

url-list url-list-name [create]

no url-list url-list-name

Context

[Tree] (config>app-assure>group url-list)

Full Context

configure application-assurance group url-list

Description

This command configures a url-list object. The url-list points to a file containing a list of URLs located on the system Compact Flash. The url-list is then referenced in a url-filter object in order to filter and redirect subscribers when a URL from this file is accessed.

The no form of this command removes the url-list object.

Parameters

url-list-name

Specify the Application-Assurance url-list

create

Keyword used to create the URL list.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

url-list

Syntax

url-list url-list-name upgrade

Context

[Tree] (admin>app-assure>group url-list)

Full Context

admin application-assurance group url-list

Description

This command upgrades the URL list.

Parameters

url-list-name

Specifies the application assurance URL list, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

urpf-check

urpf-check

Syntax

[no] urpf-check

Context

[Tree] (config>service>ies>if urpf-check)

[Tree] (config>service>vprn>nw-if urpf-check)

[Tree] (config>service>vprn>sub-if>grp-if urpf-check)

[Tree] (config>service>vprn>if urpf-check)

[Tree] (config>service>ies>if>ipv6 urpf-check)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 urpf-check)

[Tree] (config>service>vprn>if>ipv6 urpf-check)

Full Context

configure service ies interface urpf-check

configure service vprn network-interface urpf-check

configure service vprn subscriber-interface group-interface urpf-check

configure service vprn interface urpf-check

configure service ies interface ipv6 urpf-check

configure service ies subscriber-interface group-interface ipv6 urpf-check

configure service vprn interface ipv6 urpf-check

Description

This command enables unicast RPF (uRPF) check on this interface.

The no form of this command disables unicast RPF (uRPF) Check on this interface.

Default

no urpf-check

Platforms

All

  • configure service vprn interface ipv6 urpf-check
  • configure service ies interface urpf-check
  • configure service vprn network-interface urpf-check
  • configure service vprn interface urpf-check
  • configure service ies interface ipv6 urpf-check

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface ipv6 urpf-check
  • configure service vprn subscriber-interface group-interface urpf-check

urpf-check

Syntax

[no] urpf-check

Context

[Tree] (config>subscr-mgmt>git>ipv4 urpf-check)

Full Context

configure subscriber-mgmt group-interface-template ipv4 urpf-check

Description

This command enables the uRPF check on this interface.

The no form of this command disables the uRPF check on this interface.

Default

no urpf-check

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

urpf-check

Syntax

urpf-check

no urpf-check

Context

[Tree] (config>service>vprn>network>ingress urpf-check)

Full Context

configure service vprn network ingress urpf-check

Description

This command enables the unicast RPF (uRPF) check of network ingress traffic to include traffic associated with the VPRN if the incoming network interface is configured with the urpf-selected-vprns command

If the command is not configured, then traffic associated with this VPRN that arrives on a network interface with urpf-selected-vprns configured bypasses the uRPF checking options specified for that network interface.

Default

no urpf-check

Platforms

All

urpf-check

Syntax

[no] urpf-check

Context

[Tree] (config>router>if urpf-check)

[Tree] (config>router>if>ipv6 urpf-check)

Full Context

configure router interface urpf-check

configure router interface ipv6 urpf-check

Description

This command enables unicast RPF (uRPF) Check on this interface.

The no form of this command disables unicast RPF (uRPF) Check on this interface.

Platforms

All

urpf-selected-vprns

urpf-selected-vprns

Syntax

[no] urpf-selected-vprns

Context

[Tree] (config>router>if urpf-selected-vprns)

Full Context

configure router interface urpf-selected-vprns

Description

This command enables uRPF checking of incoming traffic on the network interface for the following packets.

  • Packets associated with the global routing table (base router) context.

  • Packets associated with VPRNs that have enabled the uRPF check using the config>service>vprn>network> ingress>urpf-check command.

If the command is not configured, the default action is to perform uRPF checks for all ingress traffic on the network interface (associated with the base router and all VPRNs) based on the IPv4 and IPv6 urpf-check configuration options of the network interface.

Default

no urpf-selected-vprns

Platforms

All

usage-monitoring

usage-monitoring

Syntax

[no] usage-monitoring

Context

[Tree] (config>app-assure>group>statistics>aa-sub usage-monitoring)

Full Context

configure application-assurance group statistics aa-sub usage-monitoring

Description

This command enables Gx usage monitoring the given AA group/partition. It can only be enabled if there is enough usage monitoring resources for all existing subs. Once disabled, all monitoring instances for AA subscribers are silently removed (no PCRF notifications) and all subsequent AA Gx usage monitoring messages are ignored.

Default

no usage-monitoring.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

use-arp

use-arp

Syntax

[no] use-arp

Context

[Tree] (config>service>vprn>if>dhcp use-arp)

[Tree] (config>service>ies>if>dhcp use-arp)

Full Context

configure service vprn interface dhcp use-arp

configure service ies interface dhcp use-arp

Description

This command enables the use of ARP to determine the destination hardware address.

The no form of this command disables the use of ARP to determine the destination hardware address.

Platforms

All

use-bgp-routes

use-bgp-routes

Syntax

[no] use-bgp-routes

Context

[Tree] (config>service>vprn>bgp>next-hop-res use-bgp-routes)

Full Context

configure service vprn bgp next-hop-resolution use-bgp-routes

Description

This command enables the use of BGP routes to resolve BGP next hops. When this command is enabled, any unlabeled IPv4 or IPv6 BGP route received from a VPRN BGP peer becomes resolvable by up to four other BGP routes in order to resolve the route to a VPRN IP interface.

This command also allows unlabeled IPv4 or IPv6 BGP routes leaked from the GRT with unresolved next hops (in the GRT) to be resolvable by BGP-VPN routes (of the VPRN).

The no form of this command reverts to the default behavior. By default, a VPRN BGP route is not resolvable by another VPRN BGP route or by a BGP-VPN route.

Default

no use-bgp-routes

Platforms

All

use-bgp-routes

Syntax

[no] use-bgp-routes

Context

[Tree] (config>router>bgp>next-hop-res use-bgp-routes)

Full Context

configure router bgp next-hop-resolution use-bgp-routes

Description

This command specifies whether to use BGP routes to recursively resolve the BGP next-hop of unlabeled IPv4 and unlabeled IPv6 routes. Up to four levels of recursion are supported.

The no form of this command reverts to the default behavior. By default, a BGP route is not resolvable by another BGP route.

Default

no use-bgp-routes

Platforms

All

use-bgp-routes

Syntax

use-bgp-routes

Context

[Tree] (config>router>bgp>next-hop-res>lbl-routes use-bgp-routes)

Full Context

configure router bgp next-hop-resolution labeled-routes use-bgp-routes

Description

Commands in this context configure labeled route options for next-hop resolution.

Platforms

All

use-broadcast-address

use-broadcast-address

Syntax

[no] use-broadcast-address

Context

[Tree] (config>port>ethernet>dwl use-broadcast-address)

Full Context

configure port ethernet down-when-looped use-broadcast-address

Description

This command specifies whether or not the down when looped destination MAC address is the broadcast address, or the local port MAC address, as specified in the port's MAC address.

Platforms

All

use-broadcast-mac

use-broadcast-mac

Syntax

[no] use-broadcast-mac

Context

[Tree] (config>service>ipipe>sap use-broadcast-mac)

Full Context

configure service ipipe sap use-broadcast-mac

Description

This command enables the user of a of broadcast MAC on SAP.

An Ipipe VLL service with the command enabled forwards unicast IP packets using the broadcast MAC address until the ARP cache is populated with a valid entry for the CE IP and MAC addresses.

The no form of this command enables the user of a of broadcast MAC on SAP.

Default

no use-broadcast-mac

Platforms

All

use-def-mcast

use-def-mcast

Syntax

[no] use-def-mcast

Context

[Tree] (config>service>vpls>isid-policy>entry use-def-mcast)

Full Context

configure service vpls isid-policy entry use-def-mcast

Description

The use-def-mcast option prevents local installation of the ISIDs in the range in the MFIB and uses the default multicast tree instead for a B-VPLS. In a node that does not have I-VPLS or static-isids, this command prevents the building of an MFIB entry for this ISID when received in a SPBM TLV and allows the broadcast of ISID based traffic on the default multicast tree. If an isid-policy exists, the core nodes can have this policy to prevent connectivity problems when some nodes are advertising an ISID and others are not. In a I-VPLS service if the customer MAC (C-MAC) is unknown, a frame will have the Multicast DA for an ISID (PBB-OUI + ISID) flooded on the default multicast tree and not pruned.

Default

no use-def-mcast

Platforms

All

use-default-template

use-default-template

Syntax

[no] use-default-template

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus use-default-template)

[Tree] (config>service>vprn>aaa>remote-servers>radius use-default-template)

Full Context

configure service vprn aaa remote-servers tacplus use-default-template

configure service vprn aaa remote-servers radius use-default-template

Description

This command specifies whether the RADIUS default user template is actively applied to the RADIUS user if no VSAs are returned with the auth-accept from the RADIUS server. When enabled, the radius_default user-template is actively applied if no VSAs are returned with the auth-accept from the RADIUS server and radius authorization is enabled.

The no form of this command disables the use of the RADIUS default template.

Default

no use-default-template

Platforms

All

use-default-template

Syntax

[no] use-default-template

Context

[Tree] (config>system>security>tacplus use-default-template)

Full Context

configure system security tacplus use-default-template

Description

This command specifies whether the user-template tacplus_default is actively applied to the TACACS+ user. When enabled, some parameters of the user-template tacplus_default are actively applied to all users that authenticate via TACACS+. See the user-template tacplus_default command for more details.

When disabled, the parameters of the template are not applied to TACACS+ users, and TACACS+ users can not connect to an SR OS router since the user access parameters are not available. In this case, TACACS+ can only be used for accounting.

Default

use-default-template

Platforms

All

use-default-template

Syntax

[no] use-default-template

Context

[Tree] (config>system>security>radius use-default-template)

Full Context

configure system security radius use-default-template

Description

This command specifies whether the RADIUS default user template is actively applied to the RADIUS user if no VSAs are returned with the auth-accept from the RADIUS server. When enabled, the radius_default user-template is actively applied if no VSAs are returned with the auth-accept from the RADIUS server and radius authorization is enabled.

The no form of this command disables the use of the RADIUS default template.

Default

no use-default-template

Platforms

All

use-default-template

Syntax

[no] use-default-template

Context

[Tree] (config>system>security>ldap use-default-template)

Full Context

configure system security ldap use-default-template

Description

This command specifies whether or not the default template is to be actively applied to LDAP users.

Default

use-default-template

Platforms

All

use-direct-map-as-default

use-direct-map-as-default

Syntax

[no] use-direct-map-as-default

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>app-profile-map use-direct-map-as-default)

Full Context

configure subscriber-mgmt sub-ident-policy app-profile-map use-direct-map-as-default

Description

This command enables direct mapping of application profile as default. With this flag, a script returned string is used as the named profile. If the named profiled cannot be found, the default profile is used.

The no form of this command disables the direct mapping.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

use-direct-map-as-default

Syntax

[no] use-direct-map-as-default

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>sla-profile-map use-direct-map-as-default)

[Tree] (config>subscr-mgmt>sub-prof>sla-prof-map use-direct-map-as-default)

[Tree] (config>subscr-mgmt>sub-ident-pol>sub-profile-map use-direct-map-as-default)

Full Context

configure subscriber-mgmt sub-ident-policy sla-profile-map use-direct-map-as-default

configure subscriber-mgmt sub-profile sla-profile-map use-direct-map-as-default

configure subscriber-mgmt sub-ident-policy sub-profile-map use-direct-map-as-default

Description

This command enables direct mapping of the profiles as default. With this flag, a string returned in authentication is used as the named profile. If the named profiled cannot be found, the default profile is used.

The no form of this command disables direct mapping.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

use-es-bmac

use-es-bmac

Syntax

[no] use-es-bmac

Context

[Tree] (config>service>vpls>pbb use-es-bmac)

Full Context

configure service vpls pbb use-es-bmac

Description

This command is only supported in B-VPLS instances where BGP-EVPN is enabled and controls the source B-MAC used by the system for packets coming from the SAP or spoke-SDPs when they belong to an EVPN Ethernet-Segment.

If enabled, the system will use a source B-MAC derived from the source-bmac (high order four bytes) and the least significant two bytes configured in config>service>system>bgp-evpn>eth-seg>source-bmac-lsb for all the packets coming from the local ethernet-segment.

If no use-es-bmac is configured, the system will use the regular source-bmac (provided by the config>service>vpls>pbb>source-bmac command, or the chassis bmac if the source-bmac is not configured).

Default

no use-es-bmac

Platforms

All

use-gi-address

use-gi-address

Syntax

use-gi-address [scope scope]

Context

[Tree] (config>router>dhcp>server use-gi-address)

[Tree] (config>service>vprn>dhcp>server use-gi-address)

Full Context

configure router dhcp local-dhcp-server use-gi-address

configure service vprn dhcp local-dhcp-server use-gi-address

Description

This command enables the use of gi-address matching. If the gi-address flag is enabled, a pool can be used even if a subnets is not found. If the local-user-db-name is not used, the gi-address flag is used and addresses are handed out by GI only. If a user must be blocked from getting an address the server maps to a local user database and configures the user with no address.

A pool can include multiple subnets. Since the GI is shared by multiple subnets in a subscriber interface the pool may provide IP addresses from any of the subnets included when the GI is matched to any of its subnets. This allows a pool to be created that represents a sub-int.

The no form of the reverts to the default.

Parameters

scope

Specifies if addresses are handed out for a certain subnet where the gi-address belongs to only or for all subnets part of the pool.

Values

subnet — Addresses are only handed out for the subnet where the gi-address is part.

pool — All subnets part of the pool which contain subnet where the gi-address is part of can hand out addresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

use-global-sampling-rate

use-global-sampling-rate

Syntax

[no] use-global-sampling-rate

Context

[Tree] (config>mirror>mirror-dest use-global-sampling-rate)

Full Context

configure mirror mirror-dest use-global-sampling-rate

Description

This command configures each mirror destination service to use the global sampling rate, which allows a single high-rate sampling rate for the entire system.

The no form of this command disables use of the global sampling rate for the mirror destination service. Disabling the global sampling rate causes each mirror destination to mirror either at the full rate (all packets) or to mirror at the mirror destination sampling rate if the sampling rate is specified under the sampling-rate command.

Default

no use-global-sampling-rate

Platforms

All

use-ingress-l2tp-dscp

use-ingress-l2tp-dscp

Syntax

[no] use-ingress-l2tp-dscp

Context

[Tree] (config>subscr-mgmt>sla-prof>egress use-ingress-l2tp-dscp)

Full Context

configure subscriber-mgmt sla-profile egress use-ingress-l2tp-dscp

Description

This command enables the use of the DSCP marking taken from the L2TP header received on an L2TP Access Concentrator (LAC) for egress classification for the subscriber host using the associated sla-profile.

This command is ignored if the ingress packet is not identified as an L2TP packet.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

use-lag-port-weight

use-lag-port-weight

Syntax

[no] use-lag-port-weight

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac>mc-constraints use-lag-port-weight)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac mc-constraints use-lag-port-weight

Description

This command enables port weight to be used when determining available bandwidth per level when LAG ports go down/come up. The command is required for proper operation on mixed port-speed LAGs and can be used for non-mixed port-speed LAGs as well.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

use-lag-port-weight

Syntax

use-lag-port-weight

no use-lag-port-weight

Context

[Tree] (config>service>vpls>sap>igmp-snooping>mcac>mc-constraints use-lag-port-weight)

Full Context

configure service vpls sap igmp-snooping mcac mc-constraints use-lag-port-weight

Description

This command enables port weight to be used when determining available bandwidth per level when LAG ports go down/come up. The command is required for correct operation on mixed port-speed LAGs and can be used for non-mixed port-speed LAGs as well.

Default

no use-lag-port-weight — The port number is used when determining available BW per level when LAG ports go down/come up.

Platforms

All

use-lag-port-weight

Syntax

[no] use-lag-port-weight

Context

[Tree] (config>service>vprn>mld>if>mcac>mc-constraints use-lag-port-weight)

[Tree] (config>service>vprn>igmp>if>mcac>mc-constraints use-lag-port-weight)

[Tree] (config>service>vprn>pim>if>mcac>mc-constraints use-lag-port-weight)

Full Context

configure service vprn mld interface mcac mc-constraints use-lag-port-weight

configure service vprn igmp interface mcac mc-constraints use-lag-port-weight

configure service vprn pim interface mcac mc-constraints use-lag-port-weight

Description

This command enables the port weight to be used when determining available bandwidth per level when LAG ports go down or come up. This command is required for proper operation on mixed port-speed LAGs and can also be used for non-mixed port-speed LAGs. The port number is used when determining available the bandwidth per level when LAG ports go down or come up.

Default

no use-lag-port-weight

Platforms

All

use-lag-port-weight

Syntax

[no] use-lag-port-weight

Context

[Tree] (config>router>mld>interface>mcac>mc-constraints use-lag-port-weight)

[Tree] (config>router>mcac>policy>bundle>mc-constraints use-lag-port-weight)

[Tree] (config>router>igmp>interface>mcac>mc-constraints use-lag-port-weight)

[Tree] (config>router>pim>interface>mcac>mc-constraints use-lag-port-weight)

Full Context

configure router mld interface mcac mc-constraints use-lag-port-weight

configure router mcac policy bundle mc-constraints use-lag-port-weight

configure router igmp interface mcac mc-constraints use-lag-port-weight

configure router pim interface mcac mc-constraints use-lag-port-weight

Description

This command enables port weight to be used when determining available bandwidth per level when LAG ports go down/come up. The command is required for proper operation on mixed port-speed LAGs and can be used for non-mixed port-speed LAGs as well.

The port number is used when determining available BW per level when LAG ports go down/come up.

The no form of this command disables the port weight.

Default

no use-lag-port-weight

Platforms

All

use-last-adj-bw

use-last-adj-bw

Syntax

[no] use-last-adj-bw

Context

[Tree] (config>router>mpls>lsp>auto-bandwidth use-last-adj-bw)

Full Context

configure router mpls lsp auto-bandwidth use-last-adj-bw

Description

This command enables the carryover of the last adjusted bandwidth from the previous path to the new path, whether primary or secondary, when the LSP switches between paths. It also creates a context for the configuration of the retry limit for secondary paths.

The no form of this command disables the carryover of the last adjusted bandwidth from the previous path to the new path.

Default

no use-last-adj-bw

Platforms

All

use-link-address

use-link-address

Syntax

use-link-address [scope scope]

no use-link-address

Context

[Tree] (config>router>dhcp6>server use-link-address)

[Tree] (config>service>vprn>dhcp6>server use-link-address)

Full Context

configure router dhcp6 local-dhcp-server use-link-address

configure service vprn dhcp6 local-dhcp-server use-link-address

Description

This command configures the local pool selection for IPv6 address or prefix assignment for the configured link-address under relay configuration. The selected pool will contain a prefix covering the link-address. The scope option defines the scope for the match. With scope subnet, the prefix or address selection is limited to the prefix in the pool that covers the link-address. With scope pool, all the prefixes in the selected pool are eligible for assignment.

The no form of the reverts to the default.

Default

scope subnet

Parameters

scope

Specifies the scope of the IP address selection.

Values

subnet — Specifies that the prefix or address selection is limited to the prefix in the pool that covers the link address.

pool — Specifies that all prefixes in the selected pool are eligible for assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

use-outside-ip-address

use-outside-ip-address

Syntax

[no] use-outside-ip-address

Context

[Tree] (config>li use-outside-ip-address)

Full Context

configure li use-outside-ip-address

Description

This command enables LI to be performed on an L2-Aware NAT subscriber after NAT. The LI traffic will contain the subscriber’s outside public IP address instead of the default private IP address.

The no form of this command disables the use of the outside public IP address for the L2-Aware NAT subscriber.

Platforms

All

use-pool-from-client

use-pool-from-client

Syntax

use-pool-from-client delimiter delimiter

use-pool-from-client

no use-pool-from-client

Context

[Tree] (config>router>dhcp>server use-pool-from-client)

[Tree] (config>service>vprn>dhcp>server use-pool-from-client)

Full Context

configure router dhcp local-dhcp-server use-pool-from-client

configure service vprn dhcp local-dhcp-server use-pool-from-client

Description

This command enables the use of the pool indicated by DHCP client. When enabled, the IP address pool to be used by this server is the pool is indicated by the vendor-specific sub-option 13 of the DHCP option 82. When disabled or if there is no sub-option 13 in the DHCP message, the pool selection falls back to the use-gi-address configuration.

The no form of this command disables the use of the pool indicated by DHCP client.

Parameters

delimiter

A single ASCII character specifies the delimiter of separating primary and secondary pool names in Option82 VSO.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

use-sap-bmac

use-sap-bmac

Syntax

[no] use-sap-bmac

Context

[Tree] (config>service>vpls>pbb use-sap-bmac)

Full Context

configure service vpls pbb use-sap-bmac

Description

This command enables on a per BVPLS basis the use of source B-MACs allocated to multi-homed SAPs (assigned to an MC-LAG) in the related IVPLS or Epipe service. The command will fail if the value of the source-bmac assigned to the BVPLS is the hardware (chassis) B-MAC. That is, the source-bmac must be a configured one.

Default

no use-sap-bmac

Platforms

All

use-sdp-bmac

use-sdp-bmac

Syntax

[no] use-sdp-bmac

Context

[Tree] (config>service>epipe>spoke-sdp use-sdp-bmac)

Full Context

configure service epipe spoke-sdp use-sdp-bmac

Description

This command indicates that this spoke SDP is expected to be part of a redundant pseudowire connected to a PBB Epipe service. Enabling this parameter will cause traffic forwarded from this spoke SDP into the B-VPLS domain to use a virtual backbone MAC as its source MAC address when both this, and the control pseudowire, are in the active state on this BEB. This virtual backbone MAC is derived from the SDP source-bmac-lsb configuration.

This command will fail when configuring it under a spoke SDP within a PBB-Epipe that is connected to a B-VPLS with mac-notification enabled.

Default

no use-sdp-bmac

Platforms

All

use-virtual-mac

use-virtual-mac

Syntax

[no] use-virtual-mac

Context

[Tree] (config>service>vprn>router-advert>if use-virtual-mac)

Full Context

configure service vprn router-advertisement interface use-virtual-mac

Description

This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of this command disables sending router advertisement messages.

Default

no use-virtual-mac

Platforms

All

use-virtual-mac

Syntax

[no] use-virtual-mac

Context

[Tree] (config>router>router-advert>if use-virtual-mac)

Full Context

configure router router-advertisement interface use-virtual-mac

Description

This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of this command disables sending router advertisement messages.

Default

no use-virtual-mac

Platforms

All

use-vrtr-if-index

use-vrtr-if-index

Syntax

[no] use-vrtr-if-index

Context

[Tree] (config>cflowd use-vrtr-if-index)

Full Context

configure cflowd use-vrtr-if-index

Description

This command is used to export flow data using interface indexes (ifIndex values), which can be used directly as the index into the IF-MIB tables for retrieving interface statistics. Specifically, if this command is enabled, the ingressInterface (ID=10) and egressInterface (ID= 14) fields in IP flow templates used to export the flow data to cflowd version 9 and version 10 collectors will be populated with the IF-MIB ifIndex of that interface. In addition, for version 10 templates, two fields are available in the IP flow templates to specify the virtual router ID associated with the ingress and egress interfaces.

The no form of this command removes the command from the active configuration and causes cflowd to return to the default behavior of populating the ingress and egress interface ID with the global IF index IDs.

Default

no use-vrtr-if-index

Platforms

All

user

user

Syntax

[no] user user-name

Context

[Tree] (config>system>security user)

Full Context

configure system security user

Description

This command creates a local user and a context to edit the user configuration.

If a new user-name is entered, the user is created. When an existing user-name is specified, the user parameters can be edited.

When creating a new user and then entering the info command, the system displays a password in the output. This is expected behavior in the hash2 scenario. However, when using that user name, there will be no password required. The user can login to the system and then <ENTER> at the password prompt, the user will be logged in.

Unless an administrator explicitly changes the password, it will be null. The hashed value displayed uses the username and null password field, so when the username is changed, the displayed hashed value will change.

The no form of this command deletes the user and all configuration data. Users cannot delete themselves.

Parameters

user-name

Specifies the name of the user up to 32 characters.

Platforms

All

user-db

user-db

Syntax

user-db local-user-db-name

no user-db

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host user-db)

Full Context

configure subscriber-mgmt local-user-db ppp host user-db

Description

This command specifies local user database for PPP PAP/CHAP access.

With this configuration, system will access the specified DB again during PPP PAP/CHAP phase.

This configuration only becomes effective when system is accessing parent DB during PPPoE discovery phase.

The no form of this command removes the name from the configuration.

Parameters

local-user-db-name

Specifies the name of the local user database for PAP/CHAP access.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-db-name

no user-db

Context

[Tree] (config>service>vprn>sub-if>grp-if>pppoe user-db)

[Tree] (config>service>ies>sub-if>grp-if>pppoe user-db)

Full Context

configure service vprn subscriber-interface group-interface pppoe user-db

configure service ies subscriber-interface group-interface pppoe user-db

Description

This command configures the local user database to use for PPP PAP/CHAP authentication.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the local user database name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-db-name [create]

no user-db

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 user-db)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp6 user-db)

[Tree] (config>service>ies>sub-if>grp-if>dhcp6 user-db)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 user-db)

[Tree] (config>service>ies>sub-if>grp-if>dhcp user-db)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp user-db)

[Tree] (config>router>dhcp>server user-db)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 user-db

configure service vprn subscriber-interface group-interface dhcp6 user-db

configure service ies subscriber-interface group-interface dhcp6 user-db

configure service ies subscriber-interface group-interface ipv6 dhcp6 user-db

configure service ies subscriber-interface group-interface dhcp user-db

configure service vprn subscriber-interface group-interface dhcp user-db

configure router dhcp local-dhcp-server user-db

Description

This command configures a local user database for authentication.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the name of a user database, up to 32 characters.

create

Keyword used to create the user database. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-db-name

no user-db

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-relay user-db)

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay user-db)

Full Context

configure service ies interface ipv6 dhcp6-relay user-db

configure service vprn interface ipv6 dhcp6-relay user-db

Description

This command enables access to the LUDB for DHCPv6 messages under a routed interface. The name of this LUDB must match the name of the LUDB configured by the config>sub-gmt>local-user-db command.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the name of the local user database, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-database-name

no user-db

Context

[Tree] (config>subscr-mgmt>gtp>apn-policy>apn user-db)

Full Context

configure subscriber-mgmt gtp apn-policy apn user-db

Description

This command configures the LUDB with which the GTP connection is authenticated.

The no form of this command removes the user database for authentication with this APN. Only new session setups are affected.

Default

no user-db

Parameters

local-user-database-name

Specifies the name of the LUDB to be used, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-db-name

no user-db

Context

[Tree] (config>router>l2tp>group>ppp user-db)

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp user-db)

[Tree] (config>router>l2tp>group>tunnel>ppp user-db)

[Tree] (config>service>vprn>l2tp>group>ppp user-db)

Full Context

configure router l2tp group ppp user-db

configure service vprn l2tp group tunnel ppp user-db

configure router l2tp group tunnel ppp user-db

configure service vprn l2tp group ppp user-db

Description

This command configures the local user database to use for PPP PAP/CHAP authentication.

Default

no user-db

Parameters

local-user-db-name

Specifies the local user database name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-db-name

no user-db

Context

[Tree] (config>service>ies>sub-if>grp-if>wpp user-db)

[Tree] (config>service>vprn>sub-if>grp-if>wpp user-db)

Full Context

configure service ies subscriber-interface group-interface wpp user-db

configure service vprn subscriber-interface group-interface wpp user-db

Description

This command configures the user database.

Note:

If configured, the values configured under grp-if will only be used if there is no corresponding value returned from LUDB lookup.

This command specifies the LUDB system use to lookup while creating initial host before WPP authentication. LUDB could return WPP attributes such as portal name, initial-sla-profile, initial-sub-profile, and so on LUDB is configured in config>subscr-mgmt>local-user-db context.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the Local User Database name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

[no] user-db

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-sol user-db)

Full Context

configure service ies subscriber-interface group-interface ipv6 router-solicit user-db

Description

This command enables the use of the local-user-database for authentication.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the name of the local-user-database to authenticate the router-solicit. The local-user-database can also return a static prefix or a pool name for address assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db local-user-db-name

no user-db

Context

[Tree] (config>service>ies>sub-if>grp-if>ipoe-session user-db)

[Tree] (config>service>vprn>sub-if>grp-if>ipoe-session user-db)

[Tree] (config>service>vpls>sap>ipoe-session user-db)

Full Context

configure service ies subscriber-interface group-interface ipoe-session user-db

configure service vprn subscriber-interface group-interface ipoe-session user-db

configure service vpls sap ipoe-session user-db

Description

This command configures the local user database to use for IPoE session authentication.

When configured on a capture SAP, the group interface must have the same local user database configured.

On a wlan-gw group interface, the no form of this command indicates that the user database is picked from the following sources in the order shown:

  1. dhcp

  2. ipv6>dhcp6

  3. ipv6>router-solicit

If no user database can be found in any of these locations, processing continues as if no user database was configured. This behavior is for backwards compatibility reasons only; when using a LUDB, it should be explicitly added to the IPoE session configuration.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the local user database name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-db

Syntax

user-db name

no user-db

Context

[Tree] (config>li>x-interfaces user-db)

Full Context

configure li x-interfaces user-db

Description

This command configures the location of the data-trigger host for the LIC.

The no form of this command reverts to the default.

Parameters

name

Specifies the local user database name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

user-equipment-info

user-equipment-info

Syntax

user-equipment-info [type ue-info-type]

no user-equipment-info

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>include-avp user-equipment-info)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp user-equipment-info)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp user-equipment-info

configure subscriber-mgmt diameter-application-policy gx include-avp user-equipment-info

Description

This command includes the user-equipment-info in CCR messages.

The no form of this command resets the command to the default setting.

Default

user-equipment-info type mac

Parameters

ue-into-type

Specifies what is included in the Diameter User-Equipment-Info attribute if included in Diameter Gx messages.

Values

eui64, imeisv, mac, modified-eui64

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt diameter-application-policy gy include-avp user-equipment-info

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt diameter-application-policy gx include-avp user-equipment-info

user-ident

user-ident

Syntax

user-ident user-ident

no user-ident

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 user-ident)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 user-ident)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 user-ident

configure service ies subscriber-interface group-interface ipv6 dhcp6 user-ident

Description

This feature is only applicable when DHCPv6-snooping is enabled. The Ethernet header MAC address on DHCPv6 is used as the default key host identification. This command allows addition the keys for identifying the DHCPv6 host. The interface-id can be included in addition to the MAC key to further differentiate each DHCPv6 host.

The no form of this command reverts to the default.

Default

user-ident mac

Parameters

user-ident

Specifies the DHCP6 user-identification for this interface.

Values

mac — Specifies to use only the Ethernet MAC of the DHCPv6 message to identify the host.

mac-interface-id — Specifies to additionally use the interface-id to identify the DHCPv6 host.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-ident

Syntax

user-ident user-ident

no user-ident

Context

[Tree] (config>service>vprn>dhcp>server user-ident)

[Tree] (config>router>dhcp>server user-ident)

Full Context

configure service vprn dhcp local-dhcp-server user-ident

configure router dhcp local-dhcp-server user-ident

Description

This command configures the user identification method for the DHCPv4 server.

The no form of the reverts to the default.

Default

user-ident mac-circuit-id

Parameters

user-ident

Specifies the user identification method

Values

client-id — Specifies to use the DHCPv4 client identifier as the user identification method.

circuit-id — Specifies to use the circuit identifier of the DHCPv4 client as the user identification method.

mac — Specifies to use the MAC address of the DHCPv4 client as the user identification method.

mac-circuit-id — Specifies to use the MAC address and circuit identifier of the DHCPv4 client as the user identification method.

remote-id — Specifies to use the MAC address of the remote end as the user identification method.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-ident

Syntax

user-ident user-ident

no user-ident

Context

[Tree] (config>router>dhcp6>server user-ident)

[Tree] (config>service>vprn>dhcp6>server user-ident)

Full Context

configure router dhcp6 local-dhcp-server user-ident

configure service vprn dhcp6 local-dhcp-server user-ident

Description

This command configures the keys for identification of the DHCPv6 lease being held in the lease-database (for configured period after lease timeout). Subscriber requesting a lease via DHCPv6 that matches an existing lease based on this configured key is handed the matched prefix or address. This allows address and prefix "stickiness” for DHCPv6 assigned prefixes (IA_NA or PD).

The no form of the reverts to the default.

Default

user-ident duid

Parameters

user-ident

Specifies the user identification method.

Values

duid — Specifies the IPv6 DHCP unique identifier from DHCPv6.

interface-id — Specifies the IPv6 interface-id option.

interface-id-link-local — Specifies the interface-id and link-local address.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-location-info

user-location-info

Syntax

[no] user-location-info

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp user-location-info)

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp user-location-info)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp user-location-info

configure subscriber-mgmt diameter-application-policy nasreq include-avp user-location-info

Description

This command enables the inclusion of the 3GPP-User-Location-Information AVP as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the AVP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

user-name

user-name

Syntax

user-name name [create]

no user-name name

Context

[Tree] (config>service>dynsvc>ladb user-name)

Full Context

configure service dynamic-services local-auth-db user-name

Description

This command creates a user name entry in the local authentication database. The user name entry is used to match with the user name of a local authenticated dynamic service data trigger. The user name of a dynamic service data trigger is fixed to the sap-id. When matched, the corresponding authentication data is used to set up the dynamic data services.

The no form of this command removes the user name entry from the local authentication database configuration.

Parameters

name

Specifies the user name entry name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-name

Syntax

[no] user-name

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute user-name)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute user-name

Description

This command enables the inclusion of the user-name attribute.

The no form of this command disables the inclusion of the user-name attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-name

Syntax

user-name user-name

no user-name

Context

[Tree] (config>aaa>radius-srv-plcy>servers>health-check>test-account user-name)

Full Context

configure aaa radius-server-policy servers health-check test-account user-name

Description

This command specifies the username that the test account will use to send its access requests to probe the RADIUS servers.

The no form of this command removes the username from the test-account configuration.

Parameters

user-name

Specifies the probing username, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-name

Syntax

[no] user-name

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes user-name)

Full Context

configure aaa isa-radius-policy acct-include-attributes user-name

Description

This command enables the inclusion of user name attributes.

The no form of the command excludes user name attributes.

Default

no user-name

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

user-name-format

user-name-format

Syntax

user-name-format format [mac-format mac-format]

user-name-format format append [domain-name] [mac-format mac-format]

user-name-format format append domain-name

user-name-format format default-domain domain-name [mac-format mac-format]

user-name-format format replace domain-name [mac-format mac-format]

user-name-format format strip [mac-format mac-format]

no user-name-format

Context

[Tree] (config>subscr-mgmt>auth-policy user-name-format)

Full Context

configure subscriber-mgmt authentication-policy user-name-format

Description

This command defines the format of the "user-name” field in the session authentication request sent to the RADIUS server.

The no form of this command switches to the default format, mac.

Default

By default, the MAC source address of the DHCPv4 DISCOVER or DCHPv6 SOLICIT message is used in the user-name field.

Parameters

format

Specifies the user name format in RADIUS message.

Values

ascii-converted-circuit-id, ascii-converted-tuple, circuit-id, dhcp-client-vendor-opts, mac, mac-giaddr, tuple

ascii-converted-circuit-id — Identical to circuit-id, but the user name is sent to the RADIUS server as a string of hex digits, for use if there is binary data in the circuit-id

ascii-converted-tuple — Identical to tuple, but the circuit-id part of the user name is sent to the RADIUS server as a string of hex digits, for use if there is binary data in the circuit-id

circuit-id — If the system serves as a DHCP relay server which inserts option 82 info, the user name is formatted as defined under DHCP information option. If the system is not a DHCP relay server, the circuit-id is taken from option 82 in the received DHCP message. If no circuit-id can be found, the DHCP-msg is rejected.

dhcp-client-vendor-opts — IPoEv4 host (IPoE session enabled or disabled on group-interface) — The RADIUS user-name is a concatenation of the DHCPv4 Client Identifier Option 61, an "@” delimiter, and the DHCPv4 Vendor Class Identifier Option 60. Non-printing characters in the DHCP option values are converted as described below.

IPoEv6 host (IPoE session enabled on group-interface) — The RADIUS user-name is a concatenation of the identifier field of a type 2 DUID in the DHCPv6 Client Identifier Option 1, the "@” delimiter, and the opaque data field of the first vendor class data in the DHCPv6 Vendor Class Option 16. Non-printing characters in the DHCP option values are converted as described below.

IPoEv6 host (IPoE session disabled on group-interface) — The MAC source address of the DHCPv6 SOLICIT message.

In the absence of a DHCPv4 Client Identifier Option 61 or a DHCPv6 Client Identifier Option 1 containing a DUID type 2, the DHCP client MAC address is used.

In the absence of a DHCPv4 Vendor Class Identifier Option 60 or a DHCPv6 Vendor Class Option 16, the "@” delimited is omitted and nothing is appended.

Non-printing characters, that is, characters outside the ASCII range hex 21 through hex 7E, are converted into an underscore (hex 5F) character.

mac — The MAC source address of the DHCPv4 DISCOVER or DHCPv6 SOLICIT message is used in the user-name field. The format of the MAC address string used as the user name in the RADIUS authentication requests uses lowercase hex digits, and ":” as the inter-digit separator, for example, 00:11:22:aa:bb:cc is valid but 00-11-22-AA-BB-CC will return an error. The RADIUS server must be configured accordingly, otherwise the authentication request will fail.

mac-giaddr — A concatenation of the MAC address and the Relay Agent IP address (giaddr)

tuple — Specifies that the concatenation of MAC source address and circuit-ID are used in the user-name field

mac-format

Specifies how a MAC address is represented when contacting a RADIUS server. This is only used while the value of is equal to the DHCP client vendor options and if the MAC address is used by default of the DHCP client vendor options.

Examples:

ab:

00:0c:f1:99:85:b8 7xxx style

XY-

00-0C-F1-99-85-B8 IEEE canonical style

mmmm.

0002.03aa.abff Cisco style

append

Specifies the data type which is an enumerated integer that indicates what needs to be appended to the user-name sent to the RADIUS server.

Values

1 — nothing 2 — domain name

domain

Specifies to user the domain name. In some instances it is desired to add a domain only to usernames which have omitted the domain (@domain). In these instances a default-domain can be appended to usernames which lack a @domain.

append

Adds a "@” delimiter and the specified string after the PAP/CHAP username. No allowance is made for the presence of an existing domain or @ delimited.

replace

Replaces the character-string after the "@” delimiter with the string specified.

strip

Removes all characters after and including the "@” delimiter.

For example:

Command: append
String:     domainA-1.com
PAP/CHAP User:    someuser
Resulting User:    someuser@domainA-1.com

Command: append
String:     domainA-1.com
PAP/CHAP User:    someuser@existing-domain.net
Resulting User:    someuser@existing-domain.net@domainA-1.com

Command: strip
String:            
PAP/CHAP User:    someuser@existing-domain.net
Resulting User:    someuser

Command: replace
String:     domainA-1.com
PAP/CHAP User:    someuser@existing-domain.net
Resulting User:    someuser@domainA-1.com

Command: default-domain
String:    domainA-1.com
PAP/CHAP User:    someuser@existing-domain.net
Resulting User:    someuser@existing-domain.net

Command: default-domain
String: domainA-1.com
PAP/CHAP User:    someuser
Resulting User:    someuser@domainA-1.com

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-name-format

Syntax

user-name-format format

no user-name-format

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq user-name-format)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq user-name-format

Description

This command defines the format of the User-Name AVP value in Diameter NASREQ AA-Requests for IPoE hosts.

The no form of this command reverts to the default.

Parameters

format

Specifies the format of the User-Name AVP value.

Values

mac — Specifies to use the MAC source address of the DHCPv4 DISCOVER or DHCPv6 SOLICIT message in the user-name field. The format of the MAC address string is defined with the mac-format CLI command.

circuit-id — Specifies to use the circuit ID to identify the user toward the server. If the system serves as a DHCP relay server which inserts option 82 info, the user name is formatted as defined under DHCP information option. If the system is not a DHCP relay server, the circuit-id is taken from option 82 in the received DHCP message. If no circuit-id can be found, the DHCP-msg is rejected.

tuple — Specifies to use a concatenation of MAC source address and circuit-ID.

ascii-converted-circuit-id — Identical to circuit-id, but the user name is a string of hex digits, for use if there is binary data in the circuit-id.

ascii-converted-tuple — Specifies a string of hex digits, for use if there is binary data in the circuit-id.

dhcp-client-vendor-opts — Specifies to use a concatenation of the DHCPv4 Client Identifier Option 61, the "@” delimiter, and the DHCPv4 Vendor Class Identifier Option 60. Non-printing characters in the DHCP option values are converted as described below.

In the absence of a DHCPv4 Client Identifier Option 61, the DHCP client MAC address is used.

In the absence of a DHCPv4 Vendor Class Identifier Option 60, the "@” delimiter is omitted and nothing is appended.

Non-printing characters, that is, characters outside the ASCII range hex 21 through hex 7E, are converted into an underscore (hex 5F) character.

mac-giaddr — Specifies to use a concatenation of MAC source address and DHCP GI address.

nas-port-id — Specifies to use a value of the nas-port-id with format defined in the include-avp section.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-name-format

Syntax

user-name-format user-name-format [mac-format mac-format]

no user-name-format

Context

[Tree] (config>aaa>isa-radius-plcy user-name-format)

Full Context

configure aaa isa-radius-policy user-name-format

Description

This command defines the format of the user-name field in the session authentication request sent to the RADIUS server. For authentication of IPv6 triggers (ICMPv6, DHCPv6, IPv6 data-trigger) the user-name format will always fall back to mac only.

The no form of the command switches to the default format, mac.

Default

user-name-format mac mac-format alu (the MAC source address of the DHCP DISCOVER message is used in the user-name field)

Parameters

user-name-format

Specifies the user name format in RADIUS message.

mac-format

Specifies how a MAC address is represented when contacting a RADIUS server. This is only used while the value of is equal to the DHCP client vendor options and if the MAC address is used by default of the DHCP client vendor options.

Examples:

ab:

00:0c:f1:99:85:b8 Nokia 7xxx style

XY-

00-0C-F1-99-85-B8 IEEE canonical style

mmmm.

0002.03aa.abff Cisco style

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

user-name-operation

user-name-operation

Syntax

user-name-operation operation [domain domain-name]

no user-name-operation

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq user-name-operation)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq user-name-operation

Description

This command enables domain name manipulation of the user name, such as append, strip, replace or add as default.

For IPoE, this command only applies when user-name-format is configured to dhcp-client-vendor-opts.

The no form of this command reverts to the default.

Parameters

operation

Specifies the user name manipulations with respect to domain name values.

Values

append-domain – appends an "@” delimiter with the specified domain-name at the end of the user-name, independent if a domain name was already present

strip-domain – removes all characters after and including the "@” delimiter

default-domain – adds an "@” delimiter and the specified domain name to user-names that have no domain name present

replace-domain – replaces the characters after the "@” delimiter with the specified domain-name

domain-name

Specifies the domain name string to be used in the specified operation, up to 128 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

user-srlg-db

user-srlg-db

Syntax

user-srlg-db [enable | disable]

Context

[Tree] (config>router>mpls user-srlg-db)

Full Context

configure router mpls user-srlg-db

Description

This command enables the use of CSPF by the user SRLG database. When the MPLS module makes a request to CSPF for the computation of an SRLG secondary path, CSPF will query the local SRLG and compute a path after pruning links that are members of the SRLG IDs of the associated primary path. When MPLS makes a request to CSPF for an FRR bypass or detour path to associate with the primary path, CSPF queries the user SRLG database and computes a path after pruning links that are members of the SRLG IDs of the PLR outgoing interface.

If an interface was not entered into the user SRLG database, it is assumed that it does not have any SRLG membership. CSPF will not query the TE database for IGP advertised interface SRLG information.

The disable keyword disables the use of the user SRLG database. CSPF will then resume queries into the TE database for SRLG membership information. The user SRLG database is maintained.

Default

user-srlg-db disable

Platforms

All

user-template

user-template

Syntax

user-template {tacplus_default | radius_default | ldap-default}

Context

[Tree] (config>system>security user-template)

Full Context

configure system security user-template

Description

This command configures default security user template parameters.

Parameters

tacplus_default

Specifies the default TACACS+ user template. All parameters of the tacplus_default template except the "profile” are actively applied to all TACACS+ users if tacplus use-default-template is enabled. The profile parameter is used for AAA command authorization if TACACS+ authorization is disabled, or if the TACACS+ server does not return a priv-lvl for a user when use-priv-lvl is enabled under tacplus authorization. See the tacplus authorization command for more details.

radius_default

Specifies the default RADIUS user template. The radius_default template is actively applied to a RADIUS user if radius authorization is enabled, radius use-default-template is enabled, and no VSAs are returned with the auth-accept from the RADIUS server.

ldap_default

Specifies the default LDAP user template.

Platforms

All

username

username

Syntax

username user-name

username user-name no-domain

username user-name domain-only

no username

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident username)

Full Context

configure subscriber-mgmt local-user-db ppp host host-identification username

Description

This command specifies the PPPoE username to match for a host lookup. When no-domain or domain-only is specified, the username "user[@domain]" is converted to a user and a domain entity by splitting it on the first @-sign before matching on the specific entity.

Note:

This command is only used when username is configured as one of the match-list parameters.

The no form of this command removes the username from the configuration.

Parameters

username

Specifies the user name, up to 253 characters, of this host. For example, "jane@nokia.com”.

no-domain

Only the user user part of the username is specified and used for matching. For example "jane".

domain-only

Only the domain part of the username is specified and used for matching, for example, nokia.com.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

username

Syntax

[no] username username

Context

[Tree] (debug>service>id>ppp username)

Full Context

debug service id ppp username

Description

This command enable PPP debug for the specified username. since not all PPP packets contain username, so a MAC debug filter is created automatically when system sees a PPP packet contain the specified username.

Multiple username filters can be specified in the same debug command.

The no form of this command disables debugging.

Parameters

user-name

Specifies the PPP username.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

usm-community

usm-community

Syntax

usm-community community-string [hash | hash2 | custom] group group-name [src-access-list list-name]

no usm-community community-string [hash | hash2 | custom]

Context

[Tree] (config>system>security>snmp usm-community)

Full Context

configure system security snmp usm-community

Description

This command is used to associate a community string with an SNMPv3 access group and its view. The access granted with a community string is restricted to the scope of the configured group.

Nokia’s SR OS implementation of SNMP uses SNMPv3. In order to implement SNMPv1 and SNMPv2c configurations, several access groups are predefined. In order to implement SNMP with security features (Version 3), security models, security levels, and USM communities must be explicitly configured. Optionally, additional views which specify more specific OIDs (MIB objects in the subtree) can be configured.

The no form of this command removes a community string.

Parameters

community-string

Specifies the SNMPv1/SNMPv2c community string to determine the SNMPv3 access permissions to be used. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

group

Specifies the group that governs the access rights of this community string. This group must be configured first in the config>system>security>snmp> access group context. Nokia does not recommend associating a usm-community with an SNMP access group that is configured with the li (lawful intercept) context.

list-name

Specifies the usm-community to reference a specific src-access-list that will be used to validate the source IP address of all received SNMP requests that use this usm-community. Multiple community, usm-community, or vprn snmp community instances can reference the same src-access-list.

Platforms

All

util-stats-interval

util-stats-interval

Syntax

util-stats-interval seconds

Context

[Tree] (config>port>ethernet util-stats-interval)

Full Context

configure port ethernet util-stats-interval

Description

This command configures the interval used to calculate the utilization statistics.

Port utilization statistics are only available for physical Ethernet ports on a host system. These statistics are not available for the following:

  • Ethernet ports on an Ethernet satellite

  • Ethernet ports on a VSR

  • PXC ports

  • vsm-cca-xp ports

Parameters

seconds

Specifies the size of the interval, in seconds.

Values

30 to 600

Default

300

Platforms

All