s Commands

s-pmsi

s-pmsi

Syntax

s-pmsi [{vpnSrcAddr [vpnGrpAddr]} [mdSrcAddr]]

no s-pmsi

Context

[Tree] (debug>router>pim s-pmsi)

Full Context

debug router pim s-pmsi

Description

This command enables debugging for PIM selective provider multicast service interface.

The no form of this command disables the debugging.

Parameters

vpnSrcAddr

Specifies the VPN source address.

vpnGrpAddr

Specifies the VPN group address.

mdSrcAddr

Specifies the source address of the multicast domain.

Platforms

All

s-tag

s-tag

Syntax

s-tag qtag1 c-tag-range qtag2 [to qtag2]

no s-tag qtag1 c-tag-range qtag2

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>qinq s-tag)

Full Context

configure service system bgp-evpn ethernet-segment qinq s-tag

Description

This command determines the inner VIDs (for a specified outer VID) associated with the virtual Ethernet Segment on a specific qinq port or LAG based on the following:

  • Values *, null, 0 to 4094 are allowed.

  • Any SAP for which the outer and inner service-delimiting qtags match the range is associated with the virtual ES, and only those, for example, SAP 1/1/1:10.* will not match port 1/1/1, s-tag 10 c-tag-range 10 to 100.

  • A maximum of 8 ranges (including the s-tag ranges) are allowed in the qinq context.

  • A c-tag range can be composed of a single qtag.

  • Shutting down the ES is not required before making changes.

  • A qtag included in the s-tag-range command cannot be included in the s-tag qtag of this command.

Note:

Not all qtag1 and qtag2 combinations are valid for values 0, *, and null. The following combinations are allowed:

  • s-tag 0 c-tag-range *

  • s-tag * c-tag-range *

  • s-tag * c-tag-range null

  • s-tag null c-tag-range null

  • s-tag X c-tag-range 0 (where: X=1 to 4094)

  • s-tag X c-tag-range * (where: X=1 to 4094)

The no form of the command removes the configured range. Only the first qtag1 value is required to remove the range.

Parameters

qtag1

Specifies the outer VID for the c-tag range.

Values

*, null, 0 to 4094

qtag2

Specifies the inner VID for the c-tag range. When configuring a range of qtags (and not a single value), the second qtag1 value must be greater than the value of the first qtag1.

Values

*, null, 0 to 4094

Platforms

All

s-tag-range

s-tag-range

Syntax

s-tag-range qtag1 [to qtag1]

no s-tag-range qtag1

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>qinq s-tag-range)

Full Context

configure service system bgp-evpn ethernet-segment qinq s-tag-range

Description

This command determines the VIDs associated with the virtual Ethernet Segment on a specific qinq port or LAG based on the following considerations:

  • Values *, 0 to 4094 are allowed.

  • Any SAP for which the service-delimiting qtag matches the range is associated with the virtual ES, and only those, for example, SAP 1/1/1:0.* will not match port 1/1/1, s-tag-range 100.

  • Maximum 8 ranges are allowed in the qinq context.

  • A range can be composed of a single qtag.

  • Shutting down the ES is not required before making changes in the q-tag-range.

The no form of the command removes the configured range. Only the first qtag1 value is required to remove the range.

Parameters

qtag1

Specifies the outer VID. When configuring a range of qtags (and not a single value), the second qtag1 value must be greater than the first qtag1.

Values

*, 0 to 4094

Platforms

All

s1-release

s1-release

Syntax

[no] s1-release

Context

[Tree] (config>subscr-mgmt>acct-plcy>triggered-updates>gc s1-release)

Full Context

configure subscriber-mgmt radius-accounting-policy triggered-updates gtp-change s1-release

Description

This command configures the router to send an interim accounting update when an S1 release (idle) procedure is performed.

The no form of the command configures the router not to send an interim accounting update when an S1 release (idle) procedure is performed.

Default

no s1-release

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

s11

s11

Syntax

s11

Context

[Tree] (config>service>vprn>gtp s11)

[Tree] (config>router>gtp s11)

Full Context

configure service vprn gtp s11

configure router gtp s11

Description

This command enables GTP configuration related to S11 termination in this VRF.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

s2l-path

s2l-path

Syntax

[no] s2l-path path-name to ip-address

Context

[Tree] (config>router>mpls>lsp>primary-p2mp-instance s2l-path)

Full Context

configure router mpls lsp primary-p2mp-instance s2l-path

Description

This command creates a root-to-leaf (S2L) sub-LSP path for the primary instance of a P2MP LSP. The primary instance of a P2MP LSP is modeled as a set of root-to-leaf (S2L) sub-LSPs. The root, for example, head-end node, triggers signaling using one path message per S2L path. The leaf sub-LSP paths are merged at branching points.

Each S2L sub-LSP is signaled in a separate path message. Each leaf node will respond with its own RESV message. A branch LSR node will forward the path message of each S2L sub-LSP to the downstream LSR without replicating it. It will also forward the RESV message of each S2L sub-LSP to the upstream LSR without merging it with the RESV messages of other S2L sub-LSPs of the same P2MP LSP. The same is done for subsequent refreshes of the path and RESV states.

The S2L paths can be empty paths or can specify a list of explicit hops. The path name must exist and must have been defined using the config>router>mpls>path command. The same path name can be re-used by more than one S2L of the primary P2MP instance. However, the to keyword must have a unique argument per S2L as it corresponds to the address of the egress LER node.

This command is not supported on the 7450 ESS.

Parameters

path-name

Specifies the name of the path which consists of up to 32 alphanumeric characters.

to ip-address

Specifies the IP address of the egress router.

Platforms

All

sa-db

sa-db

Syntax

sa-db [group grpAddr] [source srcAddr] [rp rpAddr]

no sadb

Context

[Tree] (debug>router>msdp sa-db)

Full Context

debug router msdp sa-db

Description

This command enables debugging for Multicast Source Discovery Protocol (MSDP) source-active requests.

The no form of the command disables the MSDP source-active database debugging.

Parameters

grpAddr

Debugs the IP address of the group.

srcAddr

Debugs the source IP address.

rpAddr

Debugs the specified rendezvous point RP address.

Platforms

All

sa-mac

sa-mac

Syntax

sa-mac ieee-address da-mac ieee-address

no sa-mac

Context

[Tree] (config>mirror>mirror-dest>sap>egress>ip-mirror sa-mac)

Full Context

configure mirror mirror-dest sap egress ip-mirror sa-mac

Description

This command configures the source and destination MAC addresses for IP mirroring.

The no form of this command reverts to the default.

Parameters

sa-mac ieee-address

Specifies the source MAC address. Multicast, Broadcast and zeros are not allowed.

da-mac ieee-address

Specifies the destination MAC address. Zeros are not allowed.

Platforms

All

sa-timeout

sa-timeout

Syntax

sa-timeout seconds

no sa-timeout

Context

[Tree] (config>service>vprn>msdp sa-timeout)

Full Context

configure service vprn msdp sa-timeout

Description

This command configures the value for the SA entries in the cache. If these entries are not refreshed within the timeout value, they are removed from the cache. Normally, the entries are refreshed at least once a minute. But under high load with many of MSDP peers, the refresh cycle could be incomplete. A higher timeout value (more then 90) could be useful to prevent instabilities in the MSDP cache.

Default

90

Parameters

seconds

Specifies the time, in seconds, to wait for a response from the peer before declaring the peer unavailable.

Values

90 to 600

Platforms

All

sa-timeout

Syntax

sa-timeout seconds

no sa-timeout

Context

[Tree] (config>router>msdp sa-timeout)

Full Context

configure router msdp sa-timeout

Description

This command configures the value for the SA entries in the cache. If these entries are not refreshed within the timeout value, they are removed from the cache. Normally, the entries are refreshed at least once a minute. But under high load with many of MSDP peers, the refresh cycle could be incomplete. A higher timeout value (more than 90) could be useful to prevent instabilities in the MSDP cache.

Default

sa-timeout 90

Parameters

seconds

Specifies the time, in seconds, to wait for a response from the peer before declaring the peer unavailable.

Values

90 to 600

Platforms

All

saa

saa

Syntax

saa

Context

[Tree] (config saa)

Full Context

configure saa

Description

Commands in this context configure the Service Assurance Agent (SAA) tests.

Platforms

All

saa

Syntax

saa test-name [owner test-owner] {start | stop} [no-accounting]

Context

[Tree] (oam saa)

Full Context

oam saa

Description

This command starts or stops an SAA test that is not configured as continuous.

Parameters

test-name

Specifies the name of the SAA test, up to 32 characters. The test name must already be configured in the config>saa>test context.

test-owner

Specifies the owner of an SAA operation, up to 32 characters. If a test-owner value is not specified, the default owner is used.

Default

"TiMOS CLI”

start

Starts the test. A test cannot be started if the same test is still running.

A test cannot be started if it is in a shut-down state. An error message and log event is generated to indicate a failed attempt to start an SAA test run. A test cannot be started if it is in a continuous state.

stop

Stops a test in progress. A test cannot be stopped if it is not in progress. A log message is generated to indicate that an SAA test run has been aborted. A test cannot be stopped if it is in a continuous state.

no-accounting

Disables the recording results in the accounting policy. When specifying no-accounting the MIB record produced at the end of the test is not added to the accounting file. It uses one of the three MIB rows available for the accounting module for collection.

Platforms

All

saii-type2

saii-type2

Syntax

saii-type2 global-id:node-id:ac-id

no saii-type2

Context

[Tree] (config>service>cpipe>spoke-sdp>pw-path-id saii-type2)

[Tree] (config>service>vpls>spoke-sdp>pw-path-id saii-type2)

[Tree] (config>service>epipe>spoke-sdp>pw-path-id saii-type2)

Full Context

configure service cpipe spoke-sdp pw-path-id saii-type2

configure service vpls spoke-sdp pw-path-id saii-type2

configure service epipe spoke-sdp pw-path-id saii-type2

Description

This command configures the Source Individual Attachment Identifier (SAII) for an MPLS-TP spoke-sdp. If this is configured on a spoke-sdp for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke-sdp.

Parameters

global-id

Specifies the global ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.

Values

0 to 4294967295

node-id

Specifies the node ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.

Values

a.b.c.d or 0 to 4294967295

ac-id

Specifies the attachment circuit ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

saii-type2

Syntax

saii-type2 global-id:prefix:ac-id

no saii-type2

Context

[Tree] (config>service>epipe>spoke-sdp-fec saii-type2)

Full Context

configure service epipe spoke-sdp-fec saii-type2

Description

This command configures the source attachment individual identifier for the spoke-sdp. This is only applicable to FEC129 AII type 2.

Parameters

global-id

A Global ID of this router T-PE. This value must correspond to one of the global_id values configured for a local-prefix under config>service>pw-routing>local-prefix context.

Values

1 to 4294967295

prefix

The prefix on this router T-PE that the spoke-sdp SDP is associated with. This value must correspond to one of the prefixes configured under config>service>pw-routing>local-prefix context.

Values

an IPv4-formatted address a.b.c.d or 1 to 4294967295

ac-id

An unsigned integer representing a locally unique identifier for the spoke SDP.

Values

1 to 4294967295

Platforms

All

saii-type2

Syntax

saii-type2 global-id:node-id:ac-id

no saii-type2

Context

[Tree] (config>service>vprn>red-if>spoke-sdp>pw-path-id saii-type2)

[Tree] (config>service>vprn>if>spoke-sdp>pw-path-id saii-type2)

Full Context

configure service vprn redundant-interface spoke-sdp pw-path-id saii-type2

configure service vprn interface spoke-sdp pw-path-id saii-type2

Description

This command configures the source individual attachment identifier (SAII) for an MPLS-TP spoke SDP. If this is configured on a spoke SDP for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke SDP.

Parameters

global-id

Specifies the global ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.

Values

0 to 4294967295

node-id

Specifies the node ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.

Values

a.b.c.d or 1 to 4294967295

ac-id

Specifies the attachment circuit ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn redundant-interface spoke-sdp pw-path-id saii-type2

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp pw-path-id saii-type2

saii-type2

Syntax

saii-type2 global-id:node-id:ac-id

no saii-type2

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp>pw-path-id saii-type2)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>pw-path-id saii-type2)

Full Context

configure mirror mirror-dest spoke-sdp pw-path-id saii-type2

configure mirror mirror-dest remote-source spoke-sdp pw-path-id saii-type2

Description

This command configures the source individual attachment identifier (SAII) for an MPLS-TP spoke SDP. If this is configured on a spoke SDP for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke SDP.

Parameters

global-id

Specifies the global ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.

Values

0 to 4294967295

node-id

Specifies the node ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.

Values

a.b.c.d or 1 to 4294967295

ac-id

Specifies the attachment circuit ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

same-recipnonce-for-pollreq

same-recipnonce-for-pollreq

Syntax

[no] same-recipnonce-for-pollreq

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 same-recipnonce-for-pollreq)

Full Context

configure system security pki ca-profile cmpv2 same-recipnonce-for-pollreq

Description

This command enables the system to use same recipNonce as the last CMPv2 response for poll request.

Default

no same-recipnonce-for-pollreq

Platforms

All

same-recipnonce-for-pollreq

Syntax

[no] same-recipnonce-for-pollreq

Context

[Tree] (config>system>security>pki>ca-profile>cmp2 same-recipnonce-for-pollreq)

Full Context

configure system security pki ca-profile cmp2 same-recipnonce-for-pollreq

Description

This command enables the system to use same recipNonce as the last CMPv2 response for poll request.

The no form of this command disables system to use same recipNonce as the last CMPv2 response for poll request.

Default

no same-recipnonce-for-pollreq

sample-interval

sample-interval

Syntax

sample-interval interval

Context

[Tree] (config>router>rsvp>dbw-accounting sample-interval)

Full Context

configure router rsvp dbw-accounting sample-interval

Description

This command sets the dark bandwidth sample interval to the specified value. Changing this parameter in the course of dark bandwidth accounting restarts the accounting cycle. The user is encouraged to specify values as multiples of 10. Selecting other values may lead to inconsistent estimation of Dark Bandwidth.

Default

sample-interval 30

Parameters

interval

Specifies the sample interval, expressed in seconds.

Values

10 to 600

Platforms

7750 SR, 7750 SR-s, 7950 XRS, VSR

sample-interval

Syntax

sample-interval sample-period

no sample-interval

Context

[Tree] (config>qos>adv-config-policy>child-control>offered-measurement sample-interval)

Full Context

configure qos adv-config-policy child-control offered-measurement sample-interval

Description

This command defines the number of intervening sample periods before a new offered rate is measured and is only applicable when the policy is applied to a policer. By decreasing the sampling interval, the system measures a child’s new offered rate more frequently. Inversely, increasing the sampling interval causes the child’s offered rate to be measured less frequently.

The overall number of offered rate measurements the system attempts within a specified timeframe is not affected by the sample-interval command. If the system is asked to perform offered rate measurements more often on some policers, it takes longer to get to all children.

When this command is not specified or removed, the system evaluates the offered rate of each child after 1 sampling period.

The no form of this command is used to restore the sampling interval default of 1 sample period.

Parameters

sample-period

The sample-periods parameter is specified as a whole number between 1 and 8. The value '1’ represents the fastest sampling rate available and the value '8’ represents the slowest sampling period available.

Default

1

Values

1 to 8

Platforms

All

sample-interval

Syntax

sample-interval interval

Context

[Tree] (config>system>telemetry>persistent-subscriptions>subscription sample-interval)

Full Context

configure system telemetry persistent-subscriptions subscription sample-interval

Description

This command configures the sample interval for persistent subscription.

This sampling interval only applies when the mode command is set to either target-defined or sample.

Default

sample-interval 10000

Parameters

interval

Specifies the sample interval, in milliseconds.

Values

1000 to 4294967295

Platforms

All

sample-multiplier

sample-multiplier

Syntax

sample-multiplier multiplier

Context

[Tree] (config>router>rsvp>dbw-accounting sample-multiplier)

Full Context

configure router rsvp dbw-accounting sample-multiplier

Description

This command sets the dark bandwidth sample interval multiplier to the specified value. Changing this parameter in the course of dark bandwidth accounting restarts the accounting cycle.

Default

sample-multiplier 3

Parameters

multiplier

Specifies the sample interval multiplier, expressed as an integer.

Values

1 to 10

Platforms

7750 SR, 7750 SR-s, 7950 XRS, VSR

sample-profile

sample-profile

Syntax

sample-profile profile-id [create]

no sample-profile profile-id

Context

[Tree] (config cflowd sample-profile)

Full Context

configure cflowd sample-profile

Description

Commands in this context create and define sampling parameters.

The no form of this command removes the associated sample-profile. sample-profile 1 cannot be deleted.

Parameters

profile-id

Specifies the rate profile.

Values

1 to 5

create

Mandatory keyword when creating a sample profile. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

sample-profile

Syntax

sample-profile sample-profile-id

no sample-profile

Context

[Tree] (config filter ip-filter entry sample-profile)

[Tree] (config filter ipv6-filter entry sample-profile)

Full Context

configure filter ip-filter entry sample-profile

configure filter ipv6-filter entry sample-profile

Description

This command allows traffic matching of an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample profile.

This command is only compatible if the associated interface is configured for interface-based sampling and is only supported for ingress sampling.

An IP filter can only specify a single alternate sample profile for cflowd sampling, but that sample profile can be used in multiple entries.

The no form of this command removes the specified sampling profile from the configuration. Cflowd continues to process traffic based on the default or configured interface cflowd sampling profile.

Default

no sample-profile

Parameters

sample-profile-id

Specifies the cflowd sample profile to be used for packets matching this filter entry.

Values

1 to 5

Platforms

All

sample-rate

sample-rate

Syntax

sample-rate [rate]

Context

[Tree] (config>cflowd>sample-profile sample-rate)

Full Context

configure cflowd sample-profile sample-rate

Description

This command defines the cflowd sampling rate for the sample profile ID.

The sample rate indicates that the associated interface samples 1 in N packets for cflowd analysis. Only one rate profile below 1:256 with a specific IOM, IMM, or XMA can be associated.

Default

sample-rate 1000

Parameters

rate

Specifies the rate at which traffic is sampled and forwarded for cflowd analysis.

Values

1 to 60000

Platforms

All

sample-window

sample-window

Syntax

sample-window seconds

no sample-window

Context

[Tree] (config>oam-pm>streaming>delay-template sample-window)

Full Context

configure oam-pm streaming delay-template sample-window

Description

This command specifies the sample window duration in seconds for the template. This configuration option represents time over which the average will be calculated and subsequently streamed.

The no form of this command reverts to the default.

Default

sample-window 60

Parameters

seconds

Specifies the sample window duration.

Values

10 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sample-window

Syntax

sample-window

Context

[Tree] (config>test-oam>link-meas>template sample-window)

Full Context

configure test-oam link-measurement measurement-template sample-window

Description

Commands in this context configure sample window parameters to be used when the measurement-template is assigned to an IP interface. The sample window is the collection of individual probe results, over a defined period.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sampling

sampling

Syntax

sampling {unicast | multicast} type {acl | interface} [direction { ingress-only | egress-only | both}] [sample-profile [profile-id]]

no sampling {unicast | multicast}

Context

[Tree] (config>service>vprn>if>cflowd-parameters sampling)

[Tree] (config>service>vprn>nw-if>cflowd-parameters sampling)

[Tree] (config>service>ies>sub-if>grp-if>cflowd-parameters sampling)

[Tree] (config>service>vprn>sub-if>grp-if>cflowd-parameters sampling)

[Tree] (config>service>ies>if>cflowd-parameters sampling)

Full Context

configure service vprn interface cflowd-parameters sampling

configure service vprn network-interface cflowd-parameters sampling

configure service ies subscriber-interface group-interface cflowd-parameters sampling

configure service vprn subscriber-interface group-interface cflowd-parameters sampling

configure service ies interface cflowd-parameters sampling

Description

This command enables and configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately. If sampling is not configured for either unicast or multicast traffic, then that type of traffic will not be sampled.

If cflowd is enabled without either egress-only or both keywords specified or with the ingress-only keyword specified, then only ingress sampling is enabled on the associated IP interface.

The no form of this command disables the associated type of traffic sampling.

Parameters

unicast | multicast

Specifies unicast or multicast sampling.

type

Specifies the cflowd sampling type on the specific virtual router interface.

Values

acl — Specifies ACL cflowd analysis be applied to the specified virtual router interface.

interface — Specifies interface cflowd analysis be applied to the specified virtual router interface

direction

Specifies the direction of the cflowd analysis that is applied to the specified virtual router interface.

Values

ingress-only — Specifies an ingress only direction of the cflowd analysis be applied to the specified virtual router interface.

egress-only — Specifies an egress only direction of the cflowd analysis be applied to the specified virtual router interface.

both — Specifies both ingress and egress direction of the cflowd analysis be applied to the specified virtual router interface.

profile-id

Defines the sampling rate profile to be associated with this interface.

Values

1 to 5

Platforms

All

  • configure service vprn interface cflowd-parameters sampling
  • configure service vprn network-interface cflowd-parameters sampling
  • configure service ies interface cflowd-parameters sampling

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface cflowd-parameters sampling
  • configure service vprn subscriber-interface group-interface cflowd-parameters sampling

sampling

Syntax

sampling {unicast | multicast} type {acl | interface} [direction { ingress-only | egress-only | both}] [sample-profile profile]

no sampling {unicast | multicast}

Context

[Tree] (config>router>if>cflowd-parameters sampling)

Full Context

configure router interface cflowd-parameters sampling

Description

This command enables and configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately. If sampling is not configured for either unicast or multicast traffic, then that type of traffic will not be sampled.

If cflowd is enabled without either egress-only or both specified or with the ingress-only keyword specified, then only ingress sampling will be enabled on the associated IP interface.

The no form of this command disables the associated type of traffic sampling on the associated interface.

Default

no sampling

Parameters

unicast

Specifies that the sampling command will control the sampling of unicast traffic on the associated interface/SAP.

multicast

Specifies that the sampling command will control the sampling of multicast traffic on the associated interface/SAP.

type

Specifies whether the traffic sampling is based on an acl match, or all traffic entering or exiting the associated interface.

Values

acl — Specifies that the sampled traffic is controlled via an IP traffic filter entry with the action "filter-sample” configured.

interface — Specifies that all traffic entering or exiting the interface is subject to sampling.

direction

Specifies the direction to collect traffic flow samples.

Values

ingress-only — Enables ingress sampling only on the associated interface.

egress-only — Enables egress sampling only on the associated interface.

both — Enables both ingress and egress cflowd sampling.

profile

Specifies the sampling profile to be associated with this interface.

Values

1 to 5

Platforms

All

sampling-rate

sampling-rate

Syntax

sampling-rate sampling-rate

no sampling-rate

Context

[Tree] (config>mirror>mirror-dest sampling-rate)

Full Context

configure mirror mirror-dest sampling-rate

Description

This command configures the packet sampling rate for mirrored traffic and is supported with config and debug mirror sources. The sampling rate is common to all endpoints on a specified line card FP per mirror destination service.

The no form of this command disables the packet sampling rate for mirrored traffic.

Default

no sampling-rate

Parameters

sampling-rate

Specifies the sampling rate.

Values

256 to 100000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sap

sap

Syntax

sap sap-id [split-horizon-group group-name] [create] [capture-sap] [eth-ring ring-index]

sap sap-id [split-horizon-group group-name] [create] [capture-sap] [eth-ring ring-index] leaf-ac

sap sap-id [split-horizon-group group-name] [create] [capture- sap] [eth-ring ring-index] root-leaf-tag leaf-tag leaf-tag

no sap sap-id

Context

[Tree] (config>service>vpls sap)

Full Context

configure service vpls sap

Description

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the 7450 ESS or 7750 SR. Each SAP must be unique. All SAPs must be explicitly created within a service or on an IP interface.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the configure port port-id ethernet mode access command. Channelized TDM ports are always access ports (TDM applies to the 7750 SR only).

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service is discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted. For Internet Ethernet Service (IES), the IP interface must be shut down before the SAP on that interface may be removed.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

port-id

Specifies the physical port ID in the slot/mda/port format.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number [.channel] format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels, the port ID must include the channel ID. A period ".” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

group-name

Specifies the name of the split horizon group to which the SAP belongs. This parameter applies to the 7450 ESS or 7750 SR only.

capture-sap

Specifies a capturing SAP in which triggering packets are sent to the CPM. Non-triggering packets captured by the capture SAP are dropped. This parameter applies to the 7450 ESS or 7750 SR only.

create

Keyword used to create a SAP instance. The create keyword requirement can be enabled or disabled in the environment>create context.

root-leaf-tag

Specifies a SAP as a root leaf tag SAP. Only SAPs of the form dot1q (for example, 1/1/1:X) or qinq (for example, 1/1/1:X.Y, 1/1/1:X.*) are supported. The default E-Tree SAP type is a root AC, if root-leaf-tag (or leaf-ac) is not specified at SAP creation. This option is only available when the VPLS is designated as an E-Tree VPLS.

leaf-tag-vid

Specifies to replace the outer SAP-ID for leaf traffic. The leaf tag VID is only significant between peering VPLS but the values must be consistent on each end.

leaf-ac

Specifies a SAP as a leaf access (AC) SAP. The default E-Tree SAP type is root AC if leaf-ac (or root-leaf-tag) is not specified at SAP creation. This option is only available when the VPLS is designated as an E-Tree VPLS.

Platforms

All

sap

Syntax

[no] sap sap-id

Context

[Tree] (config>service>vpls>pbb>backbone-vpls sap)

Full Context

configure service vpls pbb backbone-vpls sap

Description

This command configures attributes of a SAP on the B-VPLS service.

Platforms

All

sap

Syntax

sap sap-id [create] [no-endpoint]

sap sap-id [create] endpoint endpoint-name

no sap sap-id

Context

[Tree] (config>service>ipipe sap)

[Tree] (config>service>cpipe sap)

[Tree] (config>service>epipe sap)

Full Context

configure service ipipe sap

configure service cpipe sap

configure service epipe sap

Description

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the device. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port. Channelized TDM ports are always access ports.

If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded.

The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

Ethernet SAPs support null, dot1q, and qinq is supported for all routers.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted. For Internet Enhanced Service (IES), the IP interface must be shutdown before the SAP on that interface may be removed.

By default, no SAPs are defined.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP.

port-id

Specifies the physical port ID.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels, the port ID must include the channel ID. A period ".” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

endpoint

Adds a SAP endpoint association.

no endpoint

Removes the association of a SAP or a spoke SDP with an explicit endpoint name.

create

Keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

All

  • configure service epipe sap
  • configure service ipipe sap

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap

Output

The following output is an example of VLL SAP information.

Output Example
*A:bksim2801>config>service>apipe>sap$ 
=================================================================
ATM PVCs, Port 1/1/1 
=================================================================
VPI/VCI     Owner     Type     Ing.TD   Egr.TD  Adm  OAM     Opr 
-----------------------------------------------------------------
2/102      SAP       PVC       1        1       up   ETE-AIS dn 
10/100     SAP       PVC       1        1       up   ETE-AIS dn 
=================================================================
*A:bksim2801# 
*A:test>config>service>epipe 200 name "200" customer 1 info detail
=================================================================
            sap 1/1/c5/1:200.200 create
                no shutdown
            exit
            sap pw-21:200.200 create
                no shutdown
            exit
            no shutdown
        exit
    exit
=================================================================

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

[Tree] (config>service>ies>sub-if>grp-if sap)

[Tree] (config>service>vprn>if sap)

[Tree] (config>service>vprn>sub-if>grp-if sap)

[Tree] (config>service>ies sap)

[Tree] (config>service>vprn sap)

[Tree] (config>service>ies>if sap)

Full Context

configure service ies subscriber-interface group-interface sap

configure service vprn interface sap

configure service vprn subscriber-interface group-interface sap

configure service ies sap

configure service vprn sap

configure service ies interface sap

Description

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the configure port port-id ethernet mode access command. For the 7750 SR, channelized TDM ports are always access ports.

If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

Note:

Configure an IES interface as a loopback interface by issuing the loopback command instead of the sap sap-id command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted. For Internet Enhanced Service (IES), the IP interface must be shutdown before the SAP on that interface may be removed. The no form of this command causes the ptp-hw-assist to be disabled.

Default

No SAPs are defined.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

port-id

Specifies the physical port ID in the slot/mda/port format.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 61/2/3 specifies port 3 on MDA 2 in slot 61.

Table 1. Port ID Syntax

null

port-id | lag-id

dot1q

{port-id | lag-id}:{qtag1 | cp-conn-prof-id

qinq

{port-id | lag-id}:{qtag1 | cp-conn-prof-id}.{qtag2 | cp-conn-prof-id}

cp: keyword

conn-prof-id: 1 to 8000

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat: keyword

id: 1 to20

pxc-id

psc-id.sub-port

pxc psc-id.sub-port

pxc: keyword

id: 1 to 64

sub-port: a, b

lag-id

lag-id

lag: keyword

id: 1 to 800

qtag1

0 to 4094

qtag2

* | null | 0 to 4094

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels (7750 SR), the port ID must include the channel ID. A period ".” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

create

Keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface sap
  • configure service ies subscriber-interface group-interface sap

All

  • configure service vprn sap
  • configure service vprn interface sap
  • configure service ies interface sap
  • configure service ies sap

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

[Tree] (config>service>vprn>sub-if>grp-if sap)

Full Context

configure service vprn subscriber-interface group-interface sap

Description

This command creates a SAP for the interface.

The no form of this command removes the SAP.

Parameters

sap-id

Specifies the SAP ID.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>ppp sap)

Full Context

debug service id ppp sap

Description

This command enables PPP debug output for the specified SAP, this command allow multiple instances.

The no form of this command disables debugging.

Parameters

sap-id

Specifies the SAP ID.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap

Syntax

sap sap-id

no sap

Context

[Tree] (config>service>vpls>site sap)

Full Context

configure service vpls site sap

Description

This command configures a SAP for the site.

The no form of this command removes the SAP ID from the configuration.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition

Platforms

All

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>mrp sap)

Full Context

debug service id mrp sap

Description

This command filters debug events and only shows events for the particular SAP.

The no form of this command removes the debug filter.

Parameters

sap-id

The SAP ID.

Platforms

All

sap

Syntax

sap sap-id

no sap

Context

[Tree] (config>service>epipe>site sap)

Full Context

configure service epipe site sap

Description

This command configures a SAP for the site.

The no form of this command removes the SAP ID from the configuration.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

Platforms

All

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>dhcp sap)

[Tree] (debug>service>id sap)

[Tree] (debug>service>id>stp sap)

Full Context

debug service id dhcp sap

debug service id sap

debug service id stp sap

Description

This command enables STP debugging for a specific SAP.

The no form of the command disables debugging.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

Platforms

All

sap

Syntax

sap [split-horizon-group group-name] [create] [capture-sap]

no sap sap-id

Context

[Tree] (config>service>vpls>mac-move>secondary-ports sap)

[Tree] (config>service>vpls>mac-move>primary-ports sap)

Full Context

configure service vpls mac-move secondary-ports sap

configure service vpls mac-move primary-ports sap

Description

This command declares a specified SAP as a primary (or secondary) VPLS port.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition

Platforms

All

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>arp-host sap)

Full Context

debug service id arp-host sap

Description

This command displays ARP host events for a particular SAP.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>igmp-snooping sap)

Full Context

debug service id igmp-snooping sap

Description

This command shows IGMP packets for a specific SAP.

The no form of this command disables the debugging for the SAP.

Platforms

All

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>mld sap)

Full Context

debug service id mld-snooping sap

Description

This command shows MLD packets for a specific SAP.

The no form of this command disables the debugging for the SAP.

Platforms

All

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>host-connectivity-verify sap)

Full Context

debug service id host-connectivity-verify sap

Description

This command displays Subscriber Host Connectivity Verification (SHCV) events for a particular SAP.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap

Syntax

sap card/mda/aa-svc:vlan [create]

no sap

Context

[Tree] (config>service>vprn>aa-if sap)

Full Context

configure service vprn aa-interface sap

Description

This commands specifies which ISA card and which VLAN is used by a specified AA Interface.

Default

no sap

Parameters

card/mda/aa-svc:vlan

Specifies the AA ISA card slot/port and VLAN information.

create

Keyword used to create the AARP instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

[Tree] (config>service>ies>aa-interface sap)

[Tree] (config>service>vprn>aa-interface sap)

Full Context

configure service ies aa-interface sap

configure service vprn aa-interface sap

Description

This command configures the AA interface SAP.

Parameters

sap-id

specifies the physical port identifier portion of the SAP definition.

create

creates the SAP instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sap

Syntax

sap sap-id [create] [no-endpoint]

sap sap-id [create] endpoint name

no sap

Context

[Tree] (config>mirror>mirror-dest sap)

Full Context

configure mirror mirror-dest sap

Description

This command creates a service access point (SAP) within a mirror destination service. The SAP is owned by the mirror destination service ID.

The SAP is defined with port and encapsulation parameters to uniquely identify the (mirror) SAP on the interface and within the box. The specified SAP may be defined on an Ethernet access port with a dot1q, null, or q-in-q encapsulation type.

Only one SAP can be created within a mirror-dest service ID. If the defined SAP has not been created on any service within the system, the SAP is created and the context of the CLI will change to the newly created SAP. In addition, the port cannot be a member of a multi-link bundle, APS group or IMA bundle.

If the defined SAP exists in the context of another service ID, mirror-dest or any other type, an error is generated.

Mirror destination SAPs can be created on Ethernet interfaces that have been defined as an access interface. If the interface is defined as network, the SAP creation returns an error.

When the no form of this command is used on a SAP created by a mirror destination service ID, the SAP with the specified port and encapsulation parameters is deleted.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

no-endpoint

Removes the association of a SAP or a sdp with an explicit endpoint name.

name

Specifies the name of the endpoint associated with the SAP.

Platforms

All

sap

Syntax

sap sap-id {[egress] [ingress]}

no sap sap-id [egress] [ingress]

Context

[Tree] (config>mirror>mirror-source sap)

Full Context

configure mirror mirror-source sap

Description

This command enables mirroring of traffic ingressing or egressing a service access port (SAP). A SAP that is defined within a mirror destination cannot be used in a mirror source. The mirror source SAP referenced by the sap-id is owned by the service ID of the service in which it was created. The SAP is only referenced in the mirror source name for mirroring purposes. The mirror source association does not need to be removed before deleting the SAP from its service ID. If the SAP is deleted from its service ID, the mirror association is removed from the mirror source.

More than one SAP can be associated within a single mirror-source. Each SAP has its own ingress and egress parameter keywords to define which packets are mirrored to the mirror destination.

The SAP must be valid and properly configured. If the associated SAP does not exist, an error occurs and the command will not execute.

The same SAP cannot be associated with multiple mirror source definitions for ingress packets.

The same SAP cannot be associated with multiple mirror source definitions for egress packets.

If a particular SAP is not associated with a mirror source name, then that SAP will not have mirroring enabled for that mirror source.

Note that the ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts (applies to the 7750 SR and 7950 XRS).

The no form of this command disables mirroring for the specified SAP. All mirroring for that SAP on ingress and egress is terminated. Mirroring of packets on the SAP can continue if more specific mirror criteria is configured. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition is removed.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

egress

Specifies that packets egressing the SAP should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination before the ingress packet modification.

Platforms

All

sap

Syntax

sap sap-id {[ingress] [egress]}

no sap sap-id [ingress] [egress]

Context

[Tree] (config>li>li-source sap)

Full Context

configure li li-source sap

Description

This command creates a service access point (SAP) within an LI configuration. The specified SAP must define a FastE, GigE, or XGigE, or XGigE access port with a dot1q, null, or q-in-q encapsulation type.

When the no form of this command is used on a SAP, the SAP with the specified port and encapsulation parameters is deleted.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

egress

Specifies that the router perform lawful intercept on egress traffic. Packets egressing the SAP are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that the router perform lawful intercept on ingress traffic. Packets ingressing the SAP are mirrored to the mirror destination before ingress packet modification.

Platforms

All

sap

Syntax

sap sap-id {[egress] [ingress]}

no sap sap-id [egress] [ingress]

Context

[Tree] (debug>mirror-source sap)

Full Context

debug mirror-source sap

Description

This command enables mirroring of traffic ingressing or egressing a service access port (SAP). A SAP that is defined within a mirror destination cannot be used in a mirror source. The mirror source SAP referenced by the sap-id is owned by the service ID of the service in which it was created. The SAP is only referenced in the mirror source name for mirroring purposes. The mirror source association does not need to be removed before deleting the SAP from its service ID. If the SAP is deleted from its service ID, the mirror association is removed from the mirror source.

More than one SAP can be associated within a single mirror-source. Each SAP has its own ingress and egress parameter keywords to define which packets are mirrored to the mirror destination.

The SAP must be valid and properly configured. If the associated SAP does not exist, an error occurs and the command does not execute.

The same SAP cannot be associated with multiple mirror source definitions for ingress packets.

The same SAP cannot be associated with multiple mirror source definitions for egress packets.

If a particular SAP is not associated with a mirror source name, then that SAP does not have mirroring enabled for that mirror source.

Note that the ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts (applies to the 7750 SR and 7950 XRS).

The no form of this command disables mirroring for the specified SAP. All mirroring for that SAP on ingress and egress is terminated. Mirroring of packets on the SAP can continue if more specific mirror criteria is configured. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition is removed.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

egress

Specifies that packets egressing the SAP should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination before the ingress packet modification.

Platforms

All

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

[Tree] (config>system>satellite>local-forward sap)

Full Context

configure system satellite local-forward sap

Description

This command configures a Service Access Point (SAP) used in satellite local forward instances defined in the system.

The no form of this command removes the satellite access point from the local-forward instance.

Parameters

eth-sat-id

Specifies the satellite access point in the local-forward instance in the esat-id/slot/port format.

Values

esat

keyword

id

1 to 20

lag-id

Specifies the LAG identifier, expressed as an integer,

Values

lag

keyword

id

1 to 800

qtag1

Specifies the qtag value.

Values

1 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sap-egress

sap-egress

Syntax

sap-egress {policy-id | policy-name} [create] [name name]

no sap-egress {policy-id | policy-name}

Context

[Tree] (config>qos sap-egress)

Full Context

configure qos sap-egress

Description

This command is used to create or edit a Service Egress QoS policy. The egress policy defines the SLA for service packets as they egress on the SAP.

Policies are templates that can be applied to multiple services as long as the scope of the policy is template. The queues defined in the policy are not instantiated until a policy is applied to a service.

Sap-egress policies determine queue mappings based on ingress DSCP, IP precedence, dot1p, and IPv4 or IPv6 match criteria. Multiple queues can be created per forwarding class and each queue can have different CIR or PIR parameters.

Egress SAP QoS policies allow the definition of queues and the mapping of forwarding classes to those queues. Each queue needs to have a relative CIR for determining its allocation of QoS resources during periods of congestion. A PIR can also be defined that forces a hard limit on the packets transmitted through the queue. When the forwarding class is mapped to the queue, a DSCP, IP precedence, or dot1p value can optionally be specified.

The sap-egress policy with policy-id 1 is the default sap-egress QoS policy and is applied to service egress SAPs when an explicit policy is not specified or removed. The default sap-egress policy cannot be modified or deleted.

By default, all forwarding classes map to queue 1.

Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all egress SAPs where this policy is applied. For this reason, when many changes are required on a policy, it is highly recommended that the policy be copied to a work area policy-id. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config qos copy command to maintain policies in this manner.

The no form of this command deletes the sap-egress policy. A policy cannot be deleted until it is removed from all service SAPs where it is applied. When a sap-egress policy is removed from a SAP, the SAP will revert to the default sap-egress policy-id 1.

Parameters

policy-id

The policy-id uniquely identifies the policy on the router.

Values

1 to 65535

policy-name

The policy-name uniquely identifies the policy.

Values

64 characters maximum.

create

Required parameter when creating a SAP QoS egress policy.

name

Configures an optional policy name which adds a name identifier to a specific policy to then use that policy name in configuration references as well as display and use policy names in show commands throughout the system. This helps the service provider or administrator to identify and manage sap-egress policies within the SR OS platforms.

All sap-egress policies are required to assign a policy ID to initially create a policy. However, either the policy ID or the policy name can be used to identify and reference a specific policy once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the policy-id as the name.

Values

64 characters maximum

Platforms

All

sap-egress

Syntax

sap-egress src-pol dst-pol [overwrite]

Context

[Tree] (config>qos>copy sap-egress)

Full Context

configure qos copy sap-egress

Description

This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, an error will occur if the destination policy ID exists.

Example:
    — SR>config>qos# copy sap-egress 1 1010
    — MINOR: CLI Destination "1010" exists use {overwrite}.
    — SR>config>qos# copy sap-egress 1 1010 overwrite
src-pol dst-pol

Indicates that the source policy ID and the destination policy ID are SAP egress policy IDs. Specify the source policy ID that the copy command will attempt to copy from and specify the destination policy ID to which the command will copy a duplicate of the policy.

Values

1 to 65535

Platforms

All

sap-host-limit

sap-host-limit

Syntax

sap-host-limit max-num-hosts-sap

no sap-host-limit

Context

[Tree] (config>service>vprn>sub-if>grp-if>arp-host sap-host-limit)

[Tree] (config>service>ies>sub-if>grp-if>arp-host sap-host-limit)

Full Context

configure service vprn subscriber-interface group-interface arp-host sap-host-limit

configure service ies subscriber-interface group-interface arp-host sap-host-limit

Description

This command configures the maximum number of ARP hosts per SAP.

The no form of this command reverts to the default.

Default

sap-host-limit 1

Parameters

max-num-hosts-sap

Specifies the maximum number of ARP hosts per SAP allowed on this interface.

Note:

The operational maximum value may be smaller because of equipped hardware dependencies.

Values

1 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-id

sap-id

Syntax

sap-id sap-id

no sap-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident sap-id)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-identification sap-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification sap-id

configure subscriber-mgmt local-user-db ppp host host-identification sap-id

Description

This command specifies the SAP ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the SAP-ID is matched against the Nokia vendor-specific sub-option in DHCP Option 82.

Note:

This command is used only when sap-id is configured as one of the match-list parameters.

The no form of this command removes the SAP ID from the configuration.

Parameters

sap-id

Specifies a SAP ID, up to 255 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-id

Syntax

[no] sap-id

Context

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor sap-id)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor sap-id)

[Tree] (config>service>vpls>sap>dhcp>option>vendor sap-id)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor sap-id)

[Tree] (config>service>vprn>if>dhcp>option>vendor sap-id)

Full Context

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option sap-id

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option sap-id

configure service vpls sap dhcp option vendor-specific-option sap-id

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option sap-id

configure service vprn interface dhcp option vendor-specific-option sap-id

Description

This command enables the sending of the SAP ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the SAP ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option sap-id
  • configure service ies subscriber-interface group-interface dhcp option vendor-specific-option sap-id
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option sap-id

All

  • configure service vpls sap dhcp option vendor-specific-option sap-id
  • configure service vprn interface dhcp option vendor-specific-option sap-id

sap-id

Syntax

sap-id sap-string

no sap-id

Context

[Tree] (config>service>dynsvc>ladb>user>idx sap-id)

Full Context

configure service dynamic-services local-auth-db user-name index sap-id

Description

This command specifies the dynamic data service SAP that is created. A dynamic service SAP ID uniquely identifies a dynamic data service instance. For a local authenticated dynamic service data trigger, one of the dynamic service SAP IDs must be the data trigger SAP.

The no form of this command removes the sap-id from the configuration.

Parameters

sap-string

Specifies a string representing the dynamic service SAP ID (only SAPs on Ethernet ports and LAGs are valid), up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-ingress

sap-ingress

Syntax

sap-ingress {policy-id | policy-name} [create] [name name]

no sap-ingress {policy-id | policy-name}

Context

[Tree] (config>qos sap-ingress)

Full Context

configure qos sap-ingress

Description

This command is used to create or edit the ingress policy. The ingress policy defines the SLA enforcement that service packets receive as they ingress a SAP. SLA enforcement is accomplished through the definition of queues that have Forwarding Class (FC), Fair Information Rate (FIR), Committed Information Rate (CIR), Peak Information Rate (PIR), Committed Burst Size (CBS), and Maximum Burst Size (MBS) characteristics.

Policies in effect are templates that can be applied to multiple services as long as the scope of the policy is template. Queues defined in the policy are not instantiated until they are assigned to at least one forwarding class and a policy is applied to a service SAP.

It is possible that a SAP ingress policy will include the dscp map command, the dot1p map command, and an IP or MAC match criteria. When multiple matches occur for the traffic, the order of precedence will be used to arrive at the final action. The order of precedence is as follows:

  1. 802.1p bits

  2. DSCP

  3. IP quintuple or MAC headers

The SAP ingress policy with policy-id 1 is a system-defined policy applied to services when no other policy is explicitly specified. The system SAP ingress policy cannot be modified or deleted. The default SAP ingress policy defines one unicast and one multipoint queue associated with all forwarding classes, with an FIR of zero, a CIR of zero, and a PIR of line rate.

Any changes made to the existing policy, using any of the sub-commands, are applied immediately to all services where this policy is applied. For this reason, when many changes are required on a policy, it is recommended that the policy be copied to a work area policy ID. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config>qos>copy command to maintain policies in this manner.

The no form of this command deletes the SAP ingress policy. A policy cannot be deleted until it is removed from all services where it is applied.

Parameters

policy-id

The policy-id uniquely identifies the policy.

Values

1 to 65535

policy-name

The policy-name uniquely identifies the policy.

Values

64 characters maximum

create

Required parameter when creating a SAP QoS ingress policy.

name name

Configures an optional policy name which adds a name identifier to a specific policy to then use that policy name in configuration references as well as display and use policy names in show commands throughout the system. This helps the service provider and administrator to identify and manage sap-ingress policies within the SR OS platforms.

All sap-ingress policies are required to assign a policy ID to initially create a policy. However, either the policy ID or the policy name can be used to identify and reference a specific policy after it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the policy-id as the name.

Values

64 characters

Platforms

All

sap-ingress

Syntax

sap-ingress src-pol dst-pol [overwrite]

Context

[Tree] (config>qos>copy sap-ingress)

Full Context

configure qos copy sap-ingress

Description

This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, an error will occur if the destination policy ID exists.

Example:
    — SR>config>qos# copy sap-egress 1 1010
    — MINOR: CLI Destination "1010" exists use {overwrite}.
    — SR>config>qos# copy sap-egress 1 1010 overwrite
src-pol dst-pol

Indicates that the source policy ID and the destination policy ID are SAP ingress policy IDs. Specify the source policy ID that the copy command will attempt to copy from and specify the destination policy ID to which the command will copy a duplicate of the policy.

Values

1 to 65535

Platforms

All

sap-limit

sap-limit

Syntax

sap-limit [limit]

no sap-limit

Context

[Tree] (config>service>dynsvc>policy sap-limit)

Full Context

configure service dynamic-services dynamic-services-policy sap-limit

Description

This command specifies a limit for the number of dynamic data service instances (SAPs) that can be setup simultaneously using a specific dynamic services policy.

A value of zero (0) means the policy is drained: existing dynamic data services can be modified and torn down but no new dynamic data services can be setup.

Default

sap-limit 1

Parameters

limit

Specifies the number of dynamic data service SAPs that can be setup simultaneously using this dynamic services policy.

Values

0 to 131072

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-parameters

sap-parameters

Syntax

sap-parameters

Context

[Tree] (config>service>vprn>sub-if>grp-if sap-parameters)

[Tree] (config>service>ies>sub-if>grp-if sap-parameters)

Full Context

configure service vprn subscriber-interface group-interface sap-parameters

configure service ies subscriber-interface group-interface sap-parameters

Description

Commands in this context configure parameters that can be applied to automatically-generated internal SAPs.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

sap-session-index

sap-session-index

Syntax

[no] sap-session-index

Context

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute sap-session-index)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute sap-session-index

Description

This command includes sap-session-index attributes.

The no form of this command excludes sap-session-index attributes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-session-limit

sap-session-limit

Syntax

sap-session-limit sap-session-limit

no sap-session-limit

Context

[Tree] (config>service>vprn>sub-if>grp-if>pppoe sap-session-limit)

[Tree] (config>service>ies>sub-if>grp-if>pppoe sap-session-limit)

Full Context

configure service vprn subscriber-interface group-interface pppoe sap-session-limit

configure service ies subscriber-interface group-interface pppoe sap-session-limit

Description

This command specifies the number of PPPoE hosts per SAP allowed for this group-interface.

The no form of this command reverts to the default.

Default

sap-session-limit 1

Parameters

sap-session-limit

Specifies the number of PPPoE hosts per SAP allowed.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

1 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-session-limit

Syntax

sap-session-limit sap-session-limit

no sap-session-limit

Context

[Tree] (config>service>ies>sub-if>grp-if>ipoe-session sap-session-limit)

[Tree] (config>service>vprn>sub-if>grp-if>ipoe-session sap-session-limit)

Full Context

configure service ies subscriber-interface group-interface ipoe-session sap-session-limit

configure service vprn subscriber-interface group-interface ipoe-session sap-session-limit

Description

This command specifies the number of IPoE sessions per SAP allowed for this group-interface.

The no form of this command reverts to the default.

Default

sap-session-limit 1

Parameters

sap-session-limit

Specifies the number of allowed IPoE sessions.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

1 to 131071 131071 on wlan-gw group interfaces

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-template

sap-template

Syntax

sap-template sap-template

no sap-template

Context

[Tree] (config>service>vpls>wlan-gw sap-template)

Full Context

configure service vpls wlan-gw sap-template

Description

This command specifies the VPLS SAP template that is applied on the internal SAPs created for communication between the VPLS and the ISAs.

The no form of this command removes the SAP template.

Parameters

sap-template

Specifies the existing SAP template to apply. The template is created in the config>service>template context.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

sap-template

Syntax

sap-template name [create]

no sap-template name

Context

[Tree] (config>subscr-mgmt sap-template)

Full Context

configure subscriber-mgmt sap-template

Description

This command configures a template that specifies parameters for automatically generated subscriber SAPs, for example, when creating CUPS sessions. A template with the name "default" is used if no specific name is provided, but this must be manually provisioned.

The no form of this command removes the template.

Parameters

name

Specifies the name of the PFCP association, up to 32 characters.

create

Keyword used to create the SAP template.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sap-template-binding

sap-template-binding

Syntax

sap-template-binding name/id

no sap-template-binding

Context

[Tree] (config>service>vpls>vpls-group sap-template-binding)

Full Context

configure service vpls vpls-group sap-template-binding

Description

This command configures the binding to a SAP template to be used to instantiate SAPs in the data VPLS using as input variables the VLAN IDs generated by the vid-range command.

The no form of this command removes the binding and deletes the related SAP instances. The command will fail if any of the affected VPLS instances have either a provisioned SAP or an active MVRP declaration/registration or if the related vpls-group is in no shutdown state. Any changes to the sap-template-binding require the vpls-group to be in shutdown state. New control SAP additions to the management VPLS are allowed as long as data VPLS instantiations/removals for vpls-groups are not in progress. Control SAPs can be removed at any time generating the removal of related data SAPs from the data VPLS. The shutdown or no shutdown state for the control SAPs does not have any effect on data SAPs instantiated with this command.

Default

no sap-template-binding

Parameters

name

Specifies the name of the VPLS template

Values

ASCII character string

id

Specifies the ID of the VPLS template

Values

1 to 8196

Platforms

All

saps

saps

Syntax

saps {qset-size size | non-shaper-queues}

Context

[Tree] (config>qos>fp-resource-policy>aggregate-shapers>queue-sets>default-size saps)

Full Context

configure qos fp-resource-policy aggregate-shapers queue-sets default-size saps

Description

This command configures the default queue-set size for SAPs.

Parameters

size

Specifies the size of the queue sets.

Values

2 to 8

non-shaper-queues

Specifies that subscribers will not use hardware aggregate shapers on FPs where the FP resource policy is applied.

Platforms

7750 SR-1, 7750 SR-s

sat-type

sat-type

Syntax

sat-type sat-type [port-template template-name]

no sat-type

Context

[Tree] (config>system>satellite>eth-sat sat-type)

[Tree] (config>system>satellite>tdm-sat sat-type)

Full Context

configure system satellite eth-sat sat-type

configure system satellite tdm-sat sat-type

Description

This command configures the type of satellite variant for the associated satellite chassis.

The no form of the command deletes the sat-type configuration.

Default

no sat-type

Parameters

sat-type

Specifies the satellite type. Configuration of the following variants is supported:

es24-1gb-sfp

Specifies the 24xGE (SFP) + 4x10GE Ethernet satellite.

es48-1gb-sfp

Specifies the 48xGE (SFP) + 4x10GE Ethernet satellite.

es24-sass-1gb-sfp

Specifies the SAS-S 24xGE (SFP) + 4x10GE Ethernet satellite.

es48-sass-1gb-sfp

Specifies the SAS-S 48xGE (SFP) + 4x10GE Ethernet satellite.

es24-1gb-tx

Specifies the 24xGE (copper) + 4x10GE Ethernet satellite.

es48-1gb-tx

Specifies the 48xGE (copper) + 4x10GE Ethernet satellite.

es24-1gb-tx

Specifies the 24-port copper + PoE Ethernet satellite.

es48-1gb-tx

Specifies the 48-port copper + PoE Ethernet satellite.

es64-10gb-sfpp+4-100gb-cfp4

Specifies the 64x10GE + 4x100GE Ethernet satellite.

es64-10gb-sfpp+4-100gb-qsfp28

Specifies the 64x10GE + 4xQSFP28 Ethernet satellite.

es24-sasmxp-1gb-sfp

Specifies the 7210 SAS-Mxp as an ethernet satellite.

ts4-choc3-sfp

Specifies the 4-port OC3 TDM satellite.

ts4-chstm1-sfp

Specifies the 4-port STM1 TDM satellite.

ts1-choc12-sfp

Specifies the 1-port OC12 TDM satellite.

ts1-chstm4-sfp

Specifies the 1-port STM4 TDM satellite.

template-name

Specifies the name for the associated port template.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure system satellite eth-sat sat-type

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure system satellite tdm-sat sat-type

satellite

satellite

Syntax

satellite

Context

[Tree] (config>system satellite)

Full Context

configure system satellite

Description

This command enables the satellite configuration context. Within the satellite context, the administrator can specify the configuration details for a satellite chassis that is hosted by the associated local system.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

satellite

Syntax

satellite

Context

[Tree] (admin satellite)

Full Context

admin satellite

Description

This command performs satellite operations.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

save

save

Syntax

save

Context

[Tree] (config>li save)

Full Context

configure li save

Description

This command is required to save LI configuration parameters.

Platforms

All

save

Syntax

save [cflash-id]

Context

[Tree] (bof save)

Full Context

bof save

Description

This command uses the boot option parameters currently in memory and writes them from the boot option file to the specified compact flash.

The BOF must be located in the root directory of the internal or external compact flash drives local to the system and have the mandatory filename of bof.cfg.

If a location is not specified, the BOF is saved to the default compact flash drive (cf3:) on the active CPM (typically the CPM in slot A, but the CPM in slot B could also be acting as the active CPM). The slot name is not case-sensitive. You can use upper or lowercase "A” or "B”.

Command usage:

  • bof save — saves the BOF to the default drive (cf3:) on the active CPM (either in slot A or B)

  • bof save cf3: — saves the BOF to cf3: on the active CPM (either in slot A or B)

To save the BOF to a compact flash drive on the standby CPM (for example, the redundant (standby) CPM is installed in slot B), specify -A or -B option.

Command usage:

  • bof save cf3-A: — saves the BOF to cf3: on CPM in slot A whether it is active or standby

  • bof save cf3-B: — saves the BOF to cf3: on CPM in slot B whether it is active or standby

The slot name is not case-sensitive. You can use upper or lowercase "A” or "B”.

The bof save and show bof commands allow you to save to or read from the compact flash of the standby CPM. Use the show card command to determine the active and standby CPM (A or B).

Default

Saves must be explicitly executed. The BOF is saved to cf3: if a location is not specified.

Parameters

flash-id

Specifies the compact flash ID where the bof.cfg is to be saved.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default

cf3:

Platforms

All

save

Syntax

save file-url

Context

[Tree] (candidate save)

Full Context

candidate save

Description

This command saves the current candidate to a file.

Parameters

file-url

Specifies the directory and filename.

Platforms

All

save

Syntax

save [comment comment] [rescue]

Context

[Tree] (admin>rollback save)

Full Context

admin rollback save

Description

If the optional rescue keyword is not used, this command saves a rollback checkpoint at the location and with the filename specified by the rollback-location with a suffix of .rb. The previously saved checkpoints will have their suffixes incremented by one (.rb.1 becomes .rb.2, and so on). If there are already as many checkpoint files as the maximum number supported, then the last checkpoint file is deleted.

If the rescue keyword is used, then this command saves the current operational configuration as a rescue configuration at the location and with the filename specified by the rescue location. The filename will have the suffix .rc appended.

Parameters

comment-string

Specifies a comment, up to 255 characters, that is associated with the checkpoint.

rescue

Saves the rescue checkpoint instead of a normal rollback checkpoint.

Platforms

All

save

Syntax

save [file-url] [detail] [index]

Context

[Tree] (admin save)

Full Context

admin save

Description

This command saves the running configuration to a configuration file. For example:

A:ALA-1>admin# save ftp://test:test@192.168.x.xx/./100.cfg
Saving configuration .........Completed.

By default, the running configuration is saved to the primary configuration file.

Parameters

file-url

Specifies the file URL location to save the configuration file.

Values

local-url | remote-url

local-url

[cflash-id/][file-path] 200 chars max, including cflash-id

directory length 99 chars max each

remote-url

[{ftp:// | tftp://}login:pswd@remote-locn/][file-path]

243 chars max

directory length 99 chars max each

remote-locn

[hostname | ipv4-address | ipv6-address]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - 32 chars max, for link local addresses

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default

the primary configuration file location

detail

Saves both default and non-default configuration parameters.

index

Forces a save of the persistent index file regardless of the persistent status in the BOF file. The index option can also be used to avoid an additional boot required while changing your system to use the persistence indexes.

Platforms

All

save-deterministic-script

save-deterministic-script

Syntax

save-deterministic-script

Context

[Tree] (admin>nat save-deterministic-script)

Full Context

admin nat save-deterministic-script

Description

This command saves the script that calculates Deterministic NAT map entries.

Once the location for the Python deterministic NAT script is configured, the script is generated/updated every time deterministic NAT configuration is modified. However, the script must be manually exported to the remote location. This command triggers the export of the script to a remote location.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

save-when-restricted

save-when-restricted

Syntax

save-when-restricted

no save-when-restricted

Context

[Tree] (config>system>security>user-template save-when-restricted)

[Tree] (config>system>security>user save-when-restricted)

Full Context

configure system security user-template save-when-restricted

configure system security user save-when-restricted

Description

This command specifies whether the system permits all configuration save operations (such as admin save) via any management interface (such as CLI and NETCONF) even if restricted-to-home is enabled. The home directory does not need to be configured.

Default

no save-when-restricted

Platforms

All

saved-ind-prompt

saved-ind-prompt

Syntax

[no] saved-ind-prompt

Context

[Tree] (environment saved-ind-prompt)

Full Context

environment saved-ind-prompt

Description

This command enables saved indicator in the prompt. When changes are made to the configuration file a "*” appears in the prompt string indicating that the changes have not been saved. When an admin save command is executed the "*” disappears.

*A:ALA-48# admin save
Writing file to ftp://192.0.2.43/./sim48/sim48-config.cfg
Saving configuration .... Completed.
A:ALA-48#

Platforms

All

scaling-profile

scaling-profile

Syntax

scaling-profile scaling-profile-id

Context

[Tree] (config isa nat-group scaling-profile)

Full Context

configure isa nat-group scaling-profile

Description

This command determines profiles for NAT scaling. Lower profile numbers allocate less resources, therefore, supporting lower scaling.

Contact your Nokia representative for more information about NAT scaling figures in each profile.

Default

scaling-profile profile1

Parameters

scaling-profile-id

Specifies the name of the profile, up to 32 characters.

Values

ESA-VM supports three scaling profiles, while VSR-I supports only two.

  • profile1 is a low scaling profile that requires 8 CPU cores and 32 GB of DRAM memory per ESA-VM

  • profile2 is a medium scaling profile that requires 11 CPU cores and 96 GB of DRAM memory per ESA-VM

  • profile3 is a high scaling profile that requires 15 CPU cores and 115 GB of DRAM memory per ESA-VM

For the number of required CPU control cores on a VSR-I in relation to profiles, see to the Sysinfo section in the Virtualized Service Router Installation and Setup Guide

.For the amount of required memory on VSR-I in relation to profiles, see the Software Release Notes, section VM Memory Requirements by Function Mix.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sched-class

sched-class

Syntax

sched-class sched-class group name [weight weight]

no sched-class sched-class

Context

[Tree] (config>qos>hw-agg-shap-sched-plcy sched-class)

Full Context

configure qos hw-agg-shaper-scheduler-policy sched-class

Description

This command configures the scheduling class for the hardware aggregate shaper scheduler policy.

The no form of this command removes the scheduling class configuration.

Parameters

sched-class

Specifies the scheduling class ID.

Values

3 to 6

name

Assigns the specified scheduling class to a group within the hardware aggregate shaper scheduler policy.

weight

Specifies the weight for a scheduling class within the specified group.

Values

3 to 8

Default

1

Platforms

7750 SR-1, 7750 SR-s

sched-class

Syntax

sched-class sched-class

no sched-class

Context

[Tree] (config>qos>sap-egress>queue sched-class)

Full Context

configure qos sap-egress queue sched-class

Description

This command configures the scheduling class for the hardware aggregate shaper scheduler policy.

The no form of this command removes the scheduling class configuration.

Parameters

sched-class

Specifies the scheduling class ID.

Values

3 to 6

Platforms

7750 SR-1, 7750 SR-s

sched-class-elevation

sched-class-elevation

Syntax

sched-class-elevation sched-class sched-class weight weight

no sched-class-elevation sched-class sched-class

Context

[Tree] (config>qos>sap-egress sched-class-elevation)

Full Context

configure qos sap-egress sched-class-elevation

Description

This command configures the scheduling class elevation.

The no form of this command removes the scheduling class elevation configuration.

Parameters

sched-class

Specifies the scheduling class ID.

Values

3 to 6

weight

Specifies the weight for the scheduling class.

Values

3 to 8

Platforms

7750 SR-1, 7750 SR-s

sched-run-min-int

sched-run-min-int

Syntax

sched-run-min-int percent-of-default

no sched-run-min-int

Context

[Tree] (config>card>virt-sched-adj sched-run-min-int)

Full Context

configure card virtual-scheduler-adjustment sched-run-min-int

Description

This command overrides the default minimum time that must elapse before a virtual scheduler may redistribute bandwidth based on changes to the offered rates of member policers or queues. A minimum run interval is enforced to allow a minimum amount of "batching” queue changes before reacting to the changed rates. This minimum interval is beneficial since the periodic function of determining policer or queue offered rates is performed sequentially and the interval allows a number policer and queue rates to be determined before determining the distribution of bandwidth to the policers and queues.

The default minimum scheduler run interval is 0.5 seconds. The sched-run-min-int command uses a percent value to modify the default interval.

The no form of this command restores the default minimum scheduler run interval for all virtual schedulers on the card.

Default

no sched-run-min-int

Parameters

percent-of-default

Specifies that the percent-of-default parameter is required and is used to modify the default minimum scheduler run interval for all virtual schedulers on the card. Defining 100.00 percent is equivalent to removing the override (restoring the default) for the minimum scheduler run interval.

Values

0.01% to 1000.00%

Default

100.00%

Platforms

All

schedule

schedule

Syntax

[no] schedule schedule-name [owner schedule-owner]

Context

[Tree] (config>system>cron schedule)

Full Context

configure system cron schedule

Description

This command configures the type of schedule to run, including one-time only (oneshot), periodic or calendar-based runs. All runs are determined by month, day of month or weekday, hour, minute and interval (seconds).

The no form of the command removes the context from the configuration.

Parameters

schedule-name

Specifies the name of the schedule. The name can be up to 32 characters.

schedule-owner

Specifies the owner name of the schedule. The name can be up to 32 characters.

Default

TiMOS CLI

Platforms

All

schedule-type

schedule-type

Syntax

schedule-type schedule-type

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update schedule-type)

Full Context

configure system security pki ca-profile auto-crl-update schedule-type

Description

This command specifies the schedule type for auto CRL update. The system supports two types:

  • periodic: — The system will download a CRL periodically at the interval configured via the periodic-update-interval command. For example, if the periodic-update-interval is 1 day, then the system will download a CRL every 1 day. The minimal periodic-update-interval is 1 hour.

  • next-update-based — The system will download a CRL at the time = Next_Update_of_existing_CRL minus pre-update-time. For example, if the Next-Update of the existing CRL is 2015-06-30 06:00 and pre-update-time is 1 hour, then the system will start downloading at 2015-06-30, 05:00.

Default

schedule-type next-update-based

Parameters

schedule-type

Specifies the type of time scheduler to update the CRL.

Values

periodic, next-update-based

Platforms

All

scheduler

scheduler

Syntax

scheduler scheduler-name rate pir-rate [cir cir-rate]

no scheduler scheduler-name

Context

[Tree] (config>subscr-mgmt>sub-prof>egr>sched scheduler)

[Tree] (config>subscr-mgmt>sub-prof>ing>sched scheduler)

Full Context

configure subscriber-mgmt sub-profile egress scheduler-policy scheduler

configure subscriber-mgmt sub-profile ingress scheduler-policy scheduler

Description

This command provides a way to override parameters of the existing scheduler associated with the egress or ingress scheduler policy. A scheduler defines bandwidth controls that limit each child (other schedulers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have queues or other schedulers defined as child associations. The scheduler can be a child (take bandwidth from a scheduler in a higher tier).

The no form of this command reverts to the default.

Parameters

scheduler-policy-name

Specify an existing scheduler policy name.

pir-rate

Specify the pir-rate, in kilobits, to override the administrative PIR used by the scheduler. When the rate command is executed, a valid PIR setting must be explicitly defined. Fractional values are not allowed and must be specified as a positive integer.

Values

1 to 3200000000, max

cir-rate

The cir parameter overrides the administrative CIR used by the scheduler. When the rate command is executed, a CIR setting is optional. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers or queues. Fractional values are not allowed and must be given as a positive integer.

Values

0 to 3200000000, sum, max

Default

sum

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>vpls>sap>egress>sched-override scheduler)

Full Context

configure service vpls sap egress scheduler-override scheduler

Description

This command overrides specific attributes of the specified scheduler name.

A scheduler defines a bandwidth control that limits each child (other schedulers, policers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created has policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policers, queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context does not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.

  2. The provided scheduler-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command does not execute, nor does the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error occurs, the command does not execute, and the CLI context does not change.

The no form of this command removes the scheduler name from the configuration.

Parameters

scheduler-name

Specifies name of the scheduler

Values

Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

All

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>port>ethernet>access>egr>qgrp>sched-override scheduler)

[Tree] (config>port>ethernet>access>ing>qgrp>sched-override scheduler)

Full Context

configure port ethernet access egress queue-group scheduler-override scheduler

configure port ethernet access ingress queue-group scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name. A scheduler defines bandwidth controls that limit each child (other schedulers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers. The scheduler-name must exist in the applied scheduler policy.

The no form of this command removes the scheduler overrides for the specified scheduler and returns the scheduler’s parent weight and CIR weight, and its PIR and CIR to the values configured in the applied scheduler policy.

Parameters

scheduler-name

Specifies the name of the scheduler.

Values

Valid names consist of any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

Creates a new scheduler for this port.

Platforms

All

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>cpipe>sap>egress>sched-override scheduler)

[Tree] (config>service>cpipe>sap>ingress>sched-override scheduler)

[Tree] (config>service>ipipe>sap>egress>sched-override scheduler)

[Tree] (config>service>epipe>sap>ingress>sched-override scheduler)

[Tree] (config>service>epipe>sap>egress>sched-override scheduler)

[Tree] (config>service>ipipe>sap>ingress>sched-override scheduler)

Full Context

configure service cpipe sap egress scheduler-override scheduler

configure service cpipe sap ingress scheduler-override scheduler

configure service ipipe sap egress scheduler-override scheduler

configure service epipe sap ingress scheduler-override scheduler

configure service epipe sap egress scheduler-override scheduler

configure service ipipe sap ingress scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name. A scheduler defines bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policers, queues, or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.

  2. The provided scheduler-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the following criteria, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

The name of the scheduler. Each scheduler must be explicitly created.

Values

Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress scheduler-override scheduler
  • configure service cpipe sap ingress scheduler-override scheduler

All

  • configure service ipipe sap egress scheduler-override scheduler
  • configure service epipe sap ingress scheduler-override scheduler
  • configure service epipe sap egress scheduler-override scheduler
  • configure service ipipe sap ingress scheduler-override scheduler

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>vprn>if>sap>egress>sched-override scheduler)

[Tree] (config>service>vprn>if>sap>ingress>sched-override scheduler)

Full Context

configure service vprn interface sap egress scheduler-override scheduler

configure service vprn interface sap ingress scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.

  2. The provided scheduler-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

Specifies the name of the scheduler.

Values

Valid names consist of any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

create

Specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

All

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>ies>if>sap>egress>sched-override scheduler)

[Tree] (config>service>ies>if>sap>ingress>sched-override scheduler)

Full Context

configure service ies interface sap egress scheduler-override scheduler

configure service ies interface sap ingress scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.

  2. The provided scheduler-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

The name of the scheduler. Each scheduler must be explicitly created.

Values

Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

All

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>qos>scheduler-policy>tier scheduler)

Full Context

configure qos scheduler-policy tier scheduler

Description

This command creates a new scheduler or edits an existing scheduler within the scheduler policy tier. A scheduler defines bandwidth controls that limit each child (other schedulers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however, the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce SLAs.

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.

  2. The provided scheduler-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs, the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

Specifies the scheduler name.

Values

Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

create

This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

All

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>cust>multi-service-site>ingress>sched-override scheduler)

[Tree] (config>service>cust>multi-service-site>egress>sched-override scheduler)

Full Context

configure service customer multi-service-site ingress scheduler-override scheduler

configure service customer multi-service-site egress scheduler-override scheduler

Description

This command override specifics attributes of the specified scheduler name.

A scheduler defines bandwidth controls that limit each child (other schedulers, policers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policer, queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.

  2. The provided scheduler-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

The no form of the command disables the scheduler override.

Parameters

scheduler-name

Specifies the name of the scheduler.

Values

Valid names consist of any string up to 32 characters in length, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

All

scheduler

Syntax

scheduler scheduler-name rate pir-rate [cir cir-rate]

no scheduler scheduler-name

Context

[Tree] (config>subscr-mgmt>sla-prof>egress>sched scheduler)

Full Context

configure subscriber-mgmt sla-profile egress scheduler-policy scheduler

Description

This command provides a way to override parameters of the existing scheduler associated with the egress scheduler policy. A scheduler defines bandwidth controls that limit each child (other schedulers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have queues or other schedulers defined as child associations. The scheduler can be a child (take bandwidth from a scheduler in a higher tier).

The no form of this command reverts to the default.

Parameters

scheduler-name

Specify an existing scheduler policy name up to 32 characters.

pir-rate

Specifies the PIR rate in kb/s. This parameter overrides the administrative PIR used by the scheduler. When the rate command is executed, a valid PIR setting must be explicitly defined. Fractional values are not allowed and must be given as a positive integer.

Values

1 to 3200000000, max

cir-rate

Specifies the CIR rate in kb/s. This parameter overrides the administrative CIR used by the scheduler. When the rate command is executed, a CIR setting is optional. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers or queues. Fractional values are not allowed and must be given as a positive integer.

Values

0 to 3200000000, sum, max

Default

sum

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

scheduler-override

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>vpls>sap>ingress scheduler-override)

[Tree] (config>service>vpls>sap>egress scheduler-override)

Full Context

configure service vpls sap ingress scheduler-override

configure service vpls sap egress scheduler-override

Description

Commands in this context configure the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag returns the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

The no form of this command removes scheduler parameters from the configuration.

Platforms

All

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>port>ethernet>access>egr>qgrp scheduler-override)

[Tree] (config>port>ethernet>access>ing>qgrp scheduler-override)

Full Context

configure port ethernet access egress queue-group scheduler-override

configure port ethernet access ingress queue-group scheduler-override

Description

This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the ingress or egress queue group template.

The no form of this command removes all of the scheduler overrides and returns the scheduler’s parent weight and CIR weight, and its PIR and CIR to the values configured in the applied scheduler policy.

Platforms

All

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>cpipe>sap>egress scheduler-override)

[Tree] (config>service>cpipe>sap>ingress scheduler-override)

[Tree] (config>service>ipipe>sap>ingress scheduler-override)

[Tree] (config>service>epipe>sap>egress scheduler-override)

[Tree] (config>service>epipe>sap>ingress scheduler-override)

[Tree] (config>service>ipipe>sap>egress scheduler-override)

Full Context

configure service cpipe sap egress scheduler-override

configure service cpipe sap ingress scheduler-override

configure service ipipe sap ingress scheduler-override

configure service epipe sap egress scheduler-override

configure service epipe sap ingress scheduler-override

configure service ipipe sap egress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress scheduler-override
  • configure service cpipe sap egress scheduler-override

All

  • configure service epipe sap ingress scheduler-override
  • configure service ipipe sap egress scheduler-override
  • configure service ipipe sap ingress scheduler-override
  • configure service epipe sap egress scheduler-override

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>ies>if>sap>egress scheduler-override)

[Tree] (config>service>ies>if>sap>ingress scheduler-override)

Full Context

configure service ies interface sap egress scheduler-override

configure service ies interface sap ingress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

Platforms

All

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>vprn>if>sap>egress scheduler-override)

[Tree] (config>service>vprn>if>sap>ingress scheduler-override)

Full Context

configure service vprn interface sap egress scheduler-override

configure service vprn interface sap ingress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

Platforms

All

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>cust>multi-service-site>ingress scheduler-override)

[Tree] (config>service>cust>multi-service-site>egress scheduler-override)

Full Context

configure service customer multi-service-site ingress scheduler-override

configure service customer multi-service-site egress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress and egress scheduler policy.

The no form of the command disables the override.

Platforms

All

scheduler-parent

scheduler-parent

Syntax

scheduler-parent scheduler-name [weight weight] [level level] [cir-weight cir-weight] [cir-level cir-level]

no scheduler-parent

Context

[Tree] (config>qos>sap-egress>policer scheduler-parent)

Full Context

configure qos sap-egress policer scheduler-parent

Description

This command defines an optional parent scheduler that governs the available bandwidth given to a policer in addition to the PIR setting of the policer. When multiple schedulers, queues, or policers share a child status with the parent scheduler, the weight or level parameters define how this policer contends with the other children for the bandwidth of the parent. This command and the configuration of a SAP policer port-parent or parent arbiter are mutually exclusive.

Multiple schedulers can exist in different scheduler policies with the same scheduler-name; in this command, the associated scheduler-name pertains to a scheduler that should exist on the SAP as the policy is applied and the policer is created. When the policer is created on the SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly applied or indirectly applied (through a multiservice customer site) to the SAP. The policer accepts packets, but is not bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The SAP to which the policer belongs displays an orphan policer status with the SapEgressPolicerMismatch flag in the show service sap-using output. The orphaned state of the policer is automatically cleared when the scheduler-name becomes available on the SAP.

The parent scheduler can be made unavailable by the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the policer enters the orphaned state. The policer automatically returns to normal operation when the parent scheduler is available again.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and no error message is returned. When a parent association has been removed, the former child policer attempts to operate based on its configured rate parameter.

Removing the parent association on the policer within the policy takes effect immediately on all policers using the SAP QoS policy.

Default

no scheduler-parent

Parameters

scheduler-name

Scheduler names are configured in the config>qos>scheduler-policy>tier context. There are no checks performed at the time of definition to ensure that the scheduler-name exists within an existing scheduler policy. For the policer to use the defined scheduler-name, the scheduler must exist on each SAP that the policer is created on. If a scheduler-name does not exist on the SAP, the policer operates in an orphaned state. Each parental association must be explicitly defined.

Values

Any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

weight

Defines the relative weight of this policer in comparison with other child policers, queues, and schedulers when competing for bandwidth on the parent scheduler-name at the above-CIR priority level defined by the level parameter.

All weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority at the configured level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.

Values

0 to 100

Default

1

level

Defines the level of hierarchy when compared with other policers, queues, and schedulers when competing for bandwidth on the parent scheduler-name.

Children of the parent scheduler with a lower priority will not receive bandwidth until all children with a higher priority have either reached their maximum bandwidth or are idle. Children with the same level are serviced in relation to their relative weights.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight

Defines the relative weight of this policer in comparison with other child policers, queues, or schedulers competing for bandwidth on the parent scheduler-name at the within-CIR priority level defined by the cir-level parameter.

All cir-weight values from all weighted active policers, queues, and schedulers with a common parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.

The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the policer receives bandwidth only after the other children with a non-zero weight at this level.

Values

0 to 100

Default

1

cir-level

Defines the level of hierarchy when compared with other policers, queues, and schedulers that the policer uses to receive bandwidth for its within-CIR offered load. If the cir-level parameter is set to a value of 0 (the default value), the policer does not receive bandwidth during the schedulers within-CIR pass and the cir-weight parameter is ignored. If the cir-level parameter is 1 or greater, the cir-weight parameter is used.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, VSR

scheduler-parent

Syntax

scheduler-parent scheduler-name [weight weight] [level level] [cir-weight cir-weight] [cir-level cir-level]

no scheduler-parent

Context

[Tree] (config>qos>sap-ingress>policer scheduler-parent)

Full Context

configure qos sap-ingress policer scheduler-parent

Description

This command defines an optional parent scheduler that governs the available bandwidth given to a policer in addition to the PIR setting of the policer. When multiple schedulers, queues, or policers share a child status with the parent scheduler, the weight or level parameters define how this policer contends with the other children for the bandwidth of the parent. This command and the configuration of a SAP policer scheduler-parent or parent arbiter are mutually exclusive.

Multiple schedulers can exist in different scheduler policies with the same scheduler-name; in this command, the associated scheduler-name pertains to a scheduler that should exist on the SAP as the policy is applied and the policer is created. When the policer is created on the SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly applied or indirectly applied (through a multiservice customer site) to the SAP. The policer accepts packets, but is not bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP.

The parent scheduler can be made unavailable by the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the policer enters the orphaned state. The policer automatically returns to normal operation when the parent scheduler is available again.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and no error message is returned. When a parent association has been removed, the former child policer attempts to operate based on its configured rate parameter.

Removing the parent association on the policer within the policy takes effect immediately on all policers using the SAP QoS policy.

Default

no scheduler-parent

Parameters

scheduler-name

Scheduler names are configured in the config>qos>scheduler-policy>tier context. There are no checks performed at the time of definition to ensure that the scheduler-name exists within an existing scheduler policy. For the policer to use the defined scheduler-name, the scheduler must exist on each SAP that the policer is created on. If a scheduler-name does not exist on the SAP, the policer operates in an orphaned state. Each parental association must be explicitly defined.

Values

Any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

weight

Defines the relative weight of this policer in comparison with other child policers, queues, and schedulers when competing for bandwidth on the parent scheduler-name at the above-CIR priority level defined by the level parameter.

All weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority at the configured level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.

Values

0 to 100

Default

1

level

Defines the level of hierarchy when compared with other policers, queues, and schedulers when competing for bandwidth on the parent scheduler-name.

Children of the parent scheduler with a lower priority will not receive bandwidth until all children with a higher priority have either reached their maximum bandwidth or are idle. Children with the same level are serviced in relation to their relative weights.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight

Defines the relative weight of this policer in comparison with other child policers, queues, or schedulers competing for bandwidth on the parent scheduler-name at the within-CIR priority level defined by the cir-level parameter.

All cir-weight values from all weighted active policers, queues, and schedulers with a common parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.

The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the policer receives bandwidth only after the other children with a non-zero weight at this level.

Values

0 to 100

Default

1

cir-level

Defines the level of hierarchy when compared with other policers, queues, and schedulers that the policer uses to receive bandwidth for its within-CIR offered load. If the cir-level parameter is set to a value of 0 (the default value), the policer does not receive bandwidth during the schedulers within-CIR pass and the cir-weight parameter is ignored. If the cir-level parameter is 1 or greater, the cir-weight parameter is used.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s

scheduler-policy

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>subscr-mgmt>sla-prof>egress scheduler-policy)

Full Context

configure subscriber-mgmt sla-profile egress scheduler-policy

Description

This command specifies a scheduler policy to associate to the sla profile. Scheduler policies are configured in the configure>qos>scheduler>policy context. Each scheduler policy is divided up into groups of schedulers based on the tier each scheduler is created under. A tier is used to give structure to the schedulers within a policy and define rules for parent scheduler associations. The policy defines the hierarchy and operating parameters for virtual schedulers.

The no form of this command removes the scheduler-policy-name from the configuration.

Parameters

scheduler-policy-name

Specifies an existing scheduler policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>subscr-mgmt>sub-profile>ingress scheduler-policy)

[Tree] (config>subscr-mgmt>sub-profile>egress scheduler-policy)

Full Context

configure subscriber-mgmt sub-profile ingress scheduler-policy

configure subscriber-mgmt sub-profile egress scheduler-policy

Description

This command specifies a scheduler policy to associate to the subscriber profile. Scheduler policies are configured in the configure>qos>scheduler>policy context. Each scheduler policy is divided up into groups of schedulers based on the tier each scheduler is created under. A tier is used to give structure to the schedulers within a policy and define rules for parent scheduler associations. The policy defines the hierarchy and operating parameters for virtual schedulers.

The no form of this command reverts to the default.

Parameters

scheduler-policy-name

Specify an existing scheduler policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>ies>sap>ingress scheduler-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap>ingress scheduler-policy)

[Tree] (config>service>ies>sap>egress scheduler-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap>ingress scheduler-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap>egress scheduler-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap>egress scheduler-policy)

Full Context

configure service ies sap ingress scheduler-policy

configure service ies subscriber-interface group-interface sap ingress scheduler-policy

configure service ies sap egress scheduler-policy

configure service vprn subscriber-interface group-interface sap ingress scheduler-policy

configure service ies subscriber-interface group-interface sap egress scheduler-policy

configure service vprn subscriber-interface group-interface sap egress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by ingress SAP queues or egress SAP policers and queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the SAP policers or queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers or queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers or queues. When the no form of this command executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name:

Specifies the scheduler policy name to apply to an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress queues or egress policers and queues created on associated SAPs.

Values

Any existing valid scheduler policy name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>port>ethernet>access>egress>vport scheduler-policy)

Full Context

configure port ethernet access egress vport scheduler-policy

Description

This command specifies a scheduler policy to associate to the Vport. Scheduler policies are configured in the configure>qos>scheduler>policy context. Each scheduler policy is divided up into groups of schedulers based on the tier each scheduler is created under. A tier is used to give structure to the schedulers within a policy and define rules for parent scheduler associations. The policy defines the hierarchy and operating parameters for virtual schedulers.

The no form of this command removes the configured egress scheduler policy from the Vport.

The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate/port-scheduler-policy involves removing the existing command and applying the new command.

The configuration of a scheduler policy under a Vport is mutually exclusive with the configuration of the egress-rate-modify parameter.

The no form of this command reverts to the default.

Parameters

scheduler-policy-name

Specifies the scheduler-policy-name parameter applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of egress virtual schedulers.

Platforms

All

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>ies>if>sap>egress scheduler-policy)

[Tree] (config>service>vpls>sap>ingress scheduler-policy)

[Tree] (config>service>ies>if>sap>ingress scheduler-policy)

[Tree] (config>service>vprn>if>sap>egress scheduler-policy)

[Tree] (config>service>vprn>if>sap>ingress scheduler-policy)

[Tree] (config>service>vpls>sap>egress scheduler-policy)

Full Context

configure service ies interface sap egress scheduler-policy

configure service vpls sap ingress scheduler-policy

configure service ies interface sap ingress scheduler-policy

configure service vprn interface sap egress scheduler-policy

configure service vprn interface sap ingress scheduler-policy

configure service vpls sap egress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues and egress SAP policers and queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers or queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers or queues. When the no scheduler-policy command is executed, the customer site’s ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name

Specifies that the scheduler-policy-name is applied to an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues created on associated SAPs.

Values

Any existing valid scheduler policy name.

Platforms

All

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>egress scheduler-policy)

Full Context

configure service ies subscriber-interface group-interface wlan-gw egress scheduler-policy

Description

This command configures the identifier of the egress scheduler policy associated with each wlan-gw tunnel of this interface.

The no form of this command removes the scheduler policy name from the configuration.

Parameters

scheduler-policy-name

Specifies the identifier of the egress scheduler policy associated with each wlan-gw tunnel of this interface.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>port>ethernet>egress>queue-group scheduler-policy)

[Tree] (config>port>ethernet>network>egress>queue-group scheduler-policy)

[Tree] (config>port>ethernet>ingress>queue-group scheduler-policy)

Full Context

configure port ethernet egress queue-group scheduler-policy

configure port ethernet network egress queue-group scheduler-policy

configure port ethernet ingress queue-group scheduler-policy

Description

This command configures a scheduler policy for the egress queue group.

Parameters

scheduler-policy-name

Specifies the scheduler policy name, up to 32 characters.

Platforms

All

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>ipipe>sap>ingress scheduler-policy)

[Tree] (config>service>epipe>sap>egress scheduler-policy)

[Tree] (config>service>epipe>sap>ingress scheduler-policy)

[Tree] (config>service>cpipe>sap>egress scheduler-policy)

[Tree] (config>service>ipipe>sap>egress scheduler-policy)

[Tree] (config>service>cpipe>sap>ingress scheduler-policy)

Full Context

configure service ipipe sap ingress scheduler-policy

configure service epipe sap egress scheduler-policy

configure service epipe sap ingress scheduler-policy

configure service cpipe sap egress scheduler-policy

configure service ipipe sap egress scheduler-policy

configure service cpipe sap ingress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created when the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues associated with the customer site. Policers or queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers or queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers or queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name

The scheduler-policy-name parameter applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues and to egress policers managed by HQoS created on associated SAPs.

Platforms

All

  • configure service epipe sap egress scheduler-policy
  • configure service ipipe sap ingress scheduler-policy
  • configure service epipe sap ingress scheduler-policy
  • configure service ipipe sap egress scheduler-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress scheduler-policy
  • configure service cpipe sap egress scheduler-policy

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>vpls>sap>egress>encap-defined-qos>encap-group scheduler-policy)

Full Context

configure service vpls sap egress encap-defined-qos encap-group scheduler-policy

Description

This command configures the scheduler policy.

Platforms

All

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name [create]

no scheduler-policy scheduler-policy-name

Context

[Tree] (config>qos scheduler-policy)

Full Context

configure qos scheduler-policy

Description

Each scheduler policy is divided up into groups of schedulers based on the tier each scheduler is created under. A tier is used to give structure to the schedulers within a policy and define rules for parent scheduler associations.

The scheduler-policy command creates a scheduler policy or allows editing of an existing policy. The policy defines the hierarchy and operating parameters for virtual schedulers. Creating a policy does not create the schedulers; it only provides a template for the schedulers to be created when the policy is associated with a SAP or multiservice site.

Each scheduler policy must have a unique name within the context of the system. Modifications made to an existing policy are executed on all schedulers that use the policy. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce SLAs.

If a scheduler-policy-name does not exist, it is assumed that an attempt is being made to create a new policy. The success of the command execution is dependent on the following:

  1. The maximum number of scheduler policies has not been configured.

  2. The provided scheduler-policy-name is valid.

  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of scheduler policies has been exceeded, a configuration error occurs, the command will not execute, and the CLI context will not change.

If the provided scheduler-policy-name is invalid according to the criteria below, a name syntax error occurs, the command will not execute, and the CLI context will not change.

Parameters

scheduler-policy-name

The name of the scheduler policy.

Values

Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Platforms

All

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>cust>multi-service-site>ingress scheduler-policy)

[Tree] (config>service>cust>multi-service-site>egress scheduler-policy)

Full Context

configure service customer multi-service-site ingress scheduler-policy

configure service customer multi-service-site egress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues or, at egress only, policers associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the SAP policers and queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler.

The SAPs that have ingress queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers and queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name

Applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues and egress policers managed by HQoS created on associated SAPs.

Values

Any existing valid scheduler policy name up to 32 characters in length.

Platforms

All

scheduler-policy

Syntax

scheduler-policy src-name dst-name [overwrite]

Context

[Tree] (config>qos>copy scheduler-policy)

Full Context

configure qos copy scheduler-policy

Description

This command copies existing QoS policy entries for a QoS policy to another QoS policy.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

If overwrite is not specified, an error will occur if the destination policy exists.

Parameters

src-name dst-name

Indicates that the source policy and the destination policy are scheduler policy. Specify the source policy that the copy command will attempt to copy from and specify the destination policy to which the command will copy a duplicate of the policy.

overwrite

Forces the destination policy name to be copied as specified. When forced, everything in the existing destination policy will be completely overwritten with the contents of the source policy.

Platforms

All

scheduling-class

scheduling-class

Syntax

scheduling-class class rate rate

scheduling-class class weight weight-in-group

no scheduling-class class

Context

[Tree] (config>port>ethernet>egress>hs-sched-ovr scheduling-class)

Full Context

configure port ethernet egress hs-scheduler-overrides scheduling-class

Description

This command overrides the scheduling class configuration in the HS scheduler policy applied to the port egress. The scheduling class rate or weight within the WRR group can be overridden.

The no form of this command removes the scheduling class override parameters from the port egress configuration.

Parameters

class

Specifies the scheduling class.

Values

1 to 6

rate

Specifies the explicit maximum frame based bandwidth limit, in megabits per second, for this HS scheduler policy scheduling class. The rate keyword must be followed by either the keyword max or a rate specified in megabits per second.

Values

1 to 100000, max

The max keyword specifies that a limit is not enforced for the specified class. The max keyword is mutually exclusive to the rate value and when specified, must directly follow the rate keyword. Setting the rate of the class will fail when the class is currently a member of a group.

weight-in-group

Specifies the weight the HS scheduler policy should apply to this scheduling class within the group in which it belongs. The weight-in-group parameter must follow the weight keyword and is used to specify the relative weight of class to the other scheduling classes within the group. Setting the weight will fail if the scheduling class is not currently configured in a group.

Values

1 to 127

Platforms

7750 SR-7/12/12e

scheduling-class

Syntax

scheduling-class class-id

no scheduling-class

Context

[Tree] (config>service>vprn>if>sap scheduling-class)

Full Context

configure service vprn interface sap scheduling-class

Description

This command specifies the scheduling class to use for this SAP.

Parameters

class-id

Specifies the scheduling class to use for this SAP.

Values

0 to 3

Default

0

Platforms

All

scheduling-class

Syntax

scheduling-class class-id group group-id [weight weight-in-group]

scheduling-class class-id rate rate

no scheduling-class class-id

Context

[Tree] (config>qos>hs-scheduler-policy scheduling-class)

Full Context

configure qos hs-scheduler-policy scheduling-class

Description

This command configures the behavior of a specific scheduling class on all HSQ schedulers associated with the policy. The scheduler-class command performs one of two operations: it configures a maximum rate for the scheduling class or places the scheduling class into the weighted scheduling group. The two operations are mutually exclusive.

By default, none of the scheduling classes are members of the weighted scheduling group and each class is set to a rate limit of max (no rate limit applied).

Specifying Scheduling Class Rate (or Removing the Scheduling Class from Group) — If the scheduling-class command is executed with the rate keyword specified, either max or a specified rate value must follow. If a class-id was previously mapped into the weighted scheduling group, the class is removed from the group. However, if removing the class from the group causes the group to no longer have contiguous class members, the command fails with no effect on the specified class. A "non-contiguous grouping error” is returned. The lowest or highest members within a weighted group must be removed prior to removing the middle members. For example, if scheduling classes 3, 4, and 5 were members of weighted group 1, class 4 cannot be removed first.

This command using the rate keyword also fails when an override for the group weight is in place on the scheduling class within a scheduler associated with the policy. The override expects the class to be associated with a weighted scheduling group and the policy rate definition is attempting to remove the class from the group. An "override mismatch” error is generated, specifying the scheduling object where the override exists.

After a rate has been successfully defined for a scheduling class, the specified rate is automatically updated on all HSQ scheduler instances associated with the scheduling policy. The exception is where the scheduler instance has a local override for the rate on the scheduling class.

Specifying Scheduling Class Weighted Group Membership — If the scheduling-class command is executed with the group keyword specified, the group ID value of 1 must follow. The corresponding optional weight keyword is used to specify the weight of the scheduling class within the group. If weight is not specified, the default weight of 1 is used. If the specified scheduling class is not contiguous with the other scheduling classes in the group, the command fails with no change to the current state of the scheduling class and a "non-contiguous grouping” error is returned, specifying the weighted scheduling group and the current group members.

The scheduling-class command fails using the group keyword when a rate override for the scheduling class exists on an HSQ scheduler instance associated with the policy. The rate override for the scheduling class indicates the class is directly attached to a strict priority level, conflicting with the policy group keyword trying to place the class in the specified group. The command fails without affecting the scheduling class definition on the policy and returns an error specifying the scheduling object where the override exists.

Other Override Constraints — The scheduling overrides cannot change or remove a scheduling class from a policy-defined weighted group membership.

The no form of the command returns the scheduling class represented by class-id to the default behavior. The default behavior for a scheduling class is to not be a member of the weighted scheduling class group and have a rate set to max. The no scheduling-class command fails if the scheduling class is currently a member of the weighted scheduling class group and a weight override is in effect on a scheduling object for the class, in which case an error is returned.

Parameters

class-id

Specifies the scheduling class for HS scheduler policy. The class-id value is a required parameter that specifies which scheduling class the scheduling-class command is acting upon.

Values

1 to 6

group-id

Specifies the group this HS scheduler policy scheduling class belongs to. The group and the rate keywords are mutually exclusive when executing this command. A group ID value of 1 must follow the group keyword. The group keyword removes the class ID from its inherent strict scheduling level and places it into the specified group ID. The associated weight parameter is optional and is used to specify the weight of a class ID within the weighted scheduling class group. Specifying the group parameter while an override for the scheduling class exists for rate causes the scheduling-class command to fail.

Values

1

weight-in-group

Specifies the weight the HS scheduler policy should apply to this scheduling class within the group in which it belongs. This keyword is optional and must follow the group parameter when specified. The weight-in-group parameter must follow the weight keyword and is used to specify the relative weight of the class-id to the other scheduling classes within the group. If the group is specified without the weight parameter, a default weight of 1 is used.

Values

1 to 127

rate

Specifies the explicit maximum frame-based bandwidth limit, in megabits per second, for this HS scheduler policy scheduling class. The rate and group keywords are mutually exclusive. Either the rate or group keyword must be specified when executing this command. When specified, the rate keyword must be followed by either the keyword max or a rate specified in megabits per second. The specified rate can be overridden at the port Ethernet egress using the scheduler override functions. A newly-created HS scheduler policy defaults each scheduling class to have its rate set to max and the weighted scheduling class group has no members.

Values

1 to 100000, max

The max keyword specifies that a limit is not enforced for the specified class ID and that the class ID is not a member of a weighted scheduling class group. The max keyword and the rate value are mutually exclusive; when max is specified, it must directly follow the rate keyword. Setting the rate of the class fails when the class currently has a group weight override defined on a scheduling object.

Platforms

7750 SR-7/12/12e

schema-path

schema-path

Syntax

schema-path url-string

no schema-path

Context

[Tree] (config>system>management-interface schema-path)

Full Context

configure system management-interface schema-path

Description

This command specifies the schema path where the SR OS YANG modules can be placed by the user before using a <get-schema> request. Nokia recommends that the URL string not exceed 135 characters for the <get-schema> request to work correctly with all schema files.

If this command is not configured, the software upgrade process manages the YANG schema files to ensure the schema files are synchronized with the software image on both the primary and standby CPM.

The no form of this command reverts to the default value.

Default

no schema-path

Parameters

url-string

Specifies the schema path URL up to 180 characters. However, Nokia recommends that the string shall not exceed 135 characters to ensure that the <get-schema> request works properly with all schema files.

Platforms

All

scope

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>service>mrp>mrp-policy scope)

Full Context

configure service mrp mrp-policy scope

Description

This command configures the filter policy scope as exclusive or template. If the scope of the policy is template and is applied to one or more services, the scope cannot be changed.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to a single entity (SAP or SDP). Attempting to assign the policy to a second entity will result in an error message. If the policy is removed from the entity, it will become available for assignment to another entity.

template

When the scope of a policy is defined as template, the policy can be applied to multiple SAPs or network ports.

Platforms

All

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>qos>sap-ingress scope)

Full Context

configure qos sap-ingress scope

Description

This command configures the Service Ingress QoS policy scope as exclusive or template.

The policy’s scope cannot be changed if the policy is applied to a service.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to one SAP. If a policy with an exclusive scope is assigned to a second SAP, an error message is generated. If the policy is removed from the exclusive SAP, it will become available for assignment to another exclusive SAP.

The system default policies cannot be put into the exclusive scope. An error will be generated if scope exclusive is executed in any policies with a policy-id equal to 1.

template

When the scope of a policy is defined as template, the policy can be applied to multiple SAPs on the router.

Default QoS policies are configured with template scopes. An error is generated when the template scope parameter to exclusive scope on default policies is modified.

Platforms

All

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>qos>sap-egress scope)

Full Context

configure qos sap-egress scope

Description

Enter the scope of this policy. The scope of the policy cannot be changed if the policy is applied to one or more services.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to a single SAP. Attempting to assign the policy to a second SAP will result in an error message. If the policy is removed from the exclusive SAP, it will become available for assignment to another exclusive SAP.

The system default policies cannot be put into the exclusive scope. An error will be generated if scope exclusive is executed in any policies with a policy-id equal to 1.

template

When the scope of a policy is defined as template, the policy can be applied to multiple SAPs on the router.

Platforms

All

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>qos>network scope)

Full Context

configure qos network scope

Description

This command configures the network policy scope as exclusive or template. The policy’s scope cannot be changed if the policy is applied to an interface.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to one interface. If a policy with an exclusive scope is assigned to a second interface, an error message is generated. If the policy is removed from the exclusive interface, it will become available for assignment to another exclusive interface.

The system default policies cannot be put into the exclusive scope. An error will be generated if the scope exclusive command is executed in any policies with a policy-id equal to 1.

template

When the scope of a policy is defined as template, the policy can be applied to multiple interfaces on the router.

Default QoS policies are configured with template scopes. An error is generated if the template scope parameter is modified to exclusive scope on default policies.

Platforms

All

scope

Syntax

scope {exclusive | template | embedded | system}

scope {exclusive | template}

no scope

Context

[Tree] (config>filter>mac-filter scope)

[Tree] (config>filter>ip-filter scope)

[Tree] (config>filter>ipv6-filter scope)

[Tree] (config>filter>ip-exception scope)

Full Context

configure filter mac-filter scope

configure filter ip-filter scope

configure filter ipv6-filter scope

configure filter ip-exception scope

Description

This command configures the filter policy scope as exclusive, template, embedded or system.

The scope of the policy cannot be changed when:

  • the scope is template and the policy is applied to one or more services or network interfaces

  • the scope is embedded and the policy is embedded by another policy

Changing the scope to/from system is only allowed when a policy is not active and the policy has no entries configured.

The no form of the command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

Specifies that the policy can only be applied to a single entity. Attempting to assign the policy to a second entity will result in an error message.

template

Specifies that the policy can be applied to multiple entities.

embedded

Specifies that the policy cannot be applied directly. The policy defines embedded filter rules, which are embedded by other exclusive/template/system filter policies. The embedded scope is supported for IPv4 and IPv6 filter policies only.

system

Specifies that the policy defines system-wide filter rules. To apply system policy rules, activate system filter and chain exclusive/template ACL filter policy to the system filter. The system scope is supported for IPv4 and IPv6 filter policies only.

Platforms

All

  • configure filter ip-filter scope
  • configure filter mac-filter scope
  • configure filter ipv6-filter scope

VSR

  • configure filter ip-exception scope

scp

scp

Syntax

scp local-file-url destination-file-url [router router-instance] [force]

scp local-file-url destination-file-url [force] service service-name

Context

[Tree] (file scp)

Full Context

file scp

Description

This command copies a local file to a remote host file system. It uses ssh for data transfer, and uses the same authentication and provides the same security as ssh. The following prompt appears:

"Are you sure (y/n)?” The destination must specify a user and a host.

Parameters

local-file-url

Specifies the local source file or directory.

Values

[cflash-id/] file-path

up to 200 characters

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

destination-file-url

Specifies the destination file.

Values

destination-file-*: user@hostname:file-path - up to 255 characters

user

up to 32 characters

hostname

[dns-name | ipv4-address | "["ipv6-address”]”]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - up to 32 characters, mandatory for link local addresses

dns-name

up to 128 characters

file-path

up to 200 characters, directory length up to 99 characters

user

Specifies the SSH user.

hostname

Specifies the remote host IP address of DNS name.

file-path

Specifies the destination path.

router-instance

Specifies the router name or service ID used to specify the router instance.

Values

router-name

"Base”, "management”, "vpls-management”

vprn-service-id

1 to 2147483647

Default

Base

force

Forces an immediate copy of the specified file. The command file scp local-file-url destination-file-url [router router-instance] force executes the command without displaying a user prompt message.

service-name

Specifies the service name used to identify the router instance. The service name can be a maximum of 64 characters long.

Platforms

All

scramble

scramble

Syntax

[no] scramble

Context

[Tree] (config>port>tdm>e3 scramble)

[Tree] (config>port>tdm>ds3 scramble)

Full Context

configure port tdm e3 scramble

configure port tdm ds3 scramble

Description

This command enables payload scrambling on channel groups.

Scrambling randomizes the pattern of 1s and 0s carried in a SONET frame. Rearranging or scrambling the pattern prevents continuous strings of all 1s or all 0s and meets the needs of physical layer protocols that rely on sufficient transitions between 1s and 0s to maintain clocking.

The no form of this command disables scrambling.

Default

no scramble

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

scramble

Syntax

[no] scramble

Context

[Tree] (config>port>sonet-sdh>path scramble)

Full Context

configure port sonet-sdh path scramble

Description

This command enables SONET/SDH payload scrambling. Scrambling randomizes the pattern of 1s and 0s carried in a SONET frame. Rearranging or scrambling the pattern prevents continuous strings of all 1s or all 0s and meets the needs of physical layer protocols that rely on sufficient transitions between 1s and 0s to maintain clocking.

For ATM, this command enables or disables ATM cell-level payload scrambling/descrambling using x43+1 polynomial as defined in ITU-T I.432.1. Scrambling is enabled by default for the ATM path/channel. Note that this scrambling is done in addition to SONET/SDH frame scrambling/descrambling, which is always enabled in the framer.

The no form of this command disables scrambling.

Default

no scramble

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

script

script

Syntax

script script

Context

[Tree] (debug>dynsvc>scripts script)

Full Context

debug dynamic-services scripts script

Description

Commands in this context configure dynamic services script debugging for a specific script.

Parameters

script

Specifies the script name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script

Syntax

script script-name [owner script-owner]

no script

Context

[Tree] (config>system>script-control script)

[Tree] (config>system>script-control>script-policy script)

Full Context

configure system script-control script

configure system script-control script-policy script

Description

This command is used to configure a script to be run.

The no form of the command removes the script.

Default

no script

Parameters

script-name

Specifies the name of the script. Can be up to 32 characters.

script-owner

Specifies the name of the script owner. Can be up to 32 characters.

The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized.

Default

"TiMOS CLI”

Platforms

All

script-all-info

script-all-info

Syntax

script-all-info

Context

[Tree] (debug>python>py-script script-all-info)

Full Context

debug python python-script script-all-info

Description

This command enables the script-compile-error, script-export-variables, script-output, script-output-on-error, and script-runtime-error functionalities.

Platforms

All

script-all-info

Syntax

script-all-info

Context

[Tree] (debug>subscr-mgmt>sub-ident-plcy script-all-info)

Full Context

debug subscriber-mgmt sub-ident-policy script-all-info

Description

This command enables the script-compile-error, script-export-variables, script-output, script-output-on-error, and script-runtime-error functionalities.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-compile-error

script-compile-error

Syntax

[no] script-compile-error

Context

[Tree] (debug>python>py-script script-compile-error)

Full Context

debug python python-script script-compile-error

Description

This command sends the traceback of the compile error to the logger. The traceback contains detailed information about where and why the compilation fails. The compilation takes place when the CLI user changes the admin state of the Python script from shutdown to no shutdown.

Platforms

All

script-compile-error

Syntax

[no] script-compile-error

Context

[Tree] (debug>subscr-mgmt>sub-ident-plcy script-compile-error)

Full Context

debug subscriber-mgmt sub-ident-policy script-compile-error

Description

This command send the traceback of the compile error to the logger. The traceback contains detailed information about where and why the compilation fails. The compilation takes place when the CLI user changes the admin state of the Python URL from shutdown to no-shutdown.

The no form of this command disables debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-control

script-control

Syntax

script-control

Context

[Tree] (config>system script-control)

Full Context

configure system script-control

Description

Commands in this context configure command script parameters.

Platforms

All

script-export-variables

script-export-variables

Syntax

[no] script-export-variables

Context

[Tree] (debug>python>py-script script-export-variables)

Full Context

debug python python-script script-export-variables

Description

This command sends the output variables of the Python script to the logger when the script ran successfully.

Platforms

All

script-export-variables

Syntax

[no] script-export-variables

Context

[Tree] (debug>subscr-mgmt>sub-ident-plcy script-export-variables)

Full Context

debug subscriber-mgmt sub-ident-policy script-export-variables

Description

This command sends the result (the three output variables) of the Python script to the logger when the script ran successfully.

The no form of this command disables debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-output

script-output

Syntax

[no] script-output

Context

[Tree] (debug>python>py-script script-output)

Full Context

debug python python-script script-output

Description

This command sends the output (such as from print statements) of the Python script to the logger.

Platforms

All

script-output

Syntax

[no] script-output

Context

[Tree] (debug>subscr-mgmt>sub-ident-plcy script-output)

Full Context

debug subscriber-mgmt sub-ident-policy script-output

Description

This command sends the output (such as from 'print' statements) of the Python script to the logger.

The no form of this command disables debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-output-on-error

script-output-on-error

Syntax

[no] script-output-on-error

Context

[Tree] (debug>python>py-script script-output-on-error)

Full Context

debug python python-script script-output-on-error

Description

This command sends the output (such as traceback data) of the Python script to the logger, only when the script fails.

Platforms

All

script-output-on-error

Syntax

[no] script-output-on-error

Context

[Tree] (debug>subscr-mgmt>sub-ident-plcy script-output-on-error)

Full Context

debug subscriber-mgmt sub-ident-policy script-output-on-error

Description

This command sends the output (such as from print statements) of the Python script to the logger, but only when the script fails.

The no form of this command disables debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-parameters-1

script-parameters-1

Syntax

script-parameters-1 param-string1

no script-parameters-1

Context

[Tree] (config>service>dynsvc>ladb>user>idx script-parameters-1)

Full Context

configure service dynamic-services local-auth-db user-name index script-parameters-1

Description

This command specifies the first part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes script-parameters-1 from the configuration.

Parameters

param-string1

Specifies a string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-parameters-2

script-parameters-2

Syntax

script-parameters-2 param-string2

no script-parameters-2

Context

[Tree] (config>service>dynsvc>ladb>user>idx script-parameters-2)

Full Context

configure service dynamic-services local-auth-db user-name index script-parameters-2

Description

This command specifies the second part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes the script-parameters-2 from the configuration.

Parameters

param-string2

Specifies a string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-parameters-3

script-parameters-3

Syntax

script-parameters-3 param-string3

no script-parameters-3

Context

[Tree] (config>service>dynsvc>ladb>user>idx script-parameters-3)

Full Context

configure service dynamic-services local-auth-db user-name index script-parameters-3

Description

This command specifies the third part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes the script-parameters-3 from the configuration.

Parameters

param-string3

Specifies string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-parameters-4

script-parameters-4

Syntax

script-parameters-4 param-string4

no script-parameters-4

Context

[Tree] (config>service>dynsvc>ladb>user>idx script-parameters-4)

Full Context

configure service dynamic-services local-auth-db user-name index script-parameters-4

Description

This command specifies the fourth part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes the script-parameters-4 from the configuration.

Parameters

param-string4

Specifies a string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-policy

script-policy

Syntax

script-policy name

no script-policy

Context

[Tree] (config>service>dynsvc>policy script-policy)

Full Context

configure service dynamic-services dynamic-services-policy script-policy

Description

This command specifies the radius script policy to be used to setup the dynamic data services. The script-policy configuration cannot be changed when there are active dynamic data services referencing the policy.

The no form of this command removes the script-policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

Parameters

name

Specifies the RADIUS script policy name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-policy

Syntax

script-policy policy-name [owner policy-owner]

no script-policy

Context

[Tree] (config>system>cron>schedule script-policy)

Full Context

configure system cron schedule script-policy

Description

This command is used to configure the CLI script policy.

Parameters

policy-name

Specifies the name of the policy. Can be up to 32 characters.

policy-owner

Specifies the name of the policy owner. Can be up to 32 characters.

The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized.

Default

"TiMOS CLI”

Platforms

All

script-policy

Syntax

[no] script-policy policy-name [owner policy-owner]

Context

[Tree] (config>system>script-control script-policy)

Full Context

configure system script-control script-policy

Description

This command is used to configure the CLI script policy.

Parameters

policy-name

Specifies the name of the policy, up to 32 characters.

policy-owner

Specifies the name of the policy owner, up to 32 characters.

The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized.

Default

"TiMOS CLI”

Platforms

All

script-policy

Syntax

script-policy policy-name [owner policy-owner]

no script-policy

Context

[Tree] (config>log>event-handling>handler>action-list>entry script-policy)

Full Context

configure log event-handling handler action-list entry script-policy

Description

This command configures the script policy parameters to use for this EHS handler action-list entry. The associated script is launched when the handler is triggered.

Default

no script-policy

Parameters

policy-name

Specifies the script policy name. Can be up to 32 characters maximum.

owner policy-owner

Specifies the script policy owner. Can be up to 32 characters maximum.

Default

"TiMOS CLI”

Platforms

All

script-runtime-error

script-runtime-error

Syntax

[no] script-runtime-error

Context

[Tree] (debug>python>py-script script-runtime-error)

Full Context

debug python python-script script-runtime-error

Description

This command generates log information when detecting a script runtime error.

Platforms

All

script-runtime-error

Syntax

[no] script-runtime-error

Context

[Tree] (debug>subscr-mgmt>sub-ident-plcy script-runtime-error)

Full Context

debug subscriber-mgmt sub-ident-policy script-runtime-error

Description

This command sends the traceback of the Python script failure to the logger.

The no form of this command disables debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-url

script-url

Syntax

script-url primary-script-url

no script-url

Context

[Tree] (config>aaa>radius-scr-plcy>primary script-url)

Full Context

configure aaa radius-script-policy primary script-url

Description

This command configures the URL of the primary script.

The no form of this command removes the URL from the configuration.

Parameters

primary-script-url

Specifies the URL of the secondary script to change RADIUS attributes of the RADIUS message.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-url

Syntax

script-url secondary-script-url

no script-url

Context

[Tree] (config>aaa>radius-scr-plcy>secondary script-url)

Full Context

configure aaa radius-script-policy secondary script-url

Description

Specifies the URL of the secondary script to change RADIUS attributes of the RADIUS message.

The no form of this command removes the URL from the configuration.

Parameters

secondary-script-url

Specifies the URL of the secondary script to change RADIUS attributes of the RADIUS message.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-url

Syntax

script-url dhcp-script-url

no script-url

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>tertiary script-url)

[Tree] (config>subscr-mgmt>sub-ident-pol>primary script-url)

[Tree] (config>subscr-mgmt>sub-ident-pol>secondary script-url)

Full Context

configure subscriber-mgmt sub-ident-policy tertiary script-url

configure subscriber-mgmt sub-ident-policy primary script-url

configure subscriber-mgmt sub-ident-policy secondary script-url

Description

This command specifies the URL of the identification scripts.

The no form of this command reverts to the default.

Parameters

dhcp-primary-script-url

Specifies the URL of the primary identification script up to 180 characters.

dhcp-secondary-script-url

Specifies the URL of the secondary identification script up to 180 characters.

dhcp-tertiary-script-url

Specifies the URL of the tertiary identification script up to 180 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

script-url

Syntax

script-url script-url-name

no script-url

Context

[Tree] (config>app-assure>group>http-notif script-url)

Full Context

configure application-assurance group http-notification script-url

Description

This command configures the URL of the script used by the http notification policy.

The no form of this command removes the script URL from the http-notification policy.

Default

no script-url

Parameters

script-url-name

Specifies the string representing the URL of the script used in the http notification policy, up to 255 characters.

create

Keyword to create the script URL.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

scripts

scripts

Syntax

scripts

Context

[Tree] (debug>dynsvc scripts)

Full Context

debug dynamic-services scripts

Description

Commands in this context configure dynamic services script debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

scte35-action

scte35-action

Syntax

scte35-action {forward | drop}

Context

[Tree] (config>service>ies>video-interface>channel scte35-action)

[Tree] (config>service>vprn>video-interface>channel scte35-action)

Full Context

configure service ies video-interface channel scte35-action

configure service vprn video-interface channel scte35-action

Description

This command specifies whether the Society of Cable Telecommunications Engineers 35 (SCTE 35) cue avails in the stream need to be forwarded or not. When specified to forward, SCTE 35 messages will be forwarded downstream. When specified to drop, SCTE 35 messages will not be forwarded downstream. They will be still be processed for local splicing decisions.

Parameters

forward

Forwards SCTE 35 messages downstream.

drop

Drops SCTE 35 messages.

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

sctp-filter

sctp-filter

Syntax

sctp-filter sctp-filter-name

no sctp-filter

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action sctp-filter)

Full Context

configure application-assurance group policy app-qos-policy entry action sctp-filter

Description

This command assigns an existing SCTP filter as an action on flows matching this AQP entry.

The no form of this command removes this SCTP filter from actions on flows matching this AQP entry.

Default

no sctp-filter

Parameters

sctp-filter-name

Specifies the name of the existing SCTP filter for this application assurance profile. The sctp-filter-name is configured in the config>app-assure>group[:partition]>sctp-filter context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sctp-filter

Syntax

sctp-filter sctp-filter-name

Context

[Tree] (config>app-assure>group>statistics>tca sctp-filter)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter

Description

This command configures TCA generation for an SCTP filter.

Parameters

sctp-filter-name

Specifies the name of the SCTP filter, up to 32 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sctp-filter

Syntax

sctp-filter sctp-filter-name [create]

no sctp-filter sctp-filter-name

Context

[Tree] (config>app-assure>group sctp-filter)

Full Context

configure application-assurance group sctp-filter

Description

Commands in this context configure Stream Control Transmission Protocol (SCTP) parameters.

The no form of this command removes this filter.

Parameters

sctp-filter-name

Specifies the SCTP filter name, up to 32 characters.

create

Keyword used to create the SCTP filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sctp-filter-stats

sctp-filter-stats

Syntax

[no] sctp-filter-stats

Context

[Tree] (config>app-assure>group>statistics>aa-admit-deny sctp-filter-stats)

Full Context

configure application-assurance group statistics aa-admit-deny sctp-filter-stats

Description

This command configures whether to include or exclude SCTP filter admit-deny statistics in accounting records.

Default

no sctp-filter-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sd

sd

Syntax

sd

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if sd)

Full Context

configure mcast-management multicast-info-policy video-policy video-interface sd

Description

Commands in this context configure within a video interface policy the properties relating to requests received by the video interface for Standard Definition (SD) channel requests.

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

sd-offset

sd-offset

Syntax

sd-offset offset-value

no sd-offset

Context

[Tree] (config>service>vprn>isis>if>level sd-offset)

Full Context

configure service vprn isis interface level sd-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sd-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sd-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sd-offset

Parameters

offset-value

Specifies the amount the interface metric is increased by if the sd-threshold is crossed.

Values

0 to 16777215

Platforms

All

sd-offset

Syntax

sd-offset sd-offset

no sd-offset

Context

[Tree] (config>router>isis>if>level sd-offset)

Full Context

configure router isis interface level sd-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sd-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sd-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sd-offset

Parameters

sd-offset

Specifies the amount the interface metric is increased by if the sd-threshold is crossed.

Values

0 to 16777215

Platforms

All

sd-threshold

sd-threshold

Syntax

sd-threshold threshold [coefficient coefficient]

Context

[Tree] (config>port>otu sd-threshold)

Full Context

configure port otu sd-threshold

Description

This command defines the error rate at which to declare the signal degrade (SD) condition.

The parameters define an error rate of (coefficient/10) * 10E-threshold. For example, sd-threshold 5 coefficient 20 defines an error rate of (20/10) * 10E-5, or 2 * 10E-5, or 0.000 02.

The SD threshold must be:

  • greater than the SF threshold.

  • 5 or higher before setting sf-sd-method to bip8.

The coefficient parameter is only used when sf-sd-method is set to fec. When sf-sd-method is set to bip8, coefficient is considered to have the value of 10.

Parameters

threshold

Specifies the exponent for the SD threshold value.

Values

5 to 9 when sf-sd-method is bip8

3 to 9 when sf-sd-method is fec

Default

7

coefficient

Specifies the coefficient for the SD threshold value.

Values

10 to 99

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sd-threshold

Syntax

sd-threshold errored-frames

no sd-threshold

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame sd-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame sd-threshold

Description

The option defines the number of errored frames within the configured window which indicates the port has gone beyond an acceptable error rate and should be considered degraded. This is a first level warning that a port may be suspect. This generates an information log event message only and will be recorded in the Port event index but has no port level actions when the error count is equal to or greater than the threshold. This value must be lower than or equal to the sf-threshold value.

The no value of this option disables the sd-threshold.

Default

no sd-threshold

Parameters

errored-frames

Specifies the number of errored frames within the configured window which indicates the port has become degraded.

Values

1 to 1000000

Platforms

All

sd-threshold

Syntax

sd-threshold errored-frames

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-period sd-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-period sd-threshold

Description

The option defines the number of errored frames within the configured window which indicates the port has gone beyond an acceptable error rate and should be considered degraded. This is a first level warning that a port may be suspect. This generates an information log event message only and will be recorded in the Port event index but has no port level actions when the error count is equal to or greater than the threshold. This value must be lower than or equal to the sf-threshold value.

The no value of this option disables the sd-threshold

Default

no sd-threshold

Parameters

errored-frames

Specifies the number of errored frames within the configured window which indicates the port has become degraded.

Values

1 to 1000000

Platforms

All

sd-threshold

Syntax

sd-threshold errored-frames

no sd-threshold

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-seconds sd-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-seconds sd-threshold

Description

This command defines the number of errored frame seconds within the configured window which indicates the port has gone beyond an acceptable error rate and should be considered degraded. This is a first level warning that a port may be suspect. This event is raised when the error count is equal to or greater than the configured threshold. This is an information log event message only and will be recorded in the Port event index but has no port level actions. This value must be lower than or equal to the sf-threshold value.

The no version of this command disables the sd-threshold.

Parameters

errored-frames

Specifies the number of errored seconds within the configured window which indicates the port has become degraded.

Values

1 to 900

Platforms

All

sd-threshold

Syntax

sd-threshold errored-symbols

no sd-threshold

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-symbols sd-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-symbols sd-threshold

Description

This command defines the number of errored frames within the configured window which indicates the port has gone beyond an acceptable error rate and should be considered degraded. This is a first level warning that a port may be suspect. An event is raised when the error count is equal to or greater than this value. This is an information log event message only and will be recorded in the Port event index but has no port level actions. This value must be lower than or equal to the sf-threshold value. Specific to symbol errors, this value must be configured with the value that indicates anything less is acceptable and the port can be returned to service. If this value is not configured then manual operation is required to return the port to service.

The no value of this option means there is there is no automatic return to service.

Default

no sd-threshold

Parameters

errored-symbols

Specifies the number of errored symbols which indicates the port has become degraded.

Values

1 to1000000

Platforms

All

sd-threshold

Syntax

sd-threshold threshold [multiplier multiplier]

no sd-threshold

Context

[Tree] (config>port>ethernet>sym-mon sd-threshold)

Full Context

configure port ethernet symbol-monitor sd-threshold

Description

This command specifies the error rate at which to declare the Signal Degrade condition on an Ethernet interface. The value represents M*10E-N a ratio of symbol errors over total symbols received over W seconds of the sliding window. The symbol errors on the interface are sampled once per second. A default of 10 seconds is used when there is no additional window-size configured. The multiplier keyword is optional. If the multiplier keyword is omitted or no sd-threshold is specified the multiplier will return to the default value of 1.

Default

no sd-threshold

Parameters

threshold

Specifies the rate of symbol errors.

Values

1 to 9

multiplier

Specifies the multiplier used to scale the symbol error ratio.

Values

1 to 9

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sd-threshold

Syntax

sd-threshold threshold [multiplier multiplier]

no sd-threshold

Context

[Tree] (config>port>ethernet>crc-monitor sd-threshold)

Full Context

configure port ethernet crc-monitor sd-threshold

Description

This command specifies the error rate at which to declare the Signal Degrade condition on an Ethernet interface. The value represents M*10E-N a ratio of errored frames over total frames received over W seconds of the sliding window. The CRC errors on the interface are sampled once per second. A default of 10 seconds is used when there is no additional window-size configured. The multiplier keyword is optional. If the multiplier keyword is omitted or no sd-threshold is specified the multiplier will return to the default value of 1.

Default

no sd-threshold

Parameters

threshold

Specifies the threshold value.

Values

1 to 9

multiplier

Specifies the multiplier value.

Values

1 to 9

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sd-threshold-clear

sd-threshold-clear

Syntax

sd-threshold-clear threshold [coefficient coefficient]

Context

[Tree] (config>port>otu sd-threshold-clear)

Full Context

configure port otu sd-threshold-clear

Description

This command defines the signal degrade (SD) threshold clear value.

When the bit error rate falls below this value, the SD condition is cleared. The parameters define an error rate of (coefficient/10) * 10E-threshold. For example, sd-threshold-clear 7 coefficient 10 defines an error rate of (10/10) * 10E-7, or 10E-7, or 0.000 000 1.

This SD threshold clear setting is valid only when sf-sd-method is set to fec.

Parameters

threshold

Specifies the exponent for the SD threshold clear value.

Values

3 to 10

Default

8

coefficient

Specifies the coefficient for the SD threshold clear value.

Values

10 to 99

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sdp

sdp

Syntax

sdp sdp-id [sync-tag sync-tag] [create]

no sdp sdp-id

Context

[Tree] (config>redundancy>multi-chassis>peer>sync sdp)

Full Context

configure redundancy multi-chassis peer sync sdp

Description

This command specifies the manually configured spoke SDPs to be synchronized with the multi-chassis peer and a synchronization tag to be used while synchronizing these spoke SDPs with the multi-chassis peer.

Manually configured spoke SDPs with the specified sdp-id are synchronized according to the synchronization tag. If synchronization is required only for a subset of the spoke SDPs using the configured SDP, the range sub-command should be used. The range command and the sync-tag parameters are mutually exclusive.

The synchronization of PIM snooping is only supported for manually configured spoke SDPs but is not supported for spoke SDPs configured within an endpoint.

The synchronization of PIM snooping is not supported on any of the following when used with the configured sdp-id:

  • Mesh SDPs

  • Spoke SDPs in non-VPLS services

  • BGP-AD/BGP-VPLS (FEC 129) spoke SDPs

  • Spoke SDPs configured in endpoints

  • Pseudowire SAPs

  • ESM-over-MPLS Pseudowires

Non-existent spoke SDPs may be specified. If these spoke SDPs are created at a later time, then all states on the spoke SDPs are synchronized according to the synchronization tag and the synchronization protocols enabled.

A synchronization tag can be changed by entering the same command with a different synchronization tag. Changing the synchronization tag removes all states relating to the previous synchronization tag for the SDP and a new synchronization tag state is created.

Parameters

sdp-id

Specifies the SDP of the spoke SDPs to be synchronized with the multi-chassis peer.

Values

1 to 32767

sync-tag

Specifies a synchronization tag, up to 32 characters, to be used when synchronizing with the multi-chassis peer.

create

Creates the SDP instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

sdp

Syntax

sdp sdp-id

no sdp

Context

[Tree] (config>service>system>bgp-evpn>eth-seg sdp)

Full Context

configure service system bgp-evpn ethernet-segment sdp

Description

This command configures an sdp-id associated to the Ethernet-Segment. If the Ethernet-Segment is configured as all-active, then only a lag or PW port can be associated to the Ethernet-Segment. If the Ethernet-Segment is configured as single-active, then lag, port or sdp can be associated to the Ethernet-Segment. In any case, only one of the four objects can be configured in the Ethernet-Segment. A specified SDP can be part of only one Ethernet-Segment. Only user-configured SDPs can be added to an Ethernet-Segment.

Default

no sdp

Parameters

sdp-id

Specifies the IP address.

Values

1 to 17407

Platforms

All

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (config>service>vpls>pbb>backbone-vpls sdp)

Full Context

configure service vpls pbb backbone-vpls sdp

Description

This command configures attributes of a SDP binding on the B-VPLS service.

Parameters

sdp-id

Specifies the SDP ID.

Values

1 to 17407

vc-id

Specifies the VC ID.

Values

1 to 4294967295

Platforms

All

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id>mrp sdp)

Full Context

debug service id mrp sdp

Description

This command filters debug events and only shows events for the particular SDP.

The no form of this command removes the debug filter.

Parameters

sdp-id

Specifies the SDP ID for which to display information

Default

All SDPs

Values

1 to 17407

vc-id

Displays information about the virtual circuit identifier.

Values

1 to 4294967295

Platforms

All

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id>dhcp sdp)

[Tree] (debug>service>id>stp sdp)

[Tree] (debug>service>id sdp)

Full Context

debug service id dhcp sdp

debug service id stp sdp

debug service id sdp

Description

This command enables STP debugging for a specific SDP.

The no form of the command disables debugging.

Parameters

sdp-id:vc-id

Specifies the SDP ID and VC ID.

Values

sdp-id: 1 to 17407

vc-id: 1 to 4294967295

Platforms

All

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id>igmp-snooping sdp)

Full Context

debug service id igmp-snooping sdp

Description

This command shows IGMP packets for a specific SDP.

The no form of this command disables the debugging for the SDP.

Parameters

sdp-id

Displays only IGMP snooping entries associated with the specified mesh SDP or spoke-SDP. For a spoke-SDP, the VC ID must be specified, for a mesh SDP, the VC ID is optional.

Values

1 to 17407

vc-id

Displays information for the specified virtual circuit ID on the SDP ID

Values

1 to 4294967295

Platforms

All

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id>mld sdp)

Full Context

debug service id mld-snooping sdp

Description

This command shows MLD packets for a specific SDP.

The no form of this command disables the debugging for the SDP.

Parameters

sdp-id

Displays only MLD entries associated with the specified mesh SDP or spoke-SDP

Values

1 to 17407

vc-id

Displays information for the specified virtual circuit ID on the SDP ID

Values

1 to 4294967295

Platforms

All

sdp

Syntax

sdp sdp-id [delivery-type] [create]

no sdp sdp-id

Context

[Tree] (config>service sdp)

Full Context

configure service sdp

Description

This command creates or edits a Service Distribution Point (SDP). SDPs must be explicitly configured.

An SDP is a logical mechanism that ties a far-end router to a particular service without having to specifically define far-end SAPs. Each SDP represents a method to reach another router.

One method is IP Generic Router Encapsulation (GRE), which has no state in the core of the network. GRE does not specify a specific path to the far-end router. A GRE-based SDP uses the underlying IGP routing table to find the best next hop to the far-end router.

The second method is Multi-Protocol Label Switching (MPLS) encapsulation. A router supports both signaled and non-signaled Label Switched Paths (LSPs) through the network. Non-signaled paths are defined at each hop through the network. Signaled paths are communicated by protocol from end-to-end using Resource Reservation Protocol (RSVP). Paths may be manually defined or a constraint-based routing protocol (such as OSPF-TE or CSPF) can be used to determine the best path with specific constraints. An LDP LSP can also be used for an SDP when the encapsulation is MPLS. The use of an LDP LSP type or an RSVP/Static LSP type are mutually exclusive except when the mixed-lsp option is enabled on the SDP.

Segment routing is another MPLS tunnel type and is used to allow service binding to an SR tunnel programmed in TTM by OSPF or IS-IS. The SDP of type sr-isis or sr-ospf can be used with the far-end option. The tunnel-far-end option is not supported. In addition, the mixed-lsp-mode option does not support the sr-isis and sr-ospf tunnel types.

L2TPv3-over-IPv6 transport is also an option for 7750 SR and 7950 XR Ethernet Pipe (Epipe) Services. Like GRE, L2TPv3 is stateless in the core of the network, as well as on the service nodes as the L2TPv3 control plane functionality is disabled for this SDP type. A unique source and destination IPv6 address combined with TX and RX Cookie values are used to ensure that the SDP is bound to the correct service.

SDPs are created and then bound to services. Many services may be bound to a single SDP. The operational and administrative state of the SDP controls the state of the SDP binding to the service.

If the sdp-id does not exist, a new SDP is created. When creating an SDP, either the gre, mpls, or l2tpv3 keyword must be specified. SDPs are created in the admin down state (shutdown) and the no shutdown command must be executed once all relevant parameters are defined and before the SDP can be used.

If sdp-id exists, the current CLI context is changed to that SDP for editing and modification. For editing an existing SDP, neither the gre, mpls, or l2tpv3 keyword is specified. If a keyword is specified for an existing sdp-id, an error is generated and the context of the CLI will not be changed to the specified sdp-id.

The no form of this command deletes the specified SDP. Before an SDP can be deleted, it must be administratively down (shutdown) and not bound to any services. If the specified SDP is bound to a service, the no sdp command will fail generating an error message specifying the first bound service found during the deletion process. If the specified sdp-id does not exist an error will be generated.

Parameters

sdp-id

Specifies the SDP identifier.

Values

1 to 32767

gre

Specifies the SDP will use GRE to reach the far-end router. The GRE encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted. Only one GRE SDP can be created to a given destination address. Multiple GRE SDPs to a single destination address serve no purpose as the path taken to reach the far end is determined by the IGP which will be the same for all SDPs to a given destination and there is no bandwidth reservation in GRE tunnels.

mpls

Specifies the SDP will use MPLS encapsulation and one or more LSP tunnels to reach the far-end device. Multiple MPLS SDPs may be created to a given destination device. Multiple MPLS SDPs to a single destination device are helpful when they use divergent paths.

l2tpv3

Specifies the SDP will use L2TPv3-over-IPv6 encapsulation for the 7750 SR or 7950 XRS. One SDP is created per service, regardless of whether the far-end node is common or not. Unique local and far-end addresses are configured for every L2TPv3 SDP type. The local address must exist on the local node.

eth-gre-bridged

Configures the SDP as an L2oGRE tunnel that is terminated on an FPE-based PW port. Only the end-points of such a tunnel (the far-end IPv4/IPv6 address or local-end IPv4/IPv6 address) are allowed to be configured under this SDP.

Platforms

All

sdp-exclude

sdp-exclude

Syntax

[no] sdp-exclude group-name

Context

[Tree] (config>service>pw-template sdp-exclude)

Full Context

configure service pw-template sdp-exclude

Description

This command configures SDP admin group constraints for a pseudowire template.

The admin group name must have been configured or the command is failed. The user can execute the command multiple times to include or exclude more than one admin group. The sdp-include and sdp-exclude commands can only be used with the use-provisioned-sdp or prefer-provisioned-sdp options. If the same group name is included and excluded within the same pseudowire template, only the exclude option will be enforced.

Any changes made to the admin group sdp-include and sdp-exclude constraints will only be reflected in existing spoke-sdps after the following command has been executed:

tools>perform>service>eval-pw-template>allow-service-impact

When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.

In the SDP selection process, all provisioned SDPs with the correct far-end IP address, the correct tunnel-far-end IP address, and the correct service label signaling are considered. The SDP with the lowest admin metric is selected. If more than one SDP with the same lowest metric are found then the SDP with the highest sdp-id is selected. The type of SDP, GRE or MPLS (BGP/RSVP/LDP) is not a criterion in this selection.

The selection rule with SDP admin groups is modified such that the following admin-group constraints are applied upfront to prune SDPs that do not comply:

  • if one or more sdp-include statement is part of the PW template, then an SDP that is a member of one or more of the included groups will be considered. With the sdp-include statement, there is no preference for an SDP that belongs to all included groups versus one that belongs to one or fewer of the included groups. All SDPs satisfying the admin-group constraint will be considered and the selection above based on the lowest metric and highest sdp-id is applied.

  • if one or more sdp-exclude statement is part of the PW template, then an sdp that is a member of any of the excluded groups will not be considered.

SDP admin group constraints can be configured on all router services that makes use of the pseudowire template (BGP-AD VPLS service, BGP-VPLS service, and FEC129 VLL service). In the latter case, only support at a T-PE node is provided.

The no form of this command removes the SDP admin group constraints from the pseudowire template.

Parameters

group-name

Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.

Platforms

All

sdp-group

sdp-group

Syntax

sdp-group

Context

[Tree] (config>service sdp-group)

Full Context

configure service sdp-group

Description

This command configures the SDP membership in admin groups.

The user can enter a maximum of one (1) admin group name at once. The user can execute the command multiple times to add membership to more than one admin group. The admin group name must have been configured or the command is failed. Admin groups are supported on an SDP of type GRE and of type MPLS (BGP/RSVP/LDP). They are also supported on an SDP with the mixed-lsp-mode option enabled.

The no form of this command removes this SDP membership to the specified admin group.

Platforms

All

sdp-id-range

sdp-id-range

Syntax

sdp-id-range from id to id

no sdp-id-range

Context

[Tree] (config>fwd-path-ext sdp-id-range)

Full Context

configure fwd-path-ext sdp-id-range

Description

This command reserves an SDP ID range used by the FPE based PW-Port and VXLAN termination applications.

Each configured FPE based PW-Port is associated with two internal SDPs (one in each direction) whose id(s) are allocated from the configured sdp-id-range.

When the FPE is associated to VXLAN termination, an internal SDP is allocated from the configured sdp-id-range and is used for R-VPLS services that terminate VXLAN IPv6. A spoke-sdp per VXLAN IPv6 R-VPLS service is created on that SDP for egress processing of the packets. Sdp-id-range cannot be modified if any of its IDs are currently in use.

Default

no sdp-id-range

Parameters

from id

Specifies the start of the SDP ID range (inclusive).

Values

1 to 32767

to id

Specifies the end of the SDP ID range.

Values

1 to 32767

Platforms

All

sdp-include

sdp-include

Syntax

[no] sdp-include group-name

Context

[Tree] (config>service>pw-template sdp-include)

Full Context

configure service pw-template sdp-include

Description

This command configures SDP admin group constraints for a pseudowire template.

The admin group name must have been configured or the command is failed. The user can execute the command multiple times to include or exclude more than one admin group. The sdp-include and sdp-exclude commands can only be used with the use-provisioned-sdp or prefer-provisioned-sdp options. If the same group name is included and excluded within the same pseudowire template, only the exclude option will be enforced.

Any changes made to the admin group sdp-include and sdp-exclude constraints will only be reflected in existing spoke-sdps after the following command has been executed:

tools>perform>service>eval-pw-template>allow-service-impact

When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.

In the SDP selection process, all provisioned SDPs with the correct far-end IP address, the correct tunnel-far-end IP address, and the correct service label signaling are considered. The SDP with the lowest admin metric is selected. If more than one SDP with the same lowest metric are found then the SDP with the highest sdp-id is selected. The type of SDP, GRE or MPLS (BGP/RSVP/LDP) is not a criterion in this selection.

The selection rule with SDP admin groups is modified such that the following admin-group constraints are applied upfront to prune SDPs that do not comply:

  • if one or more sdp-include statement is part of the PW template, then an SDP that is a member of one or more of the included groups will be considered. With the sdp-include statement, there is no preference for an SDP that belongs to all included groups versus one that belongs to one or fewer of the included groups. All SDPs satisfying the admin-group constraint will be considered and the selection above based on the lowest metric and highest sdp-id is applied.

  • if one or more sdp-exclude statement is part of the PW template, then an sdp that is a member of any of the excluded groups will not be considered.

SDP admin group constraints can be configured on all router services that make use of the pseudowire template (BGP-AD VPLS service, BGP-VPLS service, and FEC129 VLL service). In the latter case, only support at a T-PE node is provided.

The no form of this command removes the SDP admin group constraints from the pseudowire template.

Parameters

group-name

Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.

Platforms

All

sdp-mtu

sdp-mtu

Syntax

sdp-mtu orig-sdp-id size-inc start-octets end-octets [step step-size] [timeout timeout] [interval interval]

Context

[Tree] (oam sdp-mtu)

Full Context

oam sdp-mtu

Description

Performs MTU Path tests on an SDP to determine the largest path-mtu supported on an SDP. The size-inc parameter can be used to easily determine the path-mtu of a given SDP-ID. The forwarding class is assumed to be Best-Effort Out-of-Profile. The message reply is returned with IP/GRE encapsulation from the far-end router. OAM request messages sent within an IP/GRE SDP must have the 'DF’ IP header bit set to 1 to prevent message fragmentation.

To terminate an sdp-mtu in progress, use the CLI break sequence <Ctrl-C>.

Parameters

orig-sdp-id

Specifies the sdp-id to be used by sdp-ping, expressed as a decimal integer. The far-end address of the specified sdp-id is the expected responder-id within each reply received. The specified sdp-id defines the encapsulation of the SDP tunnel encapsulation used to reach the far end. This can be IP/GRE or MPLS. If orig-sdp-id is invalid or administratively down or unavailable, the SDP echo request message is not sent and an appropriate error message is displayed (once the interval timer expires, sdp-ping attempts to send the next request, if required).

Values

1 to 32767

start-octets

Specifies the beginning size in octets of the first message sent for an incremental MTU test, expressed as a decimal integer.

Values

40 to 9786

end-octets

Specifies the ending size in octets of the last message sent for an incremental MTU test, expressed as a decimal integer. The specified value must be greater than start-octets.

Values

40 to 9786

step-size

Specifies the number of octets to increment the message size request for each message sent for an incremental MTU test, expressed as a decimal integer. The next size message is not sent until a reply is received or three messages have timed out at the current size.

If the incremented size exceeds the end-octets value, no more messages are sent.

Values

1 to 512

Default

32

timeout

Specifies the timeout parameter in seconds, expressed as a decimal integer. This value is used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.

Values

1 to 10

Default

5

interval

Specifies the interval parameter in seconds, expressed as a decimal integer. This parameter is used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.

Values

1 to 10

Default

1

Platforms

All

Output

Output Example: SDP MTU Path Test
*A:Dut-A# oam sdp-mtu 1201 size-inc 512 3072 step 256
Size    Sent    Response
----------------------------
512     .        Success
768     .        Success
1024    .        Success
1280    .        Success
1536    .        Success
1792    .        Success
2048    .        Success
2304    .        Success
2560    .        Success
2816    .        Success
3072    .        Success

Maximum Response Size: 3072
*A:Dut-A#

sdp-ping

sdp-ping

Syntax

sdp-ping orig-sdp-id [resp-sdp resp-sdp-id] [fc fc-name [profile { in | out}]] [size octets] [count send-count] [timeout timeout] [interval interval]

Context

[Tree] (oam sdp-ping)

[Tree] (config>saa>test>type sdp-ping)

Full Context

oam sdp-ping

configure saa test type sdp-ping

Description

This command tests SDPs for uni-directional or round trip connectivity and performs SDP MTU Path tests.

The sdp-ping command accepts an originating SDP-ID and an optional responding SDP-ID. The size, number of requests sent, message time-out and message send interval can be specified. All sdp-ping requests and replies are sent with PLP OAM-Label encapsulation, as a service-id is not specified.

For round trip connectivity testing, the resp-sdp keyword must be specified. If resp-sdp is not specified, a uni-directional SDP test is performed.

To terminate an sdp-ping in progress, use the CLI break sequence <Ctrl-C>.

An sdp-ping response message indicates the result of the sdp-ping message request. When multiple response messages apply to a single SDP echo request/reply sequence, the response message with the highest precedence is displayed. sdp-ping Response Messages shows the response messages sorted by precedence.

Table 2. sdp-ping Response Messages

Result of Request

Displayed Response Message

Precedence

Request time out without reply

Request Timeout

1

Request not sent due to non-existent orig-sdp-id

Orig-SDP Non-Existent

2

Request not sent due to administratively down orig-sdp-id

Orig-SDP Admin-Down

3

Request not sent due to operationally down orig-sdp-id

Orig-SDP Oper-Down

4

Request terminated by user before reply or time out

Request Terminated

5

Reply received, invalid origination-id

Far End: Originator-ID Invalid

6

Reply received, invalid responder-id

Far End: Responder-ID Error

7

Reply received, non-existent resp-sdp-id

Far End: Resp-SDP Non-Existent

8

Reply received, invalid resp-sdp-id

Far End: Resp-SDP Invalid

9

Reply received, resp-sdp-id down (admin or oper)

Far-end: Resp-SDP Down

10

Reply received, No Error

Success

11

Parameters

orig-sdp-id

Specifies the SDP ID to be used by sdp-ping, expressed as a decimal integer. The far-end address of the specified SDP-ID is the expected responder-id within each reply received. The specified SDP-ID defines the encapsulation of the SDP tunnel encapsulation used to reach the far end. This can be IP/GRE or MPLS. If orig-sdp-id is invalid or administratively down or unavailable for some reason, the SDP Echo Request message is not sent and an appropriate error message is displayed (once the interval timer expires, sdp-ping attempts to send the next request if required).

Values

1 to 32767

resp-sdp-id

Specifies the return SDP-ID to be used by the far-end router for the message reply for round trip SDP connectivity testing. If resp-sdp-id does not exist on the far-end router, terminates on another router different than the originating router, or another issue prevents the far-end router from using resp-sdp-id, the SDP echo reply is sent using generic IP/GRE OAM encapsulation. The received forwarding class (as mapped on the ingress network interface for the far end) defines the forwarding class encapsulation for the reply message.

Values

1 to 32767

Default

null. Use the non-SDP return path for message reply.

fc-name

Specifies the parameter to be used to indicate the forwarding class of the SDP encapsulation. The actual forwarding class encoding is controlled by the network egress DSCP or LSP-EXP mappings.

The DSCP or LSP-EXP mappings on the receive network interface controls the mapping back to the internal forwarding class used by the far-end router that receives the message request. The egress mappings of the egress network interface on the far-end router controls the forwarding class markings on the return reply message.

The DSCP or LSP-EXP mappings on the receive network interface controls the mapping of the message reply at the originating router. This is displayed in the response message output upon receipt of the message reply.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

be

profile {in | out}

Specifies the profile state of the SDP encapsulation.

Default

out

octets

Specifies the size parameter in octets. This parameter is used to override the default message size for the sdp-ping request. Changing the message size is a method of checking the ability of an SDP to support a path-mtu. The size of the message does not include the SDP encapsulation, VC-Label (if applied) or any DLC headers or trailers.

When the OAM message request is encapsulated in an IP/GRE SDP, the IP 'DF’ (Do Not Fragment) bit is set. If any segment of the path between the sender and receiver cannot handle the message size, the message is discarded. MPLS LSPs are not expected to fragment the message either, as the message contained in the LSP is not an IP packet.

Values

72 to 9786

Default

72

send-count

Specifies the number of messages to send. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.

Values

1 to 100

Default

1

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of time out, the test is marked complete and no more packets is processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

Values

1 to 10

Default

1

Platforms

All

Output

Single Response Round Trip Connectivity Test Output Example
A:router1> sdp-ping 10 resp-sdp 22 fc ef
Request Result: Sent - Reply Received
RTT:30ms

Err  SDP-ID Info            Local     Remote
__   SDP-ID:                10        22
__   Administrative State:  Up        Up
__   Operative State:       Up        Up
__   Path MTU               4470      4470
__   Response SDP Used:               Yes

Err  System IP Interface Info
Local Interface Name: "ESR-System-IP-Interface (Up to 32 chars)…"
__   Local IP Interface State:          Up
__   Local IP Address:                  10.10.10.11
__   IP Address Expected By Remote:     10.10.10.11
__   Expected Remote IP Address:        10.10.10.10
__   Actual Remote IP Address:          10.10.10.10

Err   FC Mapping Info      Local        Remote
__    Forwarding Class     Assured      Assured
__    Profile              In           In

Multiple Response Connectivity Tests — When the connectivity test count is greater than one (1), a single line is displayed per SDP echo request send attempt.

The request number is a sequential number starting with 1 and ending with the last request sent, incrementing by one (1) for each request. This should not be confused with the message-id contained in each request and reply message.

A response message indicates the result of the message request. Following the response message is the round trip time value. If any reply is received, the round trip time is displayed.

After the last reply has been received or response timed out, a total is displayed for all messages sent and all replies received. A maximum, minimum and average round trip time is also displayed. Error response and timed out requests do not apply towards the average round trip time.

Multiple Response Round Trip Connectivity Test Output Example
A:router1> sdp-ping 6 resp-sdp 101size 1514 count 5
Request        Response       RTT
----------     ----------     -------
     1         Success        10ms
     2         Success        15ms
     3         Success        10ms
     4         Success        20ms
     5         Success        5ms
Sent:    5    Received:    5
Min: 5ms       Max: 20ms      Avg: 12ms

seamless-bfd

seamless-bfd

Syntax

seamless-bfd

Context

[Tree] (config>bfd seamless-bfd)

Full Context

configure bfd seamless-bfd

Description

This command specifies the context for the configuration of a seamless BFD reflector.

Platforms

All

seamless-bfd

Syntax

seamless-bfd

Context

[Tree] (config>router>bfd seamless-bfd)

Full Context

configure router bfd seamless-bfd

Description

This command specifies the context for the configuration of seamless BFD initiator parameters that are global to this router.

The no form of this command removes the context.

Platforms

All

search

search

Syntax

search base-dn

no search

Context

[Tree] (config>system>security>ldap>server search)

Full Context

configure system security ldap server search

Description

This command configures the LDAP search command. The search base-dn tells the server which part of the external directory tree to search. The search DN uses the same LDAP attribute as root-dn. For example, to search a public-key for an SSH generated for a Nokia vendor, one might use "dc=public-key,dc=nokia,dc=com”.

The no version of this command removes the search DN; as such, no search is possible on the LDAP server.

Parameters

base-dn

Specifies the base domain name used in the search, up to 512 characters.

Platforms

All

secondary

secondary

Syntax

secondary

Context

[Tree] (config>aaa>radius-scr-plcy secondary)

Full Context

configure aaa radius-script-policy secondary

Description

Commands in this context configure a secondary script.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

secondary

Syntax

secondary

Context

[Tree] (config>subscr-mgmt>sub-ident-pol secondary)

Full Context

configure subscriber-mgmt sub-ident-policy secondary

Description

Commands in this context configure secondary identification script parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

secondary

Syntax

secondary ip-address[/mask] [netmask ] [broadcast {all-ones | host-ones}] [igp-inhibit] [track-srrp srrp-instance]

no secondary ip-address[/mask]

Context

[Tree] (config>service>ies>if secondary)

Full Context

configure service ies interface secondary

Description

This command assigns a secondary IP address or IP subnet/broadcast address format to the interface.

The no form of this command reverts to the default.

Parameters

ip-address

The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

mask

The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical and function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254.

Note:

A mask of 255.255.255.255 is reserved for system IP addresses.

netmask

Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

broadcast

Overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) is received by the IP interface. (Default: host-ones)

all-ones

Specifies the broadcast address used by the IP interface for this IP address is 255.255.255.255, also known as the local broadcast.

host-ones

Specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface. The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit

Signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces are not injected and used as passive interfaces and are not advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces do not source RIP updates.

track-srrp srrp-instance

Specifies the SRRP instance ID that this interface route needs to track.

Values

1 to 4294967295

Platforms

All

secondary

Syntax

secondary ip-address[/mask] [ netmask] [broadcast {all-ones | host-ones}] [igp-inhibit] [ track-srrp srrp-instance]

no secondary ip-address[/mask]

Context

[Tree] (config>service>vprn>if secondary)

[Tree] (config>service>vprn>nw-if secondary)

Full Context

configure service vprn interface secondary

configure service vprn network-interface secondary

Description

This command assigns a secondary IP address to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces. Each address can be configured in an IP address, IP subnet or broadcast address format.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

Parameters

ip-address

The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

mask

The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254. A mask of 255.255.255.255 is reserved for system IP addresses.

netmask

Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

broadcast

The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed. This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface. (Default: host-ones)

all-ones

The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.

host-ones

The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit

The optional igp-inhibit parameter signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces will not be injected and used as passive interfaces and will not be advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces will not source RIP updates.

track-srrp srrp-instance

Specifies the SRRP instance ID that this interface route needs to track.

Platforms

All

secondary

Syntax

[no] secondary path-name

Context

[Tree] (config>router>mpls>lsp secondary)

Full Context

configure router mpls lsp secondary

Description

This command specifies an alternative path that the LSP uses if the primary path is not available. This command is optional and is not required if the config router mpls lsp lsp-name primary path-name command is specified. After the switch over from the primary to the secondary, the system continuously tries to revert to the primary path. The switch back to the primary path is based on the retry-timer interval.

For RSVP-TE LSPs, up to eight secondary paths can be specified (or seven if a primary is configured). For SR-TE LSPs, up to three paths of any type (with a maximum of one primary) can be configured. By default, a secondary path is non-standby unless the standby keyword is configured. All non-standby secondary paths are considered equal and the first available path is used.

The system does not switch among secondary paths. The system starts the signaling (RSVP-TE) or programming (SR-TE) of all non-standby secondary paths at the same time. Retry counters are maintained for each unsuccessful attempt. After the retry limit is reached on a path, the system does not attempt to signal the path and administratively shuts down the path. The first successfully established non-standby secondary path is made the active path for the LSP.

The no form of this command removes the association between this path-name and lsp-name. All specific configurations for this association are deleted. The secondary path must be shut down prior to deleting it. The no secondary path-name command does not result in any action except a warning message on the console indicating that the secondary path is administratively up.

Parameters

path-name

Specifies the case-sensitive alphanumeric name label for the LSP path, up to 64 characters.

Platforms

All

secondary

Syntax

secondary {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] [igp-inhibit] [ track-srrp srrp-instance]

no secondary {ip-address/mask | ip-address netmask}

Context

[Tree] (config>router>if secondary)

Full Context

configure router interface secondary

Description

This command assigns additional IP addresses to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces. Each address can be configured in an IP address, IP subnet, or broadcast address format.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

Parameters

ip-address

Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.

Values

1.0.0.0 to 223.255.255.255

/

The forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-addr, the "/” and the mask-length parameter. If a forward slash does not immediately follow the ip-addr, a dotted decimal mask must follow the prefix.

mask

Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1 to 32. A mask length of 32 is reserved for system IP addresses.

Values

1 to 32

netmask

Specifies the subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical 'AND’ function to derive the local subnet of the IP address. A mask of 255.255.255.255 is reserved for system IP addresses.

Values

128.0.0.0 to 255.255.255.255

broadcast

The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

all-ones

The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.

host-ones

The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface.

igp-inhibit

The secondary IP address should not be recognized as a local interface by the running IGP.

srrp-instance

Specifies the SRRP instance ID that this interface route needs to track.

Platforms

All

secondary-config

secondary-config

Syntax

secondary-config file-url

no secondary-config

Context

[Tree] (bof secondary-config)

Full Context

bof secondary-config

Description

This command specifies the name and location of the secondary configuration file.

The system attempts to use the configuration as specified in secondary-config if the primary config cannot be located. If the secondary-config file cannot be located, the system attempts to obtain the configuration from the location specified in the tertiary-config.

Note that if an error in the configuration file is encountered, the boot process aborts.

The no form of this command removes the secondary-config configuration.

Parameters

file-url

Specifies the secondary configuration file location, expressed as a file URL.

Values

file-url

[local-url | remote-url] (up to 180 characters)

local-url

[cflash-id/][file-path]

remote-url

[{ftp://| tftp://} login:pswd@remote-locn/][file-path]

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

secondary-dns

secondary-dns

Syntax

secondary-dns ip-address

no secondary-dns

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp secondary-dns)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp secondary-dns)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp secondary-dns

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp secondary-dns

Description

This command configures the secondary DNS address to be returned via DHCP on WLAN-GW ISA.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the secondary DNS address.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

secondary-dns

Syntax

secondary-dns ip-address

no secondary-dns

Context

[Tree] (config>service>vprn>dns secondary-dns)

Full Context

configure service vprn dns secondary-dns

Description

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the secondary DNS server from the configuration.

Default

no secondary-dns — No secondary DNS server is configured.

Parameters

ip-address

The IP or IPv6 address of the secondary DNS server.

Values

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

Platforms

All

secondary-dns

Syntax

secondary-dns ip-address

no secondary-dns [ip-address]

Context

[Tree] (bof secondary-dns)

Full Context

bof secondary-dns

Description

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the secondary DNS server from the configuration.

Default

no secondary-dns

Parameters

ip-address

Specifies the IP or IPv6 address of the secondary DNS server.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface

up to 32 characters for link local addresses

Note:

IPv6 is applicable to the 7750 SR and 7950 XRS only.

Platforms

All

secondary-fast-retry-timer

secondary-fast-retry-timer

Syntax

secondary-fast-retry-timer seconds

no secondary-fast-retry-timer

Context

[Tree] (config>router>mpls secondary-fast-retry-timer)

Full Context

configure router mpls secondary-fast-retry-timer

Description

This command specifies the value used as the fast retry timer for a secondary path. If the first attempt to set up a secondary path fails due to a path error, the fast retry timer will be started for the secondary path so that the path can be retried sooner. If the next attempt also fails, further retries for the path will use the configured value for LSP retry timer.

If retry-timer for the LSP is configured to be less than the MPLS secondary-fast-retry-timer, all retries for the secondary path will use the LSP retry-timer.

The no form of this command reverts to the default.

Default

no secondary-fast-retry-timer

Parameters

seconds

Specifies the value (in seconds), used as the fast retry timer for a secondary path

Values

1 to 10

Platforms

All

secondary-image

secondary-image

Syntax

secondary-image file-url

no secondary-image

Context

[Tree] (bof secondary-image)

Full Context

bof secondary-image

Description

This command specifies the secondary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

All runtime image files (*.tim files) must be located in the same directory.

The no form of this command removes the secondary-image configuration.

Parameters

file-url

Specifies the file URL; can be either local (this CPM) or a remote FTP server.

Values

file-url

{local-url | remote-url} (up to 180 characters)

local-url

[cflash-id/][file-path]

remote-url

[{ftp://| tftp://} login:pswd@remote-locn/][file-path]

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

secondary-ip-address

secondary-ip-address

Syntax

secondary-ip-address ipv4-address

no secondary-ip-address

Context

[Tree] (config>router>bgp>orr>location secondary-ip-address)

Full Context

configure router bgp optimal-route-reflection location secondary-ip-address

Description

This command specifies the secondary IP address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable to find a node in its topology database that matches the primary address, then the TE DB tries to find a node with the matching secondary address. If this attempt also fails, the TE DB then tries to find a node with the matching tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the secondary IP address information.

Default

no secondary-ip-address

Parameters

ipv4-address

Specifies the secondary IPv4 address of a location, expressed in dotted decimal notation.

Values

a.b.c.d

Platforms

All

secondary-ipv6-address

secondary-ipv6-address

Syntax

secondary-ipv6-address ipv6-address

no secondary-ipv6-address

Context

[Tree] (config>router>bgp>orr>location secondary-ipv6-address)

Full Context

configure router bgp optimal-route-reflection location secondary-ipv6-address

Description

This command specifies the secondary IPv6 address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the secondary IPv6 address information.

Default

no secondary-ipv6-address

Parameters

ipv6-address

Specifies the secondary IPv6 address of a location.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

secondary-location

secondary-location

Syntax

secondary-location file-url

no secondary-location

Context

[Tree] (config>system>software-repository secondary-location)

Full Context

configure system software-repository secondary-location

Description

This command configures the secondary location for the files in the software repository. See the software-repository command description for more information.

The no form of the command removes the secondary location.

Parameters

file-url

Specifies the secondary location to be used to access the files in the software repository.

Values

file url

local-url | remote-url

local-url

[cflash-id/][file-path]

200 chars maximum, including cflash-id directory length 99 characters maximum each

remote-url

[{ftp://} login:pswd@remote-locn/][file-path]

243 characters maximum

directory length 99 characters maximum each

remote-locn

[hostname | ipv4-address | [ipv6- address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - 32 characters max, for link local addresses

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

secondary-nbns

secondary-nbns

Syntax

secondary-nbns ip-address

no secondary-nbns

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp secondary-nbns)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp secondary-nbns)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp secondary-nbns

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp secondary-nbns

Description

This command configures the secondary NBNS address to be returned via DHCP on WLAN-GW ISA.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the secondary NBNS address.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

secondary-path

secondary-path

Syntax

secondary-path

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths secondary-path)

Full Context

configure mcast-management bandwidth-policy t2-paths secondary-path

Description

Commands in this context configure secondary path queue parameters. This command overrides the default path limit for the secondary path, which is one of the three ingress multicast paths into the switch fabric.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

secondary-ports

secondary-ports

Syntax

secondary-ports

Context

[Tree] (config>service>vpls>mac-move secondary-ports)

[Tree] (config>service>template>vpls-template>mac-move secondary-ports)

Full Context

configure service vpls mac-move secondary-ports

configure service template vpls-template mac-move secondary-ports

Description

This command opens configuration context for defining secondary vpls-ports. VPLS ports that were declared as primary prior to the execution of this command will be moved from primary port-level to secondary port-level. Changing a port to the tertiary level can only be done by first removing it from the primary port-level.

Platforms

All

secondary-retry-limit

secondary-retry-limit

Syntax

secondary-retry-limit {number | infinite}

no secondary-retry-limit

Context

[Tree] (config>router>mpls>lsp>auto-bandwidth>use-last-adj-bw secondary-retry-limit)

Full Context

configure router mpls lsp auto-bandwidth use-last-adj-bw secondary-retry-limit

Description

This command configures the maximum number of retry attempts for secondary paths. After each successful attempt, the counter is reset to zero.

When the specified number is reached, no more attempts are made and the path is put into the shutdown state.

A value of 0 or infinite means that the system will retry forever.

The no form of this command reverts to the default.

Default

no secondary-retry-limit

Parameters

number

Specifies the number of retries.

Values

0 to 10000

Default

5

infinite

Specifies a retry limit of infinity.

Platforms

All

secondary-shaper-hashing

secondary-shaper-hashing

Syntax

[no] secondary-shaper-hashing

Context

[Tree] (config>subscr-mgmt>sub-prof secondary-shaper-hashing)

Full Context

configure subscriber-mgmt sub-profile secondary-shaper-hashing

Description

This command enables LAG secondary shaper ID hashing. With this feature enabled, secondary shaper ID hashing can span multiple forwarding complexes on egress LAG. The default is to perform secondary shaper ID hashing on egress and requires all active LAG members to be on the same forwarding complex.

The no form of this command enables the default behavior.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

secondary-url

secondary-url

Syntax

secondary-url url

no secondary-url

Context

[Tree] (config>python>py-script secondary-url)

Full Context

configure python python-script secondary-url

Description

This command specifies the location of secondary Python script. The system supports three locations for each Python-script. Users can store scripts file on either a local CF card or a FTP server.

The no form of this command removes the URL.

Parameters

url

Specifies the secondary URL of the Python script, up to 180 characters, either a local CF card URL or a FTP server URL.

Platforms

All

secret

secret

Syntax

secret secret [hash | hash2 | custom]

no secret

Context

[Tree] (config>router>wpp>portals>portal secret)

[Tree] (config>service>vprn>wpp>portals>portal secret)

Full Context

configure router wpp portals portal secret

configure service vprn wpp portals portal secret

Description

This command configures the secret that is used by WPPv2 to authenticate the messages between portal and BRAS.

The no form of this command removes the secret and hash from the configuration.

Parameters

secret

Specifies the secret key to access the server, up to 64 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

secret

Syntax

secret secret [hash | hash2 | custom]

no secret

Context

[Tree] (config>router>radius-proxy>server secret)

[Tree] (config>service>vprn>radius-proxy>server secret)

Full Context

configure router radius-proxy server secret

configure service vprn radius-proxy server secret

Description

This command configures the shared secret key. The RADIUS client must have the same key to communicate with the RADIUS-proxy server.

The no form of this command removes the parameters from the configuration.

Parameters

secret key

Specifies the secret key up to 64 characters to access the RADIUS server. This secret key must match the password on the RADIUS server.

Values

hash-key: Up to 33 characters

hash2-key: Up to 55 characters.

hash

Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

secret

Syntax

secret secret-key | hash-key [hash | hash2 | custom]

no secret

Context

[Tree] (config>aaa>isa-radius-plcy>servers>server secret)

Full Context

configure aaa isa-radius-policy servers server secret

Description

This command configures the secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.

Default

no secret

Parameters

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

section-trace

section-trace

Syntax

section-trace {increment-z0 | byte value | string string}

Context

[Tree] (config>port>sonet-sdh section-trace)

Full Context

configure port sonet-sdh section-trace

Description

This command configures the section trace bytes in the SONET section header to inter-operate with some older versions of ADMs or regenerators that require an incrementing STM ID. You can explicitly configure an incrementing STM value rather than a static one in the SDH overhead by specifying the z0-increment.

This command is supported on TDM satellite.

Default

section-trace byte 0x1

Parameters

increment-z0

Configures an incrementing STM ID instead of a static value.

value

Sets values in SONET header bytes.

Default

0x1

Values

0 to 255 or 0x00 to 0xFF

string

Specifies a text string that identifies the section. The string can be a maximum of 16 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

secure-boot

secure-boot

Syntax

secure-boot

Context

[Tree] (admin>system>security secure-boot)

Full Context

admin system security secure-boot

Description

Commands in this context administratively provision secure boot.

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s, 7950 XRS-40

secure-nd

secure-nd

Syntax

[no] secure-nd

Context

[Tree] (config>service>ies>if>ipv6 secure-nd)

Full Context

configure service ies interface ipv6 secure-nd

Description

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

Platforms

All

secure-nd

Syntax

[no] secure-nd

Context

[Tree] (config>service>vprn>if>ipv6 secure-nd)

Full Context

configure service vprn interface ipv6 secure-nd

Description

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

Platforms

All

secure-nd

Syntax

[no] secure-nd

Context

[Tree] (config>router>if>ipv6 secure-nd)

Full Context

configure router interface ipv6 secure-nd

Description

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

Platforms

All

secure-nd-export

secure-nd-export

Syntax

secure-nd-export

Context

[Tree] (admin>certificate secure-nd-export)

Full Context

admin certificate secure-nd-export

Description

This command exports IPv6 Secure Neighbor Discovery (SeND) certificates to the file cf[1..3]:\system-pki\secureNdKey in PKCS #7 DER format.

Platforms

All

secure-nd-import

secure-nd-import

Syntax

secure-nd-import input url-string format input-format [password password] [key-rollover]

Context

[Tree] (admin>certificate secure-nd-import)

Full Context

admin certificate secure-nd-import

Description

This command imports IPv6 Secure Neighbor Discovery (SeND) certificates from a file, and saves them to cf[1..3]:\system-pki\secureNdKey in PKCS #7 DER format.

Parameters

url-string

Specifies the name of an input file up to 99 characters.

Values

local-url

<cflash-id>\<file-path>

cflash-id

cf1:| cf2:| cf3:

input-format

Specifies the input file format.

Values

pkcs12, pem, or der

password

Specifies the password to decrypt the input file if it is an encrypted PKCS#12 file.

Values

32 characters maximum

Platforms

All

security

security

Syntax

security

Context

[Tree] (config>system security)

Full Context

configure system security

Description

Commands in this context configure a number of central security settings, such as DDoS protection, users, authorization profiles, and certificates. Access to these commands should be restricted to highly trusted users and device administrators.

Platforms

All

security-association

security-association

Syntax

security-association security-entry-id authentication-key hex-string encryption-key hex-string spi spi transform transform-id direction direction

no security-association security-entry-id direction direction

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel>manual-keying security-association)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>manual-keying security-association)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>manual-keying security-association)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel>manual-keying security-association)

Full Context

configure router interface ipsec ipsec-tunnel manual-keying security-association

configure service vprn interface ipsec ipsec-tunnel manual-keying security-association

configure service ies interface ipsec ipsec-tunnel manual-keying security-association

configure service vprn interface sap ipsec-tunnel manual-keying security-association

Description

This command configures the information required for manual keying SA creation.

The no form of this command removes the security-association parameters from the configuration.

Parameters

security-entry-id

Specifies the ID of an SA entry.

Values

1 to 16

authentication-key hex-string

Specifies an authentication key.

Values

none or 0x0 to 0xFFFFFFFF...(max 128 hex nibbles)

encryption-key hex-string

Specifies the key used for the encryption algorithm.

Values

none or 0x0 to 0xFFFFFFFF...(max 64 hex nibbles)

spi spi

Specifies the Security Parameter Index (SPI) used to look up the instruction to verify and decrypt the incoming IPsec packets when the direction is inbound. When the direction is outbound, the SPI that will be used in the encoding of the outgoing packets. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet.

Values

256 to 16383

transform transform-id

Specifies the transform entry that will be used by this SA entry. This object should be specified for all the entries created which are manual SAs. If the value is dynamic, then this value is irrelevant and will be zero.

Values

1 to 2048

direction

Specifies the direction of an IPsec tunnel.

Platforms

VSR

  • configure service ies interface ipsec ipsec-tunnel manual-keying security-association
  • configure service vprn interface ipsec ipsec-tunnel manual-keying security-association
  • configure router interface ipsec ipsec-tunnel manual-keying security-association

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-tunnel manual-keying security-association

security-association

Syntax

security-association spi spi authentication-key authentication-key encryption-key encryption-key [crypto]

no security-association spi spi

Context

[Tree] (config>grp-encryp>encryp-keygrp security-association)

Full Context

configure group-encryption encryption-keygroup security-association

Description

This command is used to create a security association for a specific SPI value in a key group. The command is also used to enter the authentication and encryption key values for the security association, or to delete a security association.

The SPI value used for the security association is a node-wide unique value, meaning that no two security associations in any key group on the node may share the same SPI value.

Keys are entered in cleartext. After configuration, they are never displayed in their original, cleartext form. Keys are displayed in an encrypted form, which is indicated by the system-appended crypto keyword when an info or an admin>save command is run. For security reasons, keys encrypted on one node are not usable on other nodes (that is, keys are not exchangeable between nodes).

The no form of the command removes the security association and related key values from the list of security associations for the key group. If the no form of the command is attempted using the same SPI value that is configured for active-outbound-sa, then a warning is issued and the command is blocked. If the no form of the command is attempted on the last SPI in the key group and the key group is configured on a service, then the command is blocked.

Parameters

spi

Specifies the SPI ID of the SPI being referenced for the security association.

Values

1 to 127

authentication-key

Specifies the authentication key for the SPI, in hexadecimal format. The number of characters in the hexadecimal string must be 64 or 128, depending on whether the authentication algorithm is set to sha256 or sha512, respectively.

encryption-key

Specifies the encryption key for the SPI, in hexadecimal format. The number of characters in the hexadecimal string must be 32 or 64, depending on whether the encryption algorithm is set to aes128 or aes256, respectively.

crypto

Displays the keys showing on the CLI info display in an encrypted form.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

security-param-index

security-param-index

Syntax

security-param-index security-parameter-index

no security-param-index

Context

[Tree] (config>test-oam>build-packet>header>ipsec-auth security-param-index)

[Tree] (debug>oam>build-packet>packet>field-override>header>ipsec-auth security-param-index)

Full Context

configure test-oam build-packet header ipsec-auth security-param-index

debug oam build-packet packet field-override header ipsec-auth security-param-index

Description

This command defines the security index to be used in the IPsec header. This same context can be used for IPv4 and IPv6 packets.

The no form of this command removes the security parameter index value.

Default

security-param-index 1

Parameters

security-parameter-index

Specifies the IPsec security parameter index to be used in the IPsec header.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

security-parameter

security-parameter

Syntax

security-parameter sec

no security-parameter

Context

[Tree] (config>service>ies>if>ipv6>secure-nd security-parameter)

Full Context

configure service ies interface ipv6 secure-nd security-parameter

Description

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters

sec

Specifies the security parameter.

Values

0 to 1

Platforms

All

security-parameter

Syntax

security-parameter sec

[no] security-parameter

Context

[Tree] (config>service>vprn>if>secure-nd security-parameter)

Full Context

configure service vprn interface secure-nd security-parameter

Description

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters

sec

Specifies the security parameter.

Values

0 to 1

security-parameter

Syntax

security-parameter sec

no security-parameter

Context

[Tree] (config>router>if>ipv6>secure-nd security-parameter)

Full Context

configure router interface ipv6 secure-nd security-parameter

Description

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters

sec

Specifies the security parameter.

Values

0 to 1

Platforms

All

security-policy

security-policy

Syntax

security-policy security-policy-id [create]

no security-policy security-policy-id

Context

[Tree] (config>router>ipsec security-policy)

[Tree] (config>service>vprn>ipsec security-policy)

Full Context

configure router ipsec security-policy

configure service vprn ipsec security-policy

Description

This command configures a security policy to use for an IPsec tunnel.

The no form of this command removes the security policy ID from the configuration.

Parameters

security-policy-id

specifies a value to be assigned to a security policy.

Values

1 to 32768

create

Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

VSR

  • configure router ipsec security-policy

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn ipsec security-policy

security-policy

Syntax

security-policy security-policy-id [strict-match]

no security-policy

Context

[Tree] (config>service>vprn>if>sap>ipsec-tunnel security-policy)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel security-policy)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel security-policy)

[Tree] (config>router>if>ipsec>ipsec-tunnel security-policy)

Full Context

configure service vprn interface sap ipsec-tunnel security-policy

configure service ies interface ipsec ipsec-tunnel security-policy

configure service vprn interface ipsec ipsec-tunnel security-policy

configure router interface ipsec ipsec-tunnel security-policy

Description

This command configures an IPsec security policy. The policy may then be associated with static IPsec tunnels defined in the same routing instance.

With strict-match parameter enabled, when a CREATE_CHILD exchange request is received for a static IPsec tunnel, and this request is not a re-key request, then ISA matches the received TSi and TSr with the configured security policy. This can be a match only when a received TS (in TSi or TSr) address range matches exactly with the subnet in a security policy entry.

If there is no match, then the setup fails, and TS_UNACCEPTABLE is sent.

If there is a match, but there is an existing CHILD_SA for the matched security policy, then the setup fails, and NO_PROPOSAL_CHOSEN.

If there is a match, and there is not CHILD_SA for the matched entry, then the subnet is sent in the matched security-policy entry as TSi and TSr, and the CHILD_SA is created.

Default

no security-policy

Parameters

security-policy-id

Specifies the IPsec security policy entry that the tunnel will use.

Values

1 to 32768

strict-match

Enables strict match of security-policy entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-tunnel security-policy

VSR

  • configure service ies interface ipsec ipsec-tunnel security-policy
  • configure router interface ipsec ipsec-tunnel security-policy
  • configure service vprn interface ipsec ipsec-tunnel security-policy

seen-ip-radius-acct-policy

seen-ip-radius-acct-policy

Syntax

seen-ip-radius-acct-policy rad-acct-plcy-name

no seen-ip-radius-acct-policy

Context

[Tree] (config>app-assure>group>transit-ip-policy>radius seen-ip-radius-acct-policy)

Full Context

configure application-assurance group transit-ip-policy radius seen-ip-radius-acct-policy

Description

This command refers to a RADIUS accounting-policy to enable seen-IP notification.

The no form of this command removes the policy.

Default

no seen-ip-radius-acct-policy

Parameters

rad-acct-plcy-name

Specifies the RADIUS accounting policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

segment

segment

Syntax

segment [1..11] [create]

no segment

Context

[Tree] (conf>router>segment-routing>sr-policies>policy>seg-list segment)

Full Context

configure router segment-routing sr-policies static-policy segment-list segment

Description

This command creates the context to configure a segment inside a segment-list of a statically-defined segment routing policy.

Each segment list can have up to 11 segments.

The no form of this command deletes the segment context.

Default

no segment

Parameters

create

Keyword used to create the list.

Platforms

All

segment-list

segment-list

Syntax

segment-list segment-list

no segment-list

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy segment-list)

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy segment-list)

Full Context

configure saa test type-multi-line lsp-ping sr-policy segment-list

configure saa test type-multi-line lsp-trace sr-policy segment-list

Description

This command configures the segment list ID.

The no form of this command removes the configuration.

Parameters

segment-list

Specifies the segment list number.

Values

1 to 32

Platforms

All

segment-list

Syntax

segment-list [1..32] [create]

no segment-list list

Context

[Tree] (conf>router>segment-routing>sr-policies>policy segment-list)

Full Context

configure router segment-routing sr-policies static-policy segment-list

Description

This command creates the context to configure a segment list for the statically-defined segment routing policy.

Up to 32 segment lists are supported per policy.

The no form of this command deletes the segment list.

Parameters

create

Keyword used to create the segment list.

Platforms

All

segment-routing

segment-routing

Syntax

segment-routing

Context

[Tree] (config>router>bgp segment-routing)

Full Context

configure router bgp segment-routing

Description

Commands in this context configure options related to BGP segment routing (prefix SID support).

Platforms

All

segment-routing

Syntax

segment-routing

no segment-routing

Context

[Tree] (config>router>isis segment-routing)

Full Context

configure router isis segment-routing

Description

Commands in this context configure segment routing parameters within a given IGP instance.

Segment routing adds to IS-IS and OSPF routing protocols the ability to perform shortest path routing and source routing using the concept of abstract segment. A segment can represent a local prefix of a node, a specific adjacency of the node (interface or next-hop), a service context, or a specific explicit path over the network. For each segment, the IGP advertises an identifier referred to as Segment ID (SID).

When segment routing is used together with MPLS data plane, the SID is a standard MPLS label. A router forwarding a packet using segment routing will thus push one or more MPLS labels.

Segment routing using MPLS labels can be used in both shortest path routing applications and in traffic engineering applications. This feature implements the shortest path forwarding application.

After segment routing is successfully enabled in the IS-IS or OSPF instance, the router will perform the following operations:

  1. Advertise the Segment Routing Capability Sub-TLV to routers in all areas/levels of this IGP instance. However, only neighbors with which it established an adjacency interprets the SID or label range information and use it for calculating the label to swap to or push for a given resolved prefix SID.

  2. Advertise the assigned index for each configured node SID in the new prefix SID sub-TLV with the N-flag (node-SID flag) set. Then the segment routing module programs the incoming label map (ILM) with a pop operation for each local node SID in the data path.

  3. Assign and advertise automatically an adjacency SID label for each formed adjacency over a network IP interface in the new adjacency SID sub-TLV. The segment routing module programs the incoming label map (ILM) with a pop operation, in effect with a swap to an implicit null label operation, for each advertised adjacency SID.

  4. Resolve received prefixes and if a prefix SID sub-TLV exists, the Segment Routing module programs the ILM with a swap operation and also an LTN with a push operation both pointing to the primary/LFA NHLFE. An SR tunnel is also added to the TTM.

When the user enables segment routing in a given IGP instance, the main SPF and LFA SPF are computed normally and the primary next-hop and LFA backup next-hop for a received prefix are added to RTM without the label information advertised in the prefix SID sub-TLV.

Platforms

All

segment-routing

Syntax

[no] segment-routing

Context

[Tree] (config>router>ospf segment-routing)

[Tree] (config>router>ospf3 segment-routing)

Full Context

configure router ospf segment-routing

configure router ospf3 segment-routing

Description

Commands in this context configure segment routing parameters within an IGP instance.

Segment routing adds to IS-IS, OSPF, or OSPF3 routing protocols the ability to perform shortest path routing and source routing using the concept of abstract segment. A segment can represent a local prefix of a node, a specific adjacency of the node (interface or next hop), a service context, or a specific explicit path over the network. For each segment, the IGP advertises an identifier referred to as a segment ID (SID).

When segment routing is used together with the MPLS data plane, the SID is a standard MPLS label. A router forwarding a packet using segment routing will thus push one or more MPLS labels.

Segment routing using MPLS labels can be used in both shortest path routing applications and traffic engineering applications. This feature implements the shortest path forwarding application.

After segment routing is successfully enabled in the IS-IS, OSPF, or OSPF3 instance, the router will perform the following operations:

  • Advertise the Segment Routing Capability sub-TLV to routers in all areas or levels of the IGP instance. However, only neighbors with which the IGP instance established an adjacency will interpret the SID and label range information and use it for calculating the label to swap to or push for a particular resolved prefix SID.

  • Advertise the assigned index for each configured node SID in the new prefix SID sub-TLV with the N-flag (node SID flag) set. The segment routing module then programs the incoming label map (ILM) with a pop operation for each local node SID in the data path.

  • Automatically assign and advertise an adjacency SID label for each formed adjacency over a network IP interface in the new adjacency SID sub-TLV. The segment routing module programs the incoming label map (ILM) with a pop operation, in effect with a swap to an implicit null label operation, for each advertised adjacency SID.

  • Resolve received prefixes, and if a prefix SID sub-TLV exists, the segment routing module programs the ILM with a swap operation and programs an LSP ID to NHLFE (LTN) with a push operation, both pointing to the primary/LFA NHLFE. An SR tunnel is also added to the TTM.

When the user enables segment routing in an IGP instance, the main SPF and LFA SPF are computed normally and the primary next hop and LFA backup next hop for a received prefix are added to the RTM without the label information advertised in the prefix SID sub-TLV.

Platforms

All

segment-routing

Syntax

segment-routing

Context

[Tree] (config>router segment-routing)

Full Context

configure router segment-routing

Description

This command creates a context to configure protocol-independent parameters relating to segment routing.

Platforms

All

segment-routing-v6

segment-routing-v6

Syntax

[no] segment-routing-v6

Context

[Tree] (conf>router>segment-routing>sr-policies>policy segment-routing-v6)

Full Context

configure router segment-routing sr-policies static-policy segment-routing-v6

Description

Commands in this context configure parameters of an SRv6 policy.

The no form of this command removes the configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

[no] segment-routing-v6

Context

[Tree] (config>router>segment-routing segment-routing-v6)

Full Context

configure router segment-routing segment-routing-v6

Description

Commands in this context configure global SRv6 parameters.

The no form of this command deletes the context.

Default

no segment-routing-v6

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

[no] segment-routing-v6

Context

[Tree] (config>router>isis segment-routing-v6)

Full Context

configure router isis segment-routing-v6

Description

Commands in this context configure SRv6 parameters specific to this IS-IS instance.

Note:

This context has its own shutdown command.The config>router>segment-routing>shutdown command only applies to SR-MPLS and does not impact this context.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

[no] segment-routing-v6

Context

[Tree] (config>service>vprn>bgp-evpn segment-routing-v6)

[Tree] (config>router>bgp segment-routing-v6)

[Tree] (config>service>vprn>bgp-ipvpn segment-routing-v6)

Full Context

configure service vprn bgp-evpn segment-routing-v6

configure router bgp segment-routing-v6

configure service vprn bgp-ipvpn segment-routing-v6

Description

Commands in this context configure SRv6 parameters specific to this BGP, BGP-IPVPN, or BGP-EVPN instance.

The no form of this command deletes the context.

Default

no segment-routing-v6

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

[no] segment-routing-v6

Context

[Tree] (config>router>bgp>group segment-routing-v6)

[Tree] (config>router>bgp>group>neighbor segment-routing-v6)

Full Context

configure router bgp group segment-routing-v6

configure router bgp group neighbor segment-routing-v6

Description

Commands in this context configure SRv6 parameters.

The no form of this command deletes the context.

Note:

When configuring this command at the neighbor level, by default, the neighbor inherits route advertisement options from its BGP peer group. However, after this command is configured, there is no inheritance of any route advertisement options from the group level.

Default

no segment-routing-v6

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

segment-routing-v6 instance [create]

no segment-routing-v6 instance

Context

[Tree] (config>service>vpls segment-routing-v6)

[Tree] (config>service>vprn segment-routing-v6)

Full Context

configure service vpls segment-routing-v6

configure service vprn segment-routing-v6

Description

Commands in this context configure the SRv6 instance that is used in the service.

The no form of this command removes the configured SRv6 instance.

Parameters

instance

Specifies the SRv6 instance number enabled in the service.

Values

1, 2 (for VPRN)

1 (for VPLS)

create

Keyword used to create the SRv6 instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

segment-routing-v6 instance [create]

no segment-routing-v6 instance

Context

[Tree] (config>service>epipe segment-routing-v6)

Full Context

configure service epipe segment-routing-v6

Description

Commands in this context configure the SRv6 instance that is used in the service.

The no form of this command removes the configured SRv6 instance.

Parameters

instance

Specifies the SRv6 instance number enabled in the service.

Values

1

create

Keyword used to create the SRv6 instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

segment-routing-v6

Syntax

segment-routing-v6 [bgp bgp-instance][srv6-instance srv6-instance][default-locator name] [create]

no segment-routing-v6 [bgp bgp-instance]

Context

[Tree] (config>service>epipe>bgp-evpn segment-routing-v6)

[Tree] (config>service>vpls>bgp-evpn segment-routing-v6)

Full Context

configure service epipe bgp-evpn segment-routing-v6

configure service vpls bgp-evpn segment-routing-v6

Description

Commands in this context configure the SRv6 instance that is used in the service.

The no form of this command removes the configured SRv6 instance.

Parameters

bgp-instance

Specifies the SRv6 instance that is configured in the service and associated to an EVPN control plane.

Values

1, 2 (for Epipe)

1 (for VPLS)

srv6-instance

Specifies the SRv6 instance ID that exists in the service and is associated to a BGP EVPN control plane.

Values

1

default-locator

Keyword that refers to a regular or micro-segment locator that exists in the service SRv6 instance and is used as the default locator for the service.

name

Specifies a locator that exists in the service SRv6 instance and is used as the default locator for the service, up to 64 characters.

create

Keyword used to create the SRv6 instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

sel-mcast-advertisement

sel-mcast-advertisement

Syntax

[no] sel-mcast-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn sel-mcast-advertisement)

Full Context

configure service vpls bgp-evpn sel-mcast-advertisement

Description

This command enables the advertisement of BGP EVPN Selective Multicast Ethernet Tag (SMET) routes.

The no form of this command disables the advertisement of BGP EVPN SMET routes.

Default

no sel-mcast-advertisement

Platforms

All

selection-criteria

selection-criteria

Syntax

selection-criteria [best-port | highest-count | highest-weight] [slave-to-partner] [ subgroup-hold-time hold-time]

no selection-criteria

Context

[Tree] (config>lag selection-criteria)

Full Context

configure lag selection-criteria

Description

This command specifies which selection criteria should be used to select the active sub-group. If there is a tie for highest-count or highest-weight, the LAG will prefer the port with the lowest priority. If that does not break the tie, the currently active subgroup will stay active (that is, non-revertive behavior).

The no form of this command reverts to the default value.

Default

selection-criteria highest-count

Parameters

highest-count

Selects a sub-group with the highest number of eligible members as an active sub-group (not applicable to "power-off” mode of operations).

highest-weight

Selects a sub-group with the highest aggregate weight as an active subgroup (not applicable to "power-off” mode of operations). Aggregate weight is calculated as the sum of (65535 - port priority) all ports within a sub-group.

best-port

Selects a sub-group containing the port with highest priority port as an active subgroup. In case of equal port priorities, the sub-group containing the port with the lowest port-id is chosen.

slave-to-partner

The slave-to-partner keyword specifies that it, together with the selection criteria, should be used to select the active sub-group. An eligible member is a LAG-member link which can potentially become active. This means it is operationally up (not disabled) for use by the remote side. The slave-to-partner keyword can be used to control whether or not this latter condition is taken into account.

hold-time

Applicable with LACP enabled. Specifies the optional delay timer for switching to a newly selected active sub-group from the existing active sub-group. The timer delay applies only if the existing sub-group remains operationally up.

Values

not specified

Equivalent to specifying a value of 0. Specifies no delay and to switchover immediately to a new candidate active sub-group.

0 to 2000

Integer specifying the timer value in 10ths of a second.

infinite

Do not switchover from existing active sub-group if the subgroup remains UP. Manual switchover possible using tools perform lag force command.

Platforms

All

selective

selective

Syntax

selective

Context

[Tree] (config>service>vpls>provider-tunnel selective)

[Tree] (config>service>vprn>mvpn>provider-tunnel selective)

Full Context

configure service vpls provider-tunnel selective

configure service vprn mvpn provider-tunnel selective

Description

Commands in this context specify selective provider tunnel parameters.

Platforms

All

selective

Syntax

selective

Context

[Tree] (config>router>gtm>provider-tunnel selective)

Full Context

configure router gtm provider-tunnel selective

Description

Commands in this context configure selective provider tunnel parameters.

Platforms

All

selective-label-ip

selective-label-ip

Syntax

selective-label-ip {no-install | route-table-install-only}

no selective-label-ip

Context

[Tree] (config>router>bgp selective-label-ip)

Full Context

configure router bgp selective-label-ip

Description

This command configures selective-label-ip for the BGP level.

The no-install option conserves labeled route table space on BGP-LU next-hop-self route reflectors. This option causes BGP-LU routes to be reflected downstream via the ABR with the next-hop-self update. BGP-LU routes are not installed to local MPLS tables or routing tables for use by local services.

The route-table-install-only option conserves labeled route table space on BGP-LU next-hop-self route reflectors and allows these routes to be used for IP transport, unlike the no-install option. When the route-table-install-only option is used, learned BGP-LU routes are also reflected downstream via the ABR with the next-hop-self update. BGP-LU routes are not installed to local MPLS tables for use by local services. These routes are installed to the RTM and used for the best route selection process.
Note: If local services need to use BGP-LU routes, the no-install and route-table-install-only options should not be used.

The default no form of this command installs BGP-LU routes to the datapath for local services and makes them available to the RTM for IP next-hop selection.

Default

no selective-label-ip

Parameters

no-install
Specifies that BGP-LU routes are not installed to local MPLS tables or routing tables.
route-table-install-only
Specifies the installation of BGP-LU routes to the RTM. BGP-LU routes are not installed to local MPLS tables for use by local services.

Platforms

All

selective-label-ip-prioritization

selective-label-ip-prioritization

Syntax

[no] selective-label-ip-prioritization

Context

[Tree] (config>router>bgp selective-label-ip-prioritization)

Full Context

configure router bgp selective-label-ip-prioritization

Description

This command enables selective-label IP prioritization for BGP labeled IPv4 and IPv6 routes.

When this command is configured, every received labeled IPv4 and IPv6 route that is potentially usable by a local service is automatically prioritized for fast control plane reconvergence. When the reachability of a BGP next-hop changes, these labeled IPv4 and IPv6 routes are updated into the route table first, along with other routes manually tagged as high priority by import policies.

A /32 or /128 labeled unicast route (and associated BGP-LU tunnel) is determined to be potentially usable by a local service if one of the following conditions is met:

  • the route matches the far-end address of a user-provisioned SDP of an Layer 2 service and the SDP is configured to use BGP tunnels as transport

  • the route matches the BGP next-hop address of a BGP-EVPN or IP VPN route, and this VPN route is either imported into a local service or readvertised by the router acting as a next-hop-self route-reflector or a model-B ASBR

The no form of this command disables selective-label IP prioritization for BGP.

Default

no selective-label-ip-prioritization

Platforms

All

selective-label-ipv4-install

selective-label-ipv4-install

Syntax

[no] selective-label-ipv4-install

Context

[Tree] (config>router>bgp>group selective-label-ipv4-install)

[Tree] (config>router>bgp selective-label-ipv4-install)

[Tree] (config>router>bgp>group>neighbor selective-label-ipv4-install)

Full Context

configure router bgp group selective-label-ipv4-install

configure router bgp selective-label-ipv4-install

configure router bgp group neighbor selective-label-ipv4-install

Description

This command enables selective download for BGP label-ipv4 routes.

When this command is configured so that it applies to a BGP session, label-ipv4 routes received on this session are marked as invalid if they are not needed for any eligible service. A /32 label-ipv4 route is determined to be required if one of the following applies:

  1. It matches the far-end address of a manually configured or auto-created SDP Layer 2 VLL or VPLS service and the SDP is configured to use BGP tunnels as transport.

  2. It matches the IPv4 BGP next hop of a BGP-EVPN route and this EVPN route is either imported into a VPLS service or re-advertised by the router acting as a next-hop-self route-reflector or a model-B ASBR.

  3. It matches the IPv4 BGP next hop of a VPN-IPv4 route and this VPN-IP route is either imported into a VPRN service or re-advertised by the router acting as a next-hop-self route-reflector or a model-B ASBR.

  4. It matches the IPv4 address in the IPv4-mapped IPv6 address of a VPN IPv6 route and this VPN-IP route is either imported into a VPRN service or re-advertised by the router acting as a next-hop-self route-reflector or a model-B ASBR.

The no form of this command at the top (config>router>bgp) level disables the selective installation functionality. The no form of this command at the group or neighbor level causes the setting to be inherited from a higher level configuration.

Default

no selective-label-ipv4-install

Platforms

All

selective-learned-fdb

selective-learned-fdb

Syntax

[no] selective-learned-fdb

Context

[Tree] (config>service>vpls selective-learned-fdb)

Full Context

configure service vpls selective-learned-fdb

Description

This command determines which line cards FDB entries are allocated on for MAC addresses in the VPLS service in which the command is configured.

By default, FDB entries for MAC addresses in VPLS services are allocated on all line cards in the system. Enabling selective-learned-fdb causes FDB entries to be allocated only on the line cards on which the service has a configured object, which includes all line cards:

  • on which a SAP is configured

  • which have ports configured in a LAG SAP

  • which have ports configured in an Ethernet tunnel SAP

  • which have ports configured on a network interface (which also may be on a LAG) when the service has a mesh or spoke-SDP, VXLAN or EVPN-MPLS configured

Only MAC addresses with a type "L” or "Evpn” in the show output displaying the FDB can be allocated selectively, unless a MAC address configured as a conditional static MAC address is learned dynamically on an object other than its monitored object; this can be displayed with type "L” or "Evpn” but is allocated as global because of the conditional static MAC configuration.

The no form of this command returns the FDB MAC address entry allocation mode to its default where FDB entries for MAC addresses are allocated on all line cards in the system.

Default

no selective-learned-fdb

Platforms

All

send

send

Syntax

send {broadcast | multicast | none | version-1 | both}

no send

Context

[Tree] (config>service>vprn>rip send)

[Tree] (config>service>vprn>ripng send)

[Tree] (config>service>vprn>ripng>group send)

[Tree] (config>service>vprn>rip>group send)

[Tree] (config>service>vprn>ripng>group>neighbor send)

[Tree] (config>service>vprn>rip>group>neighbor send)

Full Context

configure service vprn rip send

configure service vprn ripng send

configure service vprn ripng group send

configure service vprn rip group send

configure service vprn ripng group neighbor send

configure service vprn rip group neighbor send

Description

This command configures the type of RIP messages sent to RIP neighbors. This control can be issued at the global, group or interface level. The default behavior sends RIPv2 messages with the multicast (224.0.0.9) destination address.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

The no form of this command resets the type of messages sent back to the default value.

Default

no send

Parameters

broadcast

Send RIPv2 formatted messages to the broadcast address.

multicast

Send RIPv2 formatted messages to the multicast address.

none

Do not send any RIP messages (i.e. silent listener).

version-1

Send RIPv1 formatted messages to the broadcast address.

both

Send both RIP v1 & RIP v2 updates to the broadcast address.

Platforms

All

send

Syntax

send

Context

[Tree] (config>system>security>keychain>direction>uni send)

Full Context

configure system security keychain direction uni send

Description

This command specifies the send nodal context to sign TCP segments that are being sent by the router to another device.

Platforms

All

send

Syntax

send option-number

no send

Context

[Tree] (config>system>security>keychain>tcp-option-number send)

Full Context

configure system security keychain tcp-option-number send

Description

This command configures the TCP option number accepted in TCP packets sent.

Default

send 254

Parameters

option-number

Specifies an enumerated integer that indicates the TCP option number to be used in the TCP header.

Values

253, 254, tcp-ao

Platforms

All

send

Syntax

send {broadcast | multicast | none | version-1}

no send

Context

[Tree] (config>router>rip>group send)

[Tree] (config>router>rip>group>neighbor send)

[Tree] (config>router>rip send)

Full Context

configure router rip group send

configure router rip group neighbor send

configure router rip send

Description

This command specifies the type of RIP messages sent to RIP neighbors.

If version-1 is specified, the router need only listen for and accept packets sent to the broadcast address.

This control can be issued at the global, group or interface level.

The no form of the command reverts to the default value.

Default

send version-1

Parameters

broadcast

Specifies send RIPv2 formatted messages to the broadcast address.

multicast

Specifies send RIPv2 formatted messages to the multicast address.

none

Specifies not to send any RIP messages (i.e. silent listener).

version-1

Specifies send RIPv1 formatted messages to the broadcast address.

Platforms

All

send

Syntax

send {none | ripng | unicast}

no send

Context

[Tree] (config>router>ripng send)

[Tree] (config>router>ripng>group send)

[Tree] (config>router>ripng>group>neighbor send)

Full Context

configure router ripng send

configure router ripng group send

configure router ripng group neighbor send

Description

This command specifies if RIPng are sent to RIP neighbors or not and what type of IPv6 address is to be used to deliver the messages.

This control can be issued at the global, group or interface level.

The no form of the command reverts to the default value.

Default

send ripng

Parameters

ripng

Specifies RIPng messages to be sent to the standard multicast address (FF02::9).

none

Specifies not to send any RIPng messages (i.e. silent listener).

unicast

Specifies to send RIPng updates as unicast messages to the defined unicast address configured through the unicast-address command. This option is only allowed within the neighbor context.

Platforms

All

send-accounting-response

send-accounting-response

Syntax

[no] send-accounting-response

Context

[Tree] (config>service>vprn>radius-proxy>server send-accounting-response)

[Tree] (config>router>radius-proxy>server send-accounting-response)

Full Context

configure service vprn radius-proxy server send-accounting-response

configure router radius-proxy server send-accounting-response

Description

This command results in the system to always generate RADIUS accounting-response to acknowledge RADIUS accounting-request received from the RADIUS client.

The no form of this command disables the command.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

send-acct-stop-on-fail

send-acct-stop-on-fail

Syntax

send-acct-stop-on-fail {[on-request-failure] [on-reject] [on-accept-failure]}

no send-acct-stop-on-fail

Context

[Tree] (config>subscr-mgmt>auth-policy send-acct-stop-on-fail)

Full Context

configure subscriber-mgmt authentication-policy send-acct-stop-on-fail

Description

This command activates the reporting of RADIUS authentication failures of a PPPoE session to a RADIUS accounting server with an Accounting Stop message.

Three failure categories can be enabled separately:

  • on-request-failure: All failure conditions between the sending of an Access-Request and the reception of an Access-Accept or Access-Reject.

  • on-reject:

  • on-accept-failure: All failure conditions that appear after receiving an Access-Accept and before successful instantiation of the host or session.

The RADIUS accounting policy to be used for sending the Accounting Stop messages must be obtained prior to RADIUS authentication via local user database pre-authentication.

The no form of this command reverts to the default.

Parameters

on-request-failure

Specifies that an accounting stop message is sent when a RADIUS Access-Request message could not be sent (for example, there is no server configured, or timeout).

on-reject

Specifies that an accounting stop message is sent when an Access-Reject is received.

on-accept-failure

Specifies that an accounting stop message is sent a failure occurred after the reception of a RADIUS Access-Accept message (such as a duplicate IP address).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

send-bvpls-evpn-flush

send-bvpls-evpn-flush

Syntax

[no] send-bvpls-evpn-flush

Context

[Tree] (config>service>vpls>pbb send-bvpls-evpn-flush)

Full Context

configure service vpls pbb send-bvpls-evpn-flush

Description

This command triggers ISID-based C-MAC flush signaling in the PBB-EVPN. When the command is enabled in an I-VPLS service, a B-MAC/ISID route is sent for the I-VPLS ISID.

Default

no send-bvpls-evpn-flush

Platforms

All

send-bvpls-flush

send-bvpls-flush

Syntax

send-bvpls-flush {[all-but-mine] [all-from-me]}

no send-bvpls-flush

Context

[Tree] (config>service>vpls>pbb send-bvpls-flush)

Full Context

configure service vpls pbb send-bvpls-flush

Description

This command enables generation of LDP MAC withdrawal "flush-all-from-me” in the B-VPLS domain when the following triggers occur in the related IVPLS:

  • MC-LAG failure

  • Failure of a local SAP

  • Failure of a local pseudowire/SDP binding

A failure means transition of link SAP/pseudowire to either down or standby status.

This command does not require send-flush-on-failure in B-VPLS to be enabled on an IVPLS trigger to send an MAC flush into the BVPLS.

Default

no send-bvpls-flush

Parameters

all-but-mine

Specifies to send an LDP flush all-but-mine and also sent into the B-VPLS. Both parameters can be set together.

all-from-me

Specifies to send an LDP flush-all-from and when STP initiates a flush, it is sent into the B-VPLS using LDP MAC flush all-from-me. Both parameters can be set together.

Platforms

All

send-chain

send-chain

Syntax

[no] send-chain

Context

[Tree] (config>ipsec>cert-profile>entry send-chain)

Full Context

configure ipsec cert-profile entry send-chain

Description

Commands in this context configure the send-chain in the cert-profile entry.

The configuration of this command is optional, by default system will only send the certificate specified by cert command in the selected entry to the peer. This command allows system to send additional CA certificates to the peer. These additional CA certificates must be in the certificate chain of the certificate specified by the cert command in the same entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

send-chain

Syntax

[no] send-chain

Context

[Tree] (config>system>security>tls>cert-profile>entry send-chain)

Full Context

configure system security tls cert-profile entry send-chain

Description

This command enables the sending of certificate authority (CA) certificates, and enters the context to configure send-chain information.

By default, the system only sends the TLS server certificate or TLS client certificate specified by the cert command. If CA certificates are to be sent using send-chain, they must be in the chain of certificates specified by the config>system>security>pki>ca-profile command. The specification of the send-chain is not necessary for a working TLS profile if the TLS peer has the CA certificate used to sign the server or client certificate in its own trust anchor.

For example, given a TLS client running on SR OS, the ROOT CA certificate resides on the TLS server, but the subsequent SUB-CA certificate needed to complete the chain resides within SR OS. The send-chain command allows these SUB-CA certificates to be sent from SR OS to the peer to be authenticated using the ROOT CA certificate that resides on the peer.

The no form of the command disables the send-chain.

Default

no send-chain

Platforms

All

send-count

send-count

Syntax

send-count send-count

no send-count

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping send-count)

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy send-count)

Full Context

configure saa test type-multi-line lsp-ping send-count

configure saa test type-multi-line lsp-ping sr-policy send-count

Description

This command configures the number of messages to send. The send-count value is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must be expired before the next message request is sent.

The no form of this command reverts to the default value.

Default

send-count 1

Parameters

send-count

Specifies the send count in number of packets.

Values

1 to 100

Default

1

Platforms

All

send-default

send-default

Syntax

send-default [ipv4] [ ipv6] [export-policy export-policy]

no send-default

Context

[Tree] (config>router>bgp send-default)

[Tree] (config>router>bgp>group send-default)

[Tree] (config>router>bgp>group>neighbor send-default)

Full Context

configure router bgp send-default

configure router bgp group send-default

configure router bgp group neighbor send-default

Description

This command enables the advertisement of a default route. When this command is configured to apply to an IBGP or EBGP session, the default route for IPv4 or IPv6 is automatically added to the Adj_RIB-OUT of that peer. The advertised default routes are unrelated to any default routes installed in the FIB of the local router.

If a BGP export policy allows an active default route in the FIB of the local router to be advertised and conflict with this command, the artificially generated default route overrides the advertisement of the installed default route.

The artificially generated default route is not matched by BGP export policies. To modify its attributes or decide whether it should be advertised (based on a conditional expression), a route policy must be created and referenced by the export-policy parameter. Only conditional entries with an action and no from or to criteria are parsed. If there are no such entries, only the default action is applied.

The no form of this command restores the default behavior. At the group and neighbor levels, the default behavior is to inherit the configuration from a higher level. At the instance level, the default behavior is to neither generate nor inject a default route.

Default

no send-default

Parameters

ipv4

Generates and advertises an IPv4 default route (0/0).

ipv6

Generates and advertises an IPv6 default route (::/0).

export-policy

Specifies the name of a route policy, up to 64 characters. Only the route modifications in the matching conditional-expression entry or the default action are applied. These modifications change the attributes of the advertised default routes.

Platforms

All

send-fib-population-packets

send-fib-population-packets

Syntax

send-fib-population-packets mode

no send-fib-population-packets

Context

[Tree] (config>service>ies>sub-if>grp-if>srrp send-fib-population-packets)

[Tree] (config>service>vprn>sub-if>grp-if>srrp send-fib-population-packets)

Full Context

configure service ies subscriber-interface group-interface srrp send-fib-population-packets

configure service vprn subscriber-interface group-interface srrp send-fib-population-packets

Description

This command configures the mode used to send Fib population packets. When SRRP becomes master it generates gratuitous ARPs (GARPs) used by the Layer 2 access network to populate the correct SRRP gateway.

The no form of this command disables sending FDB population packets.

Default

send-fib-population-packets all

Parameters

mode

Specifies on which VLANs the gratuitous ARPs are sent.

Values

all: Generates, on SSRP master assignment, the GARPs on all VLANs

out-tag-only: Generates, on SRRP master assignment, the GARPs only on SAPs with unique outer VLAN and lowest VLAN tags

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

send-flush-on-bvpls-failure

send-flush-on-bvpls-failure

Syntax

[no] send-flush-on-bvpls-failure

Context

[Tree] (config>service>vpls>pbb send-flush-on-bvpls-failure)

Full Context

configure service vpls pbb send-flush-on-bvpls-failure

Description

This command enables the generation in the local I-VPLS of an LDP MAC flush-all-from-me following a failure of SAP/the whole endpoint/spoke-SDP in the related B-VPLS. The failure of mesh-SDP in B-VPLS does not generate the I-VPLS MAC flush.

The no form of this command disables the generation of LDP MAC flush in I-VPLS on failure of SAP/endpoint/spoke-SDP in the related B-VPLS.

Default

no send-flush-on-bvpls-failure

Platforms

All

send-flush-on-failure

send-flush-on-failure

Syntax

[no] send-flush-on-failure

Context

[Tree] (config>service>vpls send-flush-on-failure)

Full Context

configure service vpls send-flush-on-failure

Description

This command enables sending out flush-all-from-me messages to all LDP peers included in affected VPLS, in the event of physical port failures or "operationally down” events of individual SAPs. This feature provides an LDP-based mechanism for recovering a physical link failure in a dual-homed connection to a VPLS service. This method provides an alternative to RSTP solutions where dual homing redundancy and recovery, in the case of link failure, is resolved by RSTP running between a PE router and CE devices. If the endpoint is configured within the VPLS and send-flush-on-failure is enabled, flush-all-from-me messages will be sent out only when all spoke-SDPs associated with the endpoint go down.

This feature cannot be enabled on management VPLS.

Default

no send-flush-on-failure

Platforms

All

send-idr-after-eap-success

send-idr-after-eap-success

Syntax

[no] send-idr-after-eap-success

Context

[Tree] (config>ipsec>ike-policy send-idr-after-eap-success)

Full Context

configure ipsec ike-policy send-idr-after-eap-success

Description

This command enables the system to add the Identification Responder (IDr) payload in the last IKE authentication response after an Extensible Authentication Protocol (EAP) Success packet is received. When disabled, the system will not include IDr payload.

The no form of this command disables sending the IDr payload in the last IKE.

Default

send-idr-after-eap-success

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

send-imet-ir-on-ndf

send-imet-ir-on-ndf

Syntax

send-imet-ir-on-ndf

no send-imet-ir-on-ndf

Context

[Tree] (config>service>vpls>bgp-evpn>vxlan send-imet-ir-on-ndf)

Full Context

configure service vpls bgp-evpn vxlan send-imet-ir-on-ndf

Description

This command controls the advertisement of Inclusive Multicast Ethernet Tag (IMET) routes for ingress replication in the case where the PE is Non-DF for a specified network interconnect VXLAN virtual ES. When enabled, the router will advertise IMET-IR routes even if the PE is NDF. This attracts BUM traffic but also speeds up convergence in case of DF failure.

The no form of this command withdraws the advertisement of the IMET-IR route on the network interconnect VXLAN NDF router.

Default

send-imet-ir-on-ndf

Platforms

All

send-orf

send-orf

Syntax

send-orf [comm-id]

no send-orf [comm-id]

Context

[Tree] (config>router>bgp>outbound-route-filtering>extended-community send-orf)

[Tree] (config>router>bgp>group>outbound-route-filtering>extended-community send-orf)

[Tree] (config>router>bgp>group>neighbor>outbound-route-filtering>extended-community send-orf)

Full Context

configure router bgp outbound-route-filtering extended-community send-orf

configure router bgp group outbound-route-filtering extended-community send-orf

configure router bgp group neighbor outbound-route-filtering extended-community send-orf

Description

This command instructs the router to negotiate the send capability in the BGP outbound route filtering (ORF) negotiation with a peer.

This command also causes the router to send a community filter, prefix filter, or AS path filter configured as an inbound filter on the BGP session to its peer as an ORF Action ADD.

The no form of this command causes the router to remove the send capability in the BGP ORF negotiation with a peer.

The no form also causes the router to send an ORF remove action for a community filter, prefix filter, or AS path filter configured as an inbound filter on the BGP session to its peer.

If the comm-id parameters are not exclusively route target communities then the router will extract appropriate route targets and use those. If, for some reason, the comm-id parameters specified contain no route targets, then the router will not send an ORF.

Default

no send-orf

Parameters

comm-id

Specifies up to 32 community policies, which must consist exclusively of route target extended communities. If it is not specified, then the ORF policy is automatically generated from configured route target lists, accepted client route target ORFs and locally configured route targets.

Values

[target: {ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

where:

  • ip-address — a.b.c.d

  • comm-val — 0 to 65535

  • 2byte-asnumber — 0 to 65535

  • ext-comm-val — 0 to 4294967295

  • 4byte-asnumber — 0 to 4294967295

Platforms

All

send-queries

send-queries

Syntax

[no] send-queries

Context

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping send-queries)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping send-queries)

[Tree] (config>service>vpls>sap>igmp-snooping send-queries)

[Tree] (config>service>vpls>sap>mld-snooping send-queries)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping send-queries)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping send-queries)

Full Context

configure service vpls spoke-sdp igmp-snooping send-queries

configure service vpls mesh-sdp igmp-snooping send-queries

configure service vpls sap igmp-snooping send-queries

configure service vpls sap mld-snooping send-queries

configure service vpls spoke-sdp mld-snooping send-queries

configure service vpls mesh-sdp mld-snooping send-queries

Description

This command specifies whether to send IGMP general query messages on the SAP or SDP.

When send-queries is configured, all type of queries generate ourselves are of the configured version. If a report of a version higher than the configured version is received, the report will get dropped and a new wrong version counter will get incremented. If send-queries is not configured, the version command has no effect. The version used will be the version of the querier. This implies that, for example, when we have a v2 querier, we will never send out a v3 group or group-source specific query when a host wants to leave a certain group.

If mrouter-port is enabled on this SAP or spoke SDP, the send-queries command parameter cannot be set.

The no form of this command disables the IGMP general query messages.

Default

no send-queries

Platforms

All

send-queries

Syntax

[no] send-queries

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp send-queries)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping send-queries

Description

This command specifies whether to send IGMP general query messages on the managed SAP. When send-queries is configured, all type of queries generated are of the configured version. If a report of a version higher than the configured version is received, the report will get dropped and a new wrong version counter will get incremented.

If send-queries is not configured, the version command has no effect. The version used on that SAP/SDP is the version of the querier. This implies that, for example, when there is a v2 querier, a v3 group or group-source specific query is never sent when a host wants to leave a certain group.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

send-queries

Syntax

[no] send-queries

Context

[Tree] (config>service>pw-template>igmp-snooping send-queries)

Full Context

configure service pw-template igmp-snooping send-queries

Description

This command specifies whether to send IGMP general query messages.

When send-queries is configured, all type of queries generated are of the configured version. If a report of a version higher than the configured version is received, the report will get dropped and a new wrong version counter will get incremented.

If send-queries is not configured, the version command has no effect. The version used on that SAP or SDP will be the version of the querier. This implies that, for example, when we have a v2 querier, we will never send out a v3 group or group-source specific query when a host wants to leave a certain group.

Default

no send-queries

Platforms

All

send-refresh

send-refresh

Syntax

send-refresh seconds

no send-refresh

Context

[Tree] (config>service>vpls>proxy-nd send-refresh)

[Tree] (config>service>vpls>proxy-arp send-refresh)

Full Context

configure service vpls proxy-nd send-refresh

configure service vpls proxy-arp send-refresh

Description

If enabled, this command will make the system send a refresh at the configured time. A refresh message is an ARP-request message that uses 0s as sender's IP for the case of a proxy-ARP entry. For proxy-ND entries, a refresh is a regular NS message using the chassis-mac as MAC source-address.

Default

no send-refresh

Parameters

seconds

Specifies the send-refresh in seconds.

Values

120 to 86400

Platforms

All

send-release

send-release

Syntax

[no] send-release

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp send-release)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp send-release)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 send-release)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 send-release)

Full Context

configure service ies interface sap ipsec-gw dhcp send-release

configure service vprn interface sap ipsec-gw dhcp send-release

configure service ies interface sap ipsec-gw dhcp6 send-release

configure service vprn interface sap ipsec-gw dhcp6 send-release

Description

This command enables the system to send a DHCPv4/v6 release message when the IPsec tunnel is removed.

Default

no send-release

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

send-to-ebgp

send-to-ebgp

Syntax

send-to-ebgp family [ family]

no send-to-ebgp

Context

[Tree] (config>service>vprn>bgp>group>link-bandwidth send-to-ebgp)

[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth send-to-ebgp)

Full Context

configure service vprn bgp group link-bandwidth send-to-ebgp

configure service vprn bgp group neighbor link-bandwidth send-to-ebgp

Description

This command configures BGP to allow link-bandwidth extended community to be sent in routes advertised to EBGP peers in the scope of the command, as long the routes belong to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to three families may be configured.

The no form of this command restores the default behavior of stripping the link-bandwidth extended community from any route advertised to an EBGP peer.

Default

no send-to-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

Platforms

All

send-to-ebgp

Syntax

send-to-ebgp family [ family]

no send-to-ebgp

Context

[Tree] (config>router>bgp>group>neighbor>link-bandwidth send-to-ebgp)

[Tree] (config>router>bgp>group>link-bandwidth send-to-ebgp)

Full Context

configure router bgp group neighbor link-bandwidth send-to-ebgp

configure router bgp group link-bandwidth send-to-ebgp

Description

This command configures BGP to allow link-bandwidth extended community to be sent in routes advertised to EBGP peers in the scope of the command, as long the routes belong to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to six families may be configured.

The no form of this command restores the default behavior of stripping the link-bandwidth extended community from any route advertised to an EBGP peer.

Default

no send-to-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

vpn-ipv4 — Adds a link-bandwidth extended community to IPv4 VPN (SAFI 128) routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

label-ipv6 — Adds a link-bandwidth extended community to labeled-unicast IPv6 routes.

vpn-ipv6 — Adds a link-bandwidth extended community to IPv6 VPN (SAFI 128) routes.

Platforms

All

send-tunnel-encap

send-tunnel-encap

Syntax

send-tunnel-encap [mpls] [mplsoudp]

no send-tunnel-encap

Context

[Tree] (config>service>epipe>bgp-evpn>mpls send-tunnel-encap)

[Tree] (config>service>vprn>bgp-evpn>mpls send-tunnel-encap)

[Tree] (config>service>epipe>bgp-evpn>vxlan send-tunnel-encap)

[Tree] (config>service>vpls>bgp-evpn>vxlan send-tunnel-encap)

[Tree] (config>service>vpls>bgp-evpn>mpls send-tunnel-encap)

Full Context

configure service epipe bgp-evpn mpls send-tunnel-encap

configure service vprn bgp-evpn mpls send-tunnel-encap

configure service epipe bgp-evpn vxlan send-tunnel-encap

configure service vpls bgp-evpn vxlan send-tunnel-encap

configure service vpls bgp-evpn mpls send-tunnel-encap

Description

This command configures the encapsulation to be advertised with the EVPN routes for the service. The encapsulation is encoded in RFC5512-based tunnel encapsulation extended communities.

When used in the bgp-evpn>mpls context, the supported options are none (no send-tunnel-encap), mpls, mplsoudp or both.

When used in the bgp-evpn>vxlan context, the supported options are send-tunnel-encap (the router signals a VXLAN value) or no send-tunnel-encap (no encapsulation extended community is sent).

Default

send-tunnel-encap mpls (in the config>service>vpls>bgp-evpn>mpls context)

send-tunnel-encap (in the config>service>vpls>bgp-evpn>vxlan context)

Parameters

mpls

Specifies the MPLS-over-UDP encapsulation value in the RFC5512 encapsulation extended community.

mplsoudp

Specifies the MPLS encapsulation value in the RFC5512 encapsulation extended community.

Platforms

All

sender-id

sender-id

Syntax

sender-id local local-name

sender-id system

no sender-id

Context

[Tree] (config>eth-cfm>system sender-id)

Full Context

configure eth-cfm system sender-id

Description

This command allows the operator to include the configured "system name” (chassis3) or a locally configured value in ETH-CFM PDUs sent from MEPs and MIPs. The operator may only choose one of these options to use for ETH-CFM. MEPs include the sender-id TLV for CCM (not sub second CCM enabled MEPs), LBM/LBR, and LTM/LTR. MIPs include this value in the LBR and LTR PDUs.

Note:

LBR functions reflect all TLVs received in the LBM unchanged, including the SenderID TLV.

Parameters

local-name

Specifies a local alphanumeric string different from the "system name” chassis(3) value that can be used for other means, up to 45 characters.

system

Allows ETH-CFM to use the configured "system name” value as the chassis(3).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sensor-group

sensor-group

Syntax

sensor-group name [ create]

no sensor-group name

Context

[Tree] (config>system>telemetry>sensor-groups sensor-group)

Full Context

configure system telemetry sensor-groups sensor-group

Description

Commands in this context configure sensor-related commands.

The no form of this command removes the configuration.

Parameters

name

Specifies the sensor group name, up to 32 characters.

create

Keyword used to create a sensor group.

Platforms

All

sensor-group

Syntax

sensor-group name

no sensor-group

Context

[Tree] (config>system>telemetry>persistent-subscriptions>subscription sensor-group)

Full Context

configure system telemetry persistent-subscriptions subscription sensor-group

Description

This command assigns an existing sensor group to the specified persistent subscription. If no valid paths exist in the sensor group, the configuration is accepted; however, no gRPC connection is established when persistent subscription is activated.

The no form of this command removes the configuration.

Parameters

name

Specifies the sensor group name, up to 32 characters.

Platforms

All

sensor-groups

sensor-groups

Syntax

sensor-groups

Context

[Tree] (config>system>telemetry sensor-groups)

Full Context

configure system telemetry sensor-groups

Description

Commands in this context configure a sensor group.

Platforms

All

sequence-group

sequence-group

Syntax

sequence-group group

no sequence-group

Context

[Tree] (config>li>x-interfaces>lics>lic>authentication sequence-group)

Full Context

configure li x-interfaces lics lic authentication sequence-group

Description

This command configures the sequence group for the X1 and X2 interfaces.

The no form of this command reverts to the default.

Parameters

group

Specifies the group number.

Values

2 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

serial-notify

serial-notify

Syntax

[no] serial-notify

Context

[Tree] (debug>router>rpki-session>packet serial-notify)

Full Context

debug router rpki-session packet serial-notify

Description

This command enables debugging for serial notify RPKI packets.

The no form of this command disables debugging for serial notify RPKI packets.

Platforms

All

serial-query

serial-query

Syntax

[no] serial-query

Context

[Tree] (debug>router>rpki-session>packet serial-query)

Full Context

debug router rpki-session packet serial-query

Description

This command enables debugging for serial query RPKI packets.

The no form of this command disables debugging for serial query RPKI packets.

Platforms

All

server

server

Syntax

radius-accounting-server

Context

[Tree] (config>subscr-mgmt>acct-plcy>server server)

Full Context

configure subscriber-mgmt radius-accounting-policy radius-accounting-server server

Description

Commands in this context define RADIUS server attributes under a given session authentication policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-index address ip-address secret key [hash | hash2 | custom] [port port-num] [coa-only] [pending-requests-limit limit]

no server index

Context

[Tree] (config>subscr-mgmt>auth-plcy>radius-auth-server server)

Full Context

configure subscriber-mgmt authentication-policy radius-authentication-server server

Description

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to sixteen RADIUS servers can be configured at any one time in a RADIUS authentication policy. Only five can be used for authentication, all other servers should be configured as coa-only servers. RADIUS servers are accessed in order from lowest to highest index for authentication or accounting requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.

The no form of this command removes the server index from the configuration.

Parameters

server-index

Specifies the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 16 (a maximum of 5 authentication servers)

ip-address

Specifies the IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

key

Specifies the secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.

Values

secret-key: Up to 20 characters.

hash-key: Up to 33 characters.

hash2-ke: Up to 55 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

port-num

Specifies the UDP port number on which to contact the RADIUS server for authentication.

Values

1 to 65535

coa-only

Specifies Change-of-Authorization Messages only. Servers that are marked with the coa-only flag will not be used for authentication, but they is able to accept RADIUS CoA messages, independent of the accept-authorization-change setting in the authentication policy.

For authentication purposes, the maximum number of servers is 5. All other servers may only be used as coa-only servers.

limit

Specifies the maximum number of outstanding RADIUS authentication requests for this authentication server.

Values

1 to 4096

Default

The default value when not configured is 4096

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server ip-address

no server

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host server)

Full Context

configure subscriber-mgmt local-user-db ipoe host server

Description

This command configures the IP address of the DHCP server to relay to.

The configured DHCP server IP address must reference one of the addresses configured under the DHCP CLI context of an IES/VPRN subscriber or group interface.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IP address of the DHCP server.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server ip-address

no server

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay server)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay server

Description

This command configures the IPv6 address of the DHCP6 server to relay to.

The configured DHCP6 server IPv6 address must reference one of the addresses configured under the DHCP6 CLI context of an IES/VPRN subscriber or group interface.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies up to eight IPv6 addresses of the DHCP6 server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server [service service-id] name server-name

no server

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>match-radprox-cache server)

Full Context

configure subscriber-mgmt local-user-db ipoe host match-radius-proxy-cache server

Description

This command specifies the name of radius-proxy-server and optionally id of the service that the radius-proxy-server resides in.

The no form of this command removes the parameters from the configuration.

Parameters

service service-id

Specifies the ID or name of the service.

Values

1 to 214748365

svc-name up to 64 char maximum

name server-name

Specifies the name of radius-proxy-server up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server ipv6z-address [ipv6z-address]

no server [ipv6z-address]

Context

[Tree] (config>service>ies>if>ipv6>dhcp6 server)

Full Context

configure service ies interface ipv6 dhcp6 server

Description

This command specifies a list of servers where DHCP6 requests are forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP6 relay to work. If there are multiple servers then the request is forwarded to all servers in the list.

The no form of this command reverts to the default.

Parameters

ipv6z-address

Specifies up to eight non-global IPv4 addresses including a zone index as defined by the InetAddressIPv4z textual convention.

Values

ipv6z-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

server

Syntax

server server1 [server2]

Context

[Tree] (config>service>ies>sub-if>grp-if>dhcp server)

[Tree] (config>service>vprn>if>dhcp server)

[Tree] (config>service>ies>if>dhcp server)

Full Context

configure service ies subscriber-interface group-interface dhcp server

configure service vprn interface dhcp server

configure service ies interface dhcp server

Description

This command specifies a list of servers where requests are forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all servers in the list.

There can be a maximum of 8 DHCP servers configured.

The no form of this command reverts to the default.

Parameters

server

Specifies up to eight DHCP server IP addresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface dhcp server

All

  • configure service ies interface dhcp server
  • configure service vprn interface dhcp server

server

Syntax

server server-name

no server

Context

[Tree] (config>service>vprn>sub-if>local-address-assignment server)

[Tree] (config>service>ies>sub-if>grp-if>local-address-assignment server)

[Tree] (config>service>vprn>sub-if>grp-if>local-address-assignment server)

[Tree] (config>service>ies>sub-if>local-address-assignment server)

Full Context

configure service vprn subscriber-interface local-address-assignment server

configure service ies subscriber-interface group-interface local-address-assignment server

configure service vprn subscriber-interface group-interface local-address-assignment server

configure service ies subscriber-interface local-address-assignment server

Description

This command designates a local DHCPv4 server for local pools management where IPv4 addresses for PPPoXv4 clients are allocated without the need for the internal DHCP relay-agent. Those addresses are tied to PPPoX sessions and they are de-allocated when the PPPoX session is terminated.

Parameters

server-name

Specifies the name of the local DHCP server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-index address ip-address secret key [hash | hash2 | custom] [port port] [create]

no server server-index

Context

[Tree] (config>aaa>l2tp-acct-plcy>radius-acct-server server)

Full Context

configure aaa l2tp-accounting-policy radius-accounting-server server

Description

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.

The no form of this command removes the server from the configuration.

Parameters

server-index

The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 16 (a maximum of 5 accounting servers)

address ip-address

The IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

secret key

The secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.

Values

secret-key — A string up to 20 characters.

hash-key — A string up to 33 characters.

hash2-key — A string up to 55 characters.

hash

Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

custom

Specifies the custom encryption to management interface.

port

Specifies the UDP port number on which to contact the RADIUS server for authentication.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-index address ip-address secret key [hash | hash2 | custom] [port port] [create]

no server server-index

Context

[Tree] (config>app-assure>rad-acct-plcy>server server)

Full Context

configure application-assurance radius-accounting-policy radius-accounting-server server

Description

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.

The no form of this command removes the server from the configuration.

Parameters

server-index

The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 16 (a maximum of 5 accounting servers)

ip-address

The IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

secret key

The secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.

Values

secret-key — A string up to 20 characters

hash-key — A string up to 33 characters

hash2-key — A string up to 55 characters

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

port

Specifies the UDP port number on which to contact the RADIUS server for authentication.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-name

no server

Context

[Tree] (config>service>ies>sub-if>grp-if>lcl-addr-assign>ipv6 server)

[Tree] (config>service>vprn>sub-if>grp-if>lcl-addr-assign>ipv6 server)

Full Context

configure service ies subscriber-interface group-interface local-address-assignment ipv6 server

configure service vprn subscriber-interface group-interface local-address-assignment ipv6 server

Description

This command designates a local router DHCPv6 server for local pools management where IPv6 prefixes or address for PPPoXv6 clients or IPoEv6 clients are allocated without the need for the internal router DHCP relay-agent. Those addresses are tied to PPPoX or IPoE sessions and they are de-allocated when the PPPoX or IPoE session is terminated.

Parameters

server-name

The name of the local router DHCPv6 server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-index name server-name

no server server-index

Context

[Tree] (config>aaa>radius-srv-plcy>servers server)

Full Context

configure aaa radius-server-policy servers server

Description

This command adds a RADIUS server.

The no form of this command removes a RADIUS server.

Parameters

index

Specifies the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 5

server-name

Specifies the server name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-name [address ip-address] [secret key] [hash | hash2| custom] [create]

no server server-name

Context

[Tree] (config>service>vprn>radius-server server)

[Tree] (config>router>radius-server server)

Full Context

configure service vprn radius-server server

configure router radius-server server

Description

This command either specifies an external RADIUS server in the corresponding routing instance or enters configuration context of an existing server. The configured server could be referenced in the radius-server-policy.

The no form of this command removes the parameters from the server configuration.

Parameters

server-name

Specifies the name of the external RADIUS server.

ip-address

Specifies the IPv4 or IPv6 IP address of the external RADIUS server.

key

Specifies the shared secret key of the external RADIUS server, up to 64 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-name [create] [purpose {[accounting | authentication]}] [wlan-gw-group group-id]

no server server-name

Context

[Tree] (config>router>radius-proxy server)

[Tree] (config>service>vprn>radius-proxy server)

Full Context

configure router radius-proxy server

configure service vprn radius-proxy server

Description

This command creates a RADIUS-proxy server in the corresponding routing instance. The proxy server can be configured for the purpose of proxying authentication or accounting or both.

If a WLAN-GW ISA group is specified, then the RADIUS proxy server is instantiated on the set of ISAs in the specified wlan-gw group. The RADIUS messages from the AP are load-balanced to these ISAs. The ISA that processes the RADIUS message then hashes this message to the ISA that anchors the UE. The hash is based on UE MAC address (required to be present in the calling-station-id attribute) in the RADIUS message.

If the create parameter is not specified, then this command enters configuration context of the specified RADIUS-proxy server.

The no form of this command removes the server-name and parameters from the radius-proxy configuration.

Parameters

server-name

Specifies the name of the RADIUS-proxy server.

create

Specifies that the system will create the specified RADIUS-proxy server.

purpose

Specifies the purpose the RADIUS-proxy server.

Values

accounting — proxy accounting packets

authentication — proxy authentication packets

group-id

Specifies the WLAN-GW ISA group.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server ipv6-address [ ipv6-address]

no server [ipv6-address [ipv6-address]]

Context

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client server)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client server)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client server

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client server

Description

This specifies the DHCPv6 servers that are used for requesting addresses.

The no form of this command removes the server. This cannot be executed while any DHCPv6 client application is not shut down.

Parameters

ipv6-address

Specifies up to 8 unicast IPv6 addresses of a DHCP6 server.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server index address ip-address secret key [{hash | hash2 | custom}] [port port]

no server index

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus server)

Full Context

configure service vprn aaa remote-servers tacplus server

Description

This command adds a TACACS+ server and configures the TACACS+ server IP address, index, and key values.

Up to five TACACS+ servers can be configured at any one time. TACACS+ servers are accessed in order from lowest index to the highest index for authentication requests.

The no form of this command removes the server from the configuration.

Default

No TACACS+ servers are configured.

Parameters

index

Specifies the index for the TACACS+ server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from the lowest index to the highest index.

Values

1 to 5

ip-address

Specifies the IP address of the TACACS+ server. Two TACACS+ servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

key

Specifies the secret key, up to 128 characters, for access to the TACACS+ server. This secret key must match the password on the TACACS+ server.

Values

Up to 128 characters in length.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

port

Specifies the port ID.

Values

0 to 65535

Platforms

All

server

Syntax

server ipv6-address [ ipv6-address]

no server

Context

[Tree] (config>service>vprn>router-advert>if>dns-options server)

[Tree] (config>service>vprn>router-advert>dns-options server)

Full Context

configure service vprn router-advertisement interface dns-options server

configure service vprn router-advertisement dns-options server

Description

This command specifies the IPv6 DNS servers to include in the RDNSS option in Router Advertisements. When specified at the router advertisement level this applies to all interfaces that have include-dns enabled, unless the interfaces have more specific dns-options configured.

Parameters

ipv6-address

Specifies the IPv6 address of the DNS server(s), up to a maximum of four, specified as eight 16-bit hexadecimal pieces.

Platforms

All

server

Syntax

server ip-address[:port] [create]

no server ip-address[:port]

Context

[Tree] (config>app-assure>group>url-filter>icap server)

Full Context

configure application-assurance group url-filter icap server

Description

This command configures the IP address and server port of the ICAP server.

Parameters

ip-address[:port]

Specifies the ICAP server IP address and port.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server ip-address [ip-address] router router-instance

server ip-address [ip-address] service-name service-name

no server

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp server)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp server)

Full Context

configure service vprn interface sap ipsec-gw dhcp server

configure service ies interface sap ipsec-gw dhcp server

Description

This command specifies up to eight DHCPv4 server addresses for DHCPv4-based address assignment. If multiple server addresses are specified, the first advertised DHCPv6 address received is chosen.

Default

no server

Parameters

ip-address

Specifies up to eight unicast IPv4 addresses.

Values

ipv4-address

a.b.c.d

router-instance

Specifies the router instance ID used to reach the configured server address.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The server ip-address service-name service-name variant can be used in all configuration modes.

Values

{router-name | vprn-svc-id}

vprn-svc-id:

1 to 2147483647

router-name:

router-name is an alias for input only. The router-name gets replaced with an id automatically by SR OS in the configuration).

Default

Base

service-name

Specifies the name of the IES or VPRN service used to reach the configured server address, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server ipv6-address [ipv6-address] router router-instance

server ipv6-address [ ipv6-address] service-name service-name

no server

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 server)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 server)

Full Context

configure service vprn interface sap ipsec-gw dhcp6 server

configure service ies interface sap ipsec-gw dhcp6 server

Description

This command specifies up to eight DHCPv6 server addresses for DHCPv6-based address assignment. If multiple server addresses are specified, the first advertised DHCPv6 address received is chosen.

Default

no server

Parameters

ipv6-address

Specifies up to eight unicast global unicast IPv6 addresses.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

router-instance

Specifies the router instance ID used to reach the configured server address.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The server ip-address service-name service-name variant can be used in all configuration modes.

Values

{router-name | vprn-svc-id}

vprn-svc-id:

1 to 2147483647

router-name:

router-name is an alias for input only. The router-name gets replaced with an id automatically by SR OS in the configuration).

Default

Base

service-name

Specifies the name of the IES or VPRN service used to reach the configured server address, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server server-index [ create]

no server server-index

Context

[Tree] (config>aaa>isa-radius-plcy>servers server)

Full Context

configure aaa isa-radius-policy servers server

Description

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.

The no form of the command removes the server from the configuration.

Parameters

server-index

The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 10 (a maximum of 5 accounting servers)

create

Keyword used to create the server index.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server

Context

[Tree] (config>test-oam>twamp server)

Full Context

configure test-oam twamp server

Description

This command configures the node for TWAMP server functionality.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

server

Syntax

server server [server]

Context

[Tree] (config>router>if>dhcp server)

Full Context

configure router interface dhcp server

Description

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all of the servers in the list. There can be a maximum of eight DHCP servers configured.

The flood command is applicable only in the VPLS case. There is a scenario with VPLS where the VPLS node only wants to add Option 82 information to the DHCP request to provider per-subscriber information, but it does not do full DHCP relay. In this case, the server is set to "flood". This means the DHCP request is still a broadcast and is sent through the VPLS domain. A node running at Layer 3 further upstream then can perform the full Layer 3 DHCP relay function.

Default

no server

Parameters

server

Specifies the DHCP server IP address. A maximum of eight servers can be specified in a single statement.

Platforms

All

server

Syntax

server ipv6-address [ipv6-address]

no server

Context

[Tree] (config>router>router-advert>if>dns-options server)

[Tree] (config>router>router-advert>dns-options server)

Full Context

configure router router-advertisement interface dns-options server

configure router router-advertisement dns-options server

Description

This command specifies the IPv6 DNS servers to include in the RDNSS option in Router Advertisements. When specified at the router advertisement level this applies to all interfaces that have include-dns enabled, unless the interfaces have more specific dns-options configured.

Parameters

ipv6-address

Specifies the IPv6 address of the DNS servers as eight 16-bit hexadecimal pieces. A maximum of four ipv6 addresses can be specified in a single statement.

Platforms

All

server

Syntax

server pcp-server-name [create]

no server pcp-server-name

Context

[Tree] (config>router>pcp-server server)

Full Context

configure router pcp-server server

Description

Commands in this context configure a PCP server.

The no form of this command deletes the specified PCP server.

Parameters

pcp-server-name

Specifies the PCP server name, up to 32 characters.

create

Creates a PCP server before entering the context to configure it.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server [router router-instance | service-name service-name] {ip-address | ipv6-address | ptp} [key-id key-id] [version version] [prefer]

no server [router router-instance | service-name service-name] {ip address | ipv6-address | ptp}

Context

[Tree] (config>system>time>ntp server)

Full Context

configure system time ntp server

Description

This command configures the node to operate in client mode with the NTP server specified in the address field of this command.

If the internal PTP process is to be used as a source of time for System Time and OAM time then it must be specified as a server for NTP. If PTP is specified, then the prefer parameter must also be specified. After PTP has established a UTC traceable time from an external grandmaster then it will always be the source for time into NTP, even if PTP goes into time holdover. PTP applies only to the 7450 ESS and 7750 SR.

Using the internal PTP time source for NTP promotes the internal NTP server to stratum 1 level, which may impact the NTP network topology.

The no form of this command removes the server with the specified address from the configuration.

Parameters

router-instance

Specifies the routing context that contains the interface in the form of router-name or service-id.

Values

router-name — Base | Management

service-id — 1 to 2147483647

Default

Base

service name

Specifies the service name for the VPRN. The name can be up to 64 characters. CPM routing instances are not supported.

ip-address

Configures the IPv4 address of an external NTP server.

Values

a.b.c.d

ipv6-address

Configures the IPv6 address of an external NTP server.

Values
  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

key-id

Specifies the key ID that identifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP server. If an NTP packet is received by this node, the authentication key-id, type, and key value must be valid, otherwise the packet is rejected and an event/trap generated. This is an optional parameter.

Values

1 to 255

version

Configures the NTP version number that is expected by this node. This is an optional parameter.

Values

2 to 4

Default

4

ptp

Configures the internal PTP process as a time server into the NTP process. The prefer parameter is mandatory with this server option.

prefer

Specifies that, when configuring more than one peer, one remote system can be configured as the preferred peer. When a second peer is configured as preferred, then the new entry overrides the old entry.

Platforms

All

server

Syntax

server

Context

[Tree] (config>system>security>ssh>key-re-exchange server)

Full Context

configure system security ssh key-re-exchange server

Description

This command enables the key re-exchange context for the SSH server.

Platforms

All

server

Syntax

server index address ip-address secret key [hash | hash2 | custom] [tls-client-profile profile] [authenticator {md5 | sm3}]

no server index

Context

[Tree] (config>system>security>radius server)

[Tree] (config>service>vprn>aaa>remote-servers>radius server)

Full Context

configure system security radius server

configure service vprn aaa remote-servers radius server

Description

This command adds a RADIUS server and configures the IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. For authentication requests, RADIUS servers are accessed in order from the lowest to highest index until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried. It is assumed that there are multiple identical servers configured as backups and that the servers do not have redundant data.

The no form of this command removes the server from the configuration.

Default

no server

Parameters

index

Specifies the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 5

ip-address

Specifies the IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

key

Specifies the secret key to access the RADIUS server, up to 64 characters. This secret key must match the password on the RADIUS server.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

tls-client-profile

Specifies the TLS profile for the RADIUS server.

profile

Specifies the TLS profile name, up to 32 characters.

md5

Specifies the MD5 hash algorithm for the RADIUS server.

sm3

Specifies the SM3 hash algorithm for the RADIUS server.

Platforms

All

server

Syntax

server index address ip-address secret key [hash | hash2 | custom] [port port]

no server index

Context

[Tree] (config>system>security>tacplus server)

Full Context

configure system security tacplus server

Description

This command adds a TACACS+ server and configures the TACACS+ server IP address, index, and key values.

Up to five TACACS+ servers can be configured at any one time. TACACS+ servers are accessed in order from lowest index to the highest index for authentication requests.

The no form of this command removes the server from the configuration.

Parameters

index

Specifies the index for the TACACS+ server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from the lowest index to the highest index.

Values

1 to 5

ip-address

Specifies the IP address of the TACACS+ server. Two TACACS+ servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

key

Specifies the secret key, up to 128 characters, to access the TACACS+ server. This secret key must match the password on the TACACS+ server.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

port

Specifies the port ID.

Values

0 to 65535

Platforms

All

server

Syntax

server server-index [ create]

no server server-index

Context

[Tree] (config>system>security>ldap server)

Full Context

configure system security ldap server

Description

This command configures an LDAP server. Up to five servers can be configured, which can then work in a redundant manner.

The no version of this command removes the server connection.

Parameters

server-index

Specifies a unique LDAP server connection.

Values

1 to 5

Platforms

All

server

Syntax

server server-index address ip-address secret key [hash | hash2 | custom] [auth-port auth-port] [acct-port acct-port] [type server-type]

Context

[Tree] (config>system>security>dot1x>radius-plcy server)

Full Context

configure system security dot1x radius-plcy server

Description

This command adds a Dot1x server and configures the Dot1x server IP address, index, and key values.

Up to five Dot1x servers can be configured at any one time. Dot1x servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other Dot1x servers are queried. It is assumed that there are multiple identical servers configured as backups and that the servers do not have redundant data.

The no form of this command removes the server from the configuration.

Default

no server

Parameters

server-index

Specifies the index for the Dot1x server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values

1 to 5

ip-address

Specifies the IP address of the Dot1x server. Two Dot1x servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

key

Specifies the secret key, up to 128 characters, to access the Dot1x server. This secret key must match the password on the Dot1x server.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

acct-port

Specifies the UDP port number on which to contact the RADIUS server for accounting requests.

auth-port

Specifies a UDP port number to be used as a match criteria.

Values

1 to 65535

server-type

Specifies the server type.

Values

authorization, accounting, combined

Platforms

All

server

Syntax

[no] server ip-address [ip-address]

Context

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>offer-selection server)

[Tree] (config>service>vprn>sub-if>dhcp>offer-selection server)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>offer-selection server)

Full Context

configure service vprn subscriber-interface group-interface dhcp offer-selection server

configure service vprn subscriber-interface dhcp offer-selection server

configure service ies subscriber-interface group-interface dhcp offer-selection server

Description

This command configures a DHCPv4 server destination for which a discover delay must be configured. Up to eight DHCPv4 server destinations can be configured.

The no form of this command removes the DHCPv4 server destination.

Parameters

ip-address

Specifies the IPv4 address of the DHCP server, in dotted notation a.b.c.d.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

[no] server ipv6-address [ipv6-address]

Context

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>advertise-selection server)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection server)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection server)

Full Context

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection server

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server

Description

This command configures a DHCPv6 server destination for which a solicit delay or a preference option value must be configured. Up to eight DHCPv6 server destinations can be configured.

The no form of this command removes the DHCPv6 server destination.

Parameters

ipv6-address

Specifies the IPv6 address of the DHCPv6 server.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server

Syntax

server [ip-address | fqdn] [port port]

no server

Context

[Tree] (config>system>security>pki>est-profile server)

Full Context

configure system security pki est-profile server

Description

Commands in this context configure EST server parameters.

The no form of the command reverts to the default value.

Parameters

ip-address

Specifies the IP address of the server.

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

fqdn

Specifies to use the Fully Qualified Domain Name (FQDN) of the EST server, up to 255 characters.

port

Specifies the port number of the EST server.

Values

1 to 65535

Default

443

Platforms

All

server

Syntax

server

Context

[Tree] (config>system>security>ssh>authentication-method server)

Full Context

configure system security ssh authentication-method server

Description

Commands in this context configure, at the system level, the authentication method that the SSH server accepts for the session.

Platforms

All

server

Syntax

server

Context

[Tree] (config>system>security>user>ssh-auth-method server)

Full Context

configure system security user ssh-authentication-method server

Description

Commands in this context configure, at the user level, the authentication method accepted by the SSH server for the session. The user-level configuration overrides the system-level configuration.

Platforms

All

server-address

server-address

Syntax

server-address server-address [name server-name]

no server-address server-address

Context

[Tree] (config>app-assure>group>dns-ip-cache>dns-match server-address)

Full Context

configure application-assurance group dns-ip-cache dns-match server-address

Description

7

This command configures a DNS server address. DNS responses from this DNS server are used to populate the dns-ip-cache. Up to 64 server addresses can be configured.

Parameters

server-address

Specifies the IPv4 or IPv6 address of the DNS.

Values

ipv4-address

a.b.c.d[/mask]

mask - [1 to 32]

ipv6-address

x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

prefix-length

[1 to 128]

server-name

Specifies an optional server name for a given server address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server-address

Syntax

server-address {eq | neq} ip-address

server-address {eq | neq} ip-address masked-ip-address netmask netmask

server-address {eq | neq} dns-ip-cache dns-ip-cache-name

server-address {eq | neq} ip-prefix-list ip-prefix-list-name

no server-address

Context

[Tree] (config>app-assure>group>policy>app-filter>entry server-address)

Full Context

configure application-assurance group policy app-filter entry server-address

Description

This command configures the server address to use in application definition. The server IP address may be the source or destination, network or subscriber IP address and may include the use of netmasks.

The no form of this command restores the default (removes the server address from application criteria defined by this entry).

Default

no server-address

Parameters

eq

Specifies a comparison operator that the value configured and the value in the flow are equal.

neq

Specifies a comparison operator that the value configured differs from the value in the flow.

ip-address

Specifies a valid unicast address.

Values

ipv4-address

a.b.c.d[/mask]

mask - [1..32]

ipv6-address

x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

netmask

Specifies an IPv4 or IPv6 address mask.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

masked-ip-address

Specifies a valid unicast IPv4 or IPv6 address.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

dns-ip-cache-name

Specifies a DNS IP cache name, up to 32 characters.

ip-prefix-list-name

Specifies the name of an IP prefix list, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server-address

Syntax

server-address ip-address [version version-number] [normal | preferred]

[interval seconds]

no server-address ip-address

Context

[Tree] (config>system>time>sntp server-address)

Full Context

configure system time sntp server-address

Description

This command creates an SNTP server for unicast client mode.

Parameters

ip-address

Specifies the IP address of the SNTP server.

Values

a.b.c.d

version-number

Specifies the SNTP version supported by this server.

Values

1 to 3

Default

3

normal | preferred

Specifies the preference value for this SNTP server. When more than one time-server is configured, one server can have preference over others. The value for that server should be set to preferred. Only one server in the table can be a preferred server.

Default

normal

seconds

Specifies the frequency at which this server is queried.

Values

64 to 1024

Default

64

Platforms

All

server-cipher-list

server-cipher-list

Syntax

server-cipher-list

Context

[Tree] (config>system>security>ssh server-cipher-list)

Full Context

configure system security ssh server-cipher-list

Description

Commands in this context configure a list of allowed ciphers by the SSH server.

Platforms

All

server-cipher-list

Syntax

server-cipher-list name [create]

no server-cipher-list name

Context

[Tree] (config>system>security>tls server-cipher-list)

Full Context

configure system security tls server-cipher-list

Description

This command creates the cipher list that is compared against cipher lists sent by the client to the server in the client hello message. The list contains all ciphers that are supported and desired by SR OS for use in the TLS session. The first common cipher found in both the server and client cipher lists will be chosen. As such, the most desired ciphers should be added at the top of the list.

The no form of the command removes the cipher list.

Parameters

name

Specifies the name of the server cipher list, up to 32 characters in length.

create

Keyword used to create the server cipher list.

Platforms

All

server-group-list

server-group-list

Syntax

server-group-list name [create]

no server-group-list name

Context

[Tree] (config>system>security>tls server-group-list)

Full Context

configure system security tls server-group-list

Description

This command configures a list of TLS 1.3-supported group suite codes that the server sends in a server Hello message.

The no form of this command removes the server group list.

Parameters

name

Specifies the name of the server group list, up to 32 characters.

create

Keyword used to create the server group list.

Platforms

All

server-id

server-id

Syntax

server-id duid-en hex hex-string

server-id duid-en string ascii-string

server-id duid-ll

no server-id

Context

[Tree] (config>router>dhcp6>server server-id)

[Tree] (config>service>vprn>dhcp6>server server-id)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy server-id)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy server-id)

Full Context

configure router dhcp6 local-dhcp-server server-id

configure service vprn dhcp6 local-dhcp-server server-id

configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server server-id

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server server-id

Description

This command allows the operator to customize the server-id attribute of a DHCPv6 message (such as DHCPv6 advertise and reply). By default, the server-id uses DUID-ll derived from the chassis link layer address. Operators have the option to use a unique identifier by using the duid-en (vendor based on an enterprise number). There is a maximum length associated with the customizable hex-string and ascii-string.

The no form of this command reverts to the default.

Default

server-id duid-ll

Parameters

hex-string

Specifies a DUID system ID in a hex format.

Values

0x0 to 0xFFFFFFFF (maximum 116 hex nibbles)

ascii-string

Specifies a DUID system ID in an ASCII format, up to 58 characters.

duid-ll

Specifies that the DUID system ID is derived from the system link layer address.

duid-en

Specifies the enterprise number.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server-ip

server-ip

Syntax

server-ip {eq | neq} ip-address

no server-ip

Context

[Tree] (debug>app-assure>group>traffic-capture>match server-ip)

Full Context

debug application-assurance group traffic-capture match server-ip

Description

This command configures debugging on a servicer IP address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server-kex-list

server-kex-list

Syntax

server-kex-list

Context

[Tree] (config>system>security>ssh server-kex-list)

Full Context

configure system security ssh server-kex-list

Description

This command allows the user to configure SSH KEX algorithms for SR OS as an SSH server.

An empty list is the default list that the SSH KEX advertises. The default list contains the following:

diffie-hellman-group16-sha512

diffie-hellman-group14-sha256

diffie-hellman-group14-sha1

diffie-hellman-group1-sha1

Platforms

All

server-mac-list

server-mac-list

Syntax

server-mac-list

Context

[Tree] (config>system>security>ssh server-mac-list)

Full Context

configure system security ssh server-mac-list

Description

This command allows the user to configure SSH MAC algorithms for SR OS as an SSH server.

Platforms

All

server-policy

server-policy

Syntax

server-policy policy-name

no server-policy

Context

[Tree] (config>service>dynsvc>acct-2 server-policy)

[Tree] (config>service>dynsvc>acct-1 server-policy)

Full Context

configure service dynamic-services dynamic-services-policy accounting-2 server-policy

configure service dynamic-services dynamic-services-policy accounting-1 server-policy

Description

This command configures the radius server policy to be used for dynamic data services RADIUS accounting.

The no form of this command removes the radius server policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

Parameters

policy-name

Specifies the name of the radius server policy.

Values

Up to 32 characters maximum

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server-policy

Syntax

server-policy policy-name

no server-policy

Context

[Tree] (config>service>dynsvc>plcy>auth server-policy)

Full Context

configure service dynamic-services dynamic-services-policy authentication server-policy

Description

This command configures the RADIUS server policy to be used for RADIUS authentication of data-triggered dynamic services.

Local authentication and RADIUS authentication are mutually exclusive.

The no form of this command removes the server policy from the configuration and disables RADIUS authentication.

Parameters

policy-name

Specifies a RADIUS server policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

server-port

server-port

Syntax

server-port {eq | neq | gt | lt} port-num

server-port {eq | neq} range start-port-num end-port-num

server-port {eq} {port-num | range start-port-num end-port-num} {first-packet-trusted | first-packet-validate}

server-port {eq | neq} port-list port-list-name

server-port {eq} port-list port-list-name {first-packet-trusted | first-packet-validate}

no server-port

Context

[Tree] (config>app-assure>group>policy>app-filter>entry server-port)

Full Context

configure application-assurance group policy app-filter entry server-port

Description

This command specifies the server TCP or UDP port number to use in the application definition.

The no form of this command restores the default (removes server port number from application criteria defined by this app-filter entry).

Default

no server-port (the server port is not used in the application definition)

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

gt

Specifies all port numbers greater than server-port-number match.

lt

Specifies all port numbers less than server-port-number match.

port-list-name

Specifies a named port list containing a set or range of ports.

port-num

Specifies a valid server port number.

Values

0 to 65535

start-port-num, end-port-num

Specifies the starting or ending port number.

Values

0 to 65535

Server Port Options:

The following options are available:

  • No option specified: TCP/UDP port applications with full signature verification:

    • AA ensures that other applications that can be identified do not run over a well-known port.

    • Application-aware policy applied once signature-based identification completes (likely requiring several packets).

  • first-packet-validate: TCP/UDP trusted port applications with signature verification:

    • Application identified using well known TCP/UDP port based filters and re-identified once signature identification completes.

    • AA policy applied from the first packet of a flow while continuing signature-based application identification. Policy re-evaluated once the signature identification completes, allowing to detect improper/unexpected applications on a well-known port.

  • first-packet-trusted: TCP/UDP trusted port applications - no signature verification:

    • Application identified using well known TCP/UDP port based filters only.

    • Application Aware policy applied from the first packet of a flow.

    • No signature processing assumes operator/customer trusts that no other applications can run on the well-known TCP/UDP port (statistics collected against trusted_tcp or trusted_udp protocol).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server-port

Syntax

server-port {eq | neq} port-num

no server-port

Context

[Tree] (debug>app-assure>group>traffic-capture>match server-port)

Full Context

debug application-assurance group traffic-capture match server-port

Description

This command configures debugging on a server port.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

server-shutdown

server-shutdown

Syntax

[no] server-shutdown

Context

[Tree] (config>system>security>ssh server-shutdown)

Full Context

configure system security ssh server-shutdown

Description

This command enables the SSH servers running on the system.

Default

no server-shutdown

Platforms

All

server-signature-list

server-signature-list

Syntax

server-signature-list name [create]

no server-signature-list name

Context

[Tree] (config>system>security>tls server-signature-list)

Full Context

configure system security tls server-signature-list

Description

This command configures a list of TLS 1.3-supported signature suite codes for the digital signature that the server sends in a server Hello message.

The no form of this command removes the server signature list.

Parameters

name

Specifies the name of the server signature list, up to 32 characters.

create

Keyword used to create the server signature list.

Platforms

All

server-timeout

server-timeout

Syntax

server-timeout seconds

no server-timeout

Context

[Tree] (config>port>ethernet>dot1x server-timeout)

Full Context

configure port ethernet dot1x server-timeout

Description

This command configures the period during which the router waits for the RADIUS server to respond to its access request message. When this timer expires, the router will re-send the access request message, up to the specified number times.

The no form of this command returns the value to the default.

Default

server-timeout 30

Parameters

seconds

Specifies the server timeout period, in seconds.

Values

1 to 300

Platforms

All

server-tls-profile

server-tls-profile

Syntax

server-tls-profile name [create]

no server-tls-profile name

Context

[Tree] (config system security tls server-tls-profile)

Full Context

configure system security tls server-tls-profile

Description

This command creates a TLS server profile. This profile can be used by applications that support TLS for encryption. The applications should not send any PDUs until the TLS handshake has been successful.

The no form of the command removes the TLS server profile.

Parameters

name

Specifies the name of the TLS server profile, up to 32 characters in length.

create

Keyword used to create the TLS server profile.

Platforms

All

server6

server6

Syntax

server6 ipv6-address

no server6

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host server6)

Full Context

configure subscriber-mgmt local-user-db ipoe host server6

Description

This command allows DHCP6 server selection based on the host entry in LUDB.

The configured DHCP6 server IP address must reference one of the v6 addressees configured under the config>service>vprn>sub-if>grp-if>ipv6>dhcpv6>relay or config>service>ies>sub-if>grp-if>ipv6>dhcpv6>relay context.

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the retailer service ID.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

servers

servers

Syntax

servers

Context

[Tree] (config>aaa>radius-srv-plcy servers)

Full Context

configure aaa radius-server-policy servers

Description

Commands in this context configure radius-server-policy parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

service

service

Syntax

service service-id

no service

Context

[Tree] (config>service>vpls>sap>msap-defaults service)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>msap-defaults service)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>msap-defaults service)

Full Context

configure service vpls sap msap-defaults service

configure subscriber-mgmt local-user-db ppp host msap-defaults service

configure subscriber-mgmt local-user-db ipoe host msap-defaults service

Description

This command sets default service for all subscribers created based on trigger packets received on the given capture SAP in case the corresponding VSA is not included in the RADIUS authentication response. This command is applicable to capture SAP only.

The no form of this command reverts to the default.

Parameters

service-id

Specifies the service ID as an integer or a name.

Values

service-id - 1 to 2147483648

service-name - up to 64 characters

Platforms

All

  • configure service vpls sap msap-defaults service

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt local-user-db ipoe host msap-defaults service
  • configure subscriber-mgmt local-user-db ppp host msap-defaults service

service

Syntax

service service-id

no service

Context

[Tree] (config>service>ies>sub-if>grp-if>bonding-parameters>connection service)

[Tree] (config>service>vprn>sub-if>grp-if>bonding-parameters>connection service)

Full Context

configure service ies subscriber-interface group-interface bonding-parameters connection service

configure service vprn subscriber-interface group-interface bonding-parameters connection service

Description

This command binds a specified service to this connection. ESM subscribers created under this service are eligible for bonding in this group interface and are identified by the provisioned connection ID. All connections in one bonding context must use subscriber interfaces in separate router instances.

The no form of this command removes the service from this bonding context, which can only be done when bonding is administratively disabled.

Parameters

service-id

Specifies the service ID of the service containing this subscriber interface.

service

Syntax

service

Context

[Tree] (config>cflowd>collector>exp-filter>if-list service)

Full Context

configure cflowd collector export-filter interface-list service

Description

Commands in this context configure which service interfaces' flow data is being sent to this collector

Platforms

All

service

Syntax

service service-id preference preference

no service service-id

Context

[Tree] (config>router>dns>redirect-vprn service)

Full Context

configure router dns redirect-vprn service

Description

This command configures the VPRN DNS redirection for the specified service.

The no form of this command removes the service from the VPRN DNS resolution configuration.

Parameters

service-id

Specifies the unique service identification number or string identifying the service in the service domain.

Values

service-id: 1 to 2147483647

svc-name: 64 characters maximum

preference

Specifies the service preference.

Values

0 to 255

Platforms

All

service

Syntax

[no] service service-id

Context

[Tree] (config>log>services-all-events service)

Full Context

configure log services-all-events service

Description

This command enables access to the entire system-wide set of log events (VPRN and non-VPRN) in the logs configured within the management VPRN specified by the service ID.

The no form of the command enables the display of VPRN events only.

Parameters

service-id

Identifies the VPRN.

Values

{id | svc-name}

id:

1 to 2147483647

svc-name:

up to 64 characters

Platforms

All

service

Syntax

service service-id

service name service-name

no service

Context

[Tree] (config>system>security>pki>ca-profile>ocsp service)

Full Context

configure system security pki ca-profile ocsp service

Description

This command specifies the service or routing instance that used to contact OCSP responder. This applies to OCSP responders that either configured in CLI or defined in AIA extension of the certificate to be verified.

The responder-url will also be resolved by using the DNS server configured in the configured routing instance.

With VPRN services, the system checks whether the specified service ID or service name is an existing VPRN service at the time of CLI configuration. Otherwise the configuration fails.

Parameters

service-id

Specifies an existing service ID to be used in the match criteria.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The service name service-name variant can be used in all configuration modes.

Values

service-id: 1 to 2147483647 base-router: 0

name service-name

Identifies the service, up to 64 characters.

Platforms

All

service-carving

service-carving

Syntax

service-carving

Context

[Tree] (config>service>system>bgp-evpn>eth-seg service-carving)

Full Context

configure service system bgp-evpn ethernet-segment service-carving

Description

Commands in this context configure service-carving in the Ethernet-Segment. The service-carving algorithm determines which PE is the Designated Forwarder (DF) in a specified Ethernet Segment and for a specific service.

Platforms

All

service-context-id

service-context-id

Syntax

service-context-id name

no service-context-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>include-avp service-context-id)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp service-context-id

Description

This command configures the value of the service context ID AVP.

The no form of this command returns the command to the default setting.

Parameters

name

Specifies the service context ID AVP value, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

service-id

service-id

Syntax

service-id service-id

no service-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident service-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification service-id

Description

This command specifies the service ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the SAP ID is matched against the Nokia vendor-specific sub-option in DHCP Option 82.

The no form of this command removes the service ID from the configuration.

Parameters

service-id

Specifies an existing service ID or service name.

Values

service-id — 1 to 2147483647

service-name — up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

service-id

Syntax

[no] service-id

Context

[Tree] (config>service>vpls>sap>dhcp>option>vendor service-id)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor service-id)

[Tree] (config>service>vprn>if>dhcp>option>vendor service-id)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor-specific-option service-id)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor service-id)

Full Context

configure service vpls sap dhcp option vendor-specific-option service-id

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option service-id

configure service vprn interface dhcp option vendor-specific-option service-id

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option service-id

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option service-id

Description

This command enables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

Platforms

All

  • configure service vpls sap dhcp option vendor-specific-option service-id
  • configure service vprn interface dhcp option vendor-specific-option service-id

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option service-id
  • configure service ies subscriber-interface group-interface dhcp option vendor-specific-option service-id
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option service-id

service-id

Syntax

[no] service-id

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option service-id)

Full Context

configure router interface dhcp option vendor-specific-option service-id

Description

This command enables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

Default

no service-id

Platforms

All

service-id

Syntax

service-id service-id

no service-id

Context

[Tree] (config>redundancy>mc>peer>mcr>ring>ibc service-id)

[Tree] (config>redundancy>mc>peer>mcr>l3-ring>ibc service-id)

Full Context

configure redundancy multi-chassis peer mc-ring ring in-band-control-path service-id

configure redundancy multi-chassis peer mc-ring l3-ring in-band-control-path service-id

Description

This command specifies the service ID if the interface used for the inband control connection belongs to a VPRN service. If not specified, the service-id is zero and the interface must belong to the Base router. This command supersedes the configuration of a service name.

The no form of this command removes the service ID from the IBC configuration.

Parameters

service-id

Specifies a service ID or an existing service name.

Values

1 to 214748364 - Only supported in 'classic' configuration-mode (configure>system>management-interface>configuration-mode classic)

Platforms

All

service-id

Syntax

service-id service-id

no service-id

Context

[Tree] (config>redundancy>mc>peer>mcr>node>cv service-id)

[Tree] (config>redundancy>mc>peer>mcr>l3-ring>node>cv service-id)

Full Context

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify service-id

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify service-id

Description

This command specifies the service ID of the SAP used for the ring-node connectivity verification of this ring node. This command supersedes the configuration of a service name.

The no form of the command removes the service ID from the CV configuration.

Default

no service-id

Parameters

service-id

Specifies the service ID or an existing service name.

Values

1 to 2147483647- Only supported in "classic” configuration mode (configure system management-interface configuration-mode classic)

Platforms

All

service-id

Syntax

service-id

Context

[Tree] (config>service>system>bgp-evpn>eth-seg service-id)

Full Context

configure service system bgp-evpn ethernet-segment service-id

Description

This command enables the service-id context within the virtual ethernet-segment configuration.

Platforms

All

service-id-lag-hashing

service-id-lag-hashing

Syntax

[no] service-id-lag-hashing

Context

[Tree] (config>system>load-balancing service-id-lag-hashing)

Full Context

configure system load-balancing service-id-lag-hashing

Description

This command enables enhanced VLL LAG service ID hashing. This command improves the LAG spraying of VLL service packets and is applied only when both ECMP and LAG hashing are performed by the same router. By default, the ECMP interface and LAG link for all packets on the VLL service are selected based on a direct modulo operation of the service ID. This command enhances distribution and hashes the service ID prior to the LAG link modulo operation when an ECMP link modulo operation is performed.

The no form of the command preserves the default behavior of VLL LAG service ID hashing.

Default

no service-id-lag-hashing

Platforms

All

service-id-range

service-id-range

Syntax

service-id-range start service-id end service-id

no service-id-range

Context

[Tree] (config>service>md-auto-id service-id-range)

Full Context

configure service md-auto-id service-id-range

Description

This command specifies the range of IDs used by SR OS to automatically assign an ID to services that are created in model-driven interfaces without an ID explicitly specified by the user or client.

A service created with an explicitly-specified ID cannot use an ID in this range. In the classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.

The no form of this command removes the range values.

See the config>service md-auto-id command for further details.

Default

no service-id-range

Parameters

start service-id

Specifies the lower value of the ID range. The value must be less than or equal to the end value.

Values

1 to 2147483647

end service-id

Specifies the upper value of the ID range. The value must be greater than or equal to the start value.

Values

1 to 2147483647

Platforms

All

service-mtu

service-mtu

Syntax

service-mtu octets

no service-mtu

Context

[Tree] (config>service>template>vpls-template service-mtu)

[Tree] (config>service>vpls service-mtu)

Full Context

configure service template vpls-template service-mtu

configure service vpls service-mtu

Description

This command configures the service payload (Maximum Transmission Unit – MTU), in bytes, for the service. This MTU value overrides the service-type default MTU. The service-mtu defines the payload capabilities of the service. It is used by the system to validate the SAP and SDP binding’s operational state within the service.

The service MTU and a SAP’s service delineation encapsulation overhead (4 bytes for a dot1q tag) is used to derive the required MTU of the physical port or channel on which the SAP was created. If the required payload is larger than the port or channel MTU, then the SAP will be placed in an inoperative state. If the required MTU is equal to or less than the port or channel MTU, the SAP will be able to transition to the operative state.

When binding an SDP to a service, the service MTU is compared to the path MTU associated with the SDP. The path MTU can be administratively defined in the context of the SDP. The default or administrative path MTU can be dynamically reduced due to the MTU capabilities discovered by the tunneling mechanism of the SDP or the egress interface MTU capabilities based on the next hop in the tunnel path. If the service MTU is larger than the path MTU, the SDP binding for the service will be placed in an inoperative state. If the service MTU is equal to or less than the path MTU, then the SDP binding will be placed in an operational state.

If a service MTU, port or channel MTU, or path MTU is dynamically or administratively modified, then all associated SAP and SDP binding operational states are automatically re-evaluated.

For i-VPLS and Epipes bound to a b-VPLS, the service-mtu must be at least 18 bytes smaller than the b-VPLS service MTU to accommodate the PBB header.

The no form of this command returns the default service-mtu for the indicated service type to the default value.

Default

service-mtu 1514

Parameters

octets

The following table displays MTU values for specific VC types

VC-Type

Example Service MTU

Advertised MTU

Ethernet

1514

1500

Ethernet (with preserved dot1q)

1518

1504

VPLS

1514

1500

VPLS (with preserved dot1q)

1518

1504

VLAN (dot1p transparent to MTU value)

1514

1500

VLAN (qinq with preserved bottom qtag)

1518

1504

The size of the MTU in octets, expressed as a decimal integer

Values

1 to 9194

Platforms

All

service-mtu

Syntax

service-mtu octets

no service-mtu

Context

[Tree] (config>service>epipe service-mtu)

[Tree] (config>service>ipipe service-mtu)

[Tree] (config>service>cpipe service-mtu)

Full Context

configure service epipe service-mtu

configure service ipipe service-mtu

configure service cpipe service-mtu

Description

This command configures the service payload in bytes, for the service. The configured Maximum Transmission Unit (MTU) value overrides the service-type default MTU. The service-mtu command defines the payload capabilities of the service. It is used by the system to validate the operational state of the SAP and SDP binding within the service.

The service MTU and a SAP’s service delineation encapsulation overhead (4 bytes for a dot1q tag) is used to derive the required MTU of the physical port or channel on which the SAP was created. If the required payload is larger than the port or channel MTU, the SAP is placed in an inoperative state. If the required MTU is equal to or less than the port or channel MTU, the SAP transitions to the operative state.

When binding an SDP to a service, the service MTU is compared to the path MTU associated with the SDP. The path MTU can be administratively defined in the context of the SDP. The default or administrative path MTU can be dynamically reduced due to the MTU capabilities discovered by the tunneling mechanism of the SDP or the egress interface MTU capabilities based on the next hop in the tunnel path. If the service MTU is larger than the path MTU, the SDP binding for the service is placed in an inoperative state. If the service MTU is equal to or less than the path MTU, the SDP binding is placed in an operational state.

If a service MTU, port or channel MTU, or path MTU is dynamically or administratively modified, all associated SAP and SDP binding operational states are automatically reevaluated.

Binding operational states are automatically reevaluated.

For I-VPLS and Epipes bound to a B-VPLS, the service MTU must be at least 18 bytes smaller than the B-VPLS service MTU to accommodate the PBB header.

Because this connects a Layer 2 to a Layer 3 service, adjust the service MTU under the Epipe service. The MTU that is advertised from the Epipe side is service MTU minus EtherHeaderSize.

Note:

In the configure>service>epipe context, the adv-service-mtu command can be used to override the configured MTU value used in T-LDP signaling to the far-end of an Epipe spoke-sdp. The adv-service-mtu command is also used to validate the value signaled by the far-end PE. For more information, see adv-service-mtu command.

The no form of this command returns the default service-mtu for the indicated service type to the default value.

By default, if no service-mtu is configured, the MTU value is (1514 - 14) = 1500.

Default

no service-mtu 1508 (for Apipe, Fpipe)

no service-mtu 1500 (for Ipipe)

no service-mtu 1524 (for Epipe)

MTU Values lists the MTU values for specific VC types.

Table 3. MTU Values

SAP VC-Type

Example: Service MTU

Advertised MTU

Ethernet

1514

1500

Ethernet (with preserved dot1q)

1518

1504

VPLS

1514

1500

VPLS (with preserved dot1q)

1518

1504

VLAN (dot1p transparent to MTU value)

1514

1500

VLAN (qinq with preserved bottom qtag)

1518

1504

Parameters

octets

Specifies the MTU size in octets, expressed as a decimal integer.

Values

1 to 9782

1 to 9800 (for Epipe only)

Platforms

All

  • configure service ipipe service-mtu
  • configure service epipe service-mtu

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe service-mtu

service-name

service-name

Syntax

service-name service-name

no service-name

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident service-name)

Full Context

configure subscriber-mgmt local-user-db ppp host host-identification service-name

Description

This command specifies the service name tag in PADI and/or PADR packets to match for PPPoE hosts.

Note:

This command is only used when service-name is configured as one of the match-list parameters.

The no form of this command removes the service-name from the configuration.

Parameters

service-name

Specifies a PPPoE service name, up to 255 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

service-name

Syntax

service-name service-name

no service-name

Context

[Tree] (config>redundancy>mc>peer>mc>l3-ring>ibc service-name)

[Tree] (config>redundancy>mc>peer>mcr>ring>ibc service-name)

Full Context

configure redundancy multi-chassis peer multi-chassis l3-ring ibc service-name

configure redundancy multi-chassis peer mc-ring ring in-band-control-path service-name

Description

This command specifies the service name if the interface used for the inband control connection belongs to a VPRN service. If not specified the interface must belong to the Base router. This command supersedes the configuration of a service ID.

The no form of this command removes the service name from the IBC configuration.

Default

no service-name

Parameters

service-name

Specifies the service name, up to 64 characters.

Platforms

All

service-name

Syntax

service-name service-name

no service-name

Context

[Tree] (config>redundancy>mc>peer>mcr>node>cv service-name)

[Tree] (config>redundancy>mc>peer>mcr>l3-ring>cv service-name)

Full Context

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify service-name

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify service-name

Description

This command specifies the service name of the SAP used for ring-node connectivity verification of this ring node. This command supersedes the configuration of a service ID.

The no form of this command removes the service name from the CV configuration.

Default

no service-name

Parameters

service-name

Specifies a service name, up to 64 characters.

Platforms

All

service-range

service-range

Syntax

service-range service-id service-id

no service-range

Context

[Tree] (config>service>dynsvc service-range)

Full Context

configure service dynamic-services service-range

Description

This command specifies the service ID range that is reserved for dynamic data service creation. The range cannot overlap with existing static configured services. Once configured with active dynamic services in the range, the service range can only be extended at the end.

The no form of this command removes the service-range from the configuration. This is only allowed when there are no active dynamic data services.

When no service-range is specified, the setup of dynamic data services fails.

Parameters

service-id

Specifies the start and end service IDs to define the service range for dynamic services.

Values

1 to 2147483647

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

service-range

Syntax

service-range svc-id [to svc-id]

no service-range svc-id

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>service-id service-range)

Full Context

configure service system bgp-evpn ethernet-segment service-id service-range

Description

This command associates a specified service range to a virtual ES, along with the network-interconnect-vxlan command. Up to eight service ranges per VXLAN instance can be configured, where the ranges may overlap. The service range may be configured before the service.

The no form of this command removes the association of the service range to the virtual ES for the configured VXLAN instance.

Parameters

svc-id

Specifies which service range will be associated with the virtual Ethernet Segment.

Values

1 to 2147483647

Platforms

All

service-range

Syntax

service-range startid-endid [start-vlan-id startvid]

no service-range

Context

[Tree] (config>service>vpls>vpls-group service-range)

Full Context

configure service vpls vpls-group service-range

Description

This command configures the service ID and implicitly the VLAN ID ranges to be used as input variables for related VPLS and SAP templates to pre-provision "data” VPLS instances and related SAPs using the service ID specified in the command. If the start-vlan-id is not specified then the service-range values are used for vlan-ids. The data SAPs will be instantiated on all the ports used to specify SAP instances under the related control VPLS.

Modifications of the service id and vlan ranges are allowed with the following restrictions.

  • service-range increase can be achieved in two ways:

    • Allowed when vpls-group is in shutdown state

    • By creating a new vpls-group

  • service-range decrease can be achieved in two ways:

    • Allowed when vpls-group is in shutdown state; when shutdown command is executed the associated service instances are deleted.

    • Allowed when vpls-group is in no shutdown state and has completed successfully instantiating services.

    • In both cases, only the services that do not have user configured SAPs will be deleted. Otherwise the above commands are rejected. Existing declarations or registrations do not prevent service deletion.

  • start-vlan-id change can be achieved in two ways:

    • Allowed when vpls-group is in shutdown state

    • At the time of range decrease by increasing the start-vlan-id which can be done when vpls-group is in no shutdown state and has completed successfully instantiating services

The no form of this command removes the specified ranges and deletes the pre-provisioned VPLS instances and related SAPs. The command will fail if any of the VPLS instances in the affected ranges have a provisioned SAP.

Default

no service-range

Parameters

startid-endid

Specifies the range of service IDs

Values

1 to 2147483647

startvid

Specifies the starting VLAN ID; it provides a way to set aside a service ID range that is not the same as the VLAN range and allows for multiple MVRP control-VPLSs to control same VLAN range on different ports.

Values

1 to 4094

Platforms

All

service-request

service-request

Syntax

[no] service-request

Context

[Tree] (config>subscr-mgmt>acct-plcy>triggered-updates>gc service-request)

Full Context

configure subscriber-mgmt radius-accounting-policy triggered-updates gtp-change service-request

Description

This command configures the router to send an interim accounting update when a service request (reactivation) procedure is performed.

The no form of the command configures the router not to send an interim accounting update when a service request (reactivation) procedure is performed.

Default

no service-request

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

services-all-events

services-all-events

Syntax

services-all-events

Context

[Tree] (config>log services-all-events)

Full Context

configure log services-all-events

Description

Commands in this context control which log events are present in VPRN logs.

By default, the event streams for VPRN logs contain only events that are associated with the particular VPRN.

Access to the entire system-wide set of events (VPRN and non-VPRN) can be enabled using the services-all-events command.

Platforms

All

serving-network

serving-network

Syntax

serving-network mcc mcc-value mnc mnc-value

no serving-network

Context

[Tree] (config>subscr-mgmt>gtp serving-network)

Full Context

configure subscriber-mgmt gtp serving-network

Description

This command configures the Operator Identifier part (MCC and MNC) of the APN.

The no form of this command removes the values from the profile.

Default

no serving-network

Parameters

mcc-value

Specifies the Mobile Country Code (MCC) portion of the Serving Network.

Values

3 digits

mnc-value

Specifies the Mobile Network Code (MNC) portion of the Serving Network.

Values

2 or 3 digits

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

session

session

Syntax

session

Context

[Tree] (config>isa>video-group>watermark session)

Full Context

configure isa video-group watermark session

Description

Commands in this context configure watermark parameters based on the session.

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

session

Syntax

session session-name [test-family [ ethernet | ip | mpls] [session-type {proactive | on-demand}] create]

no session session-name

Context

[Tree] (config>oam-pm session)

Full Context

configure oam-pm session

Description

This command creates the individual session containers that houses the test specific configuration parameters. Since this session context provides only a container abstract to house the individual test functions, it cannot be shut down. Individual tests sessions within the container may be shut down. No values, parameters, or configuration within this context may be changed if any individual test is active. Changes may only be made when all tests within the context are shut down. The only exception to this is the description value.

The no form of this command deletes the session.

Parameters

session-name

Specifies the session name, up to 32 characters.

test-family

Indicates the type family and sets the context for the individual parameters.

Values

ethernet — Specifies that the test is based on the Ethernet layer.

ip — Specifies that the test is based on the IP layer.

mpls — Specifies that the test is based on the MPLS layer.

session-type

Specifies how to set the Type bit in the Flags byte, and influences how different test criteria may be applied to the individual test. Not all test families carry this information in the PDU.

Values

proactive — Sets the type to always on, with an immediate start and no stop.

on-demand — Sets the type to on-demand, with an immediate start and no stop, or a stop based on the offset.

Default

proactive

create

Creates the PM session.

Platforms

All

session-accounting

session-accounting

Syntax

session-accounting [interim-update] [host-update]

no session-accounting

Context

[Tree] (config>subscr-mgmt>acct-plcy session-accounting)

Full Context

configure subscriber-mgmt radius-accounting-policy session-accounting

Description

This command enables per session accounting mode. In per session accounting mode, the acct-session-id is generated per session. This acct-session-id is uniformly included in all accounting messages (START/INTERIM-UPDATE/STOP) and it can be included in RADIUS Access-Request message.

This accounting mode of operation can be used only in PPPoE environment with dual-stack host in which case both hosts (IPv4 and IPv6) are considered part of the same session. In addition to regular interim-updates, triggered interim-updates are sent by a host joining or leaving the session.

When an IPv4/v6 address is allocated, or released from a dual-stack host, a triggered interim-update message is immediately sent. This triggered interim-update message reflects the change in the IP address. The triggered interim-update has no effect on the interval at which the regular interim updates are scheduled.

Accounting counters are based on the queue counters and as such are aggregated for all host sharing the queues within an sla-profile instance.

CoA and LI is supported based on the acct-session-id of the session.

The no form of this command reverts to the default.

Parameters

interim-update

Specifies to enable interim updates. Without this keyword only START and STOP accounting messages are generated when the session is established or terminated. This is equivalent to a time-based accounting where only the duration of the session is required.

host-update

Indicates that host updates messages are sent. INTERIM-UPDATE messages can be generated (volume based accounting) by selecting this keyword.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-assign-method

session-assign-method

Syntax

session-assign-method {weighted | weighted-random}

no session-assign-method

Context

[Tree] (config>router>l2tp session-assign-method)

[Tree] (config>service>vprn>l2tp session-assign-method)

Full Context

configure router l2tp session-assign-method

configure service vprn l2tp session-assign-method

Description

This command configures the session assignment method.

The no form of this command reverts to the default value.

Default

no session-assign-method

Parameters

weighted

Specifies that the sessions are shared between the available tunnels. If necessary, new tunnels are set up until the maximum number is reached. The distribution aims at an equal ratio of the actual number of sessions to the maximum number of sessions.

weighted-random

Enhances the weighted algorithm such that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-assign-method

Syntax

session-assign-method {existing-first | weighted | weighted-random}

no session-assign-method

Context

[Tree] (config>service>vprn>l2tp>group session-assign-method)

[Tree] (config>router>l2tp>group session-assign-method)

Full Context

configure service vprn l2tp group session-assign-method

configure router l2tp group session-assign-method

Description

This command specifies how new sessions are assigned to one of the set of suitable tunnels that are available or could be made available.

The no form of this command reverts to the default value.

Default

session-assign-method existing-first

Parameters

existing-first

Specifies that all new sessions are placed by preference in the existing tunnels.

weighted

Specifies that the sessions are shared between the available tunnels. If necessary, new tunnels are set up until the maximum number is reached. The distribution aims at an equal ratio of the actual number of sessions to the maximum number of sessions.

weighted-random

Enhances the weighted algorithm such that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-filter

session-filter

Syntax

session-filter session-filter-name

no session-filter

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action session-filter)

Full Context

configure application-assurance group policy app-qos-policy entry action session-filter

Description

This command specifies the Application-Assurance session filter that will be evaluated. If no session filters are specified then no session filters will be evaluated.

Default

no session-filter

Parameters

session-filter-name

Specifies the session filter to be applied.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-filter

Syntax

session-filter session-filter-name [create]

no session-filter session-filter-name

Context

[Tree] (config>app-assure>group session-filter)

Full Context

configure application-assurance group session-filter

Description

This command creates a session filter.

Parameters

session-filter-name

Creates a session filter name up to 32 characters.

create

Keyword used to create the session filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-filter

Syntax

session-filter session-filter-name

Context

[Tree] (config>app-assure>group>statistics>tca session-filter)

Full Context

configure application-assurance group statistics threshold-crossing-alert session-filter

Description

This command configures TCA generation for a session filter.

Parameters

session-filter-name

Specifies the name of the session filter, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-filter-stats

session-filter-stats

Syntax

[no] session-filter-stats

Context

[Tree] (config>app-assure>group>statistics>aa-admit-deny session-filter-stats)

Full Context

configure application-assurance group statistics aa-admit-deny session-filter-stats

Description

This command configures whether to include or exclude session filter admit-deny statistics in accounting records.

Default

no session-filter-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-hold-time

session-hold-time

Syntax

session-hold-time remaining-lease-time

session-hold-time seconds

no session-hold-time

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile session-hold-time)

Full Context

configure subscriber-mgmt gtp peer-profile session-hold-time

Description

This command configures, in seconds, the time that a GTP session context is held after the corresponding UE is disconnected. If the same UE re-connects to this system before this time has elapsed, its GTP session context is re-used. When the timer expires, the GTP session context is cleared.

The no form of this command reverts to the default.

Default

session-hold-time 30

Parameters

remaining-lease-time

Specifies that the timer is equal to the UE’s DHCP remaining lease time.

seconds

Specifies the time, in seconds, to hold a GTP session after its UE is disconnected.

Values

0 to 3600

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-id

session-id

Syntax

session-id session-id

no session-id

Context

[Tree] (config>li>li-source>nat>ethernet-header session-id)

[Tree] (config>li>li-source>nat>classic-lsn-sub session-id)

[Tree] (config>li>li-source>nat>dslite-lsn-sub session-id)

[Tree] (config>li>li-source>nat>nat64-lsn-sub session-id)

[Tree] (config>li>li-source>nat>l2-aware-sub session-id)

Full Context

configure li li-source nat ethernet-header session-id

configure li li-source nat classic-lsn-sub session-id

configure li li-source nat dslite-lsn-sub session-id

configure li li-source nat nat64-lsn-sub session-id

configure li li-source nat l2-aware-sub session-id

Description

This command configures the session ID that is inserted into the packet header for all mirrored packets of the associated LI source entry. This session ID can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs.

The session ID is only valid and used for mirror services that are configured with ip-udp-shim routable encapsulation (config>mirror>mirror-dest>encap>ip-gre-shim).

For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encapsulation, a session-id field (as part of the routable encapsulation) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value is inserted. When a mirror service is configured with ip-gre routable encapsulation, no session-id is inserted and none should be specified against the li-source entries.

The no form of this command removes the session-id from the configuration which results in the default value being used.

Default

no session-id (an id of 0, or no id)

Parameters

session-id

Specifies the value to insert into the header of the mirrored packets.

Values

1 to 4,294,967,295 (32b)

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-id

Syntax

session-id [session-id]

no session-id

Context

[Tree] (config>li>li-source>wlan-gw session-id)

Full Context

configure li li-source wlan-gw session-id

Description

This command configures the session ID inserted in the packet header for all mirrored packets of the associated li-source. When the mirror-service is configured with the ip-udp-shim routable encapsulation, session-id field (as part of the routable encapsulation) is always present in the mirrored packets. The session-id can be used by the LIG to identify a particular LI session to which the packet belongs.

Parameters

session-id

Specifies the session ID inserted in the LI header.

Values

1 to 4294967295

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-id

Syntax

session-id session-id

no session-id

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>l2tp session-id)

[Tree] (config>test-oam>build-packet>header>l2tp session-id)

Full Context

debug oam build-packet packet field-override header l2tp session-id

configure test-oam build-packet header l2tp session-id

Description

This command defines the session ID to be used in the L2TP header.

The no form of this command removes the session ID value.

Default

session-id 0

Parameters

session-id

Specifies the L2TP session ID to be used in the L2TP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

session-id-format

session-id-format

Syntax

session-id-format {description | number}

no session-id-format

Context

[Tree] (config>subscr-mgmt>acct-plcy session-id-format)

Full Context

configure subscriber-mgmt radius-accounting-policy session-id-format

Description

This command specifies the format for the acct-session-id attribute used in RADIUS accounting requests.

The no form of this command reverts to the default.

Default

session-id-format description

Parameters

description

Specifies to use a string containing following information: <subscriber>@<sap-id>@<SLA-profile>_<creation-time>

number

Specifies to use a unique number generated by the OS to identify a given session.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-key

session-key

Syntax

session-key sap mac [cid] [rid]

no session-key

Context

[Tree] (config>subscr-mgmt>ipoe-plcy session-key)

Full Context

configure subscriber-mgmt ipoe-session-policy session-key

Description

This command configures the key to logically group subscriber hosts that belong to the same dual stack end device in an IPoE session.

The SAP and MAC address are always part of the IPoE session key. Optionally the Circuit-Id/Interface-Id or Remote-Id can be added to the session key.

The no form of this command reverts to the default.

Default

session-key sap mac

Parameters

sap

Includes the SAP as part of the IPoE session key. The sap parameter is mandatory and cannot be removed from the key.

mac

Includes the MAC address as part of the IPoE session key. The mac parameter is mandatory and cannot be removed from the key.

cid

Optionally adds the DHCPv4 Relay Agent Circuit-Id (Option 82, sub Option 1) and DHCPv6 Interface-Id (Option 18) field to the IPoE session key.

rid

Optionally adds the DHCPv4 Relay Agent Remote-Id (Option 82, sub Option 2) and DHCPv6 Remote-Id (Option 37) field to the IPoE session key. For DHCPv6, the enterprise number is excluded from the key.

sap and mac are mandatory parameters while cid and rid are optional and mutually exclusive. Valid IPoE session key parameters are: sap mac, sap mac cid and sap mac rid.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-limit

session-limit

Syntax

session-limit session-limit

session-limit unlimited

no session-limit

Context

[Tree] (config>service>vprn>l2tp session-limit)

[Tree] (config>service>vprn>l2tp>group>tunnel session-limit)

[Tree] (config>router>l2tp>group>tunnel session-limit)

[Tree] (config>router>l2tp>group session-limit)

[Tree] (config>service>vprn>l2tp>group session-limit)

[Tree] (config>router>l2tp session-limit)

Full Context

configure service vprn l2tp session-limit

configure service vprn l2tp group tunnel session-limit

configure router l2tp group tunnel session-limit

configure router l2tp group session-limit

configure service vprn l2tp group session-limit

configure router l2tp session-limit

Description

This command configures the session limit.

This command configures the L2TP session limit for the router. The value controls how many L2TP sessions will be allowed within a given context (system, group, tunnel).

L2TP is connection-oriented. The L2TP Network Server (LNS) and LAC maintain state for each call that is initiated or answered by an LAC. An L2TP session is created between the LAC and LNS when an end-to-end PPP connection is established between a remote system and the LNS. Datagrams related to the PPP connection are sent over the tunnel between the LAC and LNS. There is a one-to-one relationship between established L2TP sessions and their associated calls.

The no form of this command removes the value from the configuration.

Default

no session-limit

Parameters

session-limit

Specifies the allowed number of sessions within the given context.

Values

1 to 131071

unlimited

Specifies to use the maximum number of sessions available.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-limit

Syntax

session-limit session-limit

no session-limit

Context

[Tree] (config>service>ies>sub-if>pppoe session-limit)

[Tree] (config>service>vprn>sub-if>pppoe session-limit)

[Tree] (config>service>ies>sub-if>grp-if>pppoe session-limit)

[Tree] (config>service>vprn>sub-if>grp-if>pppoe session-limit)

Full Context

configure service ies subscriber-interface pppoe session-limit

configure service vprn subscriber-interface pppoe session-limit

configure service ies subscriber-interface group-interface pppoe session-limit

configure service vprn subscriber-interface group-interface pppoe session-limit

Description

This command specifies the number of PPPoE hosts allowed for this group interface.

The no form of this command reverts to the default.

Default

session-limit 1

Parameters

session-limit

Specifies the number of PPPoE hosts allowed.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

1 to 131071

1 to 262143 (retail subscriber interface)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-limit

Syntax

session-limit session-limit

no session-limit

Context

[Tree] (config>service>ies>sub-if>ipoe-session session-limit)

[Tree] (config>service>ies>sub-if>grp-if>ipoe-session session-limit)

[Tree] (config>service>vprn>sub-if>ipoe-session session-limit)

[Tree] (config>service>vprn>sub-if>grp-if>ipoe-session session-limit)

Full Context

configure service ies subscriber-interface ipoe-session session-limit

configure service ies subscriber-interface group-interface ipoe-session session-limit

configure service vprn subscriber-interface ipoe-session session-limit

configure service vprn subscriber-interface group-interface ipoe-session session-limit

Description

This command specifies the number of IPoE sessions allowed for this group interface or retail subscriber interface.

The no form of this command reverts to the default.

Default

session-limit 1

Parameters

session-limit

Specifies the number of allowed IPoE sessions.

Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values

1 to 131071

1 to 500000 (retail subscriber interface)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-limit

Syntax

session-limit limit

Context

[Tree] (config>li>x-interfaces>x3 session-limit)

Full Context

configure li x-interfaces x3 session-limit

Description

This command configures the number of X3 sessions that the system should initiate to the LIC.

The no form of this command reverts to the default.

Default

session-limit 32

Parameters

limit

Specifies the session limit.

Values

1 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

session-limits

session-limits

Syntax

session-limits

Context

[Tree] (config>isa>wlan-gw-group>nat session-limits)

Full Context

configure isa wlan-gw-group nat session-limits

Description

Commands in this context configure session limits for the ISA WLAN gateway NAT group.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-limits

Syntax

session-limits

Context

[Tree] (config>isa>nat-group session-limits)

Full Context

configure isa nat-group session-limits

Description

Commands in this context configure session limits for the ISA NAT group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-limits

Syntax

session-limits

Context

[Tree] (config>service>nat>up-nat-policy session-limits)

[Tree] (config>service>nat>nat-policy session-limits)

[Tree] (config>service>nat>firewall-policy session-limits)

Full Context

configure service nat up-nat-policy session-limits

configure service nat nat-policy session-limits

configure service nat firewall-policy session-limits

Description

Commands in this context configure session limits for the NAT policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat up-nat-policy session-limits
  • configure service nat nat-policy session-limits

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy session-limits

session-limits

Syntax

[no] session-limits

Context

[Tree] (config>subscr-mgmt>sla-profile session-limits)

[Tree] (config>subscr-mgmt>sub-profile session-limits)

Full Context

configure subscriber-mgmt sla-profile session-limits

configure subscriber-mgmt sub-profile session-limits

Description

Commands in this context configure session limits per SLA profile instance or per subscriber.

The no form of this command removes the configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-messages

session-messages

Syntax

[no] session-messages

Context

[Tree] (debug>diam>application>policy session-messages)

Full Context

debug diameter application policy session-messages

Description

This command debugs session messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-optimized-stop

session-optimized-stop

Syntax

[no] session-optimized-stop

Context

[Tree] (config>subscr-mgmt>sub-prof>rad-acct session-optimized-stop)

Full Context

configure subscriber-mgmt sub-profile radius-accounting session-optimized-stop

Description

This command optimizes a RADIUS Accounting Stop message for a PPPoE session termination (specifically for session accounting mode when the host update is enabled). By default when a PPPoE session terminates, the system removes a dual stack host in sequence, one host at a time. Therefore, the system will generate a RADIUS accounting interim for each host termination until only the final host is left. The final host will generate a final accounting stop message. Enabling this command will trigger a single Stop RADIUS accounting message and include information of all hosts without the host updates.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-parameters

session-parameters

Syntax

session-parameters

Context

[Tree] (config>router>ldp session-parameters)

Full Context

configure router ldp session-parameters

Description

Commands in this context configure peer specific parameters.

Platforms

All

session-qer

session-qer

Syntax

session-qer

Context

[Tree] (config>subscr-mgmt>sla-prof>pfcp session-qer)

Full Context

configure subscriber-mgmt sla-profile pfcp-mappings session-qer

Description

Commands in this context configure the mapping of the GBR/MBR IEs present in a per-session QER without a QER correlation ID. A QER that contains a QER correlation ID does not use the QER mapping because it is assumed not to be a per-session construct.If a signaled PFCP QER rate applies to all data-plane rules, it is interpreted as the session QER rate and is mapped to the QoS overrides in the configuration. Examples of such QER rates are APN-AMBR for 4G FWA sessions and session-AMBR for 5G FWA sessions.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-sender-type

session-sender-type

Syntax

session-sender-type {twamp-light | stamp}

Context

[Tree] (config>oam-pm>session>ip>twamp-light session-sender-type)

Full Context

configure oam-pm session ip twamp-light session-sender-type

Description

This command configures the type of test packet format to transmit.

Default

session-sender-type twamp-light

Parameters

twamp-light
Specifies TWAMP-Light transmission, packet formatting, and packet processing. TWAMP-Light test packets do not allow TLVs.
stamp
Specifies STAMP transmission, packet formatting, and packet processing. STAMP test packets support TLVs.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

session-time

session-time

Syntax

[no] session-time

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes session-time)

Full Context

configure aaa isa-radius-policy acct-include-attributes session-time

Description

This command enables the inclusion of the session-time attributes.

The no form of the command excludes session-time attributes.

Default

no session-time

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

session-timeout

session-timeout

Syntax

session-timeout timeout

no session-timeout

Context

[Tree] (config>subscr-mgmt>ppp-policy session-timeout)

Full Context

configure subscriber-mgmt ppp-policy session-timeout

Description

This command defines the time before the PPP session is terminated.

A RADIUS specified session-timeout (attribute [27] Session-Timeout) overrides the CLI configured value.

The no form of this command reverts to the default.

Parameters

timeout

Specifies the session timeout in seconds.

Values

1 to 31104000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

session-timeout

Syntax

session-timeout timeout

no session-timeout

Context

[Tree] (config>subscr-mgmt>ipoe-plcy session-timeout)

Full Context

configure subscriber-mgmt ipoe-session-policy session-timeout

Description

This command defines the time in seconds between 1 second and 360 days before the IPoE session is disconnected. The default value is unlimited session timeout.

The no form of this command reverts to the default.

Parameters

timeout

Specifies the session timeout in seconds.

Values

1 to 31104000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

set-time

set-time

Syntax

set-time date time

Context

[Tree] (admin set-time)

Full Context

admin set-time

Description

This command sets the local system time.

The time entered should be accurate for the time zone configured for the system. The system will convert the local time to UTC before saving to the system clock which is always set to UTC. This command does not take into account any daylight saving offset if defined.

If SNTP or NTP is enabled (no shutdown) then this command cannot be used.

Parameters

date

Specifies the local date and time accurate to the minute in the YYYY/MM/DD format.

Values

YYYY is the four-digit year

MM is the two-digit month

DD is the two-digit date

time

Specifies the time (accurate to the second) in the hh:mm[:ss] format. If no seconds value is entered, the seconds are reset to :00.

Values

hh is the two-digit hour in 24 hour format (00=midnight, 12=noon)mm is the two-digit minute

Default

0

Platforms

All

set-tos

set-tos

Syntax

set-tos [0..255]

no set-tos

Context

[Tree] (config>router>nat>inside>nat64 set-tos)

[Tree] (config>service>vprn>nat>inside>nat64 set-tos)

Full Context

configure router nat inside nat64 set-tos

configure service vprn nat inside nat64 set-tos

Description

This command specifies the value of the IPv4 ToS field. When enabled, the NAT64 node ignores IPv6 traffic-class and sets IPv4 ToS to the supplied ToS value in the translated IPv4 packet.

The no form of the command reverts to the default.

Default

set-tos 0

Parameters

[0..255]

Sets the IPv4 ToS to a fixed value the IPv6 Traffic Class and set the IPv4 ToS to a fixed value and ignores the IPv6 traffic class.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

setup-timeout

setup-timeout

Syntax

setup-timeout access-accept timeout

no setup-timeout

Context

[Tree] (config>service>dynsvc>timers setup-timeout)

Full Context

configure service dynamic-services timers setup-timeout

Description

This command specifies the time that dynamic data services setup requests from a RADIUS Access-Accept are hold in an internal work queue waiting to be processed. If after the timeout, the dynamic data service setup request is still in the queue (meaning it is not setup), then the dynamic service setup request is removed from the queue and the setup fails.

The no form of this command reverts to the default value of 30 seconds.

Default

no setup-timeout

Parameters

timeout

Specifies the setup-timeout, in seconds, for setup requests of dynamic services received via Access-Accept.

Values

2 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

severity

severity

Syntax

severity {eq | neq | lt | lte | gt | gte} severity-level

no severity

Context

[Tree] (config>service>vprn>log>filter>entry>match severity)

Full Context

configure service vprn log filter entry match severity

Description

This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. The latest severity command overwrites the previous command.

The no form of this command removes the severity match criterion.

Default

no severity

Parameters

eq | neq | lt | lte | gt | gte

Specifies the type of match. Valid operators are listed below.

Values

Operator

Notes

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

severity-name

The ITU severity level name. Severity Levels lists severity names and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.

Table 4. Severity Levels

Severity Number

Severity Name

1

cleared

2

indeterminate (info)

3

critical

4

major

5

minor

6

warning

Values

cleared, intermediate, critical, major, minor, warning

Platforms

All

severity

Syntax

severity syslog-severity

Context

[Tree] (config>app-assure>group>evt-log>syslog severity)

Full Context

configure application-assurance group event-log syslog severity

Description

This command configures the syslog message severity level threshold.

Default

severity info

Parameters

syslog-severity

Specifies the severity level for the syslog message.

Values

emergency, alert, critical, error, warning, notice, info, debug

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

severity

Syntax

severity {eq | neq | lt | lte | gt | gte} severity-level

no severity

Context

[Tree] (config>log>filter>entry>match severity)

Full Context

configure log filter entry match severity

Description

This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. The latest severity command overwrites the previous command.

The no form of this command removes the severity match criterion.

Parameters

eq | neq | lt | lte | gt | gte

Specifies the match type. Valid operators are listed in Valid Operators.

Table 5. Valid Operators

Operator

Notes

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

severity-name

Specifies the ITU severity level name. ITU Severity Information lists severity names and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.

Table 6. ITU Severity Information

Severity Number

Severity Name

1

cleared

2

indeterminate (info)

3

critical

4

major

5

minor

6

warning

Values

cleared, intermediate, critical, major, minor, warning

Platforms

All

severity-level

severity-level

Syntax

severity-level syslog-level

Context

[Tree] (config>service>nat>syslog>syslog-export-policy severity-level)

Full Context

configure service nat syslog syslog-export-policy severity-level

Description

This command configures the severity level.

For more information, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide. The config>log>syslog>level hierarchy also applies to this context.

Default

severity-level info

Parameters

syslog-level

Specifies the severity level.

Values

emergency, alert, critical, error, warning, notice, info, debug

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sf-offset

sf-offset

Syntax

sf-offset offset-value

no sf-offset

Context

[Tree] (config>service>vprn>isis>if>level sf-offset)

Full Context

configure service vprn isis interface level sf-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sf-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sf-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sf-offset

Parameters

offset-value

Specifies the amount the interface metric is increased by if the sf-threshold is crossed.

Values

0 to 16777215

Platforms

All

sf-offset

Syntax

sf-offset offset-value

no sf-offset

Context

[Tree] (config>router>isis>if>level sf-offset)

Full Context

configure router isis interface level sf-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sf-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sf-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sf-offset

Parameters

offset-value

Specifies the amount the interface metric is increased by if the sf-threshold is crossed.

Values

0 to 16777215

Platforms

All

sf-sd-method

sf-sd-method

Syntax

sf-sd-method {bip8 | fec}

Context

[Tree] (config>port>otu sf-sd-method)

Full Context

configure port otu sf-sd-method

Description

This command specifies the method used to determine the signal failure (SF) and signal degrade (SD) alarms. When the bip8 method is selected, the SM-BIP8 errors are used. When the fec method is selected, the FEC corrected bits are used.

The following rules must be followed:

  • The port’s OTU must be enabled to set or change the sf-sd-method.

  • The FEC mode must be enhanced or g709 before setting sf-sd-method to fec.

  • The SF threshold must be 5 or higher before setting sf-sd-method to bip8.

Default

sf-sd-method fec

Parameters

bip8

Specifies that SM-BIP8 errors are used to declare the presence of the SF and SD conditions.

fec

Specifies that FEC corrected bit errors are used to declare the presence of the SF and SD conditions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sf-threshold

sf-threshold

Syntax

sf-threshold threshold [coefficient coefficient]

Context

[Tree] (config>port>otu sf-threshold)

Full Context

configure port otu sf-threshold

Description

This command defines the error rate at which to declare the signal failure (SF) condition.

The parameters define an error rate of (coefficient/10) * 10E-threshold. For example, sf-threshold 5 coefficient 20 defines an error rate of (20/10) * 10E-5, or 2 * 10E-5, or 0.000 02.

The SF threshold must be the following:

  • less than the SD threshold

  • 5 or higher before setting sf-sd-method to bip8

The coefficient parameter is only used when sf-sd-method is set to fec. When sf-sd-method is set to bip8, coefficient is considered to have the value of 10.

Parameters

threshold

Specifies the exponent for the SF threshold value.

Values

3 to 6 when sf-sd-method is bip8

3 to 8 when sf-sd-method is fec

Default

5

coefficient

Specifies the coefficient for the SF threshold value.

Values

10 to 99

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sf-threshold

Syntax

sf-threshold errored-frames

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame sf-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame sf-threshold

Description

The option defines the number of frame errors within the configured window which indicates the port has exceeded an acceptable error rate. A log event will be raised, and the port will be taken out of service by default. Configuration options exist to take additional actions when the error rate exceeds the threshold. These actions are defined using the local-sf-action configuration. This event can only be cleared through manual intervention that affects the state of the port.

Parameters

errored-frames

The number of errored frames within the configured window which indicates the port has become unusable.

Values

1 to 1000000

Default

1

Platforms

All

sf-threshold

Syntax

sf-threshold errored-frames

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-period sf-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-period sf-threshold

Description

This command defines the number of frame errors within the configured window which indicates the port has exceeded an acceptable error rate. A log event will be raised, and the port will be taken out of service by default. Configuration options exist to take additional actions when the error rate exceeds the threshold. These actions are defined using the local-sf-action configuration. This event can only be cleared through manual intervention that affects the state of the port.

Default

sf-threshold 1

Parameters

errored-frames

Specifies the number of errored frames within the configured window which indicates the port has become unusable.

Values

1 to 1000000

Platforms

All

sf-threshold

Syntax

sf-threshold errored-seconds

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-seconds sf-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-seconds sf-threshold

Description

This command defines the number of errors seconds within the configured window which indicates the port has exceeded an acceptable error rate. A log event will be raised, and the port will be taken out of service by default. Configuration options exist to take additional actions when the error rate exceeds the threshold. These actions are defined using the local-sf-action configuration. This event can only be cleared through manual intervention that affects the state of the port.

Parameters

errored-seconds

Specifies the number of errored seconds within the configured window which indicates the port has become unusable.

Values

1 to 900

Platforms

All

sf-threshold

Syntax

sf-threshold errored-symbols

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-symbols sf-threshold)

Full Context

configure port ethernet efm-oam link-monitoring errored-symbols sf-threshold

Description

This command defines the number of symbol errors within the configured window which indicates the port has exceeded an acceptable error rate. A log event will be raised, and the port will be taken out of service by default. Configuration options exist to take additional actions when the error rate exceeds the threshold. These actions are defined using the local-sf-action configuration.

Parameters

errored-symbols

Specifies the number of errored-symbols which indicates the port has become unusable.

Values

1 to 1000000

Platforms

All

sf-threshold

Syntax

sf-threshold threshold [multiplier multiplier]

no sf-threshold

Context

[Tree] (config>port>ethernet>sym-mon sf-threshold)

Full Context

configure port ethernet symbol-monitor sf-threshold

Description

This command specifies the error rate at which to declare the Signal Fail condition on an Ethernet interface. The value represents M*10E-N symbol errors over total symbols received over W seconds of the sliding window. The symbol errors on the interface are sampled once per second. A default of 10 seconds is used when there is no additional window-size configured. The multiplier keyword is optional. If the multiplier keyword is omitted or no sf-threshold is specified, the multiplier will return to the default value of 1.

Default

no sf-threshold

Parameters

threshold

Specifies the rate of symbol errors.

Values

1 to 9

multiplier

Specifies the multiplier used to scale the symbol error ratio.

Values

1 to 9

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sf-threshold

Syntax

sf-threshold threshold [multiplier multiplier]

no sf-threshold

Context

[Tree] (config>port>ethernet>crc-monitor sf-threshold)

Full Context

configure port ethernet crc-monitor sf-threshold

Description

This command specifies the error rate at which to declare the Signal Fail condition on an Ethernet interface. The value represents M*10E-N errored frames over total frames received over W seconds of the sliding window. The CRC errors on the interface are sampled once per second. A default of 10 seconds is used when there is no additional window-size configured. The multiplier keyword is optional. If the multiplier keyword is omitted or no sf-threshold is specified the multiplier will return to the default value of 1.

Default

no sf-threshold

Parameters

threshold

Specifies the threshold value.

Values

1 to 9

multiplier

Specifies the multiplier value.

Values

1 to 9

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sf-threshold-clear

sf-threshold-clear

Syntax

sf-threshold-clear threshold [coefficient coefficient]

Context

[Tree] (config>port>otu sf-threshold-clear)

Full Context

configure port otu sf-threshold-clear

Description

This command defines the signal failure (SF) threshold clear value.

When the bit error rate falls below this value, the SF condition is cleared. The parameters define an error rate of (coefficient/10) * 10E-threshold. For example, sf-threshold-clear 7 coefficient 10 defines an error rate of (10/10) * 10E-7, or 10E-7, or 0.000 000 1.

This SF threshold clear setting is valid only when sf-sd-method is set to fec.

Parameters

threshold

Specifies the exponent for the SF threshold clear value.

Values

3 to 9

Default

6

coefficient

Specifies the coefficient for the SF threshold clear value.

Values

10 to 99

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sflow

sflow

Syntax

[no] sflow

Context

[Tree] (config>port>ethernet sflow)

Full Context

configure port ethernet sflow

Description

This command enables sFlow data collection for a port and its SAPs that support sFlow data collection.

The no form of this of this command disables sFlow.

Default

no sflow

Platforms

7750 SR, 7750 SR-s, 7950 XRS

sflow

Syntax

sflow

Context

[Tree] (config sflow)

Full Context

configure sflow

Description

Commands in this context configure sflow agent parameters.

Platforms

7750 SR, 7750 SR-s, 7950 XRS

sfm

sfm

Syntax

sfm sfm-name

no sfm sfm-name

Context

[Tree] (config sfm)

Full Context

configure sfm

Description

Commands in this context configure the specified SFM.

The no form of this command removes the SFM configuration for the specified SFM.

Parameters

sfm-name

Specifies the SFM identifier.

Values

1 to 4

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

sfm-loss-threshold

sfm-loss-threshold

Syntax

sfm-loss-threshold num-sfm

no sfm-loss-threshold

Context

[Tree] (config>system>switch-fabric sfm-loss-threshold)

Full Context

configure system switch-fabric sfm-loss-threshold

Description

This command sets the number of SFMs that are permitted to fail before the system goes into SFM overload state. This command is only applicable on the 7750 SR-7s and the 7750 SR-14s. Users can select the SFM limit based on the number possible for the system minus one. For the 7750 SR-7s this is a value of 3 and for the 7750 SR-14s this is a value of 7.

For networks that can accommodate more SFM failures than the default value, this command allows the selection of the number of SFMs to fail prior to the system going into SFM overload state.

The no form of this command reverts the threshold to the default value.

Default

7750 SR-7s: sfm-loss-threshold 1

7750 SR-14s: sfm-loss-threshold 2

Parameters

num-sfm

Specifies the number of SFMs permitted to fail before SFM overload state.

Values

1 to 7

Platforms

7750 SR-7s, 7750 SR-14s

sfm-type

sfm-type

Syntax

sfm-type sfm-type

no sfm sfm-type

Context

[Tree] (config>sfm sfm-type)

Full Context

configure sfm sfm-type

Description

This command provisions the SFM.

The no form of this command deprovisions the SFM.

Default

no sfm sfm-type

Parameters

sfm-type

Specifies the SFM card type.

Values

Depending on the SR hardware platform.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

sg

sg

Syntax

sg [group grp-addr [source src-addr]]

no sg

Context

[Tree] (debug>service>id>video-interface sg)

Full Context

debug service id video-interface sg

Description

This command enables channel debugging.

Parameters

group grp-addr

Specifies the multicast channel address.

source src-addr

Specifies the source address.

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

sgsn-mcc-mnc

sgsn-mcc-mnc

Syntax

[no] sgsn-mcc-mnc

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp sgsn-mcc-mnc)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp sgsn-mcc-mnc

Description

This command enables the inclusion of the 3GPP-SGSN-MCC-MNC AVP, which contains the MCC and MNC as configured under configure subscriber-mgmt gtp serving-network.

The no form of this command disables the inclusion of the AVP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

sgt-qos

sgt-qos

Syntax

sgt-qos

Context

[Tree] (config>service>vprn sgt-qos)

[Tree] (config>router sgt-qos)

Full Context

configure service vprn sgt-qos

configure router sgt-qos

Description

Commands in this context configure DSCP/dot1p remarking for self-generated traffic.

Platforms

All

shallow-inspection

shallow-inspection

Syntax

[no] shallow-inspection

Context

[Tree] (config>app-assure>group shallow-inspection)

Full Context

configure application-assurance group shallow-inspection

Description

This command disables all Layer 7 signature-based flow inspection.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sham-link

sham-link

Syntax

sham-link ip-int-name ip-address

Context

[Tree] (config>service>vprn>ospf>area sham-link)

Full Context

configure service vprn ospf area sham-link

Description

This command is similar to a virtual link with the exception that metric must be included in order to distinguish the cost between the MPLS-VPRN link and the backdoor.

Parameters

ip-int-name

The local interface name used for the sham-link. This is a mandatory parameter and interface names must be unique within the group of defined IP interfaces for config>router>if, config>service>ies>if and config>service>vprn>if commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters, the entire string must be enclosed between double quotes. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.

ip-address

The IP address of the sham-link neighbor in IP address dotted decimal notation. This parameter is the remote peer of the sham link’s IP address used to set up the sham-link. This is a mandatory parameter and must be a valid IP address.

Platforms

All

sham-neighbor

sham-neighbor

Syntax

sham-neighbor [ip-address]

no sham-neighbor

Context

[Tree] (debug>router>ospf sham-neighbor)

Full Context

debug router ospf sham-neighbor

Description

This command enables debugging of the OSPFv2 sham-link neighbor.

Parameters

ip-address

Debugs the sham-link neighbor identified by this IP address.

Platforms

All

shape-multi-client-only

shape-multi-client-only

Syntax

[no] shape-multi-client-only

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>egress shape-multi-client-only)

Full Context

configure service ies subscriber-interface group-interface wlan-gw egress shape-multi-client-only

Description

This command enables the egress shaping is only enabled for a wlan-gw tunnel while there are multiple UE (User Equipment) using it.

The no form of this command disables the egress shaping.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

shaper

shaper

Syntax

[no] shaper

Context

[Tree] (config>service>sdp>binding>pw-port>egress shaper)

Full Context

configure service sdp binding pw-port egress shaper

Description

This command enables the egress shaping option for use by a pseudowire port.

The no form of the command disables the egress shaping option.

Default

no shaper

Platforms

All

shaper

Syntax

[no] shaper

Context

[Tree] (config>service>epipe>pw-port>egress shaper)

Full Context

configure service epipe pw-port egress shaper

Description

Commands in this context configure PW-port shaper parameters.

Platforms

All

shaping

shaping

Syntax

shaping {per-retailer | per-tunnel}

no shaping

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>egress shaping)

Full Context

configure service ies subscriber-interface group-interface wlan-gw egress shaping

Description

This command configures the granularity of the egress shaping for wlan-gw on this group interface.

The no form of this command removes the parameter from the configuration.

Parameters

per-tunnel

Specifies that a separate shaper is applied to each wlan-gw tunnel.

per-retailer

Specifies that a separate shaper is applied to each retailer Mobile Network Operator's fraction of the wlan-gw tunnel payload.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

shared-circuit-id

shared-circuit-id

Syntax

[no] shared-circuit-id

Context

[Tree] (config>service>vprn>sub-if>grp-if shared-circuit-id)

[Tree] (config>service>ies>sub-if>grp-if shared-circuit-id)

Full Context

configure service vprn subscriber-interface group-interface shared-circuit-id

configure service ies subscriber-interface group-interface shared-circuit-id

Description

If configured, circuit-id in DHCPv4 Option82 is used to authenticate DHCPv6. If DHCPv6 is received before DHCPv4, it is dropped. Also, a SLAAC host is created based on DHCPv4 authentication if RADIUS returns IPv6 framed-prefix. The IPv6oE host is deleted if the linked IPv4oE host is deleted due to DHCP release or lease time-out. The linkage between IPv4 and IPv6 is based on SAP and MAC address. The sharing of circuit-id from DHCPv4 for authentication of DHCPv6 (or SLAAC) allows 7750 SR to work around lack of support for LDRA on access nodes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shared-policer

shared-policer

Syntax

[no] shared-policer

Context

[Tree] (config>filter>ipv6-filter shared-policer)

[Tree] (config>filter>ip-filter shared-policer)

Full Context

configure filter ipv6-filter shared-policer

configure filter ip-filter shared-policer

Description

When enabled and when the filter policy is configured on a LAG endpoint, the system programs the policer rates in the filter policy per line card FP of the LAG based on the number of active ports in the LAG for each FP.When disabled and when the filter policy is configured on a LAG endpoint, the system programs the same policer rate on each line card FP of the LAG.

The no form of this command disables the configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

shared-queue

shared-queue

Syntax

shared-queue policy-name [create]

no shared-queue policy-name

Context

[Tree] (config>qos shared-queue)

Full Context

configure qos shared-queue

Description

Commands in this context modify the QoS default shared-queue policy.

Parameters

policy-name

The name of the default shared-queue policy.

Values

default

Platforms

All

shared-queue

Syntax

shared-queue src-name dst-name [overwrite]

Context

[Tree] (config>qos>copy shared-queue)

Full Context

configure qos copy shared-queue

Description

This command copies an existing shared-queue to another shared-queue. The copy command is a configuration level maintenance tool used to create new entries using an existing mapping policy name. If overwrite is not specified, an error occurs if the destination policy exists.

Parameters

src-name

Specifies the existing source shared-queue, up to 32 characters, from which the copy command attempts to copy.

dst-name

Specifies the destination shared-queue, up to 32 characters, to which the copy command attempts to copy.

overwrite

Use this parameter when the shared-queue dst-name already exists. If it does, everything in the existing destination shared-queue dst-name is completely overwritten with the contents of the shared-queue src-name. The overwrite parameter must be specified or else the following error message is returned:

MINOR: CLI Destination "sqtest10" exists - use {overwrite}.

If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.

Platforms

All

shared-radius-filter-wmark

shared-radius-filter-wmark

Syntax

shared-radius-filter-wmark low low-watermark high high-watermark

no shared-radius-filter-wmark

Context

[Tree] (config>filter>ip-filter shared-radius-filter-wmark)

[Tree] (config>filter>ipv6-filter shared-radius-filter-wmark)

Full Context

configure filter ip-filter shared-radius-filter-wmark

configure filter ipv6-filter shared-radius-filter-wmark

Description

This command configures the low and high watermark for the number of RADIUS shared filters reporting

Default

no shared-radius-filter-wmark

Parameters

low-watermark

Specifies the utilization of the filter ranges for filter entry insertion, at which a table full alarm will be raised by the agent.

Values

0 to 8000

high-watermark

Specifies the utilization of the filter ranges for filter entry insertion, at which a table full alarm will be cleared by the agent.

Values

1 to 8000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shared-resources

shared-resources

Syntax

shared-resources

Context

[Tree] (config>isa>aa-grp shared-resources)

Full Context

configure isa application-assurance-group shared-resources

Description

Commands in this context configure the shared resources pool.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shcv-policy

shcv-policy

Syntax

shcv-policy name [create]

no shcv-policy name

Context

[Tree] (config>subscr-mgmt shcv-policy)

Full Context

configure subscriber-mgmt shcv-policy

Description

This command configures a Subscriber Host Connectivity Verification (SHCV) policy. An SHCV policy can be applied to both the subscriber management group interface and VPLS instances. All SHCV-related features inside a group interface and a VPLS service follows the configuration specified in the SHCV policy. The SHCV policy and the SHCV configuration on a group interface are mutually exclusive. Only one can be applied to the group interface.

The no form of this command removes the policy name from the configuration.

Parameters

name

Specifies the name of the SHCV policy, up to 32 characters.

create

Keyword required to create the configuration context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shcv-policy

Syntax

shcv-policy name

no shcv-policy

Context

[Tree] (config>service>ies>sub-if>grp-if shcv-policy)

[Tree] (config>service>vprn>sub-if>grp-if shcv-policy)

Full Context

configure service ies subscriber-interface group-interface shcv-policy

configure service vprn subscriber-interface group-interface shcv-policy

Description

This command references the SHCV policy to be used for both IPv4 and IPv6 subscriber hosts. The policy name must already exist in the config>subscr-mgmt context.

The no form of this command removes the policy name from the service configuration.

Parameters

name

Specifies an existing SHCV policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shcv-policy-ipv4

shcv-policy-ipv4

Syntax

shcv-policy-ipv4 name

no shcv-policy-ipv4

Context

[Tree] (config>service>vpls shcv-policy-ipv4)

[Tree] (config>service>vprn>sub-if>grp-if shcv-policy-ipv4)

[Tree] (config>service>vprn>if shcv-policy-ipv4)

[Tree] (config>service>ies>if shcv-policy-ipv4)

[Tree] (config>service>vpls>sap shcv-policy-ipv4)

[Tree] (config>service>ies>sub-if>grp-if shcv-policy-ipv4)

Full Context

configure service vpls shcv-policy-ipv4

configure service vprn subscriber-interface group-interface shcv-policy-ipv4

configure service vprn interface shcv-policy-ipv4

configure service ies interface shcv-policy-ipv4

configure service vpls sap shcv-policy-ipv4

configure service ies subscriber-interface group-interface shcv-policy-ipv4

Description

This command specifies the Subscriber Host Connectivity Verification (SHCV) policy to be used exclusive for IPv4 subscriber hosts. The shcv-policy name must already exist in the config>subscr-mgmt context.

The no form of this command removes the policy name from the service configuration.

Parameters

name

Specifies an existing SHCV policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shcv-policy-ipv6

shcv-policy-ipv6

Syntax

shcv-policy-ipv6 name

no shcv-policy-ipv6

Context

[Tree] (config>service>ies>if shcv-policy-ipv6)

[Tree] (config>service>vprn>sub-if>grp-if shcv-policy-ipv6)

[Tree] (config>service>vprn>if shcv-policy-ipv6)

[Tree] (config>service>ies>sub-if>grp-if shcv-policy-ipv6)

Full Context

configure service ies interface shcv-policy-ipv6

configure service vprn subscriber-interface group-interface shcv-policy-ipv6

configure service vprn interface shcv-policy-ipv6

configure service ies subscriber-interface group-interface shcv-policy-ipv6

Description

This command references the Subscriber Host Connectivity Verification (SHCV) policy to be used exclusive for IPv6 subscriber hosts. The policy name must already exist in the config>subscr-mgmt context.

The no form of this command removes the policy name from the service configuration.

Parameters

name

Specifies an existing SHCV policy name up to 32 characters.

Platforms

All

  • configure service vprn interface shcv-policy-ipv6
  • configure service ies interface shcv-policy-ipv6

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface shcv-policy-ipv6
  • configure service ies subscriber-interface group-interface shcv-policy-ipv6

shell

shell

Syntax

shell -password password

no shell

Context

[Tree] (environment shell)

Full Context

environment shell

Description

This command enables and disables the shell.

Parameters

password

Specifies the password to enter the shell, up to 256 characters.

Platforms

All

short-duration-flow-count

short-duration-flow-count

Syntax

[no] short-duration-flow-count

Context

[Tree] (config>log>acct-policy>cr>aa>aa-sub-cntr short-duration-flow-count)

Full Context

configure log accounting-policy custom-record aa-specific aa-sub-counters short-duration-flow-count

Description

This command includes the short duration flow count in the AA subscriber's custom record. This command only applies to the 7750 SR.

The no form of this command excludes the short duration flow count.

Default

no short-duration-flow-count

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

short-sequence-numbers

short-sequence-numbers

Syntax

[no] short-sequence-numbers

Context

[Tree] (config>subscr-mgmt>ppp-policy>mlppp short-sequence-numbers)

[Tree] (config>service>vprn>l2tp>group>mlppp short-sequence-numbers)

[Tree] (config>router>l2tp>group>mlppp short-sequence-numbers)

[Tree] (config>router>l2tp>group>tunnel>mlppp short-sequence-numbers)

[Tree] (config>service>vprn>l2tp>group>tunnel>mlppp short-sequence-numbers)

Full Context

configure subscriber-mgmt ppp-policy mlppp short-sequence-numbers

configure service vprn l2tp group mlppp short-sequence-numbers

configure router l2tp group mlppp short-sequence-numbers

configure router l2tp group tunnel mlppp short-sequence-numbers

configure service vprn l2tp group tunnel mlppp short-sequence-numbers

Description

This command enables a peer request to send short sequence numbers. This command is applicable to LAC and LNS. By default, MLPPPoX negotiates 24bit long sequence numbers. This command allows this to be changed to shorter, 12-bit sequence numbers.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

shortcut-local-ttl-propagate

shortcut-local-ttl-propagate

Syntax

[no] shortcut-local-ttl-propagate

Context

[Tree] (config>router>ldp shortcut-local-ttl-propagate)

[Tree] (config>router>mpls shortcut-local-ttl-propagate)

Full Context

configure router ldp shortcut-local-ttl-propagate

configure router mpls shortcut-local-ttl-propagate

Description

This command configures the TTL handling of locally generated packets for all LSP shortcuts originating on this ingress LER. It applies to all LDP or RSVP LSPs that are used to resolve static routes, BGP routes, and IGP routes.

The user can enable or disable the propagation of the TTL from the header of an IP packet into the header of the resulting MPLS packet independently for local and transit packets forwarded over an LSP shortcut.

Local IP packets include ICMP Ping, traceroute, and OAM packets, that are destined to a route that is resolved to the LSP shortcut. Transit IP packets are all IP packets received on any IES interface and destined to a route that is resolved to the LSP shortcut

By default, the feature propagates the TTL from the header of locally generated IP packets into the label stack of the resulting MPLS packets forwarded over the LSP shortcut. This is referred to as Uniform mode.

When the no form of this command is enabled, TTL propagation is disabled on all locally generated IP packets, including ICMP Ping, traceroute, and OAM packets, that are destined to a route that is resolved to the LSP shortcut. In this case, a TTL of 255 is programmed onto the pushed label stack. This is referred to as Pipe mode.

Default

shortcut-local-ttl-propagate

Platforms

All

shortcut-transit-ttl-propagate

shortcut-transit-ttl-propagate

Syntax

[no] shortcut-transit-ttl-propagate

Context

[Tree] (config>router>ldp shortcut-transit-ttl-propagate)

[Tree] (config>router>mpls shortcut-transit-ttl-propagate)

Full Context

configure router ldp shortcut-transit-ttl-propagate

configure router mpls shortcut-transit-ttl-propagate

Description

This command configures the TTL handling of transit packets for all LSP shortcuts originating on this ingress LER. It applies to all LDP or RSVP LSPs that are used to resolve static routes, BGP routes, and IGP routes.

The user can enable or disable the propagation of the TTL from the header of an IP packet into the header of the resulting MPLS packet independently for local and transit packets forwarded over an LSP shortcut.

By default, the feature propagates the TTL from the header of transit IP packets into the label stack of the resulting MPLS packets forwarded over the LSP shortcut. This is referred to as Uniform mode.

When the no form of the command is enabled, TTL propagation is disabled on all transit IP packets received on any IES interface and destined to a route that is resolved to the LSP shortcut. In this case, a TTL of 255 is programmed onto the pushed label stack. This is referred to as Pipe mode.

Default

shortcut-transit-ttl-propagate

Platforms

All

shortcut-tunnel

shortcut-tunnel

Syntax

shortcut-tunnel

Context

[Tree] (config>router>bgp>next-hop-resolution shortcut-tunnel)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel

Description

This command creates the context to configure the tunnel types that can be used to resolve unlabeled IPv4 and IPv6 BGP routes.

The following tunnel types are supported for resolving IPv4 routes and IPv6 routes with IPv4-mapped IPv6 next-hop addresses: bgp, ldp, rsvp, sr-isis, sr-ospf, sr-policy and sr-te. In this context:

  • bgp — refers to IPv4 tunnels created by receiving BGP label-unicast IPv4 routes for /32 IPv4 prefixes.

  • ldp — refers to /32 and shorter length LDP FEC prefixes imported into the tunnel table. For IPv4 NLRI, BGP selects the LDP FEC that is the longest-prefix-match (LPM) of the BGP next-hop address. For IPv6 NLRI, BGP selects the /32 FEC that is an exact match of the BGP next-hop address.

  • rsvp — refers to RSVP tunnels in the tunnel table to IPv4 destinations. This option allows BGP to use the best metric RSVP LSP to the address of the BGP next-hop. This address can correspond to the system interface or to another loopback interface of the remote BGP router. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel id.

  • sr-isis — refers to segment routing tunnels (shortest path) to IPv4 destinations reachable by the IS-IS protocol. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference IS-IS instance or (in case of a tie) the lowest numbered IS-IS instance.

  • sr-ospf — refers to segment routing tunnels (shortest path) to IPv4 destinations reachable by the OSPF protocol. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference OSPF instance or (in case of a tie) the lowest numbered OSPF instance.

  • sr-policy — refers to segment routing policies with an IPv4 endpoint that are statically configured in the local router or learned through BGP routes (AFI 1/SAFI 73). For BGP to resolve the next hop of an unlabeled IPv4 or IPv6 route using a segment routing policy the highest numbered color extended community attached to the IPv4 or IPv6 route must match the color of the segment routing policy.

  • sr-te — refers to traffic engineered (TE) segment routing tunnels. This option allows BGP to use the best metric SR-TE tunnel to the address of the BGP next-hop. In the case of multiple SR-TE tunnels with the same lowest metric, BGP selects the tunnel with the lowest tunnel id.

  • udp — refers to MPLSoUDPoIPv4 tunnels set up by action of the BGP import policies.

The following tunnel types are supported for resolving IPv6 routes with IPv6 next-hops that are not IPv4-mapped IPv6 addresses: ldp, sr-isis, and sr-policy. In this context:

  • ldp — refers to /128 LDP FEC prefixes in the tunnel table. BGP selects the /128 FEC that is an exact match of the BGP next-hop address.

  • sr-isis — refers to segment routing tunnels (shortest path) to IPv6 destinations reachable by the IS-IS protocol. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference IS-IS instance or (in case of a tie) the lowest numbered IS-IS instance.

  • sr-policy — refers to segment routing policies with a null IPv4 endpoint (0.0.0.0) that are statically configured in the local router or learned through BGP routes (AFI 1/SAFI 73). For BGP to resolve the next hop of an IPv6 route using a segment routing policy the highest numbered color extended community attached to the IPv6 route must match the color of the segment routing policy and its color bits must be set to '01' or '10'.

Platforms

All

show-ipsec-keys

show-ipsec-keys

Syntax

[no] show-ipsec-keys

Context

[Tree] (config>ipsec show-ipsec-keys)

Full Context

configure ipsec show-ipsec-keys

Description

This command enables user to optionally include IKE-SA or CHILD-SA keys in the output of debug ipsec or admin ipsec display-key.

The no form of this command disallows the user from including keys in the output.

Default

no show-ipsec-keys

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

show-request

show-request

Syntax

show-request [ca ca-profile-name]

Context

[Tree] (admin>certificate>cmpv2 show-request)

Full Context

admin certificate cmpv2 show-request

Description

This command displays current the CMPv2 pending request toward the specified CA. If there is no pending request, the last pending request is displayed including the status (success/fail/rejected) and the receive time of last CMPv2 message from server.

The following information is included in the output:

  • Request type, original input parameter (password is not displayed), checkAfter and reason in of last PollRepContent, time of original command input.

Parameters

ca-profile-name

Specifies a ca-profile name, up to 32 characters. If not specified, the system will display pending requests of all ca-profiles.

Platforms

All

shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>ptp>alternate-profile shutdown)

[Tree] (config>test-oam>mpls-dm shutdown)

[Tree] (config>system>sync-if-timing>ptp shutdown)

[Tree] (config>service>vprn>mvpn>pt>inclusive>p2mp-sr shutdown)

[Tree] (config>li>x-interfaces shutdown)

[Tree] (config>system>sync-if-timing>bits>input shutdown)

[Tree] (config>system>switch-fabric>failure-recovery shutdown)

[Tree] (config>service>vprn>mvpn>pt>selective>p2mp-sr shutdown)

[Tree] (config>service>epipe>nat-outside shutdown)

[Tree] (config>system>telemetry>notification-bundling shutdown)

[Tree] (config>router>fad>flex-algo shutdown)

[Tree] (config>system>sync-if-timing>bits>output shutdown)

[Tree] (config>system>ptp>ptsf>monitor shutdown)

[Tree] (config>oam-pm>streaming>delay-template shutdown)

[Tree] (config>system>lldp shutdown)

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive shutdown)

[Tree] (config>system>grpc-tunnel>tunnel>handler shutdown)

[Tree] (config>system>time>sntp shutdown)

[Tree] (config>app-assure>group>policy>chrg-fltr>entry shutdown)

[Tree] (config>system>persistence>python-policy-cache shutdown)

[Tree] (config>system>sync-if-timing>ref2 shutdown)

[Tree] (config>system>persistence>dhcp-server shutdown)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh shutdown)

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi shutdown)

[Tree] (config>system>cron>sched shutdown)

[Tree] (config>system>persistence>nat-port-forward shutdown)

[Tree] (config>system>persistence>app-assure shutdown)

[Tree] (config>system>satellite>port-template shutdown)

[Tree] (config>system>sync-if-timing>synce shutdown)

[Tree] (config>system>sync-if-timing>ref1 shutdown)

[Tree] (config>system>time>ntp shutdown)

[Tree] (config>eth-tunnel>path shutdown)

[Tree] (config>router>mpls>static-lsp shutdown)

[Tree] (config>system>sync-if-timing>gnss shutdown)

[Tree] (config>system>telemetry>persistent-subscriptions>subscription shutdown)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>ingress-statistics shutdown)

[Tree] (config>system>satellite>local-forward>sap shutdown)

[Tree] (config>system>grpc-tunnel>tunnel shutdown)

[Tree] (config>system>script-control>script shutdown)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>egress-statistics shutdown)

[Tree] (config>system>telemetry>destination-group>tcp-keepalive shutdown)

[Tree] (config>eth-tunnel shutdown)

[Tree] (config>system>script-control>script-policy shutdown)

[Tree] (config>system>persistence>subscriber-mgmt shutdown)

Full Context

configure system ptp alternate-profile shutdown

configure test-oam mpls-dm shutdown

configure system sync-if-timing ptp shutdown

configure service vprn mvpn provider-tunnel inclusive p2mp-sr shutdown

configure li x-interfaces shutdown

configure system sync-if-timing bits input shutdown

configure system switch-fabric failure-recovery shutdown

configure service vprn mvpn provider-tunnel selective p2mp-sr shutdown

configure service epipe nat-outside shutdown

configure system telemetry notification-bundling shutdown

configure router flexible-algorithm-definitions flex-algo shutdown

configure system sync-if-timing bits output shutdown

configure system ptp ptsf monitor-ptsf-unusable shutdown

configure oam-pm streaming delay-template shutdown

configure system lldp shutdown

configure system grpc-tunnel destination-group tcp-keepalive shutdown

configure system grpc-tunnel tunnel handler shutdown

configure system time sntp shutdown

configure application-assurance group policy charging-filter entry shutdown

configure system persistence python-policy-cache shutdown

configure system sync-if-timing ref2 shutdown

configure system persistence dhcp-server shutdown

configure subscriber-mgmt diameter-application-policy gy extended-failure-handling shutdown

configure service vprn mvpn provider-tunnel selective multistream-spmsi shutdown

configure system cron schedule shutdown

configure system persistence nat-port-forward shutdown

configure system persistence application-assurance shutdown

configure system satellite port-template shutdown

configure system sync-if-timing synce shutdown

configure system sync-if-timing ref1 shutdown

configure system time ntp shutdown

configure eth-tunnel path shutdown

configure router mpls static-lsp shutdown

configure system sync-if-timing gnss shutdown

configure system telemetry persistent-subscriptions subscription shutdown

configure router mpls forwarding-policies forwarding-policy ingress-statistics shutdown

configure system satellite local-forward sap shutdown

configure system grpc-tunnel tunnel shutdown

configure system script-control script shutdown

configure router mpls forwarding-policies forwarding-policy egress-statistics shutdown

configure system telemetry destination-group tcp-keepalive shutdown

configure eth-tunnel shutdown

configure system script-control script-policy shutdown

configure system persistence subscriber-mgmt shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure oam-pm streaming delay-template shutdown
  • configure system sync-if-timing ref2 shutdown
  • configure eth-tunnel shutdown
  • configure system sync-if-timing ptp shutdown
  • configure test-oam mpls-dm shutdown
  • configure system ptp alternate-profile shutdown
  • configure eth-tunnel path shutdown
  • configure system sync-if-timing ref1 shutdown
  • configure system sync-if-timing bits input shutdown
  • configure system sync-if-timing bits output shutdown
  • configure system satellite local-forward sap shutdown
  • configure system sync-if-timing synce shutdown
  • configure li x-interfaces shutdown
  • configure system ptp ptsf monitor-ptsf-unusable shutdown
  • configure system satellite port-template shutdown

All

  • configure system time ntp shutdown
  • configure service vprn mvpn provider-tunnel inclusive p2mp-sr shutdown
  • configure router mpls forwarding-policies forwarding-policy egress-statistics shutdown
  • configure router flexible-algorithm-definitions flex-algo shutdown
  • configure system persistence python-policy-cache shutdown
  • configure service vprn mvpn provider-tunnel selective multistream-spmsi shutdown
  • configure service vprn mvpn provider-tunnel selective p2mp-sr shutdown
  • configure router mpls static-lsp shutdown
  • configure system lldp shutdown
  • configure system grpc-tunnel tunnel handler shutdown
  • configure system telemetry notification-bundling shutdown
  • configure system grpc-tunnel tunnel shutdown
  • configure system telemetry destination-group tcp-keepalive shutdown
  • configure router mpls forwarding-policies forwarding-policy ingress-statistics shutdown
  • configure system script-control script-policy shutdown
  • configure system telemetry persistent-subscriptions subscription shutdown
  • configure system cron schedule shutdown
  • configure system time sntp shutdown
  • configure system grpc-tunnel destination-group tcp-keepalive shutdown
  • configure system script-control script shutdown

7450 ESS, 7750 SR-7, 7750 SR-12e, 7950 XRS

  • configure system switch-fabric failure-recovery shutdown

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure application-assurance group policy charging-filter entry shutdown
  • configure system persistence application-assurance shutdown
  • configure service epipe nat-outside shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt diameter-application-policy gy extended-failure-handling shutdown
  • configure system persistence dhcp-server shutdown
  • configure system persistence subscriber-mgmt shutdown

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se

  • configure system sync-if-timing gnss shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi shutdown)

Full Context

configure service vprn mvpn provider-tunnel selective multistream-spmsi shutdown

Description

This commands enables multi-stream S-PSMI. At least one group must be active in a policy.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>igmp shutdown)

[Tree] (config>router>radius-proxy>cache shutdown)

[Tree] (config>system>management-interface>cli>md-cli>environment>progress-indicator shutdown)

[Tree] (config>service>vprn>mvpn>provider-tunnel>selective>bier shutdown)

[Tree] (config>router>mld>if shutdown)

[Tree] (config>router>igmp>tunnel-interface shutdown)

[Tree] (config>aaa>radius-scr-plcy>primary shutdown)

[Tree] (config>router>msdp shutdown)

[Tree] (config>router>mtrace2 shutdown)

[Tree] (config>service>vprn>mvpn>provider-tunnel>inclusive>bier shutdown)

[Tree] (config>router>mld>grp-if>mcac>mc-constraints shutdown)

[Tree] (config>service>vprn>radius-proxy>server>cache shutdown)

[Tree] (config>router>mld shutdown)

[Tree] (config>cflowd shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>brg shutdown)

[Tree] (config>service>vprn>mvpn>pt>selective>rsvp shutdown)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcp6-client>ia-na shutdown)

[Tree] (config>router>if shutdown)

[Tree] (config>service>vprn>mvpn>pt>inclusive>rsvp>lsp-template shutdown)

[Tree] (config>router>static-route-entry>indirect shutdown)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>brg shutdown)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcp6-client>slaac shutdown)

[Tree] (config>router>igmp>group-interface shutdown)

[Tree] (config>router>mld>group-interface shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>brg shutdown)

[Tree] (config>service>vpls>provider-tunnel>selective shutdown)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-mgr>dhcp6-client>dhcpv4-nat shutdown)

[Tree] (config>isa>video-group shutdown)

[Tree] (config>router>mcac>if-policy shutdown)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw shutdown)

[Tree] (config>router>radius-proxy>server shutdown)

[Tree] (config>service>ies>video-interface shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-ranges>range>vrgw>brg shutdown)

[Tree] (config>router>pim>rp>ipv6>rp-candidate shutdown)

[Tree] (config>router>pim>rp>bsr-candidate shutdown)

[Tree] (config>router>static-route-entry>next-hop shutdown)

[Tree] (config>service>vprn>video-interface shutdown)

[Tree] (config>router>origin-validation>rpki-session shutdown)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-ranges>range>vrgw>brg shutdown)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-mgr>dhcp6-client>dhcpv4-nat shutdown)

[Tree] (config>router>static-route-entry>black-hole shutdown)

[Tree] (config>router>mcac>policy>bundle shutdown)

[Tree] (config>router>pim>rp>ipv6>bsr-candidate shutdown)

[Tree] (config>cflowd>collector shutdown)

[Tree] (config>router>pim>interface>mcac>mc-constraints shutdown)

[Tree] (config>router>if>eth-cfm>mep shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw shutdown)

[Tree] (config>router>pim>rp>ipv6>embedded-rp shutdown)

[Tree] (config>router>igmp>interface>mcac>mc-constraints shutdown)

[Tree] (config>router>pim>interface shutdown)

[Tree] (config>service>vprn>radius-proxy>server shutdown)

[Tree] (config>router>mpls>mpls-tp>transit-path shutdown)

[Tree] (config>service>vprn>mvpn>pt>selective>mldp shutdown)

[Tree] (config>router>igmp>if shutdown)

[Tree] (config>router>pim>rp>rp-candidate shutdown)

[Tree] (config>router>msdp>peer shutdown)

[Tree] (config>router>radius-proxy>server>cache shutdown)

[Tree] (config>aaa>radius-scr-plcy>secondary shutdown)

[Tree] (config>router>msdp>group shutdown)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-mgr>dhcp6-client>slaac shutdown)

[Tree] (config>router>pim shutdown)

[Tree] (config>service>vprn>mvpn>pt>inclusive>mldp shutdown)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-mgr>dhcp6-client>ia-na shutdown)

[Tree] (config>service>ies>sub-if>grp-if>brg shutdown)

Full Context

configure router igmp shutdown

configure router radius-proxy cache shutdown

configure system management-interface cli md-cli environment progress-indicator shutdown

configure service vprn mvpn provider-tunnel selective bier shutdown

configure router mld interface shutdown

configure router igmp tunnel-interface shutdown

configure aaa radius-script-policy primary shutdown

configure router msdp shutdown

configure router mtrace2 shutdown

configure service vprn mvpn provider-tunnel inclusive bier shutdown

configure router mld group-interface mcac mc-constraints shutdown

configure service vprn radius-proxy server cache shutdown

configure router mld shutdown

configure cflowd shutdown

configure service vprn subscriber-interface group-interface brg shutdown

configure service vprn mvpn provider-tunnel selective rsvp shutdown

configure service vprn subscriber-interface wlan-gw pool-mgr dhcp6-client ia-na shutdown

configure router interface shutdown

configure service vprn mvpn pt inclusive rsvp lsp-template shutdown

configure router static-route-entry indirect shutdown

configure service ies subscriber-interface group-interface wlan-gw ranges range brg shutdown

configure service vprn subscriber-interface wlan-gw pool-mgr dhcp6-client slaac shutdown

configure router igmp group-interface shutdown

configure router mld group-interface shutdown

configure service vprn subscriber-interface group-interface wlan-gw ranges range brg shutdown

configure service vpls provider-tunnel selective shutdown

configure service ies subscriber-interface wlan-gw pool-mgr dhcp6-client dhcpv4-nat shutdown

configure isa video-group shutdown

configure router mcac if-policy shutdown

configure service ies subscriber-interface group-interface wlan-gw shutdown

configure router radius-proxy server shutdown

configure service ies video-interface shutdown

configure service vprn subscriber-interface group-interface wlan-gw vlan-ranges range vrgw brg shutdown

configure router pim rp ipv6 rp-candidate shutdown

configure router pim rp bsr-candidate shutdown

configure router static-route-entry next-hop shutdown

configure service vprn video-interface shutdown

configure router origin-validation rpki-session shutdown

configure service ies subscriber-interface group-interface wlan-gw vlan-ranges range vrgw brg shutdown

configure service vprn subscriber-interface wlan-gw pool-mgr dhcp6-client dhcpv4-nat shutdown

configure router static-route-entry black-hole shutdown

configure router mcac policy bundle shutdown

configure router pim rp ipv6 bsr-candidate shutdown

configure cflowd collector shutdown

configure router pim interface mcac mc-constraints shutdown

configure router interface eth-cfm mep shutdown

configure service vprn subscriber-interface group-interface wlan-gw shutdown

configure router pim rp ipv6 embedded-rp shutdown

configure router igmp interface mcac mc-constraints shutdown

configure router pim interface shutdown

configure service vprn radius-proxy server shutdown

configure router mpls mpls-tp transit-path shutdown

configure service vprn mvpn provider-tunnel selective mldp shutdown

configure router igmp interface shutdown

configure router pim rp rp-candidate shutdown

configure router msdp peer shutdown

configure router radius-proxy server cache shutdown

configure aaa radius-script-policy secondary shutdown

configure router msdp group shutdown

configure service ies subscriber-interface wlan-gw pool-mgr dhcp6-client slaac shutdown

configure router pim shutdown

configure service vprn mvpn provider-tunnel inclusive mldp shutdown

configure service ies subscriber-interface wlan-gw pool-mgr dhcp6-client ia-na shutdown

configure service ies subscriber-interface group-interface brg shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

All

  • configure router mld shutdown
  • configure router msdp group shutdown
  • configure router static-route-entry indirect shutdown
  • configure router pim interface mcac mc-constraints shutdown
  • configure service vprn mvpn provider-tunnel selective mldp shutdown
  • configure router pim rp rp-candidate shutdown
  • configure router origin-validation rpki-session shutdown
  • configure service vprn mvpn provider-tunnel selective bier shutdown
  • configure cflowd shutdown
  • configure router pim rp ipv6 bsr-candidate shutdown
  • configure router igmp tunnel-interface shutdown
  • configure service vprn mvpn provider-tunnel selective rsvp shutdown
  • configure router msdp peer shutdown
  • configure service vprn mvpn provider-tunnel inclusive mldp shutdown
  • configure router pim shutdown
  • configure router igmp shutdown
  • configure router msdp shutdown
  • configure router mcac if-policy shutdown
  • configure system management-interface cli md-cli environment progress-indicator shutdown
  • configure router mcac policy bundle shutdown
  • configure service vprn mvpn provider-tunnel inclusive bier shutdown
  • configure router pim rp bsr-candidate shutdown
  • configure router static-route-entry black-hole shutdown
  • configure service vpls provider-tunnel selective shutdown
  • configure router igmp interface shutdown
  • configure router pim interface shutdown
  • configure router static-route-entry next-hop shutdown
  • configure router mld interface shutdown
  • configure cflowd collector shutdown
  • configure router pim rp ipv6 embedded-rp shutdown
  • configure router igmp interface mcac mc-constraints shutdown
  • configure router mtrace2 shutdown
  • configure router interface shutdown
  • configure router pim rp ipv6 rp-candidate shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn radius-proxy server shutdown
  • configure service ies subscriber-interface group-interface brg shutdown
  • configure router mld group-interface mcac mc-constraints shutdown
  • configure router igmp group-interface shutdown
  • configure service vprn radius-proxy server cache shutdown
  • configure aaa radius-script-policy secondary shutdown
  • configure service vprn subscriber-interface group-interface brg shutdown
  • configure aaa radius-script-policy primary shutdown
  • configure router radius-proxy server shutdown
  • configure router mld group-interface shutdown
  • configure router radius-proxy server cache shutdown

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

  • configure isa video-group shutdown
  • configure service vprn video-interface shutdown
  • configure service ies video-interface shutdown

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface wlan-gw shutdown
  • configure service vprn subscriber-interface group-interface wlan-gw shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure router mpls mpls-tp transit-path shutdown
  • configure router interface eth-cfm mep shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>shcv-policy>trigger shutdown)

Full Context

configure subscriber-mgmt shcv-policy trigger shutdown

Description

This command administratively disables the SHCV triggers.

The no form of this command administratively enables the the SHCV triggers.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>shcv-policy>periodic shutdown)

Full Context

configure subscriber-mgmt shcv-policy periodic shutdown

Description

This command administratively disables the periodic connectivity verification.

The no form of this command administratively enables the periodic connectivity verification.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>sap>ipoe-session shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>ipoe-session shutdown)

[Tree] (config>service>ies>sub-if>grp-if>ipoe-session shutdown)

Full Context

configure service vpls sap ipoe-session shutdown

configure service vprn subscriber-interface group-interface ipoe-session shutdown

configure service ies subscriber-interface group-interface ipoe-session shutdown

Description

The shutdown command enables or disables IPoE session management on a group interface or capture SAP.

A shutdown of the IPoE session CLI hierarchy on a group-interface clears all active IPoE sessions on that interface, resulting in a deletion of all corresponding subscriber hosts.

On wlan-gw group interfaces it is not possible to disable an IPoE session.

The no form of this command reverts to the default.

Default

shutdown no shutdown on wlan-gw group interfaces

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>if>sap>eth-cfm shutdown)

[Tree] (config>service>ies>sub-if>grp-if>dhcp shutdown)

[Tree] (config>service>ies>if shutdown)

[Tree] (config>service>ies shutdown)

[Tree] (config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt shutdown)

[Tree] (config>service>ies>if>dhcp>proxy-server shutdown)

[Tree] (config>service>ies>if>dhcp shutdown)

[Tree] (config>service>ies>sub-if>grp-if>pppoe shutdown)

[Tree] (config>service>ies>sub-if>grp-if>sap shutdown)

[Tree] (config>service>ies>sub-if>dhcp shutdown)

[Tree] (config>service>ies>if>spoke-sdp shutdown)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server shutdown)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>router-advertisements shutdown)

[Tree] (config>service>ies>aarp-interface>spoke-sdp shutdown)

[Tree] (config>service>ies>redundant-interface shutdown)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host shutdown)

[Tree] (config>service>ies>if>vrrp shutdown)

[Tree] (config>service>ies>if>sap>static-host shutdown)

[Tree] (config>service>ies>if>spoke-sdp>control-channel-status shutdown)

[Tree] (config>service>ies>sub-if>grp-if shutdown)

[Tree] (config>service>ies>aarp-interface shutdown)

Full Context

configure service ies interface sap eth-cfm shutdown

configure service ies subscriber-interface group-interface dhcp shutdown

configure service ies interface shutdown

configure service ies shutdown

configure service ies subscriber-interface group-interface sap sub-sla-mgmt shutdown

configure service ies interface dhcp proxy-server shutdown

configure service ies interface dhcp shutdown

configure service ies subscriber-interface group-interface pppoe shutdown

configure service ies subscriber-interface group-interface sap shutdown

configure service ies subscriber-interface dhcp shutdown

configure service ies interface spoke-sdp shutdown

configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server shutdown

configure service ies subscriber-interface group-interface ipv6 router-advertisements shutdown

configure service ies aarp-interface spoke-sdp shutdown

configure service ies redundant-interface shutdown

configure service ies subscriber-interface group-interface sap static-host shutdown

configure service ies interface vrrp shutdown

configure service ies interface sap static-host shutdown

configure service ies interface spoke-sdp control-channel-status shutdown

configure service ies subscriber-interface group-interface shutdown

configure service ies aarp-interface shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface sap shutdown
  • configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server shutdown
  • configure service ies subscriber-interface group-interface sap sub-sla-mgmt shutdown
  • configure service ies subscriber-interface group-interface dhcp shutdown
  • configure service ies subscriber-interface group-interface sap static-host shutdown
  • configure service ies redundant-interface shutdown
  • configure service ies interface sap static-host shutdown
  • configure service ies subscriber-interface group-interface shutdown
  • configure service ies subscriber-interface group-interface ipv6 router-advertisements shutdown
  • configure service ies subscriber-interface group-interface pppoe shutdown
  • configure service ies subscriber-interface dhcp shutdown

All

  • configure service ies interface vrrp shutdown
  • configure service ies interface dhcp shutdown
  • configure service ies interface spoke-sdp control-channel-status shutdown
  • configure service ies interface shutdown
  • configure service ies shutdown
  • configure service ies interface spoke-sdp shutdown
  • configure service ies interface dhcp proxy-server shutdown

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies aarp-interface shutdown
  • configure service ies aarp-interface spoke-sdp shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>gsmp shutdown)

[Tree] (config>aaa>route-downloader shutdown)

[Tree] (config>service>vprn>sub-if>grp-if shutdown)

[Tree] (config>subscr-mgmt>sub-ident-pol>secondary shutdown)

[Tree] (config>service>vpls>gsmp>group>neighbor shutdown)

[Tree] (config>redundancy>multi-chassis>peer>sync shutdown)

[Tree] (config>aaa>diam>node>peer shutdown)

[Tree] (config>subscr-mgmt>sub-ident-pol>tertiary shutdown)

[Tree] (config>redundancy>multi-chassis>peer shutdown)

[Tree] (config>service>ies>sub-if>grp-if>data-trigger shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>srrp shutdown)

[Tree] (config>service>ies>sub-if>grp-if>srrp shutdown)

[Tree] (config>service>ies>sub-if>grp-if>wpp shutdown)

[Tree] (config>service>vpls>sap>sub-sla-mgmt shutdown)

[Tree] (config>service>vpls>gsmp>group shutdown)

[Tree] (config>subscr-mgmt>sub-ident-pol>primary shutdown)

[Tree] (config>subscr-mgmt>sub-mcac-policy shutdown)

[Tree] (config>service>ies>sub-if>grp-if>arp-host shutdown)

[Tree] (config>redundancy>multi-chassis>peer>mc-lag shutdown)

[Tree] (config>aaa>wpp>portal-groups>portal-group shutdown)

[Tree] (config>service>vprn>subscriber-interface shutdown)

[Tree] (config>service>vprn>red-if>spoke-sdp shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>gtp-parameters shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>data-trigger shutdown)

[Tree] (config>service>ies>subscriber-interface shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>wpp>portals shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>wpp shutdown)

[Tree] (config>service>vprn>redundant-interface shutdown)

[Tree] (config>service>ies>sub-if>grp-if>gtp-parameters shutdown)

Full Context

configure service vpls gsmp shutdown

configure aaa route-downloader shutdown

configure service vprn subscriber-interface group-interface shutdown

configure subscriber-mgmt sub-ident-policy secondary shutdown

configure service vpls gsmp group neighbor shutdown

configure redundancy multi-chassis peer sync shutdown

configure aaa diameter node peer shutdown

configure subscriber-mgmt sub-ident-policy tertiary shutdown

configure redundancy multi-chassis peer shutdown

configure service ies subscriber-interface group-interface data-trigger shutdown

configure service vprn subscriber-interface group-interface srrp shutdown

configure service ies subscriber-interface group-interface srrp shutdown

configure service ies subscriber-interface group-interface wpp shutdown

configure service vpls sap sub-sla-mgmt shutdown

configure service vpls gsmp group shutdown

configure subscriber-mgmt sub-ident-policy primary shutdown

configure subscriber-mgmt sub-mcac-policy shutdown

configure service ies subscriber-interface group-interface arp-host shutdown

configure redundancy multi-chassis peer mc-lag shutdown

configure aaa wpp portal-groups portal-group shutdown

configure service vprn subscriber-interface shutdown

configure service vprn redundant-interface spoke-sdp shutdown

configure service vprn subscriber-interface group-interface gtp-parameters shutdown

configure service vprn subscriber-interface group-interface data-trigger shutdown

configure service ies subscriber-interface shutdown

configure service vprn subscriber-interface group-interface wpp portals shutdown

configure service vprn subscriber-interface group-interface wpp shutdown

configure service vprn redundant-interface shutdown

configure service ies subscriber-interface group-interface gtp-parameters shutdown

Description

The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

Shutting down a subscriber interface on a 7750 SR will operationally shut down all child group interfaces and SAPs. Shutting down a group interface on a 7750 SR will operationally shut down all SAPs that are part of that group-interface.

The no form of this command puts an entity into the administratively enabled state.

Platforms

All

  • configure service vpls gsmp group neighbor shutdown
  • configure service vpls gsmp group shutdown
  • configure redundancy multi-chassis peer sync shutdown
  • configure redundancy multi-chassis peer shutdown
  • configure redundancy multi-chassis peer mc-lag shutdown
  • configure service vpls gsmp shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface shutdown
  • configure service vprn subscriber-interface shutdown
  • configure service vpls sap sub-sla-mgmt shutdown
  • configure subscriber-mgmt sub-ident-policy tertiary shutdown
  • configure aaa wpp portal-groups portal-group shutdown
  • configure subscriber-mgmt sub-ident-policy secondary shutdown
  • configure service vprn subscriber-interface group-interface srrp shutdown
  • configure service ies subscriber-interface group-interface data-trigger shutdown
  • configure aaa diameter node peer shutdown
  • configure service vprn redundant-interface spoke-sdp shutdown
  • configure service ies subscriber-interface group-interface arp-host shutdown
  • configure aaa route-downloader shutdown
  • configure subscriber-mgmt sub-ident-policy primary shutdown
  • configure service vprn subscriber-interface group-interface data-trigger shutdown
  • configure service ies subscriber-interface group-interface srrp shutdown
  • configure service vprn redundant-interface shutdown
  • configure service ies subscriber-interface group-interface wpp shutdown
  • configure service ies subscriber-interface shutdown
  • configure service vprn subscriber-interface group-interface wpp shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure subscriber-mgmt sub-mcac-policy shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>isis>if shutdown)

[Tree] (config>service>vprn>isis shutdown)

[Tree] (config>service>vprn>msdp>peer shutdown)

[Tree] (config>service>vprn>nw-if>eth-cfm>mep shutdown)

[Tree] (config>service>vprn>gsmp>group>neighbor shutdown)

[Tree] (config>service>vprn>igmp>if>mcac>mc-constraints shutdown)

[Tree] (config>service>vprn>if>vrrp shutdown)

[Tree] (config>service>vprn>ospf>area>virtual-link shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel shutdown)

[Tree] (config>service>vprn>ospf>area>sham-link shutdown)

[Tree] (config>service>vprn>igmp>if>mcac shutdown)

[Tree] (config>service>vprn>pim>rp>bsr-candidate shutdown)

[Tree] (config>service>vprn>ntp shutdown)

[Tree] (config>service>vprn>if>sap>static-host shutdown)

[Tree] (config>service>vprn>pim>rp>ipv6>embedded-rp shutdown)

[Tree] (config>service>vprn>red-if shutdown)

[Tree] (config>service>vprn>bgp shutdown)

[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate shutdown)

[Tree] (config>service>vprn>igmp>if shutdown)

[Tree] (config>service>vprn>mld>grp-if>mcac>mc-constraints shutdown)

[Tree] (config>service>vprn>router-advert>if shutdown)

[Tree] (config>service>vprn>rip shutdown)

[Tree] (config>service>vprn>ospf3>area>virtual-link shutdown)

[Tree] (config>service>vprn>gsmp shutdown)

[Tree] (config>service>vprn>pim>if>mcac>mc-constraints shutdown)

[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate shutdown)

[Tree] (config>service>vprn>ospf shutdown)

[Tree] (config>service>vprn>bgp>group shutdown)

[Tree] (config>service>vprn>ospf3>area>if shutdown)

[Tree] (config>service>vprn>l2tp>tunnel shutdown)

[Tree] (config>service>vprn>aaa>remote-servers>radius shutdown)

[Tree] (config>service>vprn>gsmp>group shutdown)

[Tree] (config>service>vprn>pim shutdown)

[Tree] (config>service>vprn>bgp-ipvpn>mpls shutdown)

[Tree] (config>service>vprn>aarp-interface>spoke-sdp shutdown)

[Tree] (config>service>vprn>red-if>spoke-sdp shutdown)

[Tree] (config>service>vprn>l2tp shutdown)

[Tree] (config>service>vprn>msdp>group shutdown)

[Tree] (config>service>vprn>msdp>group>peer shutdown)

[Tree] (config>service>vprn>nw-if shutdown)

[Tree] (config>service>vprn>igmp shutdown)

[Tree] (config>service>vprn>bgp>group>neighbor shutdown)

[Tree] (config>service>vprn>mvpn>provider-tunnel>inclusive>pim shutdown)

[Tree] (config>service>vprn>msdp shutdown)

[Tree] (config>service>vprn>rip>group>neighbor shutdown)

[Tree] (config>service>vprn>igmp>grp-if>mcac>mc-constraints shutdown)

[Tree] (config>service>vprn>if shutdown)

[Tree] (config>service>vprn>bgp-ipvpn>srv6 shutdown)

[Tree] (config>service>vprn>bgp-evpn>mpls shutdown)

[Tree] (config>service>vprn shutdown)

[Tree] (config>service>vprn>aarp-interface shutdown)

[Tree] (config>service>vprn>l2tpv3 shutdown)

[Tree] (config>service>vprn>igmp-trk shutdown)

[Tree] (config>service>vprn>rip>group shutdown)

[Tree] (config>service>vprn>mld>if>mcac>mc-constraints shutdown)

[Tree] (config>service>vprn>if>ipv6>vrrp shutdown)

[Tree] (config>service>vprn>ospf>area>if shutdown)

[Tree] (config>service>vprn>ospf3 shutdown)

[Tree] (config>service>vprn>if>sap shutdown)

[Tree] (config>service>vprn>pim>if shutdown)

[Tree] (config>service>vprn>log>log-id shutdown)

[Tree] (config>service>vprn>red-if>spoke-sdp>control-channel-status shutdown)

Full Context

configure service vprn isis interface shutdown

configure service vprn isis shutdown

configure service vprn msdp peer shutdown

configure service vprn nw-if eth-cfm mep shutdown

configure service vprn gsmp group neighbor shutdown

configure service vprn igmp interface mcac mc-constraints shutdown

configure service vprn interface vrrp shutdown

configure service vprn ospf area virtual-link shutdown

configure service vprn interface sap ipsec-tunnel shutdown

configure service vprn ospf area sham-link shutdown

configure service vprn igmp interface mcac shutdown

configure service vprn pim rp bsr-candidate shutdown

configure service vprn ntp shutdown

configure service vprn interface sap static-host shutdown

configure service vprn pim rp ipv6 embedded-rp shutdown

configure service vprn redundant-interface shutdown

configure service vprn bgp shutdown

configure service vprn pim rp ipv6 rp-candidate shutdown

configure service vprn igmp interface shutdown

configure service vprn mld group-interface mcac mc-constraints shutdown

configure service vprn router-advertisement interface shutdown

configure service vprn rip shutdown

configure service vprn ospf3 area virtual-link shutdown

configure service vprn gsmp shutdown

configure service vprn pim interface mcac mc-constraints shutdown

configure service vprn pim rp ipv6 bsr-candidate shutdown

configure service vprn ospf shutdown

configure service vprn bgp group shutdown

configure service vprn ospf3 area interface shutdown

configure service vprn l2tp tunnel shutdown

configure service vprn aaa remote-servers radius shutdown

configure service vprn gsmp group shutdown

configure service vprn pim shutdown

configure service vprn bgp-ipvpn mpls shutdown

configure service vprn aarp-interface spoke-sdp shutdown

configure service vprn redundant-interface spoke-sdp shutdown

configure service vprn l2tp shutdown

configure service vprn msdp group shutdown

configure service vprn msdp group peer shutdown

configure service vprn network-interface shutdown

configure service vprn igmp shutdown

configure service vprn bgp group neighbor shutdown

configure service vprn mvpn provider-tunnel inclusive pim shutdown

configure service vprn msdp shutdown

configure service vprn rip group neighbor shutdown

configure service vprn igmp group-interface mcac mc-constraints shutdown

configure service vprn interface shutdown

configure service vprn bgp-ipvpn segment-routing-v6 shutdown

configure service vprn bgp-evpn mpls shutdown

configure service vprn shutdown

configure service vprn aarp-interface shutdown

configure service vprn l2tpv3 shutdown

configure service vprn igmp-host-tracking shutdown

configure service vprn rip group shutdown

configure service vprn mld interface mcac mc-constraints shutdown

configure service vprn interface ipv6 vrrp shutdown

configure service vprn ospf area interface shutdown

configure service vprn ospf3 shutdown

configure service vprn interface sap shutdown

configure service vprn pim interface shutdown

configure service vprn log log-id shutdown

configure service vprn redundant-interface spoke-sdp control-channel-status shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

If the AS number was previously changed, the BGP AS number inherits the new value.

Platforms

All

  • configure service vprn pim interface mcac mc-constraints shutdown
  • configure service vprn pim rp ipv6 embedded-rp shutdown
  • configure service vprn interface vrrp shutdown
  • configure service vprn mld interface mcac mc-constraints shutdown
  • configure service vprn bgp group shutdown
  • configure service vprn gsmp group shutdown
  • configure service vprn ospf area virtual-link shutdown
  • configure service vprn ntp shutdown
  • configure service vprn rip group neighbor shutdown
  • configure service vprn bgp-evpn mpls shutdown
  • configure service vprn pim interface shutdown
  • configure service vprn bgp-ipvpn mpls shutdown
  • configure service vprn ospf3 area virtual-link shutdown
  • configure service vprn rip shutdown
  • configure service vprn interface ipv6 vrrp shutdown
  • configure service vprn gsmp shutdown
  • configure service vprn mvpn provider-tunnel inclusive pim shutdown
  • configure service vprn igmp interface shutdown
  • configure service vprn network-interface shutdown
  • configure service vprn ospf shutdown
  • configure service vprn msdp group peer shutdown
  • configure service vprn gsmp group neighbor shutdown
  • configure service vprn isis shutdown
  • configure service vprn pim rp ipv6 bsr-candidate shutdown
  • configure service vprn interface shutdown
  • configure service vprn igmp interface mcac shutdown
  • configure service vprn msdp group shutdown
  • configure service vprn router-advertisement interface shutdown
  • configure service vprn bgp group neighbor shutdown
  • configure service vprn msdp shutdown
  • configure service vprn interface sap shutdown
  • configure service vprn ospf3 shutdown
  • configure service vprn pim shutdown
  • configure service vprn shutdown
  • configure service vprn msdp peer shutdown
  • configure service vprn ospf area sham-link shutdown
  • configure service vprn rip group shutdown
  • configure service vprn ospf area interface shutdown
  • configure service vprn log log-id shutdown
  • configure service vprn ospf3 area interface shutdown
  • configure service vprn isis interface shutdown
  • configure service vprn pim rp ipv6 rp-candidate shutdown
  • configure service vprn igmp shutdown
  • configure service vprn aaa remote-servers radius shutdown
  • configure service vprn igmp interface mcac mc-constraints shutdown
  • configure service vprn pim rp bsr-candidate shutdown
  • configure service vprn bgp shutdown

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn aarp-interface spoke-sdp shutdown
  • configure service vprn aarp-interface shutdown
  • configure service vprn interface sap ipsec-tunnel shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn mld group-interface mcac mc-constraints shutdown
  • configure service vprn igmp-host-tracking shutdown
  • configure service vprn redundant-interface shutdown
  • configure service vprn redundant-interface spoke-sdp control-channel-status shutdown
  • configure service vprn igmp group-interface mcac mc-constraints shutdown
  • configure service vprn redundant-interface spoke-sdp shutdown
  • configure service vprn interface sap static-host shutdown
  • configure service vprn l2tp shutdown

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service vprn bgp-ipvpn segment-routing-v6 shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>sap>arp-host shutdown)

[Tree] (config>service>vprn shutdown)

[Tree] (config>service>vpls>mesh-sdp shutdown)

[Tree] (config>service>vpls>sap shutdown)

[Tree] (config>service>vpls shutdown)

[Tree] (config>service>ies>if>sap shutdown)

[Tree] (config>service>vpls>wlan-gw shutdown)

[Tree] (config>service>vpls>spoke-sdp shutdown)

Full Context

configure service vpls sap arp-host shutdown

configure service vprn shutdown

configure service vpls mesh-sdp shutdown

configure service vpls sap shutdown

configure service vpls shutdown

configure service ies interface sap shutdown

configure service vpls wlan-gw shutdown

configure service vpls spoke-sdp shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vpls sap arp-host shutdown

All

  • configure service ies interface sap shutdown
  • configure service vpls sap shutdown
  • configure service vpls shutdown
  • configure service vpls spoke-sdp shutdown
  • configure service vpls mesh-sdp shutdown
  • configure service vprn shutdown

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vpls wlan-gw shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep shutdown)

[Tree] (config>service>vpls>sap>eth-cfm>mep shutdown)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep shutdown)

[Tree] (config>service>vpls>sap>spb shutdown)

[Tree] (config>service>vpls>eth-cfm>mep shutdown)

[Tree] (config>service>vpls>bind>evpn-mcast-gateway shutdown)

[Tree] (config>service>vpls>mld-snooping>mvr shutdown)

[Tree] (config>service>vpls>mac-notification shutdown)

[Tree] (config>service>vpls>interface shutdown)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac>mc-constraints shutdown)

[Tree] (config>service>vpls>sap>mld-snooping>mcac>mc-constraints shutdown)

[Tree] (config>service>vpls>sap>dhcp>proxy shutdown)

[Tree] (config>service>vpls>igmp-snooping>mvr shutdown)

[Tree] (config>service>vpls>sap>stp shutdown)

[Tree] (config>service>vpls>mac-move shutdown)

[Tree] (config>service>vpls>spb>level shutdown)

[Tree] (config>service>vpls>spoke-sdp>spb shutdown)

[Tree] (config>service>vpls>mld-snooping shutdown)

[Tree] (config>service>vpls>stp shutdown)

[Tree] (config>service>vpls>bgp-ad shutdown)

[Tree] (config>service>vpls>spoke-sdp>stp shutdown)

[Tree] (config>service>vpls>mrp shutdown)

[Tree] (config>service>vpls>sap>l2tpv3-session shutdown)

[Tree] (config>service>vpls>igmp-snooping shutdown)

[Tree] (config>service>vpls>mrp>mvrp shutdown)

[Tree] (config>service>vpls>spoke-sdp shutdown)

Full Context

configure service vpls mesh-sdp eth-cfm mep shutdown

configure service vpls sap eth-cfm mep shutdown

configure service vpls spoke-sdp eth-cfm mep shutdown

configure service vpls sap spb shutdown

configure service vpls eth-cfm mep shutdown

configure service vpls allow-ip-int-bind evpn-mcast-gateway shutdown

configure service vpls mld-snooping mvr shutdown

configure service vpls mac-notification shutdown

configure service vpls interface shutdown

configure service vpls sap igmp-snooping mcac mc-constraints shutdown

configure service vpls sap mld-snooping mcac mc-constraints shutdown

configure service vpls sap dhcp proxy-server shutdown

configure service vpls igmp-snooping mvr shutdown

configure service vpls sap stp shutdown

configure service vpls mac-move shutdown

configure service vpls spb level shutdown

configure service vpls spoke-sdp spb shutdown

configure service vpls mld-snooping shutdown

configure service vpls stp shutdown

configure service vpls bgp-ad shutdown

configure service vpls spoke-sdp stp shutdown

configure service vpls mrp shutdown

configure service vpls sap l2tpv3-session shutdown

configure service vpls igmp-snooping shutdown

configure service vpls mrp mvrp shutdown

configure service vpls spoke-sdp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vpls sap eth-cfm mep shutdown
  • configure service vpls mesh-sdp eth-cfm mep shutdown
  • configure service vpls spoke-sdp eth-cfm mep shutdown
  • configure service vpls eth-cfm mep shutdown

All

  • configure service vpls allow-ip-int-bind evpn-mcast-gateway shutdown
  • configure service vpls sap l2tpv3-session shutdown
  • configure service vpls spoke-sdp stp shutdown
  • configure service vpls bgp-ad shutdown
  • configure service vpls stp shutdown
  • configure service vpls sap dhcp proxy-server shutdown
  • configure service vpls mac-move shutdown
  • configure service vpls mrp mvrp shutdown
  • configure service vpls sap spb shutdown
  • configure service vpls mrp shutdown
  • configure service vpls spb level shutdown
  • configure service vpls interface shutdown
  • configure service vpls igmp-snooping shutdown
  • configure service vpls mld-snooping mvr shutdown
  • configure service vpls sap stp shutdown
  • configure service vpls spoke-sdp spb shutdown
  • configure service vpls mld-snooping shutdown
  • configure service vpls sap igmp-snooping mcac mc-constraints shutdown
  • configure service vpls sap mld-snooping mcac mc-constraints shutdown
  • configure service vpls igmp-snooping mvr shutdown
  • configure service vpls spoke-sdp shutdown
  • configure service vpls mac-notification shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>spb shutdown)

[Tree] (config>service>vpls>mrp>mmrp shutdown)

[Tree] (config>service>vpls>spoke-sdp>spb shutdown)

Full Context

configure service vpls spb shutdown

configure service vpls mrp mmrp shutdown

configure service vpls spoke-sdp spb shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within.

The no form of this command administratively enables an entity.

SPB Interface — In the config>service>vpls>spb> context, the command disables the IS-IS interface. By default, the IS-IS interface is disabled (shutdown).

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>sub-if>grp-if>pppoe shutdown)

Full Context

configure service vprn subscriber-interface group-interface pppoe shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>card>mda shutdown)

[Tree] (config>port>tdm>ds1>channel-group shutdown)

[Tree] (config>port>ethernet>dampening shutdown)

[Tree] (config>port>sonet-sdh>path shutdown)

[Tree] (config>port>ethernet>efm-oam shutdown)

[Tree] (config>port>tdm>ds1 shutdown)

[Tree] (config>port>ethernet>dwl shutdown)

[Tree] (config>card>xiom>mda shutdown)

[Tree] (config>card>xiom shutdown)

[Tree] (config>port>ethernet>symbol-monitor shutdown)

[Tree] (config>redundancy>mc>peer>mcr>node>cv shutdown)

[Tree] (config>port>otu shutdown)

[Tree] (config>port-xc>pxc shutdown)

[Tree] (config>card shutdown)

[Tree] (config>port>ethernet>eth-cfm>mep shutdown)

[Tree] (config>redundancy>multi-chassis>peer>mc-ep shutdown)

[Tree] (config>port shutdown)

[Tree] (config>port>ethernet>efm-cfm>mep shutdown)

[Tree] (config>port>tdm>ds3 shutdown)

[Tree] (config>redundancy>mc>peer>mcr>ring shutdown)

[Tree] (config>card>fp>ingress>mcast-path-management shutdown)

[Tree] (config>port>tdm>e1 shutdown)

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>domain shutdown)

[Tree] (config>port>tdm>e1>channel-group shutdown)

[Tree] (config>redundancy>multi-chassis>ipsec-domain shutdown)

[Tree] (config>port>tdm>e3 shutdown)

[Tree] (config>port>ethernet>ssm shutdown)

[Tree] (config>port>ethernet shutdown)

[Tree] (config>lag>eth-cfm>mep shutdown)

[Tree] (config>lag shutdown)

[Tree] (config>redundancy>mc>peer>mcr shutdown)

Full Context

configure card mda shutdown

configure port tdm ds1 channel-group shutdown

configure port ethernet dampening shutdown

configure port sonet-sdh path shutdown

configure port ethernet efm-oam shutdown

configure port tdm ds1 shutdown

configure port ethernet down-when-looped shutdown

configure card xiom mda shutdown

configure card xiom shutdown

configure port ethernet symbol-monitor shutdown

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify shutdown

configure port otu shutdown

configure port-xc pxc shutdown

configure card shutdown

configure port ethernet eth-cfm mep shutdown

configure redundancy multi-chassis peer mc-endpoint shutdown

configure port shutdown

configure port ethernet efm-cfm mep shutdown

configure port tdm ds3 shutdown

configure redundancy multi-chassis peer mc-ring ring shutdown

configure card fp ingress mcast-path-management shutdown

configure port tdm e1 shutdown

configure redundancy multi-chassis peer mc-ipsec domain shutdown

configure port tdm e1 channel-group shutdown

configure redundancy multi-chassis ipsec-domain shutdown

configure port tdm e3 shutdown

configure port ethernet ssm shutdown

configure port ethernet shutdown

configure lag eth-cfm mep shutdown

configure lag shutdown

configure redundancy multi-chassis peer mc-ring shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within.

This command is supported on TDM satellite.

The no form of this command administratively enables an entity.

Platforms

All

  • configure port ethernet efm-oam shutdown
  • configure redundancy multi-chassis peer mc-endpoint shutdown
  • configure port ethernet shutdown
  • configure redundancy multi-chassis peer mc-ring shutdown
  • configure lag shutdown
  • configure port ethernet dampening shutdown
  • configure card mda shutdown
  • configure port-xc pxc shutdown
  • configure port ethernet ssm shutdown
  • configure port ethernet down-when-looped shutdown
  • configure redundancy multi-chassis peer mc-ring ring shutdown
  • configure card shutdown
  • configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify shutdown
  • configure port shutdown

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure port tdm ds1 channel-group shutdown
  • configure port tdm e1 channel-group shutdown
  • configure port tdm ds1 shutdown
  • configure port tdm ds3 shutdown
  • configure port tdm e1 shutdown
  • configure port tdm e3 shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure port sonet-sdh path shutdown
  • configure port ethernet symbol-monitor shutdown
  • configure port ethernet eth-cfm mep shutdown
  • configure lag eth-cfm mep shutdown
  • configure port otu shutdown

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s

  • configure card xiom shutdown
  • configure card xiom mda shutdown

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

  • configure card fp ingress mcast-path-management shutdown

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure redundancy multi-chassis peer mc-ipsec domain shutdown
  • configure redundancy multi-chassis ipsec-domain shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>aaa>l2tp-acct-plcy shutdown)

Full Context

configure aaa l2tp-accounting-policy shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>mcast-mgmt>mcast-rprt-dest shutdown)

Full Context

configure mcast-management mcast-reporting-dest shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>python>py-policy>cache shutdown)

[Tree] (config>python>python-script shutdown)

Full Context

configure python python-policy cache shutdown

configure python python-script shutdown

Description

Shutting down a Python script triggers the system to load and compile the script from the configured location(s). Since the system supports three locations, the primary, secondary and tertiary, the system will try to load the Python script in that order.

Shutting down a Python script will disable the Python script and cause the corresponding packet to pass through without any modification.

The no form of this command enables the cache or policy script.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>sap>dyn-svc shutdown)

Full Context

configure service vpls sap dynamic-services shutdown

Description

This command disables or enables data-triggered dynamic services on this capture-sap.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>dynsvc>ladb shutdown)

Full Context

configure service dynamic-services local-auth-db shutdown

Description

This command disables or enables the local authentication database. When disabled, the database cannot be used for authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>dynsvc>ladb>user shutdown)

Full Context

configure service dynamic-services local-auth-db user-name shutdown

Description

This command disables or enables a user name entry in the local authentication database. When disabled, the entry is not matched.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>svlan-statistics shutdown)

Full Context

configure subscriber-mgmt svlan-statistics shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter shutdown)

[Tree] (config>subscr-mgmt>isa-svc-chain>evpn shutdown)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter shutdown

configure subscriber-mgmt isa-service-chaining evpn shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

The no form of this command puts an entity into the administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>ccrt-replay shutdown)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>ccrt-replay shutdown)

Full Context

configure subscriber-mgmt diameter-application-policy gy ccrt-replay shutdown

configure subscriber-mgmt diameter-application-policy gx ccrt-replay shutdown

Description

This command, enables or disables the CCR-T replay function for all Gx or Gy sessions that belong to the diameter application policy. Sessions in CCR-T replay are dropped when ccrt-replay is shut down.

The no form of this command enables the CCR-T replay function.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>sub-if>grp-if>bonding-parameters shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>bonding-parameters shutdown)

Full Context

configure service ies subscriber-interface group-interface bonding-parameters shutdown

configure service vprn subscriber-interface group-interface bonding-parameters shutdown

Description

The shutdown command administratively disables the entity. When a bonding context is shut down, all bonding subscribers are removed and no new bonding subscribers can be created in this context. The bonding configuration can be altered.

When a bonding context is placed in no shutdown, bonding subscribers can be created with connections in the specified subscriber interfaces. The specified FPE and connections can no longer be changed in this mode.

Default

shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-sol shutdown)

Full Context

configure service ies subscriber-interface group-interface ipv6 router-solicit shutdown

Description

This command enables SLAAC triggered host creation.

The no form of this command disables SLAAC triggered host creation.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (debug>diam>diam-peer-plcy>avp-match shutdown)

Full Context

debug diam diam-peer-plcy avp-match shutdown

Description

This command enables or disables the avp-match id criteria for filtering debug output based on AVP value matching.

A shutdown of the avp-match id clears the learned diameter session ID.

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>lsp-history shutdown)

Full Context

configure router mpls lsp-history shutdown

Description

This command enables the collection of up to the last 50 significant events for each point-to-point RSVP-TE LSP.

A shutdown of the lsp-history pauses the collection of events, but does not remove previously collected events from memory.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>aaa>radius-srv-plcy>servers>health-check>test-account shutdown)

Full Context

configure aaa radius-server-policy servers health-check test-account shutdown

Description

This command disables the test account that probes the RADIUS server.

The no form of this command enables the capability.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

shutdown sap-id [create]

no shutdown sap-id

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap shutdown)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap shutdown)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-access-points l2-ap shutdown

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points l2-ap shutdown

Description

This command administratively enables this SAP to begin accepting Layer 2 packets for WIFI offloading.

The no form of this command disables this SAP.

Default

shutdown

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>pfcp-association shutdown)

Full Context

configure subscriber-mgmt pfcp-association shutdown

Description

This command administratively enables or disables the PFCP association.

When administratively enabled, the system will try to maintain an active PFCP association with the configured peer. While no association is established, it will continue to retry setting up the association using the association-setup-retry configuration.

Shutting down a subscriber interface on a 7750 SR operationally shuts down all child group interfaces and SAPs. Shutting down a group interface on a 7750 SR operationally shuts down all SAPs that are part of that group interface.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (cfg>sys>pwr-mgmt>peq shutdown)

Full Context

configure system power-management peq shutdown

Description

This command administratively enables/disables the APEQ.

Platforms

7750 SR-12e, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>card>fp>egress>wred-queue-control shutdown)

Full Context

configure card fp egress wred-queue-control shutdown

Description

This command enables or disables egress WRED queue support on the forwarding plane. By default, WRED queue support is disabled (shutdown). While disabled, the various wred-queue-control commands may be executed on the forwarding plane and SAP egress QoS policies and egress queue group templates with wred-queue enabled may be applied to egress SAPs and port, respectively. The forwarding plane will allocate WRED pools to the WRED queues and the appropriate WRED mega-pool size and CBS reserve size will be calculated, but the WRED mega-pool will be empty and all buffers will be allocated to the default mega-pool. Each WRED queue will be mapped to its appropriate default pool.

Once the no shutdown command is executed, the calculated WRED mega-pool buffers will be moved from the default mega-pool to the WRED mega-pool. The WRED mega-pool CBS reserve size will be applied and each egress WRED queue will be moved from its default mega-pool buffer pool to its WRED pool within the WRED mega-pool hierarchy.

The no form of this command enables WRED queuing on an egress forwarding plane.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>macsec>connectivity-association shutdown)

Full Context

configure macsec connectivity-association shutdown

Description

This command shuts down the CA profile. All ports that are using this profile will not transmit PDUs as this command shuts down the MACsec for this profile.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring shutdown)

Full Context

configure port ethernet efm-oam link-monitoring shutdown

Description

This command enables the link monitoring function. Issuing a no shutdown will start the process. Issuing a shutdown will clear any previously established negative conditions that were a result of the link monitoring process on this port and all collected data. This also controls the advertising capabilities.

The no form of this command activates the link monitoring function.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-symbols shutdown)

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame shutdown)

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-period shutdown)

[Tree] (config>port>ethernet>efm-oam>link-mon>errored-frame-seconds shutdown)

Full Context

configure port ethernet efm-oam link-monitoring errored-symbols shutdown

configure port ethernet efm-oam link-monitoring errored-frame shutdown

configure port ethernet efm-oam link-monitoring errored-frame-period shutdown

configure port ethernet efm-oam link-monitoring errored-frame-seconds shutdown

Description

This command enables or disables the local counting, thresholding and actions associated with this type of local monitor. Peer received errors are not controlled by this command. Reaction to peer messaging is defined in the peer-rdi-rx hierarchy.

The no form of this command activates the local monitoring function and actions for the event.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port shutdown)

Full Context

configure port ethernet dot1x macsec sub-port shutdown

Description

This command shuts down the MACsec under this sub-port specifically, including MKA negotiation. In the shutdown state, this port is not MACsec capable and all PDUs will be transmitted and expected without encryption and authentication.

The no form of this command puts the port in MACsec-enabled mode. A valid CA, different than any other CA configured on any other sub-port of this port and also a max-peer value larger than 0 must be configured. In MACsec-enabled mode, packets are sent in cleartext until the MKA session is up, and if the rx-must-be-encrypted is set on the port, all incoming packets with no MACsec encapsulations are dropped.

Default

shutdown

Platforms

All

shutdown

Syntax

shutdown

no shutdown

Context

[Tree] (config>lag>bfd>family shutdown)

Full Context

configure lag bfd family shutdown

Description

This command disables micro BFD sessions for this address family.

The no form of this command re-enables micro BFD sessions for this address family.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>eth-ring>path shutdown)

[Tree] (config>service>sdp shutdown)

[Tree] (config>service>sdp>binding>pw-port shutdown)

[Tree] (config>service>sdp>class-forwarding shutdown)

[Tree] (config>service>pw-routing>hop shutdown)

[Tree] (config>service>sdp>keep-alive shutdown)

[Tree] (config>eth-tunnel>path>eth-cfm>mep shutdown)

[Tree] (config>service>pw-template>stp shutdown)

Full Context

configure eth-ring path shutdown

configure service sdp shutdown

configure service sdp binding pw-port shutdown

configure service sdp class-forwarding shutdown

configure service pw-routing hop shutdown

configure service sdp keep-alive shutdown

configure eth-tunnel path eth-cfm mep shutdown

configure service pw-template stp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure eth-tunnel path eth-cfm mep shutdown
  • configure eth-ring path shutdown

All

  • configure service pw-template stp shutdown
  • configure service sdp binding pw-port shutdown
  • configure service sdp keep-alive shutdown
  • configure service sdp shutdown
  • configure service sdp class-forwarding shutdown

shutdown

Syntax

shutdown

[no] shutdown

Context

[Tree] (config>service>vpls>bgp-evpn>vxlan shutdown)

[Tree] (config>service>epipe>bgp-evpn>srv6 shutdown)

[Tree] (config>service>epipe>bgp-evpn>mpls shutdown)

[Tree] (config>service>vpls>bgp-evpn>srv6 shutdown)

[Tree] (config>service>epipe>bgp-evpn>vxlan shutdown)

[Tree] (config>service>vpls>bgp-evpn>mpls shutdown)

Full Context

configure service vpls bgp-evpn vxlan shutdown

configure service epipe bgp-evpn segment-routing-v6 shutdown

configure service epipe bgp-evpn mpls shutdown

configure service vpls bgp-evpn segment-routing-v6 shutdown

configure service epipe bgp-evpn vxlan shutdown

configure service vpls bgp-evpn mpls shutdown

Description

This command controls the administrative state of EVPN-MPLS, EVPN-VXLAN, or EVPN-SRv6 in the service.

Platforms

All

  • configure service vpls bgp-evpn mpls shutdown
  • configure service epipe bgp-evpn mpls shutdown
  • configure service vpls bgp-evpn vxlan shutdown
  • configure service epipe bgp-evpn vxlan shutdown

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service epipe bgp-evpn segment-routing-v6 shutdown
  • configure service vpls bgp-evpn segment-routing-v6 shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>provider-tunnel>inclusive shutdown)

Full Context

configure service vpls provider-tunnel inclusive shutdown

Description

This command administratively enables and disables the service.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>proxy-nd shutdown)

[Tree] (config>service>vpls>proxy-arp shutdown)

Full Context

configure service vpls proxy-nd shutdown

configure service vpls proxy-arp shutdown

Description

This command enables and disables the proxy-ARP and proxy-nd functionality. ARP/GARP/ND messages will be snooped and redirected to the CPM for lookup in the proxy-ARP/proxy-ND table. The proxy-ARP/proxy-ND table is populated with IP->MAC pairs received from different sources (EVPN, static, dynamic). When the shutdown command is issued, it flushes the dynamic/EVPN dup proxy-ARP/proxy-ND table entries and instructs the system to stop snooping ARP/ND frames. All the static entries are kept in the table as inactive, regardless of their previous Status.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>system>bgp-evpn>eth-seg shutdown)

Full Context

configure service system bgp-evpn ethernet-segment shutdown

Description

This command changes the administrative status of the Ethernet-Segment.

The user can do no shutdown only when esi, multi-homing and lag/port/sdp are configured. If the Ethernet-Segment or the corresponding lag/port/sdp shutdown, the Ethernet-Segment route and the AD per-ES routes will be withdrawn. No changes are allowed when the Ethernet-Segment is no shutdown.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>epipe shutdown)

[Tree] (config>service>cpipe>spoke-sdp shutdown)

[Tree] (config>service>ipipe>spoke-sdp shutdown)

[Tree] (config>service>epipe>sap>l2tpv3-session shutdown)

[Tree] (config>service>ipipe shutdown)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep shutdown)

[Tree] (config>service>cpipe>sap shutdown)

[Tree] (config>service>epipe>sap shutdown)

[Tree] (config>service>cpipe shutdown)

[Tree] (config>service>ipipe>sap shutdown)

[Tree] (config>service>epipe>sap>eth-cfm>mep shutdown)

[Tree] (config>service>epipe>site shutdown)

[Tree] (config>service>epipe>spoke-sdp shutdown)

[Tree] (config>service>epipe>pw-port shutdown)

Full Context

configure service epipe shutdown

configure service cpipe spoke-sdp shutdown

configure service ipipe spoke-sdp shutdown

configure service epipe sap l2tpv3-session shutdown

configure service ipipe shutdown

configure service epipe spoke-sdp eth-cfm mep shutdown

configure service cpipe sap shutdown

configure service epipe sap shutdown

configure service cpipe shutdown

configure service ipipe sap shutdown

configure service epipe sap eth-cfm mep shutdown

configure service epipe site shutdown

configure service epipe spoke-sdp shutdown

configure service epipe pw-port shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described as follows in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

All

  • configure service epipe sap l2tpv3-session shutdown
  • configure service epipe site shutdown
  • configure service epipe spoke-sdp shutdown
  • configure service ipipe spoke-sdp shutdown
  • configure service ipipe sap shutdown
  • configure service epipe pw-port shutdown
  • configure service ipipe shutdown
  • configure service epipe shutdown
  • configure service epipe sap shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp shutdown
  • configure service cpipe shutdown
  • configure service cpipe sap shutdown
  • configure service epipe spoke-sdp eth-cfm mep shutdown
  • configure service epipe sap eth-cfm mep shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>epipe>bgp-vpws shutdown)

Full Context

configure service epipe bgp-vpws shutdown

Description

This command administratively enables/disables the local BGP VPWS instance. On de-activation an MP-UNREACH-NLRI is sent for the local NLRI.

The no form of this command enables the BGP VPWS addressing and the related BGP advertisement. The associated BGP VPWS MP-REACH-NLRI will be advertised in an update message and the corresponding received NLRIs must be considered to instantiate the data plane.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ipipe>eth-legacy-fault-notification shutdown)

Full Context

configure service ipipe eth-legacy-fault-notification shutdown

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>bgp-vpls shutdown)

Full Context

configure service vpls bgp-vpls shutdown

Description

This command administratively enables/disables the local BGP VPLS instance. On de-activation an MP-UNREACH-NLRI must be sent for the local NLRI.

The no form of this command enables the BGP VPLS addressing and the related BGP advertisement. The associated BGP VPLS MP-REACH-NLRI will be advertised in an update message and the corresponding received NLRIs must be considered to instantiate the data plane. RT, RD usage: same as in the BGP AD solution, if the values are not configured here, the value of the VPLS-id from under the bgp-ad node is used. If VPLS-id value is not configured either the MH site cannot be activated – i.e. no shutdown returns an error. Same applies if a pseudowire template is not specified under the BGP node.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>if>ipv6>secure-nd shutdown)

Full Context

configure service ies interface ipv6 secure-nd shutdown

Description

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus shutdown)

Full Context

configure service vprn aaa remote-servers tacplus shutdown

Description

This command administratively disables the TACACS+ protocol operation. Shutting down the protocol does not remove or change the configuration other than the administrative state.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables the protocol which is the default state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>static-route-entry>next-hop shutdown)

[Tree] (config>service>vprn>static-route-entry>indirect shutdown)

[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel shutdown)

[Tree] (config>service>vprn>static-route-entry>black-hole shutdown)

[Tree] (config>service>vprn>static-route-entry>grt shutdown)

Full Context

configure service vprn static-route-entry next-hop shutdown

configure service vprn static-route-entry indirect shutdown

configure service vprn static-route-entry ipsec-tunnel shutdown

configure service vprn static-route-entry black-hole shutdown

configure service vprn static-route-entry grt shutdown

Description

This command causes the static route to be placed in an administratively down state and removed from the active route-table

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>if>secure-nd shutdown)

Full Context

configure service vprn interface secure-nd shutdown

Description

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ldp>if-params>if shutdown)

[Tree] (config>router>ldp>if-params>if>ipv4 shutdown)

[Tree] (config>router>ldp>targ-session>peer shutdown)

[Tree] (config>router>ldp>egr-stats>fec-prefix shutdown)

[Tree] (config>router>ldp>targ-session>peer-template shutdown)

[Tree] (config>router>ldp>if-params>if>ipv6 shutdown)

[Tree] (config>router>ldp>aggregate-prefix-match shutdown)

[Tree] (config>router>ldp shutdown)

Full Context

configure router ldp interface-parameters interface shutdown

configure router ldp interface-parameters interface ipv4 shutdown

configure router ldp targeted-session peer shutdown

configure router ldp egress-statistics fec-prefix shutdown

configure router ldp targeted-session peer-template shutdown

configure router ldp interface-parameters interface ipv6 shutdown

configure router ldp aggregate-prefix-match shutdown

configure router ldp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. For an LDP interface, the shutdown command exists under the main interface context and under each of the interface IPv4 and IPv6 contexts.

  • shutdown under the interface context brings down both IPv4 and IPv6 Hello adjacencies and stops Hello transmission in both contexts.

  • shutdown under the interface IPv4 or IPv6 contexts brings down the Hello adjacency and stops Hello transmission in that context only.

The user can also delete the entire IPv4 or IPv6 context under the interface with the no ipv4 or no ipv6 command which in addition to bringing down the Hello adjacency will delete the configuration.

The no form of this command administratively enables an entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file, the shutdown and no shutdown states are always indicated in system generated configuration files.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ldp>targeted-session>auto-tx>ipv4 shutdown)

[Tree] (config>router>ldp>targeted-session>auto-rx>ipv4 shutdown)

Full Context

configure router ldp targeted-session auto-tx ipv4 shutdown

configure router ldp targeted-session auto-rx ipv4 shutdown

Description

This command administratively disables the capabilities associated with automatically sending targeted Hello messages through the auto-tx command or processing targeted Hello messages through the auto-rx command.

The no form of this command administratively enables the capabilities associated with the auto-tx and auto-rx commands.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>lsp>primary shutdown)

[Tree] (config>router>mpls>ingr-stats>p2p-template-lsp shutdown)

[Tree] (config>router>mpls>lsp>primary-p2mp-instance shutdown)

[Tree] (config>router>mpls shutdown)

[Tree] (config>router>mpls>lsp>egress-statistics shutdown)

[Tree] (config>router>mpls>lsp>secondary shutdown)

[Tree] (config>router>mpls>lsp-template>egress-statistics shutdown)

[Tree] (config>router>mpls>ingr-stats>p2mp-template-lsp shutdown)

[Tree] (config>router>mpls>interface shutdown)

Full Context

configure router mpls lsp primary shutdown

configure router mpls ingress-statistics p2p-template-lsp shutdown

configure router mpls lsp primary-p2mp-instance shutdown

configure router mpls shutdown

configure router mpls lsp egress-statistics shutdown

configure router mpls lsp secondary shutdown

configure router mpls lsp-template egress-statistics shutdown

configure router mpls ingress-statistics p2mp-template-lsp shutdown

configure router mpls interface shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The config>router>mpls>ingr-stats>p2mp-template-lsp> shutdown command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.

The config>router>mpls>lsp>primary-p2mp-instance> shutdown is not supported on the 7450 ESS.

MPLS is not enabled by default and must be explicitly enabled (no shutdown).

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>pce-initiated-lsp>sr-te shutdown)

Full Context

configure router mpls pce-initiated-lsp sr-te shutdown

Description

This command administratively enables or disables the sr-te context for PCE initiated LSPs. A shutdown of the sr-te context under pce-initiated-lsp causes an error to be generated for new PCInitate messages, and existing PCE-initiated LSPs are taken to the oper-down state.

The no form of this command administratively enables the sr-te context for PCE initiated LSP.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>if>label-map shutdown)

Full Context

configure router mpls interface label-map shutdown

Description

This command disables the label map definition. This drops all packets that match the specified in-label specified in the label-map in-label command.

The no form of this command administratively enables the defined label map action.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>lsp shutdown)

[Tree] (config>router>mpls>lsp-template shutdown)

Full Context

configure router mpls lsp shutdown

configure router mpls lsp-template shutdown

Description

This command disables the existing LSP including the primary and any standby secondary paths.

To shutdown only the primary enter the config router mpls lsp lsp-name primary path-name shutdown command.

To shutdown a specific standby secondary enter the config router mpls lsp lsp-name secondary path-name shutdown command. The existing configuration of the LSP is preserved.

Use the no form of this command to restart the LSP. LSPs are created in a shutdown state. Use this command to administratively bring up the LSP.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>rib-api>mpls shutdown)

Full Context

configure router rib-api mpls shutdown

Description

This command disables the programming of tunnel and label FIB entries by the RIB-API gRPC service. It causes all existing tunnel and label FIB entries to be de-programmed from the data path, but they remain in the control plane database.

The no form of this command enables the programming of tunnel and label FIB entries by the RIB-API gRPC service.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>path shutdown)

Full Context

configure router mpls path shutdown

Description

This command disables the existing LSPs using this path. All services using these LSPs are affected. Binding information, however, is retained in those LSPs. Paths are created in the shutdown state.

The no form of this command administratively enables the path. All LSPs, where this path is defined as primary or defined as standby secondary, are (re)established.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>pcep>pcc shutdown)

[Tree] (config>router>pcep>pce shutdown)

Full Context

configure router pcep pcc shutdown

configure router pcep pce shutdown

Description

This command administratively disables the PCC or PCE process.

The following PCE parameters can only be modified when the PCEP session is shut down:

  • local-address

  • keepalive

  • dead-timer

The unknown-message-rate PCE parameter can be modified without shutting down the PCEP session.

The following PCC parameters can only be modified when the PCEP session is shut down:

  • local-address

  • keepalive

  • dead-timer

  • peer

The following PCC parameters can be modified without shutting down the PCEP session:

  • report-path-constraints

  • unknown-message-rate

Default

shutdown

Platforms

All

  • configure router pcep pcc shutdown

VSR-NRC

  • configure router pcep pce shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>rsvp shutdown)

[Tree] (config>router>rsvp>interface shutdown)

Full Context

configure router rsvp shutdown

configure router rsvp interface shutdown

Description

This command disables the RSVP protocol instance or the RSVP-related functions for the interface. The RSVP configuration information associated with this interface is retained. When RSVP is administratively disabled, all the RSVP sessions are torn down. The existing configuration is retained.

The no form of this command administratively enables RSVP on the interface.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp shutdown)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group shutdown

Description

This command shuts down an NHG entry in a forwarding policy.

When an NHG is shut down, it is removed from the data path entry of the forwarding policy.

The no form of this command brings up an NHG entry in a forwarding policy.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy shutdown)

Full Context

configure router mpls forwarding-policies forwarding-policy shutdown

Description

This command shuts down the forwarding policy.

The no form of this command enables the forwarding policy.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>fwd-policies shutdown)

Full Context

configure router mpls forwarding-policies shutdown

Description

This command shuts down the forwarding-policies context; causing all forwarding policies to be removed from the data path, however they remain in the MPLS forwarding database.

The no form of this command enables the forwarding-policies context.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>app-assure>group>wap1x shutdown)

[Tree] (config>service>ies>aa-interface shutdown)

[Tree] (config>app-assure>group>http-notification shutdown)

[Tree] (config>service>vprn>aa-interface>sap shutdown)

[Tree] (config>app-assure>group>statistics>protocol shutdown)

[Tree] (config>app-assure>group>transit-ip-policy>dhcp shutdown)

[Tree] (config>app-assure>group>certificate-profile shutdown)

[Tree] (config>app-assure>group>cflowd>volume shutdown)

[Tree] (config>app-assure>group>aa-sub-cong shutdown)

[Tree] (config>app-assure>group>policy>app-filter>entry shutdown)

[Tree] (config>app-assure>group>dns-ip-cache shutdown)

[Tree] (config>app-assure>group>cflowd>volume>template>dynamic-fields shutdown)

[Tree] (config>app-assure>group>url-filter>icap>server shutdown)

[Tree] (config>app-assure>group>url-filter shutdown)

[Tree] (config>app-assure>group>tethering-detection shutdown)

[Tree] (config>app-assure>group>cflowd>comp>template>dynamic-fields shutdown)

[Tree] (config>service>ies>aa-interface>sap shutdown)

[Tree] (config>app-assure>group>cflowd>comp shutdown)

[Tree] (config>app-assure>group>policy>custom-protocol shutdown)

[Tree] (config>app-assure>group>cflowd>rtp-perf>audio-template>dynamic-fields shutdown)

[Tree] (config>app-assure>group>event-log shutdown)

[Tree] (config>app-assure>group>http-redirect shutdown)

[Tree] (config>isa>aa-grp shutdown)

[Tree] (config>app-assure>group>http-error-redirect shutdown)

[Tree] (config>app-assure>group>cflowd>rtp-perf>voice-template>dynamic-fields shutdown)

[Tree] (config>app-assure>group>transit-ip-policy>transit-auto-create shutdown)

[Tree] (config>app-assure>group>cflowd>collector shutdown)

[Tree] (config>app-assure>group>http-enrich shutdown)

[Tree] (config>app-assure>group>policer>tod-override shutdown)

[Tree] (config>app-assure>group>cflowd>tcp-perf>template>dynamic-fields shutdown)

[Tree] (config>app-assure>group>policy>app-qos-policy>entry shutdown)

[Tree] (config>app-assure>group>url-list shutdown)

[Tree] (config>app-assure>group>gtp shutdown)

[Tree] (config>app-assure>group>cflowd>tcp-perf shutdown)

[Tree] (config>app-assure>aarp shutdown)

[Tree] (config>app-assure>group>cflowd shutdown)

[Tree] (config>app-assure>protocol shutdown)

[Tree] (config>service>vprn>aa-interface shutdown)

[Tree] (config>app-assure>group>cflowd>rtp-perf shutdown)

[Tree] (config>app-assure>group>transit-ip-policy>radius shutdown)

[Tree] (config>app-assure>group>cflowd>rtp-perf>video-template>dynamic-fields shutdown)

Full Context

configure application-assurance group wap1x shutdown

configure service ies aa-interface shutdown

configure application-assurance group http-notification shutdown

configure service vprn aa-interface sap shutdown

configure application-assurance group statistics protocol shutdown

configure application-assurance group transit-ip-policy dhcp shutdown

configure application-assurance group certificate-profile shutdown

configure application-assurance group cflowd volume shutdown

configure application-assurance group aa-sub-congestion-detection shutdown

configure application-assurance group policy app-filter entry shutdown

configure application-assurance group dns-ip-cache shutdown

configure application-assurance group cflowd volume template dynamic-fields shutdown

configure application-assurance group url-filter icap server shutdown

configure application-assurance group url-filter shutdown

configure application-assurance group tethering-detection shutdown

configure application-assurance group cflowd comprehensive template dynamic-fields shutdown

configure service ies aa-interface sap shutdown

configure application-assurance group cflowd comprehensive shutdown

configure application-assurance group policy custom-protocol shutdown

configure application-assurance group cflowd rtp-performance audio-template dynamic-fields shutdown

configure application-assurance group event-log shutdown

configure application-assurance group http-redirect shutdown

configure isa application-assurance-group shutdown

configure application-assurance group http-error-redirect shutdown

configure application-assurance group cflowd rtp-performance voice-template dynamic-fields shutdown

configure application-assurance group transit-ip-policy transit-auto-create shutdown

configure application-assurance group cflowd collector shutdown

configure application-assurance group http-enrich shutdown

configure application-assurance group policer tod-override shutdown

configure application-assurance group cflowd tcp-performance template dynamic-fields shutdown

configure application-assurance group policy app-qos-policy entry shutdown

configure application-assurance group url-list shutdown

configure application-assurance group gtp shutdown

configure application-assurance group cflowd tcp-performance shutdown

configure application-assurance aarp shutdown

configure application-assurance group cflowd shutdown

configure application-assurance protocol shutdown

configure service vprn aa-interface shutdown

configure application-assurance group cflowd rtp-performance shutdown

configure application-assurance group transit-ip-policy radius shutdown

configure application-assurance group cflowd rtp-performance video-template dynamic-fields shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>app-assure>group>transit-ip>diameter shutdown)

Full Context

configure application-assurance group transit-ip-policy diameter shutdown

Description

This command removes all transit AA subscribers created via Diameter on this transit AA subscriber IP policy and clears all corresponding Diameter sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>isa>aa-grp>overload-sub-quarantine shutdown)

Full Context

configure isa application-assurance-group overload-sub-quarantine shutdown

Description

This command disables the overload subscriber detection algorithm in the ISA group for the purpose of quarantining an overloaded subscriber. It is possible to manually quarantine an AA subscriber even when this command is disabled (shutdown).

The no form of this command enables the overload subscriber detection algorithm in the ISA group. When enabled, each ISA monitors the traffic on a continuous basis to identify AA subscribers that occupy more than their fair share of ISA resources and need to be quarantined.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (debug>app-assure>group>traffic-capture shutdown)

Full Context

debug application-assurance group traffic-capture shutdown

Description

This command administratively disables traffic capture.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (debug>app-assure>group>http-host-recorder shutdown)

[Tree] (debug>app-assure>group>port-recorder shutdown)

Full Context

debug application-assurance group http-host-recorder shutdown

debug application-assurance group port-recorder shutdown

Description

This commands allows to stop or start the http-host-recorder. To reset the recorded values execute shutdown followed by no shutdown.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>esa shutdown)

[Tree] (config>esa>vm shutdown)

Full Context

configure esa shutdown

configure esa vm shutdown

Description

This command administratively disables the instance. The operational state of the instance is disabled, as well as the operational state of any entities contained within. When disabled, the instance does not change, reset, or remove any configuration settings or statistics.

The no form of this command administratively enables the instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 shutdown)

[Tree] (config>service>ies>if>sap>ip-tunnel shutdown)

[Tree] (config>isa>aa-group shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw shutdown)

[Tree] (config>ipsec>cert-profile shutdown)

[Tree] (config>ipsec>client-db>client shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp shutdown)

[Tree] (config>ipsec>client-db shutdown)

[Tree] (config>isa>tunnel-grp shutdown)

[Tree] (config>isa shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw>lcl-addr-assign shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp shutdown)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw>lcl-addr-assign shutdown)

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>tunnel-group shutdown)

[Tree] (config>service>vprn>if>sap>ip-tunnel shutdown)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel shutdown)

Full Context

configure service ies interface sap ipsec-gw dhcp6 shutdown

configure service ies interface sap ip-tunnel shutdown

configure isa aa-group shutdown

configure service vprn interface sap ipsec-gw dhcp6 shutdown

configure service ies interface sap ipsec-gw shutdown

configure ipsec cert-profile shutdown

configure ipsec client-db client shutdown

configure service vprn interface sap ipsec-gw shutdown

configure service ies interface sap ipsec-gw dhcp shutdown

configure ipsec client-db shutdown

configure isa tunnel-group shutdown

configure isa shutdown

configure service ies interface sap ipsec-gw local-address-assignment shutdown

configure service vprn interface sap ipsec-gw dhcp shutdown

configure service ies interface ipsec ipsec-tunnel shutdown

configure service vprn interface sap ipsec-gw local-address-assignment shutdown

configure redundancy multi-chassis peer mc-ipsec tunnel-group shutdown

configure service vprn interface sap ip-tunnel shutdown

configure service vprn interface ipsec ipsec-tunnel shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure redundancy multi-chassis peer mc-ipsec tunnel-group shutdown
  • configure service ies interface sap ipsec-gw dhcp6 shutdown
  • configure service vprn interface sap ipsec-gw dhcp6 shutdown
  • configure service vprn interface sap ipsec-gw shutdown
  • configure service ies interface sap ipsec-gw shutdown
  • configure isa shutdown
  • configure isa tunnel-group shutdown
  • configure ipsec client-db shutdown
  • configure ipsec client-db client shutdown
  • configure service ies interface sap ipsec-gw local-address-assignment shutdown
  • configure service vprn interface sap ipsec-gw local-address-assignment shutdown
  • configure ipsec cert-profile shutdown
  • configure service ies interface sap ipsec-gw dhcp shutdown
  • configure service vprn interface sap ipsec-gw dhcp shutdown

All

  • configure service vprn interface sap ip-tunnel shutdown
  • configure service ies interface sap ip-tunnel shutdown

VSR

  • configure service vprn interface ipsec ipsec-tunnel shutdown
  • configure service ies interface ipsec ipsec-tunnel shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update shutdown)

Full Context

configure system security pki ca-profile auto-crl-update shutdown

Description

This command disables the auto CRL update.

The no form of this command enables an auto CRL update. Upon no shutdown, if the configured CRL file does not exist, is invalid or is expired or if the schedule-type is next-update-based and current time passed (Next-Update_of_existing_CRL - pre-update-time), then system will start downloading CRL right away.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>isa>lns-group shutdown)

Full Context

configure isa lns-group shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>nat>outside>pool>redundancy shutdown)

[Tree] (config>router>nat>inside>redundancy>subscriber-identification shutdown)

[Tree] (config>router>firewall>domain shutdown)

[Tree] (config>router>nat>outside>pool>address-range shutdown)

[Tree] (config>router>nat>inside>nat64 shutdown)

[Tree] (config>service>vprn>nat>outside>pool>redundancy shutdown)

[Tree] (config>router>nat>inside>subscriber-id shutdown)

[Tree] (config>router>nat>inside>dual-stack-lite shutdown)

[Tree] (config>isa>nat-group shutdown)

[Tree] (config>service>vprn>nat>outside>pool shutdown)

[Tree] (config>service>vprn>nat>inside>nat64 shutdown)

[Tree] (config>aaa>isa-radius-plcy>servers>server shutdown)

[Tree] (config>service>ipfix>ipfix-export-policy>collector shutdown)

[Tree] (config>service>vprn>mtrace2 shutdown)

[Tree] (config>router>nat>outside>pool shutdown)

[Tree] (config>service>vprn>nat>outside>pool>address-range shutdown)

Full Context

configure router nat outside pool redundancy shutdown

configure router nat inside redundancy subscriber-identification shutdown

configure router firewall domain shutdown

configure router nat outside pool address-range shutdown

configure router nat inside nat64 shutdown

configure service vprn nat outside pool redundancy shutdown

configure router nat inside subscriber-id shutdown

configure router nat inside dual-stack-lite shutdown

configure isa nat-group shutdown

configure service vprn nat outside pool shutdown

configure service vprn nat inside nat64 shutdown

configure aaa isa-radius-policy servers server shutdown

configure service ipfix ipfix-export-policy collector shutdown

configure service vprn mtrace2 shutdown

configure router nat outside pool shutdown

configure service vprn nat outside pool address-range shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn nat outside pool shutdown
  • configure router nat inside dual-stack-lite shutdown
  • configure router nat inside nat64 shutdown
  • configure service vprn nat outside pool address-range shutdown
  • configure isa nat-group shutdown
  • configure router nat outside pool address-range shutdown
  • configure router nat outside pool shutdown
  • configure service vprn nat outside pool redundancy shutdown
  • configure aaa isa-radius-policy servers server shutdown
  • configure service vprn nat inside nat64 shutdown
  • configure router nat outside pool redundancy shutdown

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure router firewall domain shutdown

All

  • configure service ipfix ipfix-export-policy collector shutdown
  • configure service vprn mtrace2 shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>nat>map-domain>mapping-rule shutdown)

Full Context

configure service nat map-domain mapping-rule shutdown

Description

This command enables or disables a rule within a MAP domain. A MAP rule can be enabled (no shutdown) only when all parameters within the rule are defined. Disabling a rule within an instantiated MAP domain will withdraw the rule IPv4 routes and disable forwarding for the rule.

Interactions:

config>service>vprn>nat>map>map-domain domain-name

config>service>router>nat>map>map-domain domain-name

Shutdown of an instantiated MAP rule disables the rule (the rule routes will be withdrawn and forwarding will be disabled).

Default

shutdown

Platforms

VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>nat>map-domain shutdown)

Full Context

configure service nat map-domain shutdown

Description

This command enables or disables a MAP domain. A MAP domain can be enabled (no shutdown) only when the DMR prefix is configured. Disabling an instantiated domain will withdraw all routes associated with it.

Interactions:

config>service>vprn>nat>map>map-domain domain-name

config>service>router>nat>map>map-domain domain-name

Shutdown of a MAP domain template disables the instantiated MAP domain (the routes will be withdrawn and forwarding will be disabled).

Default

shutdown

Platforms

VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>bier shutdown)

[Tree] (config>router>bier>template shutdown)

Full Context

configure router bier shutdown

configure router bier template shutdown

Description

This command shuts down BIER or a BIER template.

The no form of this command enables BIER or the BIER template.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>gtm>provider-tunnel>inclusive>rsvp shutdown)

[Tree] (config>router>gtm>provider-tunnel>selective>rsvp shutdown)

Full Context

configure router gtm provider-tunnel inclusive rsvp shutdown

configure router gtm provider-tunnel selective rsvp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path shutdown)

[Tree] (config>router>p2mp-sr-tree>replication-segment shutdown)

[Tree] (config>router>p2mp-sr-tree>p2mp-policy shutdown)

[Tree] (config>router>p2mp-sr-tree shutdown)

[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id shutdown)

Full Context

configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path shutdown

configure router p2mp-sr-tree replication-segment shutdown

configure router p2mp-sr-tree p2mp-policy shutdown

configure router p2mp-sr-tree shutdown

configure router p2mp-sr-tree replication-segment next-hop-id shutdown

Description

This command administratively disables an entity for the P2MP SR tree. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

When the operational state of an entity is disabled, the operational state of any entities contained within are also disabled. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up, then attempts to enter the operationally up state.

The no form of this command places the entity into an administratively enabled state.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>li>log>log-id shutdown)

[Tree] (config>service>vprn>ip-mirror-interface shutdown)

[Tree] (config>mirror>mirror-dest shutdown)

[Tree] (config>service>vprn>ip-mirror-interface>spoke-sdp shutdown)

[Tree] (config>mirror>mirror-source shutdown)

[Tree] (config>service>vprn>if>ping-template shutdown)

[Tree] (config>mirror>mirror-dest>spoke-sdp>egress shutdown)

[Tree] (config>li>li-source shutdown)

[Tree] (config>service>ies>if>ping-template shutdown)

Full Context

configure li log log-id shutdown

configure service vprn ip-mirror-interface shutdown

configure mirror mirror-dest shutdown

configure service vprn ip-mirror-interface spoke-sdp shutdown

configure mirror mirror-source shutdown

configure service vprn interface ping-template shutdown

configure mirror mirror-dest spoke-sdp egress shutdown

configure li li-source shutdown

configure service ies interface ping-template shutdown

Description

The shutdown command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of this command puts an entity into the administratively enabled state.

Default

See Special Cases below.

Platforms

All

  • configure mirror mirror-dest spoke-sdp egress shutdown
  • configure service vprn ip-mirror-interface shutdown
  • configure mirror mirror-source shutdown
  • configure mirror mirror-dest shutdown
  • configure li log log-id shutdown
  • configure service vprn ip-mirror-interface spoke-sdp shutdown
  • configure li li-source shutdown

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface ping-template shutdown
  • configure service vprn interface ping-template shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (debug>mirror-source shutdown)

Full Context

debug mirror-source shutdown

Description

This command enables mirror source debugging.

The no form of this command clears mirror source information.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>oam-pm>session>ip>twamp-light shutdown)

[Tree] (config>oam-pm>session>ethernet>slm shutdown)

[Tree] (config>saa>test shutdown)

[Tree] (config>oam-pm>session>ethernet>dmm shutdown)

[Tree] (config>oam-pm>bin-group shutdown)

[Tree] (config>oam-pm>session>ethernet>lmm>availability shutdown)

[Tree] (config>test-oam>ldp-treetrace shutdown)

[Tree] (config>oam-pm>session>measurement-interval>event-mon shutdown)

[Tree] (config>oam-pm>session>ethernet>lmm shutdown)

[Tree] (config>test-oam>twamp>server>prefix shutdown)

[Tree] (config>test-oam>twamp>server shutdown)

Full Context

configure oam-pm session ip twamp-light shutdown

configure oam-pm session ethernet slm shutdown

configure saa test shutdown

configure oam-pm session ethernet dmm shutdown

configure oam-pm bin-group shutdown

configure oam-pm session ethernet lmm availability shutdown

configure test-oam ldp-treetrace shutdown

configure oam-pm session measurement-interval event-mon shutdown

configure oam-pm session ethernet lmm shutdown

configure test-oam twamp server prefix shutdown

configure test-oam twamp server shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Entities are created in the administratively down (shutdown) state. When a no shutdown command is entered, the entity becomes administratively up and then tries to enter the operationally up state.

The no form of this command administratively enables the entity.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure test-oam twamp server shutdown
  • configure oam-pm session ip twamp-light shutdown
  • configure test-oam twamp server prefix shutdown

All

  • configure oam-pm session ethernet lmm availability shutdown
  • configure oam-pm session ethernet lmm shutdown
  • configure saa test shutdown
  • configure oam-pm bin-group shutdown
  • configure oam-pm session ethernet dmm shutdown
  • configure oam-pm session ethernet slm shutdown
  • configure test-oam ldp-treetrace shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>twamp-light>reflector shutdown)

[Tree] (config>router>twamp-light>reflector shutdown)

Full Context

configure service vprn twamp-light reflector shutdown

configure router twamp-light reflector shutdown

Description

This command disables or enables TWAMP Light functionality within the context where the configuration exists, either the base router instance or the service. Enabling the base router context enables the IES prefix list since the IES service uses the configuration under the base router instance.

The no form of this command allows the router instance or the service to accept TWAMP Light packets for processing.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>bfd>seamless-bfd>reflector shutdown)

Full Context

configure bfd seamless-bfd reflector shutdown

Description

This command specifies the administrative state of the seamless BFD reflector.

The no form of this command administratively enables the reflector. A discriminator must be configured before the no shutdown command is invoked.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>qos>slope-policy>low-slope shutdown)

[Tree] (config>qos>slope-policy>exceed-slope shutdown)

[Tree] (config>qos>slope-policy>high-slope shutdown)

[Tree] (config>qos>slope-policy>highplus-slope shutdown)

Full Context

configure qos slope-policy low-slope shutdown

configure qos slope-policy exceed-slope shutdown

configure qos slope-policy high-slope shutdown

configure qos slope-policy highplus-slope shutdown

Description

This command enables or disables the administrative status of the Random Early Detection slope.

By default, all slopes are shutdown and have to be explicitly enabled (no shutdown).

The no form of this command administratively enables the RED slope.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>filter>redirect-policy shutdown)

[Tree] (config>filter>log>summary shutdown)

[Tree] (config>filter>redirect-policy>destination shutdown)

Full Context

configure filter redirect-policy shutdown

configure filter log summary shutdown

configure filter redirect-policy destination shutdown

Description

Administratively enables/disabled (AdminUp/AdminDown) an entity. Downing an entity does not change, reset or remove any configuration settings or statistics. Many objects must be shutdown before they may be deleted.

The shutdown command administratively downs an entity. Administratively downing an entity changes the operational state of the entity to down.

Unlike other commands and parameters where the default state will not be indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>if>ipv6>secure-nd shutdown)

Full Context

configure router interface ipv6 secure-nd shutdown

Description

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>pcp-server>server shutdown)

Full Context

configure router pcp-server server shutdown

Description

This command administratively enables the PCP server.

The no form of this command administratively disables the PCP server.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>open-flow>of-switch shutdown)

Full Context

configure open-flow of-switch shutdown

Description

This command administratively enables or disables the OpenFlow switch instance. Disabling the switch purges all flowtable entries.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>vrrp>policy shutdown)

[Tree] (config>router>if>ipv6>vrrp shutdown)

[Tree] (config>router>if>vrrp shutdown)

Full Context

configure vrrp policy shutdown

configure router interface ipv6 vrrp shutdown

configure router interface vrrp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown [active] [standby]

[no] shutdown [cflash-id]

Context

[Tree] (file shutdown)

Full Context

file shutdown

Description

This command shuts down (unmounts) the specified CPM(s).

Use the no shutdown [active] [standby] command to enable one or both CPM.

Use the no shutdown [cflash-id] command to enable a compact flash (cf1:, cf2:, or cf3:) on the CPM/CCM. The no shutdown command can be issued for a specific slot when no compact flash is present. When a flash card is installed in the slot, the card will be activated upon detection.

In redundant systems, use the no shutdown command on cf3: on both SF/CPMs or CCMs in order to facilitate synchronization. See the config>redundancy synchronize command.

Note:

The shutdown command must be issued prior to removing a flash card. If no parameters are specified, then the drive referred to by the current working directory will be shut down.

LED Status Indicators

LED Status Indicators lists the possible states for the compact flash and their LED status indicators.

Table 7. LED Status Indicators

State

Description

Operational

If a compact flash is present in a drive and operational (no shutdown), the respective LED is lit green. The LED flickers when the compact flash is accessed. Note: Do not remove the compact flash during a read/write operation.

Flash defective

If a compact flash is defective, the respective LED blinks amber to reflect the error condition and a trap is raised.

Flash drive shut down

When the compact flash drive is shut down and a compact flash present, the LED is lit amber. In this state, the compact flash can be ejected.

No compact flash present, drive shut down

If no compact flash is present and the drive is shut down the LED is unlit.

No compact flash present, drive enabled

If no compact flash is present and the drive is not shut down the LED is unlit.

Ejecting a compact flash

The compact flash drive should be shut down before ejecting a compact flash card. The LED should turn to solid (not blinking) amber. This is the only mode to safely remove the flash card. If a compact flash drive is not shut down before a compact flash is ejected, the LED blinks amber for approximately 5 seconds before shutting off.

The shutdown or no shutdown state is not saved in the configuration file. Following a reboot all compact flash drives are in their default state.

Default

no shutdown

Parameters

cflash-id

Specifies the compact flash slot ID to be shut down or enabled. If cflash-id is specified, the drive is shut down or enabled. If no cflash-id is specified, the drive referred to by the current working directory is assumed. If a slot number is not specified, then the active CPM is assumed.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default

the current compact flash device

active

Specifies that all drives on the active CPM are shutdown or enabled.

standby

Specifies that all drives on the standby CPM are shutdown or enabled.

When both active and standby keywords are specified, then all drives on both CPM are shutdown.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>satellite>eth-sat shutdown)

[Tree] (config>system>satellite>tdm-sat shutdown)

Full Context

configure system satellite eth-sat shutdown

configure system satellite tdm-sat shutdown

Description

This command disables the associated satellite.

If the associated satellite is active, the satellite will not be reset but all satellite client ports will be shut down.

If the satellite is not active but attempts to associate with the host, the satellite chassis will be brought up according to the satellite configuration but all client ports will be shut down.

The no form of this command removes the shutdown state and all client ports on active satellites will be brought back up.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure system satellite eth-sat shutdown

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure system satellite tdm-sat shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>alarm-contact-input shutdown)

Full Context

configure system alarm-contact-input shutdown

Description

This command disables tracking of state changes associated with the alarm contact input. The system does not generate or clear the alarms for the alarm contact input while tracking is disabled. The system clears existing alarms when the shutdown command is executed.

The no form of this command enables tracking of state changes associated with the alarm contact input.

Default

shutdown

Platforms

7750 SR-a

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>ptp>peer shutdown)

Full Context

configure system ptp peer shutdown

Description

This command disables or enables a specific PTP peer. Shutting down a peer sends cancel unicast negotiation messages on any established unicast sessions. When shutdown, all received packets from the peer are ignored.

If the clock-type is ordinary slave or boundary, and PTP is no shutdown, the last enabled peer cannot be shutdown. This prevents the user from having PTP enabled without any peer configured and enabled.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>ptp>port shutdown)

Full Context

configure system ptp port shutdown

Description

This command disables or enables a specific PTP port. When shutdown, all PTP Ethernet messages are dropped on the IOM They will not be counted in the PTP message statistics. No PTP packets are transmitted by the node toward this port.

If the clock-type is ordinary slave or boundary, and PTP is no shutdown, the last enabled port or peer cannot be shutdown. This prevents the user from having PTP enabled without any means to synchronize the local clock to a parent clock.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>management-interface>remote-management>manager shutdown)

[Tree] (config>system>management-interface>remote-management shutdown)

Full Context

configure system management-interface remote-management manager shutdown

configure system management-interface remote-management shutdown

Description

This command administratively disables remote management.

The no form of this command administratively enables remote management.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>alarms shutdown)

Full Context

configure system alarms shutdown

Description

This command enables or disables the Facility Alarm functionality. When enabled, the Facility Alarm sub-system tracks active and cleared facility alarms and controls the Alarm LEDs on the CPMs. When Facility Alarm functionality is enabled, the alarms are viewed using the show system alarms command(s).

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>log>event-trigger>event>trigger-entry shutdown)

[Tree] (config>log>event-handling>handler shutdown)

[Tree] (config>log>log-id shutdown)

[Tree] (config>log>accounting-policy shutdown)

[Tree] (config>log>event-trigger>event shutdown)

[Tree] (config>log>event-handling>handler>action-list>entry shutdown)

Full Context

configure log event-trigger event trigger-entry shutdown

configure log event-handling handler shutdown

configure log log-id shutdown

configure log accounting-policy shutdown

configure log event-trigger event shutdown

configure log event-handling handler action-list entry shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>netconf shutdown)

Full Context

configure system netconf shutdown

Description

This command disables the NETCONF server. The shutdown command is blocked if there are any active NETCONF sessions. Use the admin disconnect command to disconnect all NETCONF sessions before shutting down the NETCONF service.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>sys>sec>cpm>ipv6-filter shutdown)

[Tree] (config>system>security>keychain>direction>bi>entry shutdown)

[Tree] (config>system>security>keychain>direction>uni>send>entry shutdown)

[Tree] (cfg>sys>sec>cpm>mac-filter>entry shutdown)

[Tree] (config>sys>sec>cpm>ip-filter shutdown)

[Tree] (config>system>security>mgmt-access-filter>ip-filter shutdown)

[Tree] (config>system>security>keychain>direction>uni>receive>entry shutdown)

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter shutdown)

[Tree] (config>system>security>dot1x>radius-plcy shutdown)

[Tree] (config>system>security>dot1x shutdown)

[Tree] (config>system>security>keychain shutdown)

Full Context

configure system security cpm-filter ipv6-filter shutdown

configure system security keychain direction bi entry shutdown

configure system security keychain direction uni send entry shutdown

configure system security cpm-filter mac-filter entry shutdown

configure system security cpm-filter ip-filter shutdown

configure system security management-access-filter ip-filter shutdown

configure system security keychain direction uni receive entry shutdown

configure system security management-access-filter ipv6-filter shutdown

configure system security dot1x radius-plcy shutdown

configure system security dot1x shutdown

configure system security keychain shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command puts an entity into the administratively enabled state.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure system security cpm-filter ipv6-filter shutdown
  • configure system security cpm-filter mac-filter entry shutdown
  • configure system security cpm-filter ip-filter shutdown

All

  • configure system security management-access-filter ip-filter shutdown
  • configure system security dot1x shutdown
  • configure system security management-access-filter ipv6-filter shutdown
  • configure system security keychain direction bi entry shutdown
  • configure system security keychain direction uni send entry shutdown
  • configure system security dot1x radius-plcy shutdown
  • configure system security keychain shutdown
  • configure system security keychain direction uni receive entry shutdown

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>pki>ca-profile shutdown)

Full Context

configure system security pki ca-profile shutdown

Description

Use this command to enable or disable the ca-profile. The system verifies the configured cert-file and crl-file. If the verification fails, then the no shutdown command fails.

The ca-profile in a shutdown state cannot be used in certificate authentication.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>ssh>key-re-exchange>client shutdown)

[Tree] (config>system>security>ssh>key-re-exchange>server shutdown)

Full Context

configure system security ssh key-re-exchange client shutdown

configure system security ssh key-re-exchange server shutdown

Description

This command stops the key exchange. It sets the minutes and bytes to infinity so there will not be any key exchange during the PDU transmission.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>tacplus shutdown)

Full Context

configure system security tacplus shutdown

Description

This command administratively disables the TACACS+ protocol operation. Shutting down the protocol does not remove or change the configuration other than the administrative state.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables the protocol which is the default state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>ldap>server shutdown)

[Tree] (config>system>security>ldap shutdown)

Full Context

configure system security ldap server shutdown

configure system security ldap shutdown

Description

In the ldap context, this command enables or disabled LDAP protocol operations.

In the server context, this command enables or disables the LDAP server. To perform no shutdown, an LDAP server address is required. To change the address, the user first needs to shut down the server.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc>gnmi shutdown)

Full Context

configure system grpc gnmi shutdown

Description

This command stops the gNMI service.

The no form of this command starts the gNMI service.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc>rib-api shutdown)

Full Context

configure system grpc rib-api shutdown

Description

This command stops the RibApi gRPC service, deletes all programmed RIB entries (stale and non-stale), but does not close the TCP connections.

The no form of this command restarts the RibApi gRPC service.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc shutdown)

Full Context

configure system grpc shutdown

Description

This command stops the gRPC server. This closes all of the associated TCP connections and immediately purges all RIB entries that were programmed using the RibApi Service.

The shutdown command is not blocked if there are active gRPC sessions. Shutting down gRPC will terminate all active gRPC sessions.

The no form of this command starts the gRPC server.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc>tcp-keepalive shutdown)

Full Context

configure system grpc tcp-keepalive shutdown

Description

This command stops the TCP keepalives from being sent to all gRPC clients.

The no form of this command restarts the sending of TCP keepalives to all gRPC clients.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>snmp>streaming shutdown)

Full Context

configure system snmp streaming shutdown

Description

This command administratively disables proprietary SNMP request/response bundling and TCP-based transport mechanism for optimizing network management of the router nodes.

The no form of the command administratively re-enables SNMP request/response bundling and TCP-based transport mechanism.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>snmp shutdown)

Full Context

configure system snmp shutdown

Description

This command administratively disables SNMP agent operations. System management can then only be performed using the command line interface (CLI). Shutting down SNMP does not remove or change configuration parameters other than the administrative state. This command does not prevent the agent from sending SNMP notifications to any configured SNMP trap destinations. SNMP trap destinations are configured under the config>log>snmp-trap-group context.

This command is automatically invoked in the event of a reboot when the processing of the configuration file fails to complete or when an SNMP persistent index file fails while the bof persist on command is enabled.

The no form of the command administratively enables SNMP which is the default state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>tls>cert-profile shutdown)

Full Context

configure system security tls cert-profile shutdown

Description

This command disables the certificate profile. When the certificate profile is disabled, it will not be sent to the TLS server.

The no form of the command enables the certificate profile and allows it to be sent to the TLS server.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>tls>server-tls-profile shutdown)

[Tree] (config>system>security>tls>client-tls-profile shutdown)

Full Context

configure system security tls server-tls-profile shutdown

configure system security tls client-tls-profile shutdown

Description

This command administratively enables or disables the TLS profile. If the TLS profile is shut down, the TLS operational status will be down. Therefore, if the TLS profile is shut down, any application using TLS should not attempt to send any PDUs.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>bgp>group>neighbor>monitor shutdown)

[Tree] (config>service>vprn>bgp>monitor shutdown)

[Tree] (config>router>bgp>monitor shutdown)

[Tree] (config>router>bgp>group shutdown)

[Tree] (config>router>bgp shutdown)

[Tree] (config>bmp>station shutdown)

[Tree] (config>router>bgp>segment-routing shutdown)

[Tree] (config>bmp>station>connection>tcp-keepalive shutdown)

[Tree] (config>service>vprn>bgp>group>monitor shutdown)

[Tree] (config>router>bgp>group>neighbor>monitor shutdown)

[Tree] (config>router>bgp>group>neighbor shutdown)

[Tree] (config>bmp shutdown)

[Tree] (config>router>bgp>group>monitor shutdown)

Full Context

configure service vprn bgp group neighbor monitor shutdown

configure service vprn bgp monitor shutdown

configure router bgp monitor shutdown

configure router bgp group shutdown

configure router bgp shutdown

configure bmp station shutdown

configure router bgp segment-routing shutdown

configure bmp station connection tcp-keepalive shutdown

configure service vprn bgp group monitor shutdown

configure router bgp group neighbor monitor shutdown

configure router bgp group neighbor shutdown

configure bmp shutdown

configure router bgp group monitor shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file, the shutdown and no shutdown states are always indicated in system generated configuration files.

Default administrative states for services and service entities are described in Special Cases.

The no form of this command places an entity in an administratively enabled state.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>isis>if>level shutdown)

[Tree] (config>router>isis shutdown)

[Tree] (config>router>isis>igp-shortcut shutdown)

[Tree] (config>router>isis>segment-routing shutdown)

[Tree] (config>router>isis>segm-rtng>mapping-server shutdown)

[Tree] (config>router>isis>level>bier shutdown)

[Tree] (config>router>isis>interface shutdown)

Full Context

configure router isis interface level shutdown

configure router isis shutdown

configure router isis igp-shortcut shutdown

configure router isis segment-routing shutdown

configure router isis segment-routing mapping-server shutdown

configure router isis level bier shutdown

configure router isis interface shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>isis>flex-algos shutdown)

Full Context

configure router isis flexible-algorithms shutdown

Description

This command enables IS-IS flexible algorithms. If it is enabled with the no shutdown command the router starts supporting the flexible algorithms IGP LSDB extensions. Flexible algorithm IGP LSDB extensions are by default not enabled.

The no form of this command enables the router to support flexible algorithms.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ospf>flex-algos shutdown)

Full Context

configure router ospf flexible-algorithms shutdown

Description

This command enables OSPFv2 flexible algorithms. If no shutdown is configured, the router enables support for the flexible algorithms IGP LSDB extensions. Flexible algorithm IGP LSDB extensions are disabled by default.

The no form of this command enables the router to support flexible algorithms.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ospf shutdown)

[Tree] (config>router>ospf3 shutdown)

[Tree] (config>router>ospf>area>bier shutdown)

[Tree] (config>router>ospf>segm-rtng>mapping-server shutdown)

[Tree] (config>router>ospf>segm-rtng shutdown)

[Tree] (config>router>ospf3>area>interface shutdown)

[Tree] (config>router>ospf>area>virtual-link shutdown)

[Tree] (config>router>ospf3>area>virtual-link shutdown)

[Tree] (config>router>ospf>igp-shortcut shutdown)

Full Context

configure router ospf shutdown

configure router ospf3 shutdown

configure router ospf area bier shutdown

configure router ospf segment-routing mapping-server shutdown

configure router ospf segment-routing shutdown

configure router ospf3 area interface shutdown

configure router ospf area virtual-link shutdown

configure router ospf3 area virtual-link shutdown

configure router ospf igp-shortcut shutdown

Description

The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within.

Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of this command puts an entity into the administratively enabled state.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ripng>group>neighbor shutdown)

[Tree] (config>router>rip>group shutdown)

[Tree] (config>router>rip>group>neighbor shutdown)

[Tree] (config>router>ripng>group shutdown)

[Tree] (config>router>rip shutdown)

[Tree] (config>router>ripng shutdown)

Full Context

configure router ripng group neighbor shutdown

configure router rip group shutdown

configure router rip group neighbor shutdown

configure router ripng group shutdown

configure router rip shutdown

configure router ripng shutdown

Description

This command administratively disables an entity. Downing an entity does not change, reset or remove any configuration settings or statistics. Many objects must be shutdown before they may be deleted.

The shutdown command administratively downs an entity. Administratively downing an entity changes the operational state of the entity to down and the operational state of any entities contained within the administratively down entity.

Unlike other commands and parameters where the default state will not be indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>segment-routing>maintenance-policy shutdown)

Full Context

configure router segment-routing maintenance-policy shutdown

Description

This command deactivates all segment routing policies and removes the associated entries from the forwarding plane of the router.

The no form of this command enables all segment routing policies so that they can be revalidated and reinstalled as necessary.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>segment-routing>sr-policies>egress-statistics shutdown)

[Tree] (config>router>segment-routing>sr-policies>ingress-statistics shutdown)

Full Context

configure router segment-routing sr-policies egress-statistics shutdown

configure router segment-routing sr-policies ingress-statistics shutdown

Description

This command administratively disables the collection of egress or ingress statistics for all segment routing policies.

The no form of this command administratively enables the collection of egress or ingress statistics for all segment routing policies.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>segment-routing>sr-policies shutdown)

Full Context

configure router segment-routing sr-policies shutdown

Description

This command deactivates all segment routing policies and removes the associated entries from the forwarding plane of the router.

It is necessary to execute this shutdown if you want to make a change to the reserved-label-block reference.

The no form of this command enables all segment routing policies so that they can be revalidated and reinstalled as necessary.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (conf>router>segment-routing>sr-policies>policy>seg-list shutdown)

Full Context

configure router segment-routing sr-policies static-policy segment-list shutdown

Description

This command deactivates a segment-list. If this is done on an active policy with more than one segment list, then traffic forwarded by the policy will be diverted to the remaining segment-lists.

The no form of this command enables the segment list so that it can be validated and installed as necessary.

Default

shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (conf>router>segment-routing>sr-policies>policy shutdown)

Full Context

configure router segment-routing sr-policies static-policy shutdown

Description

This command deactivates the associated static policy and causes another policy for the same (color, endpoint) combination to be promoted as the active path, assuming there is another valid policy.

It is necessary to execute this shutdown if you want to make critical configuration changes to the static policy.

The no form of this command enables the static policy so that it can be validated and installed as necessary.

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>lease-split shutdown)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>lease-split shutdown)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>lease-split shutdown)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay>lease-split shutdown)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay lease-split shutdown

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay lease-split shutdown

configure service vprn subscriber-interface ipv6 dhcp6 relay lease-split shutdown

configure service ies subscriber-interface ipv6 dhcp6 relay lease-split shutdown

Description

This command administratively disables DHCPv6 lease split on the interface.

The no form of this command administratively enables lease split.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>dot1x>per-host-authentication shutdown)

Full Context

configure port ethernet dot1x per-host-authentication shutdown

Description

This command administratively configures per-host authentication on the port.

The no form of this command administratively enables per-host authentication on the port.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>dot1x shutdown)

Full Context

configure port ethernet dot1x shutdown

Description

This command administratively configures the 802.1x functionality (consisting of packet extraction and processing on the CPM) on the port.

The no form of this command administratively enables the 802.1x functionality on the port.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>sfm shutdown)

Full Context

configure sfm shutdown

Description

This command administratively disables the SFM.

The no form of this command administratively enables the SFM.

Default

no shutdown

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>isis>srv6 shutdown)

[Tree] (config>router>segment-routing>srv6>locator shutdown)

Full Context

configure router isis segment-routing-v6 shutdown

configure router segment-routing segment-routing-v6 locator shutdown

Description

This command administratively disables the SRv6 context in a ISIS instance or a SRv6 locator.

The no form of this command enables the SRv6 context in a ISIS instance or a SRv6 locator.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (conf>router>segment-routing>srv6>micro-segment-locator shutdown)

[Tree] (conf>router>sr>srv6>ms>block shutdown)

Full Context

configure router segment-routing segment-routing-v6 micro-segment-locator shutdown

configure router segment-routing segment-routing-v6 micro-segment block shutdown

Description

This command administratively disables the block or micro-segment locator.

The no form of this command enables the block or micro-segment locator.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>bgp>egress-peer-engineering shutdown)

Full Context

configure router bgp egress-peer-engineering shutdown

Description

This command administratively enables or disables BGP-EPE. If enabled, peer node SIDs and peer adjacency SIDs are advertised in BGP-LS.

The no form of this command places the entity into an administratively enabled state and prevents peer node SIDs and peer adjacency SIDs from being advertised in BGP-LS.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>bgp>group>egress-engineering shutdown)

Full Context

configure router bgp group egress-engineering shutdown

Description

This command administratively enables or disable egress engineering on a BGP neighbor or group of neighbors.

If this command is enabled along with the egress-peer-engineering command in BGP, SIDs in the form of MPLS labels are allocated for the segments toward the neighbor and to all links (adjacencies). These adjacencies are then advertised in BGP LS.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

All

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>sis shutdown)

Full Context

configure subscriber-mgmt subscriber-interface-statistics shutdown

Description

This command disables the collection of aggregate subscriber interface statistics.

The no form of this command enables subscriber interface statistics collection.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>subscr-mgmt>gis shutdown)

Full Context

configure subscriber-mgmt group-interface-statistics shutdown

Description

This command disables the collection of aggregate group interface statistics.

The no form of this command enables group interface statistics collection.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>test-oam>link-meas>template shutdown)

Full Context

configure test-oam link-measurement measurement-template shutdown

Description

This command administratively enables and disables the measurement template. The measurement-template can be referenced even if it is disabled. The template must be administratively enabled to transmit probes on any associated IP interface. The template configuration can be modified even if it is administratively enabled. The template can be administratively disabled even if interfaces are actively registered with the template. When the template configuration is modified, all registered IP interfaces start from the initial state and enter a first reporting scenario. This is true even if the template is administratively disabled and enabled, and no configuration changes are made.

The no form of this command disables the measurement template.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>if>if-attr>delay>dyn>twamp>ipv6 shutdown)

[Tree] (config>router>if>if-attr>delay>dyn>twamp>ipv4 shutdown)

Full Context

configure router interface if-attribute delay dynamic twamp-light ipv6 shutdown

configure router interface if-attribute delay dynamic twamp-light ipv4 shutdown

Description

This command enables and disables the TWAMP Light IPv4 or IPv6 protocol. Only one protocol, IPv4 or IPv6, can be enabled at any time. Attempting to enable both protocols is rejected.

The no form of this command administratively disables the IPv4 or IPv6 protocol.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>test-oam>link-meas>template>twl>ipv6-dest-disc shutdown)

Full Context

configure test-oam link-measurement measurement-template twamp-light ipv6-destination-discovery shutdown

Description

This command administratively disables IPv6 destination address discovery.

The no form of this command administratively enables IPv6 destination address discovery.

Default

shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>app-assure>group>ip-id-asst shutdown)

Full Context

configure application-assurance group ip-identification-assist shutdown

Description

This command administratively disables the IP identification assist feature.

The no form of this command enables the IP identification assist feature.

Default

no shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sid

sid

Syntax

sid label value

Context

[Tree] (config>router>ospf>segm-rtng>adjacency-set sid)

[Tree] (config>router>isis>segm-rtng>adjacency-set sid)

Full Context

configure router ospf segment-routing adjacency-set sid

configure router isis segment-routing adjacency-set sid

Description

This command allows a static SID value to be assigned to an adjacency set in IS-IS or OSPF segment routing.

The label option specifies the value is assigned to an MPLS label.

The no form of this command removes the adjacency SID.

Parameters

label value

Specifies the value of adjacency SID label.

Values

18432 to 524287 | 1048575 (FP4 only)

Platforms

All

sid-action

sid-action

Syntax

sid-action action

no sid-action

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment sid-action)

Full Context

configure router p2mp-sr-tree replication-segment sid-action

Description

This command configures the SID action to take for the replication segment of the P2MP SR tree.

The no form of this command removes the SID action.

Default

no sid-action

Parameters

action

Specifies the name of the SID action.

Values

push — Specifies that an outgoing SID list is pushed and forwarded on to the corresponding programmed outgoing interfaces.

pop — Specifies that on the leaf node the incoming SID is popped on the underlay packet forwarded to the host.

swap — Specifies, if an incoming SID is configured, that the SID is swapped with an outgoing SID or SID list and forwarded to the corresponding OIF.

Platforms

All

sid-allocation

sid-allocation

Syntax

sid-allocation {sequential | random}

no sid-allocation

Context

[Tree] (config>subscr-mgmt>ppp-policy sid-allocation)

Full Context

configure subscriber-mgmt ppp-policy sid-allocation

Description

This command configures the method for allocating the PPPoE session ID.

For both sequential and random options, the session ID range is 1 to 8191.

The no form of this command reverts to the default.

Default

sid-allocation sequential

Parameters

sequential

Specifies for PPPoE sessions with the same client MAC address and active on the same SAP, to allocate the session ID in sequential order starting with

ID = 1.

random

Specifies for PPPoE sessions with the same client MAC address and active on the same SAP, to allocate a unique session ID in random order.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sid-length

sid-length

Syntax

sid-length sid-length

Context

[Tree] (conf>router>sr>srv6>micro-segment sid-length)

Full Context

configure router segment-routing segment-routing-v6 micro-segment sid-length

Description

This command configures the length of the micro-segments.

Default

sid-length 16

Parameters

sid-length

Specifies the length of micro-segments, in bits.

Values

16

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

sid-map

sid-map

Syntax

sid-map node-sid {index value [range value]} prefix {{ip-address/mask} | {ip-address} {netmask}} [ set-flags {s}] [level { 1 | 2 | 1/2}] [clear-n-flag]

no sid-map node-sid index value

Context

[Tree] (config>router>isis>segm-rtng>mapping-server sid-map)

Full Context

configure router isis segment-routing mapping-server sid-map

Description

This command configures the Segment Routing mapping server database in IS-IS.

The user enters the node SID index for one or a range of prefixes by specifying the first index value and optionally a range value can be entered. The default value for the range option is 1. Only the first prefix in a consecutive range of prefixes must be entered. The user can enter the first prefix with a mask lower than 32 and the SID or label binding TLV is advertised, but the routers will not resolve these prefix SIDs and will generate a trap.

By setting the S-flag, the user can indicate to the IS-IS routers in the rest of the network that the flooding scope of the SID or label binding TLV is the entire domain. In that case, a router receiving the TLV advertisement should leak it between ISIS levels. If leaked from level 2 to level 1, the D-flag must be set and once set the TLV cannot be leaked back into level 2. Otherwise, the S-flag is clear by default and the TLV must not be leaked by routers that receive the mapping server advertisement.

Note that the SR OS does not leak this TLV between IS-IS instances and does not support the multi-topology SID/Label Binding TLV format.

In addition, the user can specify the mapping server own flooding scope for the generated SID or label binding TLV using the level option. This option allows the user to narrow the flooding scope configured under the router IS-IS level-capability for a one or more SID or label binding TLVs if required. The default flooding scope of the mapping server is Layer 1 or Layer 2, which can be narrowed by the value configured under the router IS-IS level-capability.

The A-flag and M-flag are not supported by the mapping server feature. The mapping client ignores the flags.

Each time a prefix or a range of prefixes is configured in the SR mapping database in any routing instance, the router issues for this prefix or range of prefixes, a prefix-SID sub-TLV within a ISIS SID or label binding TLV in that instance. The flooding scope of the TLV from the mapping server is determined as explained above. No further check of the reachability of that prefix in the mapping server route table is performed. Additionally, no check is performed if the SID index is a duplicate of an existing prefix in the local IGP instance database or if the SID index is out of range with the local SRGB.

The no form of this command deletes the range of node SIDs beginning with the specified index value.

Parameters

index

Specifies the node SID index for the IS-IS prefix that is advertised in a SID/Label Binding TLV.

Values

0 to 4294967295

value

Specifies the node SID range for the IS-IS prefix that is advertised in a SID/Label Binding TLV.

Values

0 to 65535

ip-address/mask

Specifies the IP address and mask.

Values

ip-address: a.b.c.d. (host bits must be 0)

mask: 0 to 32

ip-address netmask

Specifies the IP address netmask.

Values

a.b.c.d. (network bits all 1 and host bits all 0)

set-flags

Specifies the flooding scope of the SID/Label binding TLV.

Default

S-flag clear

The TLV is not leaked by routers receiving the mapping server advertisement

level {1 | 2| 1/2}

Configures the mapping server own flooding scope for the generated SID/Label binding TLV.

Default

1/2

clear-n-flag

Specifies whether the node-sid flag (N-flag) should be cleared in a SID Label Binding TLV.

Platforms

All

sid-map

Syntax

sid-map node-sid index index-value [range range-value] prefix ip-address/mask [netmask]

sid-map node-sid index index-value [range range-value] prefix ip-address/mask [netmask] scope {area area-id | as}

no sid-map node-sid index index-value

Context

[Tree] (config>router>ospf>segm-rtng>mapping-server sid-map)

Full Context

configure router ospf segment-routing mapping-server sid-map

Description

This command configures the Segment Routing mapping server database in OSPF.

The user enters the node SID index for one or a range of prefixes by specifying the first index value and optionally a range value. The default value for the range option is 1. Only the first prefix in a consecutive range of prefixes must be entered. If the user enters the first prefix with a mask lower than 32, the OSPF Extended Prefix Range TLV is advertised but a router which receives it will not resolve SID and instead originates a trap.

The user specifies the mapping server own flooding scope for the generated OSPF Extended Prefix Range TLV using the scope option. There is no default value. If the scope is a specific area, then the TLV is flooded only in that area.

An ABR that propagates an intra-area OSPF Extended Prefix Range TLV flooded by the mapping server in that area into other areas, sets the inter-area flag (IA-flag). The ABR also propagates the TLV if received with the inter-area flag set from other ABR nodes but only from the backbone to leaf areas and not vice-versa. However, if the exact same TLV is advertised as an intra-area TLV in a leaf area, the ABR will not flood the inter-area TLV into that leaf area.

Note:

SR OS does not leak this TLV between OSPF instances.

Each time a prefix or a range of prefixes is configured in the SR mapping database in any routing instance, the router issues for this prefix, or range of prefixes, a prefix-SID sub-TLV within a OSPF Extended Prefix Range TLV in that instance. The flooding scope of the TLV from the mapping server is determined as previously explained. No further check of the reachability of that prefix in the mapping server route table is performed and no check if the SID index is duplicate with some existing prefix in the local IGP instance database or if the SID index is out of range with the local SRGB.

The no form of this command deletes the range of node SIDs beginning with the specified index value.

Default

no prefix-sid-range

Parameters

index index-value

Specifies the index.

Values

0 to 4294967295

range range-value

Specifies the range.

Values

1 to 65535

prefix ip-address/mask

Specifies the IP address in dotted decimal notation.

Values

ip-address/mask:

  • ip-address a.b.c.d (host bits must be 0)

mask: 0 to 132

netmask

Specifies the netmask.

Values

netmask — a.b.c.d (network bits all 1 and host bits all 0)

area area-id

Configures the mapping server own flooding scope for the generated OSPF Extended Prefix Range TLV.

Values

ip-address | 0 to 4294967295

Platforms

All

sid-protection

sid-protection

Syntax

[no] sid-protection

Context

[Tree] (config>router>isis>interface sid-protection)

Full Context

configure router isis interface sid-protection

Description

This command enables or disables adjacency SID protection by LFA and remote LFA.

While LFA and remote LFA Fast-Reroute (FRR) protection is enabled for all node SIDs and local adjacency SIDs when the user enables the loopfree-alternates option in IS-IS or OSPF at the LER and LSR, there are applications where the user wants traffic to never divert from the strict hop computed by CSPF for a SR-TE LSP. In that case, the user can disable protection for all adjacency SIDs formed over a given network IP interface using this command.

The protection state of an adjacency SID is advertised in the B-FLAG of the IS-IS or OSPF Adjacency SID sub-TLV.

Default

sid-protection

Platforms

All

sid-protection

Syntax

[no] sid-protection

Context

[Tree] (config>router>ospf>area>interface sid-protection)

Full Context

configure router ospf area interface sid-protection

Description

This command enables or disables adjacency SID protection by LFA and remote LFA.

LFA and remote LFA Fast-Reroute (FRR) protection is enabled for all node SIDs and local adjacency SIDs when the user enables the loopfree-alternate option in IS-IS or OSPF at the LER and LSR. However, may be applications where the user never wants traffic to divert from the strict hop computed by CSPF for an SR-TE LSP. In this case, the user can disable protection for all adjacency SIDs formed over a particular network IP interface using this command.

The protection state of an adjacency SID is advertised in the B-FLAG of the IS-IS or OSPF Adjacency SID sub-TLV.

Default

sid-protection

Platforms

All

signal-label

signal-label

Syntax

signal-label value

no signal-label

Context

[Tree] (config>port>sonet-sdh>path signal-label)

Full Context

configure port sonet-sdh path signal-label

Description

This command sets the C2 byte value. The purpose of this byte is to communicate the payload type being encapsulated by SONET framing.

This command is supported on TDM satellite.

Default

signal-label 0xcf

Parameters

value

Specifies the C2 byte value, expressed as a decimal integer or a value in hex format.

Values

1 to 254 or 0x01 to 0xfe

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

signal-mode

signal-mode

Syntax

signal-mode {cas}

no signal-mode

Context

[Tree] (config>port>tdm>ds1 signal-mode)

[Tree] (config>port>tdm>e1 signal-mode)

Full Context

configure port tdm ds1 signal-mode

configure port tdm e1 signal-mode

Description

This command activates the signal mode on the channel. When enabled, it uses routing information to direct the payload of voice or data to its destination.

The no form of this command reverts to the default value.

Default

no signal-mode

Parameters

cas

Specifies channel associated signaling.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

signaling

signaling

Syntax

signaling signaling

Context

[Tree] (config>service>epipe>spoke-sdp-fec signaling)

Full Context

configure service epipe spoke-sdp-fec signaling

Description

This command enables a user to configure this router as the active or passive T-PE for signaling this MS-PW, or to automatically select whether this T-PE is active or passive based on the prefix. In an active role, this endpoint initiates MS-PW signaling without waiting for a T-LDP label mapping message to arrive from the far end T-PE. In a passive role, it will wait for the initial label mapping message from the far end before sending a label mapping for this end of the PW. In auto mode, if the SAII has the greater prefix value, then the router will initiate MS-PW signaling without waiting for a label mapping message from the far end. However, if the TAII has the greater value prefix, then the router will assume that the far end T-PE will initiate MS-PW signaling and will wait for that label mapping message before responding with a T-LDP label mapping message for the MS-PW in the reverse direction.

The no form of this command means that the router T-PE automatically selects the which router will initiate MS-PW signaling based on the prefix values configured in the SAII and TAII of the spoke SDP, as previously described.

Default

signaling auto

Parameters

signaling

Configures this router as the active T-PE for signaling this MS-PW.

Values

auto, master

Platforms

All

signaling

Syntax

signaling {off | tldp | bgp}

Context

[Tree] (config>service>sdp signaling)

Full Context

configure service sdp signaling

Description

This command specifies the signaling protocol used to obtain the ingress and egress pseudowire labels in frames transmitted and received on the SDP. When signaling is off then labels are manually configured when the SDP is bound to a service. The signaling value can only be changed while the administrative status of the SDP is down. Additionally, the signaling can only be changed on an SDP if that SDP is not in use by BGP-AD or BGP-VPLS. BGP signaling can only be enabled if that SDP does not already have pseudowires signaled over it.

Note:

If the tldp option is selected as the mechanism for exchanging service labels over an MPLS or GRE SDP and the T-LDP session is automatically established, an explicit T-LDP session that is subsequently configured takes precedence over the automatic T-LDP session. However, if the explicit, manually-configured session is then removed, the system does not revert to the automatic session and the automatic session is also deleted. To address this, recreate the T-LDP session by disabling and re-enabling the SDP using the shutdown and no shutdown commands.

The no form of this command is not applicable. To modify the signaling configuration, the SDP must be administratively shut down and then the signaling parameter can be modified and re-enabled.

Default

signaling tldp

Parameters

off

Ingress and egress signal auto-labeling is not enabled. If this parameter is selected, then each service using the specified SDP must manually configure VPN labels. This configuration is independent of the SDP’s transport type, GRE, MPLS (RSVP or LDP).

tldp

Ingress and egress pseudowire signaling using T-LDP is enabled. Default value used when BGP AD automatically instantiates the SDP.

bgp

Ingress and egress pseudowire signaling using BGP is enabled. Default value used when BGP VPLS automatically instantiates the SDP.

Platforms

All

signature-list

signature-list

Syntax

signature-list name

no signature-list

Context

[Tree] (config>system>security>tls>client-tls-profile signature-list)

Full Context

configure system security tls client-tls-profile signature-list

Description

This command assigns an existing TLS 1.3 signature list to the TLS client profile.

The no form of this command removes the signature list from the client profile.

Default

no signature-list

Parameters

name

Specifies the name of the signature list, up to 32 characters.

Platforms

All

signature-list

Syntax

signature-list name

no signature-list

Context

[Tree] (config>system>security>tls>server-tls-profile signature-list)

Full Context

configure system security tls server-tls-profile signature-list

Description

This command assigns an existing TLS 1.3 signature list to the TLS server profile.

The no form of this command removes the signature list from the server profile.

Default

no signature-list

Parameters

name

Specifies the name of the signature list, up to 32 characters.

Platforms

All

significant-change

significant-change

Syntax

significant-change delta

no significant-change

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr significant-change)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record significant-change

Description

This command configures the significant change required to generate the record.

Parameters

delta

Specifies the delta change (significant change) that is required for the custom record to be generated.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

significant-change

Syntax

significant-change delta

no significant-change

Context

[Tree] (config>app-assure>rad-acct-plcy significant-change)

Full Context

configure application-assurance radius-accounting-policy significant-change

Description

This command configures the significant change required to generate the record.

The no form of this command reverts to the default.

Default

no significant-change

Parameters

delta

Specifies the delta change (significant change) that is required for the charging-group counts to be included in the RADIUS Accounting VSAs.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

significant-change

Syntax

significant-change delta

no significant-change

Context

[Tree] (config>log>acct-policy>cr significant-change)

Full Context

configure log accounting-policy custom-record significant-change

Description

This command configures the significant change required to generate the record. The custom record is only generated when the change in the reference counters equals or exceeds the configured (non-zero) significant change value. Only the reference counters for which there are corresponding counters configured under the related queues and policers are used for the significant change comparison. For reference queues and policers, the change applies to the sum of all configured reference queue and policer counters. When no reference counters are configured or significant-change is zero, the significant change reporting is not active.

Default

significant-change 0

Parameters

delta

Specifies the delta change (significant change) that is required for the custom record to be written to the XML file.

Values

0 to 4294967295 (For custom-record-aa-sub only values 0 or 1 are supported.)

Platforms

All

single-device

single-device

Syntax

single-device

Context

[Tree] (config>app-assure>group>tether-detect single-device)

Full Context

configure application-assurance group tethering-detection single-device

Description

Commands in this context configure the single-device fields and expected TTL values for flow-level tethering detection.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

single-fiber

single-fiber

Syntax

[no] single-fiber

Context

[Tree] (config>port>sonet-sdh single-fiber)

[Tree] (config>port>ethernet single-fiber)

Full Context

configure port sonet-sdh single-fiber

configure port ethernet single-fiber

Description

This command enables packet gathering and redirection of IP packets from a single fiber (RX) port of the Ethernet or SONET/SDH interface and redistributes packets to other interfaces through either static routes or policy-based forwarding.

This parameter can be applied in conjunction with the strip-label command. If they are applied together, the port must have the single-fiber option configured before it can be associated with an interface that is configured with the strip-label option.

Once a port is configured with single-fiber, traffic will no longer be transmitted out of that port. This command can be used in conjunction with strip-label.

Default

no single-fiber

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

single-mac

single-mac

Syntax

[no] single-mac

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host-mgmt>mac-learning-options single-mac)

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host-mgmt>mac-learning-options single-mac)

Full Context

configure service ies subscriber-interface group-interface sap static-host-mgmt mac-learning-options single-mac

configure service vprn subscriber-interface group-interface sap static-host-mgmt mac-learning-options single-mac

Description

This command controls how the SAP learns the IPv6 static host MAC address. Enabling this command indicates that this particular SAP only has one subscriber and only has one MAC address for all hosts. With this parameter enabled, the subscriber’s NS and RS source MAC address is used to automatically populate the subscriber MAC address. To allow this auto-populate behavior, the subscriber’s NS and RS source IP must be of type link local address.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

single-sfm-overload

single-sfm-overload

Syntax

single-sfm-overload [holdoff-time holdoff-time]

no single-sfm-overload

Context

[Tree] (config>service>vprn single-sfm-overload)

Full Context

configure service vprn single-sfm-overload

Description

This command configures OSPF, OSPFv3 and IS-IS to set overload when the router has fewer than the full set of SFMs functioning, which reduces forwarding capacity. Setting overload enables a router to still participate in exchanging routing information, but routes all traffic away from it.

The conditions to set overload are as follows:

  • 7950 XRS-20, 7750 SR-12/SR-7, and 7450 ESS-12/ESS-7 platforms: if an SF/CPMs fails, the protocol will set the overload

  • 7950-40 XRS and 7750 SR-12e platforms: if two SFMs fail (a connected pair on the XRS-40) the protocol will set the overload

The no form of this command configures the router to not set overload if an SFM fails.

Default

no single-sfm-overload

Parameters

holdoff-time

Specifies the delay between detecting SFM failures and setting overload.

Values

1 to 600 seconds

Default

0 seconds

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS, VSR

single-sfm-overload

Syntax

single-sfm-overload [holdoff-time holdoff-time]

no single-sfm-overload

Context

[Tree] (config>router single-sfm-overload)

Full Context

configure router single-sfm-overload

Description

This command configures OSPF, OSPFv3 and IS-IS to set overload when the router has fewer than the full set of SFMs functioning, which reduces forwarding capacity. Setting overload enables a router to still participate in exchanging routing information, but routes all traffic away from it.

The conditions to set overload are as follows:

  • 7750 SR-12/SR-7 and 7450 ESS-12/ESS-7 platforms: protocol sets overload if one of the SF/CPMs fails

  • 7750 SR-12e and 7950 XRS platforms: protocol sets overload if two SFMs fail (two SFMs belonging to different SFM pairs on the XRS-40)

The no form of this command configures the router to not set overload if an SFM fails.

Default

no single-sfm-overload

Parameters

holdoff-time

Specifies the delay between detecting SFM failures and setting overload.

Values

1 to 600 seconds

Default

0 seconds

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS, VSR

single-sub-parameters

single-sub-parameters

Syntax

single-sub-parameters

Context

[Tree] (config>subscr-mgmt>msap-policy>sub-sla-mgmt single-sub-parameters)

Full Context

configure subscriber-mgmt msap-policy sub-sla-mgmt single-sub-parameters

Description

Commands in this context configure single subscriber MSAP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

single-sub-parameters

Syntax

single-sub-parameters

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt single-sub-parameters)

[Tree] (config>service>vpls>sap>sub-sla-mgmt single-sub-parameters)

[Tree] (config>service>ies>if>sap>sub-sla-mgmt single-sub-parameters)

[Tree] (config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt single-sub-parameters)

Full Context

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters

configure service vpls sap sub-sla-mgmt single-sub-parameters

configure service ies interface sap sub-sla-mgmt single-sub-parameters

configure service ies subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters

Description

Commands in this context configure single subscriber SAP parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sip

sip

Syntax

[no] sip

Context

[Tree] (config>service>nat>firewall-policy>alg sip)

[Tree] (config>service>nat>nat-policy>alg sip)

[Tree] (config>service>nat>up-nat-policy>alg sip)

Full Context

configure service nat firewall-policy alg sip

configure service nat nat-policy alg sip

configure service nat up-nat-policy alg sip

Description

This command enables SIP ALG.

The no form of the command disables SIP ALG.

Default

no sip

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy alg sip

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy alg sip
  • configure service nat up-nat-policy alg sip

sip

Syntax

sip [hrs hours] [min minutes] [ sec seconds]

no sip

Context

[Tree] (config>service>nat>nat-policy>timeouts sip)

[Tree] (config>service>nat>firewall-policy>timeouts sip)

[Tree] (config>service>nat>up-nat-policy>timeouts sip)

Full Context

configure service nat nat-policy timeouts sip

configure service nat firewall-policy timeouts sip

configure service nat up-nat-policy timeouts sip

Description

This command configures the SIP inactive media timeout.

Default

sip min 2

Parameters

hours

Specifies the SIP inactive media timeout, in hours.

Values

1 to 2

minutes

Specifies the SIP inactive media timeout, in minutes.

Values

1 to 59

seconds

Specifies the SIP inactive media timeout, in seconds.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat up-nat-policy timeouts sip
  • configure service nat nat-policy timeouts sip

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy timeouts sip

site

site

Syntax

site name [create]

no site name

Context

[Tree] (config>service>vpls site)

Full Context

configure service vpls site

Description

This command configures a VPLS site.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies a site name up to 32 characters in length.

create

This keyword is mandatory while creating a VPLS site.

Platforms

All

site

Syntax

site name [create]

no site name

Context

[Tree] (config>service>epipe site)

Full Context

configure service epipe site

Description

This command configures a Epipe site.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies a site name up to 32 characters in length.

create

This keyword is mandatory while creating a Epipe service.

Platforms

All

site-activation-timer

site-activation-timer

Syntax

site-activation-timer seconds

no site-activation-timer

Context

[Tree] (config>redundancy>bgp-mh site-activation-timer)

Full Context

configure redundancy bgp-mh site-activation-timer

Description

This command defines the amount of time the service manager will keep the local sites in standby status, waiting for BGP updates from remote PEs before running the DF election algorithm to decide whether the site should be unblocked. The timer is started when one of the following event occurs only if the site is operationally up:

  • Manual site activation using "no shutdown” at site-id level or at member object(s) level (for example, SAP(s) or PW(s)

  • Site activation after a failure

The no form of this command sets the value to 2.

Default

no site-activation-timer

Parameters

seconds

Specifies the timer, in seconds.

Values

1 to 100

site-activation-timer

Syntax

site-activation-timer seconds

no site-activation-timer

Context

[Tree] (config>service>vpls>site site-activation-timer)

Full Context

configure service vpls site site-activation-timer

Description

This command configures the time-period the system keeps the local sites in standby status, waiting for BGP updates from remote PEs before running the DF (designated-forwarder) election algorithm to decide whether the site should be unblocked. This timer if terminated if an update is received for which the remote PE has transitioned from DF to non-DF.

The no form of this command removes the value from the configuration.

Default

site-activation-timer 2

Parameters

seconds

Specifies the site activation timer in seconds.

Values

0 to 100

Platforms

All

site-activation-timer

Syntax

site-activation-timer seconds

no site-activation-timer

Context

[Tree] (config>service>epipe>site site-activation-timer)

Full Context

configure service epipe site site-activation-timer

Description

This command configures the time-period the system keeps the local sites in standby status, waiting for BGP updates from remote PEs before running the DF (designated-forwarder) election algorithm to decide whether the site should be unblocked. This timer is terminated if an update is received for which the remote PE has transitioned from DF to non-DF.

The no form of this command removes the value from the configuration.

Default

site-activation-timer 2

Parameters

seconds

Specifies the site activation timer in seconds.

Values

0 to 100

Platforms

All

site-activation-timer

Syntax

site-activation-timer seconds

no site-activation-timer

Context

[Tree] (config>redundancy>bgp-multi-homing site-activation-timer)

Full Context

configure redundancy bgp-multi-homing site-activation-timer

Description

This command defines the amount of time the service manager will keep the local sites in standby status, waiting for BGP updates from remote PEs before running the DF election algorithm to decide whether the site should be unblocked. The timer is started when one of the following events occurs if the site is operationally up:

  • Manual site activation using the no shutdown command at site-id level or at member object(s) level (SAP(s) or PW(s))

  • Site activation after a failure

Default

no site-activation-timer

Parameters

seconds

Specifies the standby status in seconds.

Values

0 to 100

Default

2

Platforms

All

site-id

site-id

Syntax

site-id value

no site-id

Context

[Tree] (config>service>vpls>site site-id)

Full Context

configure service vpls site site-id

Description

This command configures the identifier for the site in this service.

Parameters

value

Specifies the site identifier.

Values

1 to 65535

Platforms

All

site-id

Syntax

site-id value

no site-id

Context

[Tree] (config>service>epipe>site site-id)

Full Context

configure service epipe site site-id

Description

This command configures the identifier for the site in this service. It must match between services but it is local to the service.

Parameters

value

Specifies the site identifier.

Values

1 to 65535

Platforms

All

site-min-down-timer

site-min-down-timer

Syntax

site-min-down-timer seconds

no site-min-down-timer

Context

[Tree] (config>redundancy>bgp-multi-homing site-min-down-timer)

Full Context

configure redundancy bgp-multi-homing site-min-down-timer

Description

This command configures the BGP multi-homing site minimum down time. When this value is set and the site goes operationally down, it remains operationally down for at least the length of time configured by this timer, regardless of whether other state changes might cause the site to go operationally up. This timer is restarted every time the site transitions from operationally up to down.

This timer is optimized in the following circumstances:

  • If the site goes down on the DF but there are no BGP multi-homing peers with the same site in an up state, this timer is not used.

  • If the site goes down on the DF but there are no active BGP multi-homing peers, this timer is not used.

  • If this timer is active and a BGP multihoming update is received from the DF indicating its site is down, this timer is immediately terminated and the BGP multihoming algorithm is triggered to determine whether this PE should become the DF.

The no form of this command removes the value from the configuration.

Default

no site-min-down-timer

Parameters

seconds

Specifies the time, in seconds, that a BGP multi-homing site remains operationally down after a transition from up to down.

Values

1 to 100

Platforms

All

site-min-down-timer

Syntax

site-min-down-timer min-down-time

no site-min-down-timer

Context

[Tree] (config>service>vpls>site site-min-down-timer)

Full Context

configure service vpls site site-min-down-timer

Description

This command configures the BGP multi-homing site minimum down time. When set to a non-zero value, if the site goes operationally down it will remain operationally down for at least the length of time configured for the site-min-down-timer, regardless of whether other state changes would have caused it to go operationally up. This timer is restarted every time that the site transitions from up to down. Setting this parameter to zero allows the minimum down timer to be disabled for this service.

The above operation is optimized in the following circumstances:

  • If the site goes down on the designated forwarder but there are no BGP multi-homing peers with the same site in an operationally up state, then the site-min-down-timer is not started and is not used.

  • If the site goes down on the designated forwarder but there are no active BGP multi-homing peers, then the site-min-down-timer is not started and is not used.

  • If the site-min-down-timer is active and a BGP multi-homing update is received from the designated forwarder indicating its site has gone down, the site-min-down-timer is immediately terminated and this PE becomes the designated forwarder if the BGP multi-homing algorithm determines it should be the designated forwarder.

The no form of this command reverts to the default value.

Default

Taken from the value of site-min-down-timer configured for Multi-Chassis BGP multi-homing under the config>redundancy>bgp-multi-homing context.

Parameters

min-down-time

Specifies the time, in seconds, that a BGP multi-homing site remains operationally down after a transition from up to down.

Values

0 to 100 seconds

Platforms

All

site-min-down-timer

Syntax

site-min-down-timer min-down-time

no site-min-down-timer

Context

[Tree] (config>service>epipe>site site-min-down-timer)

Full Context

configure service epipe site site-min-down-timer

Description

This command configures the BGP multi-homing site minimum down time. When set to a non-zero value, if the site goes operationally down it will remain operationally down for at least the length of time configured for the site-min-down-timer, regardless of whether other state changes would have caused it to go operationally up. This timer is restarted every time that the site transitions from up to down. Setting this parameter to zero allows the minimum down timer to be disabled for this service.

The preceding operation is optimized in the following circumstances:

  • If the site goes down on the designated forwarder but there are no BGP multi-homing peers with the same site in an operationally up state, then the site-min-down-timer is not started and is not used.

  • If the site goes down on the designated forwarder but there are no active BGP multi-homing peers, then the site-min-down-timer is not started and is not used.

  • If the site-min-down-timer is active and a BGP multi-homing update is received from the designated forwarder indicating its site has gone down, the site-min-down-timer is immediately terminated and this PE becomes the designated forwarder if the BGP multi-homing algorithm determines it should be the designated forwarder.

The no form of this command reverts to default value.

Default

Taken from the value of site-min-down-timer configured for Multi-Chassis BGP multi-homing under the config>redundancy>bgp-multi-homing context.

Parameters

min-down-time

Specifies the time, in seconds, that a BGP multi-homing site remains operationally down after a transition from up to down.

Values

0 to 100

Platforms

All

site-preference

site-preference

Syntax

site-preference preference-value

no site-preference

Context

[Tree] (config>service>epipe>site site-preference)

Full Context

configure service epipe site site-preference

Description

This command defines the value to advertise in the VPLS preference field of the BGP VPWS and BGP Multi-homing NLRI extended community. This value can be changed without having to shutdown the site itself. The site-preference is only applicable to VPWS services.

When not configured, the default is zero, indicating that the VPLS preference is not in use.

Default

no site-preference, value=0

Parameters

preference-value

Specifies the preference value to advertise in the NLRI L2 extended community for this site.

Values

1 to 65535

primary

Sets the site-preference to 65535.

backup

Sets the site-preference to 1.

Platforms

All

size

size

Syntax

size queue-set-size allocation-weight weight

Context

[Tree] (config>qos>fp-resource-policy>aggregate-shapers>queue-sets size)

Full Context

configure qos fp-resource-policy aggregate-shapers queue-sets size

Description

This command configures the size and allocation weight for the specified queue set. The available queue sets are distributed based on the allocation weight between different queue sets.

Parameters

queue-set-size

Specifies the size of the queue sets.

Values

2 to 8

weight

Specifies the allocation weight of the queue set.

Values

0 to 100

Platforms

7750 SR-1, 7750 SR-s

size

Syntax

size cache-size

Context

[Tree] (config>app-assure>group>dns-ip-cache>ip-cache size)

Full Context

configure application-assurance group dns-ip-cache ip-cache size

Description

This command configures the maximum number of entries in the cache.

Default

size 10

Parameters

cache-size

Specifies the maximum number of IP addresses that can be stored in the cache.

Values

10 to 32000

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

size

Syntax

size url-list-size

Context

[Tree] (config>app-assure>group>url-list size)

Full Context

configure application-assurance group url-list size

Description

This command specifies the size of the URL list that can be filtered. The size can be set to either standard or extended. Configuring the specified url-list as extended provides support for filtering on a larger number of URLs.

Default

size standard

Parameters

url-list-size

Specifies the size of the AA url-list for URL filtering.

Values

standard, extended

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

size

Syntax

size octets

no size

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping size)

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy size)

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy size)

Full Context

configure saa test type-multi-line lsp-ping size

configure saa test type-multi-line lsp-ping sr-policy size

configure saa test type-multi-line lsp-trace sr-policy size

Description

This command configures the MPLS echo request packet size.

The no form of this command reverts to the default value.

Default

size 1

Parameters

octets

Specifies the size in octets. The request payload is padded with zeros to the specified size.

Values

1 to 9786

Default

1

Platforms

All

size

Syntax

size octets

no size

Context

[Tree] (config>test-oam>icmp>ping-template size)

Full Context

configure test-oam icmp ping-template size

Description

This command configures the size of the Data field (in other words, padding) of the outgoing ICMP echo packet. Minimum packet sizes should be used to test connectivity. Larger packet size should only be used if there is a requirement to spot-check large packet size issues on a very limited number of tests and should not be used for normal connectivity testing. Packet sizes should never be configured to require fragmentation anywhere along the path. Exceeding these recommendations will negatively affect the scale and performance of icmp ping check testing.

The no form of this command reverts to the default value.

Default

size 56

Parameters

octets

Specifies the size of the ICMP echo ping padding field, in octets.

Values

12 to 9786

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

size-limit

size-limit

Syntax

size-limit limit-value

no size-limit

Context

[Tree] (config>call-trace>location size-limit)

Full Context

configure call-trace location size-limit

Description

This command limits the total size of call-trace files on the specified compact flash card.

The no form of this command removes the size restriction.

Default

size-limit 1000

Parameters

limit-value

Specifies the total size of call-trace files on the specified compact flash card, in Mbytes.

Values

1 to 65536

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

size-limit

Syntax

size-limit limit-value

Context

[Tree] (config>call-trace>trace-profile size-limit)

Full Context

configure call-trace trace-profile size-limit

Description

This command specifies a maximum of how big a trace may grow before it is stopped.

Default

size-limit 10

Parameters

limit-value

Specifies the maximum data volume generated by a single call trace job to the output in megabytes. After reaching the limit the call trace job for a given host is automatically terminated.

Values

1 to 1000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

skip-gtp-ipv4-alloc

skip-gtp-ipv4-alloc

Syntax

[no] skip-gtp-ipv4-alloc

Context

[Tree] (config>subscr-mgmt>gtp>apn-policy>apn skip-gtp-ipv4-alloc)

Full Context

configure subscriber-mgmt gtp apn-policy apn skip-gtp-ipv4-alloc

Description

This command enables the ability to skip IPv4 address assignment using a GTP session setup response when PCO "allocation via NAS" is not present in a GTP session creation request. Without this configuration, IPv4 address allocation is done using GTP session setup response, even in absence of the PCO "allocation via NAS" in a GTP session setup request.

The no form of this command reverts to IPv4 address allocation using GTP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

skip-ttl-decrement

skip-ttl-decrement

Syntax

[no] skip-ttl-decrement

Context

[Tree] (config>filter>gre-tun-tmp>ipv4 skip-ttl-decrement)

Full Context

configure filter gre-tunnel-template ipv4 skip-ttl-decrement

Description

This command enables an option to not decrement the TTL of the IP packet matching the IPv4/IPv6 filter, when it is encapsulated into the GRE tunnel header.

The no form of this command disables this option (default). This results in the matching of IP packet’s TTL field to be decremented before it is encapsulated in the GRE tunnel header.

Platforms

All

sla-profile

sla-profile

Syntax

[no] sla-profile

Context

[Tree] (config subscr-mgmt acct-plcy include-radius-attribute sla-profile)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute sla-profile

Description

This command specifies that SLA profile attributes should be included into RADIUS accounting messages.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sla-profile

Syntax

sla-profile sla-profile-name

no sla-profile

Context

[Tree] (config service vprn if sap static-host sla-profile)

[Tree] (config service ies if sap static-host sla-profile)

[Tree] (config service ies sub-if grp-if sap static-host sla-profile)

[Tree] (config service vpls sap static-host sla-profile)

[Tree] (config service vprn sub-if grp-if sap static-host sla-profile)

Full Context

configure service vprn interface sap static-host sla-profile

configure service ies interface sap static-host sla-profile

configure service ies subscriber-interface group-interface sap static-host sla-profile

configure service vpls sap static-host sla-profile

configure service vprn subscriber-interface group-interface sap static-host sla-profile

Description

This command specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

The no form of this command reverts to the default.

Parameters

sla-profile-name

Specifies the SLA profile name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sla-profile

Syntax

sla-profile sla-profile-name [create]

no sla-profile sla-profile-name

Context

[Tree] (config subscr-mgmt sla-profile)

Full Context

configure subscriber-mgmt sla-profile

Description

This command configures an SLA profile mapping. Hosts associated with a subscriber are subdivided into Service Level Agreement (SLA) profiles. For each subscriber host an SLA profile can be specified. For a subscriber host, the SLA profile determines:

  • The QoS-policies to use

    • The classification

    • The queues

    • The queue mapping

  • The IP filters to use

The SLA profile also has the attribute host-limits which limits the total number of hosts (belonging to the same subscriber) on a certain SAP that can be using this SLA profile.

The no form of this command reverts to the default.

Parameters

sla-profile-name

Specifies the name of the SLA profile.

create

Keyword used to create the SLA profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sla-profile-map

sla-profile-map

Syntax

sla-profile-map

Context

[Tree] (config>subscr-mgmt>sub-ident-pol sla-profile-map)

Full Context

configure subscriber-mgmt sub-ident-policy sla-profile-map

Description

Commands in this context configure SLA profile mapping parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sla-profile-map

Syntax

sla-profile-map

Context

[Tree] (config>subscr-mgmt>sub-prof sla-profile-map)

Full Context

configure subscriber-mgmt sub-profile sla-profile-map

Description

Commands in this context configure SLA profile mapping.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sla-profile-string

sla-profile-string

Syntax

sla-profile-string sla-profile-string

no sla-profile-string

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings sla-profile-string)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings sla-profile-string)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings sla-profile-string

configure subscriber-mgmt local-user-db ppp host identification-strings sla-profile-string

Description

This command specifies the SLA profile string which is encoded in the identification strings.

The no form of this command returns to the default.

Parameters

sla-profile-string

Specifies the SLA profile string, up to 16 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sla-profile-string

Syntax

sla-profile-string string

no sla-profile-string

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile sla-profile-string)

Full Context

configure subscriber-mgmt vrgw brg brg-profile sla-profile-string

Description

This command configures the SLA profile string which will be used as a default for SLA-profile lookup. This string can be overridden during BRG or host authentication.

The no form of the command removes the string from the configuration.

Default

no sla-profile-string

Parameters

string

Specifies the string to use to look up the subscriber profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

slaac

slaac

Syntax

slaac

Context

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client slaac)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client slaac)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client slaac

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client slaac

Description

This command configures SLAAC for the DHCPv6 client.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

slaac-prefix

slaac-prefix

Syntax

slaac-prefix ipv6-address

no slaac-prefix

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query slaac-prefix)

Full Context

configure subscriber-mgmt wlan-gw ue-query slaac-prefix

Description

This command enables matching on UEs with the specified SLAAC prefix.

The no form of this command disables matching on the SLAAC prefix.

Default

no slaac-prefix

Parameters

ipv6-address

Specifies the SLAAC prefix.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

sleep

sleep

Syntax

sleep [seconds]

Context

[Tree] (sleep)

Full Context

sleep

Description

This command causes the console session to pause operation (sleep) for 1 second (default) or for the specified number of seconds.

Default

sleep 1

Parameters

seconds

Specifies the number of seconds for the console session to sleep, expressed as a decimal integer.

Values

1 to 100

Default

1

Platforms

All

slice-size

slice-size

Syntax

slice-size slice-size

no slice-size

Context

[Tree] (config>mirror>mirror-dest slice-size)

Full Context

configure mirror mirror-dest slice-size

Description

This command enables mirrored frame truncation and specifies the maximum size, in bytes, of a mirrored frame that can be transmitted to the mirror destination.

This command enables mirroring larger frames than the destination packet decode equipment can handle. It also allows conservation of mirroring resources by limiting the size of the packet stream through the router and the core network.

When defined, the mirror slice-size creates a threshold that truncates a mirrored frame to a specific size. For example, if the value of 256 bytes is defined, a frame larger than 256 bytes will only have the first 256 bytes transmitted to the mirror destination. The original frame is not affected by the truncation. The mirrored frame size may increase if encapsulation information is added during transmission through the network core or out the mirror destination SAP to the packet/protocol decode equipment.

The actual capability of the router to transmit a sliced or non-sliced frame is also dictated by the mirror destination SDP path-mtu or the mirror destination SAP physical MTU. Packets that require a larger MTU than the mirroring destination supports are discarded if the defined slice-size does not truncate the packet to an acceptable size.

Notes:

  • When configuring IP mirroring, packet slice is rejected as an incorrect option as it will cause IP packets to be rejected by the next hop with an IP header verification error.

  • Slice-size is not supported by CEM encap-types or IP-mirroring.

The no form of this command disables mirrored packet truncation.

Parameters

slice-size

Specifies the number of bytes to which mirrored frames are truncated, expressed as a decimal integer.

Values

128 to 9216

Platforms

All

slm

slm

Syntax

slm [test-id test-id] [create]

no slm

Context

[Tree] (config>oam-pm>session>ethernet slm)

Full Context

configure oam-pm session ethernet slm

Description

This command defines the test ID to be assigned to the synthetic loss test and creates the container to allow the individual test parameters to be configured.

The no form of this command removes the SLM test function from the PM Session.

Parameters

test-id

Specifies the value to be placed in the 4-byte test ID field of an ETH-SLM PDU.

Values

0 to 2147483647

create

Creates the test.

Platforms

All

slm

Syntax

slm

Context

[Tree] (config>eth-cfm slm)

Full Context

configure eth-cfm slm

Description

This is the container that provides the global configuration parameters for ITU-T Synthetic Loss Measurement (ETH-SL).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

slope-policy

slope-policy

Syntax

slope-policy name

no slope-policy

Context

[Tree] (config>port>network>egress>pool slope-policy)

[Tree] (config>port>access>ingress>pool slope-policy)

[Tree] (config>port>access>egress>pool slope-policy)

[Tree] (config>port>access>egress>channel>pool slope-policy)

Full Context

configure port network egress pool slope-policy

configure port access ingress pool slope-policy

configure port access egress pool slope-policy

configure port access egress channel pool slope-policy

Description

This command specifies an existing slope policy which defines high and low priority RED slope parameters and the time average factor. The policy is defined in the config>qos>slope-policy context.

Default

slope-policy default

Parameters

name

Specifies the policy name, a string up to 32 characters.

Platforms

All

slope-policy

Syntax

slope-policy slope-policy-name

no slope-policy

Context

[Tree] (config>card>fp>egress>wred-queue-control slope-policy)

Full Context

configure card fp egress wred-queue-control slope-policy

Description

This command configures WRED slopes within the WRED mega-pool. The WRED slopes in the WRED mega-pool are used when WRED queues are requesting buffers from the mega-pool while they are over their CBS threshold. Once over the CBS threshold, the WRED queue stops receiving buffers from the CBS reserve in the mega-pool and starts competing for buffers in the shared portion of the mega-pool. If the packet resulting in the buffer request is inplus-profile, the packet will be associated with the highplus-slope. In-profile packets are associated with the high slope. Out-of-profile packets are associated with the low slope. Exceed-profile packets are associated with the exceed slope. While the queue is within its CBS threshold, the slopes are ignored.

Within the defined slope-policy, each slope is enabled or disabled (no shutdown or shutdown) and each slope’s geometry is defined as percentages of shared portion depth. If a slope is shutdown, the related traffic uses the minimum of the queue MBS and egress WRED megapool size as a drop tail.

The slope-policy also defines the time average factor (TAF) value that is used to determine how the pool’s weighted average depth is calculated. The higher the factor, the slower the average depth tracks the actual pool depth.

The no form of this command reverts to the default slope policy to the WRED mega-pool.

Default

slope-policy default

Parameters

slope-policy-name

Specifies which slope policy the system should apply to the WRED mega-pool. When slope-policy is not executed, the WRED mega-pool will use the default slope policy. The defined slope policy must already exist or the command will fail. 32 characters maximum.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

slope-policy

Syntax

slope-policy name

no slope-policy

Context

[Tree] (config>card>fp>ingress>network>pool slope-policy)

Full Context

configure card fp ingress network pool slope-policy

Description

This command specifies an existing slope policy which defines high and low priority RED slope parameters and the time average factor. The policy is defined in the config>qos>slope-policy context.

Default

slope-policy default

Parameters

name

Specifies the policy name, a string up to 32 characters.

Platforms

All

slope-policy

Syntax

slope-policy slope-policy-name

no slope-policy

Context

[Tree] (config>isa>aa-grp>qos>egress>to-subscriber>pool slope-policy)

[Tree] (config>isa>aa-grp>qos>egress>from-subscriber>pool slope-policy)

Full Context

configure isa application-assurance-group qos egress to-subscriber pool slope-policy

configure isa application-assurance-group qos egress from-subscriber pool slope-policy

Description

This command specifies an existing slope policy which defines high and low priority RED slope parameters and the time average factor. The slope policy is defined in the config>qos>slope-policy context.

Parameters

slope-policy-name

Specifies the name of the slope policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

slope-policy

Syntax

slope-policy policy-name

no slope-policy

Context

[Tree] (config>qos>hs-pool-policy>root-tier>root-pool slope-policy)

[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool slope-policy)

Full Context

configure qos hs-pool-policy root-tier root-pool slope-policy

configure qos hs-pool-policy mid-tier mid-pool slope-policy

Description

This command specifies the slope policy to be used to define the high, low, and exceed slopes within the pool. The slope (high, low, or exceed) used on the egress queue for the packet that generated the buffer request is also used in the mid-pool from the applied slope policy. The pool’s current allocation amount is applied to the appropriate slope to derive the buffer rejection probability. The probability value is compared to a randomly-generated number. If the probability decision generates a rejection decision or the buffer pool has no remaining free buffers, the buffer request fails and the arriving packet is discarded. Otherwise, a buffer is allocated as long as the port-class and root-tier buffer pools also honor the buffer request.

The no form of the command restores the default slope policy to the associated pool.

Default

slope-policy _tmnx_hs_default

Parameters

policy-name

Specifies the slope policy associated with this pool, up to 32 characters.

Platforms

7750 SR-7/12/12e

slope-policy

Syntax

slope-policy policy-name

no slope-policy

Context

[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools>class-pool slope-policy)

[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools>class-pool slope-policy)

Full Context

configure qos hs-port-pool-policy alt-port-class-pools class-pool slope-policy

configure qos hs-port-pool-policy std-port-class-pools class-pool slope-policy

Description

This command specifies the slope policy that is used to define the high, low, and exceed slopes within the port-class pool. The slope used on the egress queue for the packet that generated the buffer request is also used in the class-pool. The pool’s current allocation amount is applied to the appropriate slope to derive the buffer rejection probability. The probability value is compared to a randomly generated number. If the probability decision generates a rejection or the buffer pool has no remaining free buffers, the buffer request fails and the arriving packet is discarded. Otherwise, a buffer is allocated as long as the mid-tier and root-tier buffer pools also honor the buffer request.

The no form of the command restores the default slope policy to the associated class-pool.

Default

slope-policy _tmnx_hs_default

Parameters

policy-name

Specifies the policy name, up to 32 characters. This parameter is required when executing the slope-policy command and must refer to an existing slope policy within the system. If a slope policy with the specified name does not exist, the slope-policy command fails without modifying the slope behavior on the pool. A non-existent slope-policy error is generated. After a slope policy is associated with any HSQ queue or buffer pool, the policy cannot be deleted.

Platforms

7750 SR-7/12/12e

slope-policy

Syntax

slope-policy name [create]

no slope-policy name

Context

[Tree] (config>qos slope-policy)

Full Context

configure qos slope-policy

Description

Commands in this context configure a QoS slope policy.

Default

slope-policy "default”

Parameters

name

The name of the slope policy.

Values

Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Platforms

All

slope-policy

Syntax

slope-policy src-name dst-name [overwrite]

Context

[Tree] (config>qos>copy slope-policy)

Full Context

configure qos copy slope-policy

Description

This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

slope-policy

Indicates that the source policy ID and the destination policy ID are slope policy IDs. Specify the source policy ID that the copy command will attempt to copy from and specify the destination policy ID to which the command will copy a duplicate of the policy.

overwrite

Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, an error will occur if the destination policy ID exists.

ALA-7>config>qos# copy slope-policy default sp1
MINOR: CLI Destination "sp1" exists - use {overwrite}.
ALA-7>config>qos#overwrite

Platforms

All

slow-psc-timer

slow-psc-timer

Syntax

slow-psc-timer interval

no slow-psc-timer

Context

[Tree] (config>router>mpls>mpls-tp>protection-template slow-psc-timer)

Full Context

configure router mpls mpls-tp protection-template slow-psc-timer

Description

This command configures the slow timer value to be used for protection switching coordination (PSC) packets for MPLS-TP linear protection (RFC 6378).

Default

slow-psc-timer 5

Parameters

interval

Specifies the slow timer interval in seconds.

Values

5 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

slow-queue-threshold

slow-queue-threshold

Syntax

slow-queue-threshold kilobits-per-second

no slow-queue-threshold

Context

[Tree] (config>card>virt-sched-adj slow-queue-threshold)

Full Context

configure card virtual-scheduler-adjustment slow-queue-threshold

Description

This command overrides the system default rate threshold where policers and queues are placed in the "slow” queue category. Slow rate policers and queues use a different minimum rate calculation interval time than fast rate queues. The rate is determined based on the previous calculated offered rate for the policer or queue.

The default slow policer or queue rate is 1 Mb/s. The fast rate is derived by multiplying the slow rate by a factor of 1.5 resulting in a default fast rate of 1.5 Mb/s. The slow-queue-threshold command uses a "Kilobit-Per-Second” value to modify the default slow queue rate threshold and indirectly changes the fast queue rate threshold.

The no form of this command restores the default slow queue and fast rate thresholds.

Default

no slow-queue-threshold

Parameters

kilobits-per-second

Specifies that the kilobit-per-second parameter is required and is used to modify the default slow rate threshold. Defining a value of 0 forces all policers and queues to be treated as fast rate. Defining a value of 1000 (1 Mb/s) returns the threshold to the default value and is equivalent to executing no slow-queue-threshold.

The fast rate threshold is derived by multiplying the new slow rate threshold by a factor of 1.5.

Values

0 to 1000000 kb/s

Default

1000 kb/s

Platforms

All

sm-tti

sm-tti

Syntax

sm-tti

Context

[Tree] (config>port>otu sm-tti)

Full Context

configure port otu sm-tti

Description

Commands in this context configure section monitoring trail trace identifier parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

snap-oui

snap-oui

Syntax

snap-oui {zero | non-zero}

no snap-oui

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match snap-oui)

Full Context

configure qos sap-ingress mac-criteria entry match snap-oui

Description

Configures an IEEE 802.3 LLC SNAP Ethernet frame OUI zero or non-zero value to be used as a service ingress QoS policy match criterion.

The no form of this command removes the criterion from the match criteria.

Default

no snap-oui

Parameters

zero

Specifies to match packets with the 3-byte OUI field in the SNAP-ID set to zero.

non-zero

Specifies to match packets with the 3-byte OUI field in the SNAP-ID not set to zero.

Platforms

All

snap-oui

Syntax

snap-oui {zero | non-zero}

no snap-oui

Context

[Tree] (config>filter>mac-filter>entry>match snap-oui)

Full Context

configure filter mac-filter entry match snap-oui

Description

This command configures an IEEE 802.3 LLC SNAP Ethernet Frame OUI zero or non-zero value to be used as a MAC filter match criterion.

The no form of the command removes the criterion from the match criteria.

Default

no snap-oui

Parameters

zero

Specifies to match packets with the three-byte OUI field in the SNAP-ID set to zero.

non-zero

Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero.

Platforms

All

snap-oui

Syntax

snap-oui {zero | non-zero}

no snap-oui

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match snap-oui)

Full Context

configure system security management-access-filter mac-filter entry match snap-oui

Description

This command configures an IEEE 802.3 LLC SNAP Ethernet Frame OUI zero or non-zero value to be used as a MAC filter match criterion.

The no form of this command removes the criterion from the match criteria.

Default

no snap-oui

Parameters

zero

Specifies to match packets with the three-byte OUI field in the SNAP-ID set to zero.

non-zero

Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero.

Platforms

All

snap-pid

snap-pid

Syntax

snap-pid snap-pid

no snap-pid

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match snap-pid)

Full Context

configure qos sap-ingress mac-criteria entry match snap-pid

Description

Configures an IEEE 802.3 LLC SNAP Ethernet frame PID value to be used as a service ingress QoS policy match criterion.

This is a 2-byte protocol id that is part of the IEEE 802.3 LLC SNAP Ethernet Frame that follows the 3-byte OUI field.

The snap-pid field, etype field, ssap, and dsap fields are mutually exclusive and cannot be part of the same match criteria.

The snap-pid match criteria is independent of the OUI field within the SNAP header. Two packets with different 3-byte OUI fields, but the same PID field, will both match the same policy entry based on a snap-pid match criteria.

The no form of this command removes the snap-pid value as the match criteria.

Default

no snap-pid

Parameters

snap-pid

The 2-byte snap-pid value to be used as a match criterion in hexadecimal.

Values

0x0000 to 0xFFFF

Platforms

All

snap-pid

Syntax

snap-pid snap-pid

no snap-pid

Context

[Tree] (config>filter>mac-filter>entry>match snap-pid)

Full Context

configure filter mac-filter entry match snap-pid

Description

Configures an IEEE 802.3 LLC SNAP Ethernet Frame PID value to be used as a MAC filter match criterion.

This is a two-byte protocol id that is part of the IEEE 802.3 LLC SNAP Ethernet Frame that follows the three-byte OUI field.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria.

The snap-pid match criterion is independent of the OUI field within the SNAP header. Two packets with different three-byte OUI fields but the same PID field will both match the same filter entry based on a snap-pid match criteria.

The no form of the command removes the snap-pid value as the match criteria.

Default

no snap-pid

Parameters

snap-pid

Specifies the two-byte snap-pid value to be used as a match criterion. The value can be expressed in decimal integer or hexadecimal format.

Values

0 to 65535 or 0x0000 to 0xFFFF

Platforms

All

snap-pid

Syntax

snap-pid snap-pid

no snap-pid

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match snap-pid)

Full Context

configure system security management-access-filter mac-filter entry match snap-pid

Description

This command configures an IEEE 802.3 LLC SNAP Ethernet Frame PID value to be used as a MAC filter match criterion.

This is a two-byte protocol id that is part of the IEEE 802.3 LLC SNAP Ethernet Frame that follows the three-byte OUI field.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide for information about MAC Match Criteria Exclusivity Rules fields that are exclusive based on the frame format.

Note:

The snap-pid match criterion is independent of the OUI field within the SNAP header. Two packets with different three-byte OUI fields but the same PID field will both match the same filter entry based on a snap-pid match criteria.

The no form of this command removes the snap-pid value as the match criteria.

Default

no snap-pid

Parameters

pid-value

Specifies the two-byte snap-pid value to be used as a match criterion in hexadecimal.

Values

0x0000 to 0xFFFF

Platforms

All

snmp

snmp

Syntax

snmp

Context

[Tree] (config>service>vprn snmp)

Full Context

configure service vprn snmp

Description

Commands in this context configure SNMP parameters for this VPRN.

Platforms

All

snmp

Syntax

snmp

Context

[Tree] (config>system>security>user snmp)

Full Context

configure system security user snmp

Description

This command creates the context to configure SNMP group membership for a specific user and defines encryption and authentication parameters.

All SNMPv3 users must be configured with the commands available in this CLI node.

The OS always uses the configured SNMPv3 user name as the security user name.

Platforms

All

snmp

Syntax

snmp

Context

[Tree] (config>system>security snmp)

[Tree] (config>system snmp)

Full Context

configure system security snmp

configure system snmp

Description

This command creates the context to configure SNMPv1, SNMPv2, and SNMPv3 parameters.

Platforms

All

snmp-trap-group

snmp-trap-group

Syntax

snmp-trap-group log-id | log-name [name log-name]

no snmp-trap-group log-id | log-name

Context

[Tree] (config>service>vprn>log snmp-trap-group)

Full Context

configure service vprn log snmp-trap-group

Description

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a specific log-id.

A group specifies the types of SNMP traps and specifies the log ID that will receive the group of SNMP traps. The user must configure a trap group before SNMP traps can be sent.

To suppress the generation of all alarms and traps, see the event-control command. To suppress alarms and traps that are sent to this log-id, see the filter command. After alarms and traps are generated, they can be directed to one or more SNMP trap groups. Log events that can be forwarded as SNMP traps are always defined on the main event source.

The no form of this command deletes the SNMP trap group.

Default

There are no default SNMP trap groups.

Parameters

log-id | log-name

Specifies the log ID or name (up to 32 characters).

Values

log-id: 1 to 100

name log-name

Specifies an optional log name of a log configured in the log-id context, up to 32 characters, that can be used to refer to the log after it is created. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.

Platforms

All

snmp-trap-group

Syntax

snmp-trap-group log-id | log-name [name log-name]

no snmp-trap-group log-id | log-name

Context

[Tree] (config>log snmp-trap-group)

Full Context

configure log snmp-trap-group

Description

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a specified log-id.

A group specifies the types of SNMP traps and the log ID which that will receive the SNMP trap group. The user must configure a trap to send SNMP traps.

To suppress the generation of all alarms and traps, see the event-control command. To suppress alarms and traps that are sent to this log ID, see the filter command. When alarms and traps are generated, they can be directed to one or more SNMP trap groups. Log events that can be forwarded as SNMP traps are always defined at the main event source.

The no form of this command deletes the SNMP trap group.

Parameters

log-id | log-name

Specifies the log ID or log name (up to 32 characters).

Values

log-id: 1 to 100

name log-name

Specifies an optional log name of a log configured in the log-id context, up to 32 characters, that can be used to refer to the log after it is created. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.

Platforms

All

snoop

snoop

Syntax

[no] snoop

Context

[Tree] (config>service>vpls>sap>dhcp snoop)

[Tree] (config>service>vprn>nw-if>dhcp snoop)

[Tree] (config>service>vpls>spoke-sdp>dhcp snoop)

[Tree] (config>service>vpls>mesh-sdp>dhcp snoop)

[Tree] (config>service>vprn>if>dhcp>option snoop)

Full Context

configure service vpls sap dhcp snoop

configure service vprn nw-if dhcp snoop

configure service vpls spoke-sdp dhcp snoop

configure service vpls mesh-sdp dhcp snoop

configure service vprn interface dhcp option snoop

Description

This command enables snooping of DHCP or DHCP6 messages on the SAP or SDP. Enabling DHCP or DHCP6 snooping on interfaces (SAPs and SDP bindings) is required where DHCP or DHCP6 messages important to lease state table population are received, or where Option 82 information is to be inserted. This includes interfaces that are in the path to receive messages from either DHCP or DHCP6 servers or from subscribers.

The no form of this command disables DHCP or DHCP6 snooping on the specified SAP or SDP binding.

Default

no snoop

Platforms

All

snooping

snooping

Syntax

[no] snooping

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 snooping)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 snooping)

Full Context

configure service ies subscriber-interface group-interface ipv6 dhcp6 snooping

configure service vprn subscriber-interface group-interface ipv6 dhcp6 snooping

Description

This command enables the group-interface to snoop DHCPv6 relay messages exchange between the subscriber host and the DHCPv6 server. A successful DHCPv6 address assignment triggers ESM DHCPv6 host creation and a release of the lease triggers host deletion. This feature is for ESMv6 applications where a Layer 3 aggregation network is upstream from the BNG.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sntp

sntp

Syntax

[no] sntp

Context

[Tree] (config>system>time sntp)

Full Context

configure system time sntp

Description

This command creates the context to edit the Simple Network Time Protocol (SNTP).

SNTP can be configured in either broadcast or unicast client mode. SNTP is a compact, client-only version of the NTP. SNTP can only receive the time from SNTP/NTP servers. It cannot be used to provide time services to other systems.

The system clock is automatically adjusted at system initialization time or when the protocol first starts up.

When the time differential between the SNTP/NTP server and the system is more than 2.5 seconds, the time on the system is gradually adjusted.

SNTP is created in an administratively enabled state (no shutdown).

The no form of the command removes the SNTP instance and configuration. SNTP does not need to be administratively disabled when removing the SNTP instance and configuration.

Default

sntp

Platforms

All

socket

socket

Syntax

socket [neighbor ip-address | group name]

no socket

Context

[Tree] (debug>router>bgp socket)

Full Context

debug router bgp socket

Description

This command logs all TCP socket events to the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

soft-preemption

soft-preemption

Syntax

[no] soft-preemption

Context

[Tree] (config>router>mpls>lsp-template soft-preemption)

[Tree] (config>router>mpls>lsp soft-preemption)

Full Context

configure router mpls lsp-template soft-preemption

configure router mpls lsp soft-preemption

Description

This command enables soft preemption for LSPs of type p2mp-lsp and LSP templates of type p2mp. The soft preemption bit is set to 1 if the following conditions are met; otherwise, the bit is set to 0.

  • soft preemption is enabled, and

  • the P2MP LSP is adaptive, has non-zero bandwidth, and is computed using the local CSPF method

The no form of the command disables soft preemption on the P2MP LSP and P2MP LSP template.

Note:

Soft preemption is always enabled for P2P LSPs and P2P LSP templates and cannot be disabled.

Default

no soft-preemption

Platforms

All

soft-quota-exhausted

soft-quota-exhausted

Syntax

[no] soft-quota-exhausted

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query soft-quota-exhausted)

[Tree] (config>aaa>isa-radius-policy>acct-update-triggers soft-quota-exhausted)

Full Context

configure subscriber-mgmt wlan-gw ue-query soft-quota-exhausted

configure aaa isa-radius-policy acct-update-triggers soft-quota-exhausted

Description

This command sends an interim update message when a soft volume quota is reached.

Default

soft-quota-exhausted

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

soft-quota-exhausted-filter

soft-quota-exhausted-filter

Syntax

soft-quota-exhausted-filter dsm-ip-filter-name

no soft-quota-exhausted-filter

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm soft-quota-exhausted-filter)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm soft-quota-exhausted-filter)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt soft-quota-exhausted-filter

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt soft-quota-exhausted-filter

Description

This command applies a filter when a soft volume quota is reached. The filter replaces the currently applied filter (which can be preconfigured using the vlan-range ip-filter command or be set using RADIUS authentication/ CoA message) for the UE upon quota exhaustion. If the quota is extended using a RADIUS CoA message, the filter is automatically reverted. Configuration changes apply only to new DSM UEs and not to existing UEs.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

software-repository

software-repository

Syntax

software-repository repository-name

no software-repository

Context

[Tree] (config>system>satellite>eth-sat software-repository)

[Tree] (config>system>satellite>tdm-sat software-repository)

Full Context

configure system satellite eth-sat software-repository

configure system satellite tdm-sat software-repository

Description

This command binds the specified software repository to the associated satellite. The software repository is used to locate and serve the correct software image to the satellite at boot time.

The configured software repository is only used when the satellite boots. Changing the software repository for an active satellite does not have an effect until the next time a satellite boots.

A satellite cannot be booted if there is no software repository defined for it.

The no form of the command removes the software repository.

Default

no software-repository

Parameters

repository-name

Specifies a string, up to 32 characters, that uniquely identifies the software repository.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure system satellite eth-sat software-repository

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure system satellite tdm-sat software-repository

software-repository

Syntax

software-repository repository-name [create]

no software-repository repository-name

Context

[Tree] (config>system software-repository)

Full Context

configure system software-repository

Description

This command creates or deletes an instance of a software repository. The instance is identified by a repository name.

A software repository is used to obtain files to upgrade software on certain subsystems of the router (for example, Ethernet satellites).

Up to three locations can be specified within a software repository for the router to access files in the repository. The router will first attempt to access the file at the primary location. If the primary location is not configured or the files are not found at the primary location, then the router will attempt to access the files at the secondary location. If the secondary location is not configured or the files are not found at the secondary location, then the router will attempt to access the files at the tertiary location. If the tertiary location is not configured or the files are not found at the tertiary location, then the software repository access will fail.

The no form of the command removes the software repository.

Parameters

repository-name

Specifies a string, up to 32 characters, that uniquely identifies the software repository.

create

Specifies the keyword required when the software-repository context is first created. Once the context is created, it can be accessed without the create keyword.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

solicit-delay

solicit-delay

Syntax

solicit-delay delay

no solicit-delay

Context

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>advertise-selection solicit-delay)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection solicit-delay)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection solicit-delay)

Full Context

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection solicit-delay

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection solicit-delay

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection solicit-delay

Description

This command configures the default time to delay DHCPv6 Solicit messages. The delay is applied to all DHCPv6 Solicit messages for which no per DHCPv6 server or per client MAC delay or preference option value is configured.

The no form of this command removes the delay timeout.

Parameters

delay

Specifies the default amount of time to delay DHCPv6 Solicit messages, in deciseconds.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

solicit-delay

Syntax

solicit-delay delay

no solicit-delay

Context

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>advertise-selection>client-mac solicit-delay)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection>client-mac solicit-delay)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection>client-mac solicit-delay)

Full Context

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection client-mac solicit-delay

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac solicit-delay

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac solicit-delay

Description

This command configures the time to delay DHCPv6 Solicit messages with an odd or even source MAC address.

The no form of this command removes the delay timeout.

Parameters

delay

Specifies the time to delay DHCPv6 Solicit messages with an odd or even source MAC address, in deciseconds.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

solicit-delay

Syntax

solicit-delay delay

no solicit-delay

Context

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>advertise-selection>server solicit-delay)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection>server solicit-delay)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection>server solicit-delay)

Full Context

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection server solicit-delay

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server solicit-delay

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server solicit-delay

Description

This command configures the time to delay DHCPv6 Solicit messages relayed to the server.

The no form of this command removes the delay timeout.

Parameters

delay

Specifies the time to delay DHCPv6 Solicit messages that are relayed to the server, in deciseconds.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

solicited-release

solicited-release

Syntax

[no] solicited-release

Context

[Tree] (config>router>dhcp>server>lease-hold-time-for solicited-release)

[Tree] (config>service>vprn>dhcp6>server>lease-hold-time-for solicited-release)

[Tree] (config>router>dhcp6>server>lease-hold-time-for solicited-release)

[Tree] (config>service>vprn>dhcp>server>lease-hold-time-for solicited-release)

Full Context

configure router dhcp local-dhcp-server lease-hold-time-for solicited-release

configure service vprn dhcp6 local-dhcp-server lease-hold-time-for solicited-release

configure router dhcp6 local-dhcp-server lease-hold-time-for solicited-release

configure service vprn dhcp local-dhcp-server lease-hold-time-for solicited-release

Description

This command enables the server to hold up a lease even in case of solicited release; for example, when the server receives a normal DHCP release message.

The no form of this command disables the ability of the server to hold up a lease when a solicited release is received.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sonet-sdh

sonet-sdh

Syntax

sonet-sdh

Context

[Tree] (config>port sonet-sdh)

Full Context

configure port sonet-sdh

Description

This command enables access to the context to configure SONET/SDH ports. This context can only be used when configuring an OC-3 and OC-12 SONET/SDH ports on an appropriate MDA.

This command also enables access to the context to configure SONET/SDH parameters for an Ethernet port in WAN PHY (xgig wan) mode.

The 10 Gigabit Ethernet LAN port also has SONET/SDH characteristics. However, these characteristics are predetermined and not configurable.

This command is supported by TDM satellite.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source

source

Syntax

[no] source ipv6-address

Context

[Tree] (config>subscr-mgmt>mld-policy>static>group source)

[Tree] (config>subscr-mgmt>igmp-policy source)

[Tree] (config>subscr-mgmt>igmp-policy>static>group source)

Full Context

configure subscriber-mgmt mld-policy static group source

configure subscriber-mgmt igmp-policy source

configure subscriber-mgmt igmp-policy static group source

Description

This command adds or removes a static multicast source.

The no form of this command reverts to the default.

Parameters

grp-ipv6-address

Specifies the IPv6 address.

Values

ipv6-address - x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

- multicast group IPv6 address

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source

Syntax

[no] source ip-address

[no] source src-ipv6-address

Context

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>static>group source)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>static>group source)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>static>group source)

[Tree] (config>service>vpls>sap>igmp-snooping>static>group source)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>static>group source)

[Tree] (config>service>vpls>sap>mld-snooping>static>group source)

Full Context

configure service vpls spoke-sdp mld-snooping static group source

configure service vpls spoke-sdp igmp-snooping static group source

configure service vpls mesh-sdp mld-snooping static group source

configure service vpls sap igmp-snooping static group source

configure service vpls mesh-sdp igmp-snooping static group source

configure service vpls sap mld-snooping static group source

Description

This command specifies a IPv4 or IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

Static (s,g) entries cannot be entered when a starg is already created.

Use the no form of this command to remove the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address

src-ipv6-address

Specifies the IPv6 unicast address.

Platforms

All

source

Syntax

source ip-address

no source

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel source)

[Tree] (config>service>ies>if>sap>ip-tunnel source)

Full Context

configure service vprn interface sap ip-tunnel source

configure service ies interface sap ip-tunnel source

Description

This command configures the source IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The IPv4 or IPv6 address must belong to the one of the IP subnets associated with the public SAP interface of the tunnel-group. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the source address contains an IPv6 address it must be a global unicast address.

The no form of this command deletes the source address from the tunnel configuration. The tunnel must be administratively shutdown before issuing the no source command.

Default

no source

Parameters

Ip-address

Specifies an IPv4 address or an IPv6 address.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

Platforms

All

source

Syntax

[no] source ip-address

Context

[Tree] (config>service>vprn>igmp>ssm-translate>grp-range source)

Full Context

configure service vprn igmp ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters

ip-address

Specifies the IP address that will be sending data.

Platforms

All

source

Syntax

source ip-address

Context

[Tree] (config>service>vprn>igmp>if>static>group source)

Full Context

configure service vprn igmp interface static group source

Description

This command specifies an IPv4 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group is to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

Use the no form of this command to remove the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address.

Platforms

All

source

Syntax

[no] source src-ipv6-address

Context

[Tree] (config>service>vprn>mld>if>static>group source)

Full Context

configure service vprn mld interface static group source

Description

This command specifies an IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command, in combination with the group, is used to create a specific (S,G) static group entry.

The no form of this command removes the source from the configuration.

Parameters

src-ipv6-address

Specifies the IPv6 unicast address.

Platforms

All

source

Syntax

[no] source ip-address

Context

[Tree] (config>service>vprn>mld>ssm-translate>grp-range source)

Full Context

configure service vprn mld ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters

ip-address

Specifies the IP address that will be sending data.

Platforms

All

source

Syntax

[no] source unicast-ip-prefix/mask

Context

[Tree] (config>service>vprn>msdp source)

Full Context

configure service vprn msdp source

Description

This command limits the number of active source messages the router accepts from sources in the specified address range.

If the prefix and mask provided is already a configured then this command only provides the context to configure the parameters pertaining to this active source-message filter.

If the prefix and mask provided is not already a configured, then the source node instance must be created and the context to configure the parameters pertaining to this node should be provided. In this case, the $ prompt to indicate that a new entity (source) is being created should be used.

The source active msdp messages are not rate limited based on the source address range.

The no form of this message removes the source active rate limiter for this source address range.

Parameters

unicast-ip-prefix

Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.

Values

ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0)

mask

Specifies the subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation.

Values

0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

Platforms

All

source

Syntax

[no] source ip-address [/mask]

[no] source any

Context

[Tree] (config>service>vprn>mvpn>pt>selective>umh-rm>group source)

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi>group source)

Full Context

configure service vprn mvpn provider-tunnel selective umh-rate-monitoring group source

configure service vprn mvpn provider-tunnel selective multistream-spmsi group source

Description

This command creates source prefixes for specific groups that map to the multicast stream.

The no form removes the source prefix.

Parameters

ip-address/mask

Specifies the IP address of the group.

Values

ipv4-prefix

a.b.c.d

ipv4-prefix-length

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-length

[0..128]

Platforms

All

source

Syntax

source source-type

source source-type level level

no source source-type

Context

[Tree] (config>app-assure>group>anl source)

Full Context

configure application-assurance group access-network-location source

Description

This command configures location sources for the dynamic experience management. The location source types are, for example, 3G and congestion point.

Default

source mobile-3g

Parameters

source-type

Specifies the location or access technology.

Values

access-point — Provides Dynamic Experience Management (DEM) for the WLGW access point.

Note:

The access points do not need to support the Nokia CEA function.

level

Specifies which congestion point within the specified source-type to monitor for congestion.

Values

MAC+VLAN — WLGW access point (MAC) and radio (VLAN).

Note:

The access points do not need to support the Nokia CEA function.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source

Syntax

[no] source ip-address

Context

[Tree] (config>router>igmp>if>ssm-translate>grp-range source)

[Tree] (config>router>igmp>ssm-translate>grp-range source)

Full Context

configure router igmp interface ssm-translate grp-range source

configure router igmp ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters

ip-address

Specifies the IP address that will be sending data.

Platforms

All

source

Syntax

[no] source ip-address

Context

[Tree] (config>router>igmp>if>static>group source)

Full Context

configure router igmp interface static group source

Description

This command specifies a IPv4 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the source(s) that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

The no form of the command removes the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address.

Platforms

All

source

Syntax

[no] source ip-address

Context

[Tree] (config>router>igmp>tunnel-interface>static>group source)

Full Context

configure router igmp tunnel-interface static group source

Description

This command specifies a IPv4 unicast address of a multicast source. The source command is mutually exclusive with the specification of individual sources for the same group. The source command in combination with the group is used to create a specific (S,G) group entry in a static group join on a tunnel interface associated with a P2MP RSVP LSP.

The no form of the command removes the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address.

Platforms

All

source

Syntax

[no] source src-ipv6-address

Context

[Tree] (config>router>mld>if>static>group source)

Full Context

configure router mld interface static group source

Description

This command specifies an IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the source(s) that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command, in combination with the group, is used to create a specific (S,G) static group entry.

The no form of this command removes the source from the configuration.

Parameters

src-ipv6-address

Specifies the IPv6 unicast address.

Platforms

All

source

Syntax

[no] source ipv6-address

Context

[Tree] (config>router>mld>if>ssm-translate>grp-range source)

[Tree] (config>router>mld>ssm-translate>grp-range source)

Full Context

configure router mld interface ssm-translate grp-range source

configure router mld ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

The no form of this command removes the IPv6 address form the group range configuration.

Parameters

ipv6-address

Specifies the IPv6 address that will be sending data.

Platforms

All

source

Syntax

[no] source ip-prefix/mask

Context

[Tree] (config>router>msdp source)

Full Context

configure router msdp source

Description

This command limits the number of active source messages the router accepts from sources in the specified address range.

If the prefix and mask provided is already a configured then this command only provides the context to configure the parameters pertaining to this active source-message filter.

If the prefix and mask provided is not already a configured, then the source node instance must be created and the context to configure the parameters pertaining to this node should be provided. In this case, the $ prompt to indicate that a new entity (source) is being created should be used.

The source active config>router msdp messages are not rate limited based on the source address range.

The no form of this message removes the source active rate limiter for this source address range.

Parameters

ip-prefix

Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.

Values

ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0)

mask

Specifies the subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation.

Values

0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

Platforms

All

source

Syntax

source mep mep-id domain md-index association ma-index

source mep mep-id domain-name admin-name association-name admin-name

no source

Context

[Tree] (config>oam-pm>session>ethernet source)

Full Context

configure oam-pm session ethernet source

Description

This command defines the source launch point identification Y.1731 parameters that are used by the individual tests within the session. If an MEP matching the configuration does not exist, the session is allowed to become active, however the frames sent frames and received as seen under the show >oam-pm>statistics>session session-name command is zero. The preferred reference to the MEP launch point is by admin-name. Therefore, the syntax source mep mep-id domain-name admin-name association-name admin-name should be used.

The no form of this command removes this session parameter.

Parameters

mep-id

Specifies the maintenance association end point identifier of the launch point.

Values

1 to 8191

md-index

Specifies the maintenance domain (MD) index value of the launch point. The domain-name admin-name parameter is preferred for specifying the domain information.

Values

1 to 4294967295

ma-index

Specifies the maintenance association (MA) index value of the launch point. The association-name ma-name parameter is preferred for specifying the association information.

Values

1 to 4294967295

admin-name

Specifies the name reference for the maintenance domain (MD), or the association (MA) admin-name value of the launch point, up to 64 characters.

Platforms

All

source

Syntax

source ip-address

no source

Context

[Tree] (config>oam-pm>session>ip source)

Full Context

configure oam-pm session ip source

Description

This command defines the source IP address that the session controller (launch point) uses for the test. The source address must be a local resident IP address in the context; otherwise, the response packets are processed by the TWAMP Light application. Only source addresses configured as part of TWAMP tests can process the reflected TWAMP packets from the session reflector.

The no form of this command removes the source address parameters.

Parameters

source

Indicates the launch point.

ip-address

Specifies the source IP address that the session controller (launch point) uses for the test.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source

Syntax

source {line-ref | internal-clock}

Context

[Tree] (config>system>sync-if-timing>bits>output source)

Full Context

configure system sync-if-timing bits output source

Description

This command configures the values used to identify the source of the BITS (Building Integrated Timing Supply) output. This is either the signal recovered directly from ref1, ref2 or ptp, or it is the output of the node’s central clock. The directly recovered signal would be used when the BITS output signal is feeding into an external standalone timing distribution device (BITS/SASE). The specific directly recovered signal used is the best of the available signals based of the QL and/or the ref-order. The central clock output would be used when no BITS/SASE device is present and the BITS output signal is used to monitor the quality of the recovered clock within the system.

Default

source line-ref

Parameters

line-ref

Specifies that the BITS output timing is selected from one of the input references, without any filtering.

internal-clock

Specifies that the BITS output timing is driven from the system timing.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source

Syntax

source ip-address

no source

Context

[Tree] (config>router>if>if-attr>delay>dyn>twamp>ipv4 source)

Full Context

configure router interface if-attribute delay dynamic twamp-light ipv4 source

Description

This command configures the unicast IPv4 address used as the source of the TWAMP Light test packet. When this command is not configured, the primary IPv4 address, or the reference IPv4 address in the case of unnumbered interfaces, is used as the source. This command can be used when the IPv4 primary address or reference interface is not the desired source address for the packet.

Changes are allowed without administratively disabling the IPv4 protocol.

The no form of this command removes the specified address, which causes the source address to be auto-learned.

Default

no source

Parameters

ip-address

Specifies TWAMP Light IPv4 source address.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source

Syntax

source ipv6-address

no source

Context

[Tree] (config>router>if>if-attr>delay>dyn>twamp>ipv6 source)

Full Context

configure router interface if-attribute delay dynamic twamp-light ipv6 source

Description

This command configures the IPv6 address used as the source of the TWAMP Light test packet. When this command is not configured, no source address is present and an error is raised to prevent the transmission of the test packet.

The IPv6 protocol can be enabled even without addressing. However, the test will not transmit packets. The link local address must be in the form fe80::/64 in accordance with RFC 4291, IP Version 6 Addressing Architecture.

The no form of this command removes the specified address.

Default

no source

Parameters

ipv6-address

Specifies the TWAMP Light IPv6 source address.

Values

ipv6-address:

x:x:x:x:x:x:x:x

x - [0 to FFFF]H

unicast and link local IPv6 address only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source-address

source-address

Syntax

source-address ipv6-address

no source-address

Context

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay source-address)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay source-address)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay source-address)

[Tree] (config>service>ies>if>ipv6>dhcp6-relay source-address)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay source-address)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay source-address)

Full Context

configure service vprn interface ipv6 dhcp6-relay source-address

configure service vprn subscriber-interface ipv6 dhcp6 relay source-address

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay source-address

configure service ies interface ipv6 dhcp6-relay source-address

configure service ies subscriber-interface ipv6 dhcp6 relay source-address

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay source-address

Description

This command configures the source IPv6 address of the DHCPv6 relay messages.

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the source IPv6 address of the DHCPv6 relay messages.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

All

  • configure service ies interface ipv6 dhcp6-relay source-address
  • configure service vprn interface ipv6 dhcp6-relay source-address

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface ipv6 dhcp6 relay source-address
  • configure service ies subscriber-interface ipv6 dhcp6 relay source-address
  • configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay source-address
  • configure service ies subscriber-interface group-interface ipv6 dhcp6 relay source-address

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>aaa>l2tp-acct-plcy>radius-acct-server source-address)

Full Context

configure aaa l2tp-accounting-policy radius-accounting-server source-address

Description

This command configures the source address of the RADIUS messages.

The no form of this command reverts to the default value.

Parameters

ip-address

Specifies the source address to be used for NAT RADIUS accounting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>system>management-interface>remote-management source-address)

Full Context

configure system management-interface remote-management source-address

Description

This command configures the address local to this device that NISH uses to connect to this node.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command causes the system to select the source address based on the selected routing instance of the manager.

Parameters

ip-address

Specifies the IP address that NISH managers use to connect to the node.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>system>management-interface>remote-management>manager source-address)

Full Context

configure system management-interface remote-management manager source-address

Description

This command configures the address local to this device that this NISH manager uses to connect to this node.

This command takes precedence over the command configured in the global context (config>system>management-interface>remote-management).

The no form of this command causes the source address to be inherited from the global context (config>system>management-interface>remote-management).

Parameters

ip-address

Specifies the IP address that NISH managers use to connect to the node.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>subscr-mgmt>acct-plcy>server source-address)

[Tree] (config>subscr-mgmt>auth-plcy>radius-auth-server source-address)

Full Context

configure subscriber-mgmt radius-accounting-policy radius-accounting-server source-address

configure subscriber-mgmt authentication-policy radius-authentication-server source-address

Description

This command configures the source address of the RADIUS packet.

The system IP address must be configured in order for the RADIUS client to work. See Configuring a System Interface in the Router Configuration Guide.

Note:

The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the nas-ip-address attribute: over there it is set to the system IP address if no source-address was given.

The no form of this command reverts to the default value.

Default

System IP address

Parameters

ip-address

Specifies the IP prefix for the IP match criterion in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-address

Syntax

source-address ip-address [allow-connections]

no source-address

Context

[Tree] (config>aaa>diam>node source-address)

Full Context

configure aaa diameter node source-address

Description

This command configures IPv4 source address that the SR OS node will use for its peering connection.

The no form of this command removes the IP address from the configuration.

Parameters

ip-address

Specifies IP prefix for the IP match criterion in dotted decimal notation

Values

0.0.0.0 to 255.255.255.255

allow-connections

Specifies to accept peering connections on the configured source IPv4 address. The peer initiating the connection can only be an inter-chassis peer.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>redundancy>multi-chassis>peer source-address)

Full Context

configure redundancy multi-chassis peer source-address

Description

This command specifies the source address used to communicate with the multi-chassis peer.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the source address used to communicate with the multi-chassis peer.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>aaa>radius-srv-plcy>servers source-address)

Full Context

configure aaa radius-server-policy servers source-address

Description

This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. See "Configuring a System Interface” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

Note:

The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the nas-ip-address attribute: over there it is set to the system IP address if no source-address was given.

The no form of this command reverts to the default value.

Parameters

ip-address

Specifies the source address of RADIUS packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-address

Syntax

source-address

Context

[Tree] (config>service>vprn source-address)

Full Context

configure service vprn source-address

Description

Commands in this context specify the source address and application that should be used in all unsolicited packets.

Platforms

All

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>router>ldp>lsp-bfd source-address)

Full Context

configure router ldp lsp-bfd source-address

Description

This command configures the source address of periodic LSP ping packets and BFD control packets for LSP BFD sessions that are associated with LDP prefixes in the prefix list. The system IP address is used by default. If the system IP address is not routable from the far-end node of the BFD session, then an alternate routable IP address that is local to the source node should be used.

Default

no source-address

Parameters

ip-address

Specifies a routable IPv4 or IPv6 address that is local to the node.

Values

ipv4-address — a.b.c.d

ipv6-address — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — 0 to FFFF in hexadecimal

d — 0 to 255 in decimal

Default

system IP address

Platforms

All

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>app-assure>rad-acct-plcy>server source-address)

Full Context

configure application-assurance radius-accounting-policy radius-accounting-server source-address

Description

This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. See "Configuring a System Interface” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide. The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the nas-ip-address attribute: over there it is set to the system IP address if no source address was given.

The no form of this command reverts to the default value, where the source address is the system IP address.

Default

no source-address

Parameters

ip-address

The IP prefix for the IP match criterion in dotted decimal notation.

Values

0.0.0.0 - 255.255.255.255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>service>ipfix>export-policy>collector source-address)

Full Context

configure service ipfix ipfix-export-policy collector source-address

Description

This command configures the source address from which UDP streams containing IPFIX flow records will be sourced.

Default

no source-address

Parameters

ip-address

Source IPv4 address from which UDP streams are sent.

Platforms

All

source-address

Syntax

source-address ip-address

no source-address

Context

[Tree] (config>filter>gre-tun-tmp>ipv4 source-address)

Full Context

configure filter gre-tunnel-template ipv4 source-address

Description

This command defines the source IPv4 address to be used in the GRE IP header used to encapsulate the matching IPv4/IPv6 packet. This IP address can be configured as any value and is not validated against a local IP address. The source-address command must be configured for the template to be valid.

The no form of this command removes the source IP address configuration from the associated GRE tunnel template.

Parameters

ip-address

Specifies the IPv4 address (in dotted decimal notation) to be used as the source address.

Platforms

All

source-address

Syntax

source-address [ip-address]

no source-address

Context

[Tree] (config>filter>redirect-policy>dest>ping-test source-address)

Full Context

configure filter redirect-policy destination ping-test source-address

Description

This command configures the source address to use in the IP packet of the ping test for this destination.

Default

no source-address

Parameters

ip-address

The source address of the IP packet. This can be IPv4 only for an IPv4 destination and IPv6 only for an IPv6 destination.

Values

ipv4-address:

a.b.c.d.

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

All

source-address

Syntax

source-address

Context

[Tree] (config>system>security source-address)

Full Context

configure system security source-address

Description

This command configures the IP source address that is used in all unsolicited packets sent by the application.

The configured source address applies only to packets transmitted in-band (for example, a network port on an IOM). Packets transmitted out-of-band on the management interface on the CPM Ethernet port use the address of the CPM Ethernet port as the IP source address in the packet.

When a source address is specified for the ptp application, the port-based 1588 hardware timestamping assist function will be applied to PTP packets matching the IPv4 address of the router interface used to ingress the SR/ESS or IP address specified in this command. If the IP address is removed, then the port-based 1588 hardware timestamping assist function will only be applied to PTP packets matching the IPv4 address of the router interface.

Platforms

All

source-address

Syntax

source-address ip-address

Context

[Tree] (config>system>security>dot1x>radius-plcy source-address)

Full Context

configure system security dot1x radius-plcy source-address

Description

This command configures the NAS IP address to be sent in the RADIUS packet.

The no form of this command reverts to the default value.

Parameters

ip-address

Specifies the IP prefix for the IP match criterion in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255

Platforms

All

source-address

Syntax

source-address ip-address

source-address prefix-list prefix-list-name

no source-address

Context

[Tree] (config>router>policy-options>policy-statement>entry>from source-address)

Full Context

configure router policy-options policy-statement entry from source-address

Description

This command specifies the source address that is embedded in the join or prune packet as a filter criterion.

The no form of this command removes the criterion from the configuration.

This command specifies a multicast data source address as a match criterion for this entry.

Default

no source-address

Parameters

ip-address

Specifies the IP prefix for the IP match criterion in dotted decimal notation.

Values

ipv4-address:

  • a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

prefix-list-name

The prefix list name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

source-address

Syntax

source-address ipv6-address

no source-address

Context

[Tree] (config>router>segment-routing>srv6 source-address)

Full Context

configure router segment-routing segment-routing-v6 source-address

Description

This command configures the global default source IPv6 address used in the SA field of the outer IPv6 header of the SRv6 encapsulated packet. This value is inherited in the BGP and service contexts by default, but can be overwritten in each context. A maximum of 16 address values can be configured in all contexts in the system.

There is no default value for this command. A default source IPv6 address must be configured in this context or in the BGP or service context. The system does not check if the entered address is a valid local address.

The no form of this command removes the source IPv6 address from the configuration.

Parameters

ipv6-address

Specifies the source IPv6 address of the SRv6.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

source-address

Syntax

source-address ipv6-address

no source-address

Context

[Tree] (config>router>bgp>srv6 source-address)

Full Context

configure router bgp segment-routing-v6 source-address

Description

This command configures the source IPv6 address for SRv6.

This command overrides the source IPv6 address for all address families in the base router instance. By default, BGP uses the value from the top level configuration under config>router>segment-routing>segment-routing-v6.

The no form of this command removes the source IPv6 address from the configuration.

Default

no source-address

Parameters

ipv6-address

Specifies the source IPv6 address of the SRv6.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

source-address

Syntax

source-address ipv6-address

no source-address

Context

[Tree] (config>service>epipe>bgp-evpn>srv6 source-address)

[Tree] (config>service>vpls>bgp-evpn>srv6 source-address)

[Tree] (config>service>vprn>bgp-ipvpn>srv6 source-address)

Full Context

configure service epipe bgp-evpn segment-routing-v6 source-address

configure service vpls bgp-evpn segment-routing-v6 source-address

configure service vprn bgp-ipvpn segment-routing-v6 source-address

Description

This command configures the source IPv6 address used in the instance for SRv6 packets.

The no form of this command removes the source IPv6 address from the configuration.

Default

no source-address

Parameters

ipv6-address

Specifies the source IPv6 address of the SRv6.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

source-address

Syntax

source-address

Context

[Tree] (config>service>vprn>pim source-address)

[Tree] (config>router>pim source-address)

Full Context

configure service vprn pim source-address

configure router pim source-address

Description

Commands in this context configure the source IP address for PIM messages.

Platforms

All

source-address-range

source-address-range

Syntax

source-address-range start-ip-address

no source-address-range

Context

[Tree] (config>aaa>isa-radius-plcy>servers source-address-range)

Full Context

configure aaa isa-radius-policy servers source-address-range

Description

This command specifies the first IP address in the range of IPv4 addresses that are assigned to a BB-ISA in a given NAT group for NAT RADIUS accounting. The IP addresses are unique within the NAT group and are used to bind the RADIUS client instantiated on each BB-ISA card. The number of IPv4 addresses allocated is equal to the number of BB-ISAs in a NAT group that are enabled for NAT RADIUS accounting. Although only the first IPv4 address is explicitly configured with this command, each internally allocated IPv4 address associated with the BB-ISA card can be seen in the routing table (via show commands) as /32 with protocol designation 'NAT’.

Default

no source-address-range

Parameters

start-ip-address

The starting IP address of the IP address range.

Values

0.0.0.0 - 255.255.255.255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-address-range

Syntax

[no] source-address-range start ip-address end ip-address

Context

[Tree] (config>service>vprn>wlan-gw>gtp>source-ranges source-address-range)

Full Context

configure service vprn wlan-gw gtp source-ranges source-address-range

Description

This command configures a range of IP addresses used by ISA MDA's as source address in GTP messages.

The no form of this command removes the IP address ranges.

Parameters

start ip-address

Specifies the start of the source IP address range.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0..FFFF]H

d [0..255]D

end ip-address

Specifies the end of the source IP address range.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0..FFFF]H

d [0..255]D

source-bmac

source-bmac

Syntax

source-bmac ieee-address

no source-bmac

Context

[Tree] (config>service>pbb source-bmac)

Full Context

configure service pbb source-bmac

Description

This command configures the source B-VPLS MAC address to use with PBB and provisions a chassis level source B-MAC.

Parameters

ieee-address

The MAC address assigned to the B-MAC. The value should be input in either a xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx format.

Platforms

All

source-bmac

Syntax

source-bmac ieee-address

Context

[Tree] (config>service>vpls>pbb source-bmac)

Full Context

configure service vpls pbb source-bmac

Description

This command configures the base source B-MAC for the B-VPLS. The first 32 bits must be the same with what is configured in the MC-LAG peer. If not configured here, it will inherit the chassis level B-MAC configured under the new PBB object added in the previous section. If the use-sap-bmac command is on, the value of the last 16 bits (lsb) of the source B-MAC must be part of the reserved-source-bmac-lsb configured at chassis level, under service PBB component. If that is not the case, the command will fail.

Platforms

All

source-bmac-lsb

source-bmac-lsb

Syntax

source-bmac-lsb MAC-Lsb [es-bmac-table-size size]

no source-bmac-lsb

Context

[Tree] (config>service>system>bgp-evpn>eth-seg source-bmac-lsb)

Full Context

configure service system bgp-evpn ethernet-segment source-bmac-lsb

Description

This command configures the least significant two bytes of the B-MAC used as the source B-MAC for packets generated from the Ethernet-Segment in PBB-EVPN.

When the multi-homing mode is all-active, this value and the first high order four bytes must match on all the PEs that are part of the same Ethernet-Segment.

The es-bmac-table-size parameter modifies the default value (8) for the maximum number of virtual bmacs that can be associated to the Ethernet-Segment, that is, the es-bmacs. When the source-bmac-lsb is configured, the associated es-bmac-table-size is reserved out of the total FDB. The es-bmac will consume a separate B-MAC per B-VPLS that is linked to an Ethernet-Segment.

Parameters

MAC-Lsb

Specifies the two least significant bytes of the es-bmac.

Values

1 to 65535, or xx-xx or xx:xx

size

Specifies the reserved space in the FDB for a specified es-bmac. By default the system reserves 8 entries for a specified Ethernet-Segment B-MAC.

Values

1 to 511999

Default

8

Platforms

All

source-bmac-lsb

Syntax

source-bmac-lsb mac-lsb control-pw-vc-id vc-id

no source-bmac-lsb

Context

[Tree] (config>service>sdp source-bmac-lsb)

Full Context

configure service sdp source-bmac-lsb

Description

This command defines the 16 least significant bits (lsb) which, when combined with the 32 most significant bits of the PBB source-bmac, are used as the virtual backbone MAC associated with this SDP. The virtual backbone MAC is used as the source backbone MAC for traffic received on a PBB EPIPE spoke-SDP with use-sdp-bmac configured (that is, a redundant pseudowire) and forwarded into the B-VPLS domain.

The control-pw-vc-id defines VC identifier of the spoke-SDP relating to the control pseudowire whose status is to be used to determine whether SPBM advertises this virtual backbone MAC. This is a mandatory parameter when the source-bmac-lsb is added or changed. The spoke SDP must have the parameter use-sdp-bmac for the control pseudowire to be active.

Default

no source-bmac-lsb

Parameters

mac-lsb

Specifies the 16 least significant bits of the virtual backbone MAC associated with this SDP.

Values

1 to 65535 or xx-xx or xx:xx

control-pw-vc-id vc-id

Specifies the VC identifier of the control pseudowire.

Values

1 to 4294967295

Platforms

All

source-class

source-class

Syntax

source-class source-index

no source-class [source-index]

Context

[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel source-class)

[Tree] (config>service>vprn>static-route-entry>indirect source-class)

[Tree] (config>service>vprn>static-route-entry>next-hop source-class)

Full Context

configure service vprn static-route-entry ipsec-tunnel source-class

configure service vprn static-route-entry indirect source-class

configure service vprn static-route-entry next-hop source-class

Description

This command configures the policy accounting source-class index to be used when incrementing accounting statistic for traffic matching the associated static route.

If source route policy accounting is enabled and a source-class index is configured, traffic with a source IP address matches the associated static route, the source accounting statistics for the specified class will be incremented.

The no form of this command removes the associated destination-class from the associated static route nexthop.

Default

no source-class

Parameters

source-index

Specifies an integer value for the accounting source class index.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

source-class

Syntax

source-class source-index

no source-class [source-index]

Context

[Tree] (config>router>static-route-entry>next-hop source-class)

[Tree] (config>router>static-route-entry>indirect source-class)

Full Context

configure router static-route-entry next-hop source-class

configure router static-route-entry indirect source-class

Description

This command configures the policy accounting source-class index to be used when incrementing accounting statistic for traffic matching the associated static route.

If source route policy accounting is enabled and a source-class index is configured, traffic with a source IP address matches the associated static route, the source accounting statistics for the specified class will be incremented.

The no form of this command removes the associated destination-class from the associated static route nexthop.

Default

no source-class

Parameters

source-index

Specifies an integer value for the accounting source class index.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

source-class

Syntax

source-class index [ index]

source-class {index | all}

Context

[Tree] (config>router>policy-acct-template source-class)

Full Context

configure router policy-acct-template source-class

Description

This command configures a source class index.

The no form of this command deletes the specified source class index.

Parameters

index

Specifies the index value.

Values

1 to 255

all

Deletes all the source class indices.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

source-class

Syntax

source-class [value]

no source-class

Context

[Tree] (config>router>policy-options>policy-statement>entry>action source-class)

[Tree] (config>router>policy-options>policy-statement>default-action source-class)

Full Context

configure router policy-options policy-statement entry action source-class

configure router policy-options policy-statement default-action source-class

Description

This command specifies the policy accounting source class index to associate with matched routes.

Parameters

value

Specifies the default operational source-class for this policy statement.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

source-destination-prefix

source-destination-prefix

Syntax

[no] source-destination-prefix

Context

[Tree] (config>cflowd>collector>aggregation source-destination-prefix)

Full Context

configure cflowd collector aggregation source-destination-prefix

Description

This command configures cflowd aggregation based on source and destination prefixes.

The no form of this command removes this type of aggregation from the collector configuration.

Platforms

All

source-ip

source-ip

Syntax

source-ip ip-address

no source-ip

Context

[Tree] (config>subscr-mgmt>shcv-policy>vpls source-ip)

Full Context

configure subscriber-mgmt shcv-policy vpls source-ip

Description

This command configures the IPv4 address to be used as source address for connectivity verification in a VPLS service.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IPv4 address to be used as source address for connectivity verification in a VPLS service.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-ip

Syntax

source-ip ipv6-address

no source-ip

Context

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client source-ip)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client source-ip)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client source-ip

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client source-ip

Description

This command specifies the source-ip to be used by the DHCPv6 client.

The no form of this command removes the specific source-ip. In this case the DHCPv6 client will fall back to the IP address configured on the outgoing interface.

Parameters

ipv6-address

Specifies the IPv6 address, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-ip-address

source-ip-address

Syntax

source-ip-address ip-address

no source-ip-address

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check source-ip-address)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check source-ip-address)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check source-ip-address

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check source-ip-address

Description

This command configures the source IP address used in ICMP messages. When not specified, the system uses the address of the appropriate address family.

The no form of this command removes the IP address.

Parameters

ip-address

Specifies the source IP address.

Values

ipv4-prefix: a.b.c.d

ipv6-prefix:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-ip-address-ranges

source-ip-address-ranges

Syntax

source-ip-address-ranges

Context

[Tree] (config>service>vprn>wlan-gw>gtp source-ip-address-ranges)

Full Context

configure service vprn wlan-gw gtp source-ip-address-ranges

Description

Commands in this context configure IP addresses used by the ISA MDA's as source address in GTP messages

source-ip-origin

source-ip-origin

Syntax

source-ip-origin {interface | vrrp}

no source-ip-origin

Context

[Tree] (config>subscr-mgmt>shcv-policy>layer-3 source-ip-origin)

Full Context

configure subscriber-mgmt shcv-policy layer-3 source-ip-origin

Description

This command selects the source IP address to be used for SHCV messages.

The no form of this command reverts to the default.

Parameters

interface

Specifies to use the interface IP as the source address of SHCV.

vrrp

Specifies to use the VRRP configured IP as the source address of SHCV.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-mac

source-mac

Syntax

source-mac ieee-address

no source-mac

Context

[Tree] (config>subscr-mgmt>shcv-policy>vpls source-mac)

Full Context

configure subscriber-mgmt shcv-policy vpls source-mac

Description

Specifies the MAC address to be used as source address for connectivity verification in a VPLS service.

The no form of this command reverts to the default.

Parameters

ieee-address

Specifies the 48-bit MAC address in the xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx format.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

source-override

source-override

Syntax

source-override ip-address [create]

no source-override ip-address

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel source-override)

Full Context

configure mcast-management multicast-info-policy bundle channel source-override

Description

This command defines a multicast channel parameter override context for a specific multicast sender within the channel range. The specified sender’s IP address must be the same IP type, IPv4 or IPv6, as defined in the channel command.

The no form of this command removes the specified sender override context from the channel range.

Parameters

ip-address

Specifies either an IPv4 or IPv6 address and must be the same IP type as the containing channel command range.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

create

The create keyword is required if creating a new source override when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the specified source override IP address already exists.

Platforms

All

source-port

source-port

Syntax

source-port port-num

no source-port

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video source-port)

Full Context

configure mcast-management multicast-info-policy bundle video source-port

Description

This command configures the source port for upstream RET requests. The source-port port-num value is the only configuration parameter in the bundle "default” context.

The no form of the command removes the value from the configuration.

Parameters

port-num

Specifies the source port in the received RTP multicast stream.

Values

1024 to 65535

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

source-port

Syntax

source-port port-id

no source-port

Context

[Tree] (config>system>sync-if-timing>ref2 source-port)

[Tree] (config>system>sync-if-timing>ref1 source-port)

Full Context

configure system sync-if-timing ref2 source-port

configure system sync-if-timing ref1 source-port

Description

This command configures the source port for timing reference ref1 or ref2. If the port is unavailable or the link is down, then the reference sources are re-evaluated according to the reference order configured in the ref-order command.

In addition to physical port on the 7750 SR, T1 or E1 channels on a channelized OC3/OC12/STM1/STM4 Circuit Emulation Service port can be specified if they are using adaptive timing.

There are restrictions on the source-port location for ref1 and ref2 based on platform. Refer to the description of the ref1 command for details.

Default

no source-port

Parameters

port-id

Identifies the physical port in the slot/mda/port, esat-id/slot/port, or pxc-id.sub-port format.

Values

slot/mda/port [.channel]

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source-port

Syntax

source-port port

source-port grpc

no source-port

Context

[Tree] (config>system>management-interface>remote-management source-port)

Full Context

configure system management-interface remote-management source-port

Description

This command configures the TCP port local to this device that NISH uses to send packets to this node.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command causes the system to select the default gRPC port, 57400.

Default

source-port grpc

Parameters

port

Specifies the TCP source port.

Values

1 to 65535

grpc

Keyword that specifies the default gRPC protocol port as the source port.

Platforms

All

source-port

Syntax

source-port port

source-port grpc

no source-port

Context

[Tree] (config>system>management-interface>remote-management>manager source-port)

Full Context

configure system management-interface remote-management manager source-port

Description

This command configures the TCP port local to this device that this NISH manager uses to send packets to this node.

This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).

The no form of this command causes the source port to be inherited from the global context (config>system>management-interface>remote-management).

Parameters

port

Specifies the TCP source port.

Values

1 to 65535

Default

57400

grpc

Keyword that specifies the default gRPC protocol port as the source port.

Platforms

All

source-prefix

source-prefix

Syntax

[no] source-prefix

Context

[Tree] (config>cflowd>collector>aggregation source-prefix)

Full Context

configure cflowd collector aggregation source-prefix

Description

This command configures cflowd aggregation based on source prefix information.

The no form of this command removes this type of aggregation from the collector configuration.

Platforms

All

source-prefix

Syntax

no source-prefix

source-prefix ipv6-address/prefix-length

Context

[Tree] (config>aaa>isa-radius-plcy>servers>ipv6 source-prefix)

Full Context

configure aaa isa-radius-policy servers ipv6 source-prefix

Description

This command configures an IPv6 prefix containing individual /128 addresses. These addresses are used as the source address for connections to IPv6 RADIUS servers.

The prefix must be large enough to accommodate all BB-ISAs or ESA VMs in the system.

The no form of this command removes the IPv6 prefix.

Default

no source-prefix

Parameters

ipv6-address/prefix-length
Specifies an IPv6 address and prefix length for the address.
Values

ipv6-prefix:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length:

0 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-prefix

Syntax

source-prefix ip-prefix/length nat-policy nat-policy-name

no source-prefix ip-prefix/length

Context

[Tree] (config>router>nat>inside source-prefix)

[Tree] (config>service>vprn>nat>inside source-prefix)

Full Context

configure router nat inside source-prefix

configure service vprn nat inside source-prefix

Description

This command configures the source prefix used to identify traffic for NAT processing. After the traffic is diverted to the ESA-VM or vISA, its source IP address is checked to determine if it belongs to the configured prefix. If it does, the traffic is processed by NAT, otherwise, it is dropped.

The no form of this command removes the source prefix used to identify traffic for NAT processing.

Parameters

nat-policy-name

Specifies the NAT policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-prefix-list

source-prefix-list

Syntax

source-prefix-list prefix-list-name

no source-prefix-list

Context

[Tree] (config>router>nat>inside source-prefix-list)

[Tree] (config>service>vprn>nat>inside source-prefix-list)

Full Context

configure router nat inside source-prefix-list

configure service vprn nat inside source-prefix-list

Description

This command references the nat-prefix-list that contains source IP addresses on the inside (private side).

The source IP addresses on the inside must be known in advance in a dnat-only instance. This is required so the corresponding routes can be installed in the routing table and thus the downstream traffic is properly routed towards the MS-ISAs where the original translation was performed (and state is kept).

In the dnat-only case, it is mandatory that the inside (private side) and the outside (public side) are in separated VPRNs.

Parameters

prefix-list-name

Specifies the name, up to 32 characters in length, of the NAT prefix list that contains the source IP addresses (original IP addresses).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-prefix-only

source-prefix-only

Syntax

[no] source-prefix-only

Context

[Tree] (config>router>nat>inside>traffic-identification source-prefix-only)

[Tree] (config>service>vprn>nat>inside>traffic-identification source-prefix-only)

Full Context

configure router nat inside traffic-identification source-prefix-only

configure service vprn nat inside traffic-identification source-prefix-only

Description

This command enables the identification of traffic that is subject to NAT processing based on the source IP address in the packet.

Traffic is diverted to the ESA-VM or vISA for NAT processing using a configured destination prefix or a IPv4 filter. When this command is configured, after traffic arrives on the ESA-VM or vISA, the source IP address in the packet determines whether the traffic is processed by NAT or dropped. If the source IP address belongs to the configured source-prefix, traffic is processed by NAT. Otherwise, it is discarded.

Use the following commands to configure the source prefix:

configure service vprn nat inside source-prefix

configure router nat inside source-prefix

If traffic identification based on the source IP address is disabled, all traffic arriving to the ESA-VM or vISA is subject to NAT processing.

The no form of this command disables the identification of traffic that is subject to NAT processing.

Default

no source-prefix-only

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

source-udp-port

source-udp-port

Syntax

source-udp-port udp-port-number

no source-udp-port

Context

[Tree] (config>oam-pm>session>ip source-udp-port)

Full Context

configure oam-pm session ip source-udp-port

Description

This command should only be used when the source UDP port for the session-sender twamp-test packet must be specified.

The no form of this command means the session-sender automatically assigns the source UDP port from the available dynamic (private) UDP range.

Parameters

udp-port-number

Specifies the UDP source port.

Values

64374 to 64383

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source-udp-port-pools

source-udp-port-pools

Syntax

source-udp-port-pools

Context

[Tree] (config>test-oam>twamp>twamp-light source-udp-port-pools)

Full Context

configure test-oam twamp twamp-light source-udp-port-pools

Description

Commands in this context configure the source UDP port pool allocation for TWAMP Light applications.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

source-vtep-security

source-vtep-security

Syntax

[no] source-vtep-security

Context

[Tree] (config>service>vpls>vxlan source-vtep-security)

Full Context

configure service vpls vxlan source-vtep-security

Description

This command enables the outer IP Source Address lookup of incoming VXLAN packets, and discards those coming from untrusted VTEPs. The list of trusted VTEPs is shown in the show service vxlan command. Specifically, it shows the existing learned EVPN VTEPs (always trusted), and the statically configured VTEPs in any service (Epipe and VPLS).

The command is supported in VXLAN instances with static egress VTEPs or VXLAN instances with EVPN created VTEPs.

The no version of this command disables the outer IP source address lookup.

Default

no source-vtep-security

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sp-reverse-route

sp-reverse-route

Syntax

sp-reverse-route [ignore-default-route]

no sp-reverse-route

Context

[Tree] (config>ipsec>tnl-temp sp-reverse-route)

Full Context

configure ipsec tunnel-template sp-reverse-route

Description

This command enables the system to automatically create a reverse route based on dynamic LAN-to-LAN tunnel’s TSi in private service.

If ignore-default-route is specified, the system ignores any full range traffic selector when creating a reverse route. Otherwise, the system refuses to create a CHILD_SA if any full range traffic selector is included in TSi.

The no form of this command disables sp-reverse-route.

Default

no sp-reverse-route

Parameters

ignore-default-route

Specifies to ignore any full range traffic selector in TSi.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

space

space

Syntax

[no] space

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>command-completion space)

Full Context

configure system management-interface cli md-cli environment command-completion space

Description

This command enables completion on the space character.

The no form of this command reverts to the default value.

Default

space

Platforms

All

spb

spb

Syntax

spb [isis-instance] [fid fid] [create]

no spb

Context

[Tree] (config>service>vpls>spoke-sdp spb)

[Tree] (config>service>vpls spb)

[Tree] (config>service>vpls>sap spb)

Full Context

configure service vpls spoke-sdp spb

configure service vpls spb

configure service vpls sap spb

Description

This command enables Shortest Path Bridging (SPB) on a B-VPLS instance. SPB uses IS-IS that supports multiple instances, therefore an instance must be specified. The declaration of SPB in this context is the control configuration for the SPB. This is an SPB management interface and it manages the configuration for IS-IS. Various parameters that define this SPB instance are configured under this SPB instance. Several of the parameters are shared with other B-VPLS service instances using SPB.

SPB enables an instance of IS-IS protocol with the no shutdown command. Alternatively, the IS-IS protocol instance under SPB is disabled with the shutdown command in the config>service>vpls b-vpls>spb context.

A Forwarding Identifier (FID) is optionally specified which is an abstraction of the BVID used for forwarding in SPB. When no FID is configured the control VPLS is advertised with FID value 1. When a FID value is specified, the control VPLS is advertised and associated with the FID value specified. The default algorithm for any FID declared or implicit is low-path-id. When a FID is specified, the ect-algorithm can be specified for the FID and changed only when there are no VPLS, SAPs or SDP bindings associated with the FID. The FID for a control instance cannot be changed after it is created. To change a FID the SPB component would have to be shutdown, deleted and re-created with a new FID.

Note:

SPB operates with disable-learning, disable aging and discard-unknown. The state of these commands is ignored when SPB is configured.

Default

no spb

Parameters

isis-instance

Specifies the instance ID for an SPB IS-IS instance.

Values

1024 to 2047 (4 available)

Default

1024

FID

Specifies the FID value.

Values

1 to 4095

Default

1

Platforms

All

spbm-control-vpls

spbm-control-vpls

Syntax

spbm-control-vpls service-id fid fid

no spbm-control-vpls

Context

[Tree] (config>service>vpls>b-vpls spbm-control-vpls)

Full Context

configure service vpls b-vpls spbm-control-vpls

Description

This command associates a user B-VPLS with a particular control B-VPLS and a FID. The ECT algorithm and the behavior of unicast and multicast come from the association to the FID.

A Forwarding Identifier (FID) is specified which is an abstraction of the BVID used for forwarding in SPB. The ect-algorithm is associated with the FID and can be changed only when there are no VPLS, SAPs or SDP bindings associated with the FID. The FID must be independent from the FID assigned to other services.

Parameters

service-id

The B-VPLS service identifier.

Values

1 to 2147483647 | svc-name: 64 characters max

fid

The forwarding identifier.

Values

1 to 4095

spe-address

spe-address

Syntax

spe-address global-id:prefix

no spe-address

Context

[Tree] (config>service>pw-routing spe-address)

Full Context

configure service pw-routing spe-address

Description

This command configures a single S-PE Address for the node to be used for dynamic MS-PWs. This value is used for the pseudowire switching point TLV used in LDP signaling, and is the value used by pseudowire status signaling to indicate the PE that originates a pseudowire status message. Configuration of this parameter is mandatory to enable dynamic MS-PW support on a node.

If the S-PE Address is not configured, spoke-sdps that use dynamic MS-PWs and pw-routing local-prefixes cannot be configured on a T-PE. Furthermore, the node will send a label release for any label mappings received for FEC129 AII type 2.

The S-PE Address cannot be changed unless the dynamic ms-pw configuration is removed. Furthermore, changing the S-PE Address will also result in all dynamic MS-PWs for which this node is an S-PE being released. It is recommended that the S-PE Address should be configured for the life of an MS-PW configuration after reboot of the router.

The no form of this command removes the configured S-PE Address.

Default

no spe-address

Parameters

global-id

Specifies a 4-octet value that is unique to the service provider. For example, the global ID can contain the 2-octet or 4-octet value of the provider's Autonomous System Number (ASN).

Values

<global-id:prefix>:

<global-id>:{<prefix>| <ipaddress>}

global-id

1 to 4294967295

prefix

1 to 4294967295

ipaddress

a.b.c.d

Platforms

All

speed

speed

Syntax

speed {10 | 100 | 1000 | 10000 | 25000 | 40000 | 50000 | 100000}

Context

[Tree] (config>port>ethernet speed)

Full Context

configure port ethernet speed

Description

For ports that support multiple speeds, this command configures the port speed to be used. This applies to the following:

  • fast Ethernet when autonegotiate is disabled

  • 10/100/1000 Ethernet when autonegotiate is disabled

  • 10/1G ports supporting 10G SFP+ or 1G SFP

  • 40/100G ports supporting QSFP28s on non-connector-based MDAs

If the port is configured to autonegotiate this parameter is ignored. Speed cannot be configured for ports that are part of a Link Aggregation Group (LAG).

Default

dependent on port type

Parameters

10

Sets the link to 10 Mb/s speed.

100

Sets the link to 100 Mb/s speed.

1000

Sets the link to 1000 Mb/s speed.

10000

Sets the link to 10000 Mb/s speed.

25000

Sets the link to 25000 Mb/s speed.

40000

Sets the link to 40000 Mb/s speed.

50000

Sets the link to 50000 Mb/s speed.

100000

Sets the link to 100000 Mb/s speed.

Platforms

All

speed

Syntax

speed {oc3 | oc12}

no speed

Context

[Tree] (config>port>sonet-sdh speed)

Full Context

configure port sonet-sdh speed

Description

This command configures the speed of a SONET/SDH port as either OC3 or OC12. The framer for this MDA operates in groups of four. Changing the port speed for a port requires resetting the framer and causes a slight disruption on all four ports. The first framer controls ports 1,2,3,4, the second framer controls ports 5,6,7,8 and so on.

To change the port speed on a SONET/SDH port, the port must be administratively shut down and all channels must be removed. When the port speed is changed, the default channel configuration is recreated.

The no form of this command reverts back to default.

This command is supported on TDM satellite.

Default

speed oc12

Parameters

oc3

Sets the speed of the port to OC-3.

oc12

Sets the speed of the port to OC-12.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

speed

Syntax

speed {56 | 64}

Context

[Tree] (config>port>tdm>e1>channel-group speed)

[Tree] (config>port>tdm>ds1>channel-group speed)

Full Context

configure port tdm e1 channel-group speed

configure port tdm ds1 channel-group speed

Description

This command sets the speed of the DS-0 channels used in the associated channel-group.

Default

speed 64

Parameters

56

Specifies that 56k byte (7-bits per byte) encoding will be used for the associated DS-0 channels. This channel speed value is only supported on the m4-chds3-as and m12-chds3-as MDAs and on DS-1 channels (ESF and SF framing) and not on E-1 (G.704) channels.

64

Specifies that 64k byte (8-bits per byte) encoding will be used for the associated DS-0 channels.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

speed

Syntax

speed speed

Context

[Tree] (bof speed)

Full Context

bof speed

Description

This command configures the speed for the CPM management Ethernet port when autonegotiation is disabled in the running configuration and the Boot Option File (BOF).

If the port is configured to autonegotiate, this parameter is ignored.

Available speed options are dependent on the specific CPM variant in the system.

Default

speed 100

Parameters

speed

Sets the link speed, in Mb/s.

Values

10, 100, 1000

Platforms

All

spf

spf

Syntax

[no] spf [level-number] [system-id]

Context

[Tree] (debug>router>isis spf)

Full Context

debug router isis spf

Description

This command enables debugging for IS-IS SFP.

The no form of the command disables debugging.

Parameters

system-id

When specified, only the specified system-id is debugged. A 6-octet system identifier (xxxx.xxxx.xxxx).

level-number

Specifies the interface level (1, 2, or 1 and 2).

Platforms

All

spf

Syntax

spf [type] [dest-addr]

no spf

Context

[Tree] (debug>router>ospf spf)

[Tree] (debug>router>ospf3 spf)

Full Context

debug router ospf spf

debug router ospf3 spf

Description

This command enables debugging for OSPF SPF. Information regarding overall SPF start and stop times will be shown. To see detailed information regarding the SPF calculation of a given route, the route must be specified as an optional argument.

Parameters

type

Specifies the area to debug.

Values

intra-area, inter-area, external

dest-addr

Specifies the destination IP address to debug.

Platforms

All

spf-wait

spf-wait

Syntax

spf-wait spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]

no spf-wait

Context

[Tree] (config>service>vpls>b-vpls>spb>timers spf-wait)

Full Context

configure service vpls b-vpls spb timers spf-wait

Description

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, etc., until it reaches the spf-wait value. The SPF interval will stay at spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

Default

no spf-wait

Parameters

spf-wait

Specifies the maximum interval in milliseconds between two consecutive SPF calculations.

Values

10 to 120000

Default

10000

spf-initial-wait

Specifies the initial SPF calculation delay in milliseconds after a topology change.

Values

10 to 100000

Default

1000

spf-second-wait

Specifies the hold time in milliseconds between the first and second SPF calculation.

Values

10 to 100000

Default

1000

spf-wait

Syntax

spf-wait spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]

no spf-wait

Context

[Tree] (config>service>vpls>spb>timers spf-wait)

Full Context

configure service vpls spb timers spf-wait

Description

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

Note:

The IS-IS timer granularity is 100 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default

spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000

Parameters

spf-wait

Specifies the maximum interval in milliseconds between two consecutive SPF calculations.

Values

10 to 120000

Default

10000

initial-wait

Specifies the initial SPF calculation delay in milliseconds after a topology change

Values

10 to 100000

Default

1000

second-wait

Specifies the hold time in milliseconds between the first and second SPF calculation

Values

10 to 100000

Default

1000

Platforms

All

spf-wait

Syntax

spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second-wait]

no spf-wait

Context

[Tree] (config>service>vprn>isis>timers spf-wait)

Full Context

configure service vprn isis timers spf-wait

Description

This command defines the maximum interval, in milliseconds, between two consecutive SPF calculations. Timers that determine when to initiate the first, second and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and the next SPF after that will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to the SPF initial-wait value.

Note:

The timer granularity is 100 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Parameters

spf-wait

Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.

Values

10 to 120000

Default

10000

initial-wait

Specifies the initial SPF calculation delay, in milliseconds, after a topology change.

Values

10 to 100000

Default

1000

second-wait

Specifies the hold time, in milliseconds, between the first and second SPF calculation.

Values

10 to 100000

Default

1000

Platforms

All

spf-wait

Syntax

spf-wait max-spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]

no spf-wait

Context

[Tree] (config>service>vprn>ospf3>timers spf-wait)

[Tree] (config>service>vprn>ospf>timers spf-wait)

Full Context

configure service vprn ospf3 timers spf-wait

configure service vprn ospf timers spf-wait

Description

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

Use the no form of this command to return to the default.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Parameters

max-spf-wait

Specifies the maximum interval in milliseconds between two consecutive SPF calculations.

Values

10 to 120000

Default

10000

spf-initial-wait

Specifies the initial SPF calculation delay in milliseconds after a topology change.

Values

10 to 100000

Default

1000

spf-second-wait

Specifies the hold time in milliseconds between the first and second SPF calculation.

Values

10 to 100000

Default

1000

Platforms

All

spf-wait

Syntax

spf-wait max-wait [initial-wait initial-wait] [second-wait second-wait]

no spf-wait

Context

[Tree] (config>router>bgp>optimal-route-reflection spf-wait)

Full Context

configure router bgp optimal-route-reflection spf-wait

Description

This command controls the interval between consecutive SPF calculations performed by the TE DB in support of BGP optimal route reflection. The time parameters of this command implement an exponential back-off algorithm.

The no form of this command causes a return to default values.

Default

no spf-wait

Parameters

max-wait

Specifies the maximum interval in seconds between two consecutive SPF calculations.

Values

1 to 600

Default

60

initial-wait initial-wait

Specifies the initial SPF calculation delay in seconds after a topology change.

Values

1 to 300

Default

5

second-wait second-wait

Specifies the delay in seconds between the first and second SPF calculation.

Values

1 to 300

Default

15

Platforms

All

spf-wait

Syntax

spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second-wait]]

no spf-wait

Context

[Tree] (config>router>isis>timers spf-wait)

Full Context

configure router isis timers spf-wait

Description

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, etc., until it reaches the spf-wait value. The SPF interval will stay at spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

Note:

The timer granularity is 100 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default

spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000

Parameters

spf-wait

Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.

Values

10 to 120000

initial-wait

Specifies the initial SPF calculation delay, in milliseconds, after a topology change.

Values

10 to 100000

second-wait

Specifies the hold time, in milliseconds, between the first and second SPF calculation.

Values

10 to 100000

Platforms

All

spf-wait

Syntax

spf-wait max-spf-wait [spf-initial-wait spf-initial-wait [spf-second-wait spf-second-wait]]

no spf-wait

Context

[Tree] (config>router>ospf3>timers spf-wait)

[Tree] (config>router>ospf>timers spf-wait)

Full Context

configure router ospf3 timers spf-wait

configure router ospf timers spf-wait

Description

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command. Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

The timer must be entered in increments of 100 milliseconds. Values entered that do not match this requirement will be rejected.

Use the no form of this command to return to the default.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is greater than or equal to 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default

spf-wait 10000

Parameters

max-spf-wait

Specifies the maximum interval in milliseconds between two consecutive SPF calculations.

Values

10 to 120000

Default

10000

spf-initial-wait

Specifies the initial SPF calculation delay in milliseconds after a topology change.

Values

10 to 100000

Default

1000

spf-second-wait

Specifies the hold time in milliseconds between the first and second SPF calculation.

Values

10 to 100000

Default

1000

Platforms

All

spi

spi

Syntax

spi spi

no spi

Context

[Tree] (config>ipsec>static-sa spi)

Full Context

configure ipsec static-sa spi

Description

This command configures the SPI key value for an IPsec manual SA.

This command specifies the SPI (Security Parameter Index) used to lookup the instruction to verify and decrypt the incoming IPsec packets when the value of the direction command is inbound.

The SPI value specifies the SPI that will be used in the encoding of the outgoing packets when the when the value of the direction command is outbound. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet.

If no spi is selected, then this static SA cannot be used.

The no form of this command reverts to the default value.

Default

no spi

Parameters

spi

Specifies the security parameter index for this SA.

Values

256 to 16383

Platforms

All

spi-load-balancing

spi-load-balancing

Syntax

[no] spi-load-balancing

Context

[Tree] (config>service>template>vpls-template>load-balancing spi-load-balancing)

[Tree] (config>service>vpls>load-balancing spi-load-balancing)

Full Context

configure service template vpls-template load-balancing spi-load-balancing

configure service vpls load-balancing spi-load-balancing

Description

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default

no spi-load-balancing

Platforms

All

spi-load-balancing

Syntax

[no] spi-load-balancing

Context

[Tree] (config>service>ies>if>load-balancing spi-load-balancing)

Full Context

configure service ies interface load-balancing spi-load-balancing

Description

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default

no spi-load-balancing

Platforms

All

spi-load-balancing

Syntax

[no] spi-load-balancing

Context

[Tree] (config>service>vprn>nw-if>load-balancing spi-load-balancing)

Full Context

configure service vprn network-interface load-balancing spi-load-balancing

Description

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default

no spi-load-balancing

Platforms

All

spi-load-balancing

Syntax

[no] spi-load-balancing

Context

[Tree] (config>router>if>load-balancing spi-load-balancing)

Full Context

configure router interface load-balancing spi-load-balancing

Description

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default

no spi-load-balancing

Platforms

All

spi-sharing-group-id

spi-sharing-group-id

Syntax

spi-sharing-group-id group-id

no spi-sharing-group-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings spi-sharing-group-id)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings spi-sharing-group-id)

Full Context

configure subscriber-mgmt local-user-db ppp host identification-strings spi-sharing-group-id

configure subscriber-mgmt local-user-db ipoe host identification-strings spi-sharing-group-id

Description

This command configures the SLA Profile Instance (SPI) sharing group identifier for an IPoE or PPPoE session. It overrides the default SPI sharing method (def-instance-sharing) configured in the SLA profile.

When an spi-sharing-group-id is configured, the IPoE or PPPoE session shares the SLA Profile Instance with other IPoE or PPPoE sessions from the same subscriber that: have the same SLA profile associated, are active on the same SAP, and have the same group identifier.

Configuring an spi-sharing-group-id group-id for an IPoE host, when the IPoE session is disabled on the group interface, results in a setup failure.

The no form of this command returns the SPI sharing group identifier to its default.

Parameters

group-id

Specifies the SPI group identifier.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

spi-sharing-id

spi-sharing-id

Syntax

[no] spi-sharing-id

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute spi-sharing-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute spi-sharing-id

Description

This command enables RADIUS accounting messages to include the Alc-SPI-Sharing-Id RADIUS attribute. Together with the SLA profile name, this attribute provides details on the applicable SPI or queuing instance for this accounting session.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

split-horizon

split-horizon

Syntax

split-horizon

no split-horizon

Context

[Tree] (config>service>vprn>bgp>group split-horizon)

[Tree] (config>service>vprn>bgp split-horizon)

[Tree] (config>service>vprn>bgp>group>neighbor split-horizon)

Full Context

configure service vprn bgp group split-horizon

configure service vprn bgp split-horizon

configure service vprn bgp group neighbor split-horizon

Description

This command enables the use of split-horizon. When applied globally, to a group, or a specific peer, split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer; confed-EBGP, EBGP and IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

Caution:

Use of the split-horizon command may have a detrimental impact on peer and route scaling and therefore operators are encouraged to use it only when absolutely needed.

The no form of this command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default

no split-horizon

Platforms

All

split-horizon

Syntax

split-horizon {enable | disable}

no split-horizon

Context

[Tree] (config>service>vprn>ripng split-horizon)

[Tree] (config>service>vprn>rip split-horizon)

[Tree] (config>service>vprn>ripng>group split-horizon)

[Tree] (config>service>vprn>ripng>group>neighbor split-horizon)

[Tree] (config>service>vprn>rip>group>neighbor split-horizon)

[Tree] (config>service>vprn>rip>group split-horizon)

Full Context

configure service vprn ripng split-horizon

configure service vprn rip split-horizon

configure service vprn ripng group split-horizon

configure service vprn ripng group neighbor split-horizon

configure service vprn rip group neighbor split-horizon

configure service vprn rip group split-horizon

Description

This command enables the use of split-horizon. RIP uses split horizon with poison reverse to protect from such problems as "counting to infinity”. Split horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The no form of this command disables the split-horizon command, which allows the lower level to inherit the setting from an upper level.

Default

split-horizon enable

Parameters

enable

Enables split horizon and poison reverse.

disable

Enables split horizon without poison reverse. This allows the routes to be readvertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular, if no value is set (no split-horizon), the lower level inherits the setting from the less-specific level.

Platforms

All

split-horizon

Syntax

[no] split-horizon

Context

[Tree] (config>router>bgp>group split-horizon)

[Tree] (config>router>bgp>group>neighbor split-horizon)

[Tree] (config>router>bgp split-horizon)

Full Context

configure router bgp group split-horizon

configure router bgp group neighbor split-horizon

configure router bgp split-horizon

Description

This command enables the use of split-horizon. Split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer; confed-EBGP, EBGP and IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

Default

no split-horizon

Platforms

All

split-horizon

Syntax

split-horizon {enable | disable}

no split-horizon

Context

[Tree] (config>router>rip>group>neighbor split-horizon)

[Tree] (config>router>ripng>group>neighbor split-horizon)

[Tree] (config>router>ripng split-horizon)

[Tree] (config>router>rip split-horizon)

[Tree] (config>router>ripng>group split-horizon)

[Tree] (config>router>rip>group split-horizon)

Full Context

configure router rip group neighbor split-horizon

configure router ripng group neighbor split-horizon

configure router ripng split-horizon

configure router rip split-horizon

configure router ripng group split-horizon

configure router rip group split-horizon

Description

This command enables the use of split-horizon.

RIP uses split-horizon with poison-reverse to protect from such problems as "counting to infinity”. Split-horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The split-horizon disable command enables split horizon without poison reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no split-horizon), the setting from the less specific level is inherited by the lower level.

The no form of the command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default

enabled

Parameters

enable

Specifies enable split horizon and poison reverse.

disable

Specifies disable split horizon allowing routes to be re-advertised on the same interface on which they were learned with the advertised metric incremented by the metric-in value.

Platforms

All

split-horizon-group

split-horizon-group

Syntax

split-horizon-group [group-name] [residential-group] [create]

Context

[Tree] (config>service>vpls split-horizon-group)

Full Context

configure service vpls split-horizon-group

Description

This command creates a new split horizon group for the VPLS instance. Traffic arriving on a SAP or spoke-SDP within this split horizon group will not be copied to other SAPs or spoke-SDPs in the same split horizon group.

A split horizon group must be created before SAPs and spoke-SDPs can be assigned to the group.

The split horizon group is defined within the context of a single VPLS. The same group-name can be re-used in different VPLS instances.

Up to 30 split horizon groups can be defined per VPLS instance. Half are supported in i-VPLS.

The no form of this command removes the group name from the configuration.

Default

A split horizon group is by default not created as a residential-group.

Parameters

group-name

Specifies the name of the split horizon group to which the SDP belongs

residential-group

Defines a split horizon group as a residential split horizon group (RSHG). Doing so entails that:

a) SAPs which are members of this Residential Split Horizon Group will have:

  • Double-pass queuing at ingress as default setting (can be disabled)

  • STP disabled (cannot be enabled)

  • ARP reply agent enabled per default (can be disabled)

  • MAC pinning enabled per default (can be disabled)

  • Downstream broadcast packets are discarded thus also blocking the unknown, flooded traffic

  • Downstream multicast packets are allowed when IGMP snooping is enabled

b) Spoke SDPs which are members of this Residential Split Horizon Group will have:

  • Downstream multicast traffic supported

  • Double-pass queuing is not applicable

  • STP is disabled (can be enabled)

  • ARP reply agent is not applicable (dhcp-lease-states are not supported on spoke-SDPs)

  • MAC pinning enabled per default (can be disabled)

Platforms

All

split-horizon-group

Syntax

split-horizon-group group-name

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only split-horizon-group)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters split-horizon-group

Description

This command specifies the name of the split horizon group to which the MSAP belongs.

Parameters

group-name

Specifies the split horizon group name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

split-horizon-group

Syntax

split-horizon-group name

no split-horizon-group

Context

[Tree] (config>service>vpls>bgp-evpn>srv6 split-horizon-group)

[Tree] (config>service>vpls>bgp-evpn>mpls split-horizon-group)

Full Context

configure service vpls bgp-evpn segment-routing-v6 split-horizon-group

configure service vpls bgp-evpn mpls split-horizon-group

Description

This command allows the user to configure an explicit split-horizon-group for all BGP-EVPN MPLS or SRv6 destinations that can be shared by other SAPs and/or spoke SDPs. The use of explicit split-horizon-groups for EVPN-MPLS or SRv6 and spoke SDPs allows the integration of VPLS and EVPN-MPLS or SRv6 networks.

If the split-horizon-group command for bgp-evpn>mpls/srv6 contexts is not used, the default split-horizon-group (that contains all the EVPN destinations) is still used, but it is not possible to refer to it on SAPs/spoke SDPs. User-configured split-horizon-groups can be configured within the service context. The same group-name can be associated to SAPs, spoke SDPs, pw-templates, pw-template-bindings and EVPN-MPLS or SRv6 destinations. The configuration of bgp-evpn>mpls/srv6> split-horizon-group is only allowed if bgp-evpn>mpls/srv6 is shutdown; no changes are allowed when bgp-evpn>mpls/srv6 is no shutdown.

When the SAPs and/or spoke SDPs (manual or BGP-AD-discovered) are configured within the same split-horizon-group as the EVPN-MPLS or SRv6 endpoints, MAC addresses are still learned on them but they are not advertised in BGP-EVPN. If provider-tunnel is enabled in the bgp-evpn service, the SAPs and SDP bindings that share the same split-horizon-group of the EVPN-MPLS provider-tunnel are brought operationally down if the point-to-multipoint tunnel is operationally up.

Default

no split-horizon-group

Parameters

name

Specifies the split-horizon-group name.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

  • configure service vpls bgp-evpn segment-routing-v6 split-horizon-group

All

  • configure service vpls bgp-evpn mpls split-horizon-group

split-horizon-group

Syntax

split-horizon-group group-name

no split-horizon-group

Context

[Tree] (config>service>vpls>site split-horizon-group)

Full Context

configure service vpls site split-horizon-group

Description

This command configures the value of split-horizon group associated with this site.

The no form of this command reverts the default.

Default

no split-horizon-group

Parameters

group-name

Specifies a split-horizon group name

Platforms

All

split-horizon-group

Syntax

split-horizon-group group-name

no split-horizon-group

Context

[Tree] (config>service>pw-template split-horizon-group)

Full Context

configure service pw-template split-horizon-group

Description

This command creates a new split horizon group (SGH).

Comparing a "residential” SGH and a "regular” SHG is that a residential SHG:

  • Has different defaults for the SAP or SDP that belong to this group (ARP reply agent enabled (SAP only), MAC pinning enabled). These can be disabled in the configuration.

  • Does not allow enabling spanning tree (STP) on a SAP. It is allowed on an SDP.

  • Does not allow for downstream broadcast (broadcast/unknown unicast) on a SAP. It is allowed on an SDP.

  • On a SAP, downstream multicast is only allowed when IGMP is enabled (for which an MFIB state exists; only IP multicast); on a SDP, downstream mcast is allowed.

When the feature was initially introduced, residential SHGs were also using ingress shared queuing by default to increase SAP scaling.

A residential SAP (SAP that belongs to a RSHG) is used to scale the number of SAPs in a single VPLS instance. The limit depends on the hardware used and is higher for residential SAPs (where there is no need for egress multicast replication on residential SAPs) than for regular SAPs. Therefore, residential SAPs are useful in residential aggregation environments (for example, triple play networks) with a VLAN/subscriber model.

The no form of the command removes the group name from the configuration.

Parameters

group-name

Specifies the name of the split horizon group to which the SDP belongs.

residential-group

Defines a split horizon group as a residential split horizon group (RSHG). Doing so entails that:

  • SAPs which are members of this Residential Split Horizon Group will have:

    • Double-pass queuing at ingress as default setting (can be disabled)

    • STP disabled (cannot be enabled)

    • ARP reply agent enabled per default (can be disabled)

    • MAC pinning enabled per default (can be disabled)

    • Downstream Broadcast packets are discarded thus also blocking the unknown, flooded traffic

    • Downstream Multicast packets are allowed when IGMP snooping is enabled

  • Spoke SDPs which are members of this Residential Split Horizon Group will have:

    • Downstream multicast traffic supported

    • Double-pass queuing is not applicable

    • STP is disabled (can be enabled)

    • ARP reply agent is not applicable on the 7750 SR and 7450 ESS (dhcp-lease-states are not supported on spoke SDPs)

    • MAC pinning enabled per default (can be disabled)

Platforms

All

spoke-sdp

spoke-sdp

Syntax

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create]

no spoke-sdp sdp-id[:vc-id]

Context

[Tree] (config>service>vpls spoke-sdp)

Full Context

configure service vpls spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPLS service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. When removed, no packets are forwarded to the far-end router.

Default

No sdp-id is bound to a service.

Parameters

sdp-id

Specifies the SDP identifier

Values

1 to 32767

vc-id

Specifies the virtual circuit identifier

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. Changing the binding’s VC type causes the binding to signal the new VC type to the far end when signaling is enabled. VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ether, vlan

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke SDP binding. (hex 5)

vlan

Defines the VC type as VLAN. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings.

The VLAN VC-type inserts one dot1q tag within each encapsulated Ethernet packet transmitted to the far end and strips one dotQ tag, if a tag is present, from traffic received on the pseudowire.

The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

group-name

Specifies the name of the split horizon group to which the SDP belongs

endpoint

Specifies the service endpoint to which this SDP bind is attached. The service ID of the SDP binding must match the service ID of the service endpoint.

no endpoint

Removes the association of a spoke SDP with an explicit endpoint name

root-leaf-tag

Specifies a tagging spoke SDP under an E-Tree VPLS. When a tag SDP binding is required, it is created with a root-leaf-tag flag. Only VLAN tag SDP bindings are supported. The VLAN type must be set to VC VLAN type. The root-leaf-tag parameter indicates this SDP binding is a tag SDP that will use a default VID tag of 1 for root and 2 for leaf. The SDP binding tags egress E-Tree traffic with root and leaf VIDs as appropriate. Root and leaf VIDs are only significant between peering VPLS but the values must be consistent on each end. On ingress a tag SDP binding removes the VID tag on the interface between VPLS in the same E-Tree service. The tag SDP receives root tagged traffic and marks the traffic with a root indication internally. This option is not available on BGP EVPN-enabled E-Tree services.

leaf-ac

Specifies an access (AC) spoke SDP binding under a E-Tree VPLS as a leaf access (AC) SDP. The default E-Tree SDP binding type is a root-ac if leaf-ac or root-leaf-tag is not specified at SDP creation. This option is only available when the VPLS is designated as an E-Tree VPLS. BGP EVPN-enabled E-Tree VPLS services support the leaf-ac option.

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create] endpoint endpoint root-leaf-tag

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create] endpoint endpoint leaf-ac

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create] [no-endpoint]

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create] endpoint endpoint

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create] [no-endpoint] leaf-ac

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] [create] [no-endpoint] root-leaf-tag

no spoke-sdp sdp-id[:vc-id]

Context

[Tree] (config>service>vpls spoke-sdp)

Full Context

configure service vpls spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge port where flooded traffic received on the spoke SDP is replicated on all other ports (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPLS service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end 7450 ESS or 7750 SR devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Parameters

sdp-id

Specifies the SDP identifier.

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier.

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the binding’s VC type causes the binding to signal the new VC type to the far end when signaling is enabled.

VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ether, vlan

ether

Defines the VC type as Ethernet. The ethernet, vlan, and vpls keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke SDP binding (hex 5).

vlan

Defines the VC type as VLAN. The ethernet, vlan, and vpls keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. The VLAN VC-type requires at least one dot1Q tag within each encapsulated Ethernet packet transmitted to the far end.

group-name

Specifies the name of the split horizon group to which the SDP belongs.

root-leaf-tag

Specifies a SAP as a root leaf tag SDP. This option is only available when the VPLS is designated as an E-Tree VPLS.

leaf-tag-vid

Specifies to replace the outer SDP ID for leaf traffic. The leaf tag VID is only significant between peering VPLS but the values must be consistent on each end.

leaf-ac

Specifies a SDP as a leaf access (AC) SDP. The default E-Tree SAP type is root AC if leaf-ac (or root-leaf-tag) is not specified at SDP creation. This option is only available when the VPLS is designated as an E-Tree VPLS.

create

Keyword used to create the spoke SDP. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id [vc-type { ether | vlan}] [split-horizon-group group-name] endpoint [no-endpoint] [root-leaf-tag | leaf-ac]

no spoke-sdp sdp-id:vc-id

Context

[Tree] (config>service>vpls spoke-sdp)

Full Context

configure service vpls spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP). A spoke-SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke-SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPLS service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. After it is removed, no packets are forwarded to the far-end router.

Parameters

sdp-id

Specifies the SDP identifier

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled. VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ether, vlan

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke-SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke-SDP binding. (hex 5)

vlan

Defines the VC type as VLAN. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke-SDP bindings. The VLAN VC-type inserts one dot1q tag within each encapsulated Ethernet packet transmitted to the far end and strips one dotQ tag, if a tag is present, from traffic received on the pseudowire.

Note: The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

group-name

Specifies the name of the split horizon group to which the SDP belongs.

endpoint

Specifies the service endpoint to which this SDP bind is attached. The service ID of the SDP binding must match the service ID of the service endpoint.

no endpoint

Removes the association of a spoke-SDP with an explicit endpoint name.

root-leaf-tag

Specifies a tagging spoke-SDP under an E-Tree VPLS. When a tag SDP binding is required, it is created with a root-leaf-tag flag. Only VLAN tag SDP bindings are supported. The VLAN type must be set to VC VLAN type. The root-leaf-tag parameter indicates this SDP binding is a tag SDP that will use a default VID tag of 1 for root and 2 for leaf. The SDP binding tags egress E-Tree traffic with root and leaf VIDs as appropriate. Root and leaf VIDs are only significant between peering VPLS but the values must be consistent on each end. On ingress a tag SDP binding removes the VID tag on the interface between VPLS in the same E-Tree service. The tag SDP receives root tagged traffic and marks the traffic with a root indication internally. This option is not available on BGP EVPN-enabled E-Tree services.

leaf-ac

Specifies an access (AC) spoke-SDP binding under a E-Tree VPLS as a leaf access (AC) SDP. The default E-Tree SDP binding type is a root-ac if leaf-ac or root-leaf-tag is not specified at SDP creation. This option is only available when the VPLS is designated as an E-Tree VPLS. BGP EVPN-enabled E-Tree VPLS services support the leaf-ac option.

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [split-horizon-group group-name] endpoint [no-endpoint] [root-leaf-tag | leaf-ac]

no spoke-sdp sdp-id[:vc-id]

Context

[Tree] (config>service>vpls spoke-sdp)

Full Context

configure service vpls spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP). A spoke-SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke-SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPLS service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

No sdp-id is bound to a service.

Parameters

sdp-id

Specifies the SDP identifier

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled. VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ether, vlan

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke-SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke-SDP binding. (hex 5)

vlan

Defines the VC type as VLAN. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke-SDP bindings. The VLAN VC-type inserts one dot1q tag within each encapsulated Ethernet packet transmitted to the far end and strips one dotQ tag, if a tag is present, from traffic received on the pseudowire.

Note: The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

group-name

Specifies the name of the split horizon group to which the SDP belongs

endpoint

Specifies the service endpoint to which this SDP bind is attached. The service ID of the SDP binding must match the service ID of the service endpoint.

no endpoint

Removes the association of a spoke-SDP with an explicit endpoint name

root-leaf-tag

Specifies a tagging spoke-SDP under an E-Tree VPLS. When a tag SDP binding is required, it is created with a root-leaf-tag flag. Only VLAN tag SDP bindings are supported. The VLAN type must be set to VC VLAN type. The root-leaf-tag parameter indicates this SDP binding is a tag SDP that will use a default VID tag of 1 for root and 2 for leaf. The SDP binding tags egress E-Tree traffic with root and leaf VIDs as appropriate. Root and leaf VIDs are only significant between peering VPLS but the values must be consistent on each end. On ingress a tag SDP binding removes the VID tag on the interface between VPLS in the same E-Tree service. The tag SDP receives root tagged traffic and marks the traffic with a root indication internally. This option is not available on BGP EVPN-enabled E-Tree services.

leaf-ac

Specifies an access (AC) spoke-SDP binding under a E-Tree VPLS as a leaf access (AC) SDP. The default E-Tree SDP binding type is a root-ac if leaf-ac or root-leaf-tag is not specified at SDP creation. This option is only available when the VPLS is designated as an E-Tree VPLS. BGP EVPN-enabled E-Tree VPLS services support the leaf-ac option.

Platforms

All

spoke-sdp

Syntax

[no] spoke-sdp sdp-id

Context

[Tree] (config>service>vprn spoke-sdp)

Full Context

configure service vprn spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPRN service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end 7750 SR devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Parameters

sdp-id

Specifies the SDP identifier. Allowed values are integers in the range of 1 and 17407 for existing SDPs.

vc-id

Specifies the virtual circuit identifier.

Values

1 to 4294967295

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id[:vc-id] [vc-type {ether | ipipe}] [create]

no spoke-sdp sdp-id[:vc-id]

Context

[Tree] (config>service>ies>if spoke-sdp)

[Tree] (config>service>vprn>if spoke-sdp)

[Tree] (config>service>ies>redundant-interface spoke-sdp)

[Tree] (config>service>vprn>red-if spoke-sdp)

Full Context

configure service ies interface spoke-sdp

configure service vprn interface spoke-sdp

configure service ies redundant-interface spoke-sdp

configure service vprn redundant-interface spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with an IES service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN services. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.

Default

no spoke-sdp

Parameters

sdp-id

Specifies the SDP identifier. Allowed values are integers in the range of 1 and 17407 for existing SDPs.

vc-id

Specifies the virtual circuit identifier.

Values

1 to 4294967295

vc-type

Specifies the encapsulation and pseudowire type for the spoke SDP.

Values

ether: specifies Ethernet pseudowire as the type of virtual circuit (VC) associated with the SDP binding

ipipe: specifies Ipipe pseudowire as the type of virtual circuit (VC) associated with the SDP binding

Default

ether

create

Keyword used to create the spoke SDP. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

  • configure service ies interface spoke-sdp
  • configure service vprn interface spoke-sdp

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies redundant-interface spoke-sdp
  • configure service vprn redundant-interface spoke-sdp

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id

no spoke-sdp

Context

[Tree] (config>service>vpls>site spoke-sdp)

Full Context

configure service vpls site spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP).

The no form of this command removes the parameter from the configuration.

Parameters

sdp-id

Specifies the SDP identifier

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier.

Values

1 to 429496729

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id[:vc-id] [no-endpoint]

spoke-sdp sdp-id[:vc-id] endpoint endpoint-name [icb]

no spoke-sdp sdp-id[:vc-id]

Context

[Tree] (config>service>cpipe spoke-sdp)

[Tree] (config>service>ipipe spoke-sdp)

Full Context

configure service cpipe spoke-sdp

configure service ipipe spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end SR/ESS devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

No sdp-id is bound to a service.

Parameters

sdp-id

The SDP identifier.

Values

1 to 32767

vc-id

The virtual circuit identifier.

Values

1 to 4294967295

no-endpoint

Adds or removes a spoke SDP association.

endpoint-name

Specifies the name of the service endpoint.

icb

Configures the spoke SDP as an inter-chassis backup SDP binding.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp

All

  • configure service ipipe spoke-sdp

spoke-sdp

Syntax

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [create] [no-endpoint]

spoke-sdp sdp-id[:vc-id] [vc-type {ether | vlan}] [create] endpoint endpoint-name [icb]

no spoke-sdp sdp-id[:vc-id]

Context

[Tree] (config>service>epipe spoke-sdp)

Full Context

configure service epipe spoke-sdp

Description

This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with an Epipe, VPLS, VPRN, VPRN service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

This command can also be used to associate a GRE tunnel carrying Ethernet payload with an Epipe and terminate it on a PW port referenced within the same Epipe service. The spoke SDP represents a L2oGRE tunnel with SDP delivery type set to eth-gre-bridged. With this configuration, the vc-id is unused since there is no multiplexing of Ethernet payload within the same tunnel. The vc-id value is included only to maintain the expected spoke SDP structure within an EPIPE service. For L2oGRE tunnels, the vc-id can be set to any arbitrary value within its configurable range.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

No sdp-id is bound to a service.

Parameters

sdp-id

The SDP identifier.

Values

1 to 17407

vc-id

The virtual circuit identifier. The VC-ID is not used with L2TPv3 SDPs or L2oGRE tunnels, however it must be configured.

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled.

VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ethernet

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke SDP binding.

vlan

Defines the VC type as VLAN. The top VLAN tag, if a VLAN tag is present, is stripped from traffic received on the pseudowire, and a VLAN tag is inserted when forwarding into the pseudowire. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings.

The VLAN VC-type requires at least one dot1q tag within each encapsulated Ethernet packet transmitted to the far end.

Note: The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

no-endpoint

Removes the association of a spoke SDP with an explicit endpoint name.

endpoint-name

Specifies the name of the service endpoint.

icb

Specifies the spoke SDP as an inter-chassis backup SDP binding.

Platforms

All

spoke-sdp

Syntax

[no] spoke-sdp spoke-id

Context

[Tree] (config>service>vpls>mac-move>primary-ports spoke-sdp)

[Tree] (config>service>vpls>mac-move>secondary-ports spoke-sdp)

Full Context

configure service vpls mac-move primary-ports spoke-sdp

configure service vpls mac-move secondary-ports spoke-sdp

Description

This command declares a specified spoke-SDP as a primary (or secondary) VPLS port.

Parameters

spoke-id

Specifies the SDP ID to configure as the primary VPLS port

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier

Values

1 to 4294967295

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id [create]

no spoke-sdp sdp-id:vc-id

Context

[Tree] (config>service>ies>aarp-interface spoke-sdp)

Full Context

configure service ies aarp-interface spoke-sdp

Description

This command binds a service to an existing SDP. A spoke SDP is treated like the equivalent of a traditional bridge port where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

no spoke-sdp

Parameters

sdp-id

Specifies the SDP identifier.

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier. The VC-ID is not used with L2TPv3 SDPs, however it must be configured.

Values

1 to 4294967295

create

Keyword used to create the spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id [create]

no spoke-sdp sdp-id:vc-id

Context

[Tree] (config>service>vprn>aarp-interface spoke-sdp)

Full Context

configure service vprn aarp-interface spoke-sdp

Description

This command binds a service to an existing SDP. A spoke SDP is treated like the equivalent of a traditional bridge port where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

no spoke-sdp

Parameters

sdp-id

— Specifies the SDP identifier.

Values

1 to 17407

vc-id

The virtual circuit identifier. The VC-ID is not used with L2TPv3 SDPs, however it must be configured.

Values

1 to 4294967295

create

Keyword used to create the spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id [create] [no-endpoint]

spoke-sdp sdp-id:vc-id [create] endpoint name [icb]

no sdp sdp-id:vc-id

Context

[Tree] (config>mirror>mirror-dest spoke-sdp)

[Tree] (config>mirror>mirror-dest>remote-source spoke-sdp)

Full Context

configure mirror mirror-dest spoke-sdp

configure mirror mirror-dest remote-source spoke-sdp

Description

This command binds an existing (mirror) service distribution path (SDP) to the mirror destination service ID.

Spoke SDPs are used to send and receive mirrored traffic between mirror source and destination routers in a remote mirroring solution. A spoke SDP configured in the remote-source context (remote-src>spoke-sdp) is used on the destination router. A spoke SDP configured in the mirror service context (mirror-dest>spoke-sdp) is used on the source router.

The destination node should be configured with remote-src>spoke-sdp entries when using L2TPv3, MPLS-TP or LDP IPv6 LSP SDPs in the remote mirroring solution. For all other types of SDPs, remote-source>far-end entries should be used.

Spoke SDPs are not applicable when routable LI encapsulation is employed (mirror-dest>encap).

A mirror destination service that is configured for a destination router must not be configured as for a source router.

The no form of this command removes the SDP binding from the mirror destination service.

Default

An SDP ID is bound to a mirror destination service ID. If no SDP is bound to the service, the mirror destination will be local and cannot be sent to another router over the core network.

Parameters

sdp-id:vc-id

Specifies a locally unique SDP identification (ID) number. The SDP ID must exist. If the SDP ID does not exist, an error will occur and the command will not execute.

For mirror services, the vc-id defaults to the service-id. However, there are scenarios where the vc-id is being used by another service. In this case, the SDP binding cannot be created. So, to avoid this, the mirror service SDP bindings now accepts vc-ids.

Values

1 to 17407

no-endpoint

Removes the association of a SAP or a SDP with an explicit endpoint name.

name

Specifies the name of the endpoint associated with the SAP.

icb

Indicates that the SDP is of type Inter-Chassis Backup (ICB). This is a special pseudowire used for MC-LAG and pseudowire redundancy application.

An explicitly named endpoint can have a maximum of one SAP and one ICB. Once a SAP is added to the endpoint, only one more object of type ICB SDP is allowed. The ICB SDP cannot be added to the endpoint if the SAP is not part of a MC-LAG instance. This means that all other SAP types cannot exist on the same endpoint as an ICB SDP since non Ethernet SAP cannot be part of a MC-LAG instance. Conversely, a SAP which is not part of a MC-LAG instance cannot be added to an endpoint which already has an ICB SDP.

An explicitly named endpoint, which does not have a SAP object, can have a maximum of four SDPs, which can include any of the following: a single primary SDP, one or many secondary SDPs with precedence, and a single ICB SDP.

Default

Null. The user should explicitly configure this option at create time. The user can remove the ICB type simply by retyping the SDP configuration without the icb keyword.

Platforms

All

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id [create]

no spoke-sdp sdp-id:vc-id

Context

[Tree] (config>service>vprn>ip-mirror-interface spoke-sdp)

Full Context

configure service vprn ip-mirror-interface spoke-sdp

Description

This command binds a service to an existing SDP.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with the VPRN service. SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down before it can be deleted from the configuration.

Parameters

sdp-id

Specifies SDP identifier.

Values

1 to 32767

vc-id

Specifies the virtual circuit identifier.

Values

1 to 4294967295

create

Keyword used to create an IP mirror interface.

Platforms

All

spoke-sdp-fec

spoke-sdp-fec

Syntax

spoke-sdp-fec

spoke-sdp-fec spoke-sdp-fec-id [fec fec-type] [aii-type aii-type] [create]

spoke-sdp-fec spoke-sdp-fec-id no-endpoint

spoke-sdp-fec spoke-sdp-fec-id [fec fec-type] [aii-type aii-type] [create] endpoint name [icb]

Context

[Tree] (config>service>epipe spoke-sdp-fec)

Full Context

configure service epipe spoke-sdp-fec

Description

This command binds a service to an existing Service Distribution Point (SDP), using a dynamic MS-PW.

A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

When using dynamic MS-PWs, the particular SDP to bind-to is automatically selected based on the Target Attachment Individual Identifier (TAII) and the path to use, specified under spoke SDP FEC. The selected SDP will terminate on the first hop S-PE of the MS-PW. Therefore, an SDP must already be defined in the config>service>sdp context that reaches the first hop router of the MS-PW. The router will in order to associate an SDP with a service. If an SDP to that is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

It differs from the spoke-sdp command in that the spoke-sdp command creates a spoke SDP binding that uses a pseudowire with the PW ID FEC. However, the spoke-sdp-fec command enables pseudowires with other FEC types to be used. Only the Generalized ID FEC (FEC129) may be specified using this command.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Parameters

spoke-sdp-fec-id

An unsigned integer value identifying the spoke SDP.

Values

1 to 4294967295

fec-type

An unsigned integer value for the type of the FEC used by the MS-PW.

Values

129 to 130

aii-type

An unsigned integer value for the Attachment Individual Identifier (AII) type used to identify the MS-PW endpoints.

Values

1 to 2

endpoint-name

Specifies the name of the service endpoint.

no endpoint

Adds or removes a spoke SDP association.

icb

Configures the spoke SDP as an inter-chassis backup SDP binding.

Platforms

All

spt-switchover-threshold

spt-switchover-threshold

Syntax

spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold

spt-switchover-threshold grp-ipv6-addr/prefix-length spt-threshold

no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}

no spt-switchover-threshold grp-ipv6-addr/prefix-length

Context

[Tree] (config>service>vprn>pim spt-switchover-threshold)

Full Context

configure service vprn pim spt-switchover-threshold

Description

This command configures a shortest path tree (SPT tree) switchover threshold for a group prefix.

Parameters

grp-ip-address

Specifies the multicast group address.

grp-ipv6-address

Specifies the multicast group address.

prefix-length

Specifies the address prefix length.

Values

grp-ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[1 to 128]

mask

Defines the mask of the multicast-ip-address.

Values

4 to 32

netmask

The subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

spt-threshold

Specifies the configured threshold in kilobits per second (kb/s) for the group to which this (S,G) belongs. For a group G configured with a threshold, switchover to SPT for an (S,G) is attempted only if the (S,G)'s rate exceeds this configured threshold.

Platforms

All

spt-switchover-threshold

Syntax

spt-switchover-threshold {grp-ipv4-prefix/ipv4-prefix-length | grp-ipv4-prefix netmask | grp-ipv6-prefix/ipv6-prefix-length} spt-threshold

no spt-switchover-threshold {grp-ipv4-prefix/ipv4-prefix-length | grp-ipv4-prefix netmask | grp-ipv6-prefix/ipv6-prefix-length}

Context

[Tree] (config>router>pim spt-switchover-threshold)

Full Context

configure router pim spt-switchover-threshold

Description

This command configures shortest path (SPT) tree switchover thresholds for group prefixes.

PIM-SM routers with directly connected routers receive multicast traffic initially on a shared tree rooted at the Rendezvous Point (RP). Once the traffic arrives on the shared tree and the source of the traffic is known, a switchover to the SPT tree rooted at the source is attempted.

For a group that falls in the range of a prefix configured in the table, the corresponding threshold value determines when the router should switch over from the shared tree to the source specific tree. The switchover is attempted only if the traffic rate on the shared tree for the group exceeds the configured threshold.

In the absence of any matching prefix in the table, the default behavior is to switchover when the first packet is seen. In the presence of multiple prefixes matching a given group, the most specific entry is used.

The no form of this command removes the parameters from the PIM configuration.

Parameters

grp-ipv4-prefix

Specifies the group IPv4 multicast address in dotted decimal notation.

Values

a.b.c.d

ipv4-prefix-length

Specifies the length of the IPv4 prefix.

Values

4 to 32

netmask

Specifies the netmask associated with the IPv4 prefix, expressed in dotted decimal notation. Network bits must be 1, and host bits must be 0.

Values

a.b.c.d

grp-ipv6-prefix

Specifies the group IPv6 multicast address in hexadecimal notation.

Values

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

xx — 0 to FF (hex)

ipv6-prefix-length

Specifies the length of the IPv6 prefix.

Values

8 to 128

spt-threshold

Specifies the configured threshold in kilobits per second (kb/s) for a group prefix. A switchover is attempted only if the traffic rate on the shared tree for the group exceeds this configured threshold. When the infinity keyword is specified, no switchover will occur at any time, regardless of the traffic level is detected.

Values

1 to 4294967294, infinity

Platforms

All

squelch

squelch

Syntax

[no] squelch

Context

[Tree] (config>system>sync-if-timing>bits>output squelch)

Full Context

configure system sync-if-timing bits output squelch

Description

This command configures the behavior of the BITSout port when there is no valid reference selected. When enabled with no valid reference, no signal is sent out the port. When disabled with no valid reference, an AIS signal is presented along with the QL-DNU/TL-DUS SSM code if the signal format supports SSM.

Default

no squelch

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

squelch-ingress-ctag-levels

squelch-ingress-ctag-levels

Syntax

squelch-ingress-ctag-levels [md-level [md-level]]

no squelch-ingress-ctag-levels

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm squelch-ingress-ctag-levels)

[Tree] (config>service>vpls>sap>eth-cfm squelch-ingress-ctag-levels)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm squelch-ingress-ctag-levels)

[Tree] (config>service>epipe>sap>eth-cfm squelch-ingress-ctag-levels)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm squelch-ingress-ctag-levels)

Full Context

configure service vpls spoke-sdp eth-cfm squelch-ingress-ctag-levels

configure service vpls sap eth-cfm squelch-ingress-ctag-levels

configure service epipe spoke-sdp eth-cfm squelch-ingress-ctag-levels

configure service epipe sap eth-cfm squelch-ingress-ctag-levels

configure service vpls mesh-sdp eth-cfm squelch-ingress-ctag-levels

Description

This command defines the levels of the ETH-CFM packets that are silently discarded on ingress into the SAP or SDP binding from the wire that matches the service delineation of the SAP or SDP binding plus an additional VLAN, up to a maximum tag length of two tags. All ETH-CFM packets inbound to the SAP or SDP binding that match the configured levels are dropped without regard for any other ETH-CFM criteria. No statistical information or drop count is available for any ETH-CFM packet that is silently discarded by this option. The list of levels must be a complete contiguous list from 0 up to the highest level to be dropped. The command must be retyped in complete form to modify a previous configuration, if the operator does not want to delete it first. Entering the command without any valid level information removes the command from the configuration and disables the feature.

The no form of this command removes the silent discarding of previously matching ETH-CFM PDUs.

Default

no squelch-ingress-ctag-levels

Parameters

md-level

Identifies the level

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

squelch-ingress-levels

squelch-ingress-levels

Syntax

squelch-ingress-levels [md-level [md-level]]

no squelch-ingress-levels

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm squelch-ingress-levels)

[Tree] (config>service>template>vpls-sap-template>eth-cfm squelch-ingress-levels)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm squelch-ingress-levels)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm squelch-ingress-levels)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm squelch-ingress-levels)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm squelch-ingress-levels)

[Tree] (config>service>vpls>sap>eth-cfm squelch-ingress-levels)

[Tree] (config>service>epipe>sap>eth-cfm squelch-ingress-levels)

[Tree] (config>service>vprn>if>sap>eth-cfm squelch-ingress-levels)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm squelch-ingress-levels)

[Tree] (config>service>ies>if>sap>eth-cfm squelch-ingress-levels)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm squelch-ingress-levels)

[Tree] (config>service>ipipe>sap>eth-cfm squelch-ingress-levels)

Full Context

configure service vprn interface spoke-sdp eth-cfm squelch-ingress-levels

configure service template vpls-sap-template eth-cfm squelch-ingress-levels

configure service vpls mesh-sdp eth-cfm squelch-ingress-levels

configure service vpls spoke-sdp eth-cfm squelch-ingress-levels

configure service epipe spoke-sdp eth-cfm squelch-ingress-levels

configure service ies interface spoke-sdp eth-cfm squelch-ingress-levels

configure service vpls sap eth-cfm squelch-ingress-levels

configure service epipe sap eth-cfm squelch-ingress-levels

configure service vprn interface sap eth-cfm squelch-ingress-levels

configure service vprn subscriber-interface group-interface sap eth-cfm squelch-ingress-levels

configure service ies interface sap eth-cfm squelch-ingress-levels

configure service ies subscriber-interface group-interface sap eth-cfm squelch-ingress-levels

configure service ipipe sap eth-cfm squelch-ingress-levels

Description

This command defines the levels of the ETH-CFM packets that are silently discarded on ingress into the SAP or SDP binding from the wire that matches the service delineation of the SAP or SDP binding. All ETH-CFM packets inbound to the SAP or SDP binding that match the configured levels are dropped without regard for any other ETH-CFM criteria. No statistical information or drop count is available for any ETH-CFM packet that is silently discarded by this option. The operator must configure a complete contiguous list of md-levels up to the highest level that are to be dropped. The command must be retyped in complete form to modify a previous configuration, if the operator does not want to delete it first. Entering the command with no associated md-level information is equivalent to the no version of the command.

The no form of this command removes the silent discarding of previously matching ETH-CFM PDUs.

Default

no squelch-ingress-levels

Parameters

md-level

Identifies the level

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vpls mesh-sdp eth-cfm squelch-ingress-levels
  • configure service epipe sap eth-cfm squelch-ingress-levels
  • configure service epipe spoke-sdp eth-cfm squelch-ingress-levels
  • configure service vpls spoke-sdp eth-cfm squelch-ingress-levels
  • configure service ies interface spoke-sdp eth-cfm squelch-ingress-levels
  • configure service ies interface sap eth-cfm squelch-ingress-levels
  • configure service ipipe sap eth-cfm squelch-ingress-levels
  • configure service vprn interface sap eth-cfm squelch-ingress-levels
  • configure service vprn interface spoke-sdp eth-cfm squelch-ingress-levels
  • configure service vpls sap eth-cfm squelch-ingress-levels
  • configure service template vpls-sap-template eth-cfm squelch-ingress-levels

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm squelch-ingress-levels
  • configure service ies subscriber-interface group-interface sap eth-cfm squelch-ingress-levels

sr-isis

sr-isis

Syntax

[no] sr-isis

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-isis

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-isis

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-isis

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-isis

Description

This command selects the Segment Routing (SR) tunnel type programed by an IS-IS instance in TTM.

When the sr-isis value (or sr-ospf) is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPF) instance.

The no form of this command disables the SR-ISIS setting for the auto-bind tunnel.

Default

no sr-isis

Platforms

All

sr-isis

Syntax

[no] sr-isis

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter sr-isis)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter sr-isis

Description

This command enables the use of SR-ISIS sourced tunnel entries in the TTM to resolve the associated static route next hop.

Default

no sr-isis

Platforms

All

sr-isis

Syntax

[no] sr-isis

Context

[Tree] (config>service>sdp sr-isis)

Full Context

configure service sdp sr-isis

Description

This command configures an MPLS SDP of LSP type ISIS Segment Routing. The SDP of LSP type sr-isis can be used with the far-end option. The signaling protocol for the service labels for an SDP using an SR tunnel can be configured to static (off), T-LDP (tldp), or BGP (bgp).

Platforms

All

sr-isis

Syntax

[no] sr-isis

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-isis)

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-isis)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-isis

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-isis

Description

This command selects the Segment Routing (SR) tunnel type programmed by an IS-IS instance in TTM for next-hop resolution of BGP routes and labeled routes. This option allows BGP to use the segment- routing tunnel in the tunnel table submitted by the lowest preference IS-IS instance or, in case of a tie, the lowest numbered IS-IS instance.

Platforms

All

sr-isis

Syntax

[no] sr-isis

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-isis)

Full Context

configure oam-pm session ip tunnel mpls sr-isis

Description

This command configures the specification of sr-isis specific tunnel information that is used to transport the test packets. Entering this context removes all other tunnel type options configured under the configure oam-pm session ip tunnel mpls context. Only a single mpls type can be configured for an OAM-PM session.

The no form of this command deletes the context and all configurations under it.

Parameters

ipv4-address

Specifies IPv4 address.

Values

ipv4-address: a.b.c.d (host bits must be 0)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sr-isis

Syntax

sr-isis

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-isis)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-isis

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

sr-label-index

sr-label-index

Syntax

sr-label-index {value | param-name} [prefer-igp]

no sr-label-index

Context

[Tree] (config>router>policy-options>policy-statement>default-action sr-label-index)

[Tree] (config>router>policy-options>policy-statement>entry>action sr-label-index)

Full Context

configure router policy-options policy-statement default-action sr-label-index

configure router policy-options policy-statement entry action sr-label-index

Description

This command associates a BGP segment-routing label index value with all /32 BGP labeled IPv4 routes matching the entry or policy default-action.

Note:

Avoid using this action in a policy entry that matches more than one /32 label-ipv4 route, otherwise SID conflicts are created.

The sr-label-index action only takes effect in BGP peer import policies (and only on received /32 label-ipv4 routes) and in route-table-import policies associated with the label-ipv4 RIB.

The prefer-igp applies only in a route-table-import policy. If prefer-igp is specified and BGP segment-routing uses prefix-sid-range global, then BGP tries, as a first priority, to use the IGP segment routing label index for the IGP route matched by the route-table-import policy. If the IGP route does not have an SID index, or prefer-igp is not configured or prefix-sid-range is not global, BGP tries to use the label index value specified by this command.

When this action occurs in a policy applied as a peer-import policy, it can add a prefix SID attribute to a received /32 label-ipv4 route that was not sent with this attribute, or it can replace the received prefix SID attribute with a new one.

If this command specifies an index value that causes a SID conflict with another BGP route, then all conflicting BGP routes are re-advertised with label values based on dynamic allocation rather than SID-based allocation.

If this command specifies an index value that causes a SID conflict with an IGP route, the BGP route is re-advertised with a label value based on dynamic allocation rather than an SID-based allocation.

The no form of this command causes matched BGP routes to be advertised without any new or changed prefix SID attributes.

Default

no sr-label-index

Parameters

value

Specifies the BGP segment routing label index to associate with the matched route or routes.

Values

0 to 52487

param-name

Specifies the type parameter variable name, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

prefer-igp

A keyword that is applicable only in route-table-import policies, to instruct BGP to borrow the SID index from the IGP route if it has an SID index and the prefix-sid-range is global.

Platforms

All

sr-labels

sr-labels

Syntax

sr-labels start start-value end end-value

no sr-labels

Context

[Tree] (config>router>mpls-labels sr-labels)

Full Context

configure router mpls-labels sr-labels

Description

This command configures the range of the Segment Routing Global Block (SRGB). It is a label block which is used for assigning labels to segment routing prefix SIDs originated by this router. This range is carved from the system dynamic label range and is not instantiated by default.

This is a reserved label and once configured it cannot be used by other protocols such as RSVP, LDP, and BGP to assign a label dynamically.

Default

no sr-labels

Parameters

start-value

Specifies the start label value in the SRGB

Values

18432 to 524287 within dynamic label range | 1048575 (FP4 or FP5 only)

end-value

Specifies the end label value in the SRGB

Values

18432 to 524287 within dynamic label range | 1048575 (FP4 or FP5 only)

Platforms

All

sr-maintenance-policy

sr-maintenance-policy

Syntax

sr-maintenance-policy maintenance-policy-name

no sr-maintenance-policy

Context

[Tree] (config>router>policy-options>policy-statement>default-action sr-maintenance-policy)

[Tree] (config>router>policy-options>policy-statement>entry>action sr-maintenance-policy)

Full Context

configure router policy-options policy-statement default-action sr-maintenance-policy

configure router policy-options policy-statement entry action sr-maintenance-policy

Description

This command applies a named segment routing maintenance policy to the matching routes. It is only used for SR policy routes. The named policy must exist under the config>router>segment-routing context.

The no form of this command removes the specified maintenance policy.

Parameters

maintenance-policy-name

Specifies the name of the maintenance policy, up to 32 characters and cannot start with a space or underscore.

Platforms

All

sr-mpls

sr-mpls

Syntax

sr-mpls

Context

[Tree] (config>router>segment-routing sr-mpls)

Full Context

configure router segment-routing sr-mpls

Description

Commands in this context configure the SR MPLS properties.

Platforms

All

sr-ospf

sr-ospf

Syntax

[no] sr-ospf

Context

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

Full Context

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-ospf

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf

Description

This command selects the Segment Routing (SR) tunnel type programed by an OSPF instance in TTM.

When the sr-ospf (or sr-isis) value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPF) instance.

The no form of this command disables the SR-OSPF setting for the auto-bind tunnel.

Default

no sr-ospf

Platforms

All

sr-ospf

Syntax

[no] sr-ospf

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter sr-ospf)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter sr-ospf

Description

This command enables the use of SR-OSPF sourced tunnel entries in the TTM to resolve the associated static route next hop.

Default

no sr-ospf

Platforms

All

sr-ospf

Syntax

[no] sr-ospf

Context

[Tree] (config>service>sdp sr-ospf)

Full Context

configure service sdp sr-ospf

Description

This command configures an MPLS SDP of LSP type OSPF Segment Routing. The SDP of LSP type sr-ospf can be used with the far-end option. The signaling protocol for the service labels for an SDP using an SR tunnel can be configured to static (off), T-LDP (tldp), or BGP (bgp).

Platforms

All

sr-ospf

Syntax

[no] sr-ospf

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-ospf)

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-ospf)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-ospf

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-ospf

Description

This command selects the Segment Routing (SR) tunnel type programmed by an OSPF instance in TTM for next-hop resolution of BGP routes and labeled routes. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference OSPF instance or, in case of a tie, the lowest numbered OSPF instance.

The no form of this command disables the use of SR-OSPF tunneling for next-hop resolution.

Platforms

All

sr-ospf

Syntax

[no] sr-ospf

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-ospf)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf

Description

This commmand configures the specification of sr-ospfv3 specific tunnel information that is used to transport the test packets. Entering this context removes all other tunnel type options configured under the configure oam-pm session ip tunnel mpls context. Only a single mpls type can be configured for an OAM-PM session.

The no form of this command deletes the context and all configurations under it.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sr-ospf

Syntax

sr-ospf

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-ospf)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-ospf

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

sr-ospf3

sr-ospf3

Syntax

[no] sr-ospf3

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-ospf3

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf3

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf3

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf3

Description

This command selects the Segment Routing (SR) tunnel type programed by an OSPFv3 instance in TTM.

When the sr-ospf3 (or sr-isis) command is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPFv3) instance.

The no form of this command disables the OSPFv3 setting for the auto-bind tunnel.

Default

no sr-ospf3

Platforms

All

sr-ospf3

Syntax

[no] sr-ospf3

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-ospf3)

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-ospf3)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-ospf3

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-ospf3

Description

This command selects the IPv6 segment routing tunnel type programmed by an OSPFv3 instance in the TTMv6 for next-hop resolution of BGP routes and labeled routes. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference OSPFv3 instance or, in case of a tie, the lowest-numbered OSPFv3 instance.

The no form of this command disables the use of SR-OSPF3 for next-hop resolution.

Default

no sr-ospf3

Platforms

All

sr-ospf3

Syntax

[no] sr-ospf3

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-ospf3)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf3

Description

Commands in this context configure the SR-OSPFv3 feature and sr-ospfv3 packet tunneling options for the session. Enabling this context removes all tunnel type options configured under the configure oam-pm session ip tunnel mpls context.

The no form of this command deletes the context and all configurations under it.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sr-ospf3

Syntax

sr-ospf3

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-ospf3)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-ospf3

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

sr-policies

sr-policies

Syntax

sr-policies

Context

[Tree] (config>router>segment-routing sr-policies)

Full Context

configure router segment-routing sr-policies

Description

This command creates the context to configure segment routing policies. A segment routing policy specifies traffic to be matched by the policy and actions to take on the matched traffic by applying the instructions encoded in one or more segment lists.

Platforms

All

sr-policy

sr-policy

Syntax

[no] sr-policy

Context

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

Full Context

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-policy

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-policy

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-policy

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-policy

Description

This command selects the tunnel type for the SR policy.

The sr-policy value instructs BGP to search for an SR policy with a non-null endpoint and color value that matches the BGP next hop and color extended community value of the EVPN route.

The no form of this command disables the SR policy setting for the auto-bind tunnel.

Default

no sr-policy

Platforms

All

sr-policy

Syntax

sr-policy

sr-policy color color-id endpoint ip-address

Context

[Tree] (config>saa>test>type-multi-line>lsp-trace sr-policy)

[Tree] (config>saa>test>type-multi-line>lsp-ping sr-policy)

Full Context

configure saa test type-multi-line lsp-trace sr-policy

configure saa test type-multi-line lsp-ping sr-policy

Description

This command configures the SR policy target FEC.

Note:

The sr-policy target FEC type is supported under the OAM context and under type-multi-line node in the SAA context.

Parameters

color color

Specifies the color ID.

Values

0 to 4294967295

endpoint ip-address

Specifies the endpoint address.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

sr-policy

Syntax

sr-policy

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-policy)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-policy

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

sr-policy-import

sr-policy-import

Syntax

[no] sr-policy-import

Context

[Tree] (config>router>bgp sr-policy-import)

Full Context

configure router bgp sr-policy-import

Description

This command instructs BGP to import all statically-configured non-local segment routing policies from the segment routing DB into the BGP RIB so that they can be advertised, as originated routes, towards BGP peers supporting the sr-policy-ipv4 address family.

The no form of this command instructs BGP to not import any statically defined segment routing policies into BGP.

Default

no sr-policy-import

Platforms

All

sr-te

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

Full Context

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-te

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-te

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-te

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-te

Description

This command selects the Segment Routing (SR) Traffic Engineered (SR-TE) LSP programmed in TTM.

The sr-te value instructs the system to search for the best metric SR-TE LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel ID.

The no form of this command disables the SR-TE LSP setting for the auto-bind tunnel.

Default

no sr-te

Platforms

All

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>router>mpls>pce-initiated-lsp sr-te)

Full Context

configure router mpls pce-initiated-lsp sr-te

Description

This command enables support for SR-TE PCE-initiated LSPs.

The no form of this command removes SR-TE PCE-initiated LSP support. All PCE-initiated SR-TE LSPs are deleted.

Platforms

All

sr-te

Syntax

sr-te value

no sr-te

Context

[Tree] (config>router>mpls>tunnel-table-pref sr-te)

Full Context

configure router mpls tunnel-table-pref sr-te

Description

This command configures the tunnel table preference for an SR-TE LSP tunnel type away from its default value.

The tunnel table preference applies to the next-hop resolution of BGP routes of the following families: EVPN, IPv4, IPv6, VPN-IPv4, VPN-IPv6, label-IPv4, and label-IPv6 in the tunnel table.

This feature does not apply to a VPRN, VPLS, or VLL service with explicit binding to an SDP that enabled the mixed-lsp-mode option. The tunnel preference in such an SDP is fixed and is controlled by the service manager. The configuration of the tunnel table preference parameter does not modify the behavior of such an SDP and the services that bind to it.

It is recommended to not set two or more tunnel types to the same preference value. In such a situation, the tunnel table prefers the tunnel type which was first introduced in SR OS implementation historically.

The no form of this command reverts to the default value.

Default

sr-te 8

Parameters

value

Specifies the tunnel table preference value for SR-TE LSP.

Values

1 to 255

Default

8

Platforms

All

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter sr-te)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter sr-te

Description

The sr-te value instructs the code to search for the set of lowest metric SR-TE LSPs to the address of the indirect next-hop. The LSP metric is provided by MPLS in the tunnel table. The static route treats a set of SR-TE LSPs with the same lowest metric as an ECMP set. The user has the option of configuring a list of SR-TE LSP names to be used exclusively instead of searching in the tunnel table. In that case, all LSPs must have the same LSP metric in order for the static route to use them as an ECMP set. Otherwise, only the LSPs with the lowest common metric value are selected.

Default

no sr-te

Platforms

All

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-te)

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-te)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-te

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-te

Description

This command selects the Segment Routing (SR) tunnel type programmed by a traffic engineered (TE) instance in TTM for next-hop resolution. In the case of multiple SR-TE tunnels with the same lowest metric, BGP selects the tunnel with the lowest tunnel ID.

Platforms

All

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>router>isis>igp-shortcut>tunnel-next-hop>family sr-te)

Full Context

configure router isis igp-shortcut tunnel-next-hop family sr-te

Description

This command selects the SR-TE tunnel type in the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

Platforms

All

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>router>ospf>igp-shortcut>tunnel-next-hop>family sr-te)

[Tree] (config>router>ospf3>igp-shortcut>tunnel-next-hop>family sr-te)

Full Context

configure router ospf igp-shortcut tunnel-next-hop family sr-te

configure router ospf3 igp-shortcut tunnel-next-hop family sr-te

Description

This command selects the SR-TE tunnel type in the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

Platforms

All

sr-te

Syntax

sr-te {legacy | application-specific-link-attributes}

no sr-te

Context

[Tree] (config>router>ospf>traffic-engineering-options sr-te)

Full Context

configure router ospf traffic-engineering-options sr-te

Description

This command configures the advertisement of TE attributes of each link on a per-application basis. Two applications are supported in SR OS: RSVP-TE and SR-TE. Although the legacy mode of advertising TE attributes is supported, additional configurations are possible.

The no form of this command deletes the context.

Default

no sr-te

Parameters

legacy

Advertises the TE attributes for MPLS-enabled SR links using TE Opaque LSAs.

Note:

Do not configure the legacy mode if the network has both RSVP-TE and SR-TE attributes and the links are not congruent.

application-specific-link-attributes

Advertises TE information for MPLS-enabled SR links using the new Application Specific Link Attributes (ASLA) TLVs.

Platforms

All

sr-te

Syntax

[no] sr-te

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-te)

Full Context

configure oam-pm session ip tunnel mpls sr-te

Description

This command configures specification of SR-TE specific tunnel information that is used to transport the test packets. Entering this context removes all other tunnel type options configured under the configure oam-pm session ip tunnel mpls context. Only a single mpls type can be configured for an OAM-PM session.

The no form of this command removes the SR-TE LSP name from the configuration.

Default

no override

Parameters

tcp-port

Specifies the source TCP port to be used in the test TCP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sr-te

Syntax

sr-te

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-te)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-te

Description

Note: This command is no longer supported and will be removed in a future release.

Platforms

All

sr-te-lsp

sr-te-lsp

Syntax

[no] sr-te-lsp lsp-name

Context

[Tree] (config>service>sdp sr-te-lsp)

Full Context

configure service sdp sr-te-lsp

Description

This command configures an MPLS SDP of LSP type SR-TE.

The user can specify up to 16 SR-TE LSP names. The destination address of all LSPs must match that of the SDP far-end option. Service data packets are sprayed over the set of LSPs in the SDP using the same procedures as for tunnel selection in ECMP. Each SR-TE LSP can, however, have up to 32 next-hops at the ingress LER when the first segment is a node SID-based SR tunnel. Thus, the service data packet is forwarded over one of a maximum of 16x32 next-hops.

The tunnel-far-end option is not supported. In addition, the mixed-lsp-mode option does not support the sr-te tunnel type.

The signaling protocol for the service labels for an SDP using a SR-TE LSP can be configured to static (off), T-LDP (tldp), or BGP (bgp).

Platforms

All

sr-te-resignal

sr-te-resignal

Syntax

sr-te-resignal

Context

[Tree] (config>router>mpls sr-te-resignal)

Full Context

configure router mpls sr-te-resignal

Description

Commands in this context configure the re-optimization parameters of SR-TE LSPs.

Platforms

All

src-access-list

src-access-list

Syntax

src-access-list list-name

no src-access-list list-name

Context

[Tree] (config>system>security>snmp src-access-list)

Full Context

configure system security snmp src-access-list

Description

This command is used to identify a list of source IP addresses that can be used to validate SNMPv1 and SNMPv2c requests once the list is associated with one or more SNMPv1 and SNMPv2c communities.

An src-address-list referenced by one or more community instances is used to verify the source IP addresses of an SNMP request using the community regardless of which VPRN/VRF interface (or "Base” interface) the request arrived on. For example, if an SNMP request arrives on an interface in vprn 100 but the request is referencing a community, then the source IP address in the packet would be validated against the src-address-list configured for the community. This occurs regardless of whether the request is destined to a VPRN interface address and the VPRN has SNMP access enabled, or the request is destined to the base system address via GRT leaking. If the request message’s source IP address does not match the ip-address of any of the src-hosts contained in the list, then the request is discarded and logged as an SNMP authentication failure.

Using src-access-list validation can have an impact on the time it takes for an SR OS node to reply to an SNMP request. It is recommended to keep the lists short, including only the addresses that are needed, and to place SNMP managers that send the highest volume of requests, such as the NSP NFM-P, at the top of the list.

A maximum of 16 source access lists can be configured. Each source access lists can contain a maximum of 16 source hosts.

The no form of this command removes the named src-access-list. You cannot remove an src-access-list that is referenced by one or more community instances.

Parameters

list-name

Configures the name or key of the src-access-list. The list-name parameter must begin with a letter (a-z or A-Z).

Platforms

All

src-gsn

src-gsn

Syntax

src-gsn ip address

src-gsn ip-prefix-list ip-prefix-list-name

no src-gsn

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr>entry src-gsn)

Full Context

configure application-assurance group gtp gtp-filter imsi-apn-filter entry src-gsn

Description

This command configures a matching condition for the GSN IP address. The IP address value is checked only against the source IP address of the GTP packets that contain an APN IE or an IMSI IE.

Parameters

ip address

Specifies a valid unicast address associated with the IMSI-APN filter entry.

Values

ipv4-address

a.b.c.d[/mask]

mask - [1..32]

ipv6-address

x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

ip-prefix-list-name

Specifies an IP address prefix list for the source IP address match criteria, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-host

src-host

Syntax

src-host host-name address ip-address

no src-host host-name

Context

[Tree] (config>system>security>snmp>src-access-list src-host)

Full Context

configure system security snmp src-access-list src-host

Description

This command is used to configure a source IP address entry that can be used to validate SNMPv1 and SNMPv2c requests.

The no form of this command removes the specified entry.

Parameters

host-name

Configures the name of the src-host entry.

ip-address

Configures an allowed source address for SNMP requests. This can be an IPv4 or IPv6 address.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

Platforms

All

src-ip

src-ip

Syntax

src-ip {ip-address/mask | ip-address netmask}

src-ip {ipv6-address | prefix-length}

no src-ip

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match src-ip)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match src-ip)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match src-ip

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match src-ip

Description

This command configures the source IP match condition.

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the IPv6 address (applies only to the 7750 SR).

Values

ipv6-address

x:x:x:x:x:x:x:x (where x is [0 to FFFF]H)

x:x:x:x:x:x:d.d.d.d (where d is [0 to 255]D)

prefix-length

Specifies the prefix length (applies only to the 7750 SR).

Values

1 to 128

ip-address/mask

Specifies the IPv4 address and mask.

Values

ip-address a.b.c.d

mask 0 to 32

netmask

Specifies the mask, expressed as a dotted quad.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

src-ip

Syntax

src-ip ip-address

no src-ip

Context

[Tree] (config>redundancy>mc>peer>mc>l3-ring>connectivity-verify src-ip)

Full Context

configure redundancy multi-chassis peer multi-chassis l3-ring connectivity-verify src-ip

Description

This command specifies the source IP address used in ring-node connectivity verification of this ring node.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the source IP address used in ring-node connectivity verification of this ring node.

src-ip

Syntax

src-ip ip-address

no src-ip

Context

[Tree] (config>redundancy>mc>peer>mcr>node>cv src-ip)

Full Context

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify src-ip

Description

This command specifies the source IP address used in the ring-node connectivity verification of this ring node.

Default

no src-ip

Parameters

ip-address

Specifies the source IP address.

Values

a.b.c.d (no multicast address)

Platforms

All

src-ip

Syntax

src-ip {eq | neq} ip-address

src-ip {eq | neq} ip-prefix-list ip-prefix-list-name

no src-ip

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match src-ip)

Full Context

configure application-assurance group policy app-qos-policy entry match src-ip

Description

This command specifies a source TCP/UDP address to use as match criteria.

Default

no src-ip

Parameters

eq

Specifies that a successful match occurs when the flow matches the specified address or prefix.

neq

Specifies that a successful match occurs when the flow does not match the specified address or prefix.

ip-address

Specifies a valid unicast address.

Values

ipv4-address

a.b.c.d[/mask]

mask - [1..32]

ipv6-address

x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

ip-prefix-list-name

Specifies an IP prefix list name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-ip

Syntax

src-ip ip-address

src-ip ip-prefix-list ip-prefix-list-name

no src-ip

Context

[Tree] (config>app-assure>group>sess-fltr>entry>match src-ip)

Full Context

configure application-assurance group session-filter entry match src-ip

Description

This command specifies a source TCP/UDP address to use as match criteria.

Default

no src-ip

Parameters

ip-address

Specifies a valid unicast address.

Values

ipv4-address

a.b.c.d[/mask]

mask - [1..32]

ipv6-address

x:x:x:x:x:x:x:x/prefix-length

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length [1..128]

ip-prefix-list-name

Specifies an IP prefix list name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-ip

Syntax

src-ip {eq | neq} ip-address

no src-ip

Context

[Tree] (debug>app-assure>group>traffic-capture>match src-ip)

Full Context

debug application-assurance group traffic-capture match src-ip

Description

This command configures debugging on a source IP address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-ip

Syntax

src-ip {ip-address/mask | ip-address ipv4-address-mask}

Context

[Tree] (config>li>li-filter>li-ip-filter>entry>match src-ip)

Full Context

configure li li-filter li-ip-filter entry match src-ip

Description

This command configures source IP address LI filter match criterion.

The no form of this command removes any configured source IP. The match criterion is ignored.

Parameters

ip-address

Specifies an address specified as dotted quad.

Values

a.b.c.d

mask

Specifies eight 16-bit hexadecimal pieces representing bit match criteria.

Values

1 to 32

ipv4-address-mask

Any mask expressed in dotted quad notation.

Values

0.0.0.0 to 255.255.255.255

Platforms

All

src-ip

Syntax

src-ip {ipv6-address/prefix-length | ipv6-address ipv6-address-mask}

no src-ip

Context

[Tree] (config>li>li-filter>li-ipv6-filter>entry>match src-ip)

Full Context

configure li li-filter li-ipv6-filter entry match src-ip

Description

This command configures source IPv6 address LI filter match criterion.

The no form of this command removes any configured source IPv6 address. The match criterion is ignored.

Parameters

ipv6-address

Specifies an IPv6 address entered as:.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

prefix-length

Specifies a length.

Values

1 to 128

ipv6-address-mask

Specifies an IPv6 address mask expressed as:

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

src-ip

Syntax

src-ip {ip-address/mask | ip-address [ipv4-address-mask] | ip-prefix-list prefix-list-name}

no src-ip

Context

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match src-ip)

[Tree] (config>qos>sap-egress>ip-criteria>entry>match src-ip)

Full Context

configure qos sap-ingress ip-criteria entry match src-ip

configure qos sap-egress ip-criteria entry match src-ip

Description

This command configures a source IPv4 address range to be used as an SAP QoS policy match criterion.

To match on the source IPv4 or IPv6 address, specify the address and its associated mask, e.g. 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 can also be used for IPv4.

The no form of this command removes the source IPv4 or IPv6 address match criterion.

Default

no src-ip

Parameters

ip-address

Specifies the source IPv4 address specified in dotted decimal notation.

Values

ip-address: a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

prefix-list-name

Specifies the IPv4 prefix list name, a string of up to 32 printable ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

src-ip

Syntax

src-ip {ipv6-address/prefix-length | ipv6-address ipv6-address-mask | ipv6-prefix-list ipv6-prefix-list-name}

no src-ip

Context

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match src-ip)

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match src-ip)

Full Context

configure qos sap-egress ipv6-criteria entry match src-ip

configure qos sap-ingress ipv6-criteria entry match src-ip

Description

This command configures a source IPv6 address range to be used as an SAP QoS policy match criterion.

To match on the source IPv6 address, specify the address and its associated mask, for example, 2001:db8:1000::/64.

The no form of this command removes the source IPv6 address match criterion.

Default

no src-ip

Parameters

ipv6-address

Specifies the IPv6 address for the IP match criterion in hexadecimal digits.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D

prefix-length

Specifies the IPv6 prefix length for the IPv6 address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies the IPv6 address mask.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-list-name

Specifies the IPv6 prefix list name, a string of up to 32 printable ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

src-ip

Syntax

src-ip {ip-address/mask | ip-address ipv4-address-mask | ip-prefix-list ip-prefix-list-name}

src-ip {ipv6-address/mask | ipv6-address ipv6-address-mask | ipv6-prefix-list ipv6-prefix-list-name}

no src-ip

Context

[Tree] (config>qos>network>egress>ip-criteria>entry>match src-ip)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match src-ip)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match src-ip)

[Tree] (config>qos>network>ingress>ip-criteria>entry>match src-ip)

Full Context

configure qos network egress ip-criteria entry match src-ip

configure qos network ingress ipv6-criteria entry match src-ip

configure qos network egress ipv6-criteria entry match src-ip

configure qos network ingress ip-criteria entry match src-ip

Description

This command configures a source IPv4 or IPv6 address range to be used as a network QoS policy match criterion.

To match on the source IPv4 or IPv6 address, specify the address and its associated mask, for example, when specifying an IPv4 address, 10.1.0.0/16 or 10.1.0.0 255.255.0.0 can be used.

The no form of this command removes the source IPv4 or IPv6 address match criterion.

Parameters

ip-address

Specifies the source IPv4 address specified in dotted decimal notation.

Values

ip-address: a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

ip-prefix-list-name

Specifies an IPv4 prefix list which contains IPv4 address prefixes to be matched. IP prefix lists are only supported at a network ingress.

Values

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

ipv6-address

Specifies the IPv6 prefix for the IP match criterion in hex digits.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

mask

Specifies the length of the ipv6-address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies the eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x (eight 16-bit pieces)

ipv6-prefix-list-name

Specifies an IPv6 prefix list which contains IPv6 address prefixes to be matched. IPv6 prefix lists are only supported at a network ingress.

Values

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

All

src-ip

Syntax

IPv4:

src-ip {ip-address/mask | ip-address ipv4-address-mask | ip-prefix-list prefix-list-name}

IPv6:

src-ip {ipv6-address/prefix-length | ipv6-address ipv6-address-mask | ipv6-prefix-list prefix-list-name}

no src-ip

Context

[Tree] (config>filter>ip-exception>entry>match src-ip)

[Tree] (config>filter>ipv6-exception>entry>match src-ip)

[Tree] (config>filter>ipv6-filter>entry>match src-ip)

Full Context

configure filter ip-exception entry match src-ip

configure filter ipv6-exception entry match src-ip

configure filter ipv6-filter entry match src-ip

Description

This command configures a source IPv4 or IPv6 address range to be used as an IP filter or IP exception match criterion.

To match on the source IPv4 or IPv6 address, specify the address and its associated mask, for example, 10.1.0.0/16 for IPv4. The conventional notation of 10.1.0.0 255.255.0.0 may also be used for IPv4.

The no form of the command removes the source IP address match criterion.

Default

no src-ip

Parameters

ip-address

Specifies the destination IPv4 address specified in dotted decimal notation.

Values

a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

ip-prefix-listoripv6-prefix-list prefix-list-name

Specifies to use a list of IP prefixes referred to by prefix-list-name, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

ipv6-address

Specifies an IPv6 prefix for the IP match criterion in hex digits.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

prefix-length

Specifies whether a the IPv6 prefix length for the specified ipv6-address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

Platforms

VSR

  • configure filter ipv6-exception entry match src-ip
  • configure filter ip-exception entry match src-ip

All

  • configure filter ipv6-filter entry match src-ip

src-ip

Syntax

src-ip ip-prefix[/mask] [netmask]

src-ip ip-prefix-list ip-prefix-list-name

no src-ip

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry src-ip)

Full Context

configure system security management-access-filter ip-filter entry src-ip

Description

This command configures a source IP address range or an IP prefix list to be used as a management access filter match criterion.

The no form of this command removes the source IP address match criterion.

Default

no src-ip

Parameters

ip-prefix

Specifies the IP prefix for the IP match criterion in dotted decimal notation.

mask

Specifies the subnet mask length expressed as a decimal integer.

Values

1 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

netmask

Specifies the dotted quad equivalent of the mask length.

Values

0.0.0.0 to 255.255.255.255

ip-prefix-list-name

Specifies the IP prefix list used as a match criterion for the source IP address. It is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes .

Platforms

All

src-ip

Syntax

src-ip ipv6-address/prefix-length

src-ip ipv6-prefix-list ipv6-prefix-list-name

no src-ip

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry src-ip)

Full Context

configure system security management-access-filter ipv6-filter entry src-ip

Description

This command configures a source IPv6 address range or an IPv6 prefix list to be used as a management access filter match criterion. This command only applies to the 7750 SR and 7950 XRS.

The no form of this command removes the source IPv6 address match criterion.

Default

no src-ip

Parameters

ipv6-address/prefix-length

Specifies the IPv6 address for the IPv6 match criterion in dotted decimal notation. An IPv6 IP address is written as eight 4-digit (16-bit) hexadecimal numbers separated by colons. One string of zeros per address can be left out, so that 2001:db8::0:217A is the same as 2001:db8:0:0:0:0:0:217A.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

prefix-length

1 to 128

ipv6-prefix-list-name

Specifies the IPv6 prefix list used a match criterion for the source IP address. It is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes .

Platforms

All

src-ip

Syntax

src-ip [ipv6-address/ prefix-length | ip-prefix-list prefix-list-name]

no src-ip

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match src-ip)

Full Context

configure system security cpm-filter ip-filter entry match src-ip

Description

This command specifies the IP address to match the source IP address of the packet.

To match on the source IP address, specify the address and its associated mask, such as 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.

The no form of this command removes the source IP address match criterion.

Default

no src-ip

Parameters

ipv6-address/prefix-length

Specifies the IP address for the match criterion in dotted decimal notation. An IP address is written as eight 4-digit (16-bit) hexadecimal numbers separated by colons. One string of zeros per address can be left out, so that 2001:db8::0:217A is the same as 2001:db8:0:0:0:0:0:217A.

Values

ipv4-address

a.b.c.d (host bits must be 0)

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface: 32 characters maximum, mandatory for link local addresses

prefix-length

1 to 128

ip-prefix-list

Creates a list of IPv4 prefixes for match criteria in IPv4 ACL and CPM filter policies.

ip-prefix-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-ip

Syntax

src-ip [ip-address/mask | ipv6-prefix-list ipv6-prefix-list-name]

no src-ip

Context

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match src-ip)

Full Context

configure system security cpm-filter ipv6-filter entry match src-ip

Description

This command specifies the IPv6 address to match the source IPv6 address of the packet.

To match on the source IP address, specify the address and its associated mask, such as 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.

The no form of this command removes the source IP address match criterion.

This command only applies to the 7750 SR and 7950 XRS.

Default

no src-ip

Parameters

ip-address/mask

Specifies the IP address for the match criterion in dotted decimal notation. An IP address is written as eight 4-digit (16-bit) hexadecimal numbers separated by colons. One string of zeros per address can be left out, so that 2001:db8::0:217A is the same as 2001:db8:0:0:0:0:0:217A.

Values

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface: 32 characters maximum, mandatory for link local addresses

mask:

Specifies eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x (eight 16-bit pieces)

ipv6-prefix-list

Creates a list of IPv6 prefixes for match criteria in IPv6 ACL and CPM filter policies.

ipv6-prefix-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-ip-address

src-ip-address

Syntax

src-ip-address ip-address

no src-ip-address

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy src-ip-address)

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy src-ip-address)

[Tree] (config>saa>test>type-multi-line>lsp-ping src-ip-address)

Full Context

configure saa test type-multi-line lsp-ping sr-policy src-ip-address

configure saa test type-multi-line lsp-trace sr-policy src-ip-address

configure saa test type-multi-line lsp-ping src-ip-address

Description

This command configures the source IP address. This option is used when an OAM packet must be generated from a different address than the node’s system interface address. For example, when the OAM packet is sent over an LDP LSP and the LDP LSR-ID of the corresponding LDP session to the next hop is set to an address other than the system interface address.

The no form of this command removes the configuration.

Parameters

ip-address

Specifies the source IP address.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

src-ipv4-address

src-ipv4-address

Syntax

src-ipv4-address a.b.c.d

no src-ipv4-address

Context

[Tree] (config>test-oam>build-packet>header>ipv4 src-ipv4-address)

[Tree] (debug>oam>build-packet>packet>field-override>header>ipv4 src-ipv4-address)

Full Context

configure test-oam build-packet header ipv4 src-ipv4-address

debug oam build-packet packet field-override header ipv4 src-ipv4-address

Description

This command defines the source IPv4 address to be used in the IPv4 header.

The no form of this command removes the source IPv4 address.

Default

src-ipv4-address 0.0.0.0

Parameters

a.b.c.d

Specifies the IPv4 source address to be used in the IPv4 header.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-ipv6-address

src-ipv6-address

Syntax

src-ipv6-address ipv6-address

no src-ipv6-address

Context

[Tree] (config>test-oam>build-packet>header>ipv6 src-ipv6-address)

[Tree] (debug>oam>build-packet>packet>field-override>header>ipv6 src-ipv6-address)

Full Context

configure test-oam build-packet header ipv6 src-ipv6-address

debug oam build-packet packet field-override header ipv6 src-ipv6-address

Description

This command defines the source IPv6 address to be used in the IPv6 header.

The no form of the removes the source IPv6 address.

Parameters

ipv6-address

Specifies the IPv6 source address to be used in the IPv6 header.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

0 to FFFF]H

d:

[0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-mac

src-mac

Syntax

src-mac ieee-address

no src-mac

Context

[Tree] (config>redundancy>mc>peer>mc>l3-ring>connectivity-verify src-mac)

Full Context

configure redundancy multi-chassis peer multi-chassis l3-ring connectivity-verify src-mac

Description

This command specifies the source MAC address used for the Ring-Node Connectivity Verification of this ring node.

If all zeros are specified, then the MAC address of the system management processor (CPM) is used.

The no form of this command reverts to the default.

Parameters

ieee-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

src-mac

Syntax

src-mac ieee-address

no src-mac

Context

[Tree] (config>redundancy>mc>peer>mcr>node>cv src-mac)

Full Context

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify src-mac

Description

This command specifies the source MAC address used for the Ring-Node Connectivity Verification of this ring node.

A value of all zeros (000000000000 H (0:0:0:0:0:0)) specifies that the MAC address of the system management processor (CPM) is used.

Default

no src-mac

Parameters

ieee-address

Specifies the source MAC address.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

Platforms

All

src-mac

Syntax

src-mac ieee-address [ieee-address-mask]

no src-mac

Context

[Tree] (config>li>li-filter>li-mac-filter>entry>match src-mac)

Full Context

configure li li-filter li-mac-filter entry match src-mac

Description

This command configures a source MAC address or range to be used as a MAC filter match criterion.

The no form of this command removes the source mac as the match criteria.

Parameters

ieee-address

Specifies the 48-bit IEEE mac address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

Specifies a 48-bit mask that can be configured using the following formats.

Format Style

Format Syntax

Example

Decimal

DDDDDDDDDDDDDD

281474959933440

Hexadecimal

0xHHHHHHHHHHHH

0x0FFFFF000000

Binary

0bBBBBBBB...B

0b11110000...B

To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000

Default

0xFFFFFFFFFFFF (exact match)

Values

0x00000000000000 to 0xFFFFFFFFFFFF

Platforms

All

src-mac

Syntax

src-mac ieee-address [ieee-address-mask]

no src-mac

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match src-mac)

Full Context

configure qos sap-ingress mac-criteria entry match src-mac

Description

This command configures a source MAC address or range to be used as a service ingress QoS policy match criterion.

The no form of this command removes the source mac as the match criteria.

Default

no src-mac

Parameters

ieee-address

Enter the 48-bit IEEE MAC address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

This 48-bit mask can be configured using the following formats:

Format Style

Format Syntax

Example

Decimal

DDDDDDDDDDDDDD

281474959933440

Hexadecimal

0xHHHHHHHHHHHH

0x0FFFFF000000

Binary

0bBBBBBBB...B

0b11110000...B

To configure all packets with a source MAC OUI value of 00-03-FA to be subject to a match condition, the entry should be specified as: 003FA000000 0xFFFFFF000000

Values

0x00000000000000 to 0xFFFFFFFFFFFF (hex)

Default

0xFFFFFFFFFFFF (hex) (exact match)

Platforms

All

src-mac

Syntax

src-mac ieee-address [ieee-address-mask]

no src-mac

Context

[Tree] (config>filter>mac-filter>entry>match src-mac)

[Tree] (config>filter>ip-filter>entry>match src-mac)

[Tree] (config>filter>ipv6-filter>entry>match src-mac)

Full Context

configure filter mac-filter entry match src-mac

configure filter ip-filter entry match src-mac

configure filter ipv6-filter entry match src-mac

Description

Configures a source MAC address or range to be used as a MAC filter match criterion.

The no form of the command removes the source mac as the match criteria.

Default

no src-mac

Parameters

ieee-address

Specifies the 48-bit IEEE MAC address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit; both upper and lower case are supported.

ieee-address-mask

Specifies the 48-bit mask to match a range of MAC address values.

To configure so that all packets with a source MAC OUI value of 00:03:FA are subject to a match condition then the entry should be specified as: 00:03:FA:00:00:00 FF:FF:FF:00:00:00

Default

ff:ff:ff:ff:ff:ff (exact match)

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is an hexadecimal digit; both upper and lower case are supported.

Platforms

All

src-mac

Syntax

src-mac ieee-address [ieee-address-mask]

no src-mac

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match src-mac)

Full Context

configure system security management-access-filter mac-filter entry match src-mac

Description

This command configures a source MAC address or range to be used as a MAC filter match criterion.

The no form of this command removes the source mac as the match criteria.

Default

no src-mac

Parameters

ieee-address

Specifies the 48-bit IEEE mac address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

Specifies a 48-bit mask that can be configured using the formats listed in ieee-address-mask Formats:

Table 8. ieee-address-mask Formats

Format Style

Format Syntax

Example

Decimal

DDDDDDDDDDDDDD

281474959933440

Hexadecimal

0xHHHHHHHHHHHH

0x0FFFFF000000

Binary

0bBBBBBBB...B

0b11110000...B

To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000

Default

0xFFFFFFFFFFFF (exact match)

Values

0x00000000000000 to 0xFFFFFFFFFFFF

Platforms

All

src-mac-address

src-mac-address

Syntax

src-mac-address ieee-address

no src-mac-address

Context

[Tree] (config>test-oam>build-packet>header>ethernet src-mac-address)

[Tree] (debug>oam>build-packet>packet>field-override>header>ethernet src-mac-address)

Full Context

configure test-oam build-packet header ethernet src-mac-address

debug oam build-packet packet field-override header ethernet src-mac-address

Description

This command defines the source MAC address for the Ethernet header.

The no form of this command deletes the configured MAC address.

Default

no override

Parameters

ieee-address

Specifies the source Ethernet MAC address to be used in the Ethernet header. Specifies the 48-bit MAC address.

Values

xx:xx:xx:xx:xx:xx

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-port

src-port

Syntax

src-port {lt | gt | eq} src-port-number

src-port range start end

no src-port

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match src-port)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match src-port)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match src-port)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match src-port)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match src-port

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match src-port

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match src-port

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match src-port

Description

This command configures the source port match condition.

The no form of this command reverts to the default.

Parameters

lt | gt | eq

Specifies the operators.

src-port-number

Specifies the source port number as a decimal hex or binary.

Values

0 to 65535

dst-port-number

Specifies the destination port number as a decimal hex or binary.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

src-port

Syntax

src-port {eq | neq} port-num

src-port {eq | neq} port-list port-list-name

src-port {eq | neq} range start-port-num end-port-num

no src-port

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match src-port)

Full Context

configure application-assurance group policy app-qos-policy entry match src-port

Description

This command specifies a source IP port, source port list, or source range to use as match criteria.

The no form of this command removes the parameters from the configuration.

Default

no src-port

Parameters

eq

Specifies that a successful match occurs when the flow matches the specified port.

neq

Specifies that a successful match occurs when the flow does not match the specified port.

port-num

Specifies the source port number.

Values

0 to 65535

start-port-num end-port-num

Specifies the start or end source port number.

Values

0 to 65535

port-list-name

Specifies a named port-list, up to 32 characters, containing a set of ports or ranges of ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-port

Syntax

src-port {eq | gt | lt} port-num

src-port port-list port-list-name

src-port range start-port-num end-port-num

no src-port

Context

[Tree] (config>app-assure>group>sess-fltr>entry>match src-port)

Full Context

configure application-assurance group session-filter entry match src-port

Description

This command specifies a source IP port, source port list, or source range to use as match criteria.

The no form of this command removes the parameters from the configuration.

Default

no src-port

Parameters

eq

Specifies that a successful match occurs when the flow matches the specified port.

gt

Specifies all port numbers greater than the port-number match.

lt

Specifies all port numbers less than the port-number match.

port-num

Specifies the source port number.

Values

0 to 65535

start-port-num end-port-num

Specifies the start or end source port number.

Values

0 to 65535

port-list-name

Specifies a named port-list, up to 32 characters, containing a set of ports or ranges of ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-port

Syntax

src-port {eq | neq} port-num

no src-port

Context

[Tree] (debug>app-assure>group>traffic-capture>match src-port)

Full Context

debug application-assurance group traffic-capture match src-port

Description

This command configures debugging on a source port.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

src-port

Syntax

src-port {lt | gt | eq} src-port-number

src-port range src-port-number src-port-number

no src-port

Context

[Tree] (config>li>li-filter>li-ipv6-filter>entry>match src-port)

[Tree] (config>li>li-filter>li-ip-filter>entry>match src-port)

Full Context

configure li li-filter li-ipv6-filter entry match src-port

configure li li-filter li-ip-filter entry match src-port

Description

This command configures a source TCP or UDP port number or port range for an IP LI filter match criterion. Note that an entry containing Layer 4 match criteria will not match non-initial (second, third, and so on) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.

The no form of this command removes the source port match criterion.

Parameters

lt

Specifies all port numbers less than src-port-number match.

gt

Specifies all port numbers greater than src-port-number match.

eq

Specifies that src-port-number must be an exact match.

src-port-number

Specifies the source port number to be used as a match criteria expressed as a decimal integer.

Values

[0..65535]D

[0x0..0xFFFF]H

[0b0..0b1111111111111111]B

Platforms

All

src-port

Syntax

src-port {lt | gt | eq} src-port-number

src-port range start end

no src-port

Context

[Tree] (config>qos>sap-egress>ip-criteria>entry>match src-port)

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match src-port)

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match src-port)

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match src-port)

Full Context

configure qos sap-egress ip-criteria entry match src-port

configure qos sap-ingress ip-criteria entry match src-port

configure qos sap-egress ipv6-criteria entry match src-port

configure qos sap-ingress ipv6-criteria entry match src-port

Description

This command configures a source TCP or UDP port number or port range for a SAP QoS policy match criterion.

The no form of this command removes the source port match criterion.

Default

no src-port

Parameters

{lt | gt | eq} src-port-number

The TCP or UDP port numbers to match, specified as less than (lt), greater than (gt), or equal to (eq) to the source port value, specified as a decimal integer.

Values

1 to 65535 (decimal)

range startend

The range of TCP or UDP port values to match, specified as between the start and end source port values inclusive.

Values

1 to 65535 (decimal)

Platforms

All

src-port

Syntax

src-port {lt | gt | eq} src-port-number

src-port port-list port-list-name

src-port range start end

no src-port

Context

[Tree] (config>qos>network>ingress>ip-criteria>entry>match src-port)

[Tree] (config>qos>network>egress>ip-criteria>entry>match src-port)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match src-port)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match src-port)

Full Context

configure qos network ingress ip-criteria entry match src-port

configure qos network egress ip-criteria entry match src-port

configure qos network egress ipv6-criteria entry match src-port

configure qos network ingress ipv6-criteria entry match src-port

Description

This command configures a source TCP or UDP port number, port range, or a port list for a network QoS policy match criterion.

The no form of this command removes the source port match criterion.

Default

no src-port

Parameters

lt

Keyword used to specify TCP or UDP port numbers to match that are less than the source port value.

gt

Keyword used to specify TCP or UDP port numbers to match that are greater than the source port value.

eq

Keyword used to specify TCP or UDP port numbers to match that are equal to the source port value.

src-port-number

The source port value, specified as a decimal integer.

Values

1 to 65535

port-list-name

Specifies a port list name, up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

start

Specifies the starting range of TCP or UDP source port values to match.

Values

1 to 65535

end

Specifies the end range of TCP or UDP source port values to match.

Values

1 to 65535

Platforms

All

src-port

Syntax

src-port {lt | gt | eq} src-port-number

src-port port-list port-list-name

src-port range src-port-number src-port-number

no src-port

Context

[Tree] (config>filter>ipv6-exception>entry>match src-port)

[Tree] (config>filter>ip-exception>entry>match src-port)

[Tree] (config>filter>ip-filter>entry>match src-port)

[Tree] (config>filter>ipv6-filter>entry>match src-port)

Full Context

configure filter ipv6-exception entry match src-port

configure filter ip-exception entry match src-port

configure filter ip-filter entry match src-port

configure filter ipv6-filter entry match src-port

Description

This command configures a source TCP, UDP, or SCTP port number, port range, or port match list for an IP filter or IP exception match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet since only the first fragment contains the Layer 4 information. Similarly an entry containing "src-port eq 0" match criterion, may match non-initial fragments when the source port value is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the source port match criterion.

Default

no src-port

Parameters

lt | gt | eq

Specifies the operator to use relative to src-port-number for specifying the port number match criteria.

lt specifies that all port numbers less than src-port-number match.

gt specifies that all port numbers greater than src-port-number match.

eq specifies that src-port-number must be an exact match.

src-port-number

Specifies the source port number to be used as a match criteria expressed as a decimal integer, and in hexadecimal or binary format. Below shows decimal integer only.

Values

0 to 65535

port-list-name

Specifies to use a list of ports referred to by port-list-name, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

src-port-number src-port-number

Specifies inclusive port range between two src-port-number values.

Platforms

VSR

  • configure filter ip-exception entry match src-port
  • configure filter ipv6-exception entry match src-port

All

  • configure filter ipv6-filter entry match src-port
  • configure filter ip-filter entry match src-port

src-port

Syntax

src-port {port-id | cpm | lag lag-id}

no src-port

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry src-port)

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry src-port)

Full Context

configure system security management-access-filter ipv6-filter entry src-port

configure system security management-access-filter ip-filter entry src-port

Description

This command restricts ingress management traffic to either the CPM/CCM Ethernet port or any other logical port (for example LAG) on the device.

When the source interface is configured, only management traffic arriving on those ports satisfy the match criteria.

The no form of this command reverts to the default value.

Default

no src-port

Parameters

port-id

Specifies the port ID in formats shown below.

Values

slot/mda/port[.channel]

aps

keyword

group-id

1 to 128

ccag-id

ccag-id. path-id[cc-type]

ccag

keyword

id

1 to 8

path-id

a, b

cc-type

.sap-net, .net-sap

cpm

Matches any traffic received on any Ethernet port.

lag-id

Specifies the LAG identifier.

Values

1 to 800

Platforms

All

src-port

Syntax

src-port tcp/udp port-number [mask]

scr-port port-list port-list-name

scr-port range tcp/udp port-number tcp/udp port-number

no scr-port

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match src-port)

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match src-port)

Full Context

configure system security cpm-filter ip-filter entry match src-port

configure system security cpm-filter ipv6-filter entry match src-port

Description

This command specifies the TCP/UDP port to match the source port of the packet.

Note:

An entry containing Layer 4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.

Default

no src-port

Parameters

tcp/udp port-number

Specifies the source port number to be used as a match criteria expressed as a decimal integer.

Values

0 to 65535

port-list-name

Specifies the port list name to be used as a match criteria for the destination port.

mask

Specifies the 16 bit mask to be applied when matching the destination port.

Values

[0x0000..0xFFFF] | [0..65535] | [0b0000000000000000..0b1111111111111111]

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-prefix

src-prefix

Syntax

src-prefix ip-address/mask [ip-address/mask]

no src-prefix ip-address/mask

Context

[Tree] (config>service>vprn>mvpn>red-source-list src-prefix)

Full Context

configure service vprn mvpn red-source-list src-prefix

Description

This command configures multicast source IPv4 prefixes for preferred source selection. Single or multi-line inputs are allowed.

The no form of this command deletes specified prefix from the list.

Default

No prefixes are specified.

Parameters

ip-address/mask

IPv4 address prefix with mask. Up to 8 maximum.

Platforms

All

src-prefix

Syntax

src-prefix ipv6-ip-address/prefix-length [ ipv6-address/prefix-length]

no ipv6-ip-address/prefix-length

Context

[Tree] (config>service>vprn>mvpn>red-source-list>ipv6 src-prefix)

Full Context

configure service vprn mvpn red-source-list ipv6 src-prefix

Description

This command configures multicast source IPv6 prefixes for preferred source selection. Single or multi-line inputs are allowed.

The no form of this command deletes specified prefix from the list

Default

No prefixes are specified.

Parameters

ipv6-ip-address/mask

IPv6 address prefix with prefix-length. Up to 8 maximum.

Platforms

All

src-route-option

src-route-option

Syntax

src-route-option {true | false}

no source-route-option

Context

[Tree] (config>filter>ip-filter>entry>match src-route-option)

Full Context

configure filter ip-filter entry match src-route-option

Description

This command enables source route option match conditions. When enabled, this filter should match if a (strict or loose) source route option is present/not present at any location within the IP header, as per the value of this object. The no form of the command removes the criterion from the match entry.

Default

no src-route-option

Parameters

true

Enables source route option match conditions.

false

Disables source route option match conditions.

Platforms

All

src-tcp-port

src-tcp-port

Syntax

src-tcp-port tcp-port

no src-tcp-port

Context

[Tree] (config>test-oam>build-packet>header>tcp src-tcp-port)

Full Context

configure test-oam build-packet header tcp src-tcp-port

Description

This command defines the source TCP port to be used in the test TCP header.

The no form of this command reverts to the default.

Default

src-tcp-port 0

Parameters

tcp-port

Specifies the source TCP port to be used in the test TCP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-tcp-port

Syntax

src-tcp-port tcp-port

no src-tcp-port

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>tcp src-tcp-port)

Full Context

debug oam build-packet packet field-override header tcp src-tcp-port

Description

This command defines the source TCP port to be used in the TCP header.

The no form of this command reverts to the default.

Default

no override

Parameters

tcp-port

Specifies the source TCP port to be used in the test TCP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-udp-port

src-udp-port

Syntax

src-udp-port udp-port

no src-udp-port

Context

[Tree] (config>test-oam>build-packet>header>udp src-udp-port)

Full Context

configure test-oam build-packet header udp src-udp-port

Description

This command defines the source UDP port to be used in the test UDP header.

The no form of this command reverts to the default.

Default

src-udp-port 0

Parameters

udp-port

Specifies the source UDP port to be used in the test UDP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-udp-port

Syntax

src-udp-port udp-port

no src-udp-port

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>udp src-udp-port)

Full Context

debug oam build-packet packet field-override header udp src-udp-port

Description

This command defines the source UDP port to be used in the UDP header.

The no form of this command reverts to the default.

Default

no override

Parameters

udp-port

Specifies the source UDP port to be used in the UDP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

src-udp-port

Syntax

src-udp-port port-number

no src-udp-port

Context

[Tree] (config>test-oam>link-meas>template>twl src-udp-port)

Full Context

configure test-oam link-measurement measurement-template twamp-light src-udp-port

Description

This command configures a source UDP port to be used by the link measurement tests linked to this template.

Unless required, Nokia suggests that the link measurement dynamically select an available source UDP port from the dynamic range. Before a UDP port in the configurable range can be configured as a source it must be owned by the application. Use the config>test-oam>twamp>twamp-light> source-udp-port-pools>port>pool-type command to map the port range to the application.

To use a source port in this range for link-measurement, the selected port number must have a pool-type link-measurement configured. The source UDP port must be owned by the application prior to the configuration under the application. A configured source-udp-port cannot be used when multiple tests are configured between the same source IP, destination IP and destination UDP port. A conflict may occur when non-unique addressing is used between two peers. A conflicting situation may occur when tests between peers are using IPv6 discovery and the link-local addresses on both nodes are the same. Other conflicts exist, such as, multiple tests between peers using the same source and destination IP system address instead of an interface address. When this condition exists, the operational state of the link-measurement test is operationally down with a failure condition UdpPortUnavailable.

The no form of the command removes the port number from the link measurement template.

Default

no src-udp-port

Parameters

port-number

Specifies the source UDP port number.

Values

64374 to 64383

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

srefresh

srefresh

Syntax

srefresh [detail]

no srefresh

Context

[Tree] (debug>router>rsvp>packet srefresh)

Full Context

debug router rsvp packet srefresh

Description

This command debugs srefresh packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about srefresh packets.

Platforms

All

srh-mode

srh-mode

Syntax

srh-mode srh-mode

no srh-mode

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func>end-x srh-mode)

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func>ua srh-mode)

[Tree] (conf>router>segment-routing>srv6>ms-locator>un srh-mode)

[Tree] (config>router>segment-routing>srv6>inst>loc>func>end srh-mode)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-x srh-mode

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua srh-mode

configure router segment-routing segment-routing-v6 micro-segment-locator un srh-mode

configure router segment-routing segment-routing-v6 base-routing-instance locator function end srh-mode

Description

This command configures the SRH penultimate or ultimate pop mode, as well as the ultimate decapsulation mode, for the SID.

The no form of this command reverts to the default value.

Default

srh-mode psp

Parameters

srh-mode

Specifies the SRH mode for the SID.

Values

psp — Penultimate Segment Pop (PSP) of the SRH

usp — Ultimate Segment Pop (USP) of the SRH

psp-usd — Supports both PSP of the SRH and Ultimate Segment Decapsulation (USD) on the same SID

usp-usd — Supports both USP of the SRH and USD on the same SID

psp-usp-usd — Supports PSP and USP of the SRH with USD on the same SID

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srlb

srlb

Syntax

srlb reserved-label-block-name

no srlb

Context

[Tree] (config>router>isis>segm-rtng srlb)

[Tree] (config>router>ospf>segm-rtng srlb)

Full Context

configure router isis segment-routing srlb

configure router ospf segment-routing srlb

Description

This command specifies the reserved label block to use for the Segment Routing Local Block (SRLB) for the specified IS-IS or OSPF instance. The named reserved label block must already have been configured under config>router>mpls>mpls-labels.

The no form of this command removes an SRLB.

Parameters

reserved-label-block-name

Specifies the name of the reserved label block, up to 64 characters.

Platforms

All

srlg

srlg

Syntax

[no] srlg

Context

[Tree] (config>router>mpls>lsp>secondary srlg)

Full Context

configure router mpls lsp secondary srlg

Description

This command enables the use of the SRLG constraint in the computation of a secondary path for an LSP at the head-end LER. The command is configurable for both RSVP-TE and SR-TE LSPs.

When SRLG is enabled, CSPF includes the SRLG constraint in the computation of the secondary LSP path if path-computation-method local-cspf is configured on the LSP. CSPF returns the list of SRLG groups along with the ERO during primary path CSPF computation. At a subsequent establishment of a secondary path with the SRLG constraint, the MPLS task again queries CSPF by providing the list of SRLG group numbers to be avoided. CSPF prunes all links with interfaces that belong to the same SRLGs as the interfaces included in the ERO of the primary path. If CSPF finds a path, the secondary path is set up. If a path is not found, MPLS keeps retrying the requests to CSPF.

An SRLG enabled secondary or standby path of the LSP configured with a value of the path-computation-method command other than local-cspf remains operationally down with a failure code of srlgPrimaryCspfDisabled(25).

When an LSP is administratively enabled, the SRLG-enabled secondary path is not tried if the first attempt to bring up the primary path is in progress. The SRLG enabled secondary path is kept down temporarily with failure code srlgPrimaryPathDown(26). After this first attempt, MPLS begins setting up the SRLG-enabled standby paths. If primary path computation fails or primary path was not configured, MPLS requests CSPF to compute the secondary path using an empty primary SRLG list. The SRLG disjoint state field shows True in this scenario.

If the primary path is re-optimized, has undergone MBB, or has come back up after being down, the MPLS task check determines if any SRLG secondary paths should be re-signaled. If MPLS finds that a secondary path is no longer SRLG disjointed, and therefore becomes ineligible, MPLS puts it on a delayed MBB immediately after the expiry of the retry timer. If MBB fails at the first try, the secondary path is torn down and the path is put on retry if not active. If the secondary path is active, then it is only torn down and resignaled when the primary path is activated. The secondary path can remain active even when ineligible while the revert timer to activate the primary path is still running.

If the primary goes down while active, the LSP uses the path of an eligible SRLG secondary path if it is up. If all secondary eligible SRLG paths are down, MPLS uses a non-SRLG secondary path, if configured and up. While the LSP is using a non-SRLG secondary path, if an eligible SRLG secondary path comes back up, MPLS switches the path of the LSP to the eligible SRLG secondary path. As soon as a path for the primary is successfully computed by CSPF, MPLS schedules the delay retry MBB for the secondary path using the new SRLG list.

If the primary path goes down while inactive, for example it is waiting for the revert timer to expire, MPLS resets the SRLG list of the primary to empty and changes the state of all secondary paths, including the currently active one, to the Disjointed state. A delay retry MBB is still performed but results in no change to the active secondary path.

A secondary path that becomes ineligible as a result of an update to the SRLG membership list of the primary path has the ineligibility status removed on any of the following events:

  • a successful delay retry MBB of the secondary SRLG path that makes it eligible again

  • the secondary path goes down. MPLS puts the standby on retry at the expiry of the retry timer. If successful, it becomes eligible. If not successful after the retry-timer expires or the number of retries reached the number configured under the retry-limit parameter, it is left down.

Once the primary path of the LSP is set up and is operationally up, any subsequent changes to the SRLG group membership of an interface that the primary path is using is not considered until the next opportunity the primary path is re-signaled. The primary path may be re-signaled due to a failure or to a make-before-break operation. Make-before-break occurs as a result of a global revertive operation, a timer based or manual re-optimization of the LSP path, or an operator change to any of the path constraints.

Once an SRLG secondary path is set up and is operationally up, any subsequent changes to the SRLG group membership of an interface the secondary path is using is not considered until the next opportunity when the secondary path is re-signaled. The secondary path is re-signaled due to a failure, to a re-signaling of the primary path, or to a make before break operation. Make-before-break occurs as a result of a timer based or manual re-optimization of the secondary path, or an operator change to any of the path constraints of the secondary path, except for enabling or disabling the srlg command itself. Enabling or disabling the srlg command on an active secondary or on an active or inactive secondary standby path causes the path to be torn down and re-signaled.

In addition, the user-configured include or exclude admin group statements for a secondary path are also checked together with the SRLG constraints by CSPF.

The following behavior of the feature is specific to the SR-TE LSP.

  • An SRLG-enabled SR-TE LSP secondary path with SID label hops remains operational with failure code srlgPathWithSidHops(59).

  • An SR-TE LSP uses IGP advertised link SRLG information in the TE database. It does not support the use of SRLG information in the static user SRLG database (configure router mpls srlg-database).

  • Delay Retry MBB for making a non-disjointed path a disjointed one is not supported with an SR-TE LSP. Instead, the system performs a break-before-make (that is, teardown and retry) operation. If a non-disjointed path is the active path of the LSP, that path is torn down and retried after the router switches to another path (for example, after revert-timer expires). If the non-disjointed path is not an active path, it is torn down and retried immediately.

The no form of this command reverts to the default value.

Default

no srlg

Platforms

All

srlg-database

srlg-database

Syntax

[no] srlg-database

Context

[Tree] (config>router>mpls srlg-database)

Full Context

configure router mpls srlg-database

Description

Commands in this context configure the link members of SRLG groups for the entire network at any node that needs to signal LSP paths (for example, a head-end node).

The no form of this command deletes the entire SRLG database. CSPF assumes all interfaces have no SRLG membership association if the database was not disabled with the command config>router>mpls>user-srlg-db disable.

Platforms

All

srlg-enable

srlg-enable

Syntax

[no] srlg-enable

Context

[Tree] (config>router>route-next-hop-policy>template srlg-enable)

Full Context

configure router route-next-hop-policy template srlg-enable

Description

This command configures the SRLG constraint into the route next-hop policy template.

When this command is applied to a prefix, the LFA SPF will attempt to select an LFA next-hop, among the computed ones, which uses an outgoing interface that does not participate in any of the SLRGs of the outgoing interface used by the primary next-hop.

The SRLG criterion is applied before running the LFA next-hop selection algorithm.

The no form deletes the SRLG constraint from the route next-hop policy template.

Default

no srlg-enable

Platforms

All

srlg-frr

srlg-frr

Syntax

srlg-frr [strict]

no srlg-frr

Context

[Tree] (config>router>mpls srlg-frr)

Full Context

configure router mpls srlg-frr

Description

This command enables the use of the SRLG constraint in the computation of FRR bypass or detour to be associated with any primary LSP path on this system.

When this option is enabled, CSPF includes the SRLG constraint in the computation of a FRR detour or bypass for protecting the primary LSP path.

CSPF prunes all links with interfaces that belong to the same SRLG as the interface that is being protected, that is, the outgoing interface at the PLR the primary path is using. If one or more paths are found, the MPLS task will select one based on best cost and will signal the bypass/detour. If not found and the user has included the strict option, the bypass/detour is not setup and the MPLS task will keep retrying the request to CSPF. Otherwise, if a path exists that meets the other TE constraints, other than the SRLG one, the bypass/detour is setup.

A bypass or a detour LSP path is not intended to be SRLG disjoint from the entire primary path. Only the SRLGs of the outgoing interface at the PLR that the primary path is using are avoided.

When the MPLS task is searching for an SRLG bypass tunnel to associate with the primary path of the protected LSP, it will first check if any configured manual bypass LSP with CSPF enabled satisfies the SRLG constraints. The search skips any non-CSPF manual bypass LSP because there is no ERO returned to check the SRLG constraint. If no path is found, the task will check if an existing dynamic bypass LSP satisfies the SRLG and other primary path constraints. If not found, it will make a request to CSPF.

Once the primary path of the LSP is configured and is operationally up, subsequent changes to the SRLG group membership of an interface the primary path is using are not considered by the MPLS task at the PLR for bypass/detour association until the next opportunity the bypass LSP path or the primary path is resignaled. The path may be resignaled due to a failure or a Make-Before-Break (MBB) operation. MBB occurs as a result of a global revertive operation, a timer based or manual re-optimization of the bypass LSP or LSP primary path, or a user update of the primary path constraints.

Once the bypass or detour path is set up and is operationally up, subsequent changes to the SRLG group membership of an interface the bypass/detour path is using are not considered by the MPLS task at the PLR until the next opportunity when the association with the primary LSP path is rechecked. The association is rechecked if the bypass path is re-optimized using the timer or manual resignal MBB. Detour paths cannot be re-optimized separately from the primary path.

Enabling or disabling srlg-frr command only takes effect when the LSP primary path or the bypass path is resignaled. The user can either wait for the resignal timer to expire or cause the paths to be resignaled immediately by executing, at the ingress LER, the manual resignal command for the LSP primary path or for the bypass LSP path.

A MPLS interface can belong to a maximum of 64 SRLG groups. The SRLG groups are configured using the config>router>if-attribute>srlg-group command. The SRLG groups that an RSVP interface belong to are configured using the srlg-group command in the config>router>mpls>interface context.

The no form of this command reverts to the default value.

Default

no srlg-frr

Parameters

strict

Specifies the name of the SRLG group within a virtual router instance.

Values

no srlg-frr (default) srlg-frr (non-strict) srlg-frr strict (strict)

Platforms

All

srlg-group

srlg-group

Syntax

[no] srlg-group group-name [group-name]

no srlg-group

Context

[Tree] (config>router>mpls>if srlg-group)

[Tree] (config>router>if>if-attribute srlg-group)

[Tree] (config>service>ies>if>if-attribute srlg-group)

[Tree] (config>service>vprn>if>if-attribute srlg-group)

Full Context

configure router mpls interface srlg-group

configure router interface if-attribute srlg-group

configure service ies interface if-attribute srlg-group

configure service vprn interface if-attribute srlg-group

Description

This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.

An interface can belong to up to 64 SRLG groups. However, each single operation of the srlg-group command allows a maximum of five (5) groups to be specified at a time. Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured SRLG membership is applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the SRLGs bound to an MPLS interface are advertised area-wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the SRLG memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters

group-name

Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. Each single operation of the srlg-group command allows a maximum of 5 groups to be specified at a time.

Platforms

All

srlg-group

Syntax

srlg-group group-name value group-value [penalty-weight penalty-weight]

no srlg-group group-name

Context

[Tree] (config>router>if-attribute srlg-group)

Full Context

configure router if-attribute srlg-group

Description

This command defines a Shared Risk Link Group (SRLG) which can be associated with an IP or MPLS interface.

SRLG is used to tag IP or MPLS interfaces which share a specific fate with the same identifier. For example, an SRLG group identifier could represent all links which use separate fibers but are carried in the same fiber conduit. If the conduit is accidentally cut, all the fiber links are cut which means all interfaces using these fiber links will fail.

The user first configures locally on each router the name and identifier of each SRLG group. A maximum of 1024 SRLGs can be configured per system.

The user then configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface. A maximum of 64 SRLGs can be applied to a given interface.

When SRLGs are applied to MPLS interfaces, CSPF at an LER will exclude the SRLGs of interfaces used by the LSP primary path when computing the path of the secondary path. CSPF at an LER or LSR will also exclude the SRLGs of the outgoing interface of the primary LSP path in the computation of the path of the FRR backup LSP. This provides path disjointness between the primary path and the secondary path or FRR backup path of an LSP.

When SRLGs applied to IES, VPRN, or network IP interfaces, they are evaluated in the route next-hop selection by adding the srlg-enable option in a route next-hop policy template applied to an interface or a set of prefixes. For instance, the user can enable the SRLG constraint to select a LFA next-hop for a prefix which avoids all interfaces that share fate with the primary next-hop.

The following provisioning rules are applied to SRLG configuration. The system will reject the creation of a SRLG if it re-uses the same name but with a different group value than an existing group. The system will also reject the creation of an SRLG if it re-uses the same group value but with a different name than an existing group.

Only the SRLGs bound to an MPLS interface are advertised area-wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

A user may specify a penalty weight (penalty-weight) associated with an SRLG. This controls the likelihood of paths with links sharing SRLG values with a primary path being used by a bypass or detour LSP. The higher the penalty weight, the less desirable it is to use the link with a given SRLG.

Parameters

group-name

Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

group-value

Specifies the integer value associated with the group. The association of group name and value should be unique within an IP/MPLS domain.

Values

0 to 4294967295

penalty-weight

Specifies the integer value of the penalty weight that is assigned to the SRLG group

Values

0 to 65535

Default

0

Platforms

All

srrp

srrp

Syntax

srrp srrp-id [create]

no srrp srrp-id

Context

[Tree] (config>service>ies>sub-if>grp-if srrp)

[Tree] (config>service>vprn>sub-if>grp-if srrp)

Full Context

configure service ies subscriber-interface group-interface srrp

configure service vprn subscriber-interface group-interface srrp

Description

This command creates a Subscriber Router Redundancy Protocol (SRRP) instance on a group IP interface. An SRRP instance manages all subscriber subnets within the group interfaces subscriber IP interface or other subscriber IP interfaces that are associated through a wholesale/retail relationship. Only one unique SRRP instance can be configured per group interface.

The no form of this command removes an SRRP instance from a group IP interface. Once removed, the group interface ignores ARP requests for the SRRP gateway IP addresses that may exist on subscriber subnets associated with the group IP interface. Then the group interface stops routing using the redundant IP interface associated with the group IP interface and will stop routing with the SRRP gateway MAC address. Ingress packets destined to the SRRP gateway MAC will also be silently discarded. This is the same behavior as a group IP interface that is disabled (shutdown).

The no form of this command removes the SRRP ID from the configuration.

Default

no srrp

Parameters

srrp-id

Specifies a 32 bit instance ID that must be unique to the system. The instance ID must also match the instance ID used by the remote router that is participating in the same SRRP context. SRRP is intended to perform a function similar to VRRP where adjacent IP hosts within local subnets use a default gateway to access IP hosts on other subnets.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

srrp

Syntax

[no] srrp

Context

[Tree] (debug>router srrp)

Full Context

debug router srrp

Description

This command enables debugging for SRRP packets.

The no form of this command disables debugging.

Platforms

All

srrp

Syntax

[no] srrp

Context

[Tree] (config>redundancy>multi-chassis>peer>sync srrp)

Full Context

configure redundancy multi-chassis peer sync srrp

Description

This command specifies whether subscriber routed redundancy protocol (SRRP) information should be synchronized with the multi-chassis peer.

Default

no srrp

Platforms

All

srrp

Syntax

srrp

Context

[Tree] (config>redundancy srrp)

Full Context

configure redundancy srrp

Description

Commands in this context configure system parameters for BNG CUPS inter-UPF resiliency.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

srrp-enabled-routing

srrp-enabled-routing

Syntax

srrp-enabled-routing [hold-time hold-time]

no srrp-enabled-routing

Context

[Tree] (config>service>ies>sub-if>grp-if srrp-enabled-routing)

[Tree] (config>service>vprn>sub-if>grp-if srrp-enabled-routing)

Full Context

configure service ies subscriber-interface group-interface srrp-enabled-routing

configure service vprn subscriber-interface group-interface srrp-enabled-routing

Description

This command configures SRRP-enabled routing.

The no form of this command reverts to the default.

Parameters

hold-time hold-time

Specifies the hold time, in deci-seconds.

Values

1 to 50

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

srrp-instance

srrp-instance

Syntax

[no] srrp-instance srrp-id

Context

[Tree] (config>redundancy>mc>peer>mc>l3-ring srrp-instance)

Full Context

configure redundancy multi-chassis peer multi-chassis l3-ring srrp-instance

Description

This command configures an SRRP instance for Layer 3 ring.

The no form of this command reverts to the default.

Parameters

srrp-id

Specifies the SRRP ID of this SRRP instance.

Values

1 to 4294967295

srv6

srv6

Syntax

srv6 {origination| termination}

no srv6

Context

[Tree] (config>fwd-path-ext>fpe srv6)

Full Context

configure fwd-path-ext fpe srv6

Description

This command configures if the SRv6 FPE application type is used for the origination or termination of SRv6 tunnels.

The origination or termination of SRv6 on services requires the configuration of a dedicated SRv6 FPE and cannot share the same FPE. A single FPE can be configured for SRv6 origination. One or more FPEs can be configured for SRv6 termination, where a termination SRv6 FPE is assigned one or more configured locators. Transit SRv6 routers do not need SRv6 FPEs.

The no form of this command disables SRv6 on an FPE.

Parameters

origination

Keyword used to specify the origination FPE application type.

termination

Keyword used to specify the termination FPE application type.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srv6-instance

srv6-instance

Syntax

srv6-instance id default-locator name

no srv6-instance

Context

[Tree] (config>service>vprn>bgp-evpn>srv6 srv6-instance)

[Tree] (config>service>vprn>bgp-ipvpn>srv6 srv6-instance)

Full Context

configure service vprn bgp-evpn segment-routing-v6 srv6-instance

configure service vprn bgp-ipvpn segment-routing-v6 srv6-instance

Description

This command configures an SRv6 instance.

The no form of this command removes the SRv6 instance from the BGP IP-VPN or BGP EVPN control plane for the service.

Parameters

id

Specifies the SRv6 instance ID that exists in the service and is associated to a IP-VPN or EVPN control plane.

Values

1, 2

name

Specifies a default regular or micro-segment locator name, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srv6-locator

srv6-locator

Syntax

srv6-locator name

no srv6-locator

Context

[Tree] (config>router>policy-options>policy-statement>default-action srv6-locator)

[Tree] (config>router>policy-options>policy-statement>entry>action srv6-locator)

Full Context

configure router policy-options policy-statement default-action srv6-locator

configure router policy-options policy-statement entry action srv6-locator

Description

This command configures either a string encoding a midstring parameter delimited by at signs (@), or a reference to a named locator for the SRv6 TLV to use.

For a VRF export policy, the referenced locator must already be configured using the commands in the configure service vprn segment-routing-v6 locator context.

For a BGP export policy, the referenced locator must already be configured using the commands in the configure router segment-routing segment-routing-v6 base-routing-instance locator context.

The no form of this command specifies not to use a locator for the SRv6 TLV.

Default

no srv6-locator

Parameters

name

Specifies either a string encoding a midstring parameter delimited by at signs (@) or a reference to a named locator for the SRv6 TLV to use, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srv6-micro-segment-locator

srv6-micro-segment-locator

Syntax

srv6-micro-segment-locator name

no srv6-micro-segment-locator

Context

[Tree] (config>router>policy-options>policy-statement>entry>action srv6-micro-segment-locator)

[Tree] (config>router>policy-options>policy-statement>default-action srv6-micro-segment-locator)

Full Context

configure router policy-options policy-statement entry action srv6-micro-segment-locator

configure router policy-options policy-statement default-action srv6-micro-segment-locator

Description

This command configures either a string encoding a midstring parameter delimited by at signs (@), or a reference to a named micro-segment (uSID) locator for the SRv6 TLV to use.

For a VRF export policy, the referenced uSID locator must already be configured using the commands in the configure service vprn segment-routing-v6 micro-segment-locator context.

For a BGP export policy, the referenced uSID locator must already be configured using the commands in the configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator context.

The no form of this command specifies not to use a uSID locator for the SRv6 TLV.

Default

no srv6-micro-segment-locator

Parameters

name

Specifies either a string encoding a midstring parameter delimited by at signs (@) or a reference to a named uSID locator for the SRv6 TLV to use, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srv6-return-path-bfd-sid

srv6-return-path-bfd-sid

Syntax

srv6-return-path-bfd-sid ipv6-address | param-name

no srv6-return-path-bfd-sid

Context

[Tree] (config>router>policy-options>policy-statement>default-action srv6-return-path-bfd-sid)

[Tree] (config>router>policy-options>policy-statement>entry>action srv6-return-path-bfd-sid)

Full Context

configure router policy-options policy-statement default-action srv6-return-path-bfd-sid

configure router policy-options policy-statement entry action srv6-return-path-bfd-sid

Description

This command applies to the initiator of Seamless Bidirectional Forwarding Detection sessions. This command configures the S-BFD session to echo mode and pushes an additional SRv6 SID in the SRH for S-BFD packets only when it is sent on the imported SRv6 policy.

The return-path SID refers to a binding SID on a SRv6 policy configured on the far-end router. Instead of being routed through the IGP path, the S-BFD packet returns to the initiator through this SRv6 return path. The no form of this command disables the controlled return-path SID and echo mode for S-BFD.

Parameters

ipv6-address

Specifies the IPv6 address.

Values
  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

param-name

Specifies the parameter variable name, up to 32 characters. Policy parameters must start and end with an at-sign (@).

Platforms

All

srv6-sid

srv6-sid

Syntax

srv6-sid ipv6-address

no srv6-sid

Context

[Tree] (conf>router>segment-routing>sr-policies>policy>seg-list>segment srv6-sid)

Full Context

configure router segment-routing sr-policies static-policy segment-list segment srv6-sid

Description

This command defines the 128-bit SRv6 SID for the segment. The policy can only be administratively enabled if its type (defined with the configure router segment-routing sr-policies static-policy type command) and all its segments (defined with the configure router segment-routing sr-policies static-policy segment-list segment command) are SRv6.

Parameters

ipv6-address

Specifies the SID, up to 72 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srv6-sid-prefix

srv6-sid-prefix

Syntax

srv6-sid-prefix {ipv6-prefix/prefix-length | param-name}

no srv6-sid-prefix

Context

[Tree] (config>router>policy-options>policy-statement>entry>from srv6-sid-prefix)

Full Context

configure router policy-options policy-statement entry from srv6-sid-prefix

Description

This command configures either the name of a prefix policy variable or an IPv6 prefix and prefix length, as match criterion for a BGP route.

Note: If the name of a prefix policy variable is the match criterion, the name must start and end with an at sign (@).

A BGP route matches this criterion if it has an SRv6 TLV, and the SID or micro-segment (uSID) value in that TLV is matched by the bits of the IPv6 prefix (up to the specified prefix length).

This match criterion is supported in BGP import policies, BGP export policies, and VRF or VSI import policies.

Default

no srv6-sid-prefix

Parameters

ipv6-prefix/prefix-length

Specifies the IPv6 address and prefix length.

Values

ipv6-prefix:

x:x:x:x:x:x:x:x (host bits must be 0)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length:

0 to 128

param-name

Specifies the name of a prefix policy variable, which can be up to 32 characters and must start and end with an at sign (@)

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

srv6-tlv

srv6-tlv

Syntax

srv6-tlv {present | not-present}

no srv6-tlv

Context

[Tree] (config>router>policy-options>policy-statement>entry>from srv6-tlv)

Full Context

configure router policy-options policy-statement entry from srv6-tlv

Description

This command configures whether the entry matches a BGP route with a prefix SID attribute containing an SRv6 TLV. This match criterion is supported in BGP import policies, BGP export policies, and VRF or VSI import policies.

The no form of this command disables the router from taking whether a BGP route has a prefix SID attribute containing an SRv6 TLV into consideration when matching a BGP route with the entry.

Default

no srv6-tlv

Parameters

present

Specifies that a BGP route only matches this entry if it has a prefix SID attribute containing an SRv6 TLV.

not-present

Specifies that a BGP route only matches this entry if it does not have a prefix SID attribute containing an SRv6 TLV.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

ssap

ssap

Syntax

ssap ssap-value [ssap-mask]

no ssap

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match ssap)

Full Context

configure qos sap-ingress mac-criteria entry match ssap

Description

This command configures an Ethernet 802.2 LLC SSAP value or range for an ingress SAP QoS policy match criterion.

This is a 1-byte field that is part of the 802.2 LLC header of the IEEE 802.3 Ethernet Frame.

The snap-pid field, etype field, ssap, and dsap fields are mutually exclusive and cannot be part of the same match criteria.

The no form of this command removes the ssap match criterion.

Default

no ssap

Parameters

ssap-value

The 8-bit ssap match criteria value in hex.

Values

0x00 to 0xFF (hex)

ssap-mask

This is optional and can be used when specifying a range of ssap values to use as the match criteria.

This 8-bit mask can be configured using the following formats:

Format Style

Format Syntax

Example

Decimal

DDD

240

Hexadecimal

0xHH

0xF0

Binary

0bBBBBBBBB

0b11110000

Values

0x00 to 0xFF

Platforms

All

ssap

Syntax

ssap ssap-value [ssap-mask]

no ssap

Context

[Tree] (config>filter>mac-filter>entry>match ssap)

Full Context

configure filter mac-filter entry match ssap

Description

This command configures an Ethernet 802.2 LLC SSAP value or range for a MAC filter match criterion.

This is a one-byte field that is part of the 802.2 LLC header of the IEEE 802.3 Ethernet Frame.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria.

The no form of the command removes the ssap match criterion.

Default

no ssap

Parameters

ssap-value

Specifies the 8-bit ssap match criteria value in decimal, hexadecimal or binary.

Values

0 to 255

ssap-mask

Specifies an optional parameter that may be used when specifying a range of ssap values to use as the match criteria.

This 8 bit mask and the ssap value can be configured as described in 8-bit Mask Syntax.

Table 9. 8-bit Mask Syntax

Format Style

Format Syntax

Example

Decimal

DDD

240

Hexadecimal

0xHH

0xF0

Binary

0bBBBBBBBB

0b11110000

Values

0 to 255

Platforms

All

ssap

Syntax

ssap ssap-value [ssap-mask]

no ssap

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match ssap)

Full Context

configure system security management-access-filter mac-filter entry match ssap

Description

This command configures an Ethernet 802.2 LLC SSAP value or range for a MAC filter match criterion.

This is a one-byte field that is part of the 802.2 LLC header of the IEEE 802.3 Ethernet Frame.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide for information about MAC Match Criteria Exclusivity Rules fields that are exclusive based on the frame format.

The no form of this command removes the SSAP match criterion.

Default

no ssap

Parameters

ssap-value

Specifies the 8-bit SSAP match criteria value in hex.

Values

0x00 to 0xFF

ssap-mask

Specifies a range of SSAP values to use as the match criteria.

Platforms

All

ssh

ssh

Syntax

ssh host [-l username] [-v ssh-version] [{router router-instance | service-name service-name}] [re-exchange-min minutes] [re-exchange-mbyte megabytes]

Context

[Tree] (ssh)

Full Context

ssh

Description

This command initiates a client SSH session with the remote host and is independent from the administrative or operational state of the SSH server. However, to be the target of an SSH session, the SSH server must be operational. This command also allows the user to initiate a SSH session, with a key re-exchange, based on maximum megabytes or minutes, whichever occurs first. If the re-exchange options are not set, the default behavior will not perform a key re-exchange.

Quitting SSH while in the process of authentication is accomplished by either executing a ctrl-c or "~." (tilde and dot), assuming the "~” is the default escape character for SSH session.

Parameters

host

Specifies the remote host for the SSH session.

Values

host: user@hostname - [up to 255 characters]

user

up to 32 characters

hostname

[dns-name | ipv4-address | ipv6-address]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface: up to 32 characters, mandatory for link local addresses

dns-name

up to128 characters

username

Specifies the user name to use when opening the SSH session, up to 32 characters.

router-instance

Specifies the router name or service ID.

Values

router-instance: router-name or vprn-svc-id

router-name

"Base”, "management”, "vpls-management”

vprn-svc-id

1 to 2147483647

Default

Base

service-name

Specifies the service name, up to 64 characters.

minutes

Specifies the time interval after which the SSH client will initiate the key-re-exchange.

Values

1 to 1440 minutes

megabytes

Specifies the number of megabytes, on a SSH session, after which the SSH client will initiate the key re-exchange.

Values

1 to 64000 megabytes

Platforms

All

ssh

Syntax

ssh

Context

[Tree] (config>system>login-control ssh)

[Tree] (config>system>security ssh)

Full Context

configure system login-control ssh

configure system security ssh

Description

Commands in this context configure the SSH parameters.

Platforms

All

ssh-authentication-method

ssh-authentication-method

Syntax

ssh-authentication-method

Context

[Tree] (config>system>security>user ssh-authentication-method)

Full Context

configure system security user ssh-authentication-method

Description

Commands in this context configure, at the user level, the authentication method accepted by the SSH server. The user-level configuration overrides the system-level configuration.

Platforms

All

ssh-max-sessions

ssh-max-sessions

Syntax

ssh-max-sessions number-of-sessions

no ssh-max-sessions

Context

[Tree] (config>system>security>cli-session-group ssh-max-sessions)

[Tree] (config>system>security>profile ssh-max-sessions)

Full Context

configure system security cli-session-group ssh-max-sessions

configure system security profile ssh-max-sessions

Description

This command is used to limit the number of SSH-based sessions available to all users that are part of a particular profile, or to all users of all profiles that are part of the same cli-session-group.

The no form of this command disables the command and the profile or group limit is not applied on the number of sessions.

Default

no ssh-max-sessions

Parameters

number-of-sessions

Specifies the maximum number of allowed SSH-based sessions.

Values

0 to 50

Platforms

All

ssh-reply

ssh-reply

Syntax

[no] ssh-reply

Context

[Tree] (config>service>ies>if>vrrp ssh-reply)

Full Context

configure service ies interface vrrp ssh-reply

Description

This command enables the non-owner master to reply to SSH Requests directed at the virtual router instances IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication is still enforced.

When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.

The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses is silently discarded.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default

no ssh-reply

Platforms

All

ssh-reply

Syntax

[no] ssh-reply

Context

[Tree] (config>service>vprn>if>vrrp ssh-reply)

Full Context

configure service vprn interface vrrp ssh-reply

Description

This command enables the non-owner master to reply to SSH Requests directed at the virtual router instance’s IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication is still enforced.

When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded. Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.

The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses is silently discarded.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default

no ssh-reply

Platforms

All

ssh-reply

Syntax

[no] ssh-reply

Context

[Tree] (config>router>if>vrrp ssh-reply)

Full Context

configure router interface vrrp ssh-reply

Description

This command enables the non-owner master to reply to SSH requests directed at the virtual router instance IP addresses. This command is only applicable to IPv4.

Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses.

This limitation can be disregarded for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.

The ssh-reply command enables the non-owner master to reply to SSH requests directed at the virtual router instances IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Correct login and CLI command authentication is still enforced.

When ssh-reply is not enabled, SSH requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to SSH requests regardless of the ssh-reply setting.

The ssh-reply command is only available in non-owner vrrp nodal context.

By default, SSH requests to the virtual router instance IP addresses are silently discarded.

The no form of the command discards all SSH request messages destined to the non-owner virtual router instance IP addresses.

Default

no ssh-reply — SSH requests to the virtual router instance IP addresses are discarded.

Platforms

All

ssm

ssm

Syntax

ssm

Context

[Tree] (config>port>ethernet ssm)

Full Context

configure port ethernet ssm

Description

This command enables the Ethernet Synchronization Messaging Channel (ESMC) for the Ethernet port. ESMC carries the Synchronization Status Message (SSM) code representing the quality level of the source of frequency of the central clock of the node.

Platforms

All

ssm-assert-compatible-mode

ssm-assert-compatible-mode

Syntax

ssm-assert-compatible-mode [enable | disable]

Context

[Tree] (config>service>vprn>pim ssm-assert-compatible-mode)

Full Context

configure service vprn pim ssm-assert-compatible-mode

Description

This command specifies whether SSM assert is enabled in compatibility mode for this PIM protocol instance. When enabled, for SSM groups, PIM will consider the SPT bit to be implicitly set to compute the value of CouldAssert (S,G,I) as defined in RFC 4601, Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised). When disabled, for SSM groups, PIM will not assume the SPT bit to be set. The SPT bit is set by Update_SPTbit(S,G,iif) macro defined in RFC 4601.

Default

ssm-assert-compatible-mode disable

Parameters

enable

enables SSM assert in compatibility mode for this PIM protocol instance

disable

disabled SSM assert in compatibility mode for this PIM protocol instance

Platforms

All

ssm-bit

ssm-bit

Syntax

ssm-bit sa-bit

Context

[Tree] (config>system>sync-if-timing>bits ssm-bit)

Full Context

configure system sync-if-timing bits ssm-bit

Description

This command configures which sa-bit to use for conveying SSM information when the interface-type is E1.

Default

ssm-bit 8

Parameters

sa-bit

Specifies the sa-bit value.

Values

4 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ssm-default-range-disable

ssm-default-range-disable

Syntax

ssm-default-range-disable ipv4

Context

[Tree] (config>service>vprn>pim ssm-default-range-disable)

Full Context

configure service vprn pim ssm-default-range-disable

Description

This command specifies whether to disable the use of default range (232/8) for SSM so that it can be used by ASM to process (*,G). When enabled, the use of default range is disabled for SSM and it can be used by ASM. When disabled, the SSM default range is enabled.

Default

ssm-default-range-disable

Platforms

All

ssm-groups

ssm-groups

Syntax

[no] ssm-groups

Context

[Tree] (config>service>vprn ssm-groups)

Full Context

configure service vprn ssm-groups

Description

This command enables access to the context to enable a source-specific multicast (SSM) configuration instance.

Platforms

All

ssm-groups

Syntax

[no] ssm-groups

Context

[Tree] (config>router>pim ssm-groups)

Full Context

configure router pim ssm-groups

Description

Commands in this context enable an ssm-group configuration instance.

Platforms

All

ssm-translate

ssm-translate

Syntax

ssm-translate

Context

[Tree] (config>service>vprn>igmp>if ssm-translate)

[Tree] (config>service>vprn>igmp ssm-translate)

Full Context

configure service vprn igmp interface ssm-translate

configure service vprn igmp ssm-translate

Description

Commands in this context configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

Platforms

All

ssm-translate

Syntax

ssm-translate

Context

[Tree] (config>service>vprn>mld ssm-translate)

Full Context

configure service vprn mld ssm-translate

Description

Commands in this context configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

Platforms

All

ssm-translate

Syntax

ssm-translate

Context

[Tree] (config>router>igmp ssm-translate)

[Tree] (config>router>igmp>if ssm-translate)

Full Context

configure router igmp ssm-translate

configure router igmp interface ssm-translate

Description

Commands in this context configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

Platforms

All

ssm-translate

Syntax

ssm-translate

Context

[Tree] (config>router>mld>if ssm-translate)

[Tree] (config>router>mld ssm-translate)

Full Context

configure router mld interface ssm-translate

configure router mld ssm-translate

Description

Commands in this context configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

Platforms

All

stable-pool-sizing

stable-pool-sizing

Syntax

[no] stable-pool-sizing

Context

[Tree] (config>card>fp stable-pool-sizing)

Full Context

configure card fp stable-pool-sizing

Description

This command provides a stable buffer pool allocation environment for all default port buffer pools on a forwarding plane. This stable environment is provided at the expense of optimal buffer allocation between the various port buffer pools. Normally, port pools are sized according to a ports relative bandwidth with other ports and the ability of a port to use pool buffers. As an example, on a forwarding plane with two potential MDAs and only one equipped, the normal behavior is to provide all available default pool buffers to the ports on the currently equipped MDA. If a second MDA is equipped in the future, buffers are freed from the existing MDA and provided to the ports on the new MDA. Stable pool sizing alters this behavior by reserving buffers for both MDAs whether they are equipped or not thus preventing a resizing event when an MDA is equipped. In addition, existing ports on a module always receive their maximum bandwidth share of buffers independent on any sub-rate condition that may currently exist. This provides a stable amount of buffers to other ports on the module independent of link or configuration events that may occur on the port.

Stable pool sizing preserves the ability to modify the effective bandwidth used to determine a port’s relative share of the available buffers through the use of the ing-percentage-of-rate and egr-percentage-of-rate commands under the port configuration. Changing the values associated with these commands will cause a reevaluation of buffer distribution and thus a possible resizing of pools on each port within the module. These commands have no effect on ports associated with other modules on the forwarding plane.

Stable pool sizing may be enabled or disabled at any time on a forwarding plane. The system will dynamically change the pool sizes according to the stable pool sizing state.

When a port connector breakout is configured, its ports is included in the stable pool sizing calculation. Consequently, adding or removing a port connector breakout to or from the configuration will cause the buffer pool allocation to be recalculated even when stable pool sizing is enabled.

The no form of this command disables stable pool sizing on a forwarding plane. Existing buffer pools are resized according to normal pool sizing behavior.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

stack

stack

Syntax

stack [ipv4] [ipv6-slaac]

no stack

Context

[Tree] (config>subscr-mgmt>pppoe-client-policy stack)

Full Context

configure subscriber-mgmt pppoe-client-policy stack

Description

This command defines which NCP session is started in the PPPoE client and how addresses are retrieved within that NCP session.

Default

stack ipv4

Parameters

ipv4

Indicates that IPCP should be started and used to retrieve an IPv4 address.

ipv6-slaac

Indicates that IPv6CP should be started and that SLAAC is used to retrieve an IPv6 prefix.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

stack-capability-signaling

stack-capability-signaling

Syntax

[no] stack-capability-signaling

Context

[Tree] (config>service>ipipe stack-capability-signaling)

Full Context

configure service ipipe stack-capability-signaling

Description

This command enables stack-capability signaling in the initial label mapping message of the Ipipe PW to indicate that IPv6 is supported.

When enabled, the 7750 SR includes the stack-capability TLV with the IPv6 stack bit set according to the ce-address-discovery ipv6 keyword, and also checks the value of the stack-capability TLV received from the far end.

This command must be blocked if no ce-address-discovery is specified, or the ipv6 keyword is not included with the ce-address-discovery command.

This command if only applicable to the Ipipe service and must be blocked for all other services.

This command has no effect if both SAPs on the Ipipe service are local to the node.

Default

no stack-capability-signaling

Platforms

All

stale-routes-time

stale-routes-time

Syntax

[no] stale-routes-time time

Context

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart stale-routes-time)

[Tree] (config>service>vprn>bgp>group>graceful-restart stale-routes-time)

[Tree] (config>service>vprn>bgp>graceful-restart stale-routes-time)

Full Context

configure service vprn bgp group neighbor graceful-restart stale-routes-time

configure service vprn bgp group graceful-restart stale-routes-time

configure service vprn bgp graceful-restart stale-routes-time

Description

This command configures the time period to keep stale routes before the END-OF-RIB message is received from the restarting router.

Default

360 seconds

Parameters

time

1 to 3600 seconds

Platforms

All

stale-routes-time

Syntax

stale-routes-time time

no stale-routes-time

Context

[Tree] (config>router>bgp>group>neighbor>graceful-restart stale-routes-time)

[Tree] (config>router>bgp>group>graceful-restart stale-routes-time)

[Tree] (config>router>bgp>graceful-restart stale-routes-time)

Full Context

configure router bgp group neighbor graceful-restart stale-routes-time

configure router bgp group graceful-restart stale-routes-time

configure router bgp graceful-restart stale-routes-time

Description

This command configures the maximum amount of time in seconds that stale routes should be maintained after a graceful restart is initiated.

The no form of this command resets the stale routes time back to the default of 360 seconds.

Default

no stale-routes-time

Parameters

time

Specifies the amount of time that stale routes should be maintained after a graceful restart is initiated.

Values

1 to 3600 seconds

Platforms

All

stale-time

stale-time

Syntax

stale-time seconds

no stale-time

Context

[Tree] (config>service>ies>if>ipv6 stale-time)

[Tree] (config>service>ies>ipv6 stale-time)

[Tree] (config>service>vprn>if>ipv6 stale-time)

[Tree] (config>service>vprn>ipv6 stale-time)

Full Context

configure service ies interface ipv6 stale-time

configure service ies ipv6 stale-time

configure service vprn interface ipv6 stale-time

configure service vprn ipv6 stale-time

Description

This command configures the time a neighbor discovery cache entry can remain stale before being removed.

The no form of this command removes the stale-time value.

Default

no stale-time

Parameters

seconds

The allowed stale time (in seconds) before a neighbor discovery cache entry is removed.

Values

60 to 65535

Platforms

All

stale-time

Syntax

stale-time seconds

no stale-time

Context

[Tree] (config>router>ipv6 stale-time)

Full Context

configure router ipv6 stale-time

Description

This command configures the time a neighbor discovery cache entry can remain stale before being removed.

The no form of this command removes the stale-time value.

Default

stale-time 14400

Parameters

seconds

Specifies the allowed stale time (in seconds) before a neighbor discovery cache entry is removed.

Values

60 to 65535

Platforms

All

stale-time

Syntax

stale-time seconds

no stale-time

Context

[Tree] (config>router>origin-validation>rpki-session stale-time)

Full Context

configure router origin-validation rpki-session stale-time

Description

This command configures the maximum length of time that prefix origin validation records learned from the cache server remain usable after the RPKI-Router session goes down. The default stale-time is 3600 seconds (1 hour). When the timer expires all remaining stale entries associated with the session are deleted.

Default

no stale-time

Parameters

seconds

Specifies a time, in seconds.

Values

60 to 3600

Platforms

All

stale-time

Syntax

stale-time seconds

no stale-time

Context

[Tree] (config>router>if>ipv6 stale-time)

Full Context

configure router interface ipv6 stale-time

Description

This command configures the time a neighbor discovery cache entry can remain stale before being removed.

The no form of this command removes the stale-time value.

Default

no stale-time

Parameters

seconds

The allowed stale time (in seconds) before a neighbor discovery cache entry is removed.

Values

60 to 65535

Platforms

All

standard-multi-instance

standard-multi-instance

Syntax

[no] standard-multi-instance

Context

[Tree] (config>service>vprn>isis standard-multi-instance)

Full Context

configure service vprn isis standard-multi-instance

Description

This command enables IS-IS multi-instance (MI) as described in draft-ginsberg-isis-mi-bis-01. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs. A single topology is supported in each instance, so the instance-specific topology identifier (ITID) is set to 0 and cannot be changed.

The standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) and iid-tlv-enable (based on draft-ietf-isis-mi-02) commands cannot be configured in the same instance, because the MAC addresses and PDUs from the two standards are incompatible.

The no form of this command removes the standard-multi-instance configuration.

Default

no standard-multi-instance

Platforms

All

standard-multi-instance

Syntax

[no] standard-multi-instance

Context

[Tree] (config>router>isis standard-multi-instance)

Full Context

configure router isis standard-multi-instance

Description

This command enables IS-IS multi-instance (MI) as described in draft-ginsberg-isis-mi-bis-01. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs. A single topology is supported in each instance, so the instance-specific topology identifier (ITID) is set to 0 and cannot be changed.

The standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) and iid-tlv-enable (based on draft-ietf-isis-mi-02) commands cannot be configured in the same instance, because the MAC addresses and PDUs from the two standards are incompatible.

The no form of this command removes the standard-multi-instance configuration.

Default

no standard-multi-instance

Platforms

All

standby

standby

Syntax

[no] standby

Context

[Tree] (config>router>mpls>lsp>secondary standby)

Full Context

configure router mpls lsp secondary standby

Description

The secondary path LSP is normally signaled once the primary path LSP fails. The standby keyword ensures that the secondary path LSP is signaled and maintained indefinitely in a hot standby state. Standby paths are selected in preference to non-standby secondary paths. When multiple standby secondary paths exist, then the path-preference is used to determine the order in which the paths are selected. If multiple standby secondary paths have the same, lowest, path-preference value then the system will select the path with the lowest up-time. When the primary path is re-established then the traffic is switched back to the primary path LSP.

The no form of this command specifies that the secondary LSP is signaled when the primary path LSP fails.

Platforms

All

standby-forwarding

standby-forwarding

Syntax

[no] standby-forwarding

Context

[Tree] (config>service>ies>if>ipv6>vrrp standby-forwarding)

Full Context

configure service ies interface ipv6 vrrp standby-forwarding

Description

This command allows the forwarding of packets by a standby router.

The no form of this command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default

no standby-forwarding

Platforms

All

standby-forwarding

Syntax

[no] standby-forwarding

Context

[Tree] (config>service>ies>if>vrrp standby-forwarding)

Full Context

configure service ies interface vrrp standby-forwarding

Description

This command allows the forwarding of packets by a standby router.

The no form of this command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default

no standby-forwarding

Platforms

All

standby-forwarding

Syntax

[no] standby-forwarding

Context

[Tree] (config>service>vprn>if>ipv6>vrrp standby-forwarding)

[Tree] (config>service>vprn>if>vrrp standby-forwarding)

Full Context

configure service vprn interface ipv6 vrrp standby-forwarding

configure service vprn interface vrrp standby-forwarding

Description

This command allows the forwarding of packets by a standby router.

The no form of this command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default

no standby-forwarding

Platforms

All

standby-forwarding

Syntax

[no] standby-forwarding

Context

[Tree] (config>router>if>ipv6>vrrp standby-forwarding)

[Tree] (config>router>if>vrrp standby-forwarding)

Full Context

configure router interface ipv6 vrrp standby-forwarding

configure router interface vrrp standby-forwarding

Description

This command specifies whether this VRRP instance allows forwarding packets to a standby router. When disabled, a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address. When enabled, a standby router should forward all traffic.

Default

no standby-forwarding

Platforms

All

standby-ip-lifetime

standby-ip-lifetime

Syntax

standby-ip-lifetime [days days] [hrs hrs] [min min] [sec sec]

standby-ip-lifetime [seconds]

standby-ip-lifetime

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile>dhcp-pool standby-ip-lifetime)

Full Context

configure subscriber-mgmt vrgw brg brg-profile dhcp-pool standby-ip-lifetime

Description

This command defines how long these addresses are kept aside when standby addresses are signaled to the pool. During this time these addresses can only be used by devices explicitly requesting the IP (for example, datatrigger or DHCP renew/rebind). When the timer expires the addresses will again become available for dynamic allocation.

Default

standby-ip-lifetime hrs 6

Parameters

days

Specifies the standby IP lifetime in days.

Values

1 to 3650

hrs

Specifies the standby IP lifetime in hours.

Values

1 to 23

min

Specifies the standby IP lifetime in minutes.

Values

1 to 59

sec

Specifies the standby IP lifetime in seconds.

Values

1 to 59

seconds

Specifies the lifetime of the standby IP addresses

Values

300 to 315446399

seconds

Specifies the lifetime in seconds.

Values

300 to 315446399

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

standby-mep-shutdown

standby-mep-shutdown

Syntax

[no] standby-mep-shutdown

Context

[Tree] (config>eth-cfm>redundancy>mc-lag standby-mep-shutdown)

Full Context

configure eth-cfm redundancy mc-lag standby-mep-shutdown

Description

This system wide command enables MEPs to track the state of MC-LAG. This allows MEPs on the standby MC-LAG to act administratively down.

The no form of command disables the MEP tracking.

Default

no standby-mep-shutdown

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

standby-signaling

standby-signaling

Syntax

standby-signaling {lacp | power-off}

no standby-signaling

Context

[Tree] (config>lag standby-signaling)

Full Context

configure lag standby-signaling

Description

This command specifies how the state of a member port is signaled to the remote side when the status corresponding to this member port has the standby value.

Default

standby-signaling lacp

Platforms

All

standby-signaling-master

standby-signaling-master

Syntax

[no] standby-signaling-master

Context

[Tree] (config>service>epipe>endpoint standby-signaling-master)

[Tree] (config>service>ipipe>endpoint standby-signaling-master)

Full Context

configure service epipe endpoint standby-signaling-master

configure service ipipe endpoint standby-signaling-master

Description

When this command is enabled, the pseudowire standby bit (value 0x00000020) is sent to T-LDP peer for each spoke SDP of the endpoint that is selected as a standby.

This command is mutually exclusive with a VLL mate SAP created on a mc-lag/mc-aps or ICB. It is also mutually exclusive with vc-switching.

Default

standby-signaling-master

Platforms

All

standby-signaling-slave

standby-signaling-slave

Syntax

[no] standby-signaling-slave

Context

[Tree] (config>service>epipe>spoke-sdp-fec standby-signaling-slave)

Full Context

configure service epipe spoke-sdp-fec standby-signaling-slave

Description

This command enables standby-signaling-slave for an Epipe.

Platforms

All

standby-signaling-slave

Syntax

[no] standby-signaling-slave

Context

[Tree] (config>service>epipe>spoke-sdp standby-signaling-slave)

[Tree] (config>service>epipe>endpoint standby-signaling-slave)

Full Context

configure service epipe spoke-sdp standby-signaling-slave

configure service epipe endpoint standby-signaling-slave

Description

When this command is enabled, the node will block the transmit forwarding direction of a spoke SDP based on the pseudowire standby bit received from a T-LDP peer.

This command is present at the endpoint level as well as the spoke SDP level. If the spoke SDP is part of an explicit-endpoint, it will not be possible to change this setting at the spoke SDP level. An existing spoke SDP can be made part of the explicit endpoint only if the settings do not conflict. A newly created spoke SDP, which is part of a specific explicit-endpoint, will inherit this setting from the endpoint configuration.

This command is mutually exclusive with an endpoint that is part of an mc-lag, mc-aps or an ICB.

If the command is disabled, the node assumes the existing independent mode of behavior for the forwarding on the spoke SDP.

Default

no standby-signaling-slave

Platforms

All

starg

starg

Syntax

[no] starg

Context

[Tree] (config>subscr-mgmt>igmp-policy starg)

[Tree] (config>subscr-mgmt>igmp-policy>static>group starg)

[Tree] (config>subscr-mgmt>mld-policy>static>group starg)

Full Context

configure subscriber-mgmt igmp-policy starg

configure subscriber-mgmt igmp-policy static group starg

configure subscriber-mgmt mld-policy static group starg

Description

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

The no form of this command removes the starg entry from the configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

starg

Syntax

[no] starg

Context

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>static>group starg)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>static>group starg)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>static>group starg)

[Tree] (config>service>vpls>sap>mld-snooping>static>group starg)

[Tree] (config>service>vpls>sap>igmp-snooping>static>group starg)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>static>group starg)

Full Context

configure service vpls mesh-sdp igmp-snooping static group starg

configure service vpls spoke-sdp igmp-snooping static group starg

configure service vpls spoke-sdp mld-snooping static group starg

configure service vpls sap mld-snooping static group starg

configure service vpls sap igmp-snooping static group starg

configure service vpls mesh-sdp mld-snooping static group starg

Description

This command adds a static (*,g) entry to allow multicast traffic for the corresponding multicast group from any source. This command can only be enabled if no existing source addresses for this group are specified.

The no form of this command removes the starg entry from the configuration.

Default

no starg

Platforms

All

starg

Syntax

starg

Context

[Tree] (config>service>vprn>igmp>if>static>group starg)

Full Context

configure service vprn igmp interface static group starg

Description

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of this command to remove the starg entry from the configuration.

Platforms

All

starg

Syntax

[no] starg

Context

[Tree] (config>service>vprn>mld>if>static>group starg)

Full Context

configure service vprn mld interface static group starg

Description

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of this command to remove the starg entry from the configuration.

Platforms

All

starg

Syntax

[no] starg

Context

[Tree] (config>router>igmp>if>static>group starg)

Full Context

configure router igmp interface static group starg

Description

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of the command to remove the (*,G) entry from the configuration.

Platforms

All

starg

Syntax

[no] starg

Context

[Tree] (config>router>igmp>tunnel-interface>static>group starg)

Full Context

configure router igmp tunnel-interface static group starg

Description

This command adds a static (*,G) group entry in a static group join on a tunnel interface associated with a P2MP RSVP LSP.

This command can only be enabled if no existing source addresses for this group are specified.

The no form of the command removes the (*,G) entry from the configuration.

Platforms

All

starg

Syntax

[no] starg

Context

[Tree] (config>router>mld>if>static>group starg)

Full Context

configure router mld interface static group starg

Description

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

The no form of this command removes the starg entry from the configuration.

Platforms

All

start

start

Syntax

start {immediate | on-new-session}

Context

[Tree] (debug>app-assure>group>traffic-capture>record start)

Full Context

debug application-assurance group traffic-capture record start

Description

This command records limit conditions.

Parameters

immediate

Start recording immediately for new or existing flows or sessions.

on-new-session

Only start recording record for new flows or sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

start

Syntax

start start-week start-day start-month hours-minutes

Context

[Tree] (config>system>time>dst-zone start)

Full Context

configure system time dst-zone start

Description

This command configures start of summer time settings.

Default

start first sunday january 00:00

Parameters

start-week

Specifies the starting week of the month when the summer time takes effect.

Values

first, second, third, fourth, last

Default

first

start-day

Specifies the starting day of the week when the summer time takes effect.

Values

sunday, monday, tuesday, wednesday, thursday, friday, saturday

Default

sunday

start-month

Specifies the starting month of the year when the summer time takes effect.

Values

january, february, march, april, may, june, july, august, september, october, november, december

Default

january

hours-minutes

Specifies the time at which the summer time takes effect, in hh:mm format.

Values

hours: 00 to 23

minutes: 00 to 59

Default

00:00

Platforms

All

start-avg

start-avg

Syntax

start-avg percent

no start-avg

Context

[Tree] (config>qos>slope-policy>high-slope start-avg)

[Tree] (config>qos>slope-policy>low-slope start-avg)

[Tree] (config>qos>slope-policy>exceed-slope start-avg)

[Tree] (config>qos>slope-policy>highplus-slope start-avg)

Full Context

configure qos slope-policy high-slope start-avg

configure qos slope-policy low-slope start-avg

configure qos slope-policy exceed-slope start-avg

configure qos slope-policy highplus-slope start-avg

Description

This command sets the exceed, low, high, or highplus Random Early Detection (RED) slope position for the shared buffer average utilization value where the packet discard probability starts to increase above zero. The percent parameter is expressed as a percentage of the shared buffer size.

The no form of this command restores the start-avg value to the default setting. If the max-avg setting is smaller than the default, an error will occur and the start-avg setting will not be changed to the default.

Default

start-avg 85 - Highplus slope default is 85% buffer utilization before discard probability starts to increase above zero.

start-avg 70 — High slope default is 70% buffer utilization before discard probability starts to increase above zero.

start-avg 50 — Low slope default is 50% buffer utilization before discard probability starts to increase above zero.

start-avg 30 — Exceed slope default is 30% buffer utilization before discard probability starts to increase above zero.

Parameters

percent

The percentage of the shared buffer space for the buffer pool at which point the drop probability starts to increase above zero. The value entered must be less than or equal to the current setting of max-avg. If the entered value is greater than the current value of max-avg, an error will occur and no change will take place.

Values

0 to 100

Platforms

All

start-entry

start-entry

Syntax

start-entry entry-id count count

no start-entry

Context

[Tree] (config>li>li-filter-block-reservation>li-reserved-block start-entry)

Full Context

configure li li-filter-block-reservation li-reserved-block start-entry

Description

This command defines a block of reserved filter entries that are used to insert LI filter entries into a normal filter.

The no form of this command removes the entry ID and count from the configuration.

Parameters

entry-id

Specifies an entry identification to start a block of reserved filter entries.

Values

1 to 65536

count

Specifies the number of entries in the block.

Values

1 to 8192

Platforms

All

start-label

start-label

Syntax

start-label start-value end-label end-value

no start-label

Context

[Tree] (config>router>mpls-labels>reserved-label-block start-label)

Full Context

configure router mpls-labels reserved-label-block start-label

Description

This command configures start and end labels for a reserved label block. This command must be configured for a reserved label block to be created.

Default

start-label 0, end-label 0

Parameters

start-value

Specifies a starting value.

Values

18432 to 524287 within dynamic label range | 1048575 (FP4 or FP5 only)

end-value

Specifies an ending value.

Values

18432 to 524287 within dynamic label range | 1048575 (FP4 or FP5 only)

Platforms

All

startup-wait-time

startup-wait-time

Syntax

startup-wait-time [min minutes] [sec seconds] [hrs hours]

no startup-wait-time [min minutes] [sec seconds]

Context

[Tree] (config>router>dhcp6>server>failover startup-wait-time)

[Tree] (config>router>dhcp>server>pool>failover startup-wait-time)

[Tree] (config>router>dhcp6>server>pool>failover startup-wait-time)

[Tree] (config>router>dhcp>server>failover startup-wait-time)

Full Context

configure router dhcp6 local-dhcp-server failover startup-wait-time

configure router dhcp server pool failover startup-wait-time

configure router dhcp6 server pool failover startup-wait-time

configure router dhcp local-dhcp-server failover startup-wait-time

Description

This command enables the startup wait time during which each peer waits after the initialization process before assuming the active role for the prefix designated as local or access-driven. This is to avoid transient issues during the initialization process.

The startup-wait-time should be configured to an interval in which, after boot, both nodes can set up an MCS TCP link and start MCS. The timer is restarted each time the server downloads a lease from the MCS database and stops when the last state record from the peer is synchronized. The next state is (PRE-)NORMAL, unless the timer times out or is forced to stop via the tools command (tools>perform>router>dhcp or dhcp6>local-dhcp-server server-name>pool/failover>abort-startup-wait), in which case the local DHCP server transitions immediately to the COMMUNICATIONS-INTERRUPTED state.

Default

startup-wait-time min 2

Parameters

minutes

Specifies the startup wait time, in minutes.

Values

1 to 59

seconds

Specifies the startup wait time, in seconds.

Values

1 to 59

hours

Specifies the startup wait time, in hours.

Values

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

stat-mode

stat-mode

Syntax

stat-mode stat-mode

no stat mode

Context

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>queue stat-mode)

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>queue stat-mode)

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer stat-mode)

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer stat-mode)

Full Context

configure subscriber-mgmt sla-profile ingress qos queue stat-mode

configure subscriber-mgmt sla-profile egress qos queue stat-mode

configure subscriber-mgmt sla-profile ingress qos policer stat-mode

configure subscriber-mgmt sla-profile egress qos policer stat-mode

Description

This command is used to configure the forwarding plane octet and packet counters of a policer or queue to count packets of a specific type or state. For example separate counters for IPv4/IPv6 or separate counters for offered high and low priority policed traffic.

For policers, this command overrides the policer stat-mode configuration as defined in the sap-ingress or sap-egress qos policy. For details on sap-ingress and sap-egress policer stat-mode, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide. For use in Enhanced Subscriber Management (ESM) context only, an additional stat-mode enables separate counters for IPv4 and IPv6 packets.

When a policer’s stat-mode is changed while the sla profile is in use, any previous counter values are lost and any new counters are set to zero.

For queues, this command sets the stat-mode. Queue stat-mode is only available for use in Enhanced Subscriber Management (ESM) context to enable separate IPv4/IPv6 counters.

A queue’s stat-mode cannot be changed while the SLA profile is in use.

The no form of this command reverts to the default.

Default

For policers, the default is no stat-mode override. The sap-ingress or sap-egress stat-mode is used instead.

For queues, the default is to count in-/out-of-profile octets and packets.

Parameters

stat-mode

Specifies the stat mode for the policer.

For ingress and egress qos queue stat-mode overrides.

For ingress and egress qos policer stat-mode overrides, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for details on the sap-ingress and sap-egress policer stat-mode parameters.

For use in Enhanced Subscriber Management (ESM) context only:

Values

no-stats, minimal, offered-profile-no-cir, offered-priority-no-cir, offered-profile-cir, offered-priority-cir, offered-total-cir, offered-limited-profile-cir, offered-profile-capped-cir, offered-limited-capped-cir, v4-v6 (count IPv4 and IPv6 forwarded/dropped octets and packets separately)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt sla-profile ingress qos queue stat-mode
  • configure subscriber-mgmt sla-profile egress qos queue stat-mode

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt sla-profile ingress qos policer stat-mode
  • configure subscriber-mgmt sla-profile egress qos policer stat-mode

stat-mode

Syntax

stat-mode stat-mode

no stat mode

Context

[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr stat-mode)

[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr stat-mode)

Full Context

configure card fp ingress network queue-group policer-override policer stat-mode

configure card fp ingress access queue-group policer-override policer stat-mode

Description

This command configures the forwarding plane counters that allow offered, output and discard accounting to occur for the policer. An ingress policer has multiple types of offered packets (explicit in-profile, explicit out-of-profile, high priority or low priority) and each of these offered types is interacting with the policer’s metering and profiling functions resulting in colored output packets (green, yellow and red). Due to the large number of policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported which prevents any packet accounting, the use of the policer’s parent command requires at the policer's stat-mode to be set at least to the minimal setting so that offered stats are available for the policer's Fair Information Rate (FIR) to be calculated. Once a policer has been made a child to a parent policer, the stat-mode cannot be changed to no-stats unless the policer parenting is first removed.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. You can view the total/allocated/free stats by using the tools dump resource-usage command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command attempts to return the policer’s stat-mode setting to minimal. The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

Parameters

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for details on the policer stat-mode parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode stat-mode

no stat-mode

Context

[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr stat-mode)

[Tree] (config>service>cpipe>sap>egress>policer-over>plcr stat-mode)

[Tree] (config>service>ipipe>sap>egress>policer-over>plcr stat-mode)

[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr stat-mode)

[Tree] (config>service>epipe>sap>ingress>policer-over>plcr stat-mode)

[Tree] (config>service>epipe>sap>egress>policer-over>plcr stat-mode)

Full Context

configure service ipipe sap ingress policer-override policer stat-mode

configure service cpipe sap egress policer-override policer stat-mode

configure service ipipe sap egress policer-override policer stat-mode

configure service cpipe sap ingress policer-override policer stat-mode

configure service epipe sap ingress policer-override policer stat-mode

configure service epipe sap egress policer-override policer stat-mode

Description

The SAP QoS policy’s policer stat-mode command is used to configure the forwarding plane counters that allow offered, output, and discard accounting to occur for the policer. A policer has multiple types of offered packets (for example, soft in-profile and out-of-profile from ingress and hard in-profile and out-of-profile due to egress profile overrides) and each of these offered types is interacting with the policers metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the potentially large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly re-profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and indicates how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported that prevents any packet accounting, the use of the policer’s parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered statistics are available for the policer’s Fair Information Rate (FIR) to be calculated.

Each time the policer’s stat mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. The total/allocated/free statistics can be viewed by using the tools dump resource-usage card slot-num fp fp-number command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The stat-mode setting defined for the policer in the QoS policy may be overridden on a SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The current active stat mode setting will continue to be used by the policer.

The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

The no form of this command attempts to return the policer’s stat-mode setting to minimal.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for detailed information about the supported parameters for the policer stat-mode command.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service epipe sap ingress policer-override policer stat-mode
  • configure service ipipe sap ingress policer-override policer stat-mode
  • configure service epipe sap egress policer-override policer stat-mode
  • configure service ipipe sap egress policer-override policer stat-mode

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress policer-override policer stat-mode
  • configure service cpipe sap egress policer-override policer stat-mode

stat-mode

Syntax

stat-mode stat-mode

no stat-mode

Context

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr stat-mode)

[Tree] (config>service>vpls>sap>egress>policer-override>plcr stat-mode)

Full Context

configure service vpls sap ingress policer-override policer stat-mode

configure service vpls sap egress policer-override policer stat-mode

Description

The SAP-egress QoS policy’s policer stat-mode command is used to configure the forwarding plane counters that allow offered, output and discard accounting to occur for the policer. A policer has multiple types of offered packets (for example, soft in-profile and out-of-profile from ingress and hard in-profile and out-of-profile due to egress profile overrides) and each of these offered types is interacting with the policers metering and profiling functions resulting in colored output packets (green, yellow and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly re-profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported which prevents any packet accounting, the use of the policer’s parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. You can view the total/allocated/free stats by using the tools dump resource-usage card slot-num fp fp-number command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on a SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of the command returns the policer’s stat-mode setting to minimal.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for detailed information about the policer stat-mode command parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode stat-mode

no stat-mode

Context

[Tree] (config>service>ies>if>sap>ingress>policer-override>plcr stat-mode)

[Tree] (config>service>ies>if>sap>egress>policer-override>plcr stat-mode)

Full Context

configure service ies interface sap ingress policer-override policer stat-mode

configure service ies interface sap egress policer-override policer stat-mode

Description

The SAP-egress QoS policy’s policer stat-mode command is used to configure the forwarding plane counters that allow offered, output and discard accounting to occur for the policer. A policer has multiple types of offered packets (for example, soft in-profile and out-of-profile from ingress and hard in-profile and out-of-profile due to egress profile overrides) and each of these offered types is interacting with the policers metering and profiling functions resulting in colored output packets (green, yellow and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly re-profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported which prevents any packet accounting, the use of the policer’s parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. You can view the total/allocated/free stats by using the tools dump resource-usage card slot-num fp fp-number command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on a SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command returns the policer’s stat-mode setting to minimal.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for detailed information about the policer stat-mode command parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode stat-mode

no stat-mode

Context

[Tree] (config>service>vprn>if>sap>ingress>policer-override>plcr stat-mode)

[Tree] (config>service>vprn>if>sap>egress>policer-override>plcr stat-mode)

Full Context

configure service vprn interface sap ingress policer-override policer stat-mode

configure service vprn interface sap egress policer-override policer stat-mode

Description

The SAP-egress QoS policy’s policer stat-mode command is used to configure the forwarding plane counters that allow offered, output and discard accounting to occur for the policer. A policer has multiple types of offered packets (for example, soft in-profile and out-of-profile from ingress and hard in-profile and out-of-profile due to egress profile overrides) and each of these offered types is interacting with the policers metering and profiling functions resulting in colored output packets (green, yellow and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly re-profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported which prevents any packet accounting, the use of the policer’s parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. You can view the total/allocated/free stats by using the tools dump resource-usage card slot-num fp fp-number command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on a SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command returns the policer’s stat-mode setting to minimal.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for detailed information about the policer stat-mode command parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode {no-stats | minimal | offered-profile-no-cir | offered-priority-no-cir | offered-profile-cir | offered-priority-cir | offered-total-cir | offered-limited-profile-cir | offered-profile-capped-cir | offered-limited-capped-cir}

no stat mode

Context

[Tree] (config>qos>sap-ingress>policer stat-mode)

[Tree] (config>qos>sap-ingress>dyn-policer stat-mode)

Full Context

configure qos sap-ingress policer stat-mode

configure qos sap-ingress dynamic-policer stat-mode

Description

This command is used to configure the forwarding plane counters that allow offered, forwarded, and dropped accounting to occur for the policer. An ingress policer has multiple types of offered packets (explicit in-profile, explicit out-of-profile, uncolored, high-priority, or low priority) and each of these offered types is interacting with the policer’s metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the large number of policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers, for example, will not be configured with a CIR profiling rate and not all policers will receive explicitly profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported that prevents any packet accounting, the use of the policer’s parent command requires that the policer's stat-mode be set at least to the minimal setting so that offered stats are available for the policer's Fair Information Rate (FIR) to be calculated. When a policer has been made a child to a parent policer, the stat-mode cannot be changed to no-stats unless the policer parenting is first removed.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. The total/allocated/free stats can be viewed by using the tools dump resource-usage card fp command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The ingress policer stat-modes are described in Ingress Policer Stat Mode Summary .

Table 10. Ingress Policer Stat Mode Summary

Stat Mode

Stat Resources

Traffic Counters (Packet/Octets)

Comments

Offered

Dropped/Forwarded

no-stats

0

Minimal

1

Single counter entering policer

Single counter for dropped/forwarded exiting policer

offered-profile-no-cir

2

In/out entering policer

In/out entering policer

Intended for when the policer does not change the profile of packets. Includes only in-profile and out-of-profile.

offered-priority-no-cir

2

High/low entering policer

High/low entering policer

Intended for when only packet priority stats are required.

offered-profile-cir

4

In/out/uncolored entering policer

In/out exiting policer

Intended for when the policer can change the profile of packets to in-profile and out-of-profile.

offered-priority-cir

4

High/low entering policer

In/out exiting policer

Intended for when packet priority entering the policer and profile exiting the policer is required.

offered-total-cir

2

Single counter entering policer

In/out exiting policer

offered-limited-profile-cir

3

Out/uncolored entering policer

In/out exiting policer

Intended for when the policer can change the profile of packet to in-profile and out-of-profile. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

offered-profile-capped-cir

5

In/out/uncolored entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured.

offered-limited-capped-cir

4

In/uncolored entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command attempts to return the policer’s stat-mode setting to minimal. The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

Parameters

no-stats

Counter resource allocation: 0

The policer does not have any forwarding plane counters allocated and cannot provide offered, dropped, and forwarded statistics. A policer using no-stats cannot be a child to a parent policer and the policer’s parent command will fail.

When collect-stats is enabled, no statistics are generated.

minimal

Counter resource allocation: 1

This stat-mode provides the minimal accounting resource usage and counter information, and includes the total offered, dropped and forwarded packet and octet counters for traffic entering (offered) and exiting (dropped/forwarded) the policer.

The default stat-mode for a policer is minimal. The minimal mode allocates 1 forwarding plane offered counter and one traffic manager discard counter. The forwarding counter is derived by subtracting the discard counter from the offered counter. The counters do not differentiate possible offered types (profile or priority) and do not count in-profile or out-of-profile output. This does not prevent the policer from supporting different offered packet types and does not prevent the policer from supporting a CIR rate.

This counter mode is useful when only the most basic accounting information is required.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in minimal stat-mode .

Table 11. Ingress Accounting Statistics Collected in minimal stat-mode

Show Output

Accounting Statistics Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. All

apd

AllPacketsDropped

aod

AllOctetsDropped

For. All

apf

AllPacketsForwarded

aof

AllOctetsForwarded

offered-profile-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering the policer.

The offered-profile-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-profile-no-cir mode is most useful when the policer is receiving only in-profile and out-of-profile premarked (and trusted) packets. It is expected that, in this instance, a CIR rate will not be defined since all packets are already premarked. This mode does not prevent the policer from receiving untrusted (color undefined) traffic nor does it prevent the policer from being configured with a CIR rate.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-profile-no-cir stat-mode .

Table 12. Ingress Accounting Statistics Collected in offered-profile-no-cir stat-mode

Show Output

Accounting Statistics Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-priority-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the packet priority of traffic entering the policer.

The offered-priority-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-priority-no-cir mode is most useful when the policer is receiving only untrusted packets and the ingress priority high and priority low classification options are being used without a CIR profiling rate defined. This mode does not prevent the policer from receiving trusted packets that are premarked in-profile or out-of-profile nor does it prevent the policer from being configured with a CIR rate.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-priority-no-cir stat-mode .

Table 13. Ingress Accounting Statistics Collected in offered-priority-no-cir stat-mode

Show Output

Accounting Statistics Collected

Field

Field Description

Off. HiPrio

hpo

HighPriorityPacketsOffered

hoo

HighPriorityOctetsOffered

Off. LowPrio

lpo

LowPriorityPacketsOffered

loo

LowPriorityOctetsOffered

Dro. HiPrio

hpd

HighPriorityPacketsDropped

hod

HighPriorityOctetsDropped

Dro. LowPrio

lpd

LowPriorityPacketsDropped

lod

LowPriorityOctetsDropped

For. HiPrio

hpf

HighPriorityPacketsForwarded

hof

HighPriorityOctetsForwarded

For. LowPrio

lpf

LowPriorityPacketsForwarded

lof

LowPriorityOctetsForwarded

offered-profile-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed so that the traffic entering the policer comprises hard in/out and uncolored traffic. The offered counters cover traffic explicitly profiled to in-profile, traffic explicitly profiled to out-of-profile, and traffic that has not been explicitly profiled at ingress (uncolored).

The offered-profile-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-profile-cir mode is most useful when the policer is receiving trusted out-of-profile and in-profile traffic and is also receiving untrusted packets that are being applied to a defined CIR profiling rate. This mode differs from offered-limited-profile-cir mode in that it expects both trusted in-profile and out-of-profile packets while still performing CIR profiling on packets with untrusted markings. If trusted in-profile packets are not being received, the offered-limited-profile-cir stat-mode could be used instead, which has the benefit of using a reduced number of stat resources.

This mode is intended to be used without profile-capped configured within the policer as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-profile-cir stat-mode .

Table 14. Ingress Accounting Statistics Collected in offered-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-priority-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the priority of traffic entering the policer and the profile exiting the policer.

The offered-priority-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-priority-cir mode is most useful when the policer is receiving only untrusted packets that are being classified as high priority or low priority and are being applied to a defined CIR profiling rate. This mode differs from offered-profile-cir mode in that it does not expect trusted in-profile and out-of-profile packets but does not exclude the ability of the policer to receive them.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-priority-cir stat-mode .

Table 15. Ingress Accounting Statistics Collected in offered-priority-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. HiPrio

hpo

HighPriorityPacketsOffered

hoo

HighPriorityOctetsOffered

Off. LowPrio

lpo

LowPriorityPacketsOffered

loo

LowPriorityOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter.

The offered-total-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-total-cir mode is most useful when the policer is not receiving trusted in-profile or out-of-profile traffic and both high- and low-priority classifications are not being used on the untrusted packets and the offered packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile or out-of-profile packets and does not prevent the use of priority high or low classifications on the untrusted packets.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-total-cir stat-mode .

Table 16. Ingress Accounting Statistics Collected in offered-total-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-profile-cir

Counter resource allocation: 3

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed so that the traffic entering the policer comprises of hard out and uncolored. The offered counters cover traffic explicitly profiled to out-of-profile and traffic that has not been explicitly profiled at ingress (Uncolor). The traffic explicitly profiled to in-profile is counted with the uncolored traffic.

The offered-limited-profile-cir mode allocates three forwarding plane offered counters and three traffic manager discard counters.

The offered-limited-profile-cir mode is most useful when the policer is receiving trusted out-of-profile (profile out but no profile in) traffic and untrusted packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile packets. If trusted in-profile packets are not being received, the offered-limited-profile-cir is preferred over offered-profile-cir because it uses a reduced number of stat resources.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-limited-profile-cir stat-mode .

Table 17. Ingress Accounting Statistics Collected in offered-limited-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-cir

Counter resource allocation: 4

offered-profile-capped-cir

Counter resource allocation: 5

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed so that the traffic entering the policer comprises of hard in/out and uncolored. The offered counters cover traffic explicitly profiled to in-profile, traffic explicitly profiled to out-of-profile, and traffic that has not been explicitly profiled at ingress (Uncolor).

When offered-profile-capped-cir is defined, the system creates five offered-output counters in the forwarding plane and five discard counters in the traffic manager.

The offered-profile-capped-cir mode is similar to the offered-profile-cir mode except that it includes support for profile in and soft-in-profile that may be output as out-of-profile due to enabling profile-capped mode on the ingress policer.

The impact of using offered-profile-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-profile-capped-cir stat-mode .

Table 18. Ingress Accounting Statistics Collected in offered-profile-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-capped-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed resulting in the traffic entering the policer comprising of hard in/out and uncolored. The offered counters cover in-profile traffic and traffic that has not been explicitly profiled at ingress (Uncolor). The traffic explicitly profiled to out-of-profile is counted with the uncolored traffic.

When offered-limited-capped-cir is defined, the system creates four forwarding plane offered-output counters in the network processor and four discard counters in the traffic manager.

The offered-limited-capped-cir mode is similar to the offered-profile-capped-cir mode except that it combines soft in-profile with profile in (InProf) and profile out (OutProf) with soft-out-of-profile (Uncolor) and eliminates the "offered undefined” statistic. If trusted out-of-profile packets are not being received, the offered-limited-capped-cir is preferred over offered-profile-capped-cir because it uses a reduced number of stat resources.

This mode is intended to be used with profile-capped configured within the policer.

The impact of using offered-limited-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-limited-capped-cir stat-mode .

Table 19. Ingress Accounting Statistics Collected in offered-limited-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos sap-ingress policer stat-mode

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure qos sap-ingress dynamic-policer stat-mode

stat-mode

Syntax

stat-mode {no-stats | minimal | offered-profile-no-cir | offered-profile-cir | offered-total-cir | offered-limited-capped-cir | offered-profile-capped-cir}

no stat mode

Context

[Tree] (config>qos>sap-egress>dyn-policer stat-mode)

Full Context

configure qos sap-egress dynamic-policer stat-mode

Description

The sap-egress QoS policy's policer stat-mode command is used to configure the forwarding plane counters that allow offered, forwarded, and dropped accounting to occur for the policer. An egress policer has multiple types of offered packets (soft in-profile and out-of-profile from ingress and hard in-profile, out-of-profile, and exceed-profile due to egress profile overrides) and each of these offered types is interacting with the policer’s metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers, for example, will not be configured with a CIR profiling rate and not all policers will receive explicitly reprofiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported that prevents any packet accounting, the use of the policer's parent command requires that the policer’s stat-mode be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated. When a policer has been made a child to a parent policer, the stat-mode cannot be changed to no-stats unless the policer parenting is first removed.

Each time the policer's stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane's policer counter resources. The total, allocated, and free statistics can be viewed by using the tools dump resource-usage card fp command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The egress policer stat-modes are described in Egress Policer Stat-mode Summary.

Table 20. Egress Policer Stat-mode Summary

Stat Mode

Stat Resources

Traffic Counters (Packet/Octets)

Comments

Offered

Dropped/Forwarded

no-stats

0

minimal

1

Single counter entering policer

Single counter for dropped/forwarded exiting policer

offered-profile-no-cir

2

In or out entering policer

In/out entering policer

Intended for when the policer does not change the profile of packets. Includes only in-profile and out-of-profile.

offered-profile-cir

4

In, out, or uncolored (which corresponds to hard in-profile, hard out-of-profile, or soft in- or out-of-profile) entering policer

In/out exiting policer

Intended for when the policer can change the profile of packets to in-profile and out-of-profile.

offered-total-cir

2

Single counter entering policer

In/out exiting policer

offered-limited-capped-cir

4

In or out entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

offered-profile-capped-cir

5

In, out, or uncolored (which corresponds to hard in-profile, hard out-of-profile, or soft in- or out-of-profile) entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured

When a policer is created within the policy, the default setting for stat-mode is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command attempts to return the policer’s stat-mode setting to minimal. The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

Parameters

no-stats

Counter resource allocation: 0

The policer does not have any forwarding plane counters allocated and cannot provide offered, discard, and forward statistics. A policer using no-stats cannot be a child to a parent policer and the policer’s parent command will fail.

When collect-stats is enabled, no statistics are generated.

minimal

Counter resource allocation: 1

This stat-mode provides the minimal accounting resource usage and counter information, and includes only the total offered, dropped and forwarded packet and octet counters for traffic entering (offered) and exiting (dropped/forwarded) the policer.

The default stat-mode for a policer is minimal. The minimal mode allocates 1 forwarding plane offered counter and one traffic manager discard counter. The forwarding counter is derived by subtracting the discard counter from the offered counter. The counters do not differentiate possible offered types and do not count different profile output. This does not prevent the policer from supporting different offered packet types and does not prevent the policer from supporting a CIR rate or using exceed PIR.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in minimal stat-mode .

Table 21. Egress Accounting Statistics Collected in minimal stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. All

apd

AllPacketsDropped

aod

AllOctetsDropped

For. All

apf

AllPacketsForwarded

aof

AllOctetsForwarded

offered-profile-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering the policer. inplus-profile traffic is counted with the in-profile counters and exceed-profile traffic is counted with the out-of-profile counters.

The offered-profile-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-profile-no-cir mode is most useful when profile-based offered, dropped, and forwarded stats are required from the egress policer, but a CIR or enable-exceed-pir is not being used to recolor the soft in-profile and out-of-profile packets. This mode does not prevent the policer from being configured with a CIR rate or using enable-exceed-pir.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-profile-no-cir stat-mode .

Table 22. Egress Accounting Statistics Collected in offered-profile-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is made up of traffic that is inplus-profile, in-profile, out-of-profile, exceed-profile, soft in-profile, and soft out-of-profile. The offered counters cover traffic reclassified to in-profile (which includes traffic reclassified to inplus-profile), traffic reclassified to out-of-profile (which includes traffic reclassified to exceed-profile) and traffic which has not been reclassified at egress (Uncolor). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

The offered-profile-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-profile-cir mode is most useful when profile-based offered, dropped and forwarded stats are required from the egress policer and a CIR rate is being used to recolor the soft in-profile and out-of-profile packets.

This mode is intended to be used without profile-capped or enable-exceed-pir configured within the policer as these could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-profile-cir stat-mode .

Table 23. Egress Accounting Statistics Collected in offered-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

The offered-total-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-total-cir mode is most useful when the policer is not receiving trusted in-profile or out-of-profile traffic, and both high- and low- priority classifications are not being used on the untrusted packets, and the offered packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile or out-of-profile packets and does not prevent the use of priority high or low classifications on the untrusted packets.

This mode is intended to be used without profile-capped or enable-exceed-pir configured within the policer as these could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-total-cir stat-mode .

Table 24. Egress Accounting Statistics Collected in offered-total-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-capped-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is made up of traffic that is inplus-profile, in-profile, out-of-profile, exceed-profile, soft in-profile, and soft out-of-profile. The offered counters cover in-profile traffic (which includes traffic reclassified to inplus-profile) and out-of-profile traffic (which includes traffic reclassified to exceed-profile). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

offered-limited-capped-cir is defined, the system creates four forwarding plane offered-output counters in the network processor and three discard counters in the traffic manager.

The offered-limited-capped-cir mode is similar to the offered-profile-capped-cir mode except that it combines soft in-profile with profile in and soft-out-of-profile with profile out and eliminates the offered-undefined statistic.

The impact of using offered-limited-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used and soft-in-profile will be treated as offered-in instead of offered-undefined.

This mode is intended to be used with profile-capped configured within the policer but without enable-exceed-pir configured as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-limited-capped-cir stat-mode .

Table 25. Egress Accounting Statistics Collected in offered-limited-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-capped-cir

Counter resource allocation: 5

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is made up of traffic that is inplus-profile, in-profile, out-of-profile, exceed-profile, soft in-profile, and soft out-of-profile. The offered counters cover traffic reclassified to in-profile (which includes traffic reclassified to inplus-profile), traffic reclassified to out-of-profile (which includes traffic reclassified to exceed-profile) and traffic that has not been reclassified at egress (uncolored). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

When offered-profile-capped-cir is defined, the system creates five offered-output counters in the forwarding plane and five discard counters in the traffic manager.

The offered-profile-capped-cir mode is similar to the offered-profile-cir mode except that it includes support for profile inplus, profile in and soft-in-profile that may be output as out-of-profile due to enabling profile-capped mode on the ingress policer.

The impact of using offered-profile-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used and soft-in-profile will be treated as offered-in (hard in-profile) instead of offered-undefined (uncolored).

This mode is intended to be used with profile-capped configured within the policer but without enable-exceed-pir configured as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-profile-capped-cir stat-mode .

Table 26. Egress Accounting Statistics Collected in offered-profile-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

stat-mode

Syntax

stat-mode {no-stats | minimal | offered-profile-no-cir | offered-profile-cir | offered-total-cir | offered-limited-capped-cir | offered-profile-capped-cir | offered-total-cir-exceed | offered-four-profile-no-cir | offered-total-cir-four-profile}

no stat mode

Context

[Tree] (config>qos>sap-egress>policer stat-mode)

Full Context

configure qos sap-egress policer stat-mode

Description

The sap-egress QoS policy's policer stat-mode command is used to configure the forwarding plane counters that allow offered, forwarded, and dropped accounting to occur for the policer. An egress policer has multiple types of offered packets (soft in-profile and out-of-profile from ingress and hard in-profile, out-of-profile, and exceed-profile due to egress profile overrides) and each of these offered types is interacting with the policer’s metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers, for example, will not be configured with a CIR profiling rate and not all policers will receive explicitly reprofiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported that prevents any packet accounting, the use of the policer's parent command requires that the policer’s stat-mode be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated. When a policer has been made a child to a parent policer, the stat-mode cannot be changed to no-stats unless the policer parenting is first removed.

Each time the policer's stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane's policer counter resources. The total, allocated, and free statistics can be viewed by using the tools dump resource-usage card fp command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The egress policer stat-modes are described in Egress Policer Stat-mode Summary.

Table 27. Egress Policer Stat-mode Summary

Stat Mode

Stat Resources

Traffic Counters (Packet/Octets)

Comments

Offered

Dropped/Forwarded

no-stats

0

minimal

1

Single counter entering policer

Single counter for dropped/forwarded exiting policer

offered-profile-no-cir

2

In or out entering policer

In/out entering policer

Intended for when the policer does not change the profile of packets. Includes only in-profile and out-of-profile.

offered-profile-cir

4

In, out, or uncolored (which corresponds to hard in-profile, hard out-of-profile, or soft in- or out-of-profile) entering policer

In/out exiting policer

Intended for when the policer can change the profile of packets to in-profile and out-of-profile.

offered-total-cir

2

Single counter entering policer

In/out exiting policer

offered-limited-capped-cir

4

In or out entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

offered-profile-capped-cir

5

In, out, or uncolored (which corresponds to hard in-profile, hard out-of-profile, or soft in- or out-of-profile) entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured

offered-total-cir-exceed

3

Single counter entering policer

In/out/exceed exiting policer

Intended for when the policer is configured with enable-exceed-pir to forward packets that exceed its configured PIR or when traffic is reclassified at egress to exceed-profile

offered-four-profile-no-cir

4

Inplus, in, out, or exceed entering policer

Inplus/in/out/exceed entering policer

Intended to be used when the policer does not change the profile of the packets and traffic is reclassified at egress to inplus and/or exceed-profile

offered-total-cir-four-profile

4

Single counter entering policer

Inplus, in, out, or exceed exiting policer

Intended to be used when the policer can change the profile of the packet and traffic is reclassified at egress to profile inplus

When a policer is created within the policy, the default setting for stat-mode is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command attempts to return the policer’s stat-mode setting to minimal. The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

Parameters

no-stats

Counter resource allocation: 0

The policer does not have any forwarding plane counters allocated and cannot provide offered, discard, and forward statistics. A policer using no-stats cannot be a child to a parent policer and the policer’s parent command will fail.

When collect-stats is enabled, no statistics are generated.

minimal

Counter resource allocation: 1

This stat-mode provides the minimal accounting resource usage and counter information, and includes only the total offered, dropped and forwarded packet and octet counters for traffic entering (offered) and exiting (dropped/forwarded) the policer.

The default stat-mode for a policer is minimal. The minimal mode allocates 1 forwarding plane offered counter and one traffic manager discard counter. The forwarding counter is derived by subtracting the discard counter from the offered counter. The counters do not differentiate possible offered types and do not count different profile output. This does not prevent the policer from supporting different offered packet types and does not prevent the policer from supporting a CIR rate or using exceed PIR.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in minimal stat-mode .

Table 28. Egress Accounting Statistics Collected in minimal stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. All

apd

AllPacketsDropped

aod

AllOctetsDropped

For. All

apf

AllPacketsForwarded

aof

AllOctetsForwarded

offered-profile-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering the policer. inplus-profile traffic is counted with the in-profile counters and exceed-profile traffic is counted with the out-of-profile counters.

The offered-profile-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-profile-no-cir mode is most useful when profile-based offered, dropped, and forwarded stats are required from the egress policer, but a CIR or enable-exceed-pir is not being used to recolor the soft in-profile and out-of-profile packets. This mode does not prevent the policer from being configured with a CIR rate or using enable-exceed-pir.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-profile-no-cir stat-mode .

Table 29. Egress Accounting Statistics Collected in offered-profile-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is made up of traffic that is inplus-profile, in-profile, out-of-profile, exceed-profile, soft in-profile, and soft out-of-profile. The offered counters cover traffic reclassified to in-profile (which includes traffic reclassified to inplus-profile), traffic reclassified to out-of-profile (which includes traffic reclassified to exceed-profile) and traffic which has not been reclassified at egress (Uncolor). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

The offered-profile-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-profile-cir mode is most useful when profile-based offered, dropped and forwarded stats are required from the egress policer and a CIR rate is being used to recolor the soft in-profile and out-of-profile packets.

This mode is intended to be used without profile-capped or enable-exceed-pir configured within the policer as these could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-profile-cir stat-mode .

Table 30. Egress Accounting Statistics Collected in offered-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

The offered-total-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-total-cir mode is most useful when the policer is not receiving trusted in-profile or out-of-profile traffic, and both high- and low- priority classifications are not being used on the untrusted packets, and the offered packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile or out-of-profile packets and does not prevent the use of priority high or low classifications on the untrusted packets.

This mode is intended to be used without profile-capped or enable-exceed-pir configured within the policer as these could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-total-cir stat-mode .

Table 31. Egress Accounting Statistics Collected in offered-total-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-capped-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is made up of traffic that is inplus-profile, in-profile, out-of-profile, exceed-profile, soft in-profile, and soft out-of-profile. The offered counters cover in-profile traffic (which includes traffic reclassified to inplus-profile) and out-of-profile traffic (which includes traffic reclassified to exceed-profile). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

offered-limited-capped-cir is defined, the system creates four forwarding plane offered-output counters in the network processor and three discard counters in the traffic manager.

The offered-limited-capped-cir mode is similar to the offered-profile-capped-cir mode except that it combines soft in-profile with profile in and soft-out-of-profile with profile out and eliminates the offered-undefined statistic.

The impact of using offered-limited-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used and soft-in-profile will be treated as offered-in instead of offered-undefined.

This mode is intended to be used with profile-capped configured within the policer but without enable-exceed-pir configured as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-limited-capped-cir stat-mode .

Table 32. Egress Accounting Statistics Collected in offered-limited-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-capped-cir

Counter resource allocation: 5

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is made up of traffic that is inplus-profile, in-profile, out-of-profile, exceed-profile, soft in-profile, and soft out-of-profile. The offered counters cover traffic reclassified to in-profile (which includes traffic reclassified to inplus-profile), traffic reclassified to out-of-profile (which includes traffic reclassified to exceed-profile) and traffic that has not been reclassified at egress (uncolored). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

When offered-profile-capped-cir is defined, the system creates five offered-output counters in the forwarding plane and five discard counters in the traffic manager.

The offered-profile-capped-cir mode is similar to the offered-profile-cir mode except that it includes support for profile inplus, profile in and soft-in-profile that may be output as out-of-profile due to enabling profile-capped mode on the ingress policer.

The impact of using offered-profile-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used and soft-in-profile will be treated as offered-in (hard in-profile) instead of offered-undefined (uncolored).

This mode is intended to be used with profile-capped configured within the policer but without enable-exceed-pir configured as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-profile-capped-cir stat-mode .

Table 33. Egress Accounting Statistics Collected in offered-profile-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir-exceed

Counter resource allocation: 3

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter. The offered-total-cir-exceed mode allocates three forwarding plane offered counters and three traffic manager discard counters.

The offered-total-cir-exceed mode is similar to the offered-total-cir mode except that it includes support for forwarded and dropped counters for profile exceed.

This mode is intended to be used when the policer is configured with enable-exceed-pir to forward packets that exceed its configured PIR or when traffic is egress reclassified to profile exceed. The mode gives the forwarded and dropped counters per profile (in, out, exceed). It is also intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer. This stat-mode is not supported for dynamic policers.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-total-cir-exceed stat-mode .

Table 34. Egress Accounting Statistics Collected in offered-total-cir-exceed stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

Dro. ExcProf

xpd

ExceedProfilePktsDropped

xod

ExceedProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

For. ExcProf

xpf

ExceedProfilePktsForwarded

xof

ExceedProfileOctetsForwarded

offered-four-profile-no-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering the policer. Offered, dropped, and forwarded counters are provided for inplus, in, out and exceed-profile traffic.

The offered-four-profile-no-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-four-profile-no-cir mode is similar to the offered-profile-no-cir mode except that it includes support for offered, dropped, and forwarded counters for both inplus-profile and exceed-profile.

This mode is intended to be used when traffic is egress reclassified to inplus and/or exceed-profile. It is also intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer. This stat-mode is not supported for dynamic policers.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-four-profile-no-cir stat-mode .

Table 35. Egress Accounting Statistics Collected in offered-four-profile-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. ExcProf

xpo

ExceedProfilePacketsOffered

xoo

ExceedProfileOctetsOffered

Off. InplusProf

ppo

InplusProfilePacketsOffered

poo

InplusProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

Dro. ExcProf

xpd

ExceedProfilePktsDropped

xod

ExceedProfileOctetsDropped

Dro. InprofProf

ppd

InplusProfilePktsDropped

pod

InplusProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

For. ExcProf

xpf

ExceedProfilePktsForwarded

xof

ExceedProfileOctetsForwarded

For. InplusProf

ppf

InplusProfilePktsForwarded

pof

InplusProfileOctetsForwarded

offered-total-cir-four-profile

Counter resource allocation: 4

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. There is a separate dropped and forwarded counter for inplus, in, out and exceed-profile traffic.

The offered-total-cir-four-profile mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-total-cir-four-profile mode is similar to the offered-total-cir except that it includes support for forwarded and dropped counters for both profile inplus and profile exceed.

This mode is intended to be used when traffic is reclassified at egress to inplus-profile. It is also intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer. This stat-mode is not supported for dynamic policers.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Egress Accounting Statistics Collected in offered-total-cir-four-profile stat-mode .

Table 36. Egress Accounting Statistics Collected in offered-total-cir-four-profile stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

Dro. ExcProf

xpd

ExceedProfilePktsDropped

xod

ExceedProfileOctetsDropped

Dro. InprofProf

ppd

InplusProfilePktsDropped

pod

InplusProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

For. ExcProf

xpf

ExceedProfilePktsForwarded

xof

ExceedProfileOctetsForwarded

For. InplusProf

ppf

InplusProfilePktsForwarded

pof

InplusProfileOctetsForwarded

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode {no-stats | minimal | offered-profile-no-cir | offered-priority-no-cir | offered-profile-cir | offered-priority-cir | offered-total-cir | offered-limited-profile-cir | offered-profile-capped-cir | offered-limited-capped-cir}

no stat mode

Context

[Tree] (config>qos>qgrps>ing>qgrp>policer stat-mode)

Full Context

configure qos queue-group-templates ingress queue-group policer stat-mode

Description

This command is used to configure the forwarding plane counters that allow offered, forwarded, and dropped accounting to occur for the policer. An ingress policer has multiple types of offered packets (explicit in-profile, explicit out-of-profile, uncolored, high-priority or low-priority) and each of these offered types is interacting with the policer’s metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the large number of policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers, for example, will not be configured with a CIR profiling rate and not all policers will receive explicitly profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported that prevents any packet accounting, the use of the policer’s parent command requires that the policer's stat-mode be set at least to the minimal setting so that offered stats are available for the policer's Fair Information Rate (FIR) to be calculated. When a policer has been made a child to a parent policer, the stat-mode cannot be changed to no-stats unless the policer parenting is first removed.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. The total/allocated/free stats can be viewed by using the tools dump resource-usage card fp command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The stat-modes are described in Stat Mode Descriptions.

Table 37. Stat Mode Descriptions

Stat Mode

Stat Resources

Traffic Counters (Packet/Octets)

Comments

Offered

Dropped/Forwarded

no-stats

0

None

None

Minimal

1

Single counter entering policer

Single counter for dropped/forwarded exiting policer

offered-profile-no-cir

2

In/out entering policer

In/out entering policer

Intended for when the policer does not change the profile of packets. Includes only in- and out-of-profile.

offered-priority-no-cir

2

High/low entering policer

High/low entering policer

Intended for when only packet priority stats are required.

offered-profile-cir

4

In/out/uncolored entering policer

In/out exiting policer

Intended for when the policer can change the profile of packets to in- and out-of-profile.

offered-priority-cir

4

High/low entering policer

In/out exiting policer

Intended for when packet priority entering the policer and profile exiting the policer is required.

offered-total-cir

2

Single counter entering policer

In/out exiting policer

offered-limited-profile-cir

3

Out/uncolored entering policer

In/out exiting policer

Intended for when the policer can change the profile of packet to in- and out-of-profile. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

offered-profile-capped-cir

5

In/out/uncolored entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured.

offered-limited-capped-cir

4

In/uncolored entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command attempts to return the policer’s stat-mode setting to minimal. The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

Parameters

no-stats

Counter resource allocation: 0

The policer does not have any forwarding plane counters allocated and cannot provide offered, dropped and forwarded statistics. A policer using no-stats cannot be a child to a parent policer and the policer’s parent command will fail.

When collect-stats is enabled, no statistics are generated.

minimal

Counter resource allocation: 1

This stat-mode provides the minimal accounting resource usage and counter information, and includes the total offered, dropped and forwarded packet and octet counters for traffic entering (offered) and exiting (dropped/forwarded) the policer.

The default stat-mode for a policer is minimal. The minimal mode allocates 1 forwarding plane offered counter and one traffic manager discard counter. The forwarding counter is derived by subtracting the discard counter from the offered counter. The counters do not differentiate possible offered types (profile or priority) and do not count in-profile or out-of-profile output. This does not prevent the policer from supporting different offered packet types and does not prevent the policer from supporting a CIR rate.

This counter mode is useful when only the most basic accounting information is required.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in minimal stat-mode .

Table 38. Ingress Accounting Statistics Collected in minimal stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. All

apd

AllPacketsDropped

aod

AllOctetsDropped

For. All

apf

AllPacketsForwarded

aof

AllOctetsForwarded

offered-profile-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering the policer.

The offered-profile-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-profile-no-cir mode is most useful when the policer is receiving only in-profile and out-of-profile premarked (and trusted) packets. It is expected that, in this instance, a CIR rate will not be defined since all packets are already premarked. This mode does not prevent the policer from receiving untrusted (color undefined) nor does it prevent the policer from being configured with a CIR rate.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-profile-no-cir stat-mode .

Table 39. Ingress Accounting Statistics Collected in offered-profile-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-priority-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the packet priority of traffic entering the policer.

The offered-priority-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-priority-no-cir mode is most useful when the policer is receiving only untrusted packets and the ingress priority high and priority low classification options are being used without a CIR profiling rate defined. This mode does not prevent the policer from receiving trusted packets that are premarked in-profile or out-of-profile nor does it prevent the policer from being configured with a CIR rate.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-priority-no-cir stat-mode .

Table 40. Ingress Accounting Statistics Collected in offered-priority-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. HiPrio

hpo

HighPriorityPacketsOffered

hoo

HighPriorityOctetsOffered

Off. LowPrio

lpo

LowPriorityPacketsOffered

loo

LowPriorityOctetsOffered

Dro. HiPrio

hpd

HighPriorityPacketsDropped

hod

HighPriorityOctetsDropped

Dro. LowPrio

lpd

LowPriorityPacketsDropped

lod

LowPriorityOctetsDropped

For. HiPrio

hpf

HighPriorityPacketsForwarded

hof

HighPriorityOctetsForwarded

For. LowPrio

lpf

LowPriorityPacketsForwarded

lof

LowPriorityOctetsForwarded

offered-profile-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed so that the traffic entering the policer comprises of hard in/out and uncolored. The offered counters cover traffic explicitly profiled to in-profile, traffic explicitly profiled to out-of-profile, and traffic that has not been explicitly profiled at ingress (uncolored).

The offered-profile-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-profile-cir mode is most useful when the policer is receiving trusted out-of-profile and in-profile traffic and is also receiving untrusted packets that are being applied to a defined CIR profiling rate. This mode differs from offered-limited-profile-cir mode in that it expects both trusted in-profile and out-of-profile packets while still performing CIR profiling on packets with untrusted markings. If trusted in-profile packets are not being received, the offered-limited-profile-cir stat-mode could be used instead, which has the benefit of using a reduced number of stat resources.

This mode is intended to be used without profile-capped configured within the policer as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-profile-cir stat-mode .

Table 41. Ingress Accounting Statistics Collected in offered-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-priority-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the priority of traffic entering the policer and the profile exiting the policer.

The offered-priority-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-priority-cir mode is most useful when the policer is receiving only untrusted packets that are being classified as high priority or low priority and are being applied to a defined CIR profiling rate. This mode differs from offered-profile-cir mode in that it does not expect trusted in-profile and out-of-profile packets but does not exclude the ability of the policer to receive them.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-priority-cir stat-mode .

Table 42. Ingress Accounting Statistics Collected in offered-priority-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. HiPrio

hpo

HighPriorityPacketsOffered

hoo

HighPriorityOctetsOffered

Off. LowPrio

lpo

LowPriorityPacketsOffered

loo

LowPriorityOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter.

The offered-total-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-total-cir mode is most useful when the policer is not receiving trusted in-profile or out-of-profile traffic and both high- and low-priority classifications are not being used on the untrusted packets and the offered packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile or out-of-profile packets and does not prevent the use of priority high or low classifications on the untrusted packets.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics collected in offered-total-cir stat-mode .

Table 43. Ingress Accounting Statistics collected in offered-total-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-profile-cir

Counter resource allocation: 3

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed so that the traffic entering the policer comprises of hard out and uncolored. The offered counters cover traffic explicitly profiled to out-of-profile and traffic that has not been explicitly profiled at ingress (uncolored). The traffic explicitly profiled to in-profile is counted with the uncolored traffic.

The offered-limited-profile-cir mode allocates three forwarding plane offered counters and three traffic manager discard counters.

The offered-limited-profile-cir mode is most useful when the policer is receiving trusted out-of-profile (profile out but no profile in) traffic and untrusted packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile packets. If trusted in-profile packets are not being received, the offered-limited-profile-cir is preferred over offered-profile-cir because it uses a reduced number of stat resources.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-limited-profile-cir stat-mode .

Table 44. Ingress Accounting Statistics Collected in offered-limited-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-capped-cir

Counter resource allocation: 5

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed so that the traffic entering the policer comprises of hard in/out and uncolored. The offered counters cover traffic explicitly profiled to in-profile, traffic explicitly profiled to out-of-profile, and traffic that has not been explicitly profiled at ingress (uncolored).

When offered-profile-capped-cir is defined, the system creates five offered-output counters in the forwarding plane and five discard counters in the traffic manager.

The offered-profile-capped-cir mode is similar to the offered-profile-cir mode except that it includes support for profile in and soft-in-profile that may be output as 'out-of-profile’ due to enabling profile-capped mode on the ingress policer.

The impact of using offered-profile-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-profile-capped-cir stat-mode .

Table 45. Ingress Accounting Statistics Collected in offered-profile-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-capped-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when ingress reclassification is performed resulting in the traffic entering the policer comprising of hard in/out and uncolored. The offered counters cover in-profile traffic and traffic that has not been explicitly profiled at ingress (uncolored). The traffic explicitly profiled to out-of-profile is counted with the uncolored traffic.

offered-limited-capped-cir is defined, the system creates four forwarding plane offered-output counters in the network processor and four discard counters in the traffic manager.

The offered-limited-capped-cir mode is similar to the offered-profile-capped-cir mode except that it combines soft in-profile with profile in (InProf) and profile out (OutProf) with soft-out-of-profile (Uncolor) and eliminates the 'offered undefined' statistic. If trusted out-of-profile packets are not being received, the offered-limited-capped-cir is preferred over offered-profile-capped-cir because it uses a reduced number of stat resources.

This mode is intended to be used with profile-capped configured within the policer.

The impact of using offered-limited-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used.

The counters displayed in the show output and those collected when collect-stats is enabled (the actual fields collected depends on the record configured in the applied accounting policy) are described in Ingress Accounting Statistics Collected in offered-limited-capped-cir stat-mode .

Table 46. Ingress Accounting Statistics Collected in offered-limited-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode {no-stats | minimal | offered-profile-no-cir | offered-profile-cir | offered-total-cir | offered-limited-capped-cir | offered-profile-capped-cir | offered-total-cir-exceed | offered-four-profile-no-cir | offered-total-cir-four-profile}

no stat mode

Context

[Tree] (cfg>qos>qgrps>egr>qgrp>policer stat-mode)

Full Context

configure qos queue-group-templates egress queue-group policer stat-mode

Description

The sap-egress QoS policy's policer stat-mode command is used to configure the forwarding plane counters that allow offered, forwarded, and dropped accounting to occur for the policer. An egress policer has multiple types of offered packets (soft in-profile and out-of-profile from ingress and hard in-profile, out-of-profile, and exceed-profile due to egress profile overrides) and each of these offered types is interacting with the policer’s metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers, for example, will not be configured with a CIR profiling rate and not all policers will receive explicitly reprofiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported that prevents any packet accounting, the use of the policer's parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated. When a policer has been made a child to a parent policer, the stat-mode cannot be changed to no-stats unless the policer parenting is first removed.

Each time the policer's stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane's policer counter resources. The total/allocated/free stats can be viewed by using the tools dump resource-usage card fp command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The ingress policer stat-modes are described in Egress Policer Stat Mode Summary.

Table 47. Egress Policer Stat Mode Summary

Stat Mode

Stat Resources

Traffic Counters (Packet/Octets)

Comments

Offered

Dropped/Forwarded

no-stats

0

None

None

Minimal

1

Single counter entering policer

Single counter for dropped/forwarded exiting policer

offered-profile-no-cir

2

In/out entering policer

In/out entering policer

Intended for when the policer does not change the profile of packets. Includes only in- and out-of-profile.

offered-profile-cir

4

In/out/uncolored (that corresponds to in- or out-of-profile from the ingress processing) entering policer

In/out exiting policer

Intended for when the policer can change the profile of packets to in- and out-of-profile.

offered-total-cir

2

Single counter entering policer

In/out exiting policer

offered-limited-capped-cir

4

In/out entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured. The information is limited compared to offered-profile-capped-cir with the benefit of using one less stat resource.

offered-profile-capped-cir

5

In/out/uncolored (that corresponds to in- or out-of-profile from the ingress processing) entering policer

In/out exiting policer

Intended for when the policer has profile-capped configured.

offered-total-cir-exceed

3

Single counter entering policer

In/out/exceed exiting policer

Intended for when the policer is configured with enable-exceed-pir to forward packets that exceed its configured PIR or when traffic is egress reclassified to profile exceed.

offered-four-profile-no-cir

4

Inplus/in/out/exceed entering policer

Inplus/in/out/exceed entering policer

Intended to be used when the policer does not change the profile of the packets and traffic is egress reclassified to profile inplus and/or exceed.

offered-total-cir-four-profile

4

Single counter entering policer

Inplus/in/out/exceed exiting policer

Intended to be used when the policer can change the profile of the packet and traffic is egress reclassified to profile inplus.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command attempts to return the policer’s stat-mode setting to minimal. The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.

Parameters

no-stats

Counter resource allocation: 0

The policer does not have any forwarding plane counters allocated and cannot provide offered, discard, and forward statistics. A policer using no-stats cannot be a child to a parent policer and the policer’s parent command will fail.

When collect-stats is enabled, no statistics are generated.

minimal

Counter resource allocation: 1

This stat-mode provides the minimal accounting resource usage and counter information, and includes only the total offered, dropped and forwarded packet and octet counters for traffic entering (offered) and exiting (dropped/forwarded) the policer.

The default stat-mode for a policer is minimal. The minimal mode allocates one forwarding plane offered counter and one traffic manager discard counter. The forwarding counter is derived by subtracting the discard counter from the offered counter. The counters do not differentiate possible offered types and do not count different profile output. This does not prevent the policer from supporting different offered packet types and does not prevent the policer from supporting a CIR rate or using exceed PIR.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in minimal stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 48. Egress Accounting Statistics Collected in minimal stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. All

apd

AllPacketsDropped

aod

AllOctetsDropped

For. All

apf

AllPacketsForwarded

aof

AllOctetsForwarded

offered-profile-no-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering the policer. inplus-profile traffic is counted with the in-profile counters and exceed-profile traffic is counted with the out-of-of profile counters.

The offered-profile-no-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-profile-no-cir mode is most useful when profile-based offered, dropped and forwarded statistics are required from the egress policer, but a CIR or enable-exceed-pir is not being used to recolor the soft in-profile and out-of-profile packets. This mode does not prevent the policer from being configured with a CIR rate or using enable-exceed-pir.

This mode is intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-profile-no-cir stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 49. Egress Accounting Statistics Collected in offered-profile-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer comprises of hard inplus/in/out/exceed and soft in/out. The offered counters cover traffic reclassified to in-profile (that includes traffic reclassified to inplus-profile), traffic reclassified to out-of-profile (that includes traffic reclassified to exceed-profile), and traffic that has not been reclassified at egress (Uncolor). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

The offered-profile-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-profile-cir mode is most useful when profile-based offered, dropped and forwarded stats are required from the egress policer and a CIR rate is being used to recolor the soft in-profile and out-of-profile packets.

This mode is intended to be used without profile-capped or enable-exceed-pir configured within the policer as these could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-profile-cir stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 50. Egress Accounting Statistics Collected in offered-profile-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir

Counter resource allocation: 2

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

The offered-total-cir mode allocates two forwarding plane offered counters and two traffic manager discard counters.

The offered-total-cir mode is most useful when the policer is not receiving trusted in-profile or out-of-profile traffic and both high- and low-priority classifications are not being used on the untrusted packets and the offered packets are being applied to a defined CIR profiling rate. This mode does not prevent the policer from receiving trusted in-profile or out-of-profile packets and does not prevent the use of priority high or low classifications on the untrusted packets.

This mode is intended to be used without profile-capped or enable-exceed-pir configured within the policer as these could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-total-cir stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 51. Egress Accounting Statistics Collected in offered-total-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-limited-capped-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer comprises of hard inplus/in/out/exceed and soft in/out. The offered counters cover in-profile traffic (that includes traffic reclassified to inplus-profile) and out-of-profile traffic (that includes traffic reclassified to exceed-profile). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

When offered-limited-capped-cir is defined, the system creates four forwarding plane offered-output counters in the network processor and three discard counters in the traffic manager.

The offered-limited-capped-cir mode is similar to the offered-profile-capped-cir mode except that it combines soft-in-profile with profile in and soft-out-of-profile with profile out and eliminates the offered-undefined statistic.

The impact of using offered-limited-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used and soft-in-profile will be treated as offered-in instead of offered-undefined.

This mode is intended to be used with profile-capped configured within the policer but without enable-exceed-pir configured as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-limited-capped-cir stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 52. Egress Accounting Statistics Collected in offered-limited-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-profile-capped-cir

Counter resource allocation: 5

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer when egress reclassification is performed so that the traffic entering the policer is comprised of hard inplus, hard in, hard out, and hard exceed, as well as soft in and soft out. The offered counters cover traffic reclassified to in-profile (that includes traffic reclassified to inplus-profile), traffic reclassified to out-of-profile (that includes traffic reclassified to exceed-profile), and traffic that has not been reclassified at egress (uncolor). In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter and exceed-profile traffic is counted with the out-of-profile counter.

When offered-profile-capped-cir is defined, the system creates five offered-output counters in the forwarding plane and five discard counters in the traffic manager.

The offered-profile-capped-cir mode is similar to the offered-profile-cir mode except that it includes support for profile inplus, profile in, and soft-in-profile that may be output as out-of-profile due to enabling profile-capped mode on the ingress policer.

The impact of using offered-profile-capped-cir stat-mode while profile-capped mode is disabled is that one of the counting resources in the forwarding plane and traffic manager will not be used and soft-in-profile will be treated as offered-in (hard in-profile) instead of offered-undefined (uncolored).

This mode is intended to be used with profile-capped configured within the policer but without enable-exceed-pir configured as this could cause the traffic profile to be modified by the policer in a way that is not accounted for in the statistics.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-profile-capped-cir stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 53. Egress Accounting Statistics Collected in offered-profile-capped-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. Uncolor

ucp

UncoloredPacketsOffered

uco

UncoloredOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

offered-total-cir-exceed

Counter resource allocation: 3

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. In the dropped and forwarded counters, inplus-profile traffic is counted with the in-profile counter. The offered-total-cir-exceed mode allocates three forwarding plane offered counters and three traffic manager discard counters.

The offered-total-cir-exceed mode is similar to the offered-total-cir mode except that it includes support for forwarded and dropped counters for profile exceed.

This mode is intended to be used when the policer is configured with enable-exceed-pir to forward packets that exceed its configured PIR or when traffic is egress reclassified to profile exceed. The mode gives the forwarded and dropped counters per profile (in, out, exceed). It is also intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer. This stat-mode is not supported for dynamic policers.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-total-cir-exceed stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 54. Egress Accounting Statistics Collected in offered-total-cir-exceed stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

Dro. ExcProf

xpd

ExceedProfilePktsDropped

xod

ExceedProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

For. ExcProf

xpf

ExceedProfilePktsForwarded

xof

ExceedProfileOctetsForwarded

offered-four-profile-no-cir

Counter resource allocation: 4

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering the policer. Offered, dropped, and forwarded counters are provided for inplus-profile, in-profile, out-of-profile, and exceed-profile traffic.

The offered-four-profile-no-cir mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-four-profile-no-cir mode is similar to the offered-profile-no-cir mode except that it includes support for offered, dropped and forwarded counters for both profile inplus and profile exceed.

This mode is intended to be used when traffic is egress reclassified to profile inplus and/or exceed. It is also intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer. This stat-mode is not supported for dynamic policers.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-four-profile-no-cir stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 55. Egress Accounting Statistics Collected in offered-four-profile-no-cir stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. InProf

ipo

InProfilePacketsOffered

ioo

InProfileOctetsOffered

Off. OutProf

opo

OutOfProfilePacketsOffered

ooo

OutOfProfileOctetsOffered

Off. ExcProf

xpo

ExceedProfilePacketsOffered

xoo

ExceedProfileOctetsOffered

Off. InplusProf

ppo

InplusProfilePacketsOffered

poo

InplusProfileOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

Dro. ExcProf

xpd

ExceedProfilePktsDropped

xod

ExceedProfileOctetsDropped

Dro. InplusProf

ppd

InplusProfilePktsDropped

pod

InplusProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

For. ExcProf

xpf

ExceedProfilePktsForwarded

xof

ExceedProfileOctetsForwarded

For. InplusProf

ppf

InplusProfilePktsForwarded

pof

InplusProfileOctetsForwarded

offered-total-cir-four-profile

Counter resource allocation: 4

This stat-mode provides offered, dropped, and forwarded packet and octet counters corresponding to the profile of traffic entering (offered) and exiting (dropped/forwarded) the policer. All offered traffic is provided in a single counter. There is a separate dropped and forwarded counter for inplus, in, out, and exceed-profile traffic.

The offered-total-cir-four-profile mode allocates four forwarding plane offered counters and four traffic manager discard counters.

The offered-total-cir-four-profile mode is similar to the offered-total-cir except that it includes support for forwarded and dropped counters for both inplus-profile and exceed-profile.

This mode is intended to be used when traffic is egress reclassified to inplus-profile. It is also intended to be used without profile-capped configured within the policer as it could cause the traffic profile to be modified by the policer. This stat-mode is not supported for dynamic policers.

The counters displayed in the show output and those collected when collect-stats is enabled are described in Egress Accounting Statistics Collected in offered-total-cir-four-profile stat-mode (the actual fields collected depends on the record configured in the applied accounting policy).

Table 56. Egress Accounting Statistics Collected in offered-total-cir-four-profile stat-mode

Show Output

Accounting Stats Collected

Field

Field Description

Off. All

apo

AllPacketsOffered

aoo

AllOctetsOffered

Dro. InProf

ipd

InProfilePacketsDropped

iod

InProfileOctetsDropped

Dro. OutProf

opd

OutOfProfilePacketsDropped

ood

OutOfProfileOctetsDropped

Dro. ExcProf

xpd

ExceedProfilePktsDropped

xod

ExceedProfileOctetsDropped

Dro. InprofProf

ppd

InplusProfilePktsDropped

pod

InplusProfileOctetsDropped

For. InProf

ipf

InProfilePacketsForwarded

iof

InProfileOctetsForwarded

For. OutProf

opf

OutOfProfilePacketsForwarded

oof

OutOfProfileOctetsForwarded

For. ExcProf

xpf

ExceedProfilePktsForwarded

xof

ExceedProfileOctetsForwarded

For. InplusProf

ppf

InplusProfilePktsForwarded

pof

InplusProfileOctetsForwarded

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

stat-mode

Syntax

stat-mode {per-fc | aggregate}

no stat-mode

Context

[Tree] (config>router>mpls>lsp>ingr-stats stat-mode)

[Tree] (config>router>mpls>lsp>egr-stats stat-mode)

[Tree] (config>router>mpls>lsp-template>egr-stats stat-mode)

Full Context

configure router mpls lsp ingress-statistics stat-mode

configure router mpls lsp egress-statistics stat-mode

configure router mpls lsp-template egress-statistics stat-mode

Description

This command sets the mode used for collecting LSP statistics.

The no form of this command reverts to the default.

Default

stat-mode per-fc

Parameters

per-fc

Specifies that RSVP-TE statistics will be collected per FC.

aggregate

Specifies that SR-TE statistics will be collected as an aggregate across all FCs.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure router mpls lsp ingress-statistics stat-mode

All

  • configure router mpls lsp egress-statistics stat-mode
  • configure router mpls lsp-template egress-statistics stat-mode

state

state

Syntax

[no] state

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query state)

Full Context

configure subscriber-mgmt wlan-gw ue-query state

Description

This command enables matching on a specific UE state. Multiple states can be provisioned.

The no form of this command disables matching on the specified UE state (all UEs match).

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

state

Syntax

state state

no state

Context

[Tree] (config>router>policy-options>policy-statement>entry>from state)

Full Context

configure router policy-options policy-statement entry from state

Description

This command identifies in resilient gateways which routes are associated with an active context and which routes are associated with a standby context.

Default

no state

Parameters

state

Specifies the state.

Values

srrp-master — Used in non-CUPS BNG resiliency. Identifies routes associated with an active SRRP instance.

srrp-non-master — Used in non-CUPS BNG resiliency. Identifies routes associated with a standby SRRP instance.

ipsec-master-with-peer — Used in stateful Multi-Chassis IPsec (MC-IPsec) redundancy. Identifies routes associated with an active MC-IPsec node with a reachable peer.

ipsec-non-master — Used in stateful MC-IPsec redundancy. Identifies routes associated with a standby MC-IPsec node.

ipsec-master-without-peer — Used in stateful MC-IPsec redundancy. Identifies routes associated with an active MC-IPsec node without a reachable peer.

fsg-active — Used in BNG CUPS inter-UPF resiliency. Identifies routes associated with an FSG on the active BNG UPF. This covers all session-related routes, including framed routes, IPv6 gateway addresses, and aggregated routes, but not loopback addresses.

fsg-standby — Used in BNG CUPS inter-UPF resiliency. Identifies routes associated with an FSG on the standby BNG UPF. This covers all session-related routes, including framed routes, IPv6 gateway addresses, and aggregated routes, but not loopback addresses.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

state-change

state-change

Syntax

[no] state-change

Context

[Tree] (debug>dynsvc>scripts>script>event state-change)

[Tree] (debug>dynsvc>scripts>event state-change)

[Tree] (debug>dynsvc>scripts>inst>event state-change)

Full Context

debug dynamic-services scripts script event state-change

debug dynamic-services scripts event state-change

debug dynamic-services scripts instance event state-change

Description

This command enables/disables the generation of a specific dynamic data service script debugging event output: state-change.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

state-timer

state-timer

Syntax

state-timer seconds [ action action]

no state-timer

Context

[Tree] (config>router>pcep>pcc state-timer)

Full Context

configure router pcep pcc state-timer

Description

This command configures the state timer for PCE-initiated LSPs. The state timer must be set to a value greater than the redelegation timer.

The no form of the command sets this value to the default.

Default

state-timer 180 action remove

Parameters

seconds

Specifies the number of seconds before the state timer expires.

Values

1 to 3600

action

Specifies the actions that are taken on undelegated LSPs upon the state timer expiration.

Values

remove, none

Default

remove

Platforms

All

stateful

stateful

Syntax

[no] stateful

Context

[Tree] (config>subscr-mgmt>rtr-adv-plcy>pfx-opt stateful)

Full Context

configure subscriber-mgmt router-advertisement-policy prefix-options stateful

Description

This command enables the configuration of RA options for stateful DHCP prefixes used by the subscriber host.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

stateless

stateless

Syntax

[no] stateless

Context

[Tree] (config>subscr-mgmt>rtr-adv-plcy>pfx-opt stateless)

Full Context

configure subscriber-mgmt router-advertisement-policy prefix-options stateless

Description

This command enables the configuration of RA options for stateless SLAAC prefixes used by the subscriber host.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

static

static

Syntax

static

Context

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping static)

[Tree] (config>service>vpls>sap>igmp-snooping static)

[Tree] (config>service>vpls>sap>mld-snooping static)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping static)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping static)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping static)

Full Context

configure service vpls spoke-sdp igmp-snooping static

configure service vpls sap igmp-snooping static

configure service vpls sap mld-snooping static

configure service vpls spoke-sdp mld-snooping static

configure service vpls mesh-sdp igmp-snooping static

configure service vpls mesh-sdp mld-snooping static

Description

Commands in this context configure static group addresses. Static group addresses can be configured on a SAP or SDP. When present, either as a (*, g) or a (s,g) entry, multicast packets matching the configuration are forwarded even if no join message was registered for the specific group.

Platforms

All

static

Syntax

static

Context

[Tree] (config>subscr-mgmt>igmp-policy static)

[Tree] (config>subscr-mgmt>mld-policy static)

Full Context

configure subscriber-mgmt igmp-policy static

configure subscriber-mgmt mld-policy static

Description

Commands in this context configure MLD static group membership parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

static

Syntax

static ip-address ieee-address

no static ip-address

Context

[Tree] (config>service>vpls>proxy-arp static)

Full Context

configure service vpls proxy-arp static

Description

This command configures static entries to be added to the table. A static MAC-IP entry requires the addition of the MAC address to the FDB as either learned or CStatic (conditional static MAC) in order to become active.

Parameters

ip-address

Specifies the IPv4 address for the static entry.

ieee-address

Specifies a 48-bit MAC address in the form xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx, where xx represents a hexadecimal number.

Platforms

All

static

Syntax

static ipv6-address ieee-address {host | router}

no static ipv6-address

Context

[Tree] (config>service>vpls>proxy-nd static)

Full Context

configure service vpls proxy-nd static

Description

This command configures static entries to be added to the table. A static MAC-IP entry requires the addition of the MAC address to the FDB as either dynamic or CStatic (Conditional Static MAC) in order to become active. Along with the IPv6 and MAC, the entry must also be configured as either host or router. This will determine if the received NS for the entry will be replied with the R flag set to 1 (router) or 0 (host).

Parameters

ipv6-address

Specifies the IPv6 address for the static entry.

ieee-address

Specifies a 48-bit MAC address in the form xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx, where xx represents a hexadecimal number.

host

Specifies that the entry is type "host”.

router

Specifies that the entry is type "router”.

Platforms

All

static

Syntax

static

Context

[Tree] (config>service>vprn>igmp>if static)

Full Context

configure service vprn igmp interface static

Description

This command tests forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

Platforms

All

static

Syntax

static

Context

[Tree] (config>service>vprn>mld>if static)

Full Context

configure service vprn mld interface static

Description

This command tests multicast forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

Platforms

All

static

Syntax

static

Context

[Tree] (config>service>vprn>pim>rp static)

Full Context

configure service vprn pim rp static

Description

This command enables access to the context to configure a static rendezvous point (RP) of a PIM-SM protocol instance.

Platforms

All

static

Syntax

static

Context

[Tree] (config>router>igmp>if static)

Full Context

configure router igmp interface static

Description

This command tests multicast forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

Platforms

All

static

Syntax

static

Context

[Tree] (config>router>igmp>tunnel-interface static)

Full Context

configure router igmp tunnel-interface static

Description

Commands in this context configure static multicast receiver hosts on a tunnel interface associated with an RSVP P2MP LSP.

When enabled, data is forwarded to an interface without receiving membership reports from host members.

Platforms

All

static

Syntax

static

Context

[Tree] (config>router>mld>if static)

Full Context

configure router mld interface static

Description

This command tests multicast forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

Platforms

All

static

Syntax

static

Context

[Tree] (config>router>pim>rp static)

[Tree] (config>router>pim>rp>ipv6 static)

Full Context

configure router pim rp static

configure router pim rp ipv6 static

Description

Commands in this context configure static Rendezvous Point (RP) addresses for a multicast group range.

Entries can be created or destroyed. If no IP addresses are configured in the config>router>pim>rp>static>address context, then the multicast group to RP mapping is derived from the RP-set messages received from the Bootstrap Router.

Platforms

All

static

Syntax

static microseconds

no static

Context

[Tree] (config>router>if>if-attribute>delay static)

Full Context

configure router interface if-attribute delay static

Description

This command configures the unidirectional link delay. By default there is no configured delay, the link delay metric TLV is pruned in the IGP.

The no form of this command removes the configured unidirectional link delay.

Default

no static

Parameters

microseconds

Specifies the unidirectional link delay in microseconds.

Values

1 to 16777214

Platforms

All

static

Syntax

[no] static

Context

[Tree] (config>router>bgp>next-hop-res>use-leaked-routes static)

Full Context

configure router bgp next-hop-resolution use-leaked-routes static

Description

This command configures the router to resolve any non-leaked, unlabeled unicast IPv4 or IPv6 route in the base router BGP RIB by using a static route with direct next hops leaked from any VPRN instance. A BGP route resolved this way cannot resolve other routes (including BGP routes) and cannot be redistributed into non-BGP protocols, such as IGP.

The no form of this command prevents the use of leaked static routes to resolve BGP routes of the base router.

Default

no static

Platforms

All

static

Syntax

[no] static

Context

[Tree] (config>service>vprn>bgp>next-hop-res>use-leaked-routes static)

Full Context

configure service vprn bgp next-hop-resolution use-leaked-routes static

Description

This command configures the router to resolve any non-leaked, unlabeled unicast IPv4 or IPv6 route in the VPRN BGP RIB by using a static route with direct next hops leaked from the GRT. A BGP route resolved this way cannot resolve other routes (including BGP routes) and cannot be redistributed into non-BGP protocols, such as IGP.

The no form of this command prevents the use of leaked static routes to resolve BGP routes of the VPRN.

Default

no static

Platforms

All

static-aa-sub

static-aa-sub

Syntax

static-aa-sub transit-aasub-name

static-aa-sub transit-aasub-name app-profile app-profile-name [create]

no static-aa-sub transit-aasub-name

Context

[Tree] (config>app-assure>group>transit-ip-policy static-aa-sub)

Full Context

configure application-assurance group transit-ip-policy static-aa-sub

Description

This command configures static transit aa-subs with a name and an app-profile. A new transit sub with both a name and an app-profile is configured with the create command. Static transit aa-sub must have an explicitly assigned app-profile. An existing transit sub can optionally be assigned a different app-profile, or this command can be used to enter the static-aa-sub context.

The no form of this command deletes the named static transit aa-sub from the configuration.

Parameters

transit-aasub-name

Specifies the name of a transit subscriber up to 32 characters in length.

app-profile-name

Specifies the name of an existing application profile up to 32 characters in length.

create

Keyword used to create a new app-profile entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

static-aa-sub

Syntax

static-aa-sub transit-aasub-name

static-aa-sub transit-aasub-name app-profile app-profile-name [create]

no static-aa-sub transit-aasub-name

Context

[Tree] (config>app-assure>group>transit-prefix-policy static-aa-sub)

[Tree] (config>app-assure>group>transit-ip-policy>static static-aa-sub)

Full Context

configure application-assurance group transit-prefix-policy static-aa-sub

configure application-assurance group transit-ip-policy static static-aa-sub

Description

This command configures a static transit aa-sub with a name and an app-profile. A new transit sub with both a name and an app-profile is configured with the create command. Static transit aa-sub must have an explicitly assigned app-profile. An existing transit sub can optionally be assigned a different app-profile, or this command can be used to enter the static-aa-sub context.

The no form of this command deletes the named static transit aa-sub from the configuration.

Parameters

transit-aasub-name

Specifies a transit aasub-name up to 32 characters.

app-profile-name

Specifies the name of an existing application profile up to 32 characters.

create

Keyword used to create a new app-profile entry

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

static-address

static-address

Syntax

[no] static-address {ip-address | ipv6-address}

Context

[Tree] (config>app-assure>group>dns-ip-cache>ip-cache static-address)

Full Context

configure application-assurance group dns-ip-cache ip-cache static-address

Description

This command configures a static address in the cache.

Parameters

ip-address | ipv6-address

Specifies a character string up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

static-arp

static-arp

Syntax

static-arp ieee-mac-address unnumbered

static-arp ip-address ieee-mac-address

no static-arp [ieee-mac-address] unnumbered

no static-arp ip-address [ieee-mac-address]

Context

[Tree] (config>service>ies>if static-arp)

[Tree] (config>service>vprn>if static-arp)

Full Context

configure service ies interface static-arp

configure service vprn interface static-arp

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address

Specifies the IP address for the static ARP in IP address dotted decimal notation.

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered

Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

Platforms

All

static-arp

Syntax

static-arp ieee-mac-addr unnumbered

static-arp ip-address ieee-mac-address

no static-arp [ieee-mac-addr] unnumbered

no static-arp ip-address [ieee-mac-address]

Context

[Tree] (config>service>vpls>interface static-arp)

Full Context

configure service vpls interface static-arp

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address

Specifies the IP address for the static ARP in dotted decimal notation

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered

Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

Platforms

All

static-arp

Syntax

static-arp ip-address ieee-mac-address

no static-arp ip-address

Context

[Tree] (config>service>vprn>nw-if static-arp)

Full Context

configure service vprn network-interface static-arp

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address

Specifies the IP address for the static ARP in IP address dotted decimal notation.

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd :ee:ff or aa-bb-cc-dd -ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

All

static-arp

Syntax

static-arp ip-address ieee-address

no static-arp ip-address

static-arp ieee-address unnumbered

no static-arp unnumbered

Context

[Tree] (config>router>if static-arp)

Full Context

configure router interface static-arp

Description

This command configures a static Address Resolution Protocol (ARP) entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a specific IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.

The number of static-arp entries that can be configured on a single node is limited to 1000.

Static ARP is used when a router needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the router configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address. Use proxy ARP so the router responds to ARP requests on behalf of another device.

The no form of this command removes a static ARP entry.

Parameters

ieee-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd :ee:ff or aa-bb-cc-dd -ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered

Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

Platforms

All

static-cak

static-cak

Syntax

[no] static-cak

Context

[Tree] (config>macsec>connectivity-association static-cak)

Full Context

configure macsec connectivity-association static-cak

Description

This command allows the configuration of a Connectivity Association Key (CAK). The CAK is responsible for managing the MKA.

Platforms

All

static-entry

static-entry

Syntax

static-entry ip-prefix/ip-prefix-length upto prefix-length2 origin-as as-number [{valid | invalid}]

no static-entry ip-prefix/ip-prefix-length upto prefix-length2 origin-as as-number

Context

[Tree] (config>router>origin-validation static-entry)

Full Context

configure router origin-validation static-entry

Description

This command configures a static VRP entry indicating that a specific origin AS is either valid or invalid for a specific IP prefix range. Static VRP entries are stored along with dynamic VRP entries (learned from local cache servers using the RPKI-Router protocol) in the origin validation database of the router. This database is used for determining the origin-validation state of IPv4 and/or IPv6 BGP routes received over sessions with the enable-origin-validation command configured.

Static entries can only be configured under the config>router>origin-validation context of the base router.

Parameters

ip-prefix/ip-prefix-length

Specifies an IPv4 or IPv6 address with a minimum prefix length value.

Values

60 to 3600

prefix-length2

Specifies the maximum prefix length.

Values

1 to 128

as-number

Specifies as-number.

Values

0 to 4294967295

valid

Specifies a keyword meaning the static entry expresses a valid combination of origin AS and prefix range.

invalid

Specifies a keyword meaning the static entry expresses an invalid combination of origin AS and prefix range.

Platforms

All

static-function

static-function

Syntax

static-function

Context

[Tree] (config>router>segment-routing>srv6>locator static-function)

Full Context

configure router segment-routing segment-routing-v6 locator static-function

Description

Commands in this context configure the function field parameters of a static End, End.X, or service SID assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

static-function

Syntax

static-function

Context

[Tree] (conf>router>sr>srv6>ms>block static-function)

Full Context

configure router segment-routing segment-routing-v6 micro-segment block static-function

Description

Commands in this context configure the function field parameters of a static uA or service micro-segment assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

static-host

static-host

Syntax

static-host ip ip-prefix[/prefix-length] [mac ieee-address] [create]

no static-host ip ip-prefix[/prefix-length] [mac ieee-address]

no static-host all [force]

no static-host ip ip-prefix[/prefix-length]

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap static-host)

[Tree] (config>service>ies>sub-if>grp-if>sap static-host)

Full Context

configure service vprn subscriber-interface group-interface sap static-host

configure service ies subscriber-interface group-interface sap static-host

Description

This command creates a static subscriber host for the SAP. Static subscriber hosts may be used by the system for various purposes. Applications within the system that make use of static host entries include anti-spoof, ARP reply agent and source MAC population into the VPLS forwarding database.

Multiple static hosts may be defined on the SAP. Each host is identified by either a source IP address, a source MAC address or both a source IP and source MAC address. Every static host definition must have at least one address defined, IP or MAC.

Static hosts can exist on the SAP even with anti-spoof and ARP reply agent features disabled. When enabled, each feature has different requirements for static hosts.

The no form of this command removes a static entry from the system. The specified ip-address and mac-address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the corresponding anti-spoof filter entry and/or FDB entry is also removed.

Parameters

ip-prefix[/prefix-length

Specifies information for the specified IP address and mask.

mac-address

Specifies a MAC address. The MAC address must be specified for anti-spoof mac, and anti-spoof ip-mac and arp-reply-agent (arp-reply-agent is supported by the 7450 ESS only). Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

Every static host definition must have at least one address defined, IP or MAC.

force

Specifies the forced removal of the static host addresses.

create

Keyword used to create the static host instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

static-host

Syntax

static-host ip ip-address [mac ieee-address] [create]

static-host mac ieee-address [create]

no static-host ip ip-address mac ieee-address

no static-host all [force]

no static-host ip ip-address

Context

[Tree] (config>service>vpls>sap static-host)

[Tree] (config>service>ies>if>sap static-host)

[Tree] (config>service>vprn>if>sap static-host)

Full Context

configure service vpls sap static-host

configure service ies interface sap static-host

configure service vprn interface sap static-host

Description

This command creates a static subscriber host for the SAP. Static subscriber hosts may be used by the system for various purposes. Applications within the system that make use of static host entries include anti-spoof, ARP reply agent and source MAC population into the VPLS forwarding database.

Multiple static hosts may be defined on the SAP. Each host is identified by either a source IP address, a source MAC address or both a source IP and source MAC address. Every static host definition must have at least one address defined, IP or MAC.

Static hosts can exist on the SAP even with anti-spoof and ARP reply agent features disabled. When enabled, each feature has different requirements for static hosts.

The no form of this command removes a static entry from the system. The specified ip-address and mac-address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the corresponding anti-spoof filter entry and/or FDB entry is also removed.

Parameters

ip-address

Specify this optional parameter when defining a static host. The IP address must be specified for anti-spoof ip, anti-spoof ip-mac and arp-reply-agent (arp-reply-agent is supported by the 7450 ESS only). Only one static host may be configured on the SAP with a given IP address.

mac-address

Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof mac, and anti-spoof ip-mac and arp-reply-agent (arp-reply-agent is supported by the 7450 ESS only). Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

Every static host definition must have at least one address defined, IP or MAC.

force

Specifies the forced removal of the static host addresses.

create

Keyword used to create the static host instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

static-host-mgmt

static-host-mgmt

Syntax

static-host-mgmt

Context

[Tree] (config>service>ies>sub-if>grp-if>sap static-host-mgmt)

[Tree] (config>service>vprn>sub-if>grp-if>sap static-host-mgmt)

Full Context

configure service ies subscriber-interface group-interface sap static-host-mgmt

configure service vprn subscriber-interface group-interface sap static-host-mgmt

Description

Commands in this context configure common parameters for static hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

static-isid

static-isid

Syntax

static-isid

Context

[Tree] (config>service>vpls>sap static-isid)

[Tree] (config>service>vpls>spoke-sdp static-isid)

Full Context

configure service vpls sap static-isid

configure service vpls spoke-sdp static-isid

Description

This command configures the static-isid context.

Platforms

All

static-label-range

static-label-range

Syntax

static-label-range static-range

no static-label-range

Context

[Tree] (config>router>mpls-labels static-label-range)

Full Context

configure router mpls-labels static-label-range

Description

This command configures the range of MPLS static label values shared among static LSP, MPLS-TP LSP, and static service VC label. Once this range is configured, it is reserved and cannot be used by other protocols such as RSVP, LDP, BGP, or Segment Routing to assign a label dynamically.

Default

static-label-range 18400

Parameters

static-range

Specifies the size of the static label range in number of labels. The minimum label value in the range is 32. The maximum label value is therefore computed as {32+ static-range-1}.

Values

0 to 262112

Default

18400

Platforms

All

static-lsp

static-lsp

Syntax

[no] static-lsp lsp-name

Context

[Tree] (config>router>mpls static-lsp)

Full Context

configure router mpls static-lsp

Description

This command is used to configure a static LSP on the ingress router. The static LSP is a manually set up LSP where the nexthop IP address and the outgoing label (push) must be specified.

The no form of this command deletes this static LSP and associated information.

The LSP must be shutdown first in order to delete it. If the LSP is not shut down, the no static-lsp lsp-name command does nothing except generate a warning message on the console indicating that the LSP is administratively up.

Parameters

lsp-name

Specifies the name that identifies the LSP.

Values

Up to 32 alphanumeric characters.

Platforms

All

static-lsp-fast-retry

static-lsp-fast-retry

Syntax

static-lsp-fast-retry seconds

no static-lsp-fast-retry

Context

[Tree] (config>router>mpls static-lsp-fast-retry)

Full Context

configure router mpls static-lsp-fast-retry

Description

This command specifies the value used as the fast retry timer for a static LSP.

When a static LSP is trying to come up, the MPLS request for the ARP entry of the LSP next-hop may fail when it is made while the next-hop is still down or unavailable. In that case, MPLS starts a retry timer before making the next request. This enhancement allows the user to configure the retry timer, so that the LSP comes up as soon as the next-hop is up.

The no form of this command reverts to the default.

Default

no static-lsp-fast-retry

Parameters

seconds

Specifies the value (in s), used as the fast retry timer for a static LSP.

Values

1 to 30

Platforms

All

static-mac

static-mac

Syntax

static-mac ieee-mac-address [create]

no static-mac ieee-mac-address

Context

[Tree] (config>service>vpls>mesh-sdp static-mac)

[Tree] (config>service>vpls>sap static-mac)

[Tree] (config>service>vpls>spoke-sdp static-mac)

Full Context

configure service vpls mesh-sdp static-mac

configure service vpls sap static-mac

configure service vpls spoke-sdp static-mac

Description

This command creates a remote static MAC entry in the Virtual Private LAN Service (VPLS) forwarding database (FDB) associated with the Service Distribution Point (SDP).

In a VPLS service, MAC addresses are associated with a Service Access Point (SAP) or with a Service Distribution Point (SDP). MACs associated with a SAP are classified as local MACs, and MACs associated with an SDP are remote MACs.

Local and remote static MAC entries create a permanent MAC address to SDP association in the forwarding database for the VPLS instance so that MAC address is not learned on the edge device.

Note:

Static MAC definitions on one edge device are not propagated to other edge devices participating in the VPLS instance, that is, each edge device has an independent forwarding database for the VPLS.

Only one static MAC entry (local or remote) can be defined per MAC address per VPLS instance.

By default, no static MAC address entries are defined for the SDP.

The no form of this command deletes the static MAC entry with the specified MAC address associated with the SDP from the VPLS forwarding database.

Parameters

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd :ee:ff or aa-bb-cc-dd -ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

create

Keyword used to create the static MAC instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

static-mac

Syntax

static-mac

Context

[Tree] (config>service>vpls static-mac)

Full Context

configure service vpls static-mac

Description

A set of conditional static MAC addresses can be created within a VPLS supporting BGP-EVPN. Conditional Static Macs are also supported in B-VPLS with SPBs. Unless they are configured as black-hole, conditional Static Macs are dependent on the SAP/SDP state.

This command allows the assignment of a set of conditional Static MAC addresses to a SAP/ spoke-SDP or black-hole. In the FDB, the static MAC is then associated with the active SAP or spoke-SDP.

When configured in conjunction with SPBM services, Static MACs are used for PBB Epipe and I-VPLS services that may terminate external to SPBM. If this is configured under a Control B-VPLS the interface referenced will not use IS-IS for this neighbor. This may also be configured under a User B-VPLS where the corresponding interface is not supported under the Control B-VPLS.

Static MACs configured in a BGP-EVPN service are advertised as protected (EVPN will signal the MAC as protected).

Platforms

All

static-mac

Syntax

static-mac

Context

[Tree] (config>service>vpls>interface static-mac)

Full Context

configure service vpls interface static-mac

Description

A set of conditional static MAC addresses can be created within a VPLS supporting bgp-evpn. Conditional static macs are also supported in B-VPLS with SPBM. Conditional Static MACs are dependent on the SAP/SDP state.

This command allows assignment of a set of conditional static MAC addresses to a SAP/ spoke-SDP. In the FDB, the static MAC is then associated with the active SAP or spoke-SDP.

Static MACs are used for PBB Epipe and I-VPLS services that may terminate external to SPBM. If this is configured under a Control B-VPLS the interface referenced will not use IS-IS for this neighbor. This may also be configured under a User B-VPLS where the corresponding interface is not supported under the Control B-VPLS.

Static MACs configured in a bgp-evpn service are advertised as protected (EVPN will signal the mac as protected).

Platforms

All

static-mac

Syntax

static-mac ieee-address [create]

no static-mac ieee-address

Context

[Tree] (config>service>vpls>endpoint static-mac)

Full Context

configure service vpls endpoint static-mac

Description

This command assigns a static MAC address to the endpoint. In the FDB, the static MAC is then associated with the active spoke-SDP.

Parameters

ieee-address

Specifies the static MAC address to the endpoint

Values

6-byte mac-address (xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx) Cannot be all zeros

create

This keyword is mandatory while creating a static MAC

Platforms

All

static-policer

static-policer

Syntax

[no] static-policer policer-name [create]

Context

[Tree] (config>sys>security>dist-cpu-protection>policy static-policer)

Full Context

configure system security dist-cpu-protection policy static-policer

Description

Configures a static enforcement policer that can be referenced by one or more protocols in the policy. Once this policer-name is referenced by a protocol, then this policer will be instantiated for each object (for example, a SAP or network interface) that is created and references this policy. If there is no policer resource available on the associated card or fp then the object is be blocked from being created. Multiple protocols can use the same static-policer.

Parameters

policy-name

Specifies the name of the policy, up to 32 characters.

Platforms

All

static-policy

static-policy

Syntax

[no] static-policy policy-name

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>p2mp-sr static-policy)

[Tree] (config>service>vprn>mvpn>pt>selective>p2mp-sr static-policy)

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi static-policy)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr static-policy

configure service vprn mvpn provider-tunnel selective p2mp-sr static-policy

configure service vprn mvpn provider-tunnel selective multistream-spmsi static-policy

Description

This command assigns the specified static policy to the MVPN tunnel.

The no form of this command removes the static policy from the MVPN tunnel.

Default

no static-policy

Parameters

policy-name

Specifies the policy name, up to 32 characters.

Platforms

All

static-policy

Syntax

static-policy name [ create]

no static-policy name

Context

[Tree] (conf>router>segment-routing>sr-policies static-policy)

Full Context

configure router segment-routing sr-policies static-policy

Description

This command creates a context to configure a segment routing policy. The resulting segment routing policy is targeted for local installation or propagation by BGP to another router.

The no form of this command deletes the statically defined segment routing policy.

Default

no static-policy

Parameters

name

Specifies the name assigned to the statically defined segment routing policy, up to 64 characters.

create

Keyword used to create the policy.

Platforms

All

static-remote-aa-sub

static-remote-aa-sub

Syntax

static-remote-aa-sub transit-aasub-name

static-remote-aa-sub transit-aasub-name app-profile app-profile-name [create]

no static-remote-aa-sub transit-aasub-name

Context

[Tree] (config>app-assure>group>transit-prefix-policy static-remote-aa-sub)

Full Context

configure application-assurance group transit-prefix-policy static-remote-aa-sub

Description

This command configures static remote transit aa-subs with a name and an app-profile. Remote transit subscribers are configured for sites on the opposite side of the system as the parent SAP/spoke- SDP. A new remote transit sub with both a name and an app-profile is configured with the create command. Static remote transit aa-subs must have an explicitly assigned app-profile. An existing remote transit sub can optionally be assigned a different app-profile.

The no form of this command removes the name from the transit prefix policy.

Parameters

transit-aasub-name

Specifies a transit aasub-name up to 32 characters.

app-profile-name

Specifies the name of an existing application profile up to 32 characters.

create

Keyword used to create a new app-profile entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

static-route

static-route

Syntax

[no] static-route route-name

Context

[Tree] (config>service>pw-routing static-route)

Full Context

configure service pw-routing static-route

Description

This command configures a static route to a next hop S-PE or T-PE. Static routes may be configured on either S-PEs or T-PEs.

A default static route is entered as follows:

static-route 0:0:next_hop_ip_addresss

or

static-route 0:0.0.0.0:next_hop_ip_address

The no form of this command removes a previously configured static route.

Parameters

route-name

Specifies the static pseudowire route.

Values

route-name

<global-id>:<prefix>:<next-hop-ip_addr>

global-id

0 to 4294967295

prefix

a.b.c.d | 0 to 4294967295

next-hop-ip_addr

a.b.c.d

Platforms

All

static-route

Syntax

[no] static-route ip-prefix/ip-prefix-length next-hop ip-address

Context

[Tree] (bof static-route)

Full Context

bof static-route

Description

This command creates a static route entry for the CPM management Ethernet port in the running configuration and the Boot Option File (BOF).

This command allows manual configuration of static routing table entries. These static routes are only used by traffic generated by the CPM Ethernet port. To reduce configuration, manual address aggregation should be applied where possible.

A maximum of 10 static routes can be configured on the CPM port.

The no form of this command deletes the static route.

Default

no static-route

Parameters

ip-prefix/ip-prefix-length

Specifies the destination address of the static route in dotted decimal notation.

Values

ip-prefix/ip-prefix-length

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-le

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0to 255]D

ipv6-prefix-le

0 to128

ip-address

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

Note:

IPv6 is applicable to the 7750 SR and 7950 XRS only.

mask

Specifies the subnet mask, expressed as an integer or in dotted decimal notation.

Values

1 to 32 (mask length), 128.0.0.0 to255.255.255.255 (dotted decimal)

ip-address

Specifies the next hop IP address used to reach the destination.

Platforms

All

static-route-entry

static-route-entry

Syntax

static-route-entry ip-prefix/prefix-length [mcast]

no static-route-entry ip-prefix/prefix-length [mcast]

Context

[Tree] (config>service>vprn static-route-entry)

Full Context

configure service vprn static-route-entry

Description

This command creates a static route entry for both the network and access routes. A prefix and netmask must be specified.

Once the static route context for the specified prefix and netmask has been created, additional parameters associated with the static route(s) may be specified through the inclusion of additional static-route parameter commands.

The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered.

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

Default

No static routes are defined.

Parameters

ip-prefix/prefix-length

The destination address of the static route.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

Values

The following values apply to the 7450 ESS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

mcast

Specifies that the associated static route should be populated in the associated VPRN multicast route table.

Platforms

All

static-route-entry

Syntax

[no] static-route-entry ip-prefix/prefix-length [mcast]

Context

[Tree] (config>router static-route-entry)

Full Context

configure router static-route-entry

Description

This command creates a static route entry for both the network and access routes. A prefix and netmask must be specified.

After the static route context for the specified prefix and netmask has been created, additional parameters associated with the static routes may be specified through the inclusion of additional static route parameter commands.

The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered.

Default

No static routes are defined.

Parameters

ip-prefix/prefix-length

Specifies the destination address of the static route.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0 to FFFF]H

d

[0 to 255]D

ipv6-prefix-length

0 to 128

Values

The following values apply to the 7450 ESS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ip-address

Specifies the IP address of the IP interface. The ip-addr portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface: 32 characters maximum, mandatory for link local addresses

Values

The following value applies to the 7450 ESS:

ipv4-address

a.b.c.d (host bits must be 0)

mcast

Indicates that static route being configured is used for multicast table only.

Platforms

All

static-route-hold-down

static-route-hold-down

Syntax

static-route-hold-down initial initial multiplier multiplier max-value max-value

no static-route-hold-down

Context

[Tree] (config>router static-route-hold-down)

Full Context

configure router static-route-hold-down

Description

This command enables the hold down time feature globally for static routes in the system.

The no form of this command disables the hold down time feature globally for static routes in the system.

Default

no static-route-hold-down

Parameters

initial

Specifies the initial value of the hold down time feature globally for static routes in the system.

Values

1 to 65535

multiplier

Specifies the multiplier value of the hold down time feature globally for static routes in the system.

Values

1 to 10

max-value

Specifies the maximum value of the hold down time feature globally for static routes in the system.

Values

1 to 65535

Platforms

All

static-sa

static-sa

Syntax

static-sa sa-name [create]

no static-sa sa-name

Context

[Tree] (config>ipsec static-sa)

Full Context

configure ipsec static-sa

Description

This command configures an IPsec static SA.

Platforms

All

static-string

static-string

Syntax

static-string static-string

no static-string

Context

[Tree] (config>app-assure>group>http-enrich>field static-string)

Full Context

configure application-assurance group http-enrich field static-string

Description

This command configures an HTTP header enrichment template field static string.

The no form of this command removes the template field static string.

Default

no static-string

Parameters

static-string

Specifies a static string.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

static-tunnel-redundant-next-hop

static-tunnel-redundant-next-hop

Syntax

static-tunnel-redundant-next-hop ip-address

no static-tunnel-redundant-next-hop

Context

[Tree] (config>service>ies>if static-tunnel-redundant-next-hop)

[Tree] (config>service>vprn>if static-tunnel-redundant-next-hop)

Full Context

configure service ies interface static-tunnel-redundant-next-hop

configure service vprn interface static-tunnel-redundant-next-hop

Description

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for static IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them. Refer to the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for information about IPsec commands and descriptions.

The next-hop address will be resolved in routing table of corresponding service.

The no form of this command removes the address from the interface configuration.

Parameters

ip-address

Specifies the static ISA tunnel redundant next-hop address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

station

station

Syntax

station station-name [create]

no station station-name

Context

[Tree] (config>bmp station)

Full Context

configure bmp station

Description

The command configures the BMP monitoring station name.

The no form of this command removes the station name from the configuration.

Parameters

station-name

Specifies the station name of the BMP monitoring station up to 32 characters.

create

Keyword used to create the station name. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

station

Syntax

station all

station name [name]

no station

Context

[Tree] (config>router>bgp>group>monitor station)

[Tree] (config>router>bgp>monitor station)

[Tree] (config>service>vprn>bgp>group>monitor station)

[Tree] (config>router>bgp>group>neighbor>monitor station)

[Tree] (config>service>vprn>bgp>group>neighbor>monitor station)

Full Context

configure router bgp group monitor station

configure router bgp monitor station

configure service vprn bgp group monitor station

configure router bgp group neighbor monitor station

configure service vprn bgp group neighbor monitor station

Description

This command configures the set of BMP monitoring stations for which BMP messages are to be sent, at the global BGP instance level, per group or for a particular neighbor.

Whatever value is configured for the station parameter at the most specific BGP hierarchy level is used.

  • If a station list or the no station command is configured at a neighbor context, then that value is used.

  • If no station command is configured at the neighbor context, the group value is used.

  • If a station list or the no station command is configured at a group context, then that value is used.

  • If no station command is configured at the group context, the global value is used.

  • If a station list or the no station command is configured at the global context, then that value is used.

  • If no station command is configured at the global context, then a no station is assumed.

The no form of this command disables sending BMP messages to BMP monitoring stations.

Parameters

name

Specifies up to eight station names up to 32 characters. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

all

Specifies all configured stations.

Platforms

All

station-address

station-address

Syntax

station-address ip-address | ipv6-address port port

no station-address

Context

[Tree] (config>bmp>station>connection station-address)

Full Context

configure bmp station connection station-address

Description

This command configures the IP address and TCP port number of the remote BMP monitoring station. This is a mandatory parameter and must be configured before the associated station can transitioned out of the shut down state.

The no form of this command removes the configured station IP address and port number for the BMP session. The no station-address command cannot be accepted unless the BMP or station instance is shut down.

Parameters

ip-address

Specifies the station address expressed in dotted decimal notation. Allowed value is a valid routable IP address on the router, either an interface or system IP address.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address

Specifies the station address expressed in dotted decimal notation. Allowed value is a valid routable IPv6 address on the router, either an interface or system IPv6 address.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

port

Specifies the TCP (destination) port number to be used when establishing the connection to the associated BMP station.

Values

1 to 65535

Platforms

All

statistic

statistic

Syntax

statistic type type name name

no statistic

Context

[Tree] (debug>wlan-gw>group statistic)

Full Context

debug wlan-gw group statistic

Description

This command enables debugging of the specified statistic. The first packet that causes an increase of the specified statistic is shown in debug output. After the first packet, debugging of the counter is stopped.

Parameters

type

Displays the type of statistic to be debugged; for example, DHCP or RADIUS.

Values

packet-errors, host-errors, bd-errors, forwarding, reassembly, aa, radius, arp, dhcp, dhcp6, icmp, icmp6

name

Specifies the name, up to 256 characters, of the statistic within that group. For a complete list, see the command show isa wlan-gw-group wlan-gw-group-id member member-id statistics.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

statistics

statistics

Syntax

statistics

Context

[Tree] (config>app-assure>group statistics)

Full Context

configure application-assurance group statistics

Description

Commands in this context configure accounting and billing statistics for this AA ISA group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

statistics

Syntax

statistics

Context

[Tree] (config>isa>aa-grp statistics)

Full Context

configure isa application-assurance-group statistics

Description

Commands in this context configure statistics generation.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

stats-collection

stats-collection

Syntax

stats-collection

Context

[Tree] (config>isa>tunnel-grp stats-collection)

Full Context

configure isa tunnel-group stats-collection

Description

Commands in this context configure ISA statistics collection parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

stats-report-interval

stats-report-interval

Syntax

stats-report-interval [seconds]

no stats-report-interval

Context

[Tree] (config>bmp>station stats-report-interval)

Full Context

configure bmp station stats-report-interval

Description

This command configures the frequency of sending statistics reporting messages to the BMP monitoring station.

The no form of this command removes the interval from the configuration.

Parameters

seconds

Specifies the frequency of sending statistics reporting messages, in seconds, to the BMP monitoring station.

Values

15 to 65535

Platforms

All

stats-type

stats-type

Syntax

stats-type {time | volume-time}

no stats-type

Context

[Tree] (config>service>dynsvc>acct-2 stats-type)

[Tree] (config>service>dynsvc>acct-1 stats-type)

Full Context

configure service dynamic-services dynamic-services-policy accounting-2 stats-type

configure service dynsvc acct-1 stats-type

Description

This command configures the type of statistics to be reported in dynamic data services RADIUS accounting. A RADIUS specified Stats Type overrides the CLI configured value.

The no form of this command resets the default value.

Default

stats-type volume-time

Parameters

time

Only report Session-Time in the RADIUS Accounting Interim-Update and Stop message.

volume-time

Report both Session-Time and Volume counter attributes in the RADIUS. Accounting Interim-Update and Stop messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

stats-type

Syntax

stats-type {volume-time | time}

no stats-type

Context

[Tree] (config>service>dynsvc>ladb>user>idx>acct stats-type)

Full Context

configure service dynamic-services local-auth-db user-name index accounting stats-type

Description

This command specifies whether dynamic service accounting should be enabled or disabled for this destination. RADIUS accounting is enabled by specifying the stats type: volume and time or time only. This command overrides the local configured value in the dynamic services policy.

The no form of this command disables RADIUS accounting (stats-type off).

Parameters

volume-time | time

Enables RADIUS accounting for this dynamic service and specifies if volume counters should be included (volume-time) or time only (time) in the RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

status-verify

status-verify

Syntax

status-verify

Context

[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert status-verify)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert status-verify)

[Tree] (config>service>ies>if>sap>ipsec-gw>cert status-verify)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert status-verify)

[Tree] (config>ipsec>trans-mode-prof>dyn>cert status-verify)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert status-verify)

[Tree] (config>service>vprn>if>sap>ipsec-gw>cert status-verify)

Full Context

configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify

configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify

configure service ies interface sap ipsec-gw cert status-verify

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify

configure ipsec ipsec-transport-mode-profile dynamic-keying cert status-verify

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify

configure service vprn interface sap ipsec-gw cert status-verify

Description

Commands in this context configure Certificate Status Verification (CSV) parameters.

Platforms

VSR

  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify
  • configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify
  • configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec ipsec-transport-mode-profile dynamic-keying cert status-verify
  • configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify
  • configure service vprn interface sap ipsec-gw cert status-verify
  • configure service ies interface sap ipsec-gw cert status-verify

status-verify

Syntax

status-verify default-result {revoked | good}

no status-verify

Context

[Tree] (config>system>security>tls>server-tls-profile status-verify)

[Tree] (config>system>security>tls>client-tls-profile status-verify)

Full Context

configure system security tls server-tls-profile status-verify

configure system security tls client-tls-profile status-verify

Description

This command configures the certificate revocation status verification parameters for end-entity (EE) certificates in the TLS client or server. This configuration overrides the existing revocation check policy.

By default the router checks the certification revocation status, but if this command is set to good, the end-entity certificate revocation status is overwritten and a good revocation status is returned for the EE certificate.

If this command is set to revoked, the router returns the actual revocation status of the end-entity certificate.

The no form of this command returns the actual revocation status to that of the end entity certificate.

Default

status-verify default-result revoked

Parameters

good

Specifies that the certificate is considered acceptable.

revoked

Specifies that the certificate is considered revoked.

Platforms

All

std-acct-attributes

std-acct-attributes

Syntax

[no] std-acct-attributes

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute std-acct-attributes)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute std-acct-attributes

Description

This command enables reporting of aggregated forwarded IPv4 and IPv6 octet, packet and gigaword counters using standard RADIUS attributes. This attribute is by default. It can be enabled simultaneously with detailed per queue or policer counters (detailed-acct-attributes).

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

std-port-class-pools

std-port-class-pools

Syntax

std-port-class-pools

Context

[Tree] (config>qos>hs-port-pool-policy std-port-class-pools)

Full Context

configure qos hs-port-pool-policy std-port-class-pools

Description

Commands in this context configure standard port-class pools parameters. Within this context, the corresponding port-class pools can be associated with a mid-pool, explicitly sized as a percentage of the mid-pool size, dynamically-sized based on relative port bandwidth, or have a slope policy applied.

Platforms

7750 SR-7/12/12e

steering-profile

steering-profile

Syntax

steering-profile steering-profile-name

no steering-profile

Context

[Tree] (config subscr-mgmt loc-user-db ppp host steering-profile)

Full Context

configure subscriber-mgmt local-user-db ppp host steering-profile

Description

This command configures the steering profile for the specific host.

The no form of this command removes the steering profile for the host.

Parameters

steering-profile-name

Specifies the name of the steering profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

steering-profile

Syntax

steering-profile steering-profile-name [create]

no steering-profile steering-profile-name

Context

[Tree] (config subscr-mgmt steering-profile)

Full Context

configure subscriber-mgmt steering-profile

Description

This command configures a steering profile mapping. A steering profile can be applied to each L2TP LAC subscriber host that requires traffic steering.

The no form of this command removes the specified steering profile.

Parameters

steering-profile-name

Specifies the name of the steering profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

steering-profile

Syntax

[no] steering-profile

Context

[Tree] (config subscr-mgmt acct-plcy include-radius-attribute steering-profile)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute steering-profile

Description

This command enables including the Alc-Steering-Profile RADIUS attribute.

The no form of the command disables including the Alc-Steering-Profile RADIUS attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

steering-route

steering-route

Syntax

steering-route ip-prefix/length

no steering-route

Context

[Tree] (config>service>vprn>nat>inside>redundancy steering-route)

Full Context

configure service vprn nat inside redundancy steering-route

Description

This command configures specifies the IP address and prefix length of the steering route. The steering route is used in the realm of this virtual router instance as an indirect next-hop for all the traffic that must be routed to the large scale NAT function.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

steering-route

Syntax

steering-route ip-prefix/length

no steering-route

Context

[Tree] (config>router>nat>inside>redundancy steering-route)

Full Context

configure router nat inside redundancy steering-route

Description

This command is optionally used in LSN44 multi-chassis redundancy when filters are used on the inside to send traffic destined for the LSN44 function to MS-ISA, where NAT is performed.

If configured, the steering-route is advertised only from the active LSN44 node: the purpose is to bring the LSN44 node activity awareness to downstream routers. In this fashion, downstream routers can make a more intelligent decision when forwarding traffic in the upstream direction. Based on the steering-route, traffic can be sent directly towards the active LSN44 node. This route avoids an extra forwarding hop which would ensue in the case without LSN44 activity awareness, where the upstream traffic can be forwarded to the standby LSN44 node and then to the active LSN44 node.

LSN44 node activity (active/standby) is evaluated per isa-group based on monitoring routes advertised on the outside.

The no form of the command removes the ip-prefix/length from the configuration.

Parameters

ip-prefix/length

Specifies the IP address and length of the steering route.

Values

ip-prefix:

a.b.c.d

ip-prefix-length:

0 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sticky-dest

sticky-dest

Syntax

sticky-dest hold-time-up

sticky-dest no-hold-time-up

no sticky-dest

Context

[Tree] (config>filter>ipv6-filter>entry sticky-dest)

[Tree] (config>filter>mac-filter>entry sticky-dest)

[Tree] (config>filter>redirect-policy sticky-dest)

[Tree] (config>filter>ip-filter>entry sticky-dest)

Full Context

configure filter ipv6-filter entry sticky-dest

configure filter mac-filter entry sticky-dest

configure filter redirect-policy sticky-dest

configure filter ip-filter entry sticky-dest

Description

This command configures sticky destination behavior for redundant PBR/PBF actions. Configuring sticky destination has an effect on PBR/PBF actions whether a secondary action is configured.

The hold-time-up parameter allows the operator to delay programming of a PBR/PBF action for a specified amount of time. The timer is only started when transitioning from all configured targets being down (that is, the primary target if no secondary target is configured, or both the primary and secondary targets when both are configured) to at least one target being up.

When the timer expires, the primary PBR/PBF action is programmed if its target is up. If the primary PBR/PBF target is down and a secondary PBR/PBF action has been configured and its target is up, then this secondary PBR/PBF action is programmed. In all other cases, no specific programming occurs when the timer expires.

When sticky destination is configured and the secondary PBR/PBF target is up and its associated action is programmed, it is not automatically replaced by the primary PBR/PBF action when its target transitions from down to up. In this situation, programming the primary PBR/PBF action can be forced using the activate-primary-action tools command.

Changing the value of the timer while the timer is running takes effect immediately (that is, the timer is restarted immediately using the new value).

The no form of the command disables sticky destination behavior.

Default

no sticky-dest

Parameters

hold-time-up

Specifies the initial delay in seconds. Zero is equivalent to no-hold-time-up (no delay).

Values

0 to 65535 seconds

Platforms

All

sticky-dr

sticky-dr

Syntax

sticky-dr [priority dr-priority]

no sticky-dr

Context

[Tree] (config>service>vprn>pim>if sticky-dr)

Full Context

configure service vprn pim interface sticky-dr

Description

This command enables sticky-dr operation on this interface. When enabled, the priority in PIM hellos sent on this interface when elected as the designated router (DR) is modified to the value configured in dr-priority. This is done to avoid the delays in forwarding caused by DR recovery, when switching back to the old DR on a LAN when it comes back up.

By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.

The no form of this command disables sticky-dr operation on this interface.

Default

no sticky-dr

Parameters

priority dr-priority

Sets the DR priority to be sent in PIM Hello messages following the election of that interface as the DR, when sticky-dr operation is enabled.

Values

1 to 4294967295

Platforms

All

sticky-dr

Syntax

sticky-dr [priority dr-priority]

no sticky-dr

Context

[Tree] (config>router>pim>interface sticky-dr)

Full Context

configure router pim interface sticky-dr

Description

This command enables sticky-dr operation on this interface. When enabled, the priority in PIM hellos sent on this interface when elected as the designated router (DR) will be modified to the value configured in dr-priority. This is done to avoid the delays in forwarding caused by DR recovery, when switching back to the old DR on a LAN when it comes back up.

By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.

The no form of this command disables sticky-dr operation on this interface.

Default

no sticky-dr

Parameters

priority dr-priority

Sets the DR priority to be sent in PIM Hello messages following the election of that interface as the DR, when sticky-dr operation is enabled.

Values

1 to 4294967295

Platforms

All

sticky-ecmp

sticky-ecmp

Syntax

sticky-ecmp

no sticky-ecmp

Context

[Tree] (config>router>policy-options>policy-statement>entry>action sticky-ecmp)

[Tree] (config>router>policy-options>policy-statement>default-action sticky-ecmp)

Full Context

configure router policy-options policy-statement entry action sticky-ecmp

configure router policy-options policy-statement default-action sticky-ecmp

Description

This command specifies that BGP routes matching an entry or default-action of a route policy should be tagged internally as requiring sticky ECMP behavior. When a BGP route with multiple equal-cost BGP next-hops is programmed for sticky ECMP the failure of one or more of its BGP next-hops causes only the affected traffic flows to be re-distributed to the remaining next-hops; by default (without sticky-ECMP) all flows are potentially affected, even those using a next-hop that did not fail.

Default

no sticky-ecmp

Platforms

All

sticky-msaps

sticky-msaps

Syntax

sticky-msaps [idle-timeout seconds]

no sticky-msaps

Context

[Tree] (config>subscr-mgmt>msap-policy sticky-msaps)

Full Context

configure subscriber-mgmt msap-policy sticky-msaps

Description

This command prevents MSAPs associated with the specified MSAP policy from being deleted unless a manual clear command is issued. If this command is not enabled, an MSAP is deleted when a host creation fails or when a subscriber is no longer associated with the MSAP, for example, when a subscriber ends the session. This feature is useful for an operator who wants to keep historical statistics on MSAPs. It can also speed up host creation on an MSAP since the MSAP is already created. The idle-timeout parameter allows the removal of MSAPs that are idle for longer than the specified time.

The no form of this command allows an MSAP to be deleted when a host creation fails or when a subscriber is no longer associated with the MSAP.

Default

no sticky-msaps

Parameters

seconds

Specifies the idle timeout, in seconds.

Values

5 to 604800

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

stp

stp

Syntax

[no] stp

Context

[Tree] (config>service>vpls>pbb>backbone-vpls stp)

Full Context

configure service vpls pbb backbone-vpls stp

Description

This command enables or disable STP through B-VPLS service.

Platforms

All

stp

Syntax

[no] stp

Context

[Tree] (config>service>vpls>backbone-vpls stp)

Full Context

configure service vpls backbone-vpls stp

Description

This command enables STP on the backbone VPLS service.

The no form of this command disables STP on the backbone VPLS service.

stp

Syntax

stp

Context

[Tree] (config>service>vpls>sap stp)

[Tree] (config>service>template>vpls-sap-template stp)

[Tree] (config>service>vpls stp)

[Tree] (config>service>template>vpls-template stp)

[Tree] (config>service>vpls>spoke-sdp stp)

Full Context

configure service vpls sap stp

configure service template vpls-sap-template stp

configure service vpls stp

configure service template vpls-template stp

configure service vpls spoke-sdp stp

Description

Commands in this context configure the Spanning Tree Protocol (STP) parameters. Nokia’s STP is simply the Spanning Tree Protocol (STP) with a few modifications to better suit the operational characteristics of VPLS services. The most evident change is to the root bridge election. Since the core network operating between Nokia’s service routers should not be blocked, the root path is calculated from the core perspective.

Platforms

All

stp

Syntax

[no] stp

Context

[Tree] (debug>service>id stp)

Full Context

debug service id stp

Description

Commands in this context debug STP.

The no form of the command disables debugging.

Platforms

All

stp

Syntax

stp

Context

[Tree] (config>service>pw-template stp)

Full Context

configure service pw-template stp

Description

Commands in this context configure the Spanning Tree Protocol (STP) parameters. The STP is simply the Spanning Tree Protocol (STP) with a few modifications to better suit the operational characteristics of VPLS services. The most evident change is to the root bridge election. Since the core network operating between service routers should not be blocked, the root path is calculated from the core perspective.

Platforms

All

stream-selection

stream-selection

Syntax

[no] stream-selection

Context

[Tree] (config>isa>video-group stream-selection)

Full Context

configure isa video-group stream-selection

Description

This command specifies whether or not stream selection is enabled on this video group.

The no form of the command disables stream-selection for the group.

Default

no stream-selection

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

streaming

streaming

Syntax

streaming

Context

[Tree] (config>oam-pm streaming)

Full Context

configure oam-pm streaming

Description

This command specifies the context to configure the OAM-PM streaming template and its associated parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

streaming

Syntax

streaming

Context

[Tree] (config>system>snmp streaming)

Full Context

configure system snmp streaming

Description

This command enables the proprietary SNMP request/response bundling and TCP-based transport mechanism for optimizing network management of the router nodes. In higher latency networks, synchronizing router MIBs from network management via streaming takes less time than synchronizing via classic SNMP UDP requests. Streaming operates on TCP port 1491 and runs over IPv4 or IPv6.

Platforms

All

strict

strict

Syntax

[no] strict

Context

[Tree] (config>app-assure>group>tcp-validate strict)

Full Context

configure application-assurance group tcp-validate strict

Description

This command specifies whether enforcement of TCP sequence and acknowledgment numbers is applied. If a packet does not meet the expected sequence or acknowledgment number, it is dropped.

This command should only be enabled if the expected bit error rate or packet loss is low. For example, if acknowledgments are lost before being detected by AA, the server timeouts are triggered and retransmissions occur. If strict is enabled, these retransmissions would resemble a reply attack and would be dropped by AA.

The no form of this command removes TCP sequence and acknowledgment number enforcement.

Default

no strict

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

strict-adjacency-check

strict-adjacency-check

Syntax

[no] strict-adjacency-check

Context

[Tree] (config>service>vprn>isis strict-adjacency-check)

Full Context

configure service vprn isis strict-adjacency-check

Description

This command enables strict checking of address families (IPv4 and IPv6) for IS-IS adjacencies. When enabled, adjacencies do not come up unless both routers have exactly the same address families configured. If there is an existing adjacency with unmatched address families, it is torn down.

This command is used to prevent black-holing traffic when IPv4 and IPv6 topologies are different. When disabled (no strict-adjacency-check) a BFD session failure for either IPv4 or IPv6 will cause the routes for the other address family to be removed as well.

When disabled (no strict-adjacency-check), both routers only need to have one common address family to establish the adjacency.

Default

no strict-adjacency-check

Platforms

All

strict-adjacency-check

Syntax

[no] strict-adjacency-check

Context

[Tree] (config>router>isis strict-adjacency-check)

Full Context

configure router isis strict-adjacency-check

Description

This command enables strict checking of address families (IPv4 and IPv6) for IS-IS adjacencies. When enabled, adjacencies will not come up unless both routers have exactly the same address families configured. If there is an existing adjacency with unmatched address families, it will be torn down. This command is used to prevent black-holing traffic when IPv4 and IPv6 topologies are different. When disabled (no strict-adjacency-check) a BFD session failure for either IPv4 or Ipv6 will cause the routes for the other address family to be removed as well.

When disabled (no strict-adjacency-check), both routers only need to have one common address family to establish the adjacency.

Platforms

All

strict-ero-nhop-direct-resolution

strict-ero-nhop-direct-resolution

Syntax

[no] strict-ero-nhop-direct-resolution

Context

[Tree] (config>router>mpls strict-ero-nhop-direct-resolution)

Full Context

configure router mpls strict-ero-nhop-direct-resolution

Description

This command enables the strict Explicit Route Object (ERO) next-hop direct resolution. The feature restricts the routes used to resolve the next hop of an ERO address to local and host routes. This command avoids using a next hop over a parallel link when a half link is up in the routing table.

When enabled, this command applies to an ERO when all of the following conditions are met:

  • the ERO next hop is an IPv4 address

  • the ERO object is a strict hop

  • the IPv4 address matches the primary subnet of a local numbered interface

An ERO that meets the preceding conditions restricts resolution of the next hop to a LOCAL or a HOST route. If no such route exists, RSVP rejects the PATH message with ErrCode = Routing Error (24) and SubErrCode = Bad Strict Node (2).

The no form of this command disables the strict ERO next-hop direct resolution.

Default

no strict-ero-nhop-direct-resolution

Platforms

All

strict-esp-seq-number-ordering

strict-esp-seq-number-ordering

Syntax

[no] strict-esp-seq-number-ordering

Context

[Tree] (config>isa>tunnel-grp strict-esp-seq-number-ordering)

Full Context

configure isa tunnel-group strict-esp-seq-number-ordering

Description

This command configures the router to use strict ESP sequence number ordering.

When ESP sequence number ordering is enabled, the outbound ESP sequence number of a CHILD_SA must be in the same order as when clear packets are received by the same CHILD_SA.

The no form of this command disables strict ESP sequence number ordering.

Default

no strict-esp-seq-number-ordering

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

strict-lsa-checking

strict-lsa-checking

Syntax

[no] strict-lsa-checking

Context

[Tree] (config>service>vprn>ospf3>graceful-restart strict-lsa-checking)

[Tree] (config>service>vprn>ospf>graceful-restart strict-lsa-checking)

Full Context

configure service vprn ospf3 graceful-restart strict-lsa-checking

configure service vprn ospf graceful-restart strict-lsa-checking

Description

This command indicates whether an OSPF restart helper should terminate graceful restart when there is a change to an LSA that would be flooded to the restarting router during the restart process.

The default OSPF behavior is to terminate a graceful restart if an LSA changes, which causes the OSPF neighbor to go down.

The no strict-lsa-checking command disables strict LSA checking.

Default

strict-lsa-checking

Platforms

All

strict-lsa-checking

Syntax

[no] strict-lsa-checking

Context

[Tree] (config>router>ospf>graceful-restart strict-lsa-checking)

[Tree] (config>router>ospf3>graceful-restart strict-lsa-checking)

Full Context

configure router ospf graceful-restart strict-lsa-checking

configure router ospf3 graceful-restart strict-lsa-checking

Description

This command indicates whether an OSPF restart helper should terminate graceful restart when there is a change to an LSA that would be flooded to the restarting router during the restart process.

The default OSPF behavior is to terminate a graceful restart if an LSA changes, which causes the OSPF neighbor to go down.

The no form of this command disables strict LSA checking.

Default

strict-lsa-checking

Platforms

All

strict-mode

strict-mode

Syntax

[no] strict-mode

Context

[Tree] (config>service>upnp>upnp-policy strict-mode)

Full Context

configure service upnp upnp-policy strict-mode

Description

This command enable UPnP strict mode. With strict-mode, system only allows changes to existing UPnP mapping if the request comes from same UPnP client.

Default

no strict-mode

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

string

string

Syntax

string string

no string

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident string)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification string

Description

This command specifies the string from the Nokia vendor-specific sub-option (VSO) in Option 82 to match when the LUDB is accessed using a DHCPv4 server.

Note:

This command is only used when string is configured as one of the match-list parameters.

The no form of this command removes the host identification string from the configuration.

Parameters

string

Specifies the VSO string of this host, up to 255 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

string

Syntax

[no] string text

Context

[Tree] (config>service>vprn>if>dhcp>option>vendor string)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor string)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor string)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor string)

[Tree] (config>service>vpls>sap>dhcp>option>vendor string)

Full Context

configure service vprn interface dhcp option vendor-specific-option string

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option string

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option string

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option string

configure service vpls sap dhcp option vendor-specific-option string

Description

This command specifies the string in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command reverts to the default.

Parameters

text

Specifies a string that can be any combination of ASCII characters, up to 32 characters. If spaces are used in the string, enclose the entire string in quotation marks (" ").

Platforms

All

  • configure service vprn interface dhcp option vendor-specific-option string
  • configure service vpls sap dhcp option vendor-specific-option string

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option string
  • configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option string
  • configure service ies subscriber-interface group-interface dhcp option vendor-specific-option string

string

Syntax

[no] string text

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option string)

Full Context

configure router interface dhcp option vendor-specific-option string

Description

This command specifies the vendor-specific sub-option string of the DHCP relay packet.

The no form of this command returns the default value.

Default

no string

Parameters

text

Specifies a string that can be any combination of ASCII characters, up to 32 characters in length. If spaces are used in the string, enclose the entire string in quotation marks (" ”).

Platforms

All

strings-from-option

strings-from-option

Syntax

strings-from-option dhcp-option-number

no strings-from-option

Context

[Tree] (config>subscr-mgmt>sub-ident-pol strings-from-option)

Full Context

configure subscriber-mgmt sub-ident-policy strings-from-option

Description

This command enables DHCPv4 option processing on DHCP ACK for subscriber host identification.

The parameter dhcp-option-number specifies the DHCPv4 option number containing subscriber host identification strings such as subscriber ID, sub-profile, sla-profile strings, and so on. The identification strings can be inserted by an SR OS based DHCPv4 server via a local user database lookup.

Applicable to DHCPv4 hosts and PPP hosts that use the internal DHCP client to get an IPv4 address from an SR OS based DHCPv4 server.

The no form of this command reverts to the default.

Default

no strings-from-option

Parameters

dhcp-option-number

Specifies the DHCPv4 option number containing subscriber host identification strings.

Values

1 to 254

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

strip-label

strip-label

Syntax

[no] strip-label

Context

[Tree] (config>router>if strip-label)

Full Context

configure router interface strip-label

Description

This command forces packets to be stripped of all (max 5) MPLS labels before the packets are handed over for possible filter (PBR) processing.

If the packets do not have an IP header immediately following the MPLS label stack after the strip, they are discarded. Only MPLS encapsulated IP, IGP shortcuts and VPRN over MPLS packets will be processed. However, IPv4 and IPv6 packets that arrive without any labels are supported on an interface with strip-label enabled.

This command operates in promiscuous mode. This means that the router does not filter on the destination MAC address of the Ethernet frames. In some network designs, multiple ports may be tapped and combined into interface toward the router. Promiscuous mode allows all of these flows to be processed without requiring the destination MAC address to be updated to match the router address.

This command is supported on:

  • Optical ports for the 7750 SR and 7450 ESS

  • IOM3-XP cards for the 7750 SR and 7450 ESS

  • Null/Dot1q encaps

  • Network ports

  • IPv4

  • IPv6

In order to associate an interface that is configured with the strip-label parameter with a port, the port must be configured as single-fiber for the command to be valid.

Packets that are subject to the strip-label action and are mirrored (using mirrors or lawful interception) will contain the original MPLS labels (and other L2 encapsulation) in the mirrored copy of the packet, as they appeared on the wire, when the mirror-dest type is the default type "ether”. If the mirror-dest type is "ip-only”, then the mirrored copy of the packet will not contain the original L2 encapsulation or the stripped MPLS labels.

The no form of this command removes the strip-label command.

Default

no strip-label

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

strip-srv6-tlvs

strip-srv6-tlvs

Syntax

[no] strip-srv6-tlvs

Context

[Tree] (config>router>bgp>group>neighbor>srv6>route>family strip-srv6-tlvs)

[Tree] (config>router>bgp>group>srv6>route>fam strip-srv6-tlvs)

Full Context

configure router bgp group neighbor segment-routing-v6 route-advertisement family strip-srv6-tlvs

configure router bgp group segment-routing-v6 route-advertisement family strip-srv6-tlvs

Description

This command specifies that BGP routes that belong to the address family configured in the family command are advertised to peers with SRv6 TLVs removed. Locally or remotely added SRv6 TLVs can be removed.

The no form of this command configures the router not to strip SRv6 TLVs from the BGP routes advertised to peers.

Default

no strip-srv6-tlvs

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

stub

stub

Syntax

[no] stub

Context

[Tree] (config>service>vprn>ospf>area stub)

[Tree] (config>service>vprn>ospf3>area stub)

Full Context

configure service vprn ospf area stub

configure service vprn ospf3 area stub

Description

This command enables access to the context to configure an OSPF stub area and adds/removes the stub designation from the area. External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF area cannot be both an NSSA and a stub area. Existing virtual links of a non STUB or NSSA area will be removed when its designation is changed to NSSA or STUB.

By default, an area is not a stub area.

The no form of this command removes the stub designation and configuration context from the area.

Default

no stub — The area is not configured as a stub area.

Platforms

All

stub

Syntax

[no] stub

Context

[Tree] (config>router>ospf3>area stub)

[Tree] (config>router>ospf>area stub)

Full Context

configure router ospf3 area stub

configure router ospf area stub

Description

This command enables access to the context to configure an OSPF or OSPF3 stub area and adds/removes the stub designation from the area.

External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF or OSPF3 area cannot be both an NSSA and a stub area.

Existing virtual links of a non STUB or NSSA area will be removed when its designation is changed to NSSA or STUB.

By default, an area is not a stub area.

The no form of this command removes the stub designation and configuration context from the area.

Default

no stub

Platforms

All

sub-domain

sub-domain

Syntax

sub-domain sub-domain

no sub-domain

Context

[Tree] (config>service>vprn>mvpn>provider-tunnel>selective>bier sub-domain)

[Tree] (config>service>vprn>mvpn>provider-tunnel>inclusive>bier sub-domain)

Full Context

configure service vprn mvpn provider-tunnel selective bier sub-domain

configure service vprn mvpn provider-tunnel inclusive bier sub-domain

Description

This command sets the sub-domain used to attach the BIER provider tunnel. Both PMSI within the MVPN need to have the same sub-domain.

The no form of this command removes the sub-domain.

Parameters

sub-domain

The identifier of the sub-domain.

Values

0 to 255

Platforms

All

sub-domain

Syntax

[no] sub-domain sub-domain

[no] sub-domain start sub-domain end sub-domain

Context

[Tree] (config>router>bier>template sub-domain)

Full Context

configure router bier template sub-domain

Description

This command creates a BIER sub-domain or range of sub-domains. For example, for IS-IS each sub-domain is associated with a single IS-IS topology, which may be any of the topologies supported by IS-IS.

The no form of this command removes a sub-domain.

Default

sub-domain 0

Parameters

sub-domain

The ID of the sub-domain to be created or removed.

Values

0 to 255

Platforms

All

sub-host-trk

sub-host-trk

Syntax

[no] sub-host-trk

Context

[Tree] (config>redundancy>multi-chassis>peer>sync sub-host-trk)

Full Context

configure redundancy multi-chassis peer sync sub-host-trk

Description

This command specifies whether subscriber host tracking information should be synchronized with the multi-chassis peer.

Default

no sub-host-trk

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-hosts-only

sub-hosts-only

Syntax

[no] sub-hosts-only

Context

[Tree] (config>service>vprn>igmp>grp-if sub-hosts-only)

Full Context

configure service vprn igmp group-interface sub-hosts-only

Description

This command enables the IGMP traffic from known hosts only.

The no form of this command disable the IGMP traffic from known hosts only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-hosts-only

Syntax

[no] sub-hosts-only

Context

[Tree] (config>router>igmp>group-interface sub-hosts-only)

Full Context

configure router igmp group-interface sub-hosts-only

Description

This command disables the processing of IGMP messages outside of the subscriber-host context. No other hosts outside of the subscriber-hosts can create IGMP states.

Disabling this command allows the creation of the IGMP states that correspond to the AN that operate in IGMP proxy mode. In this mode, the AN will hide source IP addresses of IGMP messages and will source IGMP messages with its own IP address. In this case, an IGMP state can be created under the sap context. This IGMP state creation under the SAP is controlled via the import policy under the group-interface.

The IGMP state processing for regular subscriber-hosts is unaffected by this command.

The no form of the command disables the command.

Default

sub-hosts-only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-hosts-only

Syntax

[no] sub-hosts-only

Context

[Tree] (config>router>mld>group-interface sub-hosts-only)

Full Context

configure router mld group-interface sub-hosts-only

Description

This command processes the handling of MLD joins received from hosts that are not known in subscriber management or on which no MLD policy is applied.

Disabling this command allows the creation of the MLD states that correspond to the AN that operate in MLD proxy mode. In this mode, the AN will hide source IP addresses of MLD messages and will source MLD messages with its own IP address. In this case, an MLD state can be created under the sap context. This MLD state creation under the SAP is controlled via the import policy under the group-interface.

The MLD state processing for regular subscriber-hosts is unaffected by this command.

The no form of the command enables the command.

Default

sub-hosts-only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-id

sub-id

Syntax

[no] sub-id

Context

[Tree] (config>service>nat>syslog>syslog-export-policy>include sub-id)

Full Context

configure service nat syslog syslog-export-policy include sub-id

Description

This command includes the sub-id string in the flow log. The sub-id is applicable only in subscriber-aware NAT. If subscriber-aware NAT is not enabled, the sub-id string is set to '-'.

The no form of the command disables the feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sub-ident-policy

sub-ident-policy

Syntax

[no] sub-ident-policy sub-ident-policy-name

Context

[Tree] (config>subscr-mgmt sub-ident-policy)

Full Context

configure subscriber-mgmt sub-ident-policy

Description

This command configures a subscriber identification policy. Each subscriber identification policy can have a default subscriber profile defined. The subscriber identification policy default subscriber profile overrides the system default and the subscriber SAP default subscriber profiles. Defining a subscriber identification policy default subscriber profile is optional.

The subscriber identification policy default subscriber profile cannot be defined with the subscriber profile name default.

Defining a subscriber profile as a subscriber identification policy default subscriber profile will cause all active subscribers currently associated with a subscriber SAP using the policy and associated with a subscriber policy through the system default or subscriber SAP default subscriber profiles to be reassigned to the subscriber policy defined as default on the subscriber identification policy.

Attempting to delete a subscriber profile that is currently defined as a default for a subscriber identification policy will fail.

When attempting to remove a subscriber identification policy default subscriber profile definition, the system will evaluate each active subscriber on all subscriber SAPs the subscriber identification policy is currently associated with that are using the default definition to determine whether the active subscriber can be either reassigned to a subscriber SAP default or the system default subscriber profile. If all active subscribers cannot be reassigned, the removal attempt will fail.

The no form of this command reverts to the default.

Parameters

sub-ident-policy-name

Specifies the name of the subscriber identification policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-ident-policy

Syntax

sub-ident-policy sub-ident-policy-name

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>vpls>sap>sub-sla-mgmt sub-ident-policy)

[Tree] (config>subscr-mgmt>msap-policy>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap-parameters>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap-parameters>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt sub-ident-policy)

Full Context

configure service ies subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy

configure service vpls sap sub-sla-mgmt sub-ident-policy

configure subscriber-mgmt msap-policy sub-sla-mgmt sub-ident-policy

configure service vprn subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy

configure service ies subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy

Description

This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sub-ident-policy context.

Subscribers are managed by the system through the use of subscriber identification strings such as a subscriber identifier, an sla-profile string, a sub-profile string and an app-profile string.

The subscriber identification policy performs following functions for subscriber hosts and sessions associated with the SAP or MSAP:

  • mapping of sla-profile, sub-profile and app-profile strings obtained from authentication (for example, LUDB, RADIUS, Diameter, or Python) into profile names that are configured on the router

  • for IPoE DHCPv4 hosts, the subscriber identification strings can be derived from the DHCP ACK message sent to the subscriber host using a Python script referenced in the sub-ident-policy

  • for PPPoE hosts that get an IPv4 address via the PPPoE DHCPv4 client and for IPoE DHCPv4 hosts, an SR OS DHCPv4 server in combination with an LUDB returns the identification strings in a DHCPv4 option. The strings-from-option command in the sub-ident-policy tells the system from which option to extract the identification strings.

The no form of this command removes the default subscriber identification policy from the SAP configuration.

Parameters

sub-ident-policy-name

Specifies a subscriber identification policy for this SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy
  • configure service vpls sap sub-sla-mgmt sub-ident-policy
  • configure service ies subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy
  • configure subscriber-mgmt msap-policy sub-sla-mgmt sub-ident-policy

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy
  • configure service vprn subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy

sub-ident-policy

Syntax

[no] sub-ident-policy policy-name

Context

[Tree] (debug>subscr-mgmt sub-ident-policy)

Full Context

debug subscriber-mgmt sub-ident-policy

Description

This command debugs subscriber identification policies.

The no form of this command disables debugging.

Parameters

policy-name

Specifies the subscriber identification policy to debug.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-ident-policy

Syntax

sub-ident-policy sub-ident-policy-name

no sub-ident-policy

Context

[Tree] (config>app-assure>group>transit-ip-policy sub-ident-policy)

Full Context

configure application-assurance group transit-ip-policy sub-ident-policy

Description

This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscribermgmt>sub-ident-policy context.

Subscribers are managed by the system through the use of subscriber identification strings. A subscriber identification string uniquely identifies a subscriber. For static hosts, the subscriber identification string is explicitly defined with each static subscriber host.

For dynamic hosts, the subscriber identification string must be derived from the DHCP ACK message sent to the subscriber host. The default value for the string is the content of Option 82 CIRCUIT-ID and REMOTE-ID fields interpreted as an octet string. As an option, the DHCP ACK message may be processed by a subscriber identification policy which has the capability to parse the message into an alternative ASCII or octet string value.

When multiple hosts on the same port are associated with the same subscriber identification string they are considered to be host members of the same subscriber.

A sub-ident-policy can also be used for identifying dynamic transit subscriber names.

The no form of this command removes the default subscriber identification policy from the SAP configuration.

Default

no sub-ident-policy

Parameters

sub-ident-policy-name

Specifies the subscriber identification policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sub-insert-credit-control

sub-insert-credit-control

Syntax

sub-insert-credit-control start-entry entry-id count count

no sub-insert-credit-control

Context

[Tree] (config>filter>ip-filter sub-insert-credit-control)

[Tree] (config>filter>ipv6-filter sub-insert-credit-control)

Full Context

configure filter ip-filter sub-insert-credit-control

configure filter ipv6-filter sub-insert-credit-control

Description

This command inserts point information for credit control for the filter.

The no form of the command reverts to the default.

Default

no sub-insert-credit-control

Parameters

entry-id

Identifies a filter on this system.

Values

1 to 2097151

count

Specifies the count

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-insert-radius

sub-insert-radius

Syntax

sub-insert-radius start-entry entry-id count count

no sub-insert-radius

Context

[Tree] (config>filter>ip-filter sub-insert-radius)

[Tree] (config>filter>ipv6-filter sub-insert-radius)

Full Context

configure filter ip-filter sub-insert-radius

configure filter ipv6-filter sub-insert-radius

Description

This command inserts point information for RADIUS for the filter.

The no form of the command reverts to the default.

Default

no sub-insert-radius

Parameters

entry-id

Specifies at what place the filter entries received from RADIUS will be inserted in the filter.

Values

1 to 2097151

count

Specifies the count.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-insert-shared-pccrule

sub-insert-shared-pccrule

Syntax

sub-insert-shared-pccrule start-entry entry-id count count

no sub-insert-shared-pccrule

Context

[Tree] (config>qos>sap-egress sub-insert-shared-pccrule)

[Tree] (config>qos>sap-ingress sub-insert-shared-pccrule)

Full Context

configure qos sap-egress sub-insert-shared-pccrule

configure qos sap-ingress sub-insert-shared-pccrule

Description

This command defines the range of filter and QoS policy entries that are reserved for shared entries received in Flow-Information AVP via Gx interface (PCC rules – Policy and Charging Control).

The no form of this command disables the insertion, which will result in a failure of PCC rule installation.

Default

no sub-insert-shared-pccrule

Parameters

entry-id

Specifies the lowest entry in the range.

Values

1 to 65535

count

Specifies the number of entries in the range.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-insert-shared-pccrule

Syntax

sub-insert-shared-pccrule start-entry entry-id count count

no sub-insert-shared-pccrule

Context

[Tree] (config>filter>ip-filter sub-insert-shared-pccrule)

[Tree] (config>filter>ipv6-filter sub-insert-shared-pccrule)

Full Context

configure filter ip-filter sub-insert-shared-pccrule

configure filter ipv6-filter sub-insert-shared-pccrule

Description

This command defines the range of filter and QoS policy entries that are reserved for shared entries received in Flow-Information AVP via Gx interface (PCC rules – Policy and Charging Control). The no form of this command disables the insertion, which will result in a failure of PCC rule installation.

Default

no sub-insert-shared-pccrule

Parameters

entry-id

Specifies the lowest entry in the range.

Values

1 to 2097151

count

Specifies the number of entries in the range.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-insert-shared-radius

sub-insert-shared-radius

Syntax

sub-insert-shared-radius start-entry entry-id count count

no sub-insert-shared-radius

Context

[Tree] (config>filter>ip-filter sub-insert-shared-radius)

[Tree] (config>filter>ipv6-filter sub-insert-shared-radius)

Full Context

configure filter ip-filter sub-insert-shared-radius

configure filter ipv6-filter sub-insert-shared-radius

Description

This command configures the insert point for shared host rules from RADIUS.

Default

no sub-insert-shared-radius

Parameters

entry-id

Identifies a filter on this system.

Values

1 to 2097151

count

Specifies the count.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-insert-wmark

sub-insert-wmark

Syntax

sub-insert-wmark low low-watermark high high-watermark

no sub-insert-wmark

Context

[Tree] (config>filter>ip-filter sub-insert-wmark)

[Tree] (config>filter>ipv6-filter sub-insert-wmark)

Full Context

configure filter ip-filter sub-insert-wmark

configure filter ipv6-filter sub-insert-wmark

Description

This command configures the low and high watermark percentage for inserted filter entry usage reporting.

The no form of the command reverts to the default.

Default

sub-insert-wmark low 90 high 95

Parameters

low-watermark

Specifies the utilization of the filter ranges for filter entry insertion, at which a table full alarm will be cleared by the agent.

Values

0 to 100

high-watermark

Specifies the utilization of the filter ranges for filter entry insertion, at which a table full alarm will be raised by the agent.

Values

0 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-mcac-policy

sub-mcac-policy

Syntax

sub-mcac-policy sub-mcac-policy-name [create]

no sub-mcac-policy b

Context

[Tree] (config>subscr-mgmt sub-mcac-policy)

Full Context

configure subscriber-mgmt sub-mcac-policy

Description

This command creates a policy template with MCAC bandwidth limits that are applied to the subscriber.

Per interface mcac bandwidth limits are set directly under the interface (regular interface or group-interface) and no such policy templates are needed.

The need for a separate policy template for subscribers is due to the fact that groups of subscribers under the same group-interface can share certain settings that can be configured via this template.

To summarize, the MCAC bandwidth constraints for subscribers are defined in the sub-mcac-policy while the mcac bandwidth constraints for the interface are configured directly under the igmp>interface>mcac or igmp>grp-if>mcac context without the need for policy templates.

Note:

The sub-mcac-policy only deals with the mcac bandwidth limits and not the channel bandwidth definitions. Channels bandwidth is defined in a different policy (in the config>router>mcac context) and that policy is applied on the interface level as follows:

  • For group-interface: under the config>service>vprn>igmp>grp-if>mcac context

  • For regular interface: under the config>service/router>igmp>interface>mcac context.

In case of HQoS Adjustment, it is mandatory that the sub-mcac-policy be created and applied to the subscriber. The sub-mac-policy does not have to contain any bandwidth constrains, but it has to be in a no shutdown state in order for HQoS Adjustment to work.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the name of the policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

sub-mcac-policy

Syntax

sub-mcac-policy policy-name

no sub-mcac-policy

Context

[Tree] (config>subscr-mgmt>sub-prof sub-mcac-policy)

Full Context

configure subscriber-mgmt sub-profile sub-mcac-policy

Description

This command references the policy template in which the mcac bandwidth limits are defined. Mcac for the subscriber is effectively enabled with this command when the sub-profile is applied to the subscriber. The bandwidth of the channels is defined in a different policy (under the config>router>mcac context) and this policy is applied on the interface level as follows:

  • For group-interfaces under the config>service>vprn>igmp>grp-if>mcac context

  • For regular interfaces under the config>service/router>igmp>interface>mcac context

In case of HQoS Adjustment, it is mandatory that the sub-mcac-policy be created and applied to the subscriber. The sub-mac-policy does not have to contain any bandwidth constrains, but it has to be in a no shutdown state in order for HQoS Adjustment to work.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies the policy name configured in the config>subscr-mgmt>sub-mcac-policy context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

sub-mgmt

sub-mgmt

Syntax

[no] sub-mgmt

Context

[Tree] (config>redundancy>multi-chassis>options sub-mgmt)

Full Context

configure redundancy multi-chassis options sub-mgmt

Description

This command enables the CLI context to configure subscriber management multi-chassis options parameters.

Default

sub-mgmt

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-mgmt-extensions

sub-mgmt-extensions

Syntax

[no] sub-mgmt-extensions

Context

[Tree] (config>fwd-path-ext>fpe sub-mgmt-extensions)

Full Context

configure fwd-path-ext fpe sub-mgmt-extensions

Description

This command configures FPE for subscriber management extensions. The FPE cannot be used for other applications but can be used for multiple subscriber management applications.

The no version of this command disables FPE for subscriber management extensions.

Default

no sub-mgmt-extensions

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sub-port

sub-port

Syntax

sub-port port-id [create]

no sub-port port-id

Context

[Tree] (config>port>ethernet>dot1x>macsec sub-port)

Full Context

configure port ethernet dot1x macsec sub-port

Description

This command creates a MACsec instance on a physical port, targeting the specific subset of traffic defined by the encap-match command.

The no form of this command removes the MACsec instance.

Parameters

port-id

Specifies the sub-port id index.

Values

1 to 1023

create

Creates a new sub-port.

Platforms

All

sub-profile

sub-profile

Syntax

[no] sub-profile

Context

[Tree] (config subscr-mgmt acct-plcy include-radius-attribute sub-profile)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute sub-profile

Description

This command specifies that subscriber profile attributes should be included into RADIUS accounting messages.

The no form of this command excludes subscriber profile attributes into RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-profile

Syntax

sub-profile sub-profile-name

no sub-profile

Context

[Tree] (config service ies if sap static-host sub-profile)

[Tree] (config service ies sub-if grp-if sap static-host sub-profile)

[Tree] (config service vpls sap static-host sub-profile)

[Tree] (config service vprn if sap static-host sub-profile)

[Tree] (config service vprn sub-if grp-if sap static-host sub-profile)

Full Context

configure service ies interface sap static-host sub-profile

configure service ies subscriber-interface group-interface sap static-host sub-profile

configure service vpls sap static-host sub-profile

configure service vprn interface sap static-host sub-profile

configure service vprn subscriber-interface group-interface sap static-host sub-profile

Description

This command specifies an existing subscriber profile name to be associated with the static subscriber host.

The no form of this command reverts to the default.

Parameters

sub-profile-name

Specifies the sub-profile name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-profile

Syntax

[no] sub-profile subscriber-profile-name

Context

[Tree] (config subscr-mgmt sub-profile)

Full Context

configure subscriber-mgmt sub-profile

Description

Commands in this context configure a subscriber profile. A subscriber profile is a template used to define the aggregate QoS for all hosts within a subscriber context. This is done through the definition of the egress and ingress scheduler policies that govern the aggregate SLA for subscribers using the subscriber profile. Subscriber profiles also allow for specific SLA profile definitions when the default definitions from the subscriber identification policy must be overridden.

Subscribers are either explicitly mapped to a subscriber profile template or are dynamically associated by one of various non-provisioned subscriber profile definitions.

A subscriber host can be associated with a subscriber profile in the following ways, listed from lowest to highest precedence:

  1. The subscriber profile named default.

  2. The subscriber profile defined as the subscriber SAP default.

  3. The subscriber profile found by the subscriber identification policy sub-profile-map.

  4. The subscriber profile found by the subscriber identification policy explicit map.

In the event that no defaults are defined and the subscriber identification string is not explicitly provisioned to map to a subscriber profile, either the static subscriber host creation will fail or the dynamic subscriber host DHCP ACK is discarded.

Default Subscriber profile:

When a subscriber profile is created with the subscriber-profile-name default, it is used when no other subscriber profile is associated with the subscriber host by the system. Creating a subscriber profile with the subscriber-profile-name default is optional. If a default subscriber profile is not created, all subscriber hosts subscriber identification strings must match either a non-provisioned default or be provisioned as an explicit match to a subscriber profile.

The default profile has no effect on existing active subscriber on the system as they exist due to higher precedence mappings.

Attempting to delete any subscriber profile (including the profile named default) while in use by existing active subscribers will fail.

The no form of this command reverts to the default.

Parameters

subscriber-profile-name

Specifies the name of the subscriber profile, up to 32 characters.

create

Keyword used to create the subscriber profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-profile-map

sub-profile-map

Syntax

sub-profile-map

Context

[Tree] (config>subscr-mgmt>sub-ident-pol sub-profile-map)

Full Context

configure subscriber-mgmt sub-ident-policy sub-profile-map

Description

Commands in this context configure subscriber profile mapping parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-profile-string

sub-profile-string

Syntax

sub-profile-string sub-profile-string

no sub-profile-string

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings sub-profile-string)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings sub-profile-string)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings sub-profile-string

configure subscriber-mgmt local-user-db ppp host identification-strings sub-profile-string

Description

This command specifies the subscriber profile string which is encoded in the identification strings.

The no form of this command returns to the default.

Parameters

sub-profile-string

Specifies the subscriber profile string, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-profile-string

Syntax

sub-profile-string string

no sub-profile-string

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile sub-profile-string)

Full Context

configure subscriber-mgmt vrgw brg brg-profile sub-profile-string

Description

This string will be used as a default for subscriber-profile lookup. This string can be overridden during BRG or host authentication. The no form of the command removes the string from the configuration.

Default

no sub-profile-string

Parameters

string

Specifies the string used to look up the subscriber profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

sub-ring

sub-ring

Syntax

[no] sub-ring {virtual-link | non-virtual-link}

Context

[Tree] (config>eth-ring sub-ring)

Full Context

configure eth-ring sub-ring

Description

This command specifies this ring-id to be sub-ring as defined in G.80312. By declaring this ring as a sub-ring object, this ring will only have one valid path and the sub-ring will be connected to a major ring or a VPLS instance.

The virtual-link keyword declares that a sub-ring is connected to another ring and control messages can be sent over the attached ring to the other side of the sub-ring.

The non-virtual-link channel parameter declares that a sub-ring may be connected to another ring or to a VPLS instance but no control messages from the sub-ring use the attached ring or VPLS instance. The non-virtual channel behavior is standard G.8032 capability.

The no form of this command deletes the sub-ring and its virtual channel associations.

Default

no sub-ring

Parameters

virtual-link

Specifies that the interconnection is to a ring and a virtual link will be used.

non-virtual-link

Specifies that the interconnection is to a ring or a VPLS instance and a virtual link will not be used.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sub-sla-mgmt

sub-sla-mgmt

Syntax

[no] sub-sla-mgmt

Context

[Tree] (config>service>vpls>sap sub-sla-mgmt)

[Tree] (config>subscr-mgmt>msap-policy sub-sla-mgmt)

[Tree] (config>service>vprn>sub-if>grp-if>sap sub-sla-mgmt)

[Tree] (config>service>vprn>if>sap sub-sla-mgmt)

[Tree] (config>service>ies>sub-if>grp-if>sap sub-sla-mgmt)

[Tree] (config>service>ies>if>sap sub-sla-mgmt)

Full Context

configure service vpls sap sub-sla-mgmt

configure subscriber-mgmt msap-policy sub-sla-mgmt

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt

configure service vprn interface sap sub-sla-mgmt

configure service ies subscriber-interface group-interface sap sub-sla-mgmt

configure service ies interface sap sub-sla-mgmt

Description

Commands in this context configure subscriber management parameters for this SAP.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vpls sap sub-sla-mgmt
  • configure subscriber-mgmt msap-policy sub-sla-mgmt
  • configure service vprn subscriber-interface group-interface sap sub-sla-mgmt
  • configure service ies subscriber-interface group-interface sap sub-sla-mgmt

All

  • configure service ies interface sap sub-sla-mgmt
  • configure service vprn interface sap sub-sla-mgmt

sub-sla-mgmt

Syntax

[no] sub-sla-mgmt

Context

[Tree] (config>service>ies>sub-if>grp-if>sap-parameters sub-sla-mgmt)

[Tree] (config>service>vprn>sub-if>grp-if>sap-parameters sub-sla-mgmt)

Full Context

configure service ies subscriber-interface group-interface sap-parameters sub-sla-mgmt

configure service vprn subscriber-interface group-interface sap-parameters sub-sla-mgmt

Description

Commands in this context configure subscriber management parameters.

The no form of this command removes the parameters from the configuration.

Default

sub-sla-mgmt

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

subject

subject

Syntax

subject {eq | neq} subject [regexp]

no subject

Context

[Tree] (config>service>vprn>log>filter>entry>match subject)

Full Context

configure service vprn log filter entry match subject

Description

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case the port-id string would be the subject. Only one subject command can be entered per event filter entry. The latest subject command overwrites the previous command.

The no form of this command removes the subject match criterion.

Default

no subject

Parameters

eq | neq

This operator specifies the type of match. Valid operators are listed below.

Values

Operator

Notes

eq

equal to

neq

not equal to

subject

A string used as the subject match criterion.

regexp

Specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered.

When regexp keyword is not specified, the subject command string is matched exactly by the event filter.

Platforms

All

subject

Syntax

subject {eq | neq} subject [regexp]

no subject

Context

[Tree] (config>log>filter>entry>match subject)

Full Context

configure log filter entry match subject

Description

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case the port-id string would be the subject. Only one subject command can be entered per event filter entry. The latest subject command overwrites the previous command.

The no form of this command removes the subject match criterion.

Parameters

eq | neq

Specifies the match type. Valid operators are listed in Valid Operators.

Table 57. Valid Operators

Operator

Notes

eq

equal to

neg

not equal to

subject

Specifies a string up to 32 characters, used as the subject match criterion.

regexp

Specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered. When the regexp keyword is not specified, the subject command string is matched exactly by the event filter.

Platforms

All

subnet

subnet

Syntax

subnet {ip-address/mask | ip-address netmask} [create]

no subnet {ip-address/mask | ip-address netmask}

Context

[Tree] (config>service>vprn>dhcp>server>pool subnet)

[Tree] (config>router>dhcp>server>pool subnet)

Full Context

configure service vprn dhcp local-dhcp-server pool subnet

configure router dhcp local-dhcp-server pool subnet

Description

This command creates a subnet of IP addresses to be served from the pool. The subnet cannot include any addresses that were assigned to subscribers without those addresses specifically excluded. When the subnet is created, no IP addresses are made available until a range is defined.

The no form of the removes the subnet parameters from the configuration.

Parameters

ip-prefix/mask

Specifies the address prefix and mask. A mask of 255.255.255.255 is reserved for system IP addresses.

Values

ip-prefix: a.b.c.d

mask: 8 to 32

netmask

Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

Values

a.b.c.d, any mask expressed as dotted quad

create

Keyword used to create the subnet. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subnet-check

subnet-check

Syntax

[no] subnet-check

Context

[Tree] (config>service>vprn>igmp>grp-if subnet-check)

[Tree] (config>service>vprn>igmp>if subnet-check)

Full Context

configure service vprn igmp group-interface subnet-check

configure service vprn igmp interface subnet-check

Description

This command enables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

The no form of this command disables local subnet checking for IGMP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn igmp group-interface subnet-check

All

  • configure service vprn igmp interface subnet-check

subnet-check

Syntax

[no] subnet-check

Context

[Tree] (config>router>igmp>group-interface subnet-check)

[Tree] (config>router>igmp>if subnet-check)

Full Context

configure router igmp group-interface subnet-check

configure router igmp interface subnet-check

Description

This command enables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

Default

subnet-check

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router igmp group-interface subnet-check

All

  • configure router igmp interface subnet-check

subnet-check

Syntax

[no] subnet-check

Context

[Tree] (config>router>mld>group-interface subnet-check)

Full Context

configure router mld group-interface subnet-check

Description

This command enables subnet checking for MLD messages received on this interface. All MLD packets with a source address that is not in the local subnet are dropped.

Default

subnet-check

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subnet-mask

subnet-mask

Syntax

subnet-mask ip-address

no subnet-mask

Context

[Tree] (config>router>dhcp>server>pool>subnet>options subnet-mask)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options subnet-mask)

Full Context

configure router dhcp local-dhcp-server pool subnet options subnet-mask

configure subscriber-mgmt local-user-db ipoe host options subnet-mask

Description

This command specifies the subnet-mask option to the client. The mask can either be defined (for supernetting) or taken from the pool address.

The no form of this command removes the address from the configuration.

Parameters

ip-address

Specifies the IP address of the subnet mask. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subrate

subrate

Syntax

subrate {digital-link | larscom} rate-step

no subrate

Context

[Tree] (config>port>tdm>ds3 subrate)

Full Context

configure port tdm ds3 subrate

Description

This command configures the channel service unit (CSU) compatibility mode to interoperate with existing DS-3 subrate standards.

This configuration applies only for non-channelized DS-3s on ASAP TDM MDAs.

The no form of this command remove the subrate functionality.

Default

no subrate

Parameters

digital-link

Enables the Digital-Link (Quick Eagle) CSU compatibility mode.

larscom

Enables the Larscom CSU compatibility mode.

rate-step

Specifies the subrate value for the associated DS-3.

Values

1 to 147 (digital-link) 1 to 14 (larscom)

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

subscriber

subscriber

Syntax

subscriber sub-ident

no subscriber

Context

[Tree] (config>service>vprn>if>sap>static-host subscriber)

[Tree] (config>service>vpls>sap>static-host subscriber)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host subscriber)

[Tree] (config>service>ies>if>sap>static-host subscriber)

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host subscriber)

Full Context

configure service vprn interface sap static-host subscriber

configure service vpls sap static-host subscriber

configure service ies subscriber-interface group-interface sap static-host subscriber

configure service ies interface sap static-host subscriber

configure service vprn subscriber-interface group-interface sap static-host subscriber

Description

This command specifies an existing subscriber identification profile to be associated with the static subscriber host.

Parameters

sub-ident

Specifies the subscriber identification.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber

Syntax

subscriber sub-ident-string [sap sap-id] [ip ip-address] [{[mac ieee-address] | sla-profile sla-profile-name}] [fc {[be] [l2] [af] [l1] [ h2] [ef] [h1] [nc]}] {[ingress] [ egress]} [host-type host-type] [family family]

no subscriber sub-ident-string

Context

[Tree] (config>mirror>mirror-source subscriber)

Full Context

configure mirror mirror-source subscriber

Description

This command adds hosts of a subscriber to mirroring service.

Parameters

sub-ident-string

Specifies the name of the subscriber identification policy.

sap-id

Specifies the physical port identifier portion of the SAP definition.

ip-address

Specifies the service IP address (system IP address) of the remote device sending LI traffic. If 0.0.0.0 is specified, any remote router is allowed to send to this service.

Values

1.0.0.1 to 223.255.255.254

ieee-address

Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

sla-profile-name

Each host of a subscriber can use a different sla-profile. This option allows interception of only the hosts using the specified sla-profile. In some deployments sla-profiles are assigned per type of traffic. There can be, for example, a specific sla-profile for voice traffic (which could be used for all SIP-hosts). The name can have up to 32 characters.

fc

Specifies the name of the forwarding class with which to associate traffic. The forwarding class name must already be defined within the system. If the fc-name does not exist, an error will be returned and the fc command will have no effect. If the fc-name does exist, the forwarding class associated with fc-name will override the default forwarding class.

Values

be, l2, af, l1, h2, ef, h1, nc

egress

Specifies that packets egressing the SAP should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.

host-type

Specifies the host type for mirroring. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipoe, ppp

family

Specifies the IP family for mirroring. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipv4, ipv6

Platforms

All

subscriber

Syntax

subscriber sub-ident-string [sap sap-id [ip ip-address] [mac ieee-address] | sla-profile sla-profile-name] [fc {[be] [l2] [af] [l1] [ h2] [ef] [h1] [nc]}] [intercept-id intercept-id] [session-id session-id] {[ingress] [egress]} [ host-type host-type] [family ip-family]

no subscriber sub-ident-string

Context

[Tree] (config>li>li-source subscriber)

Full Context

configure li li-source subscriber

Description

This command adds hosts of a subscriber to mirroring service.

Parameters

sub-ident-string

Specifies the name of the subscriber identification policy.

sap-id

Specifies the physical port identifier portion of the SAP definition.

ip-address

Specifies the service IP address (system IP address) of the remote device sending LI traffic. If 0.0.0.0 is specified, any remote router is allowed to send to this service.

Values

1.0.0.1 to 223.255.255.254

ieee-address

Specifies a MAC address when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

sla-profile-name

Specifies an SLA profile name, up to 32 characters. Each host of a subscriber can use a different sla-profile. This option allows interception of only the hosts using the specified sla-profile. In some deployments sla-profiles are assigned per type of traffic. There can be, for example, a specific sla-profile for voice traffic (which could be used for all SIP-hosts).

fc

The name of the forwarding class with which to associate LI traffic. The forwarding class name must already be defined within the system. If the fc-name does not exist, an error will be returned and the fc command will have no effect. If the fc-name does exist, the forwarding class associated with fc-name will override the default forwarding class.

Values

be, l2, af, l1, h2, ef, h1, nc

intercept-id

Specifies the intercept-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept-id can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs.

For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept-id is inserted and none can be specified against the li-source entries.

Values

1 to 4294967295 (32b) For nat li-source entries that are using a mirror service that is not configured with routable encap

Values

1 to 1,073,741,824 (30b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encapsulation and no direction-bit.

Values

1 to 536,870,912 (29b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encapsulation and with the direction-bit enabled.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encapsulation (config>mirror>mirror-dest>encap>ip-udp-shim).

For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encapsulation) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session-id is inserted and none can be specified against the li-source entries.

Values

1 to 4,294,967,295 (32b)

ingress

Specifies the ingress policy for lawful intercept.

egress

Specifies the egress policy for lawful intercept.

host-type

Specifies the host type for lawful intercept. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipoe, ppp

ip-family

Specifies the IP family for lawful intercept. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipv4, ipv6

Platforms

All

subscriber

Syntax

subscriber sub-ident-string [sap sap-id] [ip ip-address] [{mac ieee-address] | sla-profile sla-profile-name}] [fc {[be] [l2] [af] [l1] [ h2] [ef] [h1] [nc]}] {[ingress] [ egress]}

no subscriber sub-ident-string

Context

[Tree] (debug>mirroring-source subscriber)

Full Context

debug mirroring-source subscriber

Description

This command adds hosts of a subscriber to mirroring service.

Parameters

sub-ident-string

Specifies the name of the subscriber identification policy.

sap-id

Specifies the physical port identifier portion of the SAP definition.

ip-address

The service IP address (system IP address) of the remote 7750 SR or 7450 ESS device sending LI traffic.

Values

1.0.0.1 to 223.255.255.254

ieee-address

Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

sla-profile-name

Specifies the SLA profile name, up to 32 characters.

fc

Specifies name of the forwarding class with which to associate LI traffic.

Values

be, l2, af, l1, h2, ef, h1, nc

ingress

Specifies information for the ingress policy.

egress

Specifies information for the egress policy.

subscriber-bw-limit

subscriber-bw-limit

Syntax

subscriber-bw-limit bandwidth

no subscriber-bw-limit

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if subscriber-bw-limit)

Full Context

configure mcast-management multicast-info-policy video-policy video-interface subscriber-bw-limit

Description

This command configures of an egress per-subscriber bandwidth limit for the combined retransmission and Fast Channel Change (FCC) replies for requests received directed to the IP address. If the bandwidth for a request will exceed the bandwidth limit, the request is logged and dropped.

The no form of the command disables enforcement of an egress bandwidth limit.

Default

no subscriber-bw-limit

Parameters

bandwidth

The per-subscriber egress bandwidth limit for retransmission and FCC packets in kilobits per second expressed as an integer indicates infinity or no limit.

Values

1 to 4294967295 kb/s

Platforms

7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

subscriber-data

subscriber-data

Syntax

[no] subscriber-data

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes subscriber-data)

Full Context

configure aaa isa-radius-policy acct-include-attributes subscriber-data

Description

This command enables the inclusion of subscriber data attributes.

The no form of the command excludes subscriber data attributes.

Default

no subscriber-data

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-id

subscriber-id

Syntax

subscriber-id sub-ident-string

no subscriber-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings subscriber-id)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings subscriber-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings subscriber-id

configure subscriber-mgmt local-user-db ppp host identification-strings subscriber-id

Description

This command specifies the subscriber ID which is encoded in the identification strings.

The no form of this command returns to the default.

Parameters

sub-ident-string

Specifies the subscriber ID string, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-id

Syntax

[no] subscriber-id

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute subscriber-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute subscriber-id

Description

This command specifies that subscriber ID attributes should be included into RADIUS accounting messages.

The no form of this command excludes subscriber ID attributes into RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-id

Syntax

[no] subscriber-id

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes subscriber-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes subscriber-id

Description

This command specifies that subscriber ID attributes should be included into RADIUS accounting messages.

Default

no subscriber-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-identification

subscriber-identification

Syntax

subscriber-identification

Context

[Tree] (config>router>nat>inside subscriber-identification)

Full Context

configure router nat inside subscriber-identification

Description

Commands in this context configure subscriber identification for Large Scale NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-interface

subscriber-interface

Syntax

subscriber-interface ip-int-name [create] [wan-mode mode]

subscriber-interface ip-int-name [create] fwd-service service-id fwd-subscriber-interface fwd-int-name [wan-mode mode]

no subscriber-interface ip-int-name

Context

[Tree] (config>service>vprn subscriber-interface)

[Tree] (config>service>ies subscriber-interface)

Full Context

configure service vprn subscriber-interface

configure service ies subscriber-interface

Description

This command allows the operator to create special subscriber-based interfaces. It is used to contain multiple group interfaces. Multiple subnets associated with the subscriber interface can be applied to any of the contained group interfaces in any combination. The subscriber interface allows subnet sharing between group interfaces.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies the interface name of a subscriber interface, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

Keyword used to create the subscriber interface.

fwd-service service-id

Specifies the wholesale service ID or service name.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters

ip-int-name

Specifies the wholesale subscriber interface.

wan-mode mode

Specifies the WAN mode as 64-bit or 128-bit. To change the WAN mode after creation, the interface must first be removed then recreated.

Values

mode64, mode128

Default

mode64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-interface-statistics

subscriber-interface-statistics

Syntax

subscriber-interface-statistics

Context

[Tree] (config>subscr-mgmt subscriber-interface-statistics)

Full Context

configure subscriber-mgmt subscriber-interface-statistics

Description

Commands in this context enable or disable the collection of subscriber interface statistics.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-limit

subscriber-limit

Syntax

subscriber-limit limit

no subscriber-limit

Context

[Tree] (config>service>vprn>nat>outside>pool subscriber-limit)

Full Context

configure service vprn nat outside pool subscriber-limit

Description

This command configures the maximum number of subscribers per outside IP address.

If multiple port blocks per subscriber are used, the block size is typically small; all blocks assigned to a given subscriber belong to the same IP address; the subscriber limit guarantees that any subscriber can get a minimum number of ports.

Parameters

limit

Specifies the maximum number of subscribers per outside IP address.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-mgmt

subscriber-mgmt

Syntax

subscriber-mgmt

Context

[Tree] (config>service>vprn subscriber-mgmt)

[Tree] (config>service>ies subscriber-mgmt)

Full Context

configure service vprn subscriber-mgmt

configure service ies subscriber-mgmt

Description

Commands in this context configure per service subscriber management parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-mgmt

Syntax

subscriber-mgmt

Context

[Tree] (config subscriber-mgmt)

Full Context

configure subscriber-mgmt

Description

Commands in this context configure subscriber management entities. A subscriber is uniquely identified by a subscriber identification string. Each subscriber can have several DHCP sessions active at any time. Each session is referred to as a subscriber host and is identified by its IP address and MAC address.

All subscriber hosts belonging to the same subscriber are subject to the same hierarchical QoS (HQoS) processing. The HQoS processing is defined in the sub-profile (the subscriber profile). A sub-profile refers to an existing scheduler policy (configured in the config>qos>scheduler-policy context) and offers the possibility to overrule the rate of individual schedulers within this policy.

Because all subscriber hosts use the same scheduler policy instance, they must all reside on the same complex.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-mgmt

Syntax

subscriber-mgmt

Context

[Tree] (config>system>persistence subscriber-mgmt)

Full Context

configure system persistence subscriber-mgmt

Description

This command configures subscriber management persistence parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-mgmt

Syntax

subscriber-mgmt [ipoe] [pppoe]

no subscriber-mgmt

Context

[Tree] (config>redundancy>multi-chassis>peer>sync subscriber-mgmt)

Full Context

configure redundancy multi-chassis peer sync subscriber-mgmt

Description

This command specifies whether subscriber management information should be synchronized with the multi-chassis peer.

Default

no subscriber-mgmt

Parameters

ipoe

Specifies to synchronize IPoE subscribers. The use of the keyword must match on both nodes, otherwise the subscriber synchronization fails.

pppoe

Specifies to synchronize PPPoE subscribers. The use of the keyword must match on both nodes, otherwise the subscriber synchronization fails.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-prefix-length

subscriber-prefix-length

Syntax

subscriber-prefix-length prefix-length

no subscriber-prefix-length

Context

[Tree] (config>service>vprn>nat>inside>dslite subscriber-prefix-length)

Full Context

configure service vprn nat inside dual-stack-lite subscriber-prefix-length

Description

This command configures the IPv6 prefix length of the DS-Lite subscribers.

The no form of this command reverts the default.

Default

subscriber-prefix-length 128

Parameters

prefix-length prefix-length

Specifies the IPv6 prefix length of the DS-Lite subscriber.

Values

32 to 64, 128

Default

128

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-prefix-length

Syntax

subscriber-prefix-length prefix-length

no subscriber-prefix-length

Context

[Tree] (config>router>nat>inside>dual-stack-lite subscriber-prefix-length)

Full Context

configure router nat inside dual-stack-lite subscriber-prefix-length

Description

This command sets the value for the number of high order bits of the source IPv6 address that will be considered as DS-Lite subscriber. The remaining bits of the source IPv6 address will be masked off, effectively aggregation all IPv6 source addresses under the configured prefix length into a single DS-Lite subscriber. Source IPv4 addresses/ports of the traffic carried within the DS-Lite subscriber will be translated into a single outside IPv4 address and the corresponding deterministic port-block (port-blocks can be extended).

The range of values for subscriber-prefix-length in non-deterministic DS-Lite is limited from 32 to 64 (a prefix will be considered as a DS-Lite subscriber) or it can be set to a value of 128 (the source IPv6 address is considered as a DS-Lite subscriber).

In cases where deterministic DS-Lite is enabled in a giver inside routing context, the range of values of the subscriber-prefix-length depends on the value of dslite-max-subscriber-limit parameter as follows:

subscriber-prefix-length – n = [32..64,128]

where n = log2(dslite-max-subscriber-limit)

[or in an alternate form: dslite-max-subscriber-limit = 2^n.]

In other words the largest prefix length for the deterministic DS-Lite subscriber will be 32+n, where n = log2(dslite-max-subscriber-limit). The subscriber prefix length can extend up to 64 bits. Beyond 64 bits for the subscriber prefix length, there only one value is allowed: 128. In the case n must be 0, which means that the mapping between B4 elements (or IPv6 address) and the IPv4 outside addresses is in 1:1 ratio (no sharing of outside IPv4 addresses).

This parameter can be changed only when there are no deterministic prefixes configured in the same routing context.

The no form of the command reverts to the default.

Default

128

Parameters

prefix-length

In non-deterministic DS-Lite this value can be [32..64,128], assuming that the deterministic DS-Lite is not concurrently enabled in the same inside routing context. In case that deterministic DS-Lite is enabled, this value can be within the range [(32+n)..64,128] where n = log2(dslite-max-subscriber-limit). The value of 128 is allowed only when n=0 (each subscriber is mapped to a single outside IPv4 IP address).

Values

32 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-prefix-length

Syntax

subscriber-prefix-length prefix-length

no subscriber-prefix-length

Context

[Tree] (config>service>vprn>nat>inside>nat64 subscriber-prefix-length)

[Tree] (config>router>nat>inside>nat64 subscriber-prefix-length)

Full Context

configure service vprn nat inside nat64 subscriber-prefix-length

configure router nat inside nat64 subscriber-prefix-length

Description

This command specifies the IPv6 address prefix length to be used for the NAT64 subscribers in this virtual router instance.

Default

subscriber-prefix-length128

Parameters

prefix-length

Specifies the subscriber identification for Large Scale NAT.

Values

32 to 64, 128

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-prefixes

subscriber-prefixes

Syntax

subscriber-prefixes

Context

[Tree] (config>service>ies>sub-if>ipv6 subscriber-prefixes)

[Tree] (config>service>vprn>sub-if>ipv6 subscriber-prefixes)

Full Context

configure service ies subscriber-interface ipv6 subscriber-prefixes

configure service vprn subscriber-interface ipv6 subscriber-prefixes

Description

Commands in this context configure aggregate off-link subscriber prefixes associated with this subscriber interface. Individual prefixes are specified under the prefix context list aggregate routes in which the next hop is indirect via the subscriber interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscriber-retention

subscriber-retention

Syntax

subscriber-retention [hrs hours] [min minutes]

no subscriber-retention

Context

[Tree] (config>service>nat>nat-policy>timeouts subscriber-retention)

[Tree] (config>service>nat>up-nat-policy>timeouts subscriber-retention)

Full Context

configure service nat nat-policy timeouts subscriber-retention

configure service nat up-nat-policy timeouts subscriber-retention

Description

This command specifies the subscriber retention timeout, which is the time a NAT subscriber and its associated IP address are kept after all hosts and associated port blocks have expired. If a NAT subscriber host appears before the retention timeout has elapsed, it is given the same outside IP address.

Default

no subscriber-retention

Parameters

hrs hours

Specifies the hours a subscriber’s IP address is kept after all hosts and port blocks have expired.

Values

1 to 24

min minutes

Specifies the minutes a subscriber’s IP address is kept after all hosts and port blocks have expired.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

subscriber-sap-id

subscriber-sap-id

Syntax

[no] subscriber-sap-id

Context

[Tree] (config>service>vprn>if>sap>static-host subscriber-sap-id)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host subscriber-sap-id)

[Tree] (config>service>ies>if>sap>static-host subscriber-sap-id)

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host subscriber-sap-id)

[Tree] (config>service>vpls>sap>static-host subscriber-sap-id)

Full Context

configure service vprn interface sap static-host subscriber-sap-id

configure service ies subscriber-interface group-interface sap static-host subscriber-sap-id

configure service ies interface sap static-host subscriber-sap-id

configure service vprn subscriber-interface group-interface sap static-host subscriber-sap-id

configure service vpls sap static-host subscriber-sap-id

Description

This command enables using the SAP ID as the subscriber ID.

Parameters

subscriber-sap-id

Specifies to use the sap-id as the subscriber-id.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

subscribers

subscribers

Syntax

subscribers {qset-size size | non-shaper-queues}

Context

[Tree] (config>qos>fp-resource-policy>aggregate-shapers>queue-sets>default-size subscribers)

Full Context

configure qos fp-resource-policy aggregate-shapers queue-sets default-size subscribers

Description

This command configures the default queue-set size for subscribers.

Parameters

size

Specifies the size of the queue sets.

Values

2 to 8

non-shaper-queues

Specifies that subscribers will not use hardware aggregate shapers on FPs where the FP resource policy is applied.

Platforms

7750 SR-1, 7750 SR-s

subscription

subscription

Syntax

subscription percentage

no subscription

Context

[Tree] (config>router>rsvp>interface subscription)

Full Context

configure router rsvp interface subscription

Description

This command configures the percentage of the link bandwidth that RSVP can use for reservation and sets a limit for the amount of over-subscription or under-subscription allowed on the interface.

When the subscription is set to zero, no new sessions are permitted on this interface. If the percentage is exceeded, the reservation is rejected and a log message is generated.

The no form of this command reverts the percentage to the default value.

Default

subscription 100

Parameters

percentage

Specifies the percentage of the interface's bandwidth that RSVP allows to be used for reservations.

Values

0 to 1000

Platforms

All

subscription

Syntax

subscription subscription-id cancel

subscription cancel-all

Context

[Tree] (admin>system>telemetry>grpc subscription)

Full Context

admin system telemetry grpc subscription

Description

This command cancels an active telemetry subscription.

Parameters

subscription-id

Specifies the ID of the telemetry subscription to cancel.

Values

0 to 4294967295

Platforms

All

subscription

Syntax

subscription name [create]

no subscription name

Context

[Tree] (config>system>telemetry>persistent-subscriptions subscription)

Full Context

configure system telemetry persistent-subscriptions subscription

Description

Commands in this context configure persistent subscription commands.

The no form of this command removes the configuration.

Parameters

name

Specifies the subscription name, up to 32 characters.

create

Keyword used to create the subscription.

Platforms

All

subtype

subtype

Syntax

[no] subtype tls extension subtype

Context

[Tree] (config>app-assure>group>http-enrich>tls-extension subtype)

Full Context

configure application-assurance group http-enrich tls-extension subtype

Description

This command configures a TLS subtype.

The no form of this command removes the TLS subtype from the configuration.

Parameters

tls extension subtype

Specifies a TLS subtype, up to 32 characters

suggest-internal-objects

suggest-internal-objects

Syntax

[no] suggest-internal-objects

Context

[Tree] (environment suggest-internal-objects)

Full Context

environment suggest-internal-objects

Description

This command enables suggesting of internally created objects while auto completing.

The no form of the command disables the command.

Platforms

All

summaries

summaries

Syntax

[no] summaries

Context

[Tree] (config>service>vprn>ospf>area>nssa summaries)

[Tree] (config>service>vprn>ospf>area>stub summaries)

[Tree] (config>service>vprn>ospf3>area>nssa summaries)

Full Context

configure service vprn ospf area nssa summaries

configure service vprn ospf area stub summaries

configure service vprn ospf3 area nssa summaries

Description

This command enables sending summary (type 3) advertisements into a stub area or Not So Stubby Area (NSSA) on an Area Border Router (ABR). This parameter is particularly useful to reduce the size of the routing and Link State Database (LSDB) tables within the stub or nssa area. By default, summary route advertisements are sent into the stub area or NSSA.

The no form of this command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.

Default

summaries — Summary routes are advertised by the ABR into the stub area or NSSA.

Platforms

All

summaries

Syntax

[no] summaries

Context

[Tree] (config>router>ospf3>area>nssa summaries)

[Tree] (config>router>ospf>area>nssa summaries)

[Tree] (config>router>ospf>area>stub summaries)

[Tree] (config>router>ospf3>area>stub summaries)

Full Context

configure router ospf3 area nssa summaries

configure router ospf area nssa summaries

configure router ospf area stub summaries

configure router ospf3 area stub summaries

Description

This command enables sending summary (type 3) advertisements into a stub area or Not So Stubby Area (NSSA) on an Area Border Router (ABR).

This parameter is particularly useful to reduce the size of the routing and Link State Database (LSDB) tables within the stub or NSSA area (default: summary).

By default, summary route advertisements are sent into the stub area or NSSA.

The no form of this command disables sending summary route advertisements and, for stub areas; only the default route is advertised by the ABR.

Default

summaries

Platforms

All

summary

summary

Syntax

summary

Context

[Tree] (config>filter>log summary)

Full Context

configure filter log summary

Description

Commands in this context configure log summarization. These settings will only be taken into account when syslog is the log destination.

Platforms

All

summary

Syntax

summary [ip-address]

no summary

Context

[Tree] (debug>router>isis summary)

Full Context

debug router isis summary

Description

This command enables debugging for ISIS summary addresses.

The no form of the command disables the debugging.

Parameters

ip-address

When specified, only packets with the specified address are debugged.

Platforms

All

summary-address

summary-address

Syntax

summary-address {ip-prefix/mask | ip-prefix [netmask]} [level] [ tag tag]

no summary-address {ip-prefix/mask | ip-prefix [netmask]}

Context

[Tree] (config>service>vprn>isis summary-address)

Full Context

configure service vprn isis summary-address

Description

This command creates summary-addresses for the specified router or VPRN instance.

Parameters

ip-prefix/mask

Specifies information for the specified IP prefix and mask length.

Values

ip-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

netmask

The subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

level

Specifies IS-IS level area attributes. If no level parameter is specified, the default is level-1/2.

Values

level-1, level-2, level-1/2

tag tag

Assigns a route tag to the summary address.

Values

1 to 4294967295

Platforms

All

summary-address

Syntax

summary-address {ip-prefix/ip-prefix-length | ip-prefix netmask} [level] [tag tag] [algorithm algo-id]

no summary-address {ip-prefix/ip-prefix-length | ip-prefix netmask}

Context

[Tree] (config>router>isis summary-address)

Full Context

configure router isis summary-address

Description

This command creates summary-addresses.

Default

no summary-address

Parameters

ip-prefix/ip-prefix-length

Specifies the IP prefix and prefix length of the summary address.

Values

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

netmask

Specifies the subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

level

Specifies IS-IS level area attributes. If no level parameter is specified, the default is level-1/2.

Values

level-1, level-2, level-1/2

tag

Assigns a route tag to the summary address.

Values

1 to 4294967295

algo-id

Specifies the algorithm topology applied for the summary address. If no algo-id parameter is specified, the default is 0.

Values

0, 128 to 255

Platforms

All

summary-crit

summary-crit

Syntax

summary-crit dst-addr

summary-crit src-addr

no summary-crit

Context

[Tree] (config>filter>log>summary summary-crit)

Full Context

configure filter log summary summary-crit

Description

This command defines the key of the index of the mini-table. If key information is changed while summary is administratively enabled (no shutdown), the filter summary mini-table is flushed and recreated with different key information. Log packets received during the reconfiguration time will be handled as if summary was not active.

The no form of the command reverts to the default parameter.

Default

summary-crit src-addr

Parameters

dst-addr

Specifies that received log packets are summarized based on the destination IPv4, IPv6, or MAC address.

src-addr

Specifies that received log packets are summarized based on the source IPv4, IPv6 or MAC address.

Platforms

All

super-backbone

super-backbone

Syntax

[no] super-backbone

Context

[Tree] (config>service>vprn>ospf super-backbone)

Full Context

configure service vprn ospf super-backbone

Description

This command specifies whether CE-PE functionality is required or not. The OSPF super backbone indicates the type of the LSA generated as a result of routes redistributed into OSPF. When enabled, the redistributed routes are injected as summary, external or NSSA LSAs. When disabled, the redistributed routes are injected as either external or NSSA LSAs only.

Default

no super-backbone

Platforms

All

supplicant-timeout

supplicant-timeout

Syntax

supplicant-timeout seconds

no supplicant-timeout

Context

[Tree] (config>port>ethernet>dot1x supplicant-timeout)

Full Context

configure port ethernet dot1x supplicant-timeout

Description

This command configures the period during which the router waits for a client to respond to its EAPOL messages. When the supplicant-timeout expires, the 802.1x authentication session is considered to have failed.

The no form of this command returns the value to the default.

Default

supplicant-timeout 30

Parameters

seconds

Specifies the server timeout period in seconds.

Values

1 to 300

Platforms

All

supported-features

supported-features

Syntax

[no] supported-features

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp supported-features)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp supported-features

Description

This command includes the supported-features in CCR messages.

The no form of this command resets the command to the default setting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

suppress

suppress

Syntax

suppress integer

no suppress

Context

[Tree] (config>router>policy-options>damping suppress)

Full Context

configure router policy-options damping suppress

Description

This command configures the suppression parameter for the route policy damping profile.

A route is suppressed when it has flapped frequently enough to increase the Figure of Merit (FoM) value to exceed the suppress threshold limit. When the FoM value exceeds the suppress threshold limit, the route is removed from the route table or inclusion in advertisements.

The no form of this command removes the suppress parameter from the damping profile.

Default

no suppress

Parameters

integer

Specifies the suppress value expressed as a decimal integer.

Values

1 to 20000

Platforms

All

suppress-attached-bit

suppress-attached-bit

Syntax

[no] suppress-attached-bit

Context

[Tree] (config>service>vprn>isis suppress-attached-bit)

Full Context

configure service vprn isis suppress-attached-bit

Description

This command configures IS-IS to suppress setting the attached bit on originated Level 1 LSPs to prevent all L1 routers in the area from installing a default route to it.

Platforms

All

suppress-attached-bit

Syntax

[no] suppress-attached-bit

Context

[Tree] (config>router>isis suppress-attached-bit)

Full Context

configure router isis suppress-attached-bit

Description

This command configures IS-IS to suppress setting the attached bit on originated Level 1 LSPs to prevent all L1 routers in the area from installing a default route to it.

Default

no suppress-attached-bit

Platforms

All

suppress-dn-bit

suppress-dn-bit

Syntax

[no] suppress-dn-bit

Context

[Tree] (config>service>vprn>ospf3 suppress-dn-bit)

[Tree] (config>service>vprn>ospf suppress-dn-bit)

Full Context

configure service vprn ospf3 suppress-dn-bit

configure service vprn ospf suppress-dn-bit

Description

This command specifies whether to suppress the setting of the DN bit for OSPF LSA packets generated by this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets generated by this instance of the OSPF router will not be set. When disabled, this instance of the OSPF router will follow the normal procedure to determine whether to set the DN bit.

Default

no suppress-dn-bit

Platforms

All

suppress-lo-alarm

suppress-lo-alarm

Syntax

[no] suppress-lo-alarm

Context

[Tree] (config>port>sonet-sdh suppress-lo-alarm)

Full Context

configure port sonet-sdh suppress-lo-alarm

Description

This command enables the suppression of lower order alarms on SONET/SDH port such as MLPPP bundle alarms, DS1/E1 links alarms and 336 APS channel groups alarms.

The no form of this command disables the suppression of lower order alarms on SONET/SDH port.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

suppress-lsn-events

suppress-lsn-events

Syntax

[no] suppress-lsn-events

Context

[Tree] (configure>isa>wlan-gw-group>nat suppress-lsn-events)

Full Context

configure isa wlan-gw-group nat suppress-lsn-events

Description

This command suppresses the generation of Large Scale NAT (LSN) events when RADIUS accounting is enabled.

By default, only one logging facility for tracking subscribers in LSN44, DS-Lite, and NAT64 can be enabled at the time, either the SR OS event logging facility or the RADIUS logging facility. Note that SR OS event logs can be sent to multiple destinations, such as the console session, a telnet or SSH session, memory logs, file destinations, SNMP trap groups, and syslog destinations.

If RADIUS logging is enabled, the NAT logs are sent to the RADIUS destination and the NAT logs are suppressed in the SR OS event logging facility, for example, NAT logs are not sent to the syslog server.

If RADIUS logging is disabled, the NAT logs are sent to the SR OS event logging facility, for example, syslog, assuming that the events are enabled via the SR OS event-control (config> log>event-control nat event generate).

The no form of this command, the NAT logs can be sent to both logging facilities simultaneously, the SR OS event logging facility and RADIUS logging facility.

Default

suppress-lsn-events

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

suppress-lsn-events

Syntax

[no] suppress-lsn-events

Context

[Tree] (config>isa>nat-group suppress-lsn-events)

Full Context

configure isa nat-group suppress-lsn-events

Description

This command suppresses the generation of Large Scale NAT (LSN) events when RADIUS accounting is enabled.

By default, only one logging facility for tracking subscribers in LSN44, DS-Lite, and NAT64 can be enabled at the time: either the SR OS event logging facility or the RADIUS logging facility. SR OS event logs can be sent to multiple destinations, such as the console session, a telnet or SSH session, memory logs, file destinations, SNMP trap groups, and syslog destinations.

If RADIUS logging is enabled, the NAT logs are sent to the RADIUS destination and the NAT logs are suppressed in the SR OS event logging facility, for example, NAT logs are not sent to the syslog server.

If RADIUS logging is disabled, the NAT logs are sent to the SR OS event logging facility; for example, syslog, assuming that the events are enabled via the event-control command (config> log>event-control nat event generate).

By explicitly disabling this command (no suppress-lsn-events), the NAT logs can be sent to both logging facilities simultaneously, the SR OS event logging facility, and the RADIUS logging facility.

Default

suppress-lsn-events

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

suppress-lsn-sub-blks-free

suppress-lsn-sub-blks-free

Syntax

[no] suppress-lsn-sub-blks-free

Context

[Tree] (configure>isa>wlan-gw-group>nat suppress-lsn-sub-blks-free)

Full Context

configure isa wlan-gw-group nat suppress-lsn-sub-blks-free

Description

This command suppresses the tmnxNatLsnSubBlksFree summary notification and use the tmnxNatPlBlockAllocationLsn notifications. When the SR OS node is in a state of excessive logging, the queue associated with the transmission of logs on the MS-ISA can become congested. This event further delays the generation of logs, and with this, further allocations and deallocations of NAT resources (port-blocks) is stalled until the queue is relieved of congestion. For example, an excessive logging state in the system can be caused by issuing a command to clear a large number of NAT subscribers where a large number of resources (port-blocks) are released at once.

The suppress-lsn-sub-blks-free command enables the generation of individual logs carried in event-id 2012 for every released port block regardless of the state of the transmission queue (whether congested or not). If NAT subscribers have a large number of allocated port blocks (this could be hundreds of port blocks per subscriber), generating individual logs per port-block release contributes to the congestion.

To alleviate transmission queue congestion, this behavior can be changed by disabling this command (no suppress-lsn-sub-blks-free). This causes the suppression of logs related to the release of individual port blocks of a NAT subscriber when the transmission queue is congested. As a result, only a summarized release log via event-id 2021 for the subscriber is generated. The purpose of this new log is to inform the operator in a single message that all ports blocks for the subscriber are released. For example, the log message for LSN is "LSN subscriber all blocks freed”. The benefit of such summarization (or log aggregation) is to alleviate the congestion of the transmission queue and consequently accelerate resource releases. An effect is the decreased granularity of information.

If summarization is enabled (no suppress-lsn-sub-blks-free) while there is no logging congestion in the system, the port block releases continue to be logged individually via the event-id 2012 (assuming that this is enabled in the event control), except for the last port block of the subscriber. When the last port block is released, the log with event-id 2021 is generated indicating that all port blocks for the subscriber are now released without carrying the specific information about this last port block that is released.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

suppress-lsn-sub-blks-free

Syntax

[no] suppress-lsn-sub-blks-free

Context

[Tree] (config>isa>nat-group suppress-lsn-sub-blks-free)

Full Context

configure isa nat-group suppress-lsn-sub-blks-free

Description

This command suppresses the tmnxNatLsnSubBlksFree summary notification and use the tmnxNatPlBlockAllocationLsn notifications. When the SR OS node is in a state of excessive logging, the queue associated with the transmission of logs on the MS-ISA can become congested. This event further delays the generation of logs, and with this, further allocations and deallocations of NAT resources (port-blocks) will be stalled until the queue is relieved of congestion. For example, an excessive logging state in the system can be caused by issuing a command to clear a large number of NAT subscribers where a large number of resources (port-blocks) are released at once.

The suppress-lsn-sub-blks-free command enables the generation of individual logs carried in event-id 2012 for every released port block regardless of the state of the transmission queue (whether congested or not). If NAT subscribers have a large number of allocated port blocks (this could be hundreds of port blocks per subscriber), generating individual logs per port-block release contributes to the congestion.

To alleviate transmission queue congestion, this behavior can be changed by disabling this command (no suppress-lsn-sub-blks-free). This causes the suppression of logs related to the release of individual port blocks of a NAT subscriber when the transmission queue is congested. As a result, only a summarized release log via event-id 2021 for the subscriber is generated. The purpose of this new log is to inform the operator in a single message that all ports blocks for the subscriber are released. For example, the log message for LSN will be "LSN subscriber all blocks freed”. The benefit of such summarization (or log aggregation) is to alleviate the congestion of the transmission queue and consequently accelerate resource releases. An effect is the decreased granularity of information.

If summarization is enabled (no suppress-lsn-sub-blks-free) while there is no logging congestion in the system, the port block releases continue to be logged individually via the event-id 2012 (assuming that this is enabled in the event control), except for the last port block of the subscriber. When the last port block is released, the log with event-id 2021 is generated indicating that all port blocks for the subscriber are now released without carrying the specific information about this last port block that is released.

Default

no suppress-lsn-sub-blks-free

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

suppress-standby-signaling

suppress-standby-signaling

Syntax

[no] suppress-standby-signaling

Context

[Tree] (config>service>vpls>endpoint suppress-standby-signaling)

Full Context

configure service vpls endpoint suppress-standby-signaling

Description

When this command is enabled, the pseudowire standby bit (value 0x00000020) will not be sent to T-LDP peer when the specified spoke is selected as a standby. This allows faster switchover as the traffic will be sent over this SDP and discarded at the blocking side of the connection. This is particularly applicable to multicast traffic.

Default

suppress-standby-signaling

Platforms

All

suppress-threshold

suppress-threshold

Syntax

suppress-threshold suppress-penalties reuse-threshold reuse-penalties

Context

[Tree] (config>port>ethernet>dampening suppress-threshold)

Full Context

configure port ethernet dampening suppress-threshold

Description

This command configures the penalties thresholds at which the port state events to the upper layer are dampened (suppress threshold) and then permitted (reuse threshold).

Parameters

suppress-penalties

Specifies the threshold at which the port up state is suppressed until the accumulated penalties drop below the reuse threshold again.

Values

1 to 20000

Default

2000

reuse-penalties

Specifies the threshold at which the port up state is no longer suppressed, after the port has been in a suppressed state and the accumulated penalties decay drops below this threshold. The reuse threshold value must be less than the suppress threshold value.

Values

1 to 20000

Default

1000

Platforms

All

svc-id

svc-id

Syntax

svc-id service-id

no svc-id

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match svc-id)

Full Context

configure system security management-access-filter mac-filter entry match svc-id

Description

This command specifies an existing svc-id to use as a match condition.

Parameters

service-id

Specifies a service-id to match.

Values

service-id: 1 to 2147483647svc-name: 64 characters maximum

Platforms

All

svc-path

svc-path

Syntax

svc-path path-id svc-index service-index

no svc-path

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry>action>insert-nsh svc-path)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry action insert-nsh svc-path

Description

This command configures the service path identifier and service index to be inserted in NSH in the steered traffic if the forward action indicates NSH insertion.

The no form of this command removes the parameters from the configuration.

Parameters

path-id

Specifies the 24-bit path ID in the base part of NSH.

Values

0 to 16777215

service-index

Specifies the 8-bit service index inserted in the base part of NSH.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

svc-ping

svc-ping

Syntax

svc-ping ip-address [ service service-id] [local-sdp] [ remote-sdp]

Context

[Tree] (oam svc-ping)

Full Context

oam svc-ping

Description

This command tests a service ID for correct and consistent provisioning between two service end points.

The svc-ping command accepts a far-end IP address and a service ID for local and remote service testing. The following information can be determined from svc-ping:

Local and remote service existence

  • Local and remote service state

  • Local and remote service type correlation

  • Local and remote customer association

  • Local and remote service-to-SDP bindings and state

  • Local and remote ingress and egress service label association

Unlike sdp-ping, only a single message is sent per command; no count nor interval parameter is supported and round trip time is not calculated. A time out value of 10 seconds is used before failing the request. The forwarding class is assumed to be Best-Effort Out-of-Profile.

If no request is sent or a reply is not received, all remote information is shown as N/A.

To terminate a svc-ping in progress, use the CLI break sequence <Ctrl-C>.

Upon request time out, message response, request termination, or request error the following local and remote information is displayed. See Svc-ping. Local and remote information is dependent upon service existence and reception of reply.

Table 58. Svc-ping

Field

Description

Values

Request Result

The result of the svc-ping request message.

Sent - Request Timeout

Sent - Request Terminated

Sent - Reply Received

Not Sent - Non-Existent Service-ID

Not Sent - Non-Existent SDP for Service

Not Sent - SDP For Service Down

Not Sent - Non-existent Service Egress Label

Service-ID

The ID of the service being tested.

service-id

Local Service Type

The type of service being tested. If service-id does not exist locally, N/A is displayed.

Epipe, Ipipe, Fpipe, Apipe

TLS

IES

Mirror-Dest

Local Service Admin State

The local administrative state of service-id. If the service does not exist locally, the administrative state is Non-Existent.

Admin-Up

Admin-Down

Non-Existent

Local Service Oper State

The local operational state of service-id. If the service does not exist locally, the state is N/A.

Oper-Up

Oper-Down

Remote Service Type

The remote type of service being tested. If service-id does not exist remotely, N/A is displayed.

Epipe, Ipipe, Fpipe, Apipe

TLS

IES

Mirror-Dest

Remote Service Admin State

The remote administrative state of service-id. If the service does not exist remotely, the administrative state is Non-Existent.

Up

Down

Non-Existent

Local Service MTU

The local service-mtu for service-id. If the service does not exist, N/A is displayed.

service-mtu

Remote Service MTU

The remote service-mtu for service-id. If the service does not exist remotely, N/A is displayed.

remote-service-mtu

Local Customer ID

The local customer-id associated with service-id. If the service does not exist locally, N/A is displayed.

customer-id

Remote Customer ID

The remote customer-id associated with service-id. If the service does not exist remotely, N/A is displayed.

customer-id

Local Service IP Address

The local system IP address used to terminate remotely configured SDP-ID (as the far-end address). If an IP interface has not been configured to be the system IP address, N/A is displayed.

system-ip-address

Local Service IP Interface Name

The name of the local system IP interface. If the local system IP interface has not been created, N/A is displayed.

system-interface-name

Local Service IP Interface State

The state of the local system IP interface. If the local system IP interface has not been created, Non-Existent is displayed.

Up

Down

Non-Existent

Expected Far-end Address

The expected IP address for the remote system IP interface. This must be the far-end address entered for the svc-ping command.

orig-sdp-far-end-addr

dest-ip-addr

Actual Far-end Address

The returned remote IP address. If a response is not received, the displayed value is N/A. If the far-end service IP interface is down or non-existent, a message reply is not expected. sdp-ping should also fail.

resp-ip-addr

Responders Expected Far-end Address

The expected source of the originator’s sdp-id from the perspective of the remote router terminating the sdp-id. If the far-end cannot detect the expected source of the ingress sdp-id or the request is transmitted outside the sdp-id, N/A is displayed.

resp-rec-tunnel-far-end-address

Originating SDP-ID

The sdp-id used to reach the far-end IP address if sdp-path is defined. The originating sdp-id must be bound to the service-id and terminate on the far-end IP address. If an appropriate originating sdp-id is not found, Non-Existent is displayed.

orig-sdp-id

Non-Existent

Originating SDP-ID Path Used

Whether the Originating router used the originating sdp-id to send the svc-ping request. If a valid originating sdp-id is found, operational and has a valid egress service label, the originating router should use the sdp-id as the requesting path if sdp-path has been defined. If the originating router uses the originating sdp-id as the request path, Yes is displayed. If the originating router does not use the originating sdp-id as the request path, No is displayed. If the originating sdp-id is non-existent, N/A is displayed.

Yes

No

Originating SDP-ID Administrative State

The local administrative state of the originating sdp-id. If the sdp-id has been shutdown, Admin-Down is displayed. If the originating sdp-id is in the no shutdown state, Admin-Up is displayed. If an originating sdp-id is not found, N/A is displayed.

Admin-Up

Admin-Up

Originating SDP-ID Operating State

The local operational state of the originating sdp-id. If an originating sdp-id is not found, N/A is displayed.

Oper-Up

Oper-Down

Originating SDP-ID Binding Admin State

The local administrative state of the originating sdp-ids binding to service-id. If an sdp-id is not bound to the service, N/A is displayed.

Admin-Up

Admin-Up

Originating SDP-ID Binding Oper State

The local operational state of the originating sdp-ids binding to service-id. If an sdp-id is not bound to the service, N/A is displayed.

Oper-Up

Oper-Down

Responding SDP-ID

The sdp-id used by the far end to respond to the svc-ping request. If the request was received without the sdp-path parameter, the responding router does not use an sdp-id as the return path, but the appropriate responding sdp-id is displayed. If a valid sdp-id return path is not found to the originating router that is bound to the service-id, Non-Existent is displayed.

resp-sdp-id

Non-Existent

Responding SDP-ID Path Used

Whether the responding router used the responding sdp-id to respond to the svc-ping request. If the request was received via the originating sdp-id and a valid return sdp-id is found, operational and has a valid egress service label, the far-end router should use the sdp-id as the return sdp-id. If the far end uses the responding sdp-id as the return path, Yes is displayed. If the far end does not use the responding sdp-id as the return path, No is displayed. If the responding sdp-id is non-existent, N/A is displayed.

Yes

No

Responding SDP-ID Administrative State

The administrative state of the far-end sdp-id associated with the return path for service-id. When a return path is administratively down, Admin-Down is displayed. If the return sdp-id is administratively up, Admin-Up is displayed. If the responding sdp-id is non-existent, N/A is displayed.

Admin-Up

Admin-Up

N/A

Responding SDP-ID Operational State

The operational state of the far-end sdp-id associated with the return path for service-id. When a return path is operationally down, Oper-Down is displayed. If the return sdp-id is operationally up, Oper-Up is displayed. If the responding sdp-id is non-existent, N/A is displayed.

Oper-Up

Oper-Down

Responding SDP-ID Binding Admin State

The local administrative state of the responder’s sdp-id binding to service-id. If an sdp-id is not bound to the service, N/A is displayed.

Admin-Up

Admin-Down

Responding SDP-ID Binding Oper State

The local operational state of the responder’s sdp-id binding to service-id. If an sdp-id is not bound to the service, N/A is displayed.

Oper-Up

Oper-Down

Originating VC-ID

The originator’s VC-ID associated with the sdp-id to the far-end address that is bound to service-id. If the sdp-id signaling is off, originator-vc-id is 0. If the originator-vc-id does not exist, N/A is displayed.

originator-vc-id

Responding VC-ID

The responder’s VC-ID associated with the sdp-id to originator-id that is bound to service-id. If the sdp-id signaling is off or the service binding to sdp-id does not exist, responder-vc-id is 0. If a response is not received, N/A is displayed.

responder-vc-id

Originating Egress Service Label

The originating service label (VC-Label) associated with the service-id for the originating sdp-id. If service-id does not exist locally, N/A is displayed. If service-id exists, but the egress service label has not been assigned, Non-Existent is displayed.

egress-vc-label

Non-Existent

Originating Egress Service Label Source

The originating egress service label source. If the displayed egress service label is manually defined, Manual is displayed. If the egress service label is dynamically signaled, Signaled is displayed. If the service-id does not exist or the egress service label is non-existent, N/A is displayed.

Manual

Signaled

Originating Egress Service Label State

The originating egress service label state. If the originating router considers the displayed egress service label operational, Up is displayed. If the originating router considers the egress service label inoperative, Down is displayed. If the service-id does not exist or the egress service label is non-existent, N/A is displayed.

Up

Down

Responding Service Label

The actual responding service label in use by the far-end router for this service-id to the originating router. If service-id does not exist in the remote router, N/A is displayed. If service-id does exist remotely but the remote egress service label has not been assigned, Non-Existent is displayed.

rec-vc-label

Non-Existent

Responding Egress Service Label Source

The responder’s egress service label source. If the responder’s egress service label is manually defined, Manual is displayed. If the responder’s egress service label is dynamically signaled, Signaled is displayed. If the service-id does not exist on the responder or the responder’s egress service label is non-existent, N/A is displayed.

Manual

Signaled

Responding Service Label State

The responding egress service label state. If the responding router considers its egress service label operational, Up is displayed. If the responding router considers its egress service label inoperative, Down is displayed. If the service-id does not exist or the responder’s egress service label is non-existent, N/A is displayed.

Up

Down

Expected Ingress Service Label

The locally assigned ingress service label. This is the service label that the far-end is expected to use for service-id when sending to the originating router. If service-id does not exist locally, N/A is displayed. If service-id exists but an ingress service label has not been assigned, Non-Existent is displayed.

ingress-vc-label

Non-Existent

Expected Ingress Label Source

The originator’s ingress service label source. If the originator’s ingress service label is manually defined, Manual is displayed. If the originator’s ingress service label is dynamically signaled, Signaled is displayed. If the service-id does not exist on the originator or the originators ingress service label has not been assigned, N/A is displayed.

Manual

Signaled

Expected Ingress Service Label State

The originator’s ingress service label state. If the originating router considers its ingress service label operational, Up is displayed. If the originating router considers its ingress service label inoperative, Down is displayed. If the service-id does not exist locally, N/A is displayed.

Up

Down

Responders Ingress Service Label

The assigned ingress service label on the remote router. This is the service label that the far end is expecting to receive for service-id when sending to the originating router. If service-id does not exist in the remote router, N/A is displayed. If service-id exists, but an ingress service label has not been assigned in the remote router, Non-Existent is displayed.

resp-ingress-vc-label

Non-Existent

Responders Ingress Label Source

The assigned ingress service label source on the remote router. If the ingress service label is manually defined on the remote router, Manual is displayed. If the ingress service label is dynamically signaled on the remote router, Signaled is displayed. If the service-id does not exist on the remote router, N/A is displayed.

Manual

Signaled

Responders Ingress Service Label State

The assigned ingress service label state on the remote router. If the remote router considers its ingress service label operational, Up is displayed. If the remote router considers its ingress service label inoperative, Down is displayed. If the service-id does not exist on the remote router or the ingress service label has not been assigned on the remote router, N/A is displayed.

Up

Down

Parameters

ip-address

Specifies the far-end IP address to which to send the svc-ping request message in dotted decimal notation.

Values

a.b.c.d

service-id

Specifies the service ID of the service being tested must be indicated with this parameter. The service ID need not exist on the local router to receive a reply message.

Values

1 to 2147483647, service-name: up to 64 characters

local-sdp

Specifies the svc-ping request message should be sent using the same service tunnel encapsulation labeling as service traffic. If local-sdp is specified, the command attempts to use an egress sdp-id bound to the service with the specified far-end IP address with the VC-Label for the service. The far-end address of the specified sdp-id is the expected responder-id within the reply received. The sdp-id defines the encapsulation of the SDP tunnel encapsulation used to reach the far end; this can be IP/GRE or MPLS. On originator egress, the service-ID must have an associated VC-Label to reach the far-end address of the sdp-id and the sdp-id must be operational for the message to be sent.

If local-sdp is not specified, the svc-ping request message is sent with GRE encapsulation with the OAM label.

Message Encapsulation indicates whether a message is sent and how the message is encapsulated based on the state of the service ID.

Table 59. Message Encapsulation

Local Service State

local-sdp Not Specified

local-sdp Specified

Message Sent

Message Encapsulation

Message Sent

Message Encapsulation

Invalid Local Service

Yes

Generic IP/GRE OAM (PLP)

No

None

No Valid SDP-ID Bound

Yes

Generic IP/GRE OAM (PLP)

No

None

SDP-ID Valid But Down

Yes

Generic IP/GRE OAM (PLP)

No

None

SDP-ID Valid and Up, But No Service Label

Yes

Generic IP/GRE OAM (PLP)

No

None

SDP-ID Valid, Up and Egress Service Label

Yes

Generic IP/GRE OAM (PLP)

Yes

SDP Encapsulation with Egress Service Label (SLP)

remote-sdp

Specifies svc-ping reply message from the far-end should be sent using the same service tunnel encapsulation labeling as service traffic.

If remote-sdp is specified, the far-end responder attempts to use an egress sdp-id bound to the service with the message originator as the destination IP address with the VC-Label for the service. The sdp-id defines the encapsulation of the SDP tunnel encapsulation used to reply to the originator; this can be IP/GRE or MPLS. On responder egress, the service-ID must have an associated VC-Label to reach the originator address of the sdp-id and the sdp-id must be operational for the message to be sent.

If remote-sdp is not specified, the svc-ping request message is sent with GRE encapsulation with the OAM label.

Message Response Encapsulation indicates how the message response is encapsulated based on the state of the remote service ID.

Table 60. Message Response Encapsulation

Remote Service State

Message Encapsulation

remote-sdp

Not Specified

remote-sdp

Specified

Invalid Ingress Service Label

Generic IP/GRE OAM (PLP)

Generic IP/GRE OAM (PLP)

Invalid Service-ID

Generic IP/GRE OAM (PLP)

Generic IP/GRE OAM (PLP)

No Valid SDP-ID Bound on Service-ID

Generic IP/GRE OAM (PLP)

Generic IP/GRE OAM (PLP)

SDP-ID Valid But Down

Generic IP/GRE OAM (PLP)

Generic IP/GRE OAM (PLP)

SDP-ID Valid and Up, but No Service Label

Generic IP/GRE OAM (PLP)

Generic IP/GRE OAM (PLP)

SDP-ID Valid and Up, Egress Service Label, but VC-ID Mismatch

Generic IP/GRE OAM (PLP)

Generic IP/GRE OAM (PLP)

SDP-ID Valid and Up, Egress Service Label, but VC-ID Match

Generic IP/GRE OAM (PLP)

SDP Encapsulation with Egress Service Label (SLP)

Platforms

All

Output

Output Example
*A:router1> svc-ping far-end 10.10.10.10 service 101 local-sdp remote-sdp
Request Result: Sent – Reply Received

Service-ID: 101

Err       Basic Info              Local     Remote
---       -----------------       ------    ------
__        Type:                   TLS       TLS
__        Admin State:            Up        Up
__        Oper State:             Up        Up
__        Service-MTU:            1514      1514
__        Customer ID:            1001      1001

Err       System IP Interface Info
---       -------------------------------------------------------------
Local Interface Name: "7750 SR-System-IP-Interface (Up to 32 chars)…”
__        Local IP Interface State:         Up
__        Local IP Address:                 10.10.10.11
__        IP Address Expected By Remote:    10.10.10.11
__        Expected Remote IP Address:       10.10.10.10
__        Actual Remote IP Address:         10.10.10.10

Err       SDP-ID Info             Local     Remote
---       -----------------       ------    ------
__        Path Used:              Yes       Yes
__        SDP-ID:                 123       325
__        Administrative State:   Up        Up
__        Operative State:        Up        Up
__        Binding Admin State:    Up        Up
__        Binding Oper State:     Up        Up
__        Binding VC-ID:          101       101

Err       Service Label Information   Label     Source        State
---       -------------------------   -----     -----------   -----
__        Local Egress Label:         45        Signaled      Up
__        Remote Expected Ingress:    45        Signaled      Up
__        Remote Egress:              34        Signaled      Up
__        Local Expected Ingress:     34        Signaled      Up

svlan-statistics

svlan-statistics

Syntax

svlan-statistics

Context

[Tree] (config>subscr-mgmt svlan-statistics)

Full Context

configure subscriber-mgmt svlan-statistics

Description

Commands in this context enable subscriber VLAN statistics collection.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

swap

swap

Syntax

swap {out-label | implicit-null-label} nexthop ip-address

no swap

Context

[Tree] (config>router>mpls>if>label-map swap)

Full Context

configure router mpls interface label-map swap

Description

This command swaps the incoming label and specifies the outgoing label and next hop IP address on an LSR for a static LSP.

The no form of this command removes the swap action associated with the in-label.

Parameters

implicit-null-label

Specifies the use of the implicit label value for the outgoing label of the swap operation.

out-label

Specifies the label value to be swapped with the in-label. Label values 16 through 1,048,575 are defined as follows:

  • label values 16 through 31 are reserved

  • label values 32 through 1,023 are available for static assignment

  • label values 1,024 through 2,047 are reserved for future use

  • label values 2,048 through 18,431 are statically assigned for services

  • label values 28,672 through 131,071 are dynamically assigned for both MPLS and services

  • label values 131,072 through 1,048,575 are reserved for future use

Values

16 to 1048575

nexthop ip-address

Specifies the IP address to forward to. If an ARP entry for the next hop exists, then the static LSP will be marked operational. If ARP entry does not exist, software will set the operational status of the static LSP to down and continue to ARP for the configured nexthop. Software will continuously try to ARP for the configured nexthop at a fixed interval.

Platforms

All

sweep

sweep

Syntax

sweep start dispersion-start end dispersion-end

Context

[Tree] (config>port>dwdm>coherent sweep)

Full Context

configure port dwdm coherent sweep

Description

This command allows users to configure the dispersion sweep 'start’ and 'end’ values for the automatic mode of coherent control. If the user knows the approximate or theoretical residual dispersion of the link, this command can be used to limit the range of sweeping for the automatic control mode and thus achieve faster link up.

Parameters

dispersion-start

Specifies the lower range limit for the dispersion compensation.

Values

-50000 to 50000

Default

-25500

dispersion-end

Specifies the upper range limit for the dispersion compensation.

Values

-50000 to 50000

Default

2000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

switch-defined-cookie

switch-defined-cookie

Syntax

[no] switch-defined-cookie

Context

[Tree] (config>open-flow>of-switch>flowtable switch-defined-cookie)

Full Context

configure open-flow of-switch flowtable switch-defined-cookie

Description

This command enables OpenFlow switch-defined Flow Table cookie encoding for flowtable 0 that allows multi-service operation.

The no form of the command disables the above function.

Default

no switch-defined-cookie

Platforms

All

switch-fabric

switch-fabric

Syntax

switch-fabric

Context

[Tree] (config>system switch-fabric)

Full Context

configure system switch-fabric

Description

Commands in this context configure switch fabric parameters.

Platforms

7450 ESS, 7750 SR-7, 7750 SR-12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

switching-mode

switching-mode

Syntax

switching-mode {bi-directional | uni-directional}

Context

[Tree] (config>port>aps switching-mode)

Full Context

configure port aps switching-mode

Description

This command configures the switching mode for the APS group.

Parameters

bi-directional

Configures the group to operate in Bidirectional 1+1 Signaling APS mode.

uni-directional

Configures the group to operate in Unidirectional 1+1 Signaling APS mode.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

switchover-exec

switchover-exec

Syntax

switchover-exec file-url

no switchover-exec

Context

[Tree] (config>system switchover-exec)

Full Context

configure system switchover-exec

Description

This command specifies the location and name of the CLI script file executed following a redundancy switchover from the previously active CPM card. A switchover can happen because of a fatal failure or by manual action.

The CLI script file can contain commands for environment settings, classic CLI debug configuration (excluding mirroring settings), and other commands not maintained by the configuration redundancy.

The following commands are not supported in the switchover-exec file: clear, configure, candidate, oam, tools, oam, ping, traceroute, mstat, mtrace and mrinfo.

Default

no switch-over-exec

Parameters

file-url

Specifies the location and name of the CLI script file.

Values

local-url | remote-url

local-url

[cflash-id/][file-path] 200 chars max, including cflash-id

directory length 99 chars max each

remote-url

[{ftp:// | tftp://}login:pswd@remote-locn/][file-path]

243 chars max

directory length 99 chars max each

remote-locn

[hostname | ipv4-address | ipv6-address]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - 32 chars max, for link local addresses

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

symbol-monitor

symbol-monitor

Syntax

symbol-monitor

Context

[Tree] (config>port>ethernet symbol-monitor)

Full Context

configure port ethernet symbol-monitor

Description

This command configures Ethernet Symbol Monitoring parameters. Support for symbol monitoring is hardware dependent. An error message indicating that the port setting cannot be modified will be presented when attempting to enable the feature or configure the individual parameters on unsupported hardware.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sync

sync

Syntax

[no] sync

Context

[Tree] (config>redundancy>multi-chassis>peer sync)

Full Context

configure redundancy multi-chassis peer sync

Description

Commands in this context configure synchronization parameters.

Default

no sync

Platforms

All

sync

Syntax

[no] sync

Context

[Tree] (config>isa>nat-group>inter-chassis-redundancy sync)

Full Context

configure isa nat-group inter-chassis-redundancy sync

Description

This command configures synchronization of NAT flows between the nodes.

The no form of this command disables synchronization of NAT flows that were enabled between the ISAs or ESAs across the nodes. This allows NAT reconfiguration on both nodes. The synchronization of flows must be disabled on both nodes, active and standby, while NAT configuration changes are performed. The active NAT node continues to forward traffic while flow synchronization is disabled.

Default

no sync

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

sync-boot-env

sync-boot-env

Syntax

sync-boot-env

Context

[Tree] (admin>satellite>eth-sat sync-boot-env)

Full Context

admin satellite eth-sat sync-boot-env

Description

The command forces the specified Ethernet-satellite chassis to synchronize the boot image.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sync-e

sync-e

Syntax

[no] sync-e

Context

[Tree] (config>card>xiom>mda sync-e)

[Tree] (config>card>mda sync-e)

Full Context

configure card xiom mda sync-e

configure card mda sync-e

Description

This command enables synchronous Ethernet on the MDA. Then any port on the MDA can be used as a source port in the sync-if-timing configuration.

The no form of this command disables synchronous Ethernet on the MDA.

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s

  • configure card xiom mda sync-e

All

  • configure card mda sync-e

sync-e

Syntax

[no] sync-e

Context

[Tree] (config>system>satellite>eth-sat sync-e)

Full Context

configure system satellite eth-sat sync-e

Description

This command enables the Ethernet satellite for synchronous Ethernet operation so that the transmit timing of the satellite access ports use the frequency of the host router’s central clock.

To enable this functionality, both host ports on the router that connect to the U1 and U2 ports of the satellite must be synchronous Ethernet-capable ports.

When the Ethernet satellite is configured for synchronous Ethernet, ESMC frames are enabled on the host ports. The SSM code-type used between the host and the satellite should be manually configured on the host ports to match the code-type desired on the satellite client ports. The code-type setting on the host ports does not restrict the code-type used on the satellite client ports, as those may be configured on an individual port basis.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sync-if-timing

sync-if-timing

Syntax

sync-if-timing

Context

[Tree] (config>system sync-if-timing)

Full Context

configure system sync-if-timing

Description

This command creates or edits the context to create or modify timing reference parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

sync-if-timing

Syntax

sync-if-timing

Context

[Tree] (debug sync-if-timing)

Full Context

debug sync-if-timing

Description

The context to debug synchronous interface timing references.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

synce

synce

Syntax

synce

Context

[Tree] (config>system>sync-if-timing synce)

Full Context

configure system sync-if-timing synce

Description

Commands in this context configure attributes related to the CPM/CCM SyncE/1588 ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

synchronize

synchronize

Syntax

synchronize {boot-env | config}

Context

[Tree] (config>redundancy synchronize)

Full Context

configure redundancy synchronize

Description

This command performs a synchronization of the standby CPMs images and/or config files to the active CPM. Either the boot-env or config parameter must be specified. In the config>redundancy context, this command performs an automatically triggered standby CPM synchronization. When the standby CPM takes over operation following a failure or reset of the active CPM, it is important to ensure that the active and standby CPMs have identical operational parameters. This includes the saved configuration, CPM, XCM, and IOM images.

The active CPM ensures that the active configuration is maintained on the standby CPM. However, to ensure smooth operation under all circumstances, runtime images and system initialization configurations must also be automatically synchronized between the active and standby CPM.

If synchronization fails, alarms and log messages that indicate the type of error that caused the failure of the synchronization operation are generated. When the error condition ceases to exist, the alarm is cleared.

Only files stored on the router are synchronized. If a configuration file or image is stored in a location other than on a local compact flash, the file is not synchronized (for example, storing a configuration file on an FTP server).

Default

synchronize config

Parameters

boot-env

Synchronizes all files required for the boot process (boot loader, BOF configuration, SR OS images, and all configuration files).

config

Synchronizes the primary, secondary, and tertiary configuration files, SSH keys, the password history and the model-driven commit history.

Default

config

Platforms

All

synchronize

Syntax

synchronize cert

synchronize {boot-env | config}

Context

[Tree] (admin>redundancy synchronize)

Full Context

admin redundancy synchronize

Description

This command performs a synchronization of the standby CPM’s images and/or configuration files to the active CPM. Either the boot-env or config parameter must be specified.

In the admin>redundancy context, this command performs a manually triggered standby CPM synchronization. When the standby CPM takes over operation following a failure or reset of the active CPM, it is important to ensure that the active and standby CPM have identical operational parameters. This includes the saved configuration, CPM, XCM, and IOM images.

The active CPM ensures that the active configuration is maintained on the standby CPM. However, to ensure smooth operation under all circumstances, runtime images and system initialization configurations must also be automatically synchronized between the active and standby CPM. If synchronization fails, alarms and log messages that indicate the type of error that caused the failure of the synchronization operation are generated. When the error condition ceases to exist, the alarm is cleared.

Only files stored on the router are synchronized. If a configuration file or image is stored in a location other than on a local compact flash, the file is not synchronized (for example, storing a configuration file on an FTP server).

The no form of the command removes the parameter from the configuration.

Default

no synchronize

Parameters

cert

Synchronizes the imported certificate, key, and CRL files.

boot-env

Synchronizes all files required for the boot process (boot loader, BOF, images, and configuration).

config

Synchronizes the primary, secondary, and tertiary configuration files.

Platforms

All

synchronous-execution

synchronous-execution

Syntax

synchronous-execution seconds

synchronous-execution never

Context

[Tree] (config>system>management-interface>ops>global-timeouts synchronous-execution)

Full Context

configure system management-interface operations global-timeouts synchronous-execution

Description

This command configures the period of time that operations launched as "'synchronous” (the default method for all operations) are allowed to execute before they are automatically stopped, and their associated data is deleted.

If a specific execution timeout is not included in the request for a particular synchronous operation, this system-level timeout applies.

Note:

This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter).

Caution:

This timeout also applies to operations requested in the MD-CLI interface (for example, ping, file dir, and so on). If synchronous-execution is enabled with a specific time value, MD-CLI operations are subject to this timeout and are interrupted if they execute longer than the configured synchronous-execution time.

Default

synchronous-execution never

Parameters

seconds

Specifies the period of time, in seconds, that synchronous operations are allowed to execute.

Values

1 to 604800

never

Keyword to specify that an execution timeout is not applied to synchronous operations.

Platforms

All

syslog

syslog

Syntax

syslog script name

no syslog

Context

[Tree] (config>python>py-policy syslog)

Full Context

configure python python-policy syslog

Description

This command enables Python script to process syslog related messages and events.

The no form of this command disables the Python script to process syslog related messages and events.

Parameters

name

Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.

Platforms

All

syslog

Syntax

syslog syslog-id [name syslog-name]

no syslog syslog-id

Context

[Tree] (config>service>vprn>log syslog)

Full Context

configure service vprn log syslog

Description

This command creates the context to configure a Syslog target host that is capable of receiving selected Syslog messages from this network element.

A valid syslog-id must have the target Syslog host address configured.

A maximum of 30 Syslog IDs can be configured.

No log events are sent to a Syslog target address until the syslog-id has been configured as the log destination (to) in the log-id node.

The Syslog ID configured in the configure>service>vprn context has a local VPRN scope and only needs to be unique within the specific VPRN instance. The same ID can be reused under a different VPRN service or in the global log context under config>log.

Default

No syslog IDs are defined.

Parameters

syslog-id

Specifies the Syslog ID for the Syslog destination.

Values

1 to 30

name syslog-name

Specifies an optional Syslog name, up to 64 characters, that can be used to refer to the Syslog destination after it is created.

Platforms

All

syslog

Syntax

syslog

Context

[Tree] (config>app-assure>group>evt-log syslog)

Full Context

configure application-assurance group event-log syslog

Description

Commands in this context configure the target syslog server.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

syslog

Syntax

syslog

Context

[Tree] (config>service>nat syslog)

Full Context

configure service nat syslog

Description

Commands in this context configure syslog reporting of NAT flow parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

syslog

Syntax

syslog syslog-id [name syslog-name]

no syslog syslog-id

Context

[Tree] (config>log syslog)

Full Context

configure log syslog

Description

Commands in this context configure a Syslog target host capable of receiving selected syslog messages from this network element.

A valid syslog-id must have the target Syslog host address configured.

A maximum of 10 Syslog IDs can be configured.

Log events are not sent to a Syslog target address until the syslog-id is configured as the log destination (to) in the node specified by the Log ID.

The Syslog ID configured in the config>service>vprn context has a local VPRN scope and only needs to be unique within the specific VPRN instance. The same ID can be reused under a different VPRN service or in the global log context under config>log.

The no form of this command removes the Syslog configuration.

Parameters

syslog-id

Specifies the Syslog ID for the Syslog destination.

Values

1 to 10

name syslog-name

Configures an optional Syslog name, up to 64 characters, that can be used to refer to the Syslog destination after it is created.

Platforms

All

syslog-export-policy

syslog-export-policy

Syntax

syslog-export-policy policy-name

no syslog-export-policy

Context

[Tree] (config>service>nat>nat-policy syslog-export-policy)

Full Context

configure service nat nat-policy syslog-export-policy

Description

This command creates a syslog export policy with a set of transport parameters that will be used to transmit NAT flow records in syslog format to an external collector node. This policy name is then referenced from the nat-policy applied to an inside routing context.

Default

no syslog-export-policy

Parameters

policy-name

Specifies the name of the syslog export policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

syslog-export-policy

Syntax

syslog-export-policy name [create]

no syslog-export-policy name

Context

[Tree] (config>service>nat>syslog syslog-export-policy)

Full Context

configure service nat syslog syslog-export-policy

Description

This command creates a syslog export policy with a set of transport parameters that are used to transmit NAT flow records in syslog format to an external collector node. This policy name is then referenced from the NAT policy applied to an inside routing context.

The no form of the command removes the policy name from the configuration.

Parameters

name

Specifies the syslog export policy name, up to 32 characters.

create

Keyword used to create the syslog export policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

system

system

Syntax

system

Context

[Tree] (config>eth-cfm system)

Full Context

configure eth-cfm system

Description

Commands in this context configure Connectivity Fault Management (CFM) general system parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

system

Syntax

[no] system

Context

[Tree] (debug system)

Full Context

debug system

Description

This command displays system debug information.

Platforms

All

system-base-mac

system-base-mac

Syntax

system-base-mac mac-address

no system-base-mac

Context

[Tree] (bof system-base-mac)

Full Context

bof system-base-mac

Description

This command is used to specify the base MAC address for a VSR-based system. The specified MAC address is used as the first MAC address by the system to assign MAC addresses to individual interfaces.

It is strongly recommended that a unique base MAC address is assigned to each VSR instance with a minimum gap of 1024 between base addresses to avoid a MAC address overlap.

The no form of this command removes the configured system base MAC address.

Default

no system-base-mac

Parameters

mac-address

Specifies the MAC address.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, VSR

system-behavior

system-behavior

Syntax

system-behavior

Context

[Tree] (config>subscr-mgmt system-behavior)

Full Context

configure subscriber-mgmt system-behavior

Description

Commands in this context configure system-wide subscriber management behavior parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

system-filter

system-filter

Syntax

system-filter

Context

[Tree] (config>filter system-filter)

Full Context

configure filter system-filter

Description

Commands in this context activate system filter policies.

Platforms

All

system-id

system-id

Syntax

system-id system-id

no system-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident system-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification system-id

Description

This command specifies the system ID to match for a host lookup. When the LUDB is accessed through a DHCPv4 server, the system ID is matched against the Nokia vendor specific sub-option in DHCP Option 82.

Note:

This command is only used when system-id is configured as one of the match-list parameters.

The no form of this command removes the system ID from the configuration.

Parameters

system-id

Specifies the system ID, up to 255 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

system-id

Syntax

[no] system-id

Context

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor system-id)

[Tree] (config>service>vpls>sap>dhcp>option>vendor system-id)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor system-id)

[Tree] (config>service>vprn>if>dhcp>option>vendor system-id)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor system-id)

Full Context

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option system-id

configure service vpls sap dhcp option vendor-specific-option system-id

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option system-id

configure service vprn interface dhcp option vendor-specific-option system-id

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option system-id

Description

This command specifies whether the system-id is encoded in the Nokia vendor-specific sub-option of Option 82.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option system-id
  • configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option system-id
  • configure service ies subscriber-interface group-interface dhcp option vendor-specific-option system-id

All

  • configure service vpls sap dhcp option vendor-specific-option system-id
  • configure service vprn interface dhcp option vendor-specific-option system-id

system-id

Syntax

system-id isis-system-id

no system-id

Context

[Tree] (config>service>vprn>isis system-id)

Full Context

configure service vprn isis system-id

Description

This command configures the IS-IS system ID. The system ID has a fixed length of 6 octets; it is determined using the following preference order:

  1. config>service>vprn>isis>system-id

  2. config>service>vprn>isis>router-id

  3. config>service>vprn>router-id

  4. config>service>vprn>if>address

  5. The default system ID 2550.0000.0000, based on the default router ID 255.0.0.0

The system ID is integral to IS-IS; therefore, for the system-id command to take effect, a shutdown and then no shutdown must be performed on the IS-IS instance. This will ensure that the configured and operational system ID are always the same.

The no form of this command removes the system ID from the configuration. The router ID is used when no system ID is specified.

Default

no system-id

Parameters

isis-system-id

12 hexadecimal characters in dotted-quad notation.

Values

aaaa.bbbb.cccc, where aaaa, bbbb, and cccc are hexadecimal numbers

Platforms

All

system-id

Syntax

[no] system-id

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option system-id)

Full Context

configure router interface dhcp option vendor-specific-option system-id

Description

This command specifies whether the system-id is encoded in the Nokia vendor-specific sub-option of Option 82.

Default

no system-id

Platforms

All

system-id

Syntax

system-id isis-system-id

no system-id

Context

[Tree] (config>router>isis system-id)

Full Context

configure router isis system-id

Description

This command configures the IS-IS system ID. The system ID has a fixed length of 6 octets; it is determined using the following preference:

  1. config>router>isis>system-id

  2. config>router>isis>router-id

  3. config>router>router-id

  4. config>router>interface>system> address

  5. The default system ID 2550.0000.0000, based on the default router ID 255.0.0.0

The system ID is integral to IS-IS; therefore, for the system-id command to take effect, the IS-IS instance must be shutdown and then no shutdown. This will ensure that the configured and operational system ID are always the same.

The no form of this command removes the system ID from the configuration. The router ID is used when no system ID is specified.

Parameters

isis-system-id

Specifies 12 hexadecimal characters in dotted-quad notation.

Values

aaaa.bbbb.cccc, where aaaa, bbbb, and cccc are hexadecimal numbers

Platforms

All

system-ip-load-balancing

system-ip-load-balancing

Syntax

[no] system-ip-load-balancing

Context

[Tree] (config>system>load-balancing system-ip-load-balancing)

Full Context

configure system load-balancing system-ip-load-balancing

Description

This command enables the use of the system IP address in the ECMP hash algorithm to add a per system variable. This can help guard against cases where multiple routers, in series, will end up hashing traffic to the same ECMP/LAG path.

This command is set at a system wide basis, however if certain IOMs do not support the new load-balancing algorithm, they will continue to use the default algorithm. By default, the IPv4 system IP address is used in the hash algorithm. When no IPv4 system IP address is configured, the IPv6 system IP address, when configured, is used in the hash algorithm.

The no form of the command resets the system wide algorithm to default.

Default

no system-ip-load-balancing

Platforms

All

system-mac

system-mac

Syntax

system-mac mac-address

no system-mac

Context

[Tree] (config>system>ned>profile system-mac)

Full Context

configure system network-element-discovery profile system-mac

Description

This command configures the MAC address to be advertised.

The no form of this command removes any explicitly defined MAC address and chassis MAC address will be advertised.

Default

no system-mac

Parameters

mac-address

Specifies the MAC address to be associated with the profile in xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx format.

Platforms

All

system-password

system-password

Syntax

system-password admin-password

system-password dynsvc-password

Context

[Tree] (admin>system>security system-password)

Full Context

admin system security system-password

Description

This operational command changes a local system password.

Parameters

admin-password

Specifies to change the administrative password.

dynsvc-password

Specifies to change the dynamic services password.

Platforms

All

system-priority

system-priority

Syntax

system-priority value

no system-priority

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ep system-priority)

Full Context

configure redundancy multi-chassis peer mc-endpoint system-priority

Description

This command allows the operator to set the system priority. The peer configured with the lowest value is chosen to be the master. If system-priority are equal then the one with the highest system-id (chassis MAC address) is chosen as the master.

The no form of this command sets the system priority to default.

Default

no system-priority

Parameters

value

Specifies the priority assigned to the local MC-EP peer.

Values

1 to 255

Platforms

All

system-profile

system-profile

Syntax

system-profile {profile-a | profile-b}

no system-profile

Context

[Tree] (bof system-profile)

Full Context

bof system-profile

Description

This command configures the system profile in the BOF.

System profile none represents the existing system capabilities and allows FP3-, FP4-, and FP5-based hardware to co-exist within a system. This is indicated by the omission of the system-profile parameter in the BOF, except on 7750 SR-1 systems.

System profile profile-a is primarily targeted at subscriber services and layer 2 and 3 VPN business services.

System profile profile-b is primarily targeted at infrastructure routing, core, peering, and DC-GW applications.

System profile profile-a and profile-b are supported on 7950 XRS-20/20e, 7750 SR-1 and 7750 SR-12e systems, and support only FP4- and FP5-based line cards.

The system profile on 7750 SR-1 systems should be set to profile-a. It is set by default to profile-a when the system-profile parameter is omitted from the BOF, or configured to an invalid value.

On 7950 XRS-20/20e and 7750 SR-12e systems, default system profile is none.

On all other systems, the system-profile parameter must not be configured in the BOF which sets the system profile to none.

The no form of this command removes the system-profile parameter from the BOF.

Parameters

profile-a

Specifies that the system profile is for subscriber services and Layer 2 and 3 VPN business services.

profile-b

Specifies that the system profile is primarily targeted at infrastructure routing, core, peering, and DC-GW applications.

Platforms

All

system-reserve

system-reserve

Syntax

system-reserve percent-of-buffers

no system-reserve

Context

[Tree] (config>qos>hs-pool-policy system-reserve)

Full Context

configure qos hs-pool-policy system-reserve

Description

This command defines the amount of HSQ IOM buffers that is set aside for internal system use. By default, 5% of the total buffer space is reserved for system internal queues. The command is provided for the case where the reserved buffer space is either insufficient or excessive. Exercise care when modifying this value.

When the system reserve value is changed, all the provisioned port-class, mid-tier, and root pool sizes are reevaluated and possibly changed.

Use the show hs-pools card-slot-number fp forwarding-plane egress command to display the current buffer allocation and buffer usage conditions on an HSQ IOM.

The no form of the command reverts to the default system reserve value.

Default

system-reserve 5.0

Parameters

percent-of-buffers

Specifies the percentage of HS buffers that are reserved for internal system use. This parameter is required when executing the system-reserve command. The parameter accepts a percent value with two decimal places (100th of a percent).

Values

1.00 to 30.00

Platforms

7750 SR-7/12/12e